1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Token processing for auditreduce. 30 */ 31 32 #include <locale.h> 33 #include <sys/zone.h> 34 #include "auditr.h" 35 #include "toktable.h" 36 37 extern int re_exec2(char *); 38 39 static void anchor_path(char *path); 40 static char *collapse_path(char *s); 41 static void get_string(adr_t *adr, char **p); 42 static int ipc_type_match(int flag, char type); 43 static void skip_string(adr_t *adr); 44 static int xgeneric(adr_t *adr); 45 46 #if AUDIT_REC 47 void 48 print_id(int id) 49 { 50 char *suffix; 51 52 if ((id < 0) || (id > MAXTOKEN) || 53 (tokentable[id].func == NOFUNC)) { 54 (void) fprintf(stderr, 55 "token_processing: token %d not found\n", id); 56 return; 57 } 58 59 switch (id) { 60 case AUT_NEWGROUPS: 61 suffix = "_new"; 62 break; 63 case AUT_ATTR32: 64 suffix = "32"; 65 break; 66 case AUT_ARG64: 67 case AUT_RETURN64: 68 case AUT_ATTR64: 69 case AUT_HEADER64: 70 case AUT_SUBJECT64: 71 case AUT_PROCESS64: 72 case AUT_OTHER_FILE64: 73 suffix = "64"; 74 break; 75 case AUT_SOCKET_EX: 76 case AUT_IN_ADDR_EX: 77 suffix = "_ex"; 78 break; 79 case AUT_HEADER32_EX: 80 case AUT_SUBJECT32_EX: 81 case AUT_PROCESS32_EX: 82 suffix = "32_ex"; 83 break; 84 case AUT_HEADER64_EX: 85 case AUT_SUBJECT64_EX: 86 case AUT_PROCESS64_EX: 87 suffix = "64_ex"; 88 break; 89 default: 90 suffix = ""; 91 break; 92 } 93 (void) fprintf(stderr, "token_processing: %s%s\n", 94 tokentable[id].t_name, suffix); 95 } 96 #endif /* AUDIT_REC */ 97 98 /* 99 * Process a token in a record to determine whether the record is interesting. 100 */ 101 102 int 103 token_processing(adr_t *adr, int tokenid) 104 { 105 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 106 (tokentable[tokenid].func != NOFUNC)) { 107 #if AUDIT_REC 108 print_id(tokenid); 109 #endif /* AUDIT_REC */ 110 return ((*tokentable[tokenid].func)(adr)); 111 } 112 113 /* here if token id is not in table */ 114 return (-2); 115 } 116 117 118 /* There should not be any file or header tokens in the middle of a record */ 119 120 /* ARGSUSED */ 121 int 122 file_token(adr_t *adr) 123 { 124 return (-2); 125 } 126 127 /* ARGSUSED */ 128 int 129 file64_token(adr_t *adr) 130 { 131 return (-2); 132 } 133 134 /* ARGSUSED */ 135 int 136 header_token(adr_t *adr) 137 { 138 return (-2); 139 } 140 141 /* ARGSUSED */ 142 int 143 header32_ex_token(adr_t *adr) 144 { 145 return (-2); 146 } 147 148 /* ARGSUSED */ 149 int 150 header64_ex_token(adr_t *adr) 151 { 152 return (-2); 153 } 154 155 /* ARGSUSED */ 156 int 157 header64_token(adr_t *adr) 158 { 159 return (-2); 160 } 161 162 163 /* 164 * ====================================================== 165 * The following token processing routines return 166 * -1: if the record is not interesting 167 * -2: if an error is found 168 * ====================================================== 169 */ 170 171 int 172 trailer_token(adr_t *adr) 173 { 174 short magic_number; 175 uint32_t bytes; 176 177 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 178 if (magic_number != AUT_TRAILER_MAGIC) { 179 (void) fprintf(stderr, "%s\n", 180 gettext("auditreduce: Bad trailer token")); 181 return (-2); 182 } 183 adrm_u_int32(adr, &bytes, 1); 184 185 return (-1); 186 } 187 188 189 /* 190 * Format of arbitrary data token: 191 * arbitrary data token id adr char 192 * how to print adr_char 193 * basic unit adr_char 194 * unit count adr_char, specifying number of units of 195 * data items depends on basic unit 196 * 197 */ 198 int 199 arbitrary_data_token(adr_t *adr) 200 { 201 int i; 202 char c1; 203 short c2; 204 int32_t c3; 205 int64_t c4; 206 char how_to_print, basic_unit, unit_count; 207 208 /* get how_to_print, basic_unit, and unit_count */ 209 adrm_char(adr, &how_to_print, 1); 210 adrm_char(adr, &basic_unit, 1); 211 adrm_char(adr, &unit_count, 1); 212 for (i = 0; i < unit_count; i++) { 213 switch (basic_unit) { 214 /* case AUR_BYTE: has same value as AUR_CHAR */ 215 case AUR_CHAR: 216 adrm_char(adr, &c1, 1); 217 break; 218 case AUR_SHORT: 219 adrm_short(adr, &c2, 1); 220 break; 221 case AUR_INT32: 222 adrm_int32(adr, (int32_t *)&c3, 1); 223 break; 224 case AUR_INT64: 225 adrm_int64(adr, (int64_t *)&c4, 1); 226 break; 227 default: 228 return (-2); 229 break; 230 } 231 } 232 return (-1); 233 } 234 235 236 /* 237 * Format of opaque token: 238 * opaque token id adr_char 239 * size adr_short 240 * data adr_char, size times 241 * 242 */ 243 int 244 opaque_token(adr_t *adr) 245 { 246 skip_string(adr); 247 return (-1); 248 } 249 250 251 252 /* 253 * Format of return32 value token: 254 * return value token id adr_char 255 * error number adr_char 256 * return value adr_u_int32 257 * 258 */ 259 int 260 return_value32_token(adr_t *adr) 261 { 262 char errnum; 263 uint32_t value; 264 265 adrm_char(adr, &errnum, 1); 266 adrm_u_int32(adr, &value, 1); 267 if ((flags & M_SORF) && 268 ((global_class & mask.am_success) && (errnum == 0)) || 269 ((global_class & mask.am_failure) && (errnum != 0))) { 270 checkflags |= M_SORF; 271 } 272 return (-1); 273 } 274 275 /* 276 * Format of return64 value token: 277 * return value token id adr_char 278 * error number adr_char 279 * return value adr_u_int64 280 * 281 */ 282 int 283 return_value64_token(adr_t *adr) 284 { 285 char errnum; 286 uint64_t value; 287 288 adrm_char(adr, &errnum, 1); 289 adrm_u_int64(adr, &value, 1); 290 if ((flags & M_SORF) && 291 ((global_class & mask.am_success) && (errnum == 0)) || 292 ((global_class & mask.am_failure) && (errnum != 0))) { 293 checkflags |= M_SORF; 294 } 295 return (-1); 296 } 297 298 299 /* 300 * Format of sequence token: 301 * sequence token id adr_char 302 * audit_count int32_t 303 * 304 */ 305 int 306 sequence_token(adr_t *adr) 307 { 308 int32_t audit_count; 309 310 adrm_int32(adr, &audit_count, 1); 311 return (-1); 312 } 313 314 315 /* 316 * Format of text token: 317 * text token id adr_char 318 * text adr_string 319 * 320 */ 321 int 322 text_token(adr_t *adr) 323 { 324 skip_string(adr); 325 return (-1); 326 } 327 328 329 /* 330 * Format of ip_addr token: 331 * ip token id adr_char 332 * address adr_int32 333 * 334 */ 335 int 336 ip_addr_token(adr_t *adr) 337 { 338 int32_t address; 339 340 adrm_char(adr, (char *)&address, 4); 341 342 return (-1); 343 } 344 345 /* 346 * Format of ip_addr_ex token: 347 * ip token id adr_char 348 * ip type adr_int32 349 * address 4*adr_int32 350 * 351 */ 352 int 353 ip_addr_ex_token(adr_t *adr) 354 { 355 int32_t address[4]; 356 int32_t type; 357 358 adrm_int32(adr, (int32_t *)&type, 1); 359 adrm_int32(adr, (int32_t *)&address, 4); 360 361 return (-1); 362 } 363 364 /* 365 * Format of ip token: 366 * ip header token id adr_char 367 * version adr_char 368 * type of service adr_char 369 * length adr_short 370 * id adr_u_short 371 * offset adr_u_short 372 * ttl adr_char 373 * protocol adr_char 374 * checksum adr_u_short 375 * source address adr_int32 376 * destination address adr_int32 377 * 378 */ 379 int 380 ip_token(adr_t *adr) 381 { 382 char version; 383 char type; 384 short len; 385 unsigned short id, offset, checksum; 386 char ttl, protocol; 387 int32_t src, dest; 388 389 adrm_char(adr, &version, 1); 390 adrm_char(adr, &type, 1); 391 adrm_short(adr, &len, 1); 392 adrm_u_short(adr, &id, 1); 393 adrm_u_short(adr, &offset, 1); 394 adrm_char(adr, &ttl, 1); 395 adrm_char(adr, &protocol, 1); 396 adrm_u_short(adr, &checksum, 1); 397 adrm_char(adr, (char *)&src, 4); 398 adrm_char(adr, (char *)&dest, 4); 399 400 return (-1); 401 } 402 403 404 /* 405 * Format of iport token: 406 * ip port address token id adr_char 407 * port address adr_short 408 * 409 */ 410 int 411 iport_token(adr_t *adr) 412 { 413 short address; 414 415 adrm_short(adr, &address, 1); 416 417 return (-1); 418 } 419 420 421 /* 422 * Format of groups token: 423 * group token id adr_char 424 * group list adr_int32, 16 times 425 * 426 */ 427 int 428 group_token(adr_t *adr) 429 { 430 int gid[16]; 431 int i; 432 int flag = 0; 433 434 for (i = 0; i < 16; i++) { 435 adrm_int32(adr, (int32_t *)&gid[i], 1); 436 if (flags & M_GROUPR) { 437 if ((unsigned short)m_groupr == gid[i]) 438 flag = 1; 439 } 440 } 441 442 if (flags & M_GROUPR) { 443 if (flag) 444 checkflags |= M_GROUPR; 445 } 446 return (-1); 447 } 448 449 /* 450 * Format of newgroups token: 451 * group token id adr_char 452 * number of groups adr_short 453 * group list adr_int32, "number" times 454 * 455 */ 456 int 457 newgroup_token(adr_t *adr) 458 { 459 gid_t gid; 460 int i; 461 short int number; 462 463 adrm_short(adr, &number, 1); 464 465 for (i = 0; i < number; i++) { 466 adrm_int32(adr, (int32_t *)&gid, 1); 467 if (flags & M_GROUPR) { 468 if (m_groupr == gid) 469 checkflags |= M_GROUPR; 470 } 471 } 472 473 return (-1); 474 } 475 476 /* 477 * Format of argument32 token: 478 * argument token id adr_char 479 * argument number adr_char 480 * argument value adr_int32 481 * argument description adr_string 482 * 483 */ 484 int 485 argument32_token(adr_t *adr) 486 { 487 char arg_num; 488 int32_t arg_val; 489 490 adrm_char(adr, &arg_num, 1); 491 adrm_int32(adr, &arg_val, 1); 492 skip_string(adr); 493 494 return (-1); 495 } 496 497 /* 498 * Format of argument64 token: 499 * argument token id adr_char 500 * argument number adr_char 501 * argument value adr_int64 502 * argument description adr_string 503 * 504 */ 505 int 506 argument64_token(adr_t *adr) 507 { 508 char arg_num; 509 int64_t arg_val; 510 511 adrm_char(adr, &arg_num, 1); 512 adrm_int64(adr, &arg_val, 1); 513 skip_string(adr); 514 515 return (-1); 516 } 517 518 /* 519 * Format of acl token: 520 * acl token id adr_char 521 * acl type adr_u_int32 522 * acl value adr_u_int32 (depends on type) 523 * file mode adr_u_int (in octal) 524 */ 525 int 526 acl_token(adr_t *adr) 527 { 528 529 int32_t id; 530 int32_t mode; 531 int32_t type; 532 533 adrm_int32(adr, &type, 1); 534 adrm_int32(adr, &id, 1); 535 adrm_int32(adr, &mode, 1); 536 537 return (-1); 538 } 539 540 /* 541 * Format of ace token: 542 * ace token id adr_char 543 * ace who adr_u_int32 (uid/gid) 544 * access mask adr_u_int32 545 * ace flags adr_u_int16 546 * ace type adr_u_int16 547 */ 548 int 549 ace_token(adr_t *adr) 550 { 551 uid_t who; 552 uint32_t access_mask; 553 uint16_t flags, type; 554 555 adrm_uid(adr, &who, 1); 556 adrm_u_int32(adr, &access_mask, 1); 557 adrm_u_short(adr, &flags, 1); 558 adrm_u_short(adr, &type, 1); 559 560 return (-1); 561 } 562 563 /* 564 * Format of attribute token: (old pre SunOS 5.7 format) 565 * attribute token id adr_char 566 * mode adr_int32 (printed in octal) 567 * uid adr_int32 568 * gid adr_int32 569 * file system id adr_int32 570 * node id adr_int32 571 * device adr_int32 572 * 573 */ 574 int 575 attribute_token(adr_t *adr) 576 { 577 int32_t dev; 578 int32_t file_sysid; 579 int32_t gid; 580 int32_t mode; 581 int32_t nodeid; 582 int32_t uid; 583 584 adrm_int32(adr, &mode, 1); 585 adrm_int32(adr, &uid, 1); 586 adrm_int32(adr, &gid, 1); 587 adrm_int32(adr, &file_sysid, 1); 588 adrm_int32(adr, &nodeid, 1); 589 adrm_int32(adr, &dev, 1); 590 591 if (!new_mode && (flags & M_USERE)) { 592 if (m_usere == uid) 593 checkflags |= M_USERE; 594 } 595 if (!new_mode && (flags & M_GROUPE)) { 596 if (m_groupe == gid) 597 checkflags |= M_GROUPE; 598 } 599 600 if (flags & M_OBJECT) { 601 if ((obj_flag & OBJ_FGROUP) && 602 (obj_group == gid)) 603 checkflags |= M_OBJECT; 604 else if ((obj_flag & OBJ_FOWNER) && 605 (obj_owner == uid)) 606 checkflags |= M_OBJECT; 607 } 608 return (-1); 609 } 610 611 /* 612 * Format of attribute32 token: 613 * attribute token id adr_char 614 * mode adr_int32 (printed in octal) 615 * uid adr_int32 616 * gid adr_int32 617 * file system id adr_int32 618 * node id adr_int64 619 * device adr_int32 620 * 621 */ 622 int 623 attribute32_token(adr_t *adr) 624 { 625 int32_t dev; 626 int32_t file_sysid; 627 int32_t gid; 628 int32_t mode; 629 int64_t nodeid; 630 int32_t uid; 631 632 adrm_int32(adr, &mode, 1); 633 adrm_int32(adr, &uid, 1); 634 adrm_int32(adr, &gid, 1); 635 adrm_int32(adr, &file_sysid, 1); 636 adrm_int64(adr, &nodeid, 1); 637 adrm_int32(adr, &dev, 1); 638 639 if (!new_mode && (flags & M_USERE)) { 640 if (m_usere == uid) 641 checkflags |= M_USERE; 642 } 643 if (!new_mode && (flags & M_GROUPE)) { 644 if (m_groupe == gid) 645 checkflags |= M_GROUPE; 646 } 647 648 if (flags & M_OBJECT) { 649 if ((obj_flag & OBJ_FGROUP) && 650 (obj_group == gid)) 651 checkflags |= M_OBJECT; 652 else if ((obj_flag & OBJ_FOWNER) && 653 (obj_owner == uid)) 654 checkflags |= M_OBJECT; 655 } 656 return (-1); 657 } 658 659 /* 660 * Format of attribute64 token: 661 * attribute token id adr_char 662 * mode adr_int32 (printed in octal) 663 * uid adr_int32 664 * gid adr_int32 665 * file system id adr_int32 666 * node id adr_int64 667 * device adr_int64 668 * 669 */ 670 int 671 attribute64_token(adr_t *adr) 672 { 673 int64_t dev; 674 int32_t file_sysid; 675 int32_t gid; 676 int32_t mode; 677 int64_t nodeid; 678 int32_t uid; 679 680 adrm_int32(adr, &mode, 1); 681 adrm_int32(adr, &uid, 1); 682 adrm_int32(adr, &gid, 1); 683 adrm_int32(adr, &file_sysid, 1); 684 adrm_int64(adr, &nodeid, 1); 685 adrm_int64(adr, &dev, 1); 686 687 if (!new_mode && (flags & M_USERE)) { 688 if (m_usere == uid) 689 checkflags |= M_USERE; 690 } 691 if (!new_mode && (flags & M_GROUPE)) { 692 if (m_groupe == gid) 693 checkflags |= M_GROUPE; 694 } 695 696 if (flags & M_OBJECT) { 697 if ((obj_flag & OBJ_FGROUP) && 698 (obj_group == gid)) 699 checkflags |= M_OBJECT; 700 else if ((obj_flag & OBJ_FOWNER) && 701 (obj_owner == uid)) 702 checkflags |= M_OBJECT; 703 } 704 return (-1); 705 } 706 707 708 /* 709 * Format of command token: 710 * attribute token id adr_char 711 * argc adr_short 712 * argv len adr_short variable amount of argv len 713 * argv text argv len and text 714 * . 715 * . 716 * . 717 * envp count adr_short variable amount of envp len 718 * envp len adr_short and text 719 * envp text envp len 720 * . 721 * . 722 * . 723 * 724 */ 725 int 726 cmd_token(adr_t *adr) 727 { 728 short cnt; 729 short i; 730 731 adrm_short(adr, &cnt, 1); 732 733 for (i = 0; i < cnt; i++) 734 skip_string(adr); 735 736 adrm_short(adr, &cnt, 1); 737 738 for (i = 0; i < cnt; i++) 739 skip_string(adr); 740 741 return (-1); 742 } 743 744 745 /* 746 * Format of exit token: 747 * attribute token id adr_char 748 * return value adr_int32 749 * errno adr_int32 750 * 751 */ 752 int 753 exit_token(adr_t *adr) 754 { 755 int32_t retval; 756 int32_t errno; 757 758 adrm_int32(adr, &retval, 1); 759 adrm_int32(adr, &errno, 1); 760 return (-1); 761 } 762 763 /* 764 * Format of strings array token: 765 * token id adr_char 766 * count value adr_int32 767 * strings null terminated strings 768 */ 769 static int 770 strings_common_token(adr_t *adr) 771 { 772 int count, i; 773 char c; 774 775 adrm_int32(adr, (int32_t *)&count, 1); 776 for (i = 1; i <= count; i++) { 777 adrm_char(adr, &c, 1); 778 while (c != (char)0) 779 adrm_char(adr, &c, 1); 780 } 781 /* no dump option here, since we will have variable length fields */ 782 return (-1); 783 } 784 785 int 786 path_attr_token(adr_t *adr) 787 { 788 return (strings_common_token(adr)); 789 } 790 791 int 792 exec_args_token(adr_t *adr) 793 { 794 return (strings_common_token(adr)); 795 } 796 797 int 798 exec_env_token(adr_t *adr) 799 { 800 return (strings_common_token(adr)); 801 } 802 803 /* 804 * Format of liaison token: 805 */ 806 int 807 liaison_token(adr_t *adr) 808 { 809 int32_t li; 810 811 adrm_int32(adr, &li, 1); 812 return (-1); 813 } 814 815 816 /* 817 * Format of path token: 818 * path adr_string 819 */ 820 int 821 path_token(adr_t *adr) 822 { 823 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 824 char *path; 825 826 get_string(adr, &path); 827 if (path[0] != '/') 828 /* 829 * anchor the path. user apps may not do it. 830 */ 831 anchor_path(path); 832 /* 833 * match against the collapsed path. that is what user sees. 834 */ 835 if (re_exec2(collapse_path(path)) == 1) 836 checkflags |= M_OBJECT; 837 free(path); 838 } else { 839 skip_string(adr); 840 } 841 return (-1); 842 } 843 844 845 /* 846 * Format of System V IPC permission token: 847 * System V IPC permission token id adr_char 848 * uid adr_int32 849 * gid adr_int32 850 * cuid adr_int32 851 * cgid adr_int32 852 * mode adr_int32 853 * seq adr_int32 854 * key adr_int32 855 */ 856 int 857 s5_IPC_perm_token(adr_t *adr) 858 { 859 int32_t uid, gid, cuid, cgid, mode, seq; 860 int32_t key; 861 862 adrm_int32(adr, &uid, 1); 863 adrm_int32(adr, &gid, 1); 864 adrm_int32(adr, &cuid, 1); 865 adrm_int32(adr, &cgid, 1); 866 adrm_int32(adr, &mode, 1); 867 adrm_int32(adr, &seq, 1); 868 adrm_int32(adr, &key, 1); 869 870 if (!new_mode && (flags & M_USERE)) { 871 if (m_usere == uid) 872 checkflags |= M_USERE; 873 } 874 875 if (!new_mode && (flags & M_USERE)) { 876 if (m_usere == cuid) 877 checkflags |= M_USERE; 878 } 879 880 if (!new_mode && (flags & M_GROUPR)) { 881 if (m_groupr == gid) 882 checkflags |= M_GROUPR; 883 } 884 885 if (!new_mode && (flags & M_GROUPR)) { 886 if (m_groupr == cgid) 887 checkflags |= M_GROUPR; 888 } 889 890 if ((flags & M_OBJECT) && 891 ((obj_owner == uid) || 892 (obj_owner == cuid) || 893 (obj_group == gid) || 894 (obj_group == cgid))) { 895 896 switch (obj_flag) { 897 case OBJ_MSGGROUP: 898 case OBJ_MSGOWNER: 899 if (ipc_type_match(OBJ_MSG, ipc_type)) 900 checkflags |= M_OBJECT; 901 break; 902 case OBJ_SEMGROUP: 903 case OBJ_SEMOWNER: 904 if (ipc_type_match(OBJ_SEM, ipc_type)) 905 checkflags |= M_OBJECT; 906 break; 907 case OBJ_SHMGROUP: 908 case OBJ_SHMOWNER: 909 if (ipc_type_match(OBJ_SHM, ipc_type)) 910 checkflags |= M_OBJECT; 911 break; 912 } 913 } 914 return (-1); 915 } 916 917 918 /* 919 * Format of process32 token: 920 * process token id adr_char 921 * auid adr_int32 922 * euid adr_int32 923 * egid adr_int32 924 * ruid adr_int32 925 * rgid adr_int32 926 * pid adr_int32 927 * sid adr_int32 928 * termid adr_int32*2 929 * 930 */ 931 int 932 process32_token(adr_t *adr) 933 { 934 int32_t auid, euid, egid, ruid, rgid, pid; 935 int32_t sid; 936 int32_t port, machine; 937 938 adrm_int32(adr, &auid, 1); 939 adrm_int32(adr, &euid, 1); 940 adrm_int32(adr, &egid, 1); 941 adrm_int32(adr, &ruid, 1); 942 adrm_int32(adr, &rgid, 1); 943 adrm_int32(adr, &pid, 1); 944 adrm_int32(adr, &sid, 1); 945 adrm_int32(adr, &port, 1); 946 adrm_int32(adr, &machine, 1); 947 948 if (!new_mode && (flags & M_USERA)) { 949 if (m_usera == auid) 950 checkflags |= M_USERA; 951 } 952 if (!new_mode && (flags & M_USERE)) { 953 if (m_usere == euid) 954 checkflags |= M_USERE; 955 } 956 if (!new_mode && (flags & M_USERR)) { 957 if (m_userr == ruid) 958 checkflags |= M_USERR; 959 } 960 if (!new_mode && (flags & M_GROUPR)) { 961 if (m_groupr == rgid) 962 checkflags |= M_GROUPR; 963 } 964 if (!new_mode && (flags & M_GROUPE)) { 965 if (m_groupe == egid) 966 checkflags |= M_GROUPE; 967 } 968 969 if (flags & M_OBJECT) { 970 if ((obj_flag & OBJ_PROC) && 971 (obj_id == pid)) { 972 checkflags |= M_OBJECT; 973 } else if ((obj_flag & OBJ_PGROUP) && 974 ((obj_group == egid) || 975 (obj_group == rgid))) { 976 checkflags |= M_OBJECT; 977 } else if ((obj_flag & OBJ_POWNER) && 978 ((obj_owner == euid) || 979 (obj_group == ruid))) { 980 checkflags |= M_OBJECT; 981 } 982 } 983 return (-1); 984 } 985 986 /* 987 * Format of process32 token: 988 * process token id adr_char 989 * auid adr_int32 990 * euid adr_int32 991 * egid adr_int32 992 * ruid adr_int32 993 * rgid adr_int32 994 * pid adr_int32 995 * sid adr_int32 996 * termid adr_int32*6 997 * 998 */ 999 int 1000 process32_ex_token(adr_t *adr) 1001 { 1002 int32_t auid, euid, egid, ruid, rgid, pid; 1003 int32_t sid; 1004 int32_t port, type, addr[4]; 1005 1006 adrm_int32(adr, &auid, 1); 1007 adrm_int32(adr, &euid, 1); 1008 adrm_int32(adr, &egid, 1); 1009 adrm_int32(adr, &ruid, 1); 1010 adrm_int32(adr, &rgid, 1); 1011 adrm_int32(adr, &pid, 1); 1012 adrm_int32(adr, &sid, 1); 1013 adrm_int32(adr, &port, 1); 1014 adrm_int32(adr, &type, 1); 1015 adrm_int32(adr, &addr[0], 4); 1016 1017 if (!new_mode && (flags & M_USERA)) { 1018 if (m_usera == auid) 1019 checkflags = checkflags | M_USERA; 1020 } 1021 if (!new_mode && (flags & M_USERE)) { 1022 if (m_usere == euid) 1023 checkflags = checkflags | M_USERE; 1024 } 1025 if (!new_mode && (flags & M_USERR)) { 1026 if (m_userr == ruid) 1027 checkflags = checkflags | M_USERR; 1028 } 1029 if (!new_mode && (flags & M_GROUPR)) { 1030 if (m_groupr == egid) 1031 checkflags = checkflags | M_GROUPR; 1032 } 1033 if (!new_mode && (flags & M_GROUPE)) { 1034 if (m_groupe == egid) 1035 checkflags = checkflags | M_GROUPE; 1036 } 1037 1038 if (flags & M_OBJECT) { 1039 if ((obj_flag & OBJ_PROC) && 1040 (obj_id == pid)) { 1041 checkflags = checkflags | M_OBJECT; 1042 } else if ((obj_flag & OBJ_PGROUP) && 1043 ((obj_group == egid) || 1044 (obj_group == rgid))) { 1045 checkflags = checkflags | M_OBJECT; 1046 } else if ((obj_flag & OBJ_POWNER) && 1047 ((obj_owner == euid) || 1048 (obj_group == ruid))) { 1049 checkflags = checkflags | M_OBJECT; 1050 } 1051 } 1052 return (-1); 1053 } 1054 1055 /* 1056 * Format of process64 token: 1057 * process token id adr_char 1058 * auid adr_int32 1059 * euid adr_int32 1060 * egid adr_int32 1061 * ruid adr_int32 1062 * rgid adr_int32 1063 * pid adr_int32 1064 * sid adr_int32 1065 * termid adr_int64+adr_int32 1066 * 1067 */ 1068 int 1069 process64_token(adr_t *adr) 1070 { 1071 int32_t auid, euid, egid, ruid, rgid, pid; 1072 int32_t sid; 1073 int64_t port; 1074 int32_t machine; 1075 1076 adrm_int32(adr, &auid, 1); 1077 adrm_int32(adr, &euid, 1); 1078 adrm_int32(adr, &egid, 1); 1079 adrm_int32(adr, &ruid, 1); 1080 adrm_int32(adr, &rgid, 1); 1081 adrm_int32(adr, &pid, 1); 1082 adrm_int32(adr, &sid, 1); 1083 adrm_int64(adr, &port, 1); 1084 adrm_int32(adr, &machine, 1); 1085 1086 if (!new_mode && (flags & M_USERA)) { 1087 if (m_usera == auid) 1088 checkflags |= M_USERA; 1089 } 1090 if (!new_mode && (flags & M_USERE)) { 1091 if (m_usere == euid) 1092 checkflags |= M_USERE; 1093 } 1094 if (!new_mode && (flags & M_USERR)) { 1095 if (m_userr == ruid) 1096 checkflags |= M_USERR; 1097 } 1098 if (!new_mode && (flags & M_GROUPR)) { 1099 if (m_groupr == rgid) 1100 checkflags |= M_GROUPR; 1101 } 1102 if (!new_mode && (flags & M_GROUPE)) { 1103 if (m_groupe == egid) 1104 checkflags |= M_GROUPE; 1105 } 1106 1107 if (flags & M_OBJECT) { 1108 if ((obj_flag & OBJ_PROC) && 1109 (obj_id == pid)) { 1110 checkflags |= M_OBJECT; 1111 } else if ((obj_flag & OBJ_PGROUP) && 1112 ((obj_group == egid) || 1113 (obj_group == rgid))) { 1114 checkflags |= M_OBJECT; 1115 } else if ((obj_flag & OBJ_POWNER) && 1116 ((obj_owner == euid) || 1117 (obj_group == ruid))) { 1118 checkflags |= M_OBJECT; 1119 } 1120 } 1121 return (-1); 1122 } 1123 1124 /* 1125 * Format of process64 token: 1126 * process token id adr_char 1127 * auid adr_int32 1128 * euid adr_int32 1129 * egid adr_int32 1130 * ruid adr_int32 1131 * rgid adr_int32 1132 * pid adr_int32 1133 * sid adr_int32 1134 * termid adr_int64+5*adr_int32 1135 * 1136 */ 1137 int 1138 process64_ex_token(adr_t *adr) 1139 { 1140 int32_t auid, euid, egid, ruid, rgid, pid; 1141 int32_t sid; 1142 int64_t port; 1143 int32_t type, addr[4]; 1144 1145 adrm_int32(adr, &auid, 1); 1146 adrm_int32(adr, &euid, 1); 1147 adrm_int32(adr, &egid, 1); 1148 adrm_int32(adr, &ruid, 1); 1149 adrm_int32(adr, &rgid, 1); 1150 adrm_int32(adr, &pid, 1); 1151 adrm_int32(adr, &sid, 1); 1152 adrm_int64(adr, &port, 1); 1153 adrm_int32(adr, &type, 1); 1154 adrm_int32(adr, &addr[0], 4); 1155 1156 if (!new_mode && (flags & M_USERA)) { 1157 if (m_usera == auid) 1158 checkflags = checkflags | M_USERA; 1159 } 1160 if (!new_mode && (flags & M_USERE)) { 1161 if (m_usere == euid) 1162 checkflags = checkflags | M_USERE; 1163 } 1164 if (!new_mode && (flags & M_USERR)) { 1165 if (m_userr == ruid) 1166 checkflags = checkflags | M_USERR; 1167 } 1168 if (!new_mode && (flags & M_GROUPR)) { 1169 if (m_groupr == egid) 1170 checkflags = checkflags | M_GROUPR; 1171 } 1172 if (!new_mode && (flags & M_GROUPE)) { 1173 if (m_groupe == egid) 1174 checkflags = checkflags | M_GROUPE; 1175 } 1176 1177 if (flags & M_OBJECT) { 1178 if ((obj_flag & OBJ_PROC) && 1179 (obj_id == pid)) { 1180 checkflags = checkflags | M_OBJECT; 1181 } else if ((obj_flag & OBJ_PGROUP) && 1182 ((obj_group == egid) || 1183 (obj_group == rgid))) { 1184 checkflags = checkflags | M_OBJECT; 1185 } else if ((obj_flag & OBJ_POWNER) && 1186 ((obj_owner == euid) || 1187 (obj_group == ruid))) { 1188 checkflags = checkflags | M_OBJECT; 1189 } 1190 } 1191 return (-1); 1192 } 1193 1194 /* 1195 * Format of System V IPC token: 1196 * System V IPC token id adr_char 1197 * object id adr_int32 1198 * 1199 */ 1200 int 1201 s5_IPC_token(adr_t *adr) 1202 { 1203 int32_t ipc_id; 1204 1205 adrm_char(adr, &ipc_type, 1); /* Global */ 1206 adrm_int32(adr, &ipc_id, 1); 1207 1208 if ((flags & M_OBJECT) && 1209 ipc_type_match(obj_flag, ipc_type) && 1210 (obj_id == ipc_id)) 1211 checkflags |= M_OBJECT; 1212 1213 return (-1); 1214 } 1215 1216 1217 /* 1218 * Format of socket token: 1219 * socket_type adrm_short 1220 * remote_port adrm_short 1221 * remote_inaddr adrm_int32 1222 * 1223 */ 1224 int 1225 socket_token(adr_t *adr) 1226 { 1227 short socket_type; 1228 short remote_port; 1229 int32_t remote_inaddr; 1230 1231 adrm_short(adr, &socket_type, 1); 1232 adrm_short(adr, &remote_port, 1); 1233 adrm_char(adr, (char *)&remote_inaddr, 4); 1234 1235 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1236 if (socket_flag == SOCKFLG_MACHINE) { 1237 if (remote_inaddr == obj_id) 1238 checkflags |= M_OBJECT; 1239 } else if (socket_flag == SOCKFLG_PORT) { 1240 if (remote_port == obj_id) 1241 checkflags |= M_OBJECT; 1242 } 1243 } 1244 return (-1); 1245 } 1246 1247 1248 /* 1249 * Format of socket token: 1250 * socket_type adrm_short 1251 * remote_port adrm_short 1252 * remote_inaddr adrm_int32 1253 * 1254 */ 1255 int 1256 socket_ex_token(adr_t *adr) 1257 { 1258 short socket_domain; 1259 short socket_type; 1260 short ip_size; 1261 short local_port; 1262 int32_t local_inaddr[4]; 1263 short remote_port; 1264 int32_t remote_inaddr[4]; 1265 1266 adrm_short(adr, &socket_domain, 1); 1267 adrm_short(adr, &socket_type, 1); 1268 adrm_short(adr, &ip_size, 1); 1269 1270 /* validate ip size */ 1271 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1272 return (0); 1273 1274 adrm_short(adr, &local_port, 1); 1275 adrm_char(adr, (char *)local_inaddr, ip_size); 1276 1277 adrm_short(adr, &remote_port, 1); 1278 adrm_char(adr, (char *)remote_inaddr, ip_size); 1279 1280 /* if IP type mis-match, then nothing to do */ 1281 if (ip_size != ip_type) 1282 return (-1); 1283 1284 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1285 if (socket_flag == SOCKFLG_MACHINE) { 1286 if (ip_type == AU_IPv4) { 1287 if ((local_inaddr[0] == obj_id) || 1288 (remote_inaddr[0] == obj_id)) 1289 checkflags |= M_OBJECT; 1290 } else { 1291 if (((local_inaddr[0] == ip_ipv6[0]) && 1292 (local_inaddr[1] == ip_ipv6[1]) && 1293 (local_inaddr[2] == ip_ipv6[2]) && 1294 (local_inaddr[3] == ip_ipv6[3])) || 1295 ((remote_inaddr[0] == ip_ipv6[0]) && 1296 (remote_inaddr[1] == ip_ipv6[1]) && 1297 (remote_inaddr[2] == ip_ipv6[2]) && 1298 (remote_inaddr[3] == ip_ipv6[3]))) 1299 checkflags |= M_OBJECT; 1300 } 1301 } else if (socket_flag == SOCKFLG_PORT) { 1302 if ((local_port == obj_id) || (remote_port == obj_id)) 1303 checkflags |= M_OBJECT; 1304 } 1305 } 1306 return (-1); 1307 } 1308 1309 1310 /* 1311 * Format of subject32 token: 1312 * subject token id adr_char 1313 * auid adr_int32 1314 * euid adr_int32 1315 * egid adr_int32 1316 * ruid adr_int32 1317 * rgid adr_int32 1318 * pid adr_int32 1319 * sid adr_int32 1320 * termid adr_int32*2 1321 * 1322 */ 1323 int 1324 subject32_token(adr_t *adr) 1325 { 1326 int32_t auid, euid, egid, ruid, rgid, pid; 1327 int32_t sid; 1328 int32_t port, machine; 1329 1330 adrm_int32(adr, &auid, 1); 1331 adrm_int32(adr, &euid, 1); 1332 adrm_int32(adr, &egid, 1); 1333 adrm_int32(adr, &ruid, 1); 1334 adrm_int32(adr, &rgid, 1); 1335 adrm_int32(adr, &pid, 1); 1336 adrm_int32(adr, &sid, 1); 1337 adrm_int32(adr, &port, 1); 1338 adrm_int32(adr, &machine, 1); 1339 1340 if (flags & M_SUBJECT) { 1341 if (subj_id == pid) 1342 checkflags |= M_SUBJECT; 1343 } 1344 if (flags & M_USERA) { 1345 if (m_usera == auid) 1346 checkflags |= M_USERA; 1347 } 1348 if (flags & M_USERE) { 1349 if (m_usere == euid) 1350 checkflags |= M_USERE; 1351 } 1352 if (flags & M_USERR) { 1353 if (m_userr == ruid) 1354 checkflags |= M_USERR; 1355 } 1356 if (flags & M_GROUPR) { 1357 if (m_groupr == rgid) 1358 checkflags |= M_GROUPR; 1359 } 1360 if (flags & M_GROUPE) { 1361 if (m_groupe == egid) 1362 checkflags |= M_GROUPE; 1363 } 1364 if (flags & M_SID) { 1365 if (m_sid == sid) 1366 checkflags |= M_SID; 1367 } 1368 return (-1); 1369 } 1370 1371 /* 1372 * Format of subject32_ex token: 1373 * subject token id adr_char 1374 * auid adr_int32 1375 * euid adr_int32 1376 * egid adr_int32 1377 * ruid adr_int32 1378 * rgid adr_int32 1379 * pid adr_int32 1380 * sid adr_int32 1381 * termid_addr adr_int32*6 1382 * 1383 */ 1384 int 1385 subject32_ex_token(adr_t *adr) 1386 { 1387 int32_t auid, euid, egid, ruid, rgid, pid; 1388 int32_t sid; 1389 int32_t port, type, addr[4]; 1390 1391 adrm_int32(adr, &auid, 1); 1392 adrm_int32(adr, &euid, 1); 1393 adrm_int32(adr, &egid, 1); 1394 adrm_int32(adr, &ruid, 1); 1395 adrm_int32(adr, &rgid, 1); 1396 adrm_int32(adr, &pid, 1); 1397 adrm_int32(adr, &sid, 1); 1398 adrm_int32(adr, &port, 1); 1399 adrm_int32(adr, &type, 1); 1400 adrm_int32(adr, &addr[0], 4); 1401 1402 if (flags & M_SUBJECT) { 1403 if (subj_id == pid) 1404 checkflags = checkflags | M_SUBJECT; 1405 } 1406 if (flags & M_USERA) { 1407 if (m_usera == auid) 1408 checkflags = checkflags | M_USERA; 1409 } 1410 if (flags & M_USERE) { 1411 if (m_usere == euid) 1412 checkflags = checkflags | M_USERE; 1413 } 1414 if (flags & M_USERR) { 1415 if (m_userr == ruid) 1416 checkflags = checkflags | M_USERR; 1417 } 1418 if (flags & M_GROUPR) { 1419 if (m_groupr == egid) 1420 checkflags = checkflags | M_GROUPR; 1421 } 1422 if (flags & M_GROUPE) { 1423 if (m_groupe == egid) 1424 checkflags = checkflags | M_GROUPE; 1425 } 1426 if (flags & M_SID) { 1427 if (m_sid == sid) 1428 checkflags = checkflags | M_SID; 1429 } 1430 return (-1); 1431 } 1432 1433 /* 1434 * Format of subject64 token: 1435 * subject token id adr_char 1436 * auid adr_int32 1437 * euid adr_int32 1438 * egid adr_int32 1439 * ruid adr_int32 1440 * rgid adr_int32 1441 * pid adr_int32 1442 * sid adr_int32 1443 * termid adr_int64+adr_int32 1444 * 1445 */ 1446 int 1447 subject64_token(adr_t *adr) 1448 { 1449 int32_t auid, euid, egid, ruid, rgid, pid; 1450 int32_t sid; 1451 int64_t port; 1452 int32_t machine; 1453 1454 adrm_int32(adr, &auid, 1); 1455 adrm_int32(adr, &euid, 1); 1456 adrm_int32(adr, &egid, 1); 1457 adrm_int32(adr, &ruid, 1); 1458 adrm_int32(adr, &rgid, 1); 1459 adrm_int32(adr, &pid, 1); 1460 adrm_int32(adr, &sid, 1); 1461 adrm_int64(adr, &port, 1); 1462 adrm_int32(adr, &machine, 1); 1463 1464 if (flags & M_SUBJECT) { 1465 if (subj_id == pid) 1466 checkflags |= M_SUBJECT; 1467 } 1468 if (flags & M_USERA) { 1469 if (m_usera == auid) 1470 checkflags |= M_USERA; 1471 } 1472 if (flags & M_USERE) { 1473 if (m_usere == euid) 1474 checkflags |= M_USERE; 1475 } 1476 if (flags & M_USERR) { 1477 if (m_userr == ruid) 1478 checkflags |= M_USERR; 1479 } 1480 if (flags & M_GROUPR) { 1481 if (m_groupr == rgid) 1482 checkflags |= M_GROUPR; 1483 } 1484 if (flags & M_GROUPE) { 1485 if (m_groupe == egid) 1486 checkflags |= M_GROUPE; 1487 } 1488 if (flags & M_SID) { 1489 if (m_sid == sid) 1490 checkflags |= M_SID; 1491 } 1492 return (-1); 1493 } 1494 1495 /* 1496 * Format of subject64 token: 1497 * subject token id adr_char 1498 * auid adr_int32 1499 * euid adr_int32 1500 * egid adr_int32 1501 * ruid adr_int32 1502 * rgid adr_int32 1503 * pid adr_int32 1504 * sid adr_int32 1505 * termid adr_int64+5*adr_int32 1506 * 1507 */ 1508 int 1509 subject64_ex_token(adr_t *adr) 1510 { 1511 int32_t auid, euid, egid, ruid, rgid, pid; 1512 int32_t sid; 1513 int64_t port; 1514 int32_t type, addr[4]; 1515 1516 adrm_int32(adr, &auid, 1); 1517 adrm_int32(adr, &euid, 1); 1518 adrm_int32(adr, &egid, 1); 1519 adrm_int32(adr, &ruid, 1); 1520 adrm_int32(adr, &rgid, 1); 1521 adrm_int32(adr, &pid, 1); 1522 adrm_int32(adr, &sid, 1); 1523 adrm_int64(adr, &port, 1); 1524 adrm_int32(adr, &type, 1); 1525 adrm_int32(adr, &addr[0], 4); 1526 1527 if (flags & M_SUBJECT) { 1528 if (subj_id == pid) 1529 checkflags = checkflags | M_SUBJECT; 1530 } 1531 if (flags & M_USERA) { 1532 if (m_usera == auid) 1533 checkflags = checkflags | M_USERA; 1534 } 1535 if (flags & M_USERE) { 1536 if (m_usere == euid) 1537 checkflags = checkflags | M_USERE; 1538 } 1539 if (flags & M_USERR) { 1540 if (m_userr == ruid) 1541 checkflags = checkflags | M_USERR; 1542 } 1543 if (flags & M_GROUPR) { 1544 if (m_groupr == egid) 1545 checkflags = checkflags | M_GROUPR; 1546 } 1547 if (flags & M_GROUPE) { 1548 if (m_groupe == egid) 1549 checkflags = checkflags | M_GROUPE; 1550 } 1551 if (flags & M_SID) { 1552 if (m_sid == sid) 1553 checkflags = checkflags | M_SID; 1554 } 1555 return (-1); 1556 } 1557 1558 /* 1559 * ----------------------------------------------------------------------- 1560 * tid_token(): Process tid token and display contents 1561 * 1562 * Format of tid token: 1563 * tid token id adr_char 1564 * address type adr_char 1565 * For address type of AU_IPADR... 1566 * remote port adr_short 1567 * local port adr_short 1568 * IP type adr_int32 1569 * IP addr adr_int32 if IPv4 1570 * IP addr 4 x adr_int32 if IPv6 1571 * address types other than AU_IPADR are not yet defined 1572 * ----------------------------------------------------------------------- 1573 */ 1574 int 1575 tid_token(adr_t *adr) 1576 { 1577 int32_t address[4]; 1578 int32_t ip_type; 1579 char tid_type; 1580 short rport; 1581 short lport; 1582 1583 adrm_char(adr, &tid_type, 1); 1584 switch (tid_type) { 1585 case AU_IPADR: 1586 adrm_short(adr, &rport, 1); 1587 adrm_short(adr, &lport, 1); 1588 adrm_int32(adr, &ip_type, 1); 1589 adrm_char(adr, (char *)&address, ip_type); 1590 break; 1591 default: 1592 return (0); 1593 } 1594 return (-1); 1595 } 1596 1597 /* 1598 * ----------------------------------------------------------------------- 1599 * zonename_token(): Process zonename token and display contents 1600 * 1601 * Format of zonename token: 1602 * zonename token id adr_char 1603 * zone name adr_string 1604 * ----------------------------------------------------------------------- 1605 */ 1606 int 1607 zonename_token(adr_t *adr) 1608 { 1609 char *name; 1610 1611 if (flags & M_ZONENAME) { 1612 get_string(adr, &name); 1613 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1614 checkflags |= M_ZONENAME; 1615 free(name); 1616 } else { 1617 skip_string(adr); 1618 } 1619 return (-1); 1620 } 1621 1622 /* 1623 * fmri_token(): 1624 * 1625 * Format of fmri token: 1626 * fmri adr_string 1627 */ 1628 int 1629 fmri_token(adr_t *adr) 1630 { 1631 if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) { 1632 char *fmri_name; 1633 1634 get_string(adr, &fmri_name); 1635 1636 /* match token against service instance */ 1637 if (scf_cmp_pattern(fmri_name, &fmri) == 1) { 1638 checkflags |= M_OBJECT; 1639 } 1640 free(fmri_name); 1641 } else { 1642 skip_string(adr); 1643 } 1644 return (-1); 1645 } 1646 1647 /* 1648 * Format of xatom token: 1649 */ 1650 int 1651 xatom_token(adr_t *adr) 1652 { 1653 skip_string(adr); 1654 1655 return (-1); 1656 } 1657 1658 /* 1659 * Format of xselect token: 1660 */ 1661 int 1662 xselect_token(adr_t *adr) 1663 { 1664 skip_string(adr); 1665 skip_string(adr); 1666 skip_string(adr); 1667 1668 return (-1); 1669 } 1670 1671 /* 1672 * anchor a path name with a slash 1673 * assume we have enough space 1674 */ 1675 void 1676 anchor_path(char *path) 1677 { 1678 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1679 *path = '/'; 1680 } 1681 1682 1683 /* 1684 * copy path to collapsed path. 1685 * collapsed path does not contain: 1686 * successive slashes 1687 * instances of dot-slash 1688 * instances of dot-dot-slash 1689 * passed path must be anchored with a '/' 1690 */ 1691 char * 1692 collapse_path(char *s) 1693 { 1694 int id; /* index of where we are in destination string */ 1695 int is; /* index of where we are in source string */ 1696 int slashseen; /* have we seen a slash */ 1697 int ls; /* length of source string */ 1698 1699 ls = strlen(s) + 1; 1700 1701 slashseen = 0; 1702 for (is = 0, id = 0; is < ls; is++) { 1703 /* thats all folks, we've reached the end of input */ 1704 if (s[is] == '\0') { 1705 if (id > 1 && s[id-1] == '/') { 1706 --id; 1707 } 1708 s[id++] = '\0'; 1709 break; 1710 } 1711 /* previous character was a / */ 1712 if (slashseen) { 1713 if (s[is] == '/') 1714 continue; /* another slash, ignore it */ 1715 } else if (s[is] == '/') { 1716 /* we see a /, just copy it and try again */ 1717 slashseen = 1; 1718 s[id++] = '/'; 1719 continue; 1720 } 1721 /* /./ seen */ 1722 if (s[is] == '.' && s[is+1] == '/') { 1723 is += 1; 1724 continue; 1725 } 1726 /* XXX/. seen */ 1727 if (s[is] == '.' && s[is+1] == '\0') { 1728 if (id > 1) 1729 id--; 1730 continue; 1731 } 1732 /* XXX/.. seen */ 1733 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1734 is += 1; 1735 if (id > 0) 1736 id--; 1737 while (id > 0 && s[--id] != '/') 1738 ; 1739 id++; 1740 continue; 1741 } 1742 /* XXX/../ seen */ 1743 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1744 is += 2; 1745 if (id > 0) 1746 id--; 1747 while (id > 0 && s[--id] != '/') 1748 ; 1749 id++; 1750 continue; 1751 } 1752 while (is < ls && (s[id++] = s[is++]) != '/') 1753 ; 1754 is--; 1755 } 1756 return (s); 1757 } 1758 1759 1760 int 1761 ipc_type_match(int flag, char type) 1762 { 1763 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1764 return (1); 1765 1766 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1767 return (1); 1768 1769 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1770 return (1); 1771 1772 return (0); 1773 } 1774 1775 1776 void 1777 skip_string(adr_t *adr) 1778 { 1779 ushort_t c; 1780 1781 adrm_u_short(adr, &c, 1); 1782 adr->adr_now += c; 1783 } 1784 1785 1786 void 1787 get_string(adr_t *adr, char **p) 1788 { 1789 ushort_t c; 1790 1791 adrm_u_short(adr, &c, 1); 1792 *p = a_calloc(1, (size_t)c); 1793 adrm_char(adr, *p, c); 1794 } 1795 1796 1797 /* 1798 * Format of host token: 1799 * host ard_uint32 1800 */ 1801 int 1802 host_token(adr_t *adr) 1803 { 1804 uint32_t host; 1805 1806 adrm_u_int32(adr, &host, 1); 1807 1808 return (-1); 1809 } 1810 1811 /* 1812 * Format of useofauth token: 1813 * uauth token id adr_char 1814 * uauth adr_string 1815 * 1816 */ 1817 int 1818 useofauth_token(adr_t *adr) 1819 { 1820 skip_string(adr); 1821 return (-1); 1822 } 1823 1824 int 1825 xcolormap_token(adr_t *adr) 1826 { 1827 return (xgeneric(adr)); 1828 } 1829 1830 int 1831 xcursor_token(adr_t *adr) 1832 { 1833 return (xgeneric(adr)); 1834 } 1835 1836 int 1837 xfont_token(adr_t *adr) 1838 { 1839 return (xgeneric(adr)); 1840 } 1841 1842 int 1843 xgc_token(adr_t *adr) 1844 { 1845 return (xgeneric(adr)); 1846 } 1847 1848 int 1849 xpixmap_token(adr_t *adr) 1850 { 1851 return (xgeneric(adr)); 1852 } 1853 1854 int 1855 xwindow_token(adr_t *adr) 1856 { 1857 return (xgeneric(adr)); 1858 } 1859 1860 1861 /* 1862 * Format of xgeneric token: 1863 * XID adr_int32 1864 * creator UID adr_int32 1865 * 1866 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1867 */ 1868 int 1869 xgeneric(adr_t *adr) 1870 { 1871 int32_t xid; 1872 int32_t uid; 1873 1874 adrm_int32(adr, &xid, 1); 1875 adrm_int32(adr, &uid, 1); 1876 1877 if (flags & M_USERE) { 1878 if (m_usere == uid) 1879 checkflags = checkflags | M_USERE; 1880 } 1881 1882 return (-1); 1883 } 1884 1885 1886 /* 1887 * Format of xproperty token: 1888 * XID adr_int32 1889 * creator UID adr_int32 1890 * atom string adr_string 1891 */ 1892 int 1893 xproperty_token(adr_t *adr) 1894 { 1895 int32_t xid; 1896 int32_t uid; 1897 1898 adrm_int32(adr, &xid, 1); 1899 adrm_int32(adr, &uid, 1); 1900 skip_string(adr); 1901 1902 if (flags & M_USERE) { 1903 if (m_usere == uid) 1904 checkflags = checkflags | M_USERE; 1905 } 1906 1907 return (-1); 1908 } 1909 1910 1911 /* 1912 * Format of xclient token: 1913 * xclient id adr_int32 1914 */ 1915 int 1916 xclient_token(adr_t *adr) 1917 { 1918 int32_t client_id; 1919 1920 adrm_int32(adr, &client_id, 1); 1921 1922 return (-1); 1923 } 1924 1925 /* 1926 * Format of privilege set token: 1927 * priv_set type string 1928 * priv_set string 1929 */ 1930 1931 int 1932 privilege_token(adr_t *adr) 1933 { 1934 skip_string(adr); /* set type name */ 1935 skip_string(adr); /* privilege set */ 1936 return (-1); 1937 } 1938 1939 /* 1940 * Format of label token: 1941 * label ID 1 byte 1942 * compartment length 1 byte 1943 * classification 2 bytes 1944 * compartment words <compartment length> * 4 bytes 1945 */ 1946 int 1947 label_token(adr_t *adr) 1948 { 1949 static m_label_t *label = NULL; 1950 static size_t l_size; 1951 int len; 1952 1953 if (label == NULL) { 1954 label = m_label_alloc(MAC_LABEL); 1955 l_size = blabel_size() - 4; 1956 } 1957 1958 if (label == NULL) { 1959 /* out of memory, should never happen; skip label */ 1960 char l; /* length */ 1961 1962 adr->adr_now += sizeof (char); 1963 adrm_char(adr, (char *)&l, 1); 1964 adr->adr_now += sizeof (short) + (4 * l); 1965 return (-1); 1966 } 1967 1968 adrm_char(adr, (char *)label, 4); 1969 len = (int)(((char *)label)[1] * 4); 1970 if (len > l_size) { 1971 return (-1); 1972 } 1973 adrm_char(adr, &((char *)label)[4], len); 1974 1975 if (flags & M_LABEL) { 1976 if (blinrange(label, m_label)) 1977 checkflags = checkflags | M_LABEL; 1978 } 1979 1980 return (-1); 1981 } 1982 1983 1984 /* 1985 * Format of useofpriv token: 1986 * success/failure adr_char 1987 * privilege(s) adr_string 1988 */ 1989 /* ARGSUSED */ 1990 int 1991 useofpriv_token(adr_t *adr) 1992 { 1993 char flag; 1994 1995 adrm_char(adr, &flag, 1); 1996 skip_string(adr); 1997 return (-1); 1998 } 1999