1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Token processing for auditreduce. 30 */ 31 32 #include <locale.h> 33 #include <sys/zone.h> 34 #include "auditr.h" 35 #include "toktable.h" 36 37 extern int re_exec2(char *); 38 39 static void anchor_path(char *path); 40 static char *collapse_path(char *s); 41 static void get_string(adr_t *adr, char **p); 42 static int ipc_type_match(int flag, char type); 43 static void skip_string(adr_t *adr); 44 static int xgeneric(adr_t *adr); 45 46 #if AUDIT_REC 47 void 48 print_id(int id) 49 { 50 char *suffix; 51 52 if ((id < 0) || (id > MAXTOKEN) || 53 (tokentable[id].func == NOFUNC)) { 54 (void) fprintf(stderr, 55 "token_processing: token %d not found\n", id); 56 return; 57 } 58 59 switch (id) { 60 case AUT_NEWGROUPS: 61 suffix = "_new"; 62 break; 63 case AUT_ATTR32: 64 suffix = "32"; 65 break; 66 case AUT_ARG64: 67 case AUT_RETURN64: 68 case AUT_ATTR64: 69 case AUT_HEADER64: 70 case AUT_SUBJECT64: 71 case AUT_PROCESS64: 72 case AUT_OTHER_FILE64: 73 suffix = "64"; 74 break; 75 case AUT_SOCKET_EX: 76 case AUT_IN_ADDR_EX: 77 suffix = "_ex"; 78 break; 79 case AUT_HEADER32_EX: 80 case AUT_SUBJECT32_EX: 81 case AUT_PROCESS32_EX: 82 suffix = "32_ex"; 83 break; 84 case AUT_HEADER64_EX: 85 case AUT_SUBJECT64_EX: 86 case AUT_PROCESS64_EX: 87 suffix = "64_ex"; 88 break; 89 default: 90 suffix = ""; 91 break; 92 } 93 (void) fprintf(stderr, "token_processing: %s%s\n", 94 tokentable[id].t_name, suffix); 95 } 96 #endif /* AUDIT_REC */ 97 98 /* 99 * Process a token in a record to determine whether the record is interesting. 100 */ 101 102 int 103 token_processing(adr_t *adr, int tokenid) 104 { 105 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 106 (tokentable[tokenid].func != NOFUNC)) { 107 #if AUDIT_REC 108 print_id(tokenid); 109 #endif /* AUDIT_REC */ 110 return ((*tokentable[tokenid].func)(adr)); 111 } 112 113 /* here if token id is not in table */ 114 return (-2); 115 } 116 117 118 /* There should not be any file or header tokens in the middle of a record */ 119 120 /* ARGSUSED */ 121 int 122 file_token(adr_t *adr) 123 { 124 return (-2); 125 } 126 127 /* ARGSUSED */ 128 int 129 file64_token(adr_t *adr) 130 { 131 return (-2); 132 } 133 134 /* ARGSUSED */ 135 int 136 header_token(adr_t *adr) 137 { 138 return (-2); 139 } 140 141 /* ARGSUSED */ 142 int 143 header32_ex_token(adr_t *adr) 144 { 145 return (-2); 146 } 147 148 /* ARGSUSED */ 149 int 150 header64_ex_token(adr_t *adr) 151 { 152 return (-2); 153 } 154 155 /* ARGSUSED */ 156 int 157 header64_token(adr_t *adr) 158 { 159 return (-2); 160 } 161 162 163 /* 164 * ====================================================== 165 * The following token processing routines return 166 * -1: if the record is not interesting 167 * -2: if an error is found 168 * ====================================================== 169 */ 170 171 int 172 trailer_token(adr_t *adr) 173 { 174 short magic_number; 175 uint32_t bytes; 176 177 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 178 if (magic_number != AUT_TRAILER_MAGIC) { 179 (void) fprintf(stderr, "%s\n", 180 gettext("auditreduce: Bad trailer token")); 181 return (-2); 182 } 183 adrm_u_int32(adr, &bytes, 1); 184 185 return (-1); 186 } 187 188 189 /* 190 * Format of arbitrary data token: 191 * arbitrary data token id adr char 192 * how to print adr_char 193 * basic unit adr_char 194 * unit count adr_char, specifying number of units of 195 * data items depends on basic unit 196 * 197 */ 198 int 199 arbitrary_data_token(adr_t *adr) 200 { 201 int i; 202 char c1; 203 short c2; 204 int32_t c3; 205 int64_t c4; 206 char how_to_print, basic_unit, unit_count; 207 208 /* get how_to_print, basic_unit, and unit_count */ 209 adrm_char(adr, &how_to_print, 1); 210 adrm_char(adr, &basic_unit, 1); 211 adrm_char(adr, &unit_count, 1); 212 for (i = 0; i < unit_count; i++) { 213 switch (basic_unit) { 214 /* case AUR_BYTE: has same value as AUR_CHAR */ 215 case AUR_CHAR: 216 adrm_char(adr, &c1, 1); 217 break; 218 case AUR_SHORT: 219 adrm_short(adr, &c2, 1); 220 break; 221 case AUR_INT32: 222 adrm_int32(adr, (int32_t *)&c3, 1); 223 break; 224 case AUR_INT64: 225 adrm_int64(adr, (int64_t *)&c4, 1); 226 break; 227 default: 228 return (-2); 229 break; 230 } 231 } 232 return (-1); 233 } 234 235 236 /* 237 * Format of opaque token: 238 * opaque token id adr_char 239 * size adr_short 240 * data adr_char, size times 241 * 242 */ 243 int 244 opaque_token(adr_t *adr) 245 { 246 skip_string(adr); 247 return (-1); 248 } 249 250 251 252 /* 253 * Format of return32 value token: 254 * return value token id adr_char 255 * error number adr_char 256 * return value adr_u_int32 257 * 258 */ 259 int 260 return_value32_token(adr_t *adr) 261 { 262 char errnum; 263 uint32_t value; 264 265 adrm_char(adr, &errnum, 1); 266 adrm_u_int32(adr, &value, 1); 267 if ((flags & M_SORF) && 268 ((global_class & mask.am_success) && (errnum == 0)) || 269 ((global_class & mask.am_failure) && (errnum != 0))) { 270 checkflags |= M_SORF; 271 } 272 return (-1); 273 } 274 275 /* 276 * Format of return64 value token: 277 * return value token id adr_char 278 * error number adr_char 279 * return value adr_u_int64 280 * 281 */ 282 int 283 return_value64_token(adr_t *adr) 284 { 285 char errnum; 286 uint64_t value; 287 288 adrm_char(adr, &errnum, 1); 289 adrm_u_int64(adr, &value, 1); 290 if ((flags & M_SORF) && 291 ((global_class & mask.am_success) && (errnum == 0)) || 292 ((global_class & mask.am_failure) && (errnum != 0))) { 293 checkflags |= M_SORF; 294 } 295 return (-1); 296 } 297 298 299 /* 300 * Format of sequence token: 301 * sequence token id adr_char 302 * audit_count int32_t 303 * 304 */ 305 int 306 sequence_token(adr_t *adr) 307 { 308 int32_t audit_count; 309 310 adrm_int32(adr, &audit_count, 1); 311 return (-1); 312 } 313 314 315 /* 316 * Format of text token: 317 * text token id adr_char 318 * text adr_string 319 * 320 */ 321 int 322 text_token(adr_t *adr) 323 { 324 skip_string(adr); 325 return (-1); 326 } 327 328 329 /* 330 * Format of ip_addr token: 331 * ip token id adr_char 332 * address adr_int32 333 * 334 */ 335 int 336 ip_addr_token(adr_t *adr) 337 { 338 int32_t address; 339 340 adrm_char(adr, (char *)&address, 4); 341 342 return (-1); 343 } 344 345 /* 346 * Format of ip_addr_ex token: 347 * ip token id adr_char 348 * ip type adr_int32 349 * address 4*adr_int32 350 * 351 */ 352 int 353 ip_addr_ex_token(adr_t *adr) 354 { 355 int32_t address[4]; 356 int32_t type; 357 358 adrm_int32(adr, (int32_t *)&type, 1); 359 adrm_int32(adr, (int32_t *)&address, 4); 360 361 return (-1); 362 } 363 364 /* 365 * Format of ip token: 366 * ip header token id adr_char 367 * version adr_char 368 * type of service adr_char 369 * length adr_short 370 * id adr_u_short 371 * offset adr_u_short 372 * ttl adr_char 373 * protocol adr_char 374 * checksum adr_u_short 375 * source address adr_int32 376 * destination address adr_int32 377 * 378 */ 379 int 380 ip_token(adr_t *adr) 381 { 382 char version; 383 char type; 384 short len; 385 unsigned short id, offset, checksum; 386 char ttl, protocol; 387 int32_t src, dest; 388 389 adrm_char(adr, &version, 1); 390 adrm_char(adr, &type, 1); 391 adrm_short(adr, &len, 1); 392 adrm_u_short(adr, &id, 1); 393 adrm_u_short(adr, &offset, 1); 394 adrm_char(adr, &ttl, 1); 395 adrm_char(adr, &protocol, 1); 396 adrm_u_short(adr, &checksum, 1); 397 adrm_char(adr, (char *)&src, 4); 398 adrm_char(adr, (char *)&dest, 4); 399 400 return (-1); 401 } 402 403 404 /* 405 * Format of iport token: 406 * ip port address token id adr_char 407 * port address adr_short 408 * 409 */ 410 int 411 iport_token(adr_t *adr) 412 { 413 short address; 414 415 adrm_short(adr, &address, 1); 416 417 return (-1); 418 } 419 420 421 /* 422 * Format of groups token: 423 * group token id adr_char 424 * group list adr_int32, 16 times 425 * 426 */ 427 int 428 group_token(adr_t *adr) 429 { 430 int gid[16]; 431 int i; 432 int flag = 0; 433 434 for (i = 0; i < 16; i++) { 435 adrm_int32(adr, (int32_t *)&gid[i], 1); 436 if (flags & M_GROUPR) { 437 if ((unsigned short)m_groupr == gid[i]) 438 flag = 1; 439 } 440 } 441 442 if (flags & M_GROUPR) { 443 if (flag) 444 checkflags |= M_GROUPR; 445 } 446 return (-1); 447 } 448 449 /* 450 * Format of newgroups token: 451 * group token id adr_char 452 * number of groups adr_short 453 * group list adr_int32, "number" times 454 * 455 */ 456 int 457 newgroup_token(adr_t *adr) 458 { 459 gid_t gid; 460 int i; 461 short int number; 462 463 adrm_short(adr, &number, 1); 464 465 for (i = 0; i < number; i++) { 466 adrm_int32(adr, (int32_t *)&gid, 1); 467 if (flags & M_GROUPR) { 468 if (m_groupr == gid) 469 checkflags |= M_GROUPR; 470 } 471 } 472 473 return (-1); 474 } 475 476 /* 477 * Format of argument32 token: 478 * argument token id adr_char 479 * argument number adr_char 480 * argument value adr_int32 481 * argument description adr_string 482 * 483 */ 484 int 485 argument32_token(adr_t *adr) 486 { 487 char arg_num; 488 int32_t arg_val; 489 490 adrm_char(adr, &arg_num, 1); 491 adrm_int32(adr, &arg_val, 1); 492 skip_string(adr); 493 494 return (-1); 495 } 496 497 /* 498 * Format of argument64 token: 499 * argument token id adr_char 500 * argument number adr_char 501 * argument value adr_int64 502 * argument description adr_string 503 * 504 */ 505 int 506 argument64_token(adr_t *adr) 507 { 508 char arg_num; 509 int64_t arg_val; 510 511 adrm_char(adr, &arg_num, 1); 512 adrm_int64(adr, &arg_val, 1); 513 skip_string(adr); 514 515 return (-1); 516 } 517 518 int 519 acl_token(adr_t *adr) 520 { 521 522 int32_t id; 523 int32_t mode; 524 int32_t type; 525 526 adrm_int32(adr, &type, 1); 527 adrm_int32(adr, &id, 1); 528 adrm_int32(adr, &mode, 1); 529 530 return (-1); 531 } 532 533 /* 534 * Format of attribute token: (old pre SunOS 5.7 format) 535 * attribute token id adr_char 536 * mode adr_int32 (printed in octal) 537 * uid adr_int32 538 * gid adr_int32 539 * file system id adr_int32 540 * node id adr_int32 541 * device adr_int32 542 * 543 */ 544 int 545 attribute_token(adr_t *adr) 546 { 547 int32_t dev; 548 int32_t file_sysid; 549 int32_t gid; 550 int32_t mode; 551 int32_t nodeid; 552 int32_t uid; 553 554 adrm_int32(adr, &mode, 1); 555 adrm_int32(adr, &uid, 1); 556 adrm_int32(adr, &gid, 1); 557 adrm_int32(adr, &file_sysid, 1); 558 adrm_int32(adr, &nodeid, 1); 559 adrm_int32(adr, &dev, 1); 560 561 if (!new_mode && (flags & M_USERE)) { 562 if (m_usere == uid) 563 checkflags |= M_USERE; 564 } 565 if (!new_mode && (flags & M_GROUPE)) { 566 if (m_groupe == gid) 567 checkflags |= M_GROUPE; 568 } 569 570 if (flags & M_OBJECT) { 571 if ((obj_flag & OBJ_FGROUP) && 572 (obj_group == gid)) 573 checkflags |= M_OBJECT; 574 else if ((obj_flag & OBJ_FOWNER) && 575 (obj_owner == uid)) 576 checkflags |= M_OBJECT; 577 } 578 return (-1); 579 } 580 581 /* 582 * Format of attribute32 token: 583 * attribute token id adr_char 584 * mode adr_int32 (printed in octal) 585 * uid adr_int32 586 * gid adr_int32 587 * file system id adr_int32 588 * node id adr_int64 589 * device adr_int32 590 * 591 */ 592 int 593 attribute32_token(adr_t *adr) 594 { 595 int32_t dev; 596 int32_t file_sysid; 597 int32_t gid; 598 int32_t mode; 599 int64_t nodeid; 600 int32_t uid; 601 602 adrm_int32(adr, &mode, 1); 603 adrm_int32(adr, &uid, 1); 604 adrm_int32(adr, &gid, 1); 605 adrm_int32(adr, &file_sysid, 1); 606 adrm_int64(adr, &nodeid, 1); 607 adrm_int32(adr, &dev, 1); 608 609 if (!new_mode && (flags & M_USERE)) { 610 if (m_usere == uid) 611 checkflags |= M_USERE; 612 } 613 if (!new_mode && (flags & M_GROUPE)) { 614 if (m_groupe == gid) 615 checkflags |= M_GROUPE; 616 } 617 618 if (flags & M_OBJECT) { 619 if ((obj_flag & OBJ_FGROUP) && 620 (obj_group == gid)) 621 checkflags |= M_OBJECT; 622 else if ((obj_flag & OBJ_FOWNER) && 623 (obj_owner == uid)) 624 checkflags |= M_OBJECT; 625 } 626 return (-1); 627 } 628 629 /* 630 * Format of attribute64 token: 631 * attribute token id adr_char 632 * mode adr_int32 (printed in octal) 633 * uid adr_int32 634 * gid adr_int32 635 * file system id adr_int32 636 * node id adr_int64 637 * device adr_int64 638 * 639 */ 640 int 641 attribute64_token(adr_t *adr) 642 { 643 int64_t dev; 644 int32_t file_sysid; 645 int32_t gid; 646 int32_t mode; 647 int64_t nodeid; 648 int32_t uid; 649 650 adrm_int32(adr, &mode, 1); 651 adrm_int32(adr, &uid, 1); 652 adrm_int32(adr, &gid, 1); 653 adrm_int32(adr, &file_sysid, 1); 654 adrm_int64(adr, &nodeid, 1); 655 adrm_int64(adr, &dev, 1); 656 657 if (!new_mode && (flags & M_USERE)) { 658 if (m_usere == uid) 659 checkflags |= M_USERE; 660 } 661 if (!new_mode && (flags & M_GROUPE)) { 662 if (m_groupe == gid) 663 checkflags |= M_GROUPE; 664 } 665 666 if (flags & M_OBJECT) { 667 if ((obj_flag & OBJ_FGROUP) && 668 (obj_group == gid)) 669 checkflags |= M_OBJECT; 670 else if ((obj_flag & OBJ_FOWNER) && 671 (obj_owner == uid)) 672 checkflags |= M_OBJECT; 673 } 674 return (-1); 675 } 676 677 678 /* 679 * Format of command token: 680 * attribute token id adr_char 681 * argc adr_short 682 * argv len adr_short variable amount of argv len 683 * argv text argv len and text 684 * . 685 * . 686 * . 687 * envp count adr_short variable amount of envp len 688 * envp len adr_short and text 689 * envp text envp len 690 * . 691 * . 692 * . 693 * 694 */ 695 int 696 cmd_token(adr_t *adr) 697 { 698 short cnt; 699 short i; 700 701 adrm_short(adr, &cnt, 1); 702 703 for (i = 0; i < cnt; i++) 704 skip_string(adr); 705 706 adrm_short(adr, &cnt, 1); 707 708 for (i = 0; i < cnt; i++) 709 skip_string(adr); 710 711 return (-1); 712 } 713 714 715 /* 716 * Format of exit token: 717 * attribute token id adr_char 718 * return value adr_int32 719 * errno adr_int32 720 * 721 */ 722 int 723 exit_token(adr_t *adr) 724 { 725 int32_t retval; 726 int32_t errno; 727 728 adrm_int32(adr, &retval, 1); 729 adrm_int32(adr, &errno, 1); 730 return (-1); 731 } 732 733 /* 734 * Format of strings array token: 735 * token id adr_char 736 * count value adr_int32 737 * strings null terminated strings 738 */ 739 static int 740 strings_common_token(adr_t *adr) 741 { 742 int count, i; 743 char c; 744 745 adrm_int32(adr, (int32_t *)&count, 1); 746 for (i = 1; i <= count; i++) { 747 adrm_char(adr, &c, 1); 748 while (c != (char)0) 749 adrm_char(adr, &c, 1); 750 } 751 /* no dump option here, since we will have variable length fields */ 752 return (-1); 753 } 754 755 int 756 path_attr_token(adr_t *adr) 757 { 758 return (strings_common_token(adr)); 759 } 760 761 int 762 exec_args_token(adr_t *adr) 763 { 764 return (strings_common_token(adr)); 765 } 766 767 int 768 exec_env_token(adr_t *adr) 769 { 770 return (strings_common_token(adr)); 771 } 772 773 /* 774 * Format of liaison token: 775 */ 776 int 777 liaison_token(adr_t *adr) 778 { 779 int32_t li; 780 781 adrm_int32(adr, &li, 1); 782 return (-1); 783 } 784 785 786 /* 787 * Format of path token: 788 * path adr_string 789 */ 790 int 791 path_token(adr_t *adr) 792 { 793 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 794 char *path; 795 796 get_string(adr, &path); 797 if (path[0] != '/') 798 /* 799 * anchor the path. user apps may not do it. 800 */ 801 anchor_path(path); 802 /* 803 * match against the collapsed path. that is what user sees. 804 */ 805 if (re_exec2(collapse_path(path)) == 1) 806 checkflags |= M_OBJECT; 807 free(path); 808 } else { 809 skip_string(adr); 810 } 811 return (-1); 812 } 813 814 815 /* 816 * Format of System V IPC permission token: 817 * System V IPC permission token id adr_char 818 * uid adr_int32 819 * gid adr_int32 820 * cuid adr_int32 821 * cgid adr_int32 822 * mode adr_int32 823 * seq adr_int32 824 * key adr_int32 825 * label adr_opaque, sizeof (bslabel_t) 826 * bytes 827 */ 828 int 829 s5_IPC_perm_token(adr_t *adr) 830 { 831 int32_t uid, gid, cuid, cgid, mode, seq; 832 int32_t key; 833 834 adrm_int32(adr, &uid, 1); 835 adrm_int32(adr, &gid, 1); 836 adrm_int32(adr, &cuid, 1); 837 adrm_int32(adr, &cgid, 1); 838 adrm_int32(adr, &mode, 1); 839 adrm_int32(adr, &seq, 1); 840 adrm_int32(adr, &key, 1); 841 842 if (!new_mode && (flags & M_USERE)) { 843 if (m_usere == uid) 844 checkflags |= M_USERE; 845 } 846 847 if (!new_mode && (flags & M_USERE)) { 848 if (m_usere == cuid) 849 checkflags |= M_USERE; 850 } 851 852 if (!new_mode && (flags & M_GROUPR)) { 853 if (m_groupr == gid) 854 checkflags |= M_GROUPR; 855 } 856 857 if (!new_mode && (flags & M_GROUPR)) { 858 if (m_groupr == cgid) 859 checkflags |= M_GROUPR; 860 } 861 862 if ((flags & M_OBJECT) && 863 ((obj_owner == uid) || 864 (obj_owner == cuid) || 865 (obj_group == gid) || 866 (obj_group == cgid))) { 867 868 switch (obj_flag) { 869 case OBJ_MSGGROUP: 870 case OBJ_MSGOWNER: 871 if (ipc_type_match(OBJ_MSG, ipc_type)) 872 checkflags |= M_OBJECT; 873 break; 874 case OBJ_SEMGROUP: 875 case OBJ_SEMOWNER: 876 if (ipc_type_match(OBJ_SEM, ipc_type)) 877 checkflags |= M_OBJECT; 878 break; 879 case OBJ_SHMGROUP: 880 case OBJ_SHMOWNER: 881 if (ipc_type_match(OBJ_SHM, ipc_type)) 882 checkflags |= M_OBJECT; 883 break; 884 } 885 } 886 return (-1); 887 } 888 889 890 /* 891 * Format of process32 token: 892 * process token id adr_char 893 * auid adr_int32 894 * euid adr_int32 895 * egid adr_int32 896 * ruid adr_int32 897 * rgid adr_int32 898 * pid adr_int32 899 * sid adr_int32 900 * termid adr_int32*2 901 * 902 */ 903 int 904 process32_token(adr_t *adr) 905 { 906 int32_t auid, euid, egid, ruid, rgid, pid; 907 int32_t sid; 908 int32_t port, machine; 909 910 adrm_int32(adr, &auid, 1); 911 adrm_int32(adr, &euid, 1); 912 adrm_int32(adr, &egid, 1); 913 adrm_int32(adr, &ruid, 1); 914 adrm_int32(adr, &rgid, 1); 915 adrm_int32(adr, &pid, 1); 916 adrm_int32(adr, &sid, 1); 917 adrm_int32(adr, &port, 1); 918 adrm_int32(adr, &machine, 1); 919 920 if (!new_mode && (flags & M_USERA)) { 921 if (m_usera == auid) 922 checkflags |= M_USERA; 923 } 924 if (!new_mode && (flags & M_USERE)) { 925 if (m_usere == euid) 926 checkflags |= M_USERE; 927 } 928 if (!new_mode && (flags & M_USERR)) { 929 if (m_userr == ruid) 930 checkflags |= M_USERR; 931 } 932 if (!new_mode && (flags & M_GROUPR)) { 933 if (m_groupr == rgid) 934 checkflags |= M_GROUPR; 935 } 936 if (!new_mode && (flags & M_GROUPE)) { 937 if (m_groupe == egid) 938 checkflags |= M_GROUPE; 939 } 940 941 if (flags & M_OBJECT) { 942 if ((obj_flag & OBJ_PROC) && 943 (obj_id == pid)) { 944 checkflags |= M_OBJECT; 945 } else if ((obj_flag & OBJ_PGROUP) && 946 ((obj_group == egid) || 947 (obj_group == rgid))) { 948 checkflags |= M_OBJECT; 949 } else if ((obj_flag & OBJ_POWNER) && 950 ((obj_owner == euid) || 951 (obj_group == ruid))) { 952 checkflags |= M_OBJECT; 953 } 954 } 955 return (-1); 956 } 957 958 /* 959 * Format of process32 token: 960 * process token id adr_char 961 * auid adr_int32 962 * euid adr_int32 963 * egid adr_int32 964 * ruid adr_int32 965 * rgid adr_int32 966 * pid adr_int32 967 * sid adr_int32 968 * termid adr_int32*6 969 * 970 */ 971 int 972 process32_ex_token(adr_t *adr) 973 { 974 int32_t auid, euid, egid, ruid, rgid, pid; 975 int32_t sid; 976 int32_t port, type, addr[4]; 977 978 adrm_int32(adr, &auid, 1); 979 adrm_int32(adr, &euid, 1); 980 adrm_int32(adr, &egid, 1); 981 adrm_int32(adr, &ruid, 1); 982 adrm_int32(adr, &rgid, 1); 983 adrm_int32(adr, &pid, 1); 984 adrm_int32(adr, &sid, 1); 985 adrm_int32(adr, &port, 1); 986 adrm_int32(adr, &type, 1); 987 adrm_int32(adr, &addr[0], 4); 988 989 if (!new_mode && (flags & M_USERA)) { 990 if (m_usera == auid) 991 checkflags = checkflags | M_USERA; 992 } 993 if (!new_mode && (flags & M_USERE)) { 994 if (m_usere == euid) 995 checkflags = checkflags | M_USERE; 996 } 997 if (!new_mode && (flags & M_USERR)) { 998 if (m_userr == ruid) 999 checkflags = checkflags | M_USERR; 1000 } 1001 if (!new_mode && (flags & M_GROUPR)) { 1002 if (m_groupr == egid) 1003 checkflags = checkflags | M_GROUPR; 1004 } 1005 if (!new_mode && (flags & M_GROUPE)) { 1006 if (m_groupe == egid) 1007 checkflags = checkflags | M_GROUPE; 1008 } 1009 1010 if (flags & M_OBJECT) { 1011 if ((obj_flag & OBJ_PROC) && 1012 (obj_id == pid)) { 1013 checkflags = checkflags | M_OBJECT; 1014 } else if ((obj_flag & OBJ_PGROUP) && 1015 ((obj_group == egid) || 1016 (obj_group == rgid))) { 1017 checkflags = checkflags | M_OBJECT; 1018 } else if ((obj_flag & OBJ_POWNER) && 1019 ((obj_owner == euid) || 1020 (obj_group == ruid))) { 1021 checkflags = checkflags | M_OBJECT; 1022 } 1023 } 1024 return (-1); 1025 } 1026 1027 /* 1028 * Format of process64 token: 1029 * process token id adr_char 1030 * auid adr_int32 1031 * euid adr_int32 1032 * egid adr_int32 1033 * ruid adr_int32 1034 * rgid adr_int32 1035 * pid adr_int32 1036 * sid adr_int32 1037 * termid adr_int64+adr_int32 1038 * 1039 */ 1040 int 1041 process64_token(adr_t *adr) 1042 { 1043 int32_t auid, euid, egid, ruid, rgid, pid; 1044 int32_t sid; 1045 int64_t port; 1046 int32_t machine; 1047 1048 adrm_int32(adr, &auid, 1); 1049 adrm_int32(adr, &euid, 1); 1050 adrm_int32(adr, &egid, 1); 1051 adrm_int32(adr, &ruid, 1); 1052 adrm_int32(adr, &rgid, 1); 1053 adrm_int32(adr, &pid, 1); 1054 adrm_int32(adr, &sid, 1); 1055 adrm_int64(adr, &port, 1); 1056 adrm_int32(adr, &machine, 1); 1057 1058 if (!new_mode && (flags & M_USERA)) { 1059 if (m_usera == auid) 1060 checkflags |= M_USERA; 1061 } 1062 if (!new_mode && (flags & M_USERE)) { 1063 if (m_usere == euid) 1064 checkflags |= M_USERE; 1065 } 1066 if (!new_mode && (flags & M_USERR)) { 1067 if (m_userr == ruid) 1068 checkflags |= M_USERR; 1069 } 1070 if (!new_mode && (flags & M_GROUPR)) { 1071 if (m_groupr == rgid) 1072 checkflags |= M_GROUPR; 1073 } 1074 if (!new_mode && (flags & M_GROUPE)) { 1075 if (m_groupe == egid) 1076 checkflags |= M_GROUPE; 1077 } 1078 1079 if (flags & M_OBJECT) { 1080 if ((obj_flag & OBJ_PROC) && 1081 (obj_id == pid)) { 1082 checkflags |= M_OBJECT; 1083 } else if ((obj_flag & OBJ_PGROUP) && 1084 ((obj_group == egid) || 1085 (obj_group == rgid))) { 1086 checkflags |= M_OBJECT; 1087 } else if ((obj_flag & OBJ_POWNER) && 1088 ((obj_owner == euid) || 1089 (obj_group == ruid))) { 1090 checkflags |= M_OBJECT; 1091 } 1092 } 1093 return (-1); 1094 } 1095 1096 /* 1097 * Format of process64 token: 1098 * process token id adr_char 1099 * auid adr_int32 1100 * euid adr_int32 1101 * egid adr_int32 1102 * ruid adr_int32 1103 * rgid adr_int32 1104 * pid adr_int32 1105 * sid adr_int32 1106 * termid adr_int64+5*adr_int32 1107 * 1108 */ 1109 int 1110 process64_ex_token(adr_t *adr) 1111 { 1112 int32_t auid, euid, egid, ruid, rgid, pid; 1113 int32_t sid; 1114 int64_t port; 1115 int32_t type, addr[4]; 1116 1117 adrm_int32(adr, &auid, 1); 1118 adrm_int32(adr, &euid, 1); 1119 adrm_int32(adr, &egid, 1); 1120 adrm_int32(adr, &ruid, 1); 1121 adrm_int32(adr, &rgid, 1); 1122 adrm_int32(adr, &pid, 1); 1123 adrm_int32(adr, &sid, 1); 1124 adrm_int64(adr, &port, 1); 1125 adrm_int32(adr, &type, 1); 1126 adrm_int32(adr, &addr[0], 4); 1127 1128 if (!new_mode && (flags & M_USERA)) { 1129 if (m_usera == auid) 1130 checkflags = checkflags | M_USERA; 1131 } 1132 if (!new_mode && (flags & M_USERE)) { 1133 if (m_usere == euid) 1134 checkflags = checkflags | M_USERE; 1135 } 1136 if (!new_mode && (flags & M_USERR)) { 1137 if (m_userr == ruid) 1138 checkflags = checkflags | M_USERR; 1139 } 1140 if (!new_mode && (flags & M_GROUPR)) { 1141 if (m_groupr == egid) 1142 checkflags = checkflags | M_GROUPR; 1143 } 1144 if (!new_mode && (flags & M_GROUPE)) { 1145 if (m_groupe == egid) 1146 checkflags = checkflags | M_GROUPE; 1147 } 1148 1149 if (flags & M_OBJECT) { 1150 if ((obj_flag & OBJ_PROC) && 1151 (obj_id == pid)) { 1152 checkflags = checkflags | M_OBJECT; 1153 } else if ((obj_flag & OBJ_PGROUP) && 1154 ((obj_group == egid) || 1155 (obj_group == rgid))) { 1156 checkflags = checkflags | M_OBJECT; 1157 } else if ((obj_flag & OBJ_POWNER) && 1158 ((obj_owner == euid) || 1159 (obj_group == ruid))) { 1160 checkflags = checkflags | M_OBJECT; 1161 } 1162 } 1163 return (-1); 1164 } 1165 1166 /* 1167 * Format of System V IPC token: 1168 * System V IPC token id adr_char 1169 * object id adr_int32 1170 * 1171 */ 1172 int 1173 s5_IPC_token(adr_t *adr) 1174 { 1175 int32_t ipc_id; 1176 1177 adrm_char(adr, &ipc_type, 1); /* Global */ 1178 adrm_int32(adr, &ipc_id, 1); 1179 1180 if ((flags & M_OBJECT) && 1181 ipc_type_match(obj_flag, ipc_type) && 1182 (obj_id == ipc_id)) 1183 checkflags |= M_OBJECT; 1184 1185 return (-1); 1186 } 1187 1188 1189 /* 1190 * Format of socket token: 1191 * socket_type adrm_short 1192 * remote_port adrm_short 1193 * remote_inaddr adrm_int32 1194 * 1195 */ 1196 int 1197 socket_token(adr_t *adr) 1198 { 1199 short socket_type; 1200 short remote_port; 1201 int32_t remote_inaddr; 1202 1203 adrm_short(adr, &socket_type, 1); 1204 adrm_short(adr, &remote_port, 1); 1205 adrm_char(adr, (char *)&remote_inaddr, 4); 1206 1207 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1208 if (socket_flag == SOCKFLG_MACHINE) { 1209 if (remote_inaddr == obj_id) 1210 checkflags |= M_OBJECT; 1211 } else if (socket_flag == SOCKFLG_PORT) { 1212 if (remote_port == obj_id) 1213 checkflags |= M_OBJECT; 1214 } 1215 } 1216 return (-1); 1217 } 1218 1219 1220 /* 1221 * Format of socket token: 1222 * socket_type adrm_short 1223 * remote_port adrm_short 1224 * remote_inaddr adrm_int32 1225 * 1226 */ 1227 int 1228 socket_ex_token(adr_t *adr) 1229 { 1230 short socket_domain; 1231 short socket_type; 1232 short ip_size; 1233 short local_port; 1234 int32_t local_inaddr[4]; 1235 short remote_port; 1236 int32_t remote_inaddr[4]; 1237 1238 adrm_short(adr, &socket_domain, 1); 1239 adrm_short(adr, &socket_type, 1); 1240 adrm_short(adr, &ip_size, 1); 1241 1242 /* validate ip size */ 1243 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1244 return (0); 1245 1246 adrm_short(adr, &local_port, 1); 1247 adrm_char(adr, (char *)local_inaddr, ip_size); 1248 1249 adrm_short(adr, &remote_port, 1); 1250 adrm_char(adr, (char *)remote_inaddr, ip_size); 1251 1252 /* if IP type mis-match, then nothing to do */ 1253 if (ip_size != ip_type) 1254 return (-1); 1255 1256 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1257 if (socket_flag == SOCKFLG_MACHINE) { 1258 if (ip_type == AU_IPv4) { 1259 if ((local_inaddr[0] == obj_id) || 1260 (remote_inaddr[0] == obj_id)) 1261 checkflags |= M_OBJECT; 1262 } else { 1263 if (((local_inaddr[0] == ip_ipv6[0]) && 1264 (local_inaddr[1] == ip_ipv6[1]) && 1265 (local_inaddr[2] == ip_ipv6[2]) && 1266 (local_inaddr[3] == ip_ipv6[3])) || 1267 ((remote_inaddr[0] == ip_ipv6[0]) && 1268 (remote_inaddr[1] == ip_ipv6[1]) && 1269 (remote_inaddr[2] == ip_ipv6[2]) && 1270 (remote_inaddr[3] == ip_ipv6[3]))) 1271 checkflags |= M_OBJECT; 1272 } 1273 } else if (socket_flag == SOCKFLG_PORT) { 1274 if ((local_port == obj_id) || (remote_port == obj_id)) 1275 checkflags |= M_OBJECT; 1276 } 1277 } 1278 return (-1); 1279 } 1280 1281 1282 /* 1283 * Format of subject32 token: 1284 * subject token id adr_char 1285 * auid adr_int32 1286 * euid adr_int32 1287 * egid adr_int32 1288 * ruid adr_int32 1289 * rgid adr_int32 1290 * pid adr_int32 1291 * sid adr_int32 1292 * termid adr_int32*2 1293 * 1294 */ 1295 int 1296 subject32_token(adr_t *adr) 1297 { 1298 int32_t auid, euid, egid, ruid, rgid, pid; 1299 int32_t sid; 1300 int32_t port, machine; 1301 1302 adrm_int32(adr, &auid, 1); 1303 adrm_int32(adr, &euid, 1); 1304 adrm_int32(adr, &egid, 1); 1305 adrm_int32(adr, &ruid, 1); 1306 adrm_int32(adr, &rgid, 1); 1307 adrm_int32(adr, &pid, 1); 1308 adrm_int32(adr, &sid, 1); 1309 adrm_int32(adr, &port, 1); 1310 adrm_int32(adr, &machine, 1); 1311 1312 if (flags & M_SUBJECT) { 1313 if (subj_id == pid) 1314 checkflags |= M_SUBJECT; 1315 } 1316 if (flags & M_USERA) { 1317 if (m_usera == auid) 1318 checkflags |= M_USERA; 1319 } 1320 if (flags & M_USERE) { 1321 if (m_usere == euid) 1322 checkflags |= M_USERE; 1323 } 1324 if (flags & M_USERR) { 1325 if (m_userr == ruid) 1326 checkflags |= M_USERR; 1327 } 1328 if (flags & M_GROUPR) { 1329 if (m_groupr == rgid) 1330 checkflags |= M_GROUPR; 1331 } 1332 if (flags & M_GROUPE) { 1333 if (m_groupe == egid) 1334 checkflags |= M_GROUPE; 1335 } 1336 if (flags & M_SID) { 1337 if (m_sid == sid) 1338 checkflags |= M_SID; 1339 } 1340 return (-1); 1341 } 1342 1343 /* 1344 * Format of subject32_ex token: 1345 * subject token id adr_char 1346 * auid adr_int32 1347 * euid adr_int32 1348 * egid adr_int32 1349 * ruid adr_int32 1350 * rgid adr_int32 1351 * pid adr_int32 1352 * sid adr_int32 1353 * termid_addr adr_int32*6 1354 * 1355 */ 1356 int 1357 subject32_ex_token(adr_t *adr) 1358 { 1359 int32_t auid, euid, egid, ruid, rgid, pid; 1360 int32_t sid; 1361 int32_t port, type, addr[4]; 1362 1363 adrm_int32(adr, &auid, 1); 1364 adrm_int32(adr, &euid, 1); 1365 adrm_int32(adr, &egid, 1); 1366 adrm_int32(adr, &ruid, 1); 1367 adrm_int32(adr, &rgid, 1); 1368 adrm_int32(adr, &pid, 1); 1369 adrm_int32(adr, &sid, 1); 1370 adrm_int32(adr, &port, 1); 1371 adrm_int32(adr, &type, 1); 1372 adrm_int32(adr, &addr[0], 4); 1373 1374 if (flags & M_SUBJECT) { 1375 if (subj_id == pid) 1376 checkflags = checkflags | M_SUBJECT; 1377 } 1378 if (flags & M_USERA) { 1379 if (m_usera == auid) 1380 checkflags = checkflags | M_USERA; 1381 } 1382 if (flags & M_USERE) { 1383 if (m_usere == euid) 1384 checkflags = checkflags | M_USERE; 1385 } 1386 if (flags & M_USERR) { 1387 if (m_userr == ruid) 1388 checkflags = checkflags | M_USERR; 1389 } 1390 if (flags & M_GROUPR) { 1391 if (m_groupr == egid) 1392 checkflags = checkflags | M_GROUPR; 1393 } 1394 if (flags & M_GROUPE) { 1395 if (m_groupe == egid) 1396 checkflags = checkflags | M_GROUPE; 1397 } 1398 if (flags & M_SID) { 1399 if (m_sid == sid) 1400 checkflags = checkflags | M_SID; 1401 } 1402 return (-1); 1403 } 1404 1405 /* 1406 * Format of subject64 token: 1407 * subject token id adr_char 1408 * auid adr_int32 1409 * euid adr_int32 1410 * egid adr_int32 1411 * ruid adr_int32 1412 * rgid adr_int32 1413 * pid adr_int32 1414 * sid adr_int32 1415 * termid adr_int64+adr_int32 1416 * 1417 */ 1418 int 1419 subject64_token(adr_t *adr) 1420 { 1421 int32_t auid, euid, egid, ruid, rgid, pid; 1422 int32_t sid; 1423 int64_t port; 1424 int32_t machine; 1425 1426 adrm_int32(adr, &auid, 1); 1427 adrm_int32(adr, &euid, 1); 1428 adrm_int32(adr, &egid, 1); 1429 adrm_int32(adr, &ruid, 1); 1430 adrm_int32(adr, &rgid, 1); 1431 adrm_int32(adr, &pid, 1); 1432 adrm_int32(adr, &sid, 1); 1433 adrm_int64(adr, &port, 1); 1434 adrm_int32(adr, &machine, 1); 1435 1436 if (flags & M_SUBJECT) { 1437 if (subj_id == pid) 1438 checkflags |= M_SUBJECT; 1439 } 1440 if (flags & M_USERA) { 1441 if (m_usera == auid) 1442 checkflags |= M_USERA; 1443 } 1444 if (flags & M_USERE) { 1445 if (m_usere == euid) 1446 checkflags |= M_USERE; 1447 } 1448 if (flags & M_USERR) { 1449 if (m_userr == ruid) 1450 checkflags |= M_USERR; 1451 } 1452 if (flags & M_GROUPR) { 1453 if (m_groupr == rgid) 1454 checkflags |= M_GROUPR; 1455 } 1456 if (flags & M_GROUPE) { 1457 if (m_groupe == egid) 1458 checkflags |= M_GROUPE; 1459 } 1460 if (flags & M_SID) { 1461 if (m_sid == sid) 1462 checkflags |= M_SID; 1463 } 1464 return (-1); 1465 } 1466 1467 /* 1468 * Format of subject64 token: 1469 * subject token id adr_char 1470 * auid adr_int32 1471 * euid adr_int32 1472 * egid adr_int32 1473 * ruid adr_int32 1474 * rgid adr_int32 1475 * pid adr_int32 1476 * sid adr_int32 1477 * termid adr_int64+5*adr_int32 1478 * 1479 */ 1480 int 1481 subject64_ex_token(adr_t *adr) 1482 { 1483 int32_t auid, euid, egid, ruid, rgid, pid; 1484 int32_t sid; 1485 int64_t port; 1486 int32_t type, addr[4]; 1487 1488 adrm_int32(adr, &auid, 1); 1489 adrm_int32(adr, &euid, 1); 1490 adrm_int32(adr, &egid, 1); 1491 adrm_int32(adr, &ruid, 1); 1492 adrm_int32(adr, &rgid, 1); 1493 adrm_int32(adr, &pid, 1); 1494 adrm_int32(adr, &sid, 1); 1495 adrm_int64(adr, &port, 1); 1496 adrm_int32(adr, &type, 1); 1497 adrm_int32(adr, &addr[0], 4); 1498 1499 if (flags & M_SUBJECT) { 1500 if (subj_id == pid) 1501 checkflags = checkflags | M_SUBJECT; 1502 } 1503 if (flags & M_USERA) { 1504 if (m_usera == auid) 1505 checkflags = checkflags | M_USERA; 1506 } 1507 if (flags & M_USERE) { 1508 if (m_usere == euid) 1509 checkflags = checkflags | M_USERE; 1510 } 1511 if (flags & M_USERR) { 1512 if (m_userr == ruid) 1513 checkflags = checkflags | M_USERR; 1514 } 1515 if (flags & M_GROUPR) { 1516 if (m_groupr == egid) 1517 checkflags = checkflags | M_GROUPR; 1518 } 1519 if (flags & M_GROUPE) { 1520 if (m_groupe == egid) 1521 checkflags = checkflags | M_GROUPE; 1522 } 1523 if (flags & M_SID) { 1524 if (m_sid == sid) 1525 checkflags = checkflags | M_SID; 1526 } 1527 return (-1); 1528 } 1529 1530 /* 1531 * ----------------------------------------------------------------------- 1532 * tid_token(): Process tid token and display contents 1533 * 1534 * Format of tid token: 1535 * tid token id adr_char 1536 * address type adr_char 1537 * For address type of AU_IPADR... 1538 * remote port adr_short 1539 * local port adr_short 1540 * IP type adr_int32 1541 * IP addr adr_int32 if IPv4 1542 * IP addr 4 x adr_int32 if IPv6 1543 * address types other than AU_IPADR are not yet defined 1544 * ----------------------------------------------------------------------- 1545 */ 1546 int 1547 tid_token(adr_t *adr) 1548 { 1549 int32_t address[4]; 1550 int32_t ip_type; 1551 char tid_type; 1552 short rport; 1553 short lport; 1554 1555 adrm_char(adr, &tid_type, 1); 1556 switch (tid_type) { 1557 case AU_IPADR: 1558 adrm_short(adr, &rport, 1); 1559 adrm_short(adr, &lport, 1); 1560 adrm_int32(adr, &ip_type, 1); 1561 adrm_char(adr, (char *)&address, ip_type); 1562 break; 1563 default: 1564 return (0); 1565 } 1566 return (-1); 1567 } 1568 1569 /* 1570 * ----------------------------------------------------------------------- 1571 * zonename_token(): Process zonename token and display contents 1572 * 1573 * Format of zonename token: 1574 * zonename token id adr_char 1575 * zone name adr_string 1576 * ----------------------------------------------------------------------- 1577 */ 1578 int 1579 zonename_token(adr_t *adr) 1580 { 1581 char *name; 1582 1583 if (flags & M_ZONENAME) { 1584 get_string(adr, &name); 1585 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1586 checkflags |= M_ZONENAME; 1587 free(name); 1588 } else { 1589 skip_string(adr); 1590 } 1591 return (-1); 1592 } 1593 1594 /* 1595 * fmri_token(): 1596 * 1597 * Format of fmri token: 1598 * fmri adr_string 1599 */ 1600 int 1601 fmri_token(adr_t *adr) 1602 { 1603 if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) { 1604 char *fmri_name; 1605 1606 get_string(adr, &fmri_name); 1607 1608 /* match token against service instance */ 1609 if (scf_cmp_pattern(fmri_name, &fmri) == 1) { 1610 checkflags |= M_OBJECT; 1611 } 1612 free(fmri_name); 1613 } else { 1614 skip_string(adr); 1615 } 1616 return (-1); 1617 } 1618 1619 /* 1620 * Format of xatom token: 1621 */ 1622 int 1623 xatom_token(adr_t *adr) 1624 { 1625 skip_string(adr); 1626 1627 return (-1); 1628 } 1629 1630 /* 1631 * Format of xselect token: 1632 */ 1633 int 1634 xselect_token(adr_t *adr) 1635 { 1636 skip_string(adr); 1637 skip_string(adr); 1638 skip_string(adr); 1639 1640 return (-1); 1641 } 1642 1643 /* 1644 * anchor a path name with a slash 1645 * assume we have enough space 1646 */ 1647 void 1648 anchor_path(char *path) 1649 { 1650 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1651 *path = '/'; 1652 } 1653 1654 1655 /* 1656 * copy path to collapsed path. 1657 * collapsed path does not contain: 1658 * successive slashes 1659 * instances of dot-slash 1660 * instances of dot-dot-slash 1661 * passed path must be anchored with a '/' 1662 */ 1663 char * 1664 collapse_path(char *s) 1665 { 1666 int id; /* index of where we are in destination string */ 1667 int is; /* index of where we are in source string */ 1668 int slashseen; /* have we seen a slash */ 1669 int ls; /* length of source string */ 1670 1671 ls = strlen(s) + 1; 1672 1673 slashseen = 0; 1674 for (is = 0, id = 0; is < ls; is++) { 1675 /* thats all folks, we've reached the end of input */ 1676 if (s[is] == '\0') { 1677 if (id > 1 && s[id-1] == '/') { 1678 --id; 1679 } 1680 s[id++] = '\0'; 1681 break; 1682 } 1683 /* previous character was a / */ 1684 if (slashseen) { 1685 if (s[is] == '/') 1686 continue; /* another slash, ignore it */ 1687 } else if (s[is] == '/') { 1688 /* we see a /, just copy it and try again */ 1689 slashseen = 1; 1690 s[id++] = '/'; 1691 continue; 1692 } 1693 /* /./ seen */ 1694 if (s[is] == '.' && s[is+1] == '/') { 1695 is += 1; 1696 continue; 1697 } 1698 /* XXX/. seen */ 1699 if (s[is] == '.' && s[is+1] == '\0') { 1700 if (id > 1) 1701 id--; 1702 continue; 1703 } 1704 /* XXX/.. seen */ 1705 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1706 is += 1; 1707 if (id > 0) 1708 id--; 1709 while (id > 0 && s[--id] != '/'); 1710 id++; 1711 continue; 1712 } 1713 /* XXX/../ seen */ 1714 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1715 is += 2; 1716 if (id > 0) 1717 id--; 1718 while (id > 0 && s[--id] != '/'); 1719 id++; 1720 continue; 1721 } 1722 while (is < ls && (s[id++] = s[is++]) != '/'); 1723 is--; 1724 } 1725 return (s); 1726 } 1727 1728 1729 int 1730 ipc_type_match(int flag, char type) 1731 { 1732 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1733 return (1); 1734 1735 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1736 return (1); 1737 1738 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1739 return (1); 1740 1741 return (0); 1742 } 1743 1744 1745 void 1746 skip_string(adr_t *adr) 1747 { 1748 ushort_t c; 1749 1750 adrm_u_short(adr, &c, 1); 1751 adr->adr_now += c; 1752 } 1753 1754 1755 void 1756 get_string(adr_t *adr, char **p) 1757 { 1758 ushort_t c; 1759 1760 adrm_u_short(adr, &c, 1); 1761 *p = a_calloc(1, (size_t)c); 1762 adrm_char(adr, *p, c); 1763 } 1764 1765 1766 /* 1767 * Format of host token: 1768 * host ard_uint32 1769 */ 1770 int 1771 host_token(adr_t *adr) 1772 { 1773 uint32_t host; 1774 1775 adrm_u_int32(adr, &host, 1); 1776 1777 return (-1); 1778 } 1779 1780 /* 1781 * Format of useofauth token: 1782 * uauth token id adr_char 1783 * uauth adr_string 1784 * 1785 */ 1786 int 1787 useofauth_token(adr_t *adr) 1788 { 1789 skip_string(adr); 1790 return (-1); 1791 } 1792 1793 int 1794 xcolormap_token(adr_t *adr) 1795 { 1796 return (xgeneric(adr)); 1797 } 1798 1799 int 1800 xcursor_token(adr_t *adr) 1801 { 1802 return (xgeneric(adr)); 1803 } 1804 1805 int 1806 xfont_token(adr_t *adr) 1807 { 1808 return (xgeneric(adr)); 1809 } 1810 1811 int 1812 xgc_token(adr_t *adr) 1813 { 1814 return (xgeneric(adr)); 1815 } 1816 1817 int 1818 xpixmap_token(adr_t *adr) 1819 { 1820 return (xgeneric(adr)); 1821 } 1822 1823 int 1824 xwindow_token(adr_t *adr) 1825 { 1826 return (xgeneric(adr)); 1827 } 1828 1829 1830 /* 1831 * Format of xgeneric token: 1832 * XID adr_int32 1833 * creator UID adr_int32 1834 * 1835 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1836 */ 1837 int 1838 xgeneric(adr_t *adr) 1839 { 1840 int32_t xid; 1841 int32_t uid; 1842 1843 adrm_int32(adr, &xid, 1); 1844 adrm_int32(adr, &uid, 1); 1845 1846 if (flags & M_USERE) { 1847 if (m_usere == uid) 1848 checkflags = checkflags | M_USERE; 1849 } 1850 1851 return (-1); 1852 } 1853 1854 1855 /* 1856 * Format of xproperty token: 1857 * XID adr_int32 1858 * creator UID adr_int32 1859 * atom string adr_string 1860 */ 1861 int 1862 xproperty_token(adr_t *adr) 1863 { 1864 int32_t xid; 1865 int32_t uid; 1866 1867 adrm_int32(adr, &xid, 1); 1868 adrm_int32(adr, &uid, 1); 1869 skip_string(adr); 1870 1871 if (flags & M_USERE) { 1872 if (m_usere == uid) 1873 checkflags = checkflags | M_USERE; 1874 } 1875 1876 return (-1); 1877 } 1878 1879 1880 /* 1881 * Format of xclient token: 1882 * xclient id adr_int32 1883 */ 1884 int 1885 xclient_token(adr_t *adr) 1886 { 1887 int32_t client_id; 1888 1889 adrm_int32(adr, &client_id, 1); 1890 1891 return (-1); 1892 } 1893 1894 /* 1895 * Format of privilege set token: 1896 * priv_set type string 1897 * priv_set string 1898 */ 1899 1900 int 1901 privilege_token(adr_t *adr) 1902 { 1903 skip_string(adr); /* set type name */ 1904 skip_string(adr); /* privilege set */ 1905 return (-1); 1906 } 1907 1908 /* 1909 * Format of slabel token: 1910 * slabel adr_char*(sizeof (bslabel_t)) 1911 */ 1912 int 1913 slabel_token(adr_t *adr) 1914 { 1915 bslabel_t slabel; 1916 1917 adrm_char(adr, (char *)&slabel, sizeof (slabel)); 1918 1919 if (flags & M_LABEL) { 1920 if (blinrange(&slabel, m_label)) 1921 checkflags = checkflags | M_LABEL; 1922 } 1923 1924 return (-1); 1925 } 1926 1927 1928 /* 1929 * Format of useofpriv token: 1930 * success/failure adr_char 1931 * TSOL: 1932 * privilege adr_int32 1933 * SOL: 1934 * privilege(s) adr_string 1935 */ 1936 #ifndef TSOL 1937 /* ARGSUSED */ 1938 #endif /* !TSOL */ 1939 int 1940 useofpriv_token(adr_t *adr) 1941 { 1942 char flag; 1943 1944 #ifdef TSOL 1945 priv_t priv; 1946 1947 adrm_char(adr, &flag, 1); 1948 adrm_int32(adr, (int32_t *)&priv, 1); 1949 1950 return (-1); 1951 #else /* !TSOL */ 1952 1953 adrm_char(adr, &flag, 1); 1954 skip_string(adr); 1955 return (-1); 1956 #endif /* TSOL */ 1957 } 1958