1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Token processing for auditreduce. 30 */ 31 32 #include <locale.h> 33 #include <sys/zone.h> 34 #include "auditr.h" 35 #include "toktable.h" 36 37 extern int re_exec2(char *); 38 39 static void anchor_path(char *path); 40 static char *collapse_path(char *s); 41 static void get_string(adr_t *adr, char **p); 42 static int ipc_type_match(int flag, char type); 43 static void skip_string(adr_t *adr); 44 static int xgeneric(adr_t *adr); 45 46 #if AUDIT_REC 47 void 48 print_id(int id) 49 { 50 char *suffix; 51 52 if ((id < 0) || (id > MAXTOKEN) || 53 (tokentable[id].func == NOFUNC)) { 54 (void) fprintf(stderr, 55 "token_processing: token %d not found\n", id); 56 return; 57 } 58 59 switch (id) { 60 case AUT_NEWGROUPS: 61 suffix = "_new"; 62 break; 63 case AUT_ATTR32: 64 suffix = "32"; 65 break; 66 case AUT_ARG64: 67 case AUT_RETURN64: 68 case AUT_ATTR64: 69 case AUT_HEADER64: 70 case AUT_SUBJECT64: 71 case AUT_PROCESS64: 72 case AUT_OTHER_FILE64: 73 suffix = "64"; 74 break; 75 case AUT_SOCKET_EX: 76 case AUT_IN_ADDR_EX: 77 suffix = "_ex"; 78 break; 79 case AUT_HEADER32_EX: 80 case AUT_SUBJECT32_EX: 81 case AUT_PROCESS32_EX: 82 suffix = "32_ex"; 83 break; 84 case AUT_HEADER64_EX: 85 case AUT_SUBJECT64_EX: 86 case AUT_PROCESS64_EX: 87 suffix = "64_ex"; 88 break; 89 default: 90 suffix = ""; 91 break; 92 } 93 (void) fprintf(stderr, "token_processing: %s%s\n", 94 tokentable[id].t_name, suffix); 95 } 96 #endif /* AUDIT_REC */ 97 98 /* 99 * Process a token in a record to determine whether the record is interesting. 100 */ 101 102 int 103 token_processing(adr_t *adr, int tokenid) 104 { 105 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 106 (tokentable[tokenid].func != NOFUNC)) { 107 #if AUDIT_REC 108 print_id(tokenid); 109 #endif /* AUDIT_REC */ 110 return ((*tokentable[tokenid].func)(adr)); 111 } 112 113 /* here if token id is not in table */ 114 return (-2); 115 } 116 117 118 /* There should not be any file or header tokens in the middle of a record */ 119 120 /* ARGSUSED */ 121 int 122 file_token(adr_t *adr) 123 { 124 return (-2); 125 } 126 127 /* ARGSUSED */ 128 int 129 file64_token(adr_t *adr) 130 { 131 return (-2); 132 } 133 134 /* ARGSUSED */ 135 int 136 header_token(adr_t *adr) 137 { 138 return (-2); 139 } 140 141 /* ARGSUSED */ 142 int 143 header32_ex_token(adr_t *adr) 144 { 145 return (-2); 146 } 147 148 /* ARGSUSED */ 149 int 150 header64_ex_token(adr_t *adr) 151 { 152 return (-2); 153 } 154 155 /* ARGSUSED */ 156 int 157 header64_token(adr_t *adr) 158 { 159 return (-2); 160 } 161 162 163 /* 164 * ====================================================== 165 * The following token processing routines return 166 * -1: if the record is not interesting 167 * -2: if an error is found 168 * ====================================================== 169 */ 170 171 int 172 trailer_token(adr_t *adr) 173 { 174 short magic_number; 175 uint32_t bytes; 176 177 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 178 if (magic_number != AUT_TRAILER_MAGIC) { 179 (void) fprintf(stderr, "%s\n", 180 gettext("auditreduce: Bad trailer token")); 181 return (-2); 182 } 183 adrm_u_int32(adr, &bytes, 1); 184 185 return (-1); 186 } 187 188 189 /* 190 * Format of arbitrary data token: 191 * arbitrary data token id adr char 192 * how to print adr_char 193 * basic unit adr_char 194 * unit count adr_char, specifying number of units of 195 * data items depends on basic unit 196 * 197 */ 198 int 199 arbitrary_data_token(adr_t *adr) 200 { 201 int i; 202 char c1; 203 short c2; 204 int32_t c3; 205 int64_t c4; 206 char how_to_print, basic_unit, unit_count; 207 208 /* get how_to_print, basic_unit, and unit_count */ 209 adrm_char(adr, &how_to_print, 1); 210 adrm_char(adr, &basic_unit, 1); 211 adrm_char(adr, &unit_count, 1); 212 for (i = 0; i < unit_count; i++) { 213 switch (basic_unit) { 214 /* case AUR_BYTE: has same value as AUR_CHAR */ 215 case AUR_CHAR: 216 adrm_char(adr, &c1, 1); 217 break; 218 case AUR_SHORT: 219 adrm_short(adr, &c2, 1); 220 break; 221 case AUR_INT32: 222 adrm_int32(adr, (int32_t *)&c3, 1); 223 break; 224 case AUR_INT64: 225 adrm_int64(adr, (int64_t *)&c4, 1); 226 break; 227 default: 228 return (-2); 229 break; 230 } 231 } 232 return (-1); 233 } 234 235 236 /* 237 * Format of opaque token: 238 * opaque token id adr_char 239 * size adr_short 240 * data adr_char, size times 241 * 242 */ 243 int 244 opaque_token(adr_t *adr) 245 { 246 skip_string(adr); 247 return (-1); 248 } 249 250 251 252 /* 253 * Format of return32 value token: 254 * return value token id adr_char 255 * error number adr_char 256 * return value adr_u_int32 257 * 258 */ 259 int 260 return_value32_token(adr_t *adr) 261 { 262 char errnum; 263 uint32_t value; 264 265 adrm_char(adr, &errnum, 1); 266 adrm_u_int32(adr, &value, 1); 267 if ((flags & M_SORF) && 268 ((global_class & mask.am_success) && (errnum == 0)) || 269 ((global_class & mask.am_failure) && (errnum != 0))) { 270 checkflags |= M_SORF; 271 } 272 return (-1); 273 } 274 275 /* 276 * Format of return64 value token: 277 * return value token id adr_char 278 * error number adr_char 279 * return value adr_u_int64 280 * 281 */ 282 int 283 return_value64_token(adr_t *adr) 284 { 285 char errnum; 286 uint64_t value; 287 288 adrm_char(adr, &errnum, 1); 289 adrm_u_int64(adr, &value, 1); 290 if ((flags & M_SORF) && 291 ((global_class & mask.am_success) && (errnum == 0)) || 292 ((global_class & mask.am_failure) && (errnum != 0))) { 293 checkflags |= M_SORF; 294 } 295 return (-1); 296 } 297 298 299 /* 300 * Format of sequence token: 301 * sequence token id adr_char 302 * audit_count int32_t 303 * 304 */ 305 int 306 sequence_token(adr_t *adr) 307 { 308 int32_t audit_count; 309 310 adrm_int32(adr, &audit_count, 1); 311 return (-1); 312 } 313 314 315 /* 316 * Format of text token: 317 * text token id adr_char 318 * text adr_string 319 * 320 */ 321 int 322 text_token(adr_t *adr) 323 { 324 skip_string(adr); 325 return (-1); 326 } 327 328 329 /* 330 * Format of ip_addr token: 331 * ip token id adr_char 332 * address adr_int32 333 * 334 */ 335 int 336 ip_addr_token(adr_t *adr) 337 { 338 int32_t address; 339 340 adrm_char(adr, (char *)&address, 4); 341 342 return (-1); 343 } 344 345 /* 346 * Format of ip_addr_ex token: 347 * ip token id adr_char 348 * ip type adr_int32 349 * address 4*adr_int32 350 * 351 */ 352 int 353 ip_addr_ex_token(adr_t *adr) 354 { 355 int32_t address[4]; 356 int32_t type; 357 358 adrm_int32(adr, (int32_t *)&type, 1); 359 adrm_int32(adr, (int32_t *)&address, 4); 360 361 return (-1); 362 } 363 364 /* 365 * Format of ip token: 366 * ip header token id adr_char 367 * version adr_char 368 * type of service adr_char 369 * length adr_short 370 * id adr_u_short 371 * offset adr_u_short 372 * ttl adr_char 373 * protocol adr_char 374 * checksum adr_u_short 375 * source address adr_int32 376 * destination address adr_int32 377 * 378 */ 379 int 380 ip_token(adr_t *adr) 381 { 382 char version; 383 char type; 384 short len; 385 unsigned short id, offset, checksum; 386 char ttl, protocol; 387 int32_t src, dest; 388 389 adrm_char(adr, &version, 1); 390 adrm_char(adr, &type, 1); 391 adrm_short(adr, &len, 1); 392 adrm_u_short(adr, &id, 1); 393 adrm_u_short(adr, &offset, 1); 394 adrm_char(adr, &ttl, 1); 395 adrm_char(adr, &protocol, 1); 396 adrm_u_short(adr, &checksum, 1); 397 adrm_char(adr, (char *)&src, 4); 398 adrm_char(adr, (char *)&dest, 4); 399 400 return (-1); 401 } 402 403 404 /* 405 * Format of iport token: 406 * ip port address token id adr_char 407 * port address adr_short 408 * 409 */ 410 int 411 iport_token(adr_t *adr) 412 { 413 short address; 414 415 adrm_short(adr, &address, 1); 416 417 return (-1); 418 } 419 420 421 /* 422 * Format of groups token: 423 * group token id adr_char 424 * group list adr_int32, 16 times 425 * 426 */ 427 int 428 group_token(adr_t *adr) 429 { 430 int gid[16]; 431 int i; 432 int flag = 0; 433 434 for (i = 0; i < 16; i++) { 435 adrm_int32(adr, (int32_t *)&gid[i], 1); 436 if (flags & M_GROUPR) { 437 if ((unsigned short)m_groupr == gid[i]) 438 flag = 1; 439 } 440 } 441 442 if (flags & M_GROUPR) { 443 if (flag) 444 checkflags |= M_GROUPR; 445 } 446 return (-1); 447 } 448 449 /* 450 * Format of newgroups token: 451 * group token id adr_char 452 * number of groups adr_short 453 * group list adr_int32, "number" times 454 * 455 */ 456 int 457 newgroup_token(adr_t *adr) 458 { 459 gid_t gid; 460 int i; 461 short int number; 462 463 adrm_short(adr, &number, 1); 464 465 for (i = 0; i < number; i++) { 466 adrm_int32(adr, (int32_t *)&gid, 1); 467 if (flags & M_GROUPR) { 468 if (m_groupr == gid) 469 checkflags |= M_GROUPR; 470 } 471 } 472 473 return (-1); 474 } 475 476 /* 477 * Format of argument32 token: 478 * argument token id adr_char 479 * argument number adr_char 480 * argument value adr_int32 481 * argument description adr_string 482 * 483 */ 484 int 485 argument32_token(adr_t *adr) 486 { 487 char arg_num; 488 int32_t arg_val; 489 490 adrm_char(adr, &arg_num, 1); 491 adrm_int32(adr, &arg_val, 1); 492 skip_string(adr); 493 494 return (-1); 495 } 496 497 /* 498 * Format of argument64 token: 499 * argument token id adr_char 500 * argument number adr_char 501 * argument value adr_int64 502 * argument description adr_string 503 * 504 */ 505 int 506 argument64_token(adr_t *adr) 507 { 508 char arg_num; 509 int64_t arg_val; 510 511 adrm_char(adr, &arg_num, 1); 512 adrm_int64(adr, &arg_val, 1); 513 skip_string(adr); 514 515 return (-1); 516 } 517 518 int 519 acl_token(adr_t *adr) 520 { 521 522 int32_t id; 523 int32_t mode; 524 int32_t type; 525 526 adrm_int32(adr, &type, 1); 527 adrm_int32(adr, &id, 1); 528 adrm_int32(adr, &mode, 1); 529 530 return (-1); 531 } 532 533 /* 534 * Format of attribute token: (old pre SunOS 5.7 format) 535 * attribute token id adr_char 536 * mode adr_int32 (printed in octal) 537 * uid adr_int32 538 * gid adr_int32 539 * file system id adr_int32 540 * node id adr_int32 541 * device adr_int32 542 * 543 */ 544 int 545 attribute_token(adr_t *adr) 546 { 547 int32_t dev; 548 int32_t file_sysid; 549 int32_t gid; 550 int32_t mode; 551 int32_t nodeid; 552 int32_t uid; 553 554 adrm_int32(adr, &mode, 1); 555 adrm_int32(adr, &uid, 1); 556 adrm_int32(adr, &gid, 1); 557 adrm_int32(adr, &file_sysid, 1); 558 adrm_int32(adr, &nodeid, 1); 559 adrm_int32(adr, &dev, 1); 560 561 if (!new_mode && (flags & M_USERE)) { 562 if (m_usere == uid) 563 checkflags |= M_USERE; 564 } 565 if (!new_mode && (flags & M_GROUPE)) { 566 if (m_groupe == gid) 567 checkflags |= M_GROUPE; 568 } 569 570 if (flags & M_OBJECT) { 571 if ((obj_flag & OBJ_FGROUP) && 572 (obj_group == gid)) 573 checkflags |= M_OBJECT; 574 else if ((obj_flag & OBJ_FOWNER) && 575 (obj_owner == uid)) 576 checkflags |= M_OBJECT; 577 } 578 return (-1); 579 } 580 581 /* 582 * Format of attribute32 token: 583 * attribute token id adr_char 584 * mode adr_int32 (printed in octal) 585 * uid adr_int32 586 * gid adr_int32 587 * file system id adr_int32 588 * node id adr_int64 589 * device adr_int32 590 * 591 */ 592 int 593 attribute32_token(adr_t *adr) 594 { 595 int32_t dev; 596 int32_t file_sysid; 597 int32_t gid; 598 int32_t mode; 599 int64_t nodeid; 600 int32_t uid; 601 602 adrm_int32(adr, &mode, 1); 603 adrm_int32(adr, &uid, 1); 604 adrm_int32(adr, &gid, 1); 605 adrm_int32(adr, &file_sysid, 1); 606 adrm_int64(adr, &nodeid, 1); 607 adrm_int32(adr, &dev, 1); 608 609 if (!new_mode && (flags & M_USERE)) { 610 if (m_usere == uid) 611 checkflags |= M_USERE; 612 } 613 if (!new_mode && (flags & M_GROUPE)) { 614 if (m_groupe == gid) 615 checkflags |= M_GROUPE; 616 } 617 618 if (flags & M_OBJECT) { 619 if ((obj_flag & OBJ_FGROUP) && 620 (obj_group == gid)) 621 checkflags |= M_OBJECT; 622 else if ((obj_flag & OBJ_FOWNER) && 623 (obj_owner == uid)) 624 checkflags |= M_OBJECT; 625 } 626 return (-1); 627 } 628 629 /* 630 * Format of attribute64 token: 631 * attribute token id adr_char 632 * mode adr_int32 (printed in octal) 633 * uid adr_int32 634 * gid adr_int32 635 * file system id adr_int32 636 * node id adr_int64 637 * device adr_int64 638 * 639 */ 640 int 641 attribute64_token(adr_t *adr) 642 { 643 int64_t dev; 644 int32_t file_sysid; 645 int32_t gid; 646 int32_t mode; 647 int64_t nodeid; 648 int32_t uid; 649 650 adrm_int32(adr, &mode, 1); 651 adrm_int32(adr, &uid, 1); 652 adrm_int32(adr, &gid, 1); 653 adrm_int32(adr, &file_sysid, 1); 654 adrm_int64(adr, &nodeid, 1); 655 adrm_int64(adr, &dev, 1); 656 657 if (!new_mode && (flags & M_USERE)) { 658 if (m_usere == uid) 659 checkflags |= M_USERE; 660 } 661 if (!new_mode && (flags & M_GROUPE)) { 662 if (m_groupe == gid) 663 checkflags |= M_GROUPE; 664 } 665 666 if (flags & M_OBJECT) { 667 if ((obj_flag & OBJ_FGROUP) && 668 (obj_group == gid)) 669 checkflags |= M_OBJECT; 670 else if ((obj_flag & OBJ_FOWNER) && 671 (obj_owner == uid)) 672 checkflags |= M_OBJECT; 673 } 674 return (-1); 675 } 676 677 678 /* 679 * Format of command token: 680 * attribute token id adr_char 681 * argc adr_short 682 * argv len adr_short variable amount of argv len 683 * argv text argv len and text 684 * . 685 * . 686 * . 687 * envp count adr_short variable amount of envp len 688 * envp len adr_short and text 689 * envp text envp len 690 * . 691 * . 692 * . 693 * 694 */ 695 int 696 cmd_token(adr_t *adr) 697 { 698 short cnt; 699 short i; 700 701 adrm_short(adr, &cnt, 1); 702 703 for (i = 0; i < cnt; i++) 704 skip_string(adr); 705 706 adrm_short(adr, &cnt, 1); 707 708 for (i = 0; i < cnt; i++) 709 skip_string(adr); 710 711 return (-1); 712 } 713 714 715 /* 716 * Format of exit token: 717 * attribute token id adr_char 718 * return value adr_int32 719 * errno adr_int32 720 * 721 */ 722 int 723 exit_token(adr_t *adr) 724 { 725 int32_t retval; 726 int32_t errno; 727 728 adrm_int32(adr, &retval, 1); 729 adrm_int32(adr, &errno, 1); 730 return (-1); 731 } 732 733 /* 734 * Format of strings array token: 735 * token id adr_char 736 * count value adr_int32 737 * strings null terminated strings 738 */ 739 static int 740 strings_common_token(adr_t *adr) 741 { 742 int count, i; 743 char c; 744 745 adrm_int32(adr, (int32_t *)&count, 1); 746 for (i = 1; i <= count; i++) { 747 adrm_char(adr, &c, 1); 748 while (c != (char)0) 749 adrm_char(adr, &c, 1); 750 } 751 /* no dump option here, since we will have variable length fields */ 752 return (-1); 753 } 754 755 int 756 path_attr_token(adr_t *adr) 757 { 758 return (strings_common_token(adr)); 759 } 760 761 int 762 exec_args_token(adr_t *adr) 763 { 764 return (strings_common_token(adr)); 765 } 766 767 int 768 exec_env_token(adr_t *adr) 769 { 770 return (strings_common_token(adr)); 771 } 772 773 /* 774 * Format of liaison token: 775 */ 776 int 777 liaison_token(adr_t *adr) 778 { 779 int32_t li; 780 781 adrm_int32(adr, &li, 1); 782 return (-1); 783 } 784 785 786 /* 787 * Format of path token: 788 * path adr_string 789 */ 790 int 791 path_token(adr_t *adr) 792 { 793 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 794 char *path; 795 796 get_string(adr, &path); 797 if (path[0] != '/') 798 /* 799 * anchor the path. user apps may not do it. 800 */ 801 anchor_path(path); 802 /* 803 * match against the collapsed path. that is what user sees. 804 */ 805 if (re_exec2(collapse_path(path)) == 1) 806 checkflags |= M_OBJECT; 807 free(path); 808 } else { 809 skip_string(adr); 810 } 811 return (-1); 812 } 813 814 815 /* 816 * Format of System V IPC permission token: 817 * System V IPC permission token id adr_char 818 * uid adr_int32 819 * gid adr_int32 820 * cuid adr_int32 821 * cgid adr_int32 822 * mode adr_int32 823 * seq adr_int32 824 * key adr_int32 825 */ 826 int 827 s5_IPC_perm_token(adr_t *adr) 828 { 829 int32_t uid, gid, cuid, cgid, mode, seq; 830 int32_t key; 831 832 adrm_int32(adr, &uid, 1); 833 adrm_int32(adr, &gid, 1); 834 adrm_int32(adr, &cuid, 1); 835 adrm_int32(adr, &cgid, 1); 836 adrm_int32(adr, &mode, 1); 837 adrm_int32(adr, &seq, 1); 838 adrm_int32(adr, &key, 1); 839 840 if (!new_mode && (flags & M_USERE)) { 841 if (m_usere == uid) 842 checkflags |= M_USERE; 843 } 844 845 if (!new_mode && (flags & M_USERE)) { 846 if (m_usere == cuid) 847 checkflags |= M_USERE; 848 } 849 850 if (!new_mode && (flags & M_GROUPR)) { 851 if (m_groupr == gid) 852 checkflags |= M_GROUPR; 853 } 854 855 if (!new_mode && (flags & M_GROUPR)) { 856 if (m_groupr == cgid) 857 checkflags |= M_GROUPR; 858 } 859 860 if ((flags & M_OBJECT) && 861 ((obj_owner == uid) || 862 (obj_owner == cuid) || 863 (obj_group == gid) || 864 (obj_group == cgid))) { 865 866 switch (obj_flag) { 867 case OBJ_MSGGROUP: 868 case OBJ_MSGOWNER: 869 if (ipc_type_match(OBJ_MSG, ipc_type)) 870 checkflags |= M_OBJECT; 871 break; 872 case OBJ_SEMGROUP: 873 case OBJ_SEMOWNER: 874 if (ipc_type_match(OBJ_SEM, ipc_type)) 875 checkflags |= M_OBJECT; 876 break; 877 case OBJ_SHMGROUP: 878 case OBJ_SHMOWNER: 879 if (ipc_type_match(OBJ_SHM, ipc_type)) 880 checkflags |= M_OBJECT; 881 break; 882 } 883 } 884 return (-1); 885 } 886 887 888 /* 889 * Format of process32 token: 890 * process token id adr_char 891 * auid adr_int32 892 * euid adr_int32 893 * egid adr_int32 894 * ruid adr_int32 895 * rgid adr_int32 896 * pid adr_int32 897 * sid adr_int32 898 * termid adr_int32*2 899 * 900 */ 901 int 902 process32_token(adr_t *adr) 903 { 904 int32_t auid, euid, egid, ruid, rgid, pid; 905 int32_t sid; 906 int32_t port, machine; 907 908 adrm_int32(adr, &auid, 1); 909 adrm_int32(adr, &euid, 1); 910 adrm_int32(adr, &egid, 1); 911 adrm_int32(adr, &ruid, 1); 912 adrm_int32(adr, &rgid, 1); 913 adrm_int32(adr, &pid, 1); 914 adrm_int32(adr, &sid, 1); 915 adrm_int32(adr, &port, 1); 916 adrm_int32(adr, &machine, 1); 917 918 if (!new_mode && (flags & M_USERA)) { 919 if (m_usera == auid) 920 checkflags |= M_USERA; 921 } 922 if (!new_mode && (flags & M_USERE)) { 923 if (m_usere == euid) 924 checkflags |= M_USERE; 925 } 926 if (!new_mode && (flags & M_USERR)) { 927 if (m_userr == ruid) 928 checkflags |= M_USERR; 929 } 930 if (!new_mode && (flags & M_GROUPR)) { 931 if (m_groupr == rgid) 932 checkflags |= M_GROUPR; 933 } 934 if (!new_mode && (flags & M_GROUPE)) { 935 if (m_groupe == egid) 936 checkflags |= M_GROUPE; 937 } 938 939 if (flags & M_OBJECT) { 940 if ((obj_flag & OBJ_PROC) && 941 (obj_id == pid)) { 942 checkflags |= M_OBJECT; 943 } else if ((obj_flag & OBJ_PGROUP) && 944 ((obj_group == egid) || 945 (obj_group == rgid))) { 946 checkflags |= M_OBJECT; 947 } else if ((obj_flag & OBJ_POWNER) && 948 ((obj_owner == euid) || 949 (obj_group == ruid))) { 950 checkflags |= M_OBJECT; 951 } 952 } 953 return (-1); 954 } 955 956 /* 957 * Format of process32 token: 958 * process token id adr_char 959 * auid adr_int32 960 * euid adr_int32 961 * egid adr_int32 962 * ruid adr_int32 963 * rgid adr_int32 964 * pid adr_int32 965 * sid adr_int32 966 * termid adr_int32*6 967 * 968 */ 969 int 970 process32_ex_token(adr_t *adr) 971 { 972 int32_t auid, euid, egid, ruid, rgid, pid; 973 int32_t sid; 974 int32_t port, type, addr[4]; 975 976 adrm_int32(adr, &auid, 1); 977 adrm_int32(adr, &euid, 1); 978 adrm_int32(adr, &egid, 1); 979 adrm_int32(adr, &ruid, 1); 980 adrm_int32(adr, &rgid, 1); 981 adrm_int32(adr, &pid, 1); 982 adrm_int32(adr, &sid, 1); 983 adrm_int32(adr, &port, 1); 984 adrm_int32(adr, &type, 1); 985 adrm_int32(adr, &addr[0], 4); 986 987 if (!new_mode && (flags & M_USERA)) { 988 if (m_usera == auid) 989 checkflags = checkflags | M_USERA; 990 } 991 if (!new_mode && (flags & M_USERE)) { 992 if (m_usere == euid) 993 checkflags = checkflags | M_USERE; 994 } 995 if (!new_mode && (flags & M_USERR)) { 996 if (m_userr == ruid) 997 checkflags = checkflags | M_USERR; 998 } 999 if (!new_mode && (flags & M_GROUPR)) { 1000 if (m_groupr == egid) 1001 checkflags = checkflags | M_GROUPR; 1002 } 1003 if (!new_mode && (flags & M_GROUPE)) { 1004 if (m_groupe == egid) 1005 checkflags = checkflags | M_GROUPE; 1006 } 1007 1008 if (flags & M_OBJECT) { 1009 if ((obj_flag & OBJ_PROC) && 1010 (obj_id == pid)) { 1011 checkflags = checkflags | M_OBJECT; 1012 } else if ((obj_flag & OBJ_PGROUP) && 1013 ((obj_group == egid) || 1014 (obj_group == rgid))) { 1015 checkflags = checkflags | M_OBJECT; 1016 } else if ((obj_flag & OBJ_POWNER) && 1017 ((obj_owner == euid) || 1018 (obj_group == ruid))) { 1019 checkflags = checkflags | M_OBJECT; 1020 } 1021 } 1022 return (-1); 1023 } 1024 1025 /* 1026 * Format of process64 token: 1027 * process token id adr_char 1028 * auid adr_int32 1029 * euid adr_int32 1030 * egid adr_int32 1031 * ruid adr_int32 1032 * rgid adr_int32 1033 * pid adr_int32 1034 * sid adr_int32 1035 * termid adr_int64+adr_int32 1036 * 1037 */ 1038 int 1039 process64_token(adr_t *adr) 1040 { 1041 int32_t auid, euid, egid, ruid, rgid, pid; 1042 int32_t sid; 1043 int64_t port; 1044 int32_t machine; 1045 1046 adrm_int32(adr, &auid, 1); 1047 adrm_int32(adr, &euid, 1); 1048 adrm_int32(adr, &egid, 1); 1049 adrm_int32(adr, &ruid, 1); 1050 adrm_int32(adr, &rgid, 1); 1051 adrm_int32(adr, &pid, 1); 1052 adrm_int32(adr, &sid, 1); 1053 adrm_int64(adr, &port, 1); 1054 adrm_int32(adr, &machine, 1); 1055 1056 if (!new_mode && (flags & M_USERA)) { 1057 if (m_usera == auid) 1058 checkflags |= M_USERA; 1059 } 1060 if (!new_mode && (flags & M_USERE)) { 1061 if (m_usere == euid) 1062 checkflags |= M_USERE; 1063 } 1064 if (!new_mode && (flags & M_USERR)) { 1065 if (m_userr == ruid) 1066 checkflags |= M_USERR; 1067 } 1068 if (!new_mode && (flags & M_GROUPR)) { 1069 if (m_groupr == rgid) 1070 checkflags |= M_GROUPR; 1071 } 1072 if (!new_mode && (flags & M_GROUPE)) { 1073 if (m_groupe == egid) 1074 checkflags |= M_GROUPE; 1075 } 1076 1077 if (flags & M_OBJECT) { 1078 if ((obj_flag & OBJ_PROC) && 1079 (obj_id == pid)) { 1080 checkflags |= M_OBJECT; 1081 } else if ((obj_flag & OBJ_PGROUP) && 1082 ((obj_group == egid) || 1083 (obj_group == rgid))) { 1084 checkflags |= M_OBJECT; 1085 } else if ((obj_flag & OBJ_POWNER) && 1086 ((obj_owner == euid) || 1087 (obj_group == ruid))) { 1088 checkflags |= M_OBJECT; 1089 } 1090 } 1091 return (-1); 1092 } 1093 1094 /* 1095 * Format of process64 token: 1096 * process token id adr_char 1097 * auid adr_int32 1098 * euid adr_int32 1099 * egid adr_int32 1100 * ruid adr_int32 1101 * rgid adr_int32 1102 * pid adr_int32 1103 * sid adr_int32 1104 * termid adr_int64+5*adr_int32 1105 * 1106 */ 1107 int 1108 process64_ex_token(adr_t *adr) 1109 { 1110 int32_t auid, euid, egid, ruid, rgid, pid; 1111 int32_t sid; 1112 int64_t port; 1113 int32_t type, addr[4]; 1114 1115 adrm_int32(adr, &auid, 1); 1116 adrm_int32(adr, &euid, 1); 1117 adrm_int32(adr, &egid, 1); 1118 adrm_int32(adr, &ruid, 1); 1119 adrm_int32(adr, &rgid, 1); 1120 adrm_int32(adr, &pid, 1); 1121 adrm_int32(adr, &sid, 1); 1122 adrm_int64(adr, &port, 1); 1123 adrm_int32(adr, &type, 1); 1124 adrm_int32(adr, &addr[0], 4); 1125 1126 if (!new_mode && (flags & M_USERA)) { 1127 if (m_usera == auid) 1128 checkflags = checkflags | M_USERA; 1129 } 1130 if (!new_mode && (flags & M_USERE)) { 1131 if (m_usere == euid) 1132 checkflags = checkflags | M_USERE; 1133 } 1134 if (!new_mode && (flags & M_USERR)) { 1135 if (m_userr == ruid) 1136 checkflags = checkflags | M_USERR; 1137 } 1138 if (!new_mode && (flags & M_GROUPR)) { 1139 if (m_groupr == egid) 1140 checkflags = checkflags | M_GROUPR; 1141 } 1142 if (!new_mode && (flags & M_GROUPE)) { 1143 if (m_groupe == egid) 1144 checkflags = checkflags | M_GROUPE; 1145 } 1146 1147 if (flags & M_OBJECT) { 1148 if ((obj_flag & OBJ_PROC) && 1149 (obj_id == pid)) { 1150 checkflags = checkflags | M_OBJECT; 1151 } else if ((obj_flag & OBJ_PGROUP) && 1152 ((obj_group == egid) || 1153 (obj_group == rgid))) { 1154 checkflags = checkflags | M_OBJECT; 1155 } else if ((obj_flag & OBJ_POWNER) && 1156 ((obj_owner == euid) || 1157 (obj_group == ruid))) { 1158 checkflags = checkflags | M_OBJECT; 1159 } 1160 } 1161 return (-1); 1162 } 1163 1164 /* 1165 * Format of System V IPC token: 1166 * System V IPC token id adr_char 1167 * object id adr_int32 1168 * 1169 */ 1170 int 1171 s5_IPC_token(adr_t *adr) 1172 { 1173 int32_t ipc_id; 1174 1175 adrm_char(adr, &ipc_type, 1); /* Global */ 1176 adrm_int32(adr, &ipc_id, 1); 1177 1178 if ((flags & M_OBJECT) && 1179 ipc_type_match(obj_flag, ipc_type) && 1180 (obj_id == ipc_id)) 1181 checkflags |= M_OBJECT; 1182 1183 return (-1); 1184 } 1185 1186 1187 /* 1188 * Format of socket token: 1189 * socket_type adrm_short 1190 * remote_port adrm_short 1191 * remote_inaddr adrm_int32 1192 * 1193 */ 1194 int 1195 socket_token(adr_t *adr) 1196 { 1197 short socket_type; 1198 short remote_port; 1199 int32_t remote_inaddr; 1200 1201 adrm_short(adr, &socket_type, 1); 1202 adrm_short(adr, &remote_port, 1); 1203 adrm_char(adr, (char *)&remote_inaddr, 4); 1204 1205 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1206 if (socket_flag == SOCKFLG_MACHINE) { 1207 if (remote_inaddr == obj_id) 1208 checkflags |= M_OBJECT; 1209 } else if (socket_flag == SOCKFLG_PORT) { 1210 if (remote_port == obj_id) 1211 checkflags |= M_OBJECT; 1212 } 1213 } 1214 return (-1); 1215 } 1216 1217 1218 /* 1219 * Format of socket token: 1220 * socket_type adrm_short 1221 * remote_port adrm_short 1222 * remote_inaddr adrm_int32 1223 * 1224 */ 1225 int 1226 socket_ex_token(adr_t *adr) 1227 { 1228 short socket_domain; 1229 short socket_type; 1230 short ip_size; 1231 short local_port; 1232 int32_t local_inaddr[4]; 1233 short remote_port; 1234 int32_t remote_inaddr[4]; 1235 1236 adrm_short(adr, &socket_domain, 1); 1237 adrm_short(adr, &socket_type, 1); 1238 adrm_short(adr, &ip_size, 1); 1239 1240 /* validate ip size */ 1241 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1242 return (0); 1243 1244 adrm_short(adr, &local_port, 1); 1245 adrm_char(adr, (char *)local_inaddr, ip_size); 1246 1247 adrm_short(adr, &remote_port, 1); 1248 adrm_char(adr, (char *)remote_inaddr, ip_size); 1249 1250 /* if IP type mis-match, then nothing to do */ 1251 if (ip_size != ip_type) 1252 return (-1); 1253 1254 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1255 if (socket_flag == SOCKFLG_MACHINE) { 1256 if (ip_type == AU_IPv4) { 1257 if ((local_inaddr[0] == obj_id) || 1258 (remote_inaddr[0] == obj_id)) 1259 checkflags |= M_OBJECT; 1260 } else { 1261 if (((local_inaddr[0] == ip_ipv6[0]) && 1262 (local_inaddr[1] == ip_ipv6[1]) && 1263 (local_inaddr[2] == ip_ipv6[2]) && 1264 (local_inaddr[3] == ip_ipv6[3])) || 1265 ((remote_inaddr[0] == ip_ipv6[0]) && 1266 (remote_inaddr[1] == ip_ipv6[1]) && 1267 (remote_inaddr[2] == ip_ipv6[2]) && 1268 (remote_inaddr[3] == ip_ipv6[3]))) 1269 checkflags |= M_OBJECT; 1270 } 1271 } else if (socket_flag == SOCKFLG_PORT) { 1272 if ((local_port == obj_id) || (remote_port == obj_id)) 1273 checkflags |= M_OBJECT; 1274 } 1275 } 1276 return (-1); 1277 } 1278 1279 1280 /* 1281 * Format of subject32 token: 1282 * subject token id adr_char 1283 * auid adr_int32 1284 * euid adr_int32 1285 * egid adr_int32 1286 * ruid adr_int32 1287 * rgid adr_int32 1288 * pid adr_int32 1289 * sid adr_int32 1290 * termid adr_int32*2 1291 * 1292 */ 1293 int 1294 subject32_token(adr_t *adr) 1295 { 1296 int32_t auid, euid, egid, ruid, rgid, pid; 1297 int32_t sid; 1298 int32_t port, machine; 1299 1300 adrm_int32(adr, &auid, 1); 1301 adrm_int32(adr, &euid, 1); 1302 adrm_int32(adr, &egid, 1); 1303 adrm_int32(adr, &ruid, 1); 1304 adrm_int32(adr, &rgid, 1); 1305 adrm_int32(adr, &pid, 1); 1306 adrm_int32(adr, &sid, 1); 1307 adrm_int32(adr, &port, 1); 1308 adrm_int32(adr, &machine, 1); 1309 1310 if (flags & M_SUBJECT) { 1311 if (subj_id == pid) 1312 checkflags |= M_SUBJECT; 1313 } 1314 if (flags & M_USERA) { 1315 if (m_usera == auid) 1316 checkflags |= M_USERA; 1317 } 1318 if (flags & M_USERE) { 1319 if (m_usere == euid) 1320 checkflags |= M_USERE; 1321 } 1322 if (flags & M_USERR) { 1323 if (m_userr == ruid) 1324 checkflags |= M_USERR; 1325 } 1326 if (flags & M_GROUPR) { 1327 if (m_groupr == rgid) 1328 checkflags |= M_GROUPR; 1329 } 1330 if (flags & M_GROUPE) { 1331 if (m_groupe == egid) 1332 checkflags |= M_GROUPE; 1333 } 1334 if (flags & M_SID) { 1335 if (m_sid == sid) 1336 checkflags |= M_SID; 1337 } 1338 return (-1); 1339 } 1340 1341 /* 1342 * Format of subject32_ex token: 1343 * subject token id adr_char 1344 * auid adr_int32 1345 * euid adr_int32 1346 * egid adr_int32 1347 * ruid adr_int32 1348 * rgid adr_int32 1349 * pid adr_int32 1350 * sid adr_int32 1351 * termid_addr adr_int32*6 1352 * 1353 */ 1354 int 1355 subject32_ex_token(adr_t *adr) 1356 { 1357 int32_t auid, euid, egid, ruid, rgid, pid; 1358 int32_t sid; 1359 int32_t port, type, addr[4]; 1360 1361 adrm_int32(adr, &auid, 1); 1362 adrm_int32(adr, &euid, 1); 1363 adrm_int32(adr, &egid, 1); 1364 adrm_int32(adr, &ruid, 1); 1365 adrm_int32(adr, &rgid, 1); 1366 adrm_int32(adr, &pid, 1); 1367 adrm_int32(adr, &sid, 1); 1368 adrm_int32(adr, &port, 1); 1369 adrm_int32(adr, &type, 1); 1370 adrm_int32(adr, &addr[0], 4); 1371 1372 if (flags & M_SUBJECT) { 1373 if (subj_id == pid) 1374 checkflags = checkflags | M_SUBJECT; 1375 } 1376 if (flags & M_USERA) { 1377 if (m_usera == auid) 1378 checkflags = checkflags | M_USERA; 1379 } 1380 if (flags & M_USERE) { 1381 if (m_usere == euid) 1382 checkflags = checkflags | M_USERE; 1383 } 1384 if (flags & M_USERR) { 1385 if (m_userr == ruid) 1386 checkflags = checkflags | M_USERR; 1387 } 1388 if (flags & M_GROUPR) { 1389 if (m_groupr == egid) 1390 checkflags = checkflags | M_GROUPR; 1391 } 1392 if (flags & M_GROUPE) { 1393 if (m_groupe == egid) 1394 checkflags = checkflags | M_GROUPE; 1395 } 1396 if (flags & M_SID) { 1397 if (m_sid == sid) 1398 checkflags = checkflags | M_SID; 1399 } 1400 return (-1); 1401 } 1402 1403 /* 1404 * Format of subject64 token: 1405 * subject token id adr_char 1406 * auid adr_int32 1407 * euid adr_int32 1408 * egid adr_int32 1409 * ruid adr_int32 1410 * rgid adr_int32 1411 * pid adr_int32 1412 * sid adr_int32 1413 * termid adr_int64+adr_int32 1414 * 1415 */ 1416 int 1417 subject64_token(adr_t *adr) 1418 { 1419 int32_t auid, euid, egid, ruid, rgid, pid; 1420 int32_t sid; 1421 int64_t port; 1422 int32_t machine; 1423 1424 adrm_int32(adr, &auid, 1); 1425 adrm_int32(adr, &euid, 1); 1426 adrm_int32(adr, &egid, 1); 1427 adrm_int32(adr, &ruid, 1); 1428 adrm_int32(adr, &rgid, 1); 1429 adrm_int32(adr, &pid, 1); 1430 adrm_int32(adr, &sid, 1); 1431 adrm_int64(adr, &port, 1); 1432 adrm_int32(adr, &machine, 1); 1433 1434 if (flags & M_SUBJECT) { 1435 if (subj_id == pid) 1436 checkflags |= M_SUBJECT; 1437 } 1438 if (flags & M_USERA) { 1439 if (m_usera == auid) 1440 checkflags |= M_USERA; 1441 } 1442 if (flags & M_USERE) { 1443 if (m_usere == euid) 1444 checkflags |= M_USERE; 1445 } 1446 if (flags & M_USERR) { 1447 if (m_userr == ruid) 1448 checkflags |= M_USERR; 1449 } 1450 if (flags & M_GROUPR) { 1451 if (m_groupr == rgid) 1452 checkflags |= M_GROUPR; 1453 } 1454 if (flags & M_GROUPE) { 1455 if (m_groupe == egid) 1456 checkflags |= M_GROUPE; 1457 } 1458 if (flags & M_SID) { 1459 if (m_sid == sid) 1460 checkflags |= M_SID; 1461 } 1462 return (-1); 1463 } 1464 1465 /* 1466 * Format of subject64 token: 1467 * subject token id adr_char 1468 * auid adr_int32 1469 * euid adr_int32 1470 * egid adr_int32 1471 * ruid adr_int32 1472 * rgid adr_int32 1473 * pid adr_int32 1474 * sid adr_int32 1475 * termid adr_int64+5*adr_int32 1476 * 1477 */ 1478 int 1479 subject64_ex_token(adr_t *adr) 1480 { 1481 int32_t auid, euid, egid, ruid, rgid, pid; 1482 int32_t sid; 1483 int64_t port; 1484 int32_t type, addr[4]; 1485 1486 adrm_int32(adr, &auid, 1); 1487 adrm_int32(adr, &euid, 1); 1488 adrm_int32(adr, &egid, 1); 1489 adrm_int32(adr, &ruid, 1); 1490 adrm_int32(adr, &rgid, 1); 1491 adrm_int32(adr, &pid, 1); 1492 adrm_int32(adr, &sid, 1); 1493 adrm_int64(adr, &port, 1); 1494 adrm_int32(adr, &type, 1); 1495 adrm_int32(adr, &addr[0], 4); 1496 1497 if (flags & M_SUBJECT) { 1498 if (subj_id == pid) 1499 checkflags = checkflags | M_SUBJECT; 1500 } 1501 if (flags & M_USERA) { 1502 if (m_usera == auid) 1503 checkflags = checkflags | M_USERA; 1504 } 1505 if (flags & M_USERE) { 1506 if (m_usere == euid) 1507 checkflags = checkflags | M_USERE; 1508 } 1509 if (flags & M_USERR) { 1510 if (m_userr == ruid) 1511 checkflags = checkflags | M_USERR; 1512 } 1513 if (flags & M_GROUPR) { 1514 if (m_groupr == egid) 1515 checkflags = checkflags | M_GROUPR; 1516 } 1517 if (flags & M_GROUPE) { 1518 if (m_groupe == egid) 1519 checkflags = checkflags | M_GROUPE; 1520 } 1521 if (flags & M_SID) { 1522 if (m_sid == sid) 1523 checkflags = checkflags | M_SID; 1524 } 1525 return (-1); 1526 } 1527 1528 /* 1529 * ----------------------------------------------------------------------- 1530 * tid_token(): Process tid token and display contents 1531 * 1532 * Format of tid token: 1533 * tid token id adr_char 1534 * address type adr_char 1535 * For address type of AU_IPADR... 1536 * remote port adr_short 1537 * local port adr_short 1538 * IP type adr_int32 1539 * IP addr adr_int32 if IPv4 1540 * IP addr 4 x adr_int32 if IPv6 1541 * address types other than AU_IPADR are not yet defined 1542 * ----------------------------------------------------------------------- 1543 */ 1544 int 1545 tid_token(adr_t *adr) 1546 { 1547 int32_t address[4]; 1548 int32_t ip_type; 1549 char tid_type; 1550 short rport; 1551 short lport; 1552 1553 adrm_char(adr, &tid_type, 1); 1554 switch (tid_type) { 1555 case AU_IPADR: 1556 adrm_short(adr, &rport, 1); 1557 adrm_short(adr, &lport, 1); 1558 adrm_int32(adr, &ip_type, 1); 1559 adrm_char(adr, (char *)&address, ip_type); 1560 break; 1561 default: 1562 return (0); 1563 } 1564 return (-1); 1565 } 1566 1567 /* 1568 * ----------------------------------------------------------------------- 1569 * zonename_token(): Process zonename token and display contents 1570 * 1571 * Format of zonename token: 1572 * zonename token id adr_char 1573 * zone name adr_string 1574 * ----------------------------------------------------------------------- 1575 */ 1576 int 1577 zonename_token(adr_t *adr) 1578 { 1579 char *name; 1580 1581 if (flags & M_ZONENAME) { 1582 get_string(adr, &name); 1583 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1584 checkflags |= M_ZONENAME; 1585 free(name); 1586 } else { 1587 skip_string(adr); 1588 } 1589 return (-1); 1590 } 1591 1592 /* 1593 * fmri_token(): 1594 * 1595 * Format of fmri token: 1596 * fmri adr_string 1597 */ 1598 int 1599 fmri_token(adr_t *adr) 1600 { 1601 if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) { 1602 char *fmri_name; 1603 1604 get_string(adr, &fmri_name); 1605 1606 /* match token against service instance */ 1607 if (scf_cmp_pattern(fmri_name, &fmri) == 1) { 1608 checkflags |= M_OBJECT; 1609 } 1610 free(fmri_name); 1611 } else { 1612 skip_string(adr); 1613 } 1614 return (-1); 1615 } 1616 1617 /* 1618 * Format of xatom token: 1619 */ 1620 int 1621 xatom_token(adr_t *adr) 1622 { 1623 skip_string(adr); 1624 1625 return (-1); 1626 } 1627 1628 /* 1629 * Format of xselect token: 1630 */ 1631 int 1632 xselect_token(adr_t *adr) 1633 { 1634 skip_string(adr); 1635 skip_string(adr); 1636 skip_string(adr); 1637 1638 return (-1); 1639 } 1640 1641 /* 1642 * anchor a path name with a slash 1643 * assume we have enough space 1644 */ 1645 void 1646 anchor_path(char *path) 1647 { 1648 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1649 *path = '/'; 1650 } 1651 1652 1653 /* 1654 * copy path to collapsed path. 1655 * collapsed path does not contain: 1656 * successive slashes 1657 * instances of dot-slash 1658 * instances of dot-dot-slash 1659 * passed path must be anchored with a '/' 1660 */ 1661 char * 1662 collapse_path(char *s) 1663 { 1664 int id; /* index of where we are in destination string */ 1665 int is; /* index of where we are in source string */ 1666 int slashseen; /* have we seen a slash */ 1667 int ls; /* length of source string */ 1668 1669 ls = strlen(s) + 1; 1670 1671 slashseen = 0; 1672 for (is = 0, id = 0; is < ls; is++) { 1673 /* thats all folks, we've reached the end of input */ 1674 if (s[is] == '\0') { 1675 if (id > 1 && s[id-1] == '/') { 1676 --id; 1677 } 1678 s[id++] = '\0'; 1679 break; 1680 } 1681 /* previous character was a / */ 1682 if (slashseen) { 1683 if (s[is] == '/') 1684 continue; /* another slash, ignore it */ 1685 } else if (s[is] == '/') { 1686 /* we see a /, just copy it and try again */ 1687 slashseen = 1; 1688 s[id++] = '/'; 1689 continue; 1690 } 1691 /* /./ seen */ 1692 if (s[is] == '.' && s[is+1] == '/') { 1693 is += 1; 1694 continue; 1695 } 1696 /* XXX/. seen */ 1697 if (s[is] == '.' && s[is+1] == '\0') { 1698 if (id > 1) 1699 id--; 1700 continue; 1701 } 1702 /* XXX/.. seen */ 1703 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1704 is += 1; 1705 if (id > 0) 1706 id--; 1707 while (id > 0 && s[--id] != '/'); 1708 id++; 1709 continue; 1710 } 1711 /* XXX/../ seen */ 1712 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1713 is += 2; 1714 if (id > 0) 1715 id--; 1716 while (id > 0 && s[--id] != '/'); 1717 id++; 1718 continue; 1719 } 1720 while (is < ls && (s[id++] = s[is++]) != '/'); 1721 is--; 1722 } 1723 return (s); 1724 } 1725 1726 1727 int 1728 ipc_type_match(int flag, char type) 1729 { 1730 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1731 return (1); 1732 1733 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1734 return (1); 1735 1736 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1737 return (1); 1738 1739 return (0); 1740 } 1741 1742 1743 void 1744 skip_string(adr_t *adr) 1745 { 1746 ushort_t c; 1747 1748 adrm_u_short(adr, &c, 1); 1749 adr->adr_now += c; 1750 } 1751 1752 1753 void 1754 get_string(adr_t *adr, char **p) 1755 { 1756 ushort_t c; 1757 1758 adrm_u_short(adr, &c, 1); 1759 *p = a_calloc(1, (size_t)c); 1760 adrm_char(adr, *p, c); 1761 } 1762 1763 1764 /* 1765 * Format of host token: 1766 * host ard_uint32 1767 */ 1768 int 1769 host_token(adr_t *adr) 1770 { 1771 uint32_t host; 1772 1773 adrm_u_int32(adr, &host, 1); 1774 1775 return (-1); 1776 } 1777 1778 /* 1779 * Format of useofauth token: 1780 * uauth token id adr_char 1781 * uauth adr_string 1782 * 1783 */ 1784 int 1785 useofauth_token(adr_t *adr) 1786 { 1787 skip_string(adr); 1788 return (-1); 1789 } 1790 1791 int 1792 xcolormap_token(adr_t *adr) 1793 { 1794 return (xgeneric(adr)); 1795 } 1796 1797 int 1798 xcursor_token(adr_t *adr) 1799 { 1800 return (xgeneric(adr)); 1801 } 1802 1803 int 1804 xfont_token(adr_t *adr) 1805 { 1806 return (xgeneric(adr)); 1807 } 1808 1809 int 1810 xgc_token(adr_t *adr) 1811 { 1812 return (xgeneric(adr)); 1813 } 1814 1815 int 1816 xpixmap_token(adr_t *adr) 1817 { 1818 return (xgeneric(adr)); 1819 } 1820 1821 int 1822 xwindow_token(adr_t *adr) 1823 { 1824 return (xgeneric(adr)); 1825 } 1826 1827 1828 /* 1829 * Format of xgeneric token: 1830 * XID adr_int32 1831 * creator UID adr_int32 1832 * 1833 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1834 */ 1835 int 1836 xgeneric(adr_t *adr) 1837 { 1838 int32_t xid; 1839 int32_t uid; 1840 1841 adrm_int32(adr, &xid, 1); 1842 adrm_int32(adr, &uid, 1); 1843 1844 if (flags & M_USERE) { 1845 if (m_usere == uid) 1846 checkflags = checkflags | M_USERE; 1847 } 1848 1849 return (-1); 1850 } 1851 1852 1853 /* 1854 * Format of xproperty token: 1855 * XID adr_int32 1856 * creator UID adr_int32 1857 * atom string adr_string 1858 */ 1859 int 1860 xproperty_token(adr_t *adr) 1861 { 1862 int32_t xid; 1863 int32_t uid; 1864 1865 adrm_int32(adr, &xid, 1); 1866 adrm_int32(adr, &uid, 1); 1867 skip_string(adr); 1868 1869 if (flags & M_USERE) { 1870 if (m_usere == uid) 1871 checkflags = checkflags | M_USERE; 1872 } 1873 1874 return (-1); 1875 } 1876 1877 1878 /* 1879 * Format of xclient token: 1880 * xclient id adr_int32 1881 */ 1882 int 1883 xclient_token(adr_t *adr) 1884 { 1885 int32_t client_id; 1886 1887 adrm_int32(adr, &client_id, 1); 1888 1889 return (-1); 1890 } 1891 1892 /* 1893 * Format of privilege set token: 1894 * priv_set type string 1895 * priv_set string 1896 */ 1897 1898 int 1899 privilege_token(adr_t *adr) 1900 { 1901 skip_string(adr); /* set type name */ 1902 skip_string(adr); /* privilege set */ 1903 return (-1); 1904 } 1905 1906 /* 1907 * Format of label token: 1908 * label ID 1 byte 1909 * compartment length 1 byte 1910 * classification 2 bytes 1911 * compartment words <compartment length> * 4 bytes 1912 */ 1913 int 1914 label_token(adr_t *adr) 1915 { 1916 static m_label_t *label = NULL; 1917 static size_t l_size; 1918 int len; 1919 1920 if (label == NULL) { 1921 label = m_label_alloc(MAC_LABEL); 1922 l_size = blabel_size() - 4; 1923 } 1924 1925 if (label == NULL) { 1926 /* out of memory, should never happen; skip label */ 1927 char l; /* length */ 1928 1929 adr->adr_now += sizeof (char); 1930 adrm_char(adr, (char *)&l, 1); 1931 adr->adr_now += sizeof (short) + (4 * l); 1932 return (-1); 1933 } 1934 1935 adrm_char(adr, (char *)label, 4); 1936 len = (int)(((char *)label)[1] * 4); 1937 if (len > l_size) { 1938 return (-1); 1939 } 1940 adrm_char(adr, &((char *)label)[4], len); 1941 1942 if (flags & M_LABEL) { 1943 if (blinrange(label, m_label)) 1944 checkflags = checkflags | M_LABEL; 1945 } 1946 1947 return (-1); 1948 } 1949 1950 1951 /* 1952 * Format of useofpriv token: 1953 * success/failure adr_char 1954 * privilege(s) adr_string 1955 */ 1956 /* ARGSUSED */ 1957 int 1958 useofpriv_token(adr_t *adr) 1959 { 1960 char flag; 1961 1962 adrm_char(adr, &flag, 1); 1963 skip_string(adr); 1964 return (-1); 1965 } 1966