xref: /titanic_41/usr/src/lib/libbsm/common/adt_token.c (revision 8c74a1f9477c04aa8539a84a49aa2bf629c7a14d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * adt_token.c
23  *
24  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  *
27  * This file does not provide any user callable functions.  See adt.c
28  */
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #include <bsm/adt.h>
32 #include <bsm/adt_event.h>
33 #include <bsm/audit.h>
34 #include <adt_xlate.h>
35 #include <assert.h>
36 #include <netdb.h>
37 #include <priv.h>
38 #include <string.h>
39 #include <strings.h>
40 #include <sys/priv_names.h>
41 #include <sys/types.h>
42 #include <sys/vnode.h>
43 #include <tsol/label.h>
44 #include <time.h>
45 #include <unistd.h>
46 
47 #ifdef C2_DEBUG
48 #define	DPRINTF(x) {printf x; }
49 #define	DFLUSH fflush(stdout);
50 #else
51 #define	DPRINTF(x)
52 #define	DFLUSH
53 #endif
54 
55 static adt_token_func_t adt_getTokenFunction(char);
56 
57 static char	*empty = "";
58 
59 /*
60  * call adt_token_open() first and adt_token_close() last.
61  *
62  * au_open is sort of broken; it returns a -1 when out of memory that
63  * you're supposed to ignore; au_write and au_close return without
64  * doing anything when a -1 is passed.  This code sort of follows the
65  * au_open model except that it calls syslog to indicate underlying
66  * brokenness.  Other than that, -1 is ignored.
67  */
68 
69 void
70 adt_token_open(struct adt_event_state *event)
71 {
72 	static int	have_syslogged = 0;
73 
74 	event->ae_event_handle = au_open();
75 	if (event->ae_event_handle < 0) {
76 		if (!have_syslogged) {
77 			adt_write_syslog("au_open failed", ENOMEM);
78 			have_syslogged = 1;
79 		}
80 	}
81 	else
82 		have_syslogged = 0;
83 }
84 
85 /*
86  * call generate_token for each token in the order you want the tokens
87  * generated.
88  */
89 
90 void
91 adt_generate_token(struct entry *p_entry, void *p_data,
92     struct adt_event_state *event)
93 {
94 	adt_token_func_t	p_func;
95 
96 	assert((p_entry != NULL) && (p_data != NULL) && (event != NULL));
97 
98 	p_func = adt_getTokenFunction(p_entry->en_token_id);
99 	assert(p_func != NULL);
100 
101 	DPRINTF(("p_entry=%08X, p_data=%08X, offset=%X, msgFmt=%X\n",
102 	    p_entry, p_data, p_entry->en_offset, p_entry->en_msg_format));
103 	DFLUSH
104 
105 	(*p_func)(p_entry->en_type_def,
106 	    (char *)p_data + p_entry->en_offset, p_entry->en_required, event,
107 	    p_entry->en_msg_format);
108 }
109 
110 /* call this last */
111 
112 void
113 adt_token_close(struct adt_event_state *event)
114 {
115 	int	rc;
116 
117 	rc = au_close(event->ae_event_handle, AU_TO_WRITE,
118 	    event->ae_internal_id);
119 	if (rc < 0)
120 		adt_write_syslog("au_close failed", errno);
121 }
122 
123 /*
124  * one function per token -- see the jump table at the end of file
125  */
126 
127 /* ARGSUSED */
128 static void
129 adt_to_return(datadef *def, void *p_data, int required,
130     struct adt_event_state *event, char *notUsed)
131 {
132 
133 #ifdef _LP64
134 	(void) au_write(event->ae_event_handle,
135 	    au_to_return64((int64_t)event->ae_rc, event->ae_type));
136 #else
137 	(void) au_write(event->ae_event_handle,
138 	    au_to_return32((int32_t)event->ae_rc, event->ae_type));
139 #endif
140 }
141 
142 /*
143  * AUT_CMD
144  *
145  * the command line is described with argc and argv and the environment
146  * with envp.  The envp list is NULL terminated and has no separate
147  * counter; envp will be a NULL list unless the AUDIT_ARGE policy is
148  * set.
149  */
150 
151 /* ARGSUSED */
152 static void
153 adt_to_cmd(datadef *def, void *p_data, int required,
154     struct adt_event_state *event, char *notUsed)
155 {
156 	struct adt_internal_state	*sp = event->ae_session;
157 	int				argc;
158 	char				**argv;
159 	char				**envp = NULL;
160 
161 	argc = ((union convert *)p_data)->tint;
162 	p_data = adt_adjust_address(p_data, sizeof (int), sizeof (char **));
163 	argv = ((union convert *)p_data)->tchar2star;
164 	p_data = adt_adjust_address(p_data, sizeof (char **), sizeof (char **));
165 
166 	if (sp->as_kernel_audit_policy & AUDIT_ARGE)
167 		envp = ((union convert *)p_data)->tchar2star;
168 
169 	(void) au_write(event->ae_event_handle,
170 	    au_to_cmd(argc, argv, envp));
171 }
172 
173 /*
174  * special case of AUT_CMD with 1 argument that is
175  * a string showing the whole command and no envp
176  */
177 /* ARGSUSED */
178 static void
179 adt_to_cmd1(datadef *def, void *p_data, int required,
180     struct adt_event_state *event, char *notUsed)
181 {
182 	char	*string;
183 
184 	string = ((union convert *)p_data)->tcharstar;
185 
186 	if (string == NULL) {
187 		if (required)
188 			string = empty;
189 		else
190 			return;
191 	}
192 	/* argc is hardcoded as 1 */
193 	(void) au_write(event->ae_event_handle, au_to_cmd(1, &string,
194 	    NULL));
195 }
196 
197 /*
198  * adt_to_tid	-- generic address (ip is only one defined at present)
199  *	input:
200  *		terminal type:  ADT_IPv4, ADT_IPv6...
201  *		case: ADT_IPv4 or ADT_IPv6...
202  *			ip type
203  *			remote port
204  *			local port
205  *			address
206  *		case: not defined...
207  */
208 /* ARGSUSED */
209 static void
210 adt_to_tid(datadef *def, void *p_data, int required,
211     struct adt_event_state *event, char *notUsed)
212 {
213 	au_generic_tid_t	tid;
214 	uint32_t		type;
215 	au_ip_t			*ip;
216 
217 	type = ((union convert *)p_data)->tuint32;
218 
219 	switch (type) {
220 	case ADT_IPv4:
221 	case ADT_IPv6:
222 		p_data = adt_adjust_address(p_data, sizeof (uint32_t),
223 		    sizeof (uint32_t));
224 
225 		tid.gt_type = AU_IPADR;
226 		ip = &(tid.gt_adr.at_ip);
227 
228 		ip->at_type = (type == ADT_IPv4) ?
229 		    AU_IPv4 : AU_IPv6;
230 
231 		ip->at_r_port = ((union convert *)p_data)->tuint16;
232 		p_data = adt_adjust_address(p_data, sizeof (uint16_t),
233 		    sizeof (uint16_t));
234 
235 		ip->at_l_port = ((union convert *)p_data)->tuint16;
236 
237 		/* arg3 is for the array element, not the array size */
238 		p_data = adt_adjust_address(p_data, sizeof (uint16_t),
239 		    sizeof (uint32_t));
240 
241 		(void) memcpy(ip->at_addr, p_data, ip->at_type);
242 		break;
243 	default:
244 		adt_write_syslog("Invalid terminal id type", EINVAL);
245 		return;
246 	}
247 	(void) au_write(event->ae_event_handle, au_to_tid(&tid));
248 }
249 
250 /*
251  * au_to_frmi takes a char * that is the fmri.
252  */
253 /* ARGSUSED */
254 static void
255 adt_to_frmi(datadef *def, void *p_data, int required,
256     struct adt_event_state *event, char *notUsed)
257 {
258 	char		*fmri;
259 
260 	DPRINTF(("  adt_to_fmri dd_datatype=%d\n", def->dd_datatype));
261 
262 	fmri = ((union convert *)p_data)->tcharstar;
263 
264 	if (fmri == NULL) {
265 		if (required)
266 			fmri = empty;
267 		else
268 			return;
269 	}
270 	DPRINTF(("  fmri=%s\n", fmri));
271 	(void) au_write(event->ae_event_handle, au_to_fmri(fmri));
272 }
273 
274 /*
275  * au_to_newgroups takes a length and an array of gids
276  * as input.  The input to adt_to_newgroups is a length
277  * and a pointer to an array of gids.
278  */
279 
280 /* ARGSUSED */
281 static void
282 adt_to_newgroups(datadef *def, void *p_data, int required,
283     struct adt_event_state *event, char *notUsed)
284 {
285 	int	n;
286 	gid_t	*groups;
287 
288 	n = ((union convert *)p_data)->tint;
289 	if (n < 1) {
290 		if (required) {
291 			n = 0;  /* in case negative n was passed */
292 		} else
293 			return;
294 	}
295 	p_data = adt_adjust_address(p_data, sizeof (int), sizeof (int32_t *));
296 
297 	groups = ((union convert *)p_data)->tgidstar;
298 
299 	(void) au_write(event->ae_event_handle, au_to_newgroups(n, groups));
300 }
301 
302 /* ARGSUSED */
303 static void
304 adt_to_path(datadef *def, void *p_data, int required,
305     struct adt_event_state *event, char *notUsed)
306 {
307 	char	*path;
308 
309 	path = ((union convert *)p_data)->tcharstar;
310 
311 	if (path != NULL) {
312 		DPRINTF(("  path=%s\n", path));
313 		(void) au_write(event->ae_event_handle, au_to_path(path));
314 	} else {
315 		DPRINTF(("  Null path\n"));
316 		if (required)
317 			(void) au_write(event->ae_event_handle,
318 			    au_to_path(empty));
319 	}
320 }
321 
322 /*
323  * dummy token id:  AUT_PATHLIST
324  */
325 
326 /* ARGSUSED */
327 static void
328 adt_to_pathlist(datadef *def, void *p_data, int required,
329     struct adt_event_state *event, char *notUsed)
330 {
331 	char	*path;
332 	char	*working_buf;
333 	char	*pathlist;
334 	char	*last_str;
335 
336 	pathlist = ((union convert *)p_data)->tcharstar;
337 
338 	if (pathlist != NULL) {
339 		working_buf = strdup(pathlist);
340 		if (working_buf == NULL) {
341 			adt_write_syslog("audit failure", errno);
342 			if (required)
343 				(void) au_write(event->ae_event_handle,
344 				    au_to_path(empty));
345 			return;
346 		}
347 		for (path = strtok_r(working_buf, " ", &last_str);
348 		    path; path = strtok_r(NULL, " ", &last_str)) {
349 			DPRINTF(("  path=%s\n", path));
350 			(void) au_write(event->ae_event_handle,
351 			    au_to_path(path));
352 		}
353 	} else {
354 		DPRINTF(("  Null path list\n"));
355 		if (required)
356 			(void) au_write(event->ae_event_handle,
357 			    au_to_path(empty));
358 	}
359 }
360 
361 /*
362  * AUT_PRIV
363  */
364 
365 /* ARGSUSED */
366 static void
367 adt_to_priv(datadef *def, void *p_data, int required,
368     struct adt_event_state *event, const char *priv_type)
369 {
370 	priv_set_t	*privilege;
371 
372 	privilege = ((union convert *)p_data)->tprivstar;
373 
374 	if (privilege != NULL) {
375 		(void) au_write(event->ae_event_handle,
376 		    au_to_privset(priv_type, privilege));
377 	} else {
378 		if (required) {
379 			DPRINTF(("  Null privilege\n"));
380 			(void) au_write(event->ae_event_handle,
381 			    au_to_privset(empty, NULL));
382 		}
383 	}
384 }
385 
386 /*
387  * -AUT_PRIV_L	AUT_PRIV for a limit set
388  */
389 
390 /* ARGSUSED */
391 static void
392 adt_to_priv_limit(datadef *def, void *p_data, int required,
393     struct adt_event_state *event, char *notUsed)
394 {
395 	adt_to_priv(def, p_data, required, event, PRIV_LIMIT);
396 }
397 
398 /*
399  * -AUT_PRIV_I	AUT_PRIV for an inherit set
400  */
401 
402 /* ARGSUSED */
403 static void
404 adt_to_priv_inherit(datadef *def, void *p_data, int required,
405     struct adt_event_state *event, char *notUsed)
406 {
407 	adt_to_priv(def, p_data, required, event, PRIV_INHERITABLE);
408 }
409 
410 /* ARGSUSED */
411 static void
412 adt_to_priv_effective(datadef *def, void *p_data, int required,
413     struct adt_event_state *event, char *notUsed)
414 {
415 	adt_to_priv(def, p_data, required, event, PRIV_EFFECTIVE);
416 }
417 
418 static void
419 getCharacteristics(struct auditpinfo_addr *info, pid_t *pid)
420 {
421 	int	rc;
422 
423 	if (*pid == 0)			/* getpinfo for this pid */
424 		info->ap_pid = getpid();
425 	else
426 		info->ap_pid = *pid;
427 
428 	rc = auditon(A_GETPINFO_ADDR, (caddr_t)info,
429 	    sizeof (struct auditpinfo_addr));
430 	if (rc == -1) {
431 		info->ap_auid = AU_NOAUDITID;
432 		info->ap_asid = 0;
433 		(void) memset((void *)&(info->ap_termid), 0,
434 		    sizeof (au_tid_addr_t));
435 		info->ap_termid.at_type = AU_IPv4;
436 	}
437 }
438 
439 /*
440  * AUT_PROCESS
441  *
442  */
443 
444 /* ARGSUSED */
445 static void
446 adt_to_process(datadef *def, void *p_data, int required,
447     struct adt_event_state *event, char *notUsed)
448 {
449 	au_id_t			auid;
450 	uid_t			euid;
451 	gid_t			egid;
452 	uid_t			ruid;
453 	gid_t			rgid;
454 	pid_t			pid;
455 	au_asid_t		sid;
456 	au_tid_addr_t		*tid;
457 	struct auditpinfo_addr	info;
458 
459 	auid = ((union convert *)p_data)->tuid;
460 	p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (uid_t));
461 	euid = ((union convert *)p_data)->tuid;
462 	p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (gid_t));
463 	egid = ((union convert *)p_data)->tgid;
464 	p_data = adt_adjust_address(p_data, sizeof (gid_t), sizeof (uid_t));
465 	ruid = ((union convert *)p_data)->tuid;
466 	p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (gid_t));
467 	rgid = ((union convert *)p_data)->tgid;
468 	p_data = adt_adjust_address(p_data, sizeof (gid_t), sizeof (pid_t));
469 	pid  = ((union convert *)p_data)->tpid;
470 	p_data = adt_adjust_address(p_data, sizeof (pid_t), sizeof (uint32_t));
471 	sid  = ((union convert *)p_data)->tuint32;
472 	p_data = adt_adjust_address(p_data, sizeof (uint32_t),
473 	    sizeof (au_tid_addr_t *));
474 	tid  = ((union convert *)p_data)->ttermid;
475 
476 	getCharacteristics(&info, &pid);
477 
478 	if (auid == AU_NOAUDITID)
479 		auid = info.ap_auid;
480 
481 	if (euid == AU_NOAUDITID)
482 		euid = geteuid();
483 
484 	if (egid == AU_NOAUDITID)
485 		egid = getegid();
486 
487 	if (ruid == AU_NOAUDITID)
488 		ruid = getuid();
489 
490 	if (rgid == AU_NOAUDITID)
491 		rgid = getgid();
492 
493 	if (tid == NULL)
494 		tid = &(info.ap_termid);
495 
496 	if (sid == 0)
497 		sid = info.ap_asid;
498 
499 	if (pid == 0)
500 		pid = info.ap_pid;
501 
502 	(void) au_write(event->ae_event_handle,
503 	    au_to_process_ex(auid, euid, egid, ruid, rgid, pid, sid, tid));
504 }
505 
506 /*
507  * Generate subject information.
508  * If labels are present, generate the subject label token.
509  * If the group audit policy is set, generate the subject group token.
510  *
511  * The required flag does not apply here.
512  *
513  * Non-attributable records are indicated by an auid of AU_NOAUDITID;
514  * no subject token or group token is generated for a non-attributable
515  * record.
516  */
517 
518 /* ARGSUSED */
519 static void
520 adt_to_subject(datadef *def, void *p_data, int required,
521     struct adt_event_state *event, char *notUsed)
522 {
523 	struct adt_internal_state	*sp = event->ae_session;
524 
525 	if (sp->as_info.ai_auid == AU_NOAUDITID)
526 		return;
527 
528 	assert(sp->as_have_user_data == ADT_HAVE_ALL);
529 
530 	(void) au_write(event->ae_event_handle,
531 	    au_to_subject_ex(sp->as_info.ai_auid,
532 		sp->as_euid, sp->as_egid, sp->as_ruid, sp->as_rgid,
533 		getpid(), sp->as_info.ai_asid,
534 		&(sp->as_info.ai_termid)));
535 	if (is_system_labeled())
536 		(void) au_write(event->ae_event_handle, au_to_mylabel());
537 	/*
538 	 * If AUDIT_GROUP is set, a groups token must be output.
539 	 * In a session model, the groups list is undefined, so output an
540 	 * empty list.  In a process model, ship it!
541 	 */
542 	if (sp->as_kernel_audit_policy & AUDIT_GROUP) {
543 		int group_count;
544 		gid_t grouplist[NGROUPS_MAX];
545 
546 		(void) memset(grouplist, 0, sizeof (grouplist));
547 		if (sp->as_session_model == ADT_PROCESS_MODEL) {
548 			if ((group_count = getgroups(NGROUPS_UMAX,
549 			    grouplist))) {
550 				(void) au_write(event->ae_event_handle,
551 				    au_to_newgroups(group_count, grouplist));
552 			}
553 		} else { /* consider deleting this null output */
554 			(void) au_write(event->ae_event_handle,
555 			    au_to_newgroups(0, grouplist));
556 		}
557 	}
558 }
559 
560 /*
561  * adt_to_text()
562  *
563  * The format string, normally null, is sort of a wrapper around
564  * the input.  adt_write_text() is a wrapper around au_write that
565  * handles the format string
566  *
567  */
568 #define	TEXT_LENGTH 49
569 
570 static void
571 adt_write_text(int handle, char *main_text, const char *format)
572 {
573 	char	buffer[TEXT_LENGTH * 2 + 1];
574 
575 	if (format == NULL)
576 		(void) au_write(handle, au_to_text(main_text));
577 	else {
578 		(void) snprintf(buffer, TEXT_LENGTH * 2, format, main_text);
579 		(void) au_write(handle, au_to_text(buffer));
580 	}
581 }
582 
583 static void
584 adt_to_text(datadef *def, void *p_data, int required,
585     struct adt_event_state *event, char *format)
586 {
587 	static int	have_syslogged = 0;
588 	char		*string;
589 	char		**string_list;
590 	char		buffer[TEXT_LENGTH + 1];
591 	time_t		date;
592 	struct tm	tm;
593 	uint32_t	*int_list;
594 	int		written, available;
595 	int		i, arrayCount;
596 	struct msg_text *list;
597 	int		list_index;
598 
599 	DPRINTF(("  adt_to_text dd_datatype=%d\n", def->dd_datatype));
600 	switch (def->dd_datatype) {
601 	case ADT_DATE:
602 		/*
603 		 * Consider creating a separate token type for dates
604 		 * -- store as longs and format them in praudit.
605 		 * For now, a date is input as a time_t and output as
606 		 * a text token.  If we do this, we need to consider
607 		 * carrying timezone info so that praudit can
608 		 * represent times in an unambiguous manner.
609 		 */
610 		date = ((union convert *)p_data)->tlong;
611 		if (strftime(buffer, sizeof (buffer), "%x",
612 		    localtime_r(&date, &tm)) > TEXT_LENGTH) {
613 			if (required)
614 				(void) strncpy(buffer, "invalid date",
615 				    TEXT_LENGTH);
616 			else
617 				break;
618 		}
619 		DPRINTF(("  text=%s\n", buffer));
620 		adt_write_text(event->ae_event_handle, buffer, format);
621 		break;
622 		/*
623 		 * The "input size" is overloaded to mean the list number
624 		 * and the msg_selector indexes the desired string in
625 		 * that list
626 		 */
627 	case ADT_MSG:
628 		list = &adt_msg_text[(enum adt_login_text)def->dd_input_size];
629 		list_index = ((union convert *)p_data)->msg_selector;
630 
631 		if ((list_index < list->ml_min_index) |
632 		    (list_index > list->ml_max_index))
633 			string = "Invalid message index";
634 		else
635 			string = list->ml_msg_list[list_index +
636 			    list->ml_offset];
637 
638 		if (string == NULL) {	/* null is valid; means skip */
639 			if (required) {
640 				string = empty;
641 			} else
642 				break;
643 		}
644 		DPRINTF(("  text=%s\n", string));
645 		adt_write_text(event->ae_event_handle, string, format);
646 		break;
647 	case ADT_UID:
648 	case ADT_GID:
649 	case ADT_UINT:
650 		(void) snprintf(buffer, TEXT_LENGTH, "%d",
651 		    ((union convert *)p_data)->tuint);
652 
653 		DPRINTF(("  text=%s\n", buffer));
654 		adt_write_text(event->ae_event_handle, buffer, format);
655 		break;
656 	case ADT_UIDSTAR:
657 	case ADT_GIDSTAR:
658 	case ADT_UINT32STAR:
659 		int_list = ((union convert *)p_data)->tuint32star;
660 		p_data = adt_adjust_address(p_data, sizeof (int *),
661 		    sizeof (int));
662 		arrayCount = ((union convert *)p_data)->tint;
663 
664 		string = buffer;
665 		available = TEXT_LENGTH;	/* space available in buffer */
666 
667 		if (arrayCount < 0)
668 			arrayCount = 0;
669 
670 		if ((arrayCount > 0) && (int_list != NULL)) {
671 			for (; arrayCount > 0; arrayCount--) {
672 				written = snprintf(string, available,
673 				    "%d ", *int_list++);
674 				if (written < 1)
675 					break;
676 				string += written;
677 				available -= written;
678 			}
679 		} else if (required)
680 			string = empty;
681 		else
682 			break;
683 
684 		adt_write_text(event->ae_event_handle, buffer, format);
685 		break;
686 	case ADT_ULONG:
687 		(void) snprintf(buffer, TEXT_LENGTH, "%ld",
688 		    ((union convert *)p_data)->tulong);
689 
690 		DPRINTF(("  text=%s\n", buffer));
691 		adt_write_text(event->ae_event_handle, buffer, format);
692 		break;
693 	case ADT_CHARSTAR:
694 		string = ((union convert *)p_data)->tcharstar;
695 
696 		if (string == NULL) {
697 			if (required)
698 				string = empty;
699 			else
700 				break;
701 		}
702 		DPRINTF(("  text=%s\n", string));
703 		adt_write_text(event->ae_event_handle, string, format);
704 		break;
705 	case ADT_CHAR2STAR:
706 		string_list = ((union convert *)p_data)->tchar2star;
707 		p_data = adt_adjust_address(p_data, sizeof (char **),
708 		    sizeof (int));
709 		arrayCount = ((union convert *)p_data)->tint;
710 
711 		if (arrayCount < 0)
712 			arrayCount = 0;
713 
714 		if ((arrayCount > 0) && (string_list != NULL)) {
715 			for (i = 0; i < arrayCount; i++) {
716 				string = string_list[i];
717 				if (string != NULL)
718 					adt_write_text(event->ae_event_handle,
719 					    string, format);
720 			}
721 		} else if (required)
722 			adt_write_text(event->ae_event_handle, empty, format);
723 		else
724 			break;
725 		break;
726 	default:
727 		if (!have_syslogged) { /* don't flood the log */
728 			adt_write_syslog("unsupported data conversion",
729 			    ENOTSUP);
730 			have_syslogged = 1;
731 		}
732 		break;
733 	}
734 	DFLUSH
735 }
736 
737 /* ARGSUSED */
738 static void
739 adt_to_uauth(datadef *def, void *p_data, int required,
740     struct adt_event_state *event, char *format)
741 {
742 	char		*string;
743 
744 	DPRINTF(("  adt_to_uauth dd_datatype=%d\n", def->dd_datatype));
745 
746 	string = ((union convert *)p_data)->tcharstar;
747 
748 	if (string == NULL) {
749 		if (required)
750 			string = empty;
751 		else
752 			return;
753 	}
754 	DPRINTF(("  text=%s\n", string));
755 	(void) au_write(event->ae_event_handle, au_to_uauth(string));
756 }
757 
758 /* ARGSUSED */
759 static void
760 adt_to_zonename(datadef *def, void *p_data, int required,
761     struct adt_event_state *event, char *notUsed)
762 {
763 	char	*name;
764 
765 	name = ((union convert *)p_data)->tcharstar;
766 
767 	if (name != NULL) {
768 		DPRINTF(("  name=%s\n", name));
769 		(void) au_write(event->ae_event_handle, au_to_zonename(name));
770 	} else {
771 		DPRINTF(("  Null name\n"));
772 		if (required)
773 			(void) au_write(event->ae_event_handle,
774 			    au_to_zonename(empty));
775 	}
776 }
777 
778 
779 /*
780  * no function for header -- the header is generated by au_close()
781  *
782  * no function for trailer -- the trailer is generated by au_close()
783  */
784 
785 #define	MAX_TOKEN_JMP 16
786 
787 static struct token_jmp token_table[MAX_TOKEN_JMP] =
788 {
789 	{AUT_CMD, adt_to_cmd},
790 	{ADT_CMD_ALT, adt_to_cmd1},
791 	{ADT_AUT_PRIV_L, adt_to_priv_limit},
792 	{ADT_AUT_PRIV_I, adt_to_priv_inherit},
793 	{ADT_AUT_PRIV_E, adt_to_priv_effective},
794 	{AUT_NEWGROUPS, adt_to_newgroups},
795 	{AUT_FMRI, adt_to_frmi},
796 	{AUT_PATH, adt_to_path},
797 	{-AUT_PATH, adt_to_pathlist},	/* private extension of token values */
798 	{AUT_PROCESS, adt_to_process},
799 	{AUT_RETURN, adt_to_return},
800 	{AUT_SUBJECT, adt_to_subject},
801 	{AUT_TEXT, adt_to_text},
802 	{AUT_TID, adt_to_tid},
803 	{AUT_UAUTH, adt_to_uauth},
804 	{AUT_ZONENAME, adt_to_zonename}
805 };
806 /*
807  * {AUT_ARG, adt_to_arg},		   not used
808  * {AUT_ACL, adt_to_acl},                  not used
809  * {AUT_ARBITRARY, adt_to_arbitrary},      AUT_ARBITRARY is undefined
810  * {AUT_ATTR, adt_to_attr},		   not used in mountd
811  * {AUT_EXEC_ARGS, adt_to_exec_args},      not used
812  * {AUT_EXEC_ENV, adt_to_exec_env},        not used
813  * {AUT_EXIT, adt_to_exit},		   obsolete
814  * {AUT_FILE, adt_to_file},                AUT_FILE is undefined
815  * {AUT_GROUPS, adt_to_groups},            obsolete
816  * {AUT_HEADER, adt_to_header}             not used
817  * {AUT_IN_ADDR, adt_to_in_addr},	   not used
818  * {AUT_IP, adt_to_ip},			   not used
819  * {AUT_IPC, adt_to_ipc},                  not used
820  * {AUT_IPC_PERM, adt_to_ipc_perm},        not used
821  * {AUT_OPAQUE, adt_to_opaque},            not used
822  * {AUT_SEQ, adt_to_seq},                  not used
823  * {AUT_SOCKET, adt_to_socket},            not used
824  * {AUT_SOCKET_INET, adt_to_socket_inet},  AUT_SOCKET_INET is undefined
825  * {AUT_TRAILER, adt_to_trailer}           not used
826  */
827 
828 /* find function to generate token */
829 
830 static adt_token_func_t
831 adt_getTokenFunction(char token_id)
832 {
833 	int	i;
834 	struct token_jmp	*p_jmp = token_table;
835 
836 	for (i = 0; i < MAX_TOKEN_JMP; i++) {
837 		if (token_id == p_jmp->jmp_id) {
838 			return (p_jmp->jmp_to);
839 		}
840 		p_jmp++;
841 	}
842 	errno = EINVAL;
843 	return (NULL);
844 }
845 
846 /*
847  * adjustAddress -- given the address of data, its size, and the type of
848  * the next data field, calculate the offset to the next piece of data.
849  * Depending on the caller, "current" and "next" mean the current pointer
850  * and the next pointer or the last pointer and the current pointer.
851  */
852 void *
853 adt_adjust_address(void *current_address, size_t current_size,
854     size_t next_size)
855 {
856 	ptrdiff_t adjustment;
857 	ptrdiff_t remainder;
858 
859 	adjustment = (size_t)current_address + current_size;
860 
861 	if (next_size) {
862 		remainder = adjustment % next_size;
863 		if (remainder != 0)
864 			adjustment += next_size - remainder;
865 	}
866 	return ((char *)adjustment);
867 }
868