xref: /titanic_41/usr/src/lib/libbsm/common/au_to.c (revision d73ae94e59c019f5cc3221ee0a0012d02091b40e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <unistd.h>
30 #include <bsm/audit.h>
31 #include <bsm/audit_record.h>
32 #include <bsm/libbsm.h>
33 #include <priv.h>
34 #include <sys/ipc.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/time.h>
38 #include <sys/vnode.h>
39 #include <malloc.h>
40 #include <net/route.h>
41 #include <netinet/in.h>
42 #include <netinet/in_pcb.h>
43 #include <string.h>
44 #include <ucred.h>
45 #include <zone.h>
46 #include <sys/tsol/label.h>
47 
48 #define	NGROUPS		16	/* XXX - temporary */
49 
50 token_t *au_to_arg(char n, char *text, uint32_t v);
51 #pragma weak au_to_arg = au_to_arg32
52 token_t *au_to_return(char number, uint32_t value);
53 #pragma weak au_to_return = au_to_return32
54 
55 static token_t *au_to_exec(char **, char);
56 
57 static token_t *
58 get_token(int s)
59 {
60 	token_t *token;	/* Resultant token */
61 
62 	if ((token = (token_t *)malloc(sizeof (token_t))) == NULL)
63 		return (NULL);
64 	if ((token->tt_data = malloc(s)) == NULL) {
65 		free(token);
66 		return (NULL);
67 	}
68 	token->tt_size = s;
69 	token->tt_next = NULL;
70 	return (token);
71 }
72 
73 /*
74  * au_to_header
75  * return s:
76  *	pointer to header token.
77  */
78 token_t *
79 au_to_header(au_event_t e_type, au_emod_t e_mod)
80 {
81 	adr_t adr;			/* adr memory stream header */
82 	token_t *token;			/* token pointer */
83 	char version = TOKEN_VERSION;	/* version of token family */
84 	int32_t byte_count;
85 	struct timeval tv;
86 #ifdef _LP64
87 	char data_header = AUT_HEADER64;	/* header for this token */
88 
89 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
90 	    2 * sizeof (int64_t) + 2 * sizeof (short));
91 #else
92 	char data_header = AUT_HEADER32;
93 
94 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
95 	    2 * sizeof (short));
96 #endif
97 
98 	if (token == NULL)
99 		return (NULL);
100 	adr_start(&adr, token->tt_data);
101 	adr_char(&adr, &data_header, 1);	/* token ID */
102 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
103 	adr_char(&adr, &version, 1);		/* version of audit tokens */
104 	adr_short(&adr, &e_type, 1);		/* event ID */
105 	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
106 #ifdef _LP64
107 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
108 #else
109 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
110 #endif
111 	return (token);
112 }
113 
114 /*
115  * au_to_header_ex
116  * return s:
117  *	pointer to header token.
118  */
119 token_t *
120 au_to_header_ex(au_event_t e_type, au_emod_t e_mod)
121 {
122 	adr_t adr;			/* adr memory stream header */
123 	token_t *token;			/* token pointer */
124 	char version = TOKEN_VERSION;	/* version of token family */
125 	int32_t byte_count;
126 	struct timeval tv;
127 	auditinfo_addr_t audit_info;
128 	au_tid_addr_t	*host_info = &audit_info.ai_termid;
129 #ifdef _LP64
130 	char data_header = AUT_HEADER64_EX;	/* header for this token */
131 #else
132 	char data_header = AUT_HEADER32_EX;
133 #endif
134 
135 	/* If our host address can't be determined, revert to un-extended hdr */
136 
137 	if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
138 	    sizeof (audit_info)) < 0)
139 		return (au_to_header(e_type, e_mod));
140 
141 	if (host_info->at_type == AU_IPv6)
142 		if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr))
143 			return (au_to_header(e_type, e_mod));
144 	else
145 		if (host_info->at_addr[0] == htonl(INADDR_ANY))
146 			return (au_to_header(e_type, e_mod));
147 
148 #ifdef _LP64
149 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
150 	    2 * sizeof (int64_t) + 2 * sizeof (short) +
151 	    sizeof (int32_t) + host_info->at_type);
152 #else
153 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
154 	    2 * sizeof (short) + sizeof (int32_t) + host_info->at_type);
155 #endif
156 
157 	if (token == NULL)
158 		return (NULL);
159 	adr_start(&adr, token->tt_data);
160 	adr_char(&adr, &data_header, 1);	/* token ID */
161 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
162 	adr_char(&adr, &version, 1);		/* version of audit tokens */
163 	adr_short(&adr, &e_type, 1);		/* event ID */
164 	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
165 	adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
166 	adr_char(&adr, (char *)host_info->at_addr,
167 	    (int)host_info->at_type);
168 #ifdef _LP64
169 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
170 #else
171 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
172 #endif
173 	return (token);
174 }
175 
176 /*
177  * au_to_trailer
178  * return s:
179  *	pointer to a trailer token.
180  */
181 token_t *
182 au_to_trailer(void)
183 {
184 	adr_t adr;				/* adr memory stream header */
185 	token_t *token;				/* token pointer */
186 	char data_header = AUT_TRAILER;		/* header for this token */
187 	short magic = (short)AUT_TRAILER_MAGIC;	/* trailer magic number */
188 	int32_t byte_count;
189 
190 	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short));
191 	if (token == NULL)
192 		return (NULL);
193 	adr_start(&adr, token->tt_data);
194 	adr_char(&adr, &data_header, 1);	/* token ID */
195 	adr_short(&adr, &magic, 1);		/* magic number */
196 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
197 
198 	return (token);
199 }
200 
201 /*
202  * au_to_arg32
203  * return s:
204  *	pointer to an argument token.
205  */
206 token_t *
207 au_to_arg32(char n, char *text, uint32_t v)
208 {
209 	token_t *token;			/* local token */
210 	adr_t adr;			/* adr memory stream header */
211 	char data_header = AUT_ARG32;	/* header for this token */
212 	short bytes;			/* length of string */
213 
214 	bytes = strlen(text) + 1;
215 
216 	token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) +
217 	    sizeof (short) + bytes));
218 	if (token == NULL)
219 		return (NULL);
220 	adr_start(&adr, token->tt_data);
221 	adr_char(&adr, &data_header, 1);	/* token type */
222 	adr_char(&adr, &n, 1);			/* argument id */
223 	adr_int32(&adr, (int32_t *)&v, 1);	/* argument value */
224 	adr_short(&adr, &bytes, 1);
225 	adr_char(&adr, text, bytes);
226 
227 	return (token);
228 }
229 
230 /*
231  * au_to_arg64
232  * return s:
233  *	pointer to an argument token.
234  */
235 token_t *
236 au_to_arg64(char n, char *text, uint64_t v)
237 {
238 	token_t *token;			/* local token */
239 	adr_t adr;			/* adr memory stream header */
240 	char data_header = AUT_ARG64;	/* header for this token */
241 	short bytes;			/* length of string */
242 
243 	bytes = strlen(text) + 1;
244 
245 	token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) +
246 	    sizeof (short) + bytes));
247 	if (token == NULL)
248 		return (NULL);
249 	adr_start(&adr, token->tt_data);
250 	adr_char(&adr, &data_header, 1);	/* token type */
251 	adr_char(&adr, &n, 1);			/* argument id */
252 	adr_int64(&adr, (int64_t *)&v, 1);	/* argument value */
253 	adr_short(&adr, &bytes, 1);
254 	adr_char(&adr, text, bytes);
255 
256 	return (token);
257 }
258 
259 
260 /*
261  * au_to_attr
262  * return s:
263  *	pointer to an attribute token.
264  */
265 token_t *
266 au_to_attr(struct vattr *attr)
267 {
268 	token_t *token;			/* local token */
269 	adr_t adr;			/* adr memory stream header */
270 	int32_t value;
271 #ifdef _LP64
272 	char data_header = AUT_ATTR64;	/* header for this token */
273 
274 	token = get_token(sizeof (char) +
275 	    sizeof (int32_t) * 4 +
276 	    sizeof (int64_t) * 2);
277 #else
278 	char data_header = AUT_ATTR32;
279 
280 	token = get_token(sizeof (char) + sizeof (int32_t) * 5 +
281 	    sizeof (int64_t));
282 #endif
283 
284 	if (token == NULL)
285 		return (NULL);
286 	adr_start(&adr, token->tt_data);
287 	adr_char(&adr, &data_header, 1);
288 	value = (int32_t)attr->va_mode;
289 	adr_int32(&adr, &value, 1);
290 	value = (int32_t)attr->va_uid;
291 	adr_int32(&adr, &value, 1);
292 	value = (int32_t)attr->va_gid;
293 	adr_int32(&adr, &value, 1);
294 	adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
295 	adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
296 #ifdef _LP64
297 	adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
298 #else
299 	adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
300 #endif
301 
302 	return (token);
303 }
304 
305 /*
306  * au_to_data
307  * return s:
308  *	pointer to a data token.
309  */
310 token_t *
311 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
312 {
313 	adr_t adr;			/* adr memory stream header */
314 	token_t *token;			/* token pointer */
315 	char data_header = AUT_DATA;	/* header for this token */
316 	int byte_count;			/* number of bytes */
317 
318 	if (p == NULL || unit_count < 1)
319 		return (NULL);
320 
321 	/*
322 	 * Check validity of print type
323 	 */
324 	if (unit_print < AUP_BINARY || unit_print > AUP_STRING)
325 		return (NULL);
326 
327 	switch (unit_type) {
328 	case AUR_SHORT:
329 		byte_count = unit_count * sizeof (short);
330 		break;
331 	case AUR_INT32:
332 		byte_count = unit_count * sizeof (int32_t);
333 		break;
334 	case AUR_INT64:
335 		byte_count = unit_count * sizeof (int64_t);
336 		break;
337 	/* case AUR_CHAR: */
338 	case AUR_BYTE:
339 		byte_count = unit_count * sizeof (char);
340 		break;
341 	default:
342 		return (NULL);
343 	}
344 
345 	token = get_token((int)(4 * sizeof (char) + byte_count));
346 	if (token == NULL)
347 		return (NULL);
348 	adr_start(&adr, token->tt_data);
349 	adr_char(&adr, &data_header, 1);
350 	adr_char(&adr, &unit_print, 1);
351 	adr_char(&adr, &unit_type, 1);
352 	adr_char(&adr, &unit_count, 1);
353 
354 	switch (unit_type) {
355 	case AUR_SHORT:
356 		/* LINTED */
357 		adr_short(&adr, (short *)p, unit_count);
358 		break;
359 	case AUR_INT32:
360 		/* LINTED */
361 		adr_int32(&adr, (int32_t *)p, unit_count);
362 		break;
363 	case AUR_INT64:
364 		/* LINTED */
365 		adr_int64(&adr, (int64_t *)p, unit_count);
366 		break;
367 	/* case AUR_CHAR: */
368 	case AUR_BYTE:
369 		adr_char(&adr, p, unit_count);
370 		break;
371 	}
372 
373 	return (token);
374 }
375 
376 /*
377  * au_to_privset
378  *
379  * priv_type (LIMIT, INHERIT...) is the first string and privilege
380  * in translated into the second string.  The format is as follows:
381  *
382  *	token id	adr_char
383  *	priv type	adr_string (short, string)
384  *	priv set	adr_string (short, string)
385  *
386  * return s:
387  *	pointer to a AUT_PRIV token.
388  */
389 token_t *
390 au_to_privset(const char *priv_type, const priv_set_t *privilege)
391 {
392 	token_t	*token;			/* local token */
393 	adr_t	adr;			/* adr memory stream header */
394 	char	data_header = AUT_PRIV;	/* header for this token */
395 	short	t_bytes;		/* length of type string */
396 	short	p_bytes;		/* length of privilege string */
397 	char	*priv_string;		/* privilege string */
398 
399 	t_bytes = strlen(priv_type) + 1;
400 
401 	if ((privilege == NULL) || (priv_string =
402 	    priv_set_to_str(privilege, ',',
403 	    PRIV_STR_LIT)) == NULL)
404 		return (NULL);
405 
406 	p_bytes = strlen(priv_string) + 1;
407 
408 	token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes
409 	    + p_bytes));
410 	if (token == NULL)
411 		return (NULL);
412 
413 	adr_start(&adr, token->tt_data);
414 	adr_char(&adr, &data_header, 1);
415 	adr_short(&adr, &t_bytes, 1);
416 	adr_char(&adr, (char *)priv_type, t_bytes);
417 	adr_short(&adr, &p_bytes, 1);
418 	adr_char(&adr, priv_string, p_bytes);
419 
420 	free(priv_string);
421 
422 	return (token);
423 }
424 
425 /*
426  * au_to_process
427  * return s:
428  *	pointer to a process token.
429  */
430 
431 token_t *
432 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
433     pid_t pid, au_asid_t sid, au_tid_t *tid)
434 {
435 	token_t *token;			/* local token */
436 	adr_t adr;			/* adr memory stream header */
437 #ifdef _LP64
438 	char data_header = AUT_PROCESS64;	/* header for this token */
439 
440 	token = get_token(sizeof (char) + 8 * sizeof (int32_t) +
441 	    sizeof (int64_t));
442 #else
443 	char data_header = AUT_PROCESS32;
444 
445 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
446 #endif
447 
448 	if (token == NULL)
449 		return (NULL);
450 	adr_start(&adr, token->tt_data);
451 	adr_char(&adr, &data_header, 1);
452 	adr_int32(&adr, (int32_t *)&auid, 1);
453 	adr_int32(&adr, (int32_t *)&euid, 1);
454 	adr_int32(&adr, (int32_t *)&egid, 1);
455 	adr_int32(&adr, (int32_t *)&ruid, 1);
456 	adr_int32(&adr, (int32_t *)&rgid, 1);
457 	adr_int32(&adr, (int32_t *)&pid, 1);
458 	adr_int32(&adr, (int32_t *)&sid, 1);
459 #ifdef _LP64
460 	adr_int64(&adr, (int64_t *)&tid->port, 1);
461 #else
462 	adr_int32(&adr, (int32_t *)&tid->port, 1);
463 #endif
464 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
465 
466 	return (token);
467 }
468 
469 /*
470  * au_to_process_ex
471  * return s:
472  *	pointer to a process_ex token.
473  */
474 token_t *
475 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
476     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
477 {
478 	token_t *token;			/* local token */
479 	adr_t adr;			/* adr memory stream header */
480 	char data_header;		/* header for this token */
481 
482 #ifdef _LP64
483 	if (tid->at_type == AU_IPv6) {
484 		data_header = AUT_PROCESS64_EX;
485 		token = get_token(sizeof (char) + sizeof (int64_t) +
486 		    12 * sizeof (int32_t));
487 	} else {
488 		data_header = AUT_PROCESS64;
489 		token = get_token(sizeof (char) + sizeof (int64_t) +
490 		    8 * sizeof (int32_t));
491 	}
492 #else
493 	if (tid->at_type == AU_IPv6) {
494 		data_header = AUT_PROCESS32_EX;
495 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
496 	} else {
497 		data_header = AUT_PROCESS32;
498 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
499 	}
500 #endif
501 	if (token == NULL)
502 		return (NULL);
503 	adr_start(&adr, token->tt_data);
504 	adr_char(&adr, &data_header, 1);
505 	adr_int32(&adr, (int32_t *)&auid, 1);
506 	adr_int32(&adr, (int32_t *)&euid, 1);
507 	adr_int32(&adr, (int32_t *)&egid, 1);
508 	adr_int32(&adr, (int32_t *)&ruid, 1);
509 	adr_int32(&adr, (int32_t *)&rgid, 1);
510 	adr_int32(&adr, (int32_t *)&pid, 1);
511 	adr_int32(&adr, (int32_t *)&sid, 1);
512 #ifdef _LP64
513 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
514 #else
515 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
516 #endif
517 	if (tid->at_type == AU_IPv6) {
518 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
519 		adr_char(&adr, (char *)tid->at_addr, 16);
520 	} else {
521 		adr_char(&adr, (char *)tid->at_addr, 4);
522 	}
523 
524 	return (token);
525 }
526 
527 /*
528  * au_to_seq
529  * return s:
530  *	pointer to token chain containing a sequence token
531  */
532 token_t *
533 au_to_seq(int audit_count)
534 {
535 	token_t *token;			/* local token */
536 	adr_t adr;			/* adr memory stream header */
537 	char data_header = AUT_SEQ;	/* header for this token */
538 
539 	token = get_token(sizeof (char) + sizeof (int32_t));
540 	if (token == NULL)
541 		return (NULL);
542 	adr_start(&adr, token->tt_data);
543 	adr_char(&adr, &data_header, 1);
544 	adr_int32(&adr, (int32_t *)&audit_count, 1);
545 
546 	return (token);
547 }
548 
549 /*
550  * au_to_socket
551  * return s:
552  *	pointer to mbuf chain containing a socket token.
553  */
554 token_t *
555 au_to_socket(struct oldsocket *so)
556 {
557 	adr_t adr;
558 	token_t *token;
559 	char data_header = AUT_SOCKET;
560 	struct inpcb *inp = so->so_pcb;
561 
562 	token = get_token(sizeof (char) + sizeof (short) * 3 +
563 	    sizeof (int32_t) * 2);
564 	if (token == NULL)
565 		return (NULL);
566 	adr_start(&adr, token->tt_data);
567 	adr_char(&adr, &data_header, 1);
568 	adr_short(&adr, (short *)&so->so_type, 1);
569 	adr_short(&adr, (short *)&inp->inp_lport, 1);
570 	adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1);
571 	adr_short(&adr, (short *)&inp->inp_fport, 1);
572 	adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1);
573 
574 	return (token);
575 }
576 
577 /*
578  * au_to_subject
579  * return s:
580  *	pointer to a process token.
581  */
582 
583 token_t *
584 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
585     pid_t pid, au_asid_t sid, au_tid_t *tid)
586 {
587 	token_t *token;			/* local token */
588 	adr_t adr;			/* adr memory stream header */
589 #ifdef _LP64
590 	char data_header = AUT_SUBJECT64;	/* header for this token */
591 
592 	token = get_token(sizeof (char) + sizeof (int64_t) +
593 	    8 * sizeof (int32_t));
594 #else
595 	char data_header = AUT_SUBJECT32;
596 
597 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
598 #endif
599 
600 	if (token == NULL)
601 		return (NULL);
602 	adr_start(&adr, token->tt_data);
603 	adr_char(&adr, &data_header, 1);
604 	adr_int32(&adr, (int32_t *)&auid, 1);
605 	adr_int32(&adr, (int32_t *)&euid, 1);
606 	adr_int32(&adr, (int32_t *)&egid, 1);
607 	adr_int32(&adr, (int32_t *)&ruid, 1);
608 	adr_int32(&adr, (int32_t *)&rgid, 1);
609 	adr_int32(&adr, (int32_t *)&pid, 1);
610 	adr_int32(&adr, (int32_t *)&sid, 1);
611 #ifdef _LP64
612 	adr_int64(&adr, (int64_t *)&tid->port, 1);
613 #else
614 	adr_int32(&adr, (int32_t *)&tid->port, 1);
615 #endif
616 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
617 
618 	return (token);
619 }
620 
621 /*
622  * au_to_subject_ex
623  * return s:
624  *	pointer to a process token.
625  */
626 
627 token_t *
628 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
629     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
630 {
631 	token_t *token;			/* local token */
632 	adr_t adr;			/* adr memory stream header */
633 #ifdef _LP64
634 	char data_header;		/* header for this token */
635 
636 	if (tid->at_type == AU_IPv6) {
637 		data_header = AUT_SUBJECT64_EX;
638 		token = get_token(sizeof (char) + sizeof (int64_t) +
639 		    12 * sizeof (int32_t));
640 	} else {
641 		data_header = AUT_SUBJECT64;
642 		token = get_token(sizeof (char) + sizeof (int64_t) +
643 		    8 * sizeof (int32_t));
644 	}
645 #else
646 	char data_header;		/* header for this token */
647 
648 	if (tid->at_type == AU_IPv6) {
649 		data_header = AUT_SUBJECT32_EX;
650 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
651 	} else {
652 		data_header = AUT_SUBJECT32;
653 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
654 	}
655 #endif
656 
657 	if (token == NULL)
658 		return (NULL);
659 	adr_start(&adr, token->tt_data);
660 	adr_char(&adr, &data_header, 1);
661 	adr_int32(&adr, (int32_t *)&auid, 1);
662 	adr_int32(&adr, (int32_t *)&euid, 1);
663 	adr_int32(&adr, (int32_t *)&egid, 1);
664 	adr_int32(&adr, (int32_t *)&ruid, 1);
665 	adr_int32(&adr, (int32_t *)&rgid, 1);
666 	adr_int32(&adr, (int32_t *)&pid, 1);
667 	adr_int32(&adr, (int32_t *)&sid, 1);
668 #ifdef _LP64
669 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
670 #else
671 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
672 #endif
673 	if (tid->at_type == AU_IPv6) {
674 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
675 		adr_char(&adr, (char *)tid->at_addr, 16);
676 	} else {
677 		adr_char(&adr, (char *)tid->at_addr, 4);
678 	}
679 
680 	return (token);
681 }
682 
683 /*
684  * au_to_me
685  * return s:
686  *	pointer to a process token.
687  */
688 
689 token_t *
690 au_to_me(void)
691 {
692 	auditinfo_addr_t info;
693 
694 	if (getaudit_addr(&info, sizeof (info)))
695 		return (NULL);
696 	return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(),
697 	    getgid(), getpid(), info.ai_asid, &info.ai_termid));
698 }
699 /*
700  * au_to_text
701  * return s:
702  *	pointer to a text token.
703  */
704 token_t *
705 au_to_text(char *text)
706 {
707 	token_t *token;			/* local token */
708 	adr_t adr;			/* adr memory stream header */
709 	char data_header = AUT_TEXT;	/* header for this token */
710 	short bytes;			/* length of string */
711 
712 	bytes = strlen(text) + 1;
713 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
714 	if (token == NULL)
715 		return (NULL);
716 	adr_start(&adr, token->tt_data);
717 	adr_char(&adr, &data_header, 1);
718 	adr_short(&adr, &bytes, 1);
719 	adr_char(&adr, text, bytes);
720 
721 	return (token);
722 }
723 
724 /*
725  * au_to_path
726  * return s:
727  *	pointer to a path token.
728  */
729 token_t *
730 au_to_path(char *path)
731 {
732 	token_t *token;			/* local token */
733 	adr_t adr;			/* adr memory stream header */
734 	char data_header = AUT_PATH;	/* header for this token */
735 	short bytes;			/* length of string */
736 
737 	bytes = (short)strlen(path) + 1;
738 
739 	token = get_token((int)(sizeof (char) +  sizeof (short) + bytes));
740 	if (token == NULL)
741 		return (NULL);
742 	adr_start(&adr, token->tt_data);
743 	adr_char(&adr, &data_header, 1);
744 	adr_short(&adr, &bytes, 1);
745 	adr_char(&adr, path, bytes);
746 
747 	return (token);
748 }
749 
750 /*
751  * au_to_cmd
752  * return s:
753  *	pointer to an command line argument token
754  */
755 token_t *
756 au_to_cmd(uint_t argc, char **argv, char **envp)
757 {
758 	token_t *token;			/* local token */
759 	adr_t adr;			/* adr memory stream header */
760 	char data_header = AUT_CMD;	/* header for this token */
761 	short len = 0;
762 	short cnt = 0;
763 	short envc = 0;
764 	short largc = (short)argc;
765 
766 	/*
767 	 * one char for the header, one short for argc,
768 	 * one short for # envp strings.
769 	 */
770 	len = sizeof (char) + sizeof (short) + sizeof (short);
771 
772 	/* get sizes of strings */
773 
774 	for (cnt = 0; cnt < argc; cnt++) {
775 		len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1);
776 	}
777 
778 	if (envp != NULL) {
779 		for (envc = 0; envp[envc] != NULL; envc++) {
780 			len += (short)sizeof (short) +
781 			    (short)(strlen(envp[envc]) + 1);
782 		}
783 	}
784 
785 	token = get_token(len);
786 	if (token == NULL)
787 		return (NULL);
788 
789 	adr_start(&adr, token->tt_data);
790 	adr_char(&adr, &data_header, 1);
791 
792 	adr_short(&adr, &largc, 1);
793 
794 	for (cnt = 0; cnt < argc; cnt++) {
795 		len = (short)(strlen(argv[cnt]) + 1);
796 		adr_short(&adr, &len, 1);
797 		adr_char(&adr, argv[cnt], len);
798 	}
799 
800 	adr_short(&adr, &envc, 1);
801 
802 	for (cnt = 0; cnt < envc; cnt++) {
803 		len = (short)(strlen(envp[cnt]) + 1);
804 		adr_short(&adr, &len, 1);
805 		adr_char(&adr, envp[cnt], len);
806 	}
807 
808 	return (token);
809 }
810 
811 /*
812  * au_to_exit
813  * return s:
814  *	pointer to a exit value token.
815  */
816 token_t *
817 au_to_exit(int retval, int err)
818 {
819 	token_t *token;			/* local token */
820 	adr_t adr;			/* adr memory stream header */
821 	char data_header = AUT_EXIT;	/* header for this token */
822 
823 	token = get_token(sizeof (char) + (2 * sizeof (int32_t)));
824 	if (token == NULL)
825 		return (NULL);
826 	adr_start(&adr, token->tt_data);
827 	adr_char(&adr, &data_header, 1);
828 	adr_int32(&adr, (int32_t *)&retval, 1);
829 	adr_int32(&adr, (int32_t *)&err, 1);
830 
831 	return (token);
832 }
833 
834 /*
835  * au_to_return
836  * return s:
837  *	pointer to a return  value token.
838  */
839 token_t *
840 au_to_return32(char number, uint32_t value)
841 {
842 	token_t *token;				/* local token */
843 	adr_t adr;				/* adr memory stream header */
844 	char data_header = AUT_RETURN32;	/* header for this token */
845 
846 	token = get_token(2 * sizeof (char) + sizeof (int32_t));
847 	if (token == NULL)
848 		return (NULL);
849 	adr_start(&adr, token->tt_data);
850 	adr_char(&adr, &data_header, 1);
851 	adr_char(&adr, &number, 1);
852 	adr_int32(&adr, (int32_t *)&value, 1);
853 
854 	return (token);
855 }
856 
857 /*
858  * au_to_return
859  * return s:
860  *	pointer to a return  value token.
861  */
862 token_t *
863 au_to_return64(char number, uint64_t value)
864 {
865 	token_t *token;				/* local token */
866 	adr_t adr;				/* adr memory stream header */
867 	char data_header = AUT_RETURN64;	/* header for this token */
868 
869 	token = get_token(2 * sizeof (char) + sizeof (int64_t));
870 	if (token == NULL)
871 		return (NULL);
872 	adr_start(&adr, token->tt_data);
873 	adr_char(&adr, &data_header, 1);
874 	adr_char(&adr, &number, 1);
875 	adr_int64(&adr, (int64_t *)&value, 1);
876 
877 	return (token);
878 }
879 
880 
881 /*
882  * au_to_opaque
883  * return s:
884  *	pointer to a opaque token.
885  */
886 token_t *
887 au_to_opaque(char *opaque, short bytes)
888 {
889 	token_t *token;			/* local token */
890 	adr_t adr;			/* adr memory stream header */
891 	char data_header = AUT_OPAQUE;	/* header for this token */
892 
893 	if (bytes < 1)
894 		return (NULL);
895 
896 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
897 	if (token == NULL)
898 		return (NULL);
899 	adr_start(&adr, token->tt_data);
900 	adr_char(&adr, &data_header, 1);
901 	adr_short(&adr, &bytes, 1);
902 	adr_char(&adr, opaque, bytes);
903 
904 	return (token);
905 }
906 
907 /*
908  * au_to_in_addr
909  * return s:
910  *	pointer to a internet address token
911  */
912 token_t *
913 au_to_in_addr(struct in_addr *internet_addr)
914 {
915 	token_t *token;			/* local token */
916 	adr_t adr;			/* adr memory stream header */
917 	char data_header = AUT_IN_ADDR;	/* header for this token */
918 
919 	token = get_token(sizeof (char) + sizeof (uint32_t));
920 	if (token == NULL)
921 		return (NULL);
922 	adr_start(&adr, token->tt_data);
923 	adr_char(&adr, &data_header, 1);
924 	adr_int32(&adr, (int32_t *)internet_addr, 1);
925 
926 	return (token);
927 }
928 
929 /*
930  * au_to_iport
931  * return s:
932  *	pointer to token chain containing a ip port address token
933  */
934 token_t *
935 au_to_iport(ushort_t iport)
936 {
937 	token_t *token;			/* local token */
938 	adr_t adr;			/* adr memory stream header */
939 	char data_header = AUT_IPORT;	/* header for this token */
940 
941 	token = get_token(sizeof (char) + sizeof (short));
942 	if (token == NULL)
943 		return (NULL);
944 	adr_start(&adr, token->tt_data);
945 	adr_char(&adr, &data_header, 1);
946 	adr_short(&adr, (short *)&iport, 1);
947 
948 	return (token);
949 }
950 
951 token_t *
952 au_to_ipc(char type, int id)
953 {
954 	token_t *token;			/* local token */
955 	adr_t adr;			/* adr memory stream header */
956 	char data_header = AUT_IPC;	/* header for this token */
957 
958 	token = get_token((2 * sizeof (char)) + sizeof (int32_t));
959 	if (token == NULL)
960 		return (NULL);
961 	adr_start(&adr, token->tt_data);
962 	adr_char(&adr, &data_header, 1);
963 	adr_char(&adr, &type, 1);
964 	adr_int32(&adr, (int32_t *)&id, 1);
965 
966 	return (token);
967 }
968 
969 /*
970  * au_to_tid
971  *
972  * output format depends on type; at present only IP v4 and v6 addresses
973  * are defined.
974  *
975  * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type,
976  *		32 bit IP address.
977  * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type,
978  *		4 x 32 bit IP address.
979  *
980  */
981 token_t *
982 au_to_tid(au_generic_tid_t *tid)
983 {
984 	char		data_header = AUT_TID;	/* header for this token */
985 	adr_t		adr;			/* adr memory stream header */
986 	token_t		*token;			/* local token */
987 	au_ip_t		*ip;
988 
989 	switch (tid->gt_type) {
990 	case AU_IPADR:
991 		ip = &(tid->gt_adr.at_ip);
992 		token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) +
993 			sizeof (uint32_t) + ip->at_type));
994 		if (token == NULL)
995 			return (NULL);
996 
997 		adr_start(&adr, token->tt_data);
998 		adr_char(&adr, &data_header, 1);
999 		adr_char(&adr, (char *)&(tid->gt_type), 1);
1000 		adr_short(&adr, (short *)&(ip->at_r_port), 1);
1001 		adr_short(&adr, (short *)&(ip->at_l_port), 1);
1002 		adr_int32(&adr, (int32_t *)&(ip->at_type), 1);
1003 
1004 		adr_char(&adr, (char *)ip->at_addr, ip->at_type);
1005 
1006 		break;
1007 	default:
1008 		return (NULL);
1009 	}
1010 	return (token);
1011 }
1012 
1013 /*
1014  * The Modifier tokens
1015  */
1016 
1017 /*
1018  * au_to_groups
1019  * return s:
1020  *	pointer to a group list token.
1021  *
1022  * This function is obsolete.  Please use au_to_newgroups.
1023  */
1024 token_t *
1025 au_to_groups(int *groups)
1026 {
1027 	token_t *token;			/* local token */
1028 	adr_t adr;			/* adr memory stream header */
1029 	char data_header = AUT_GROUPS;	/* header for this token */
1030 
1031 	token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t));
1032 	if (token == NULL)
1033 		return (NULL);
1034 	adr_start(&adr, token->tt_data);
1035 	adr_char(&adr, &data_header, 1);
1036 	adr_int32(&adr, (int32_t *)groups, NGROUPS);
1037 
1038 	return (token);
1039 }
1040 
1041 /*
1042  * au_to_newgroups
1043  * return s:
1044  *	pointer to a group list token.
1045  */
1046 token_t *
1047 au_to_newgroups(int n, gid_t *groups)
1048 {
1049 	token_t *token;			/* local token */
1050 	adr_t adr;			/* adr memory stream header */
1051 	char data_header = AUT_NEWGROUPS;	/* header for this token */
1052 	short n_groups;
1053 
1054 	if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL)
1055 		return (NULL);
1056 	token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t));
1057 	if (token == NULL)
1058 		return (NULL);
1059 	n_groups = (short)n;
1060 	adr_start(&adr, token->tt_data);
1061 	adr_char(&adr, &data_header, 1);
1062 	adr_short(&adr, &n_groups, 1);
1063 	adr_int32(&adr, (int32_t *)groups, n_groups);
1064 
1065 	return (token);
1066 }
1067 
1068 /*
1069  * au_to_exec_args
1070  * returns:
1071  *	pointer to an exec args token.
1072  */
1073 token_t *
1074 au_to_exec_args(char **argv)
1075 {
1076 	return (au_to_exec(argv, AUT_EXEC_ARGS));
1077 }
1078 
1079 /*
1080  * au_to_exec_env
1081  * returns:
1082  *	pointer to an exec args token.
1083  */
1084 token_t *
1085 au_to_exec_env(char **envp)
1086 {
1087 	return (au_to_exec(envp, AUT_EXEC_ENV));
1088 }
1089 
1090 /*
1091  * au_to_exec
1092  * returns:
1093  *	pointer to an exec args token.
1094  */
1095 static token_t *
1096 au_to_exec(char **v, char data_header)
1097 {
1098 	token_t *token;
1099 	adr_t adr;
1100 	char **p;
1101 	int32_t n = 0;
1102 	int len = 0;
1103 
1104 	for (p = v; *p != NULL; p++) {
1105 		len += strlen(*p) + 1;
1106 		n++;
1107 	}
1108 	token = get_token(sizeof (char) + sizeof (int32_t) + len);
1109 	if (token == (token_t *)NULL)
1110 		return ((token_t *)NULL);
1111 	adr_start(&adr, token->tt_data);
1112 	adr_char(&adr, &data_header, 1);
1113 	adr_int32(&adr, &n, 1);
1114 	for (p = v; *p != NULL; p++) {
1115 		adr_char(&adr, *p, strlen(*p) + 1);
1116 	}
1117 	return (token);
1118 }
1119 
1120 /*
1121  * au_to_uauth
1122  * return s:
1123  *	pointer to a uauth token.
1124  */
1125 token_t *
1126 au_to_uauth(char *text)
1127 {
1128 	token_t *token;			/* local token */
1129 	adr_t adr;			/* adr memory stream header */
1130 	char data_header = AUT_UAUTH;	/* header for this token */
1131 	short bytes;			/* length of string */
1132 
1133 	bytes = strlen(text) + 1;
1134 
1135 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1136 	if (token == NULL)
1137 		return (NULL);
1138 	adr_start(&adr, token->tt_data);
1139 	adr_char(&adr, &data_header, 1);
1140 	adr_short(&adr, &bytes, 1);
1141 	adr_char(&adr, text, bytes);
1142 
1143 	return (token);
1144 }
1145 
1146 /*
1147  * au_to_xatom
1148  * return s:
1149  *	pointer to a xatom token.
1150  */
1151 token_t *
1152 au_to_xatom(ushort_t len, char *atom)
1153 {
1154 	token_t *token;			/* local token */
1155 	adr_t adr;			/* adr memory stream header */
1156 	char data_header = AUT_XATOM;	/* header for this token */
1157 
1158 	token = get_token((int)(sizeof (char) + sizeof (ushort_t) + len));
1159 	if (token == NULL)
1160 		return (NULL);
1161 	adr_start(&adr, token->tt_data);
1162 	adr_char(&adr, &data_header, 1);
1163 	adr_short(&adr, (short *)&len, 1);
1164 	adr_char(&adr, atom, len);
1165 
1166 	return (token);
1167 }
1168 
1169 /*
1170  * au_to_xproto
1171  * return s:
1172  *	pointer to a X protocol token.
1173  */
1174 token_t *
1175 au_to_xproto(pid_t pid)
1176 {
1177 	token_t *token;			/* local token */
1178 	adr_t adr;			/* adr memory stream header */
1179 	char data_header = AUT_XPROTO;	/* header for this token */
1180 	int32_t v = pid;
1181 
1182 	token = get_token(sizeof (char) + sizeof (int32_t));
1183 	if (token == NULL)
1184 		return (NULL);
1185 	adr_start(&adr, token->tt_data);
1186 	adr_char(&adr, &data_header, 1);
1187 	adr_int32(&adr, &v, 1);
1188 
1189 	return (token);
1190 }
1191 
1192 /*
1193  * au_to_xobj
1194  * return s:
1195  *	pointer to a X object token.
1196  */
1197 token_t *
1198 au_to_xobj(int oid, int xid, int cuid)
1199 {
1200 	token_t *token;			/* local token */
1201 	adr_t adr;			/* adr memory stream header */
1202 	char data_header = AUT_XOBJ;	/* header for this token */
1203 
1204 	token = get_token(sizeof (char) + 3 * sizeof (int32_t));
1205 	if (token == NULL)
1206 		return (NULL);
1207 	adr_start(&adr, token->tt_data);
1208 	adr_char(&adr, &data_header, 1);
1209 	adr_int32(&adr, (int32_t *)&oid, 1);
1210 	adr_int32(&adr, (int32_t *)&xid, 1);
1211 	adr_int32(&adr, (int32_t *)&cuid, 1);
1212 
1213 	return (token);
1214 }
1215 
1216 /*
1217  * au_to_xselect
1218  * return s:
1219  *	pointer to a X select token.
1220  */
1221 token_t *
1222 au_to_xselect(char *pstring, char *type, short dlen, char *data)
1223 {
1224 	token_t *token;			/* local token */
1225 	adr_t adr;			/* adr memory stream header */
1226 	char data_header = AUT_XSELECT;	/* header for this token */
1227 	short bytes;
1228 
1229 	bytes = strlen(pstring) + strlen(type) + 2 + dlen;
1230 	token = get_token((int)(sizeof (char) + sizeof (short) * 3 + bytes));
1231 	if (token == NULL)
1232 		return (NULL);
1233 	adr_start(&adr, token->tt_data);
1234 	adr_char(&adr, &data_header, 1);
1235 	bytes = strlen(pstring) + 1;
1236 	adr_short(&adr, &bytes, 1);
1237 	adr_char(&adr, pstring, bytes);
1238 	bytes = strlen(type) + 1;
1239 	adr_short(&adr, &bytes, 1);
1240 	adr_char(&adr, type, bytes);
1241 	adr_short(&adr, &dlen, 1);
1242 	adr_char(&adr, data, dlen);
1243 	return (token);
1244 }
1245 
1246 /*
1247  * au_to_label
1248  * return s:
1249  *	pointer to a label token.
1250  */
1251 token_t *
1252 au_to_label(m_label_t *label)
1253 {
1254 	token_t *token;			/* local token */
1255 	adr_t adr;			/* adr memory stream header */
1256 	char data_header = AUT_LABEL;	/* header for this token */
1257 	size_t llen = blabel_size();
1258 
1259 	token = get_token(sizeof (char) + llen);
1260 	if (token == NULL) {
1261 		return (NULL);
1262 	} else if (label == NULL) {
1263 		free(token);
1264 		return (NULL);
1265 	}
1266 	adr_start(&adr, token->tt_data);
1267 	adr_char(&adr, &data_header, 1);
1268 	adr_char(&adr, (char *)label, llen);
1269 
1270 	return (token);
1271 }
1272 
1273 /*
1274  * au_to_mylabel
1275  * return s:
1276  *	pointer to a label token.
1277  */
1278 token_t *
1279 au_to_mylabel(void)
1280 {
1281 	ucred_t		*uc;
1282 	token_t		*token;
1283 
1284 	if ((uc = ucred_get(P_MYID)) == NULL) {
1285 		return (NULL);
1286 	}
1287 
1288 	token = au_to_label(ucred_getlabel(uc));
1289 	ucred_free(uc);
1290 	return (token);
1291 }
1292 
1293 /*
1294  * au_to_zonename
1295  * return s:
1296  *	pointer to a zonename token.
1297  */
1298 token_t *
1299 au_to_zonename(char *name)
1300 {
1301 	token_t *token;			/* local token */
1302 	adr_t adr;			/* adr memory stream header */
1303 	char data_header = AUT_ZONENAME;	/* header for this token */
1304 	short bytes;			/* length of string */
1305 
1306 	if (name == NULL)
1307 		return (NULL);
1308 
1309 	bytes = strlen(name) + 1;
1310 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1311 	if (token == NULL)
1312 		return (NULL);
1313 	adr_start(&adr, token->tt_data);
1314 	adr_char(&adr, &data_header, 1);
1315 	adr_short(&adr, &bytes, 1);
1316 	adr_char(&adr, name, bytes);
1317 
1318 	return (token);
1319 }
1320 
1321 /*
1322  * au_to_fmri
1323  * return s:
1324  *	pointer to a fmri token.
1325  */
1326 token_t *
1327 au_to_fmri(char *fmri)
1328 {
1329 	token_t *token;			/* local token */
1330 	adr_t adr;			/* adr memory stream header */
1331 	char data_header = AUT_FMRI;	/* header for this token */
1332 	short bytes;			/* length of string */
1333 
1334 	if (fmri == NULL)
1335 		return (NULL);
1336 
1337 	bytes = strlen(fmri) + 1;
1338 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1339 	if (token == NULL)
1340 		return (NULL);
1341 	adr_start(&adr, token->tt_data);
1342 	adr_char(&adr, &data_header, 1);
1343 	adr_short(&adr, &bytes, 1);
1344 	adr_char(&adr, fmri, bytes);
1345 
1346 	return (token);
1347 }
1348