1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 /* 28 * Token processing for auditreduce. 29 */ 30 31 #include <locale.h> 32 #include <sys/zone.h> 33 #include "auditr.h" 34 #include "toktable.h" 35 36 extern int re_exec2(char *); 37 38 static void anchor_path(char *path); 39 static char *collapse_path(char *s); 40 static void get_string(adr_t *adr, char **p); 41 static int ipc_type_match(int flag, char type); 42 static void skip_string(adr_t *adr); 43 static int xgeneric(adr_t *adr); 44 45 #if AUDIT_REC 46 void 47 print_id(int id) 48 { 49 char *suffix; 50 51 if ((id < 0) || (id > MAXTOKEN) || 52 (tokentable[id].func == NOFUNC)) { 53 (void) fprintf(stderr, 54 "token_processing: token %d not found\n", id); 55 return; 56 } 57 58 switch (id) { 59 case AUT_NEWGROUPS: 60 suffix = "_new"; 61 break; 62 case AUT_ATTR32: 63 suffix = "32"; 64 break; 65 case AUT_ARG64: 66 case AUT_RETURN64: 67 case AUT_ATTR64: 68 case AUT_HEADER64: 69 case AUT_SUBJECT64: 70 case AUT_PROCESS64: 71 case AUT_OTHER_FILE64: 72 suffix = "64"; 73 break; 74 case AUT_SOCKET_EX: 75 case AUT_IN_ADDR_EX: 76 suffix = "_ex"; 77 break; 78 case AUT_HEADER32_EX: 79 case AUT_SUBJECT32_EX: 80 case AUT_PROCESS32_EX: 81 suffix = "32_ex"; 82 break; 83 case AUT_HEADER64_EX: 84 case AUT_SUBJECT64_EX: 85 case AUT_PROCESS64_EX: 86 suffix = "64_ex"; 87 break; 88 default: 89 suffix = ""; 90 break; 91 } 92 (void) fprintf(stderr, "token_processing: %s%s\n", 93 tokentable[id].t_name, suffix); 94 } 95 #endif /* AUDIT_REC */ 96 97 /* 98 * Process a token in a record to determine whether the record is interesting. 99 */ 100 101 int 102 token_processing(adr_t *adr, int tokenid) 103 { 104 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 105 (tokentable[tokenid].func != NOFUNC)) { 106 #if AUDIT_REC 107 print_id(tokenid); 108 #endif /* AUDIT_REC */ 109 return ((*tokentable[tokenid].func)(adr)); 110 } 111 112 /* here if token id is not in table */ 113 return (-2); 114 } 115 116 117 /* There should not be any file or header tokens in the middle of a record */ 118 119 /* ARGSUSED */ 120 int 121 file_token(adr_t *adr) 122 { 123 return (-2); 124 } 125 126 /* ARGSUSED */ 127 int 128 file64_token(adr_t *adr) 129 { 130 return (-2); 131 } 132 133 /* ARGSUSED */ 134 int 135 header_token(adr_t *adr) 136 { 137 return (-2); 138 } 139 140 /* ARGSUSED */ 141 int 142 header32_ex_token(adr_t *adr) 143 { 144 return (-2); 145 } 146 147 /* ARGSUSED */ 148 int 149 header64_ex_token(adr_t *adr) 150 { 151 return (-2); 152 } 153 154 /* ARGSUSED */ 155 int 156 header64_token(adr_t *adr) 157 { 158 return (-2); 159 } 160 161 162 /* 163 * ====================================================== 164 * The following token processing routines return 165 * -1: if the record is not interesting 166 * -2: if an error is found 167 * ====================================================== 168 */ 169 170 int 171 trailer_token(adr_t *adr) 172 { 173 short magic_number; 174 uint32_t bytes; 175 176 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 177 if (magic_number != AUT_TRAILER_MAGIC) { 178 (void) fprintf(stderr, "%s\n", 179 gettext("auditreduce: Bad trailer token")); 180 return (-2); 181 } 182 adrm_u_int32(adr, &bytes, 1); 183 184 return (-1); 185 } 186 187 188 /* 189 * Format of arbitrary data token: 190 * arbitrary data token id adr char 191 * how to print adr_char 192 * basic unit adr_char 193 * unit count adr_char, specifying number of units of 194 * data items depends on basic unit 195 */ 196 int 197 arbitrary_data_token(adr_t *adr) 198 { 199 int i; 200 char c1; 201 short c2; 202 int32_t c3; 203 int64_t c4; 204 char how_to_print, basic_unit, unit_count; 205 206 /* get how_to_print, basic_unit, and unit_count */ 207 adrm_char(adr, &how_to_print, 1); 208 adrm_char(adr, &basic_unit, 1); 209 adrm_char(adr, &unit_count, 1); 210 for (i = 0; i < unit_count; i++) { 211 switch (basic_unit) { 212 /* case AUR_BYTE: has same value as AUR_CHAR */ 213 case AUR_CHAR: 214 adrm_char(adr, &c1, 1); 215 break; 216 case AUR_SHORT: 217 adrm_short(adr, &c2, 1); 218 break; 219 case AUR_INT32: 220 adrm_int32(adr, (int32_t *)&c3, 1); 221 break; 222 case AUR_INT64: 223 adrm_int64(adr, (int64_t *)&c4, 1); 224 break; 225 default: 226 return (-2); 227 break; 228 } 229 } 230 return (-1); 231 } 232 233 234 /* 235 * Format of opaque token: 236 * opaque token id adr_char 237 * size adr_short 238 * data adr_char, size times 239 */ 240 int 241 opaque_token(adr_t *adr) 242 { 243 skip_string(adr); 244 return (-1); 245 } 246 247 248 249 /* 250 * Format of return32 value token: 251 * return value token id adr_char 252 * error number adr_char 253 * return value adr_u_int32 254 */ 255 int 256 return_value32_token(adr_t *adr) 257 { 258 char errnum; 259 uint32_t value; 260 261 adrm_char(adr, &errnum, 1); 262 adrm_u_int32(adr, &value, 1); 263 if ((flags & M_SORF) && 264 ((global_class & mask.am_success) && (errnum == 0)) || 265 ((global_class & mask.am_failure) && (errnum != 0))) { 266 checkflags |= M_SORF; 267 } 268 return (-1); 269 } 270 271 /* 272 * Format of return64 value token: 273 * return value token id adr_char 274 * error number adr_char 275 * return value adr_u_int64 276 */ 277 int 278 return_value64_token(adr_t *adr) 279 { 280 char errnum; 281 uint64_t value; 282 283 adrm_char(adr, &errnum, 1); 284 adrm_u_int64(adr, &value, 1); 285 if ((flags & M_SORF) && 286 ((global_class & mask.am_success) && (errnum == 0)) || 287 ((global_class & mask.am_failure) && (errnum != 0))) { 288 checkflags |= M_SORF; 289 } 290 return (-1); 291 } 292 293 294 /* 295 * Format of sequence token: 296 * sequence token id adr_char 297 * audit_count int32_t 298 */ 299 int 300 sequence_token(adr_t *adr) 301 { 302 int32_t audit_count; 303 304 adrm_int32(adr, &audit_count, 1); 305 return (-1); 306 } 307 308 309 /* 310 * Format of text token: 311 * text token id adr_char 312 * text adr_string 313 */ 314 int 315 text_token(adr_t *adr) 316 { 317 skip_string(adr); 318 return (-1); 319 } 320 321 322 /* 323 * Format of ip_addr token: 324 * ip token id adr_char 325 * address adr_int32 326 */ 327 int 328 ip_addr_token(adr_t *adr) 329 { 330 int32_t address; 331 332 adrm_char(adr, (char *)&address, 4); 333 334 return (-1); 335 } 336 337 /* 338 * Format of ip_addr_ex token: 339 * ip token id adr_char 340 * ip type adr_int32 341 * ip address adr_u_char*type 342 */ 343 int 344 ip_addr_ex_token(adr_t *adr) 345 { 346 int32_t type; 347 uchar_t address[16]; 348 349 adrm_int32(adr, (int32_t *)&type, 1); 350 adrm_u_char(adr, address, type); 351 352 return (-1); 353 } 354 355 /* 356 * Format of ip token: 357 * ip header token id adr_char 358 * version adr_char 359 * type of service adr_char 360 * length adr_short 361 * id adr_u_short 362 * offset adr_u_short 363 * ttl adr_char 364 * protocol adr_char 365 * checksum adr_u_short 366 * source address adr_int32 367 * destination address adr_int32 368 */ 369 int 370 ip_token(adr_t *adr) 371 { 372 char version; 373 char type; 374 short len; 375 unsigned short id, offset, checksum; 376 char ttl, protocol; 377 int32_t src, dest; 378 379 adrm_char(adr, &version, 1); 380 adrm_char(adr, &type, 1); 381 adrm_short(adr, &len, 1); 382 adrm_u_short(adr, &id, 1); 383 adrm_u_short(adr, &offset, 1); 384 adrm_char(adr, &ttl, 1); 385 adrm_char(adr, &protocol, 1); 386 adrm_u_short(adr, &checksum, 1); 387 adrm_char(adr, (char *)&src, 4); 388 adrm_char(adr, (char *)&dest, 4); 389 390 return (-1); 391 } 392 393 394 /* 395 * Format of iport token: 396 * ip port address token id adr_char 397 * port address adr_short 398 */ 399 int 400 iport_token(adr_t *adr) 401 { 402 short address; 403 404 adrm_short(adr, &address, 1); 405 406 return (-1); 407 } 408 409 410 /* 411 * Format of groups token: 412 * group token id adr_char 413 * group list adr_int32, 16 times 414 */ 415 int 416 group_token(adr_t *adr) 417 { 418 int gid[16]; 419 int i; 420 int flag = 0; 421 422 for (i = 0; i < 16; i++) { 423 adrm_int32(adr, (int32_t *)&gid[i], 1); 424 if (flags & M_GROUPR) { 425 if ((unsigned short)m_groupr == gid[i]) 426 flag = 1; 427 } 428 } 429 430 if (flags & M_GROUPR) { 431 if (flag) 432 checkflags |= M_GROUPR; 433 } 434 return (-1); 435 } 436 437 /* 438 * Format of newgroups token: 439 * group token id adr_char 440 * number of groups adr_short 441 * group list adr_int32, "number" times 442 */ 443 int 444 newgroup_token(adr_t *adr) 445 { 446 gid_t gid; 447 int i; 448 short int number; 449 450 adrm_short(adr, &number, 1); 451 452 for (i = 0; i < number; i++) { 453 adrm_int32(adr, (int32_t *)&gid, 1); 454 if (flags & M_GROUPR) { 455 if (m_groupr == gid) 456 checkflags |= M_GROUPR; 457 } 458 } 459 460 return (-1); 461 } 462 463 /* 464 * Format of argument32 token: 465 * argument token id adr_char 466 * argument number adr_char 467 * argument value adr_int32 468 * argument description adr_string 469 */ 470 int 471 argument32_token(adr_t *adr) 472 { 473 char arg_num; 474 int32_t arg_val; 475 476 adrm_char(adr, &arg_num, 1); 477 adrm_int32(adr, &arg_val, 1); 478 skip_string(adr); 479 480 return (-1); 481 } 482 483 /* 484 * Format of argument64 token: 485 * argument token id adr_char 486 * argument number adr_char 487 * argument value adr_int64 488 * argument description adr_string 489 */ 490 int 491 argument64_token(adr_t *adr) 492 { 493 char arg_num; 494 int64_t arg_val; 495 496 adrm_char(adr, &arg_num, 1); 497 adrm_int64(adr, &arg_val, 1); 498 skip_string(adr); 499 500 return (-1); 501 } 502 503 /* 504 * Format of acl token: 505 * acl token id adr_char 506 * acl type adr_u_int32 507 * acl value adr_u_int32 (depends on type) 508 * file mode adr_u_int (in octal) 509 */ 510 int 511 acl_token(adr_t *adr) 512 { 513 514 int32_t id; 515 int32_t mode; 516 int32_t type; 517 518 adrm_int32(adr, &type, 1); 519 adrm_int32(adr, &id, 1); 520 adrm_int32(adr, &mode, 1); 521 522 return (-1); 523 } 524 525 /* 526 * Format of ace token: 527 * ace token id adr_char 528 * ace who adr_u_int32 (uid/gid) 529 * access mask adr_u_int32 530 * ace flags adr_u_int16 531 * ace type adr_u_int16 532 */ 533 int 534 ace_token(adr_t *adr) 535 { 536 uid_t who; 537 uint32_t access_mask; 538 uint16_t flags, type; 539 540 adrm_uid(adr, &who, 1); 541 adrm_u_int32(adr, &access_mask, 1); 542 adrm_u_short(adr, &flags, 1); 543 adrm_u_short(adr, &type, 1); 544 545 return (-1); 546 } 547 548 /* 549 * Format of attribute token: (old pre SunOS 5.7 format) 550 * attribute token id adr_char 551 * mode adr_int32 (printed in octal) 552 * uid adr_int32 553 * gid adr_int32 554 * file system id adr_int32 555 * node id adr_int32 556 * device adr_int32 557 */ 558 int 559 attribute_token(adr_t *adr) 560 { 561 int32_t dev; 562 int32_t file_sysid; 563 int32_t gid; 564 int32_t mode; 565 int32_t nodeid; 566 int32_t uid; 567 568 adrm_int32(adr, &mode, 1); 569 adrm_int32(adr, &uid, 1); 570 adrm_int32(adr, &gid, 1); 571 adrm_int32(adr, &file_sysid, 1); 572 adrm_int32(adr, &nodeid, 1); 573 adrm_int32(adr, &dev, 1); 574 575 if (!new_mode && (flags & M_USERE)) { 576 if (m_usere == uid) 577 checkflags |= M_USERE; 578 } 579 if (!new_mode && (flags & M_GROUPE)) { 580 if (m_groupe == gid) 581 checkflags |= M_GROUPE; 582 } 583 584 if (flags & M_OBJECT) { 585 if ((obj_flag & OBJ_FGROUP) && 586 (obj_group == gid)) 587 checkflags |= M_OBJECT; 588 else if ((obj_flag & OBJ_FOWNER) && 589 (obj_owner == uid)) 590 checkflags |= M_OBJECT; 591 } 592 return (-1); 593 } 594 595 /* 596 * Format of attribute32 token: 597 * attribute token id adr_char 598 * mode adr_int32 (printed in octal) 599 * uid adr_int32 600 * gid adr_int32 601 * file system id adr_int32 602 * node id adr_int64 603 * device adr_int32 604 */ 605 int 606 attribute32_token(adr_t *adr) 607 { 608 int32_t dev; 609 int32_t file_sysid; 610 int32_t gid; 611 int32_t mode; 612 int64_t nodeid; 613 int32_t uid; 614 615 adrm_int32(adr, &mode, 1); 616 adrm_int32(adr, &uid, 1); 617 adrm_int32(adr, &gid, 1); 618 adrm_int32(adr, &file_sysid, 1); 619 adrm_int64(adr, &nodeid, 1); 620 adrm_int32(adr, &dev, 1); 621 622 if (!new_mode && (flags & M_USERE)) { 623 if (m_usere == uid) 624 checkflags |= M_USERE; 625 } 626 if (!new_mode && (flags & M_GROUPE)) { 627 if (m_groupe == gid) 628 checkflags |= M_GROUPE; 629 } 630 631 if (flags & M_OBJECT) { 632 if ((obj_flag & OBJ_FGROUP) && 633 (obj_group == gid)) 634 checkflags |= M_OBJECT; 635 else if ((obj_flag & OBJ_FOWNER) && 636 (obj_owner == uid)) 637 checkflags |= M_OBJECT; 638 } 639 return (-1); 640 } 641 642 /* 643 * Format of attribute64 token: 644 * attribute token id adr_char 645 * mode adr_int32 (printed in octal) 646 * uid adr_int32 647 * gid adr_int32 648 * file system id adr_int32 649 * node id adr_int64 650 * device adr_int64 651 */ 652 int 653 attribute64_token(adr_t *adr) 654 { 655 int64_t dev; 656 int32_t file_sysid; 657 int32_t gid; 658 int32_t mode; 659 int64_t nodeid; 660 int32_t uid; 661 662 adrm_int32(adr, &mode, 1); 663 adrm_int32(adr, &uid, 1); 664 adrm_int32(adr, &gid, 1); 665 adrm_int32(adr, &file_sysid, 1); 666 adrm_int64(adr, &nodeid, 1); 667 adrm_int64(adr, &dev, 1); 668 669 if (!new_mode && (flags & M_USERE)) { 670 if (m_usere == uid) 671 checkflags |= M_USERE; 672 } 673 if (!new_mode && (flags & M_GROUPE)) { 674 if (m_groupe == gid) 675 checkflags |= M_GROUPE; 676 } 677 678 if (flags & M_OBJECT) { 679 if ((obj_flag & OBJ_FGROUP) && 680 (obj_group == gid)) 681 checkflags |= M_OBJECT; 682 else if ((obj_flag & OBJ_FOWNER) && 683 (obj_owner == uid)) 684 checkflags |= M_OBJECT; 685 } 686 return (-1); 687 } 688 689 690 /* 691 * Format of command token: 692 * attribute token id adr_char 693 * argc adr_short 694 * argv len adr_short variable amount of argv len 695 * argv text argv len and text 696 * . 697 * . 698 * . 699 * envp count adr_short variable amount of envp len 700 * envp len adr_short and text 701 * envp text envp len 702 * . 703 * . 704 * . 705 */ 706 int 707 cmd_token(adr_t *adr) 708 { 709 short cnt; 710 short i; 711 712 adrm_short(adr, &cnt, 1); 713 714 for (i = 0; i < cnt; i++) 715 skip_string(adr); 716 717 adrm_short(adr, &cnt, 1); 718 719 for (i = 0; i < cnt; i++) 720 skip_string(adr); 721 722 return (-1); 723 } 724 725 726 /* 727 * Format of exit token: 728 * attribute token id adr_char 729 * return value adr_int32 730 * errno adr_int32 731 */ 732 int 733 exit_token(adr_t *adr) 734 { 735 int32_t retval; 736 int32_t errno; 737 738 adrm_int32(adr, &retval, 1); 739 adrm_int32(adr, &errno, 1); 740 return (-1); 741 } 742 743 /* 744 * Format of strings array token: 745 * token id adr_char 746 * count value adr_int32 747 * strings null terminated strings 748 */ 749 static int 750 strings_common_token(adr_t *adr) 751 { 752 int count, i; 753 char c; 754 755 adrm_int32(adr, (int32_t *)&count, 1); 756 for (i = 1; i <= count; i++) { 757 adrm_char(adr, &c, 1); 758 while (c != (char)0) 759 adrm_char(adr, &c, 1); 760 } 761 /* no dump option here, since we will have variable length fields */ 762 return (-1); 763 } 764 765 int 766 path_attr_token(adr_t *adr) 767 { 768 return (strings_common_token(adr)); 769 } 770 771 int 772 exec_args_token(adr_t *adr) 773 { 774 return (strings_common_token(adr)); 775 } 776 777 int 778 exec_env_token(adr_t *adr) 779 { 780 return (strings_common_token(adr)); 781 } 782 783 /* 784 * Format of liaison token: 785 */ 786 int 787 liaison_token(adr_t *adr) 788 { 789 int32_t li; 790 791 adrm_int32(adr, &li, 1); 792 return (-1); 793 } 794 795 796 /* 797 * Format of path token: 798 * path adr_string 799 */ 800 int 801 path_token(adr_t *adr) 802 { 803 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 804 char *path; 805 806 get_string(adr, &path); 807 if (path[0] != '/') 808 /* 809 * anchor the path. user apps may not do it. 810 */ 811 anchor_path(path); 812 /* 813 * match against the collapsed path. that is what user sees. 814 */ 815 if (re_exec2(collapse_path(path)) == 1) 816 checkflags |= M_OBJECT; 817 free(path); 818 } else { 819 skip_string(adr); 820 } 821 return (-1); 822 } 823 824 825 /* 826 * Format of System V IPC permission token: 827 * System V IPC permission token id adr_char 828 * uid adr_int32 829 * gid adr_int32 830 * cuid adr_int32 831 * cgid adr_int32 832 * mode adr_int32 833 * seq adr_int32 834 * key adr_int32 835 */ 836 int 837 s5_IPC_perm_token(adr_t *adr) 838 { 839 int32_t uid, gid, cuid, cgid, mode, seq; 840 int32_t key; 841 842 adrm_int32(adr, &uid, 1); 843 adrm_int32(adr, &gid, 1); 844 adrm_int32(adr, &cuid, 1); 845 adrm_int32(adr, &cgid, 1); 846 adrm_int32(adr, &mode, 1); 847 adrm_int32(adr, &seq, 1); 848 adrm_int32(adr, &key, 1); 849 850 if (!new_mode && (flags & M_USERE)) { 851 if (m_usere == uid) 852 checkflags |= M_USERE; 853 } 854 855 if (!new_mode && (flags & M_USERE)) { 856 if (m_usere == cuid) 857 checkflags |= M_USERE; 858 } 859 860 if (!new_mode && (flags & M_GROUPR)) { 861 if (m_groupr == gid) 862 checkflags |= M_GROUPR; 863 } 864 865 if (!new_mode && (flags & M_GROUPR)) { 866 if (m_groupr == cgid) 867 checkflags |= M_GROUPR; 868 } 869 870 if ((flags & M_OBJECT) && 871 ((obj_owner == uid) || 872 (obj_owner == cuid) || 873 (obj_group == gid) || 874 (obj_group == cgid))) { 875 876 switch (obj_flag) { 877 case OBJ_MSGGROUP: 878 case OBJ_MSGOWNER: 879 if (ipc_type_match(OBJ_MSG, ipc_type)) 880 checkflags |= M_OBJECT; 881 break; 882 case OBJ_SEMGROUP: 883 case OBJ_SEMOWNER: 884 if (ipc_type_match(OBJ_SEM, ipc_type)) 885 checkflags |= M_OBJECT; 886 break; 887 case OBJ_SHMGROUP: 888 case OBJ_SHMOWNER: 889 if (ipc_type_match(OBJ_SHM, ipc_type)) 890 checkflags |= M_OBJECT; 891 break; 892 } 893 } 894 return (-1); 895 } 896 897 898 /* 899 * Format of process32 token: 900 * process token id adr_char 901 * auid adr_int32 902 * euid adr_int32 903 * egid adr_int32 904 * ruid adr_int32 905 * rgid adr_int32 906 * pid adr_int32 907 * sid adr_int32 908 * termid adr_int32*2 909 */ 910 int 911 process32_token(adr_t *adr) 912 { 913 int32_t auid, euid, egid, ruid, rgid, pid; 914 int32_t sid; 915 int32_t port, machine; 916 917 adrm_int32(adr, &auid, 1); 918 adrm_int32(adr, &euid, 1); 919 adrm_int32(adr, &egid, 1); 920 adrm_int32(adr, &ruid, 1); 921 adrm_int32(adr, &rgid, 1); 922 adrm_int32(adr, &pid, 1); 923 adrm_int32(adr, &sid, 1); 924 adrm_int32(adr, &port, 1); 925 adrm_int32(adr, &machine, 1); 926 927 if (!new_mode && (flags & M_USERA)) { 928 if (m_usera == auid) 929 checkflags |= M_USERA; 930 } 931 if (!new_mode && (flags & M_USERE)) { 932 if (m_usere == euid) 933 checkflags |= M_USERE; 934 } 935 if (!new_mode && (flags & M_USERR)) { 936 if (m_userr == ruid) 937 checkflags |= M_USERR; 938 } 939 if (!new_mode && (flags & M_GROUPR)) { 940 if (m_groupr == rgid) 941 checkflags |= M_GROUPR; 942 } 943 if (!new_mode && (flags & M_GROUPE)) { 944 if (m_groupe == egid) 945 checkflags |= M_GROUPE; 946 } 947 948 if (flags & M_OBJECT) { 949 if ((obj_flag & OBJ_PROC) && 950 (obj_id == pid)) { 951 checkflags |= M_OBJECT; 952 } else if ((obj_flag & OBJ_PGROUP) && 953 ((obj_group == egid) || 954 (obj_group == rgid))) { 955 checkflags |= M_OBJECT; 956 } else if ((obj_flag & OBJ_POWNER) && 957 ((obj_owner == euid) || 958 (obj_group == ruid))) { 959 checkflags |= M_OBJECT; 960 } 961 } 962 return (-1); 963 } 964 965 /* 966 * Format of process32_ex token: 967 * process token id adr_char 968 * auid adr_int32 969 * euid adr_int32 970 * egid adr_int32 971 * ruid adr_int32 972 * rgid adr_int32 973 * pid adr_int32 974 * sid adr_int32 975 * termid 976 * port adr_int32 977 * type adr_int32 978 * ip address adr_u_char*type 979 */ 980 int 981 process32_ex_token(adr_t *adr) 982 { 983 int32_t auid, euid, egid, ruid, rgid, pid; 984 int32_t sid; 985 int32_t port, type; 986 uchar_t addr[16]; 987 988 adrm_int32(adr, &auid, 1); 989 adrm_int32(adr, &euid, 1); 990 adrm_int32(adr, &egid, 1); 991 adrm_int32(adr, &ruid, 1); 992 adrm_int32(adr, &rgid, 1); 993 adrm_int32(adr, &pid, 1); 994 adrm_int32(adr, &sid, 1); 995 adrm_int32(adr, &port, 1); 996 adrm_int32(adr, &type, 1); 997 adrm_u_char(adr, addr, type); 998 999 if (!new_mode && (flags & M_USERA)) { 1000 if (m_usera == auid) 1001 checkflags = checkflags | M_USERA; 1002 } 1003 if (!new_mode && (flags & M_USERE)) { 1004 if (m_usere == euid) 1005 checkflags = checkflags | M_USERE; 1006 } 1007 if (!new_mode && (flags & M_USERR)) { 1008 if (m_userr == ruid) 1009 checkflags = checkflags | M_USERR; 1010 } 1011 if (!new_mode && (flags & M_GROUPR)) { 1012 if (m_groupr == egid) 1013 checkflags = checkflags | M_GROUPR; 1014 } 1015 if (!new_mode && (flags & M_GROUPE)) { 1016 if (m_groupe == egid) 1017 checkflags = checkflags | M_GROUPE; 1018 } 1019 1020 if (flags & M_OBJECT) { 1021 if ((obj_flag & OBJ_PROC) && 1022 (obj_id == pid)) { 1023 checkflags = checkflags | M_OBJECT; 1024 } else if ((obj_flag & OBJ_PGROUP) && 1025 ((obj_group == egid) || 1026 (obj_group == rgid))) { 1027 checkflags = checkflags | M_OBJECT; 1028 } else if ((obj_flag & OBJ_POWNER) && 1029 ((obj_owner == euid) || 1030 (obj_group == ruid))) { 1031 checkflags = checkflags | M_OBJECT; 1032 } 1033 } 1034 return (-1); 1035 } 1036 1037 /* 1038 * Format of process64 token: 1039 * process token id adr_char 1040 * auid adr_int32 1041 * euid adr_int32 1042 * egid adr_int32 1043 * ruid adr_int32 1044 * rgid adr_int32 1045 * pid adr_int32 1046 * sid adr_int32 1047 * termid adr_int64+adr_int32 1048 */ 1049 int 1050 process64_token(adr_t *adr) 1051 { 1052 int32_t auid, euid, egid, ruid, rgid, pid; 1053 int32_t sid; 1054 int64_t port; 1055 int32_t machine; 1056 1057 adrm_int32(adr, &auid, 1); 1058 adrm_int32(adr, &euid, 1); 1059 adrm_int32(adr, &egid, 1); 1060 adrm_int32(adr, &ruid, 1); 1061 adrm_int32(adr, &rgid, 1); 1062 adrm_int32(adr, &pid, 1); 1063 adrm_int32(adr, &sid, 1); 1064 adrm_int64(adr, &port, 1); 1065 adrm_int32(adr, &machine, 1); 1066 1067 if (!new_mode && (flags & M_USERA)) { 1068 if (m_usera == auid) 1069 checkflags |= M_USERA; 1070 } 1071 if (!new_mode && (flags & M_USERE)) { 1072 if (m_usere == euid) 1073 checkflags |= M_USERE; 1074 } 1075 if (!new_mode && (flags & M_USERR)) { 1076 if (m_userr == ruid) 1077 checkflags |= M_USERR; 1078 } 1079 if (!new_mode && (flags & M_GROUPR)) { 1080 if (m_groupr == rgid) 1081 checkflags |= M_GROUPR; 1082 } 1083 if (!new_mode && (flags & M_GROUPE)) { 1084 if (m_groupe == egid) 1085 checkflags |= M_GROUPE; 1086 } 1087 1088 if (flags & M_OBJECT) { 1089 if ((obj_flag & OBJ_PROC) && 1090 (obj_id == pid)) { 1091 checkflags |= M_OBJECT; 1092 } else if ((obj_flag & OBJ_PGROUP) && 1093 ((obj_group == egid) || 1094 (obj_group == rgid))) { 1095 checkflags |= M_OBJECT; 1096 } else if ((obj_flag & OBJ_POWNER) && 1097 ((obj_owner == euid) || 1098 (obj_group == ruid))) { 1099 checkflags |= M_OBJECT; 1100 } 1101 } 1102 return (-1); 1103 } 1104 1105 /* 1106 * Format of process64_ex token: 1107 * process token id adr_char 1108 * auid adr_int32 1109 * euid adr_int32 1110 * egid adr_int32 1111 * ruid adr_int32 1112 * rgid adr_int32 1113 * pid adr_int32 1114 * sid adr_int32 1115 * termid 1116 * port adr_int64 1117 * type adr_int32 1118 * ip address adr_u_char*type 1119 */ 1120 int 1121 process64_ex_token(adr_t *adr) 1122 { 1123 int32_t auid, euid, egid, ruid, rgid, pid; 1124 int32_t sid; 1125 int64_t port; 1126 int32_t type; 1127 uchar_t addr[16]; 1128 1129 adrm_int32(adr, &auid, 1); 1130 adrm_int32(adr, &euid, 1); 1131 adrm_int32(adr, &egid, 1); 1132 adrm_int32(adr, &ruid, 1); 1133 adrm_int32(adr, &rgid, 1); 1134 adrm_int32(adr, &pid, 1); 1135 adrm_int32(adr, &sid, 1); 1136 adrm_int64(adr, &port, 1); 1137 adrm_int32(adr, &type, 1); 1138 adrm_u_char(adr, addr, type); 1139 1140 if (!new_mode && (flags & M_USERA)) { 1141 if (m_usera == auid) 1142 checkflags = checkflags | M_USERA; 1143 } 1144 if (!new_mode && (flags & M_USERE)) { 1145 if (m_usere == euid) 1146 checkflags = checkflags | M_USERE; 1147 } 1148 if (!new_mode && (flags & M_USERR)) { 1149 if (m_userr == ruid) 1150 checkflags = checkflags | M_USERR; 1151 } 1152 if (!new_mode && (flags & M_GROUPR)) { 1153 if (m_groupr == egid) 1154 checkflags = checkflags | M_GROUPR; 1155 } 1156 if (!new_mode && (flags & M_GROUPE)) { 1157 if (m_groupe == egid) 1158 checkflags = checkflags | M_GROUPE; 1159 } 1160 1161 if (flags & M_OBJECT) { 1162 if ((obj_flag & OBJ_PROC) && 1163 (obj_id == pid)) { 1164 checkflags = checkflags | M_OBJECT; 1165 } else if ((obj_flag & OBJ_PGROUP) && 1166 ((obj_group == egid) || 1167 (obj_group == rgid))) { 1168 checkflags = checkflags | M_OBJECT; 1169 } else if ((obj_flag & OBJ_POWNER) && 1170 ((obj_owner == euid) || 1171 (obj_group == ruid))) { 1172 checkflags = checkflags | M_OBJECT; 1173 } 1174 } 1175 return (-1); 1176 } 1177 1178 /* 1179 * Format of System V IPC token: 1180 * System V IPC token id adr_char 1181 * object id adr_int32 1182 * 1183 */ 1184 int 1185 s5_IPC_token(adr_t *adr) 1186 { 1187 int32_t ipc_id; 1188 1189 adrm_char(adr, &ipc_type, 1); /* Global */ 1190 adrm_int32(adr, &ipc_id, 1); 1191 1192 if ((flags & M_OBJECT) && 1193 ipc_type_match(obj_flag, ipc_type) && 1194 (obj_id == ipc_id)) 1195 checkflags |= M_OBJECT; 1196 1197 return (-1); 1198 } 1199 1200 1201 /* 1202 * Format of socket token: 1203 * socket_type adrm_short 1204 * remote_port adrm_short 1205 * remote_inaddr adrm_int32 1206 * 1207 */ 1208 int 1209 socket_token(adr_t *adr) 1210 { 1211 short socket_type; 1212 short remote_port; 1213 int32_t remote_inaddr; 1214 1215 adrm_short(adr, &socket_type, 1); 1216 adrm_short(adr, &remote_port, 1); 1217 adrm_char(adr, (char *)&remote_inaddr, 4); 1218 1219 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1220 if (socket_flag == SOCKFLG_MACHINE) { 1221 if (remote_inaddr == obj_id) 1222 checkflags |= M_OBJECT; 1223 } else if (socket_flag == SOCKFLG_PORT) { 1224 if (remote_port == obj_id) 1225 checkflags |= M_OBJECT; 1226 } 1227 } 1228 return (-1); 1229 } 1230 1231 1232 /* 1233 * Format of socket_ex token: 1234 * socket_domain adrm_short 1235 * socket_type adrm_short 1236 * address_type adrm_short 1237 * local_port adrm_short 1238 * local_inaddr adrm_u_char*address_type 1239 * remote_port adrm_short 1240 * remote_inaddr adrm_u_char*address_type 1241 */ 1242 int 1243 socket_ex_token(adr_t *adr) 1244 { 1245 short socket_domain; 1246 short socket_type; 1247 short ip_size; 1248 short local_port; 1249 uchar_t local_inaddr[16]; 1250 short remote_port; 1251 uchar_t remote_inaddr[16]; 1252 uchar_t *caddr = (uchar_t *)&obj_id; 1253 1254 adrm_short(adr, &socket_domain, 1); 1255 adrm_short(adr, &socket_type, 1); 1256 adrm_short(adr, &ip_size, 1); 1257 1258 /* validate ip size */ 1259 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1260 return (0); 1261 1262 adrm_short(adr, &local_port, 1); 1263 adrm_char(adr, (char *)local_inaddr, ip_size); 1264 1265 adrm_short(adr, &remote_port, 1); 1266 adrm_char(adr, (char *)remote_inaddr, ip_size); 1267 1268 /* if IP type mis-match, then nothing to do */ 1269 if (ip_size != ip_type) 1270 return (-1); 1271 1272 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1273 if (socket_flag == SOCKFLG_MACHINE) { 1274 if (ip_type == AU_IPv6) { 1275 caddr = (uchar_t *)ip_ipv6; 1276 } 1277 if ((memcmp(local_inaddr, caddr, ip_type) == 0) || 1278 (memcmp(remote_inaddr, caddr, ip_type) == 0)) { 1279 checkflags |= M_OBJECT; 1280 } 1281 } else if (socket_flag == SOCKFLG_PORT) { 1282 if ((local_port == obj_id) || (remote_port == obj_id)) { 1283 checkflags |= M_OBJECT; 1284 } 1285 } 1286 } 1287 return (-1); 1288 } 1289 1290 1291 /* 1292 * Format of subject32 token: 1293 * subject token id adr_char 1294 * auid adr_int32 1295 * euid adr_int32 1296 * egid adr_int32 1297 * ruid adr_int32 1298 * rgid adr_int32 1299 * pid adr_int32 1300 * sid adr_int32 1301 * termid adr_int32*2 1302 */ 1303 int 1304 subject32_token(adr_t *adr) 1305 { 1306 int32_t auid, euid, egid, ruid, rgid, pid; 1307 int32_t sid; 1308 int32_t port, machine; 1309 1310 adrm_int32(adr, &auid, 1); 1311 adrm_int32(adr, &euid, 1); 1312 adrm_int32(adr, &egid, 1); 1313 adrm_int32(adr, &ruid, 1); 1314 adrm_int32(adr, &rgid, 1); 1315 adrm_int32(adr, &pid, 1); 1316 adrm_int32(adr, &sid, 1); 1317 adrm_int32(adr, &port, 1); 1318 adrm_int32(adr, &machine, 1); 1319 1320 if (flags & M_SUBJECT) { 1321 if (subj_id == pid) 1322 checkflags |= M_SUBJECT; 1323 } 1324 if (flags & M_USERA) { 1325 if (m_usera == auid) 1326 checkflags |= M_USERA; 1327 } 1328 if (flags & M_USERE) { 1329 if (m_usere == euid) 1330 checkflags |= M_USERE; 1331 } 1332 if (flags & M_USERR) { 1333 if (m_userr == ruid) 1334 checkflags |= M_USERR; 1335 } 1336 if (flags & M_GROUPR) { 1337 if (m_groupr == rgid) 1338 checkflags |= M_GROUPR; 1339 } 1340 if (flags & M_GROUPE) { 1341 if (m_groupe == egid) 1342 checkflags |= M_GROUPE; 1343 } 1344 if (flags & M_SID) { 1345 if (m_sid == (au_asid_t)sid) 1346 checkflags |= M_SID; 1347 } 1348 return (-1); 1349 } 1350 1351 /* 1352 * Format of subject32_ex token: 1353 * subject token id adr_char 1354 * auid adr_int32 1355 * euid adr_int32 1356 * egid adr_int32 1357 * ruid adr_int32 1358 * rgid adr_int32 1359 * pid adr_int32 1360 * sid adr_int32 1361 * termid 1362 * port adr_int32 1363 * type adr_int32 1364 * ip address adr_u_char*type 1365 */ 1366 int 1367 subject32_ex_token(adr_t *adr) 1368 { 1369 int32_t auid, euid, egid, ruid, rgid, pid; 1370 int32_t sid; 1371 int32_t port, type; 1372 uchar_t addr[16]; 1373 1374 adrm_int32(adr, &auid, 1); 1375 adrm_int32(adr, &euid, 1); 1376 adrm_int32(adr, &egid, 1); 1377 adrm_int32(adr, &ruid, 1); 1378 adrm_int32(adr, &rgid, 1); 1379 adrm_int32(adr, &pid, 1); 1380 adrm_int32(adr, &sid, 1); 1381 adrm_int32(adr, &port, 1); 1382 adrm_int32(adr, &type, 1); 1383 adrm_u_char(adr, addr, type); 1384 1385 if (flags & M_SUBJECT) { 1386 if (subj_id == pid) 1387 checkflags = checkflags | M_SUBJECT; 1388 } 1389 if (flags & M_USERA) { 1390 if (m_usera == auid) 1391 checkflags = checkflags | M_USERA; 1392 } 1393 if (flags & M_USERE) { 1394 if (m_usere == euid) 1395 checkflags = checkflags | M_USERE; 1396 } 1397 if (flags & M_USERR) { 1398 if (m_userr == ruid) 1399 checkflags = checkflags | M_USERR; 1400 } 1401 if (flags & M_GROUPR) { 1402 if (m_groupr == egid) 1403 checkflags = checkflags | M_GROUPR; 1404 } 1405 if (flags & M_GROUPE) { 1406 if (m_groupe == egid) 1407 checkflags = checkflags | M_GROUPE; 1408 } 1409 if (flags & M_SID) { 1410 if (m_sid == (au_asid_t)sid) 1411 checkflags = checkflags | M_SID; 1412 } 1413 return (-1); 1414 } 1415 1416 /* 1417 * Format of subject64 token: 1418 * subject token id adr_char 1419 * auid adr_int32 1420 * euid adr_int32 1421 * egid adr_int32 1422 * ruid adr_int32 1423 * rgid adr_int32 1424 * pid adr_int32 1425 * sid adr_int32 1426 * termid adr_int64+adr_int32 1427 */ 1428 int 1429 subject64_token(adr_t *adr) 1430 { 1431 int32_t auid, euid, egid, ruid, rgid, pid; 1432 int32_t sid; 1433 int64_t port; 1434 int32_t machine; 1435 1436 adrm_int32(adr, &auid, 1); 1437 adrm_int32(adr, &euid, 1); 1438 adrm_int32(adr, &egid, 1); 1439 adrm_int32(adr, &ruid, 1); 1440 adrm_int32(adr, &rgid, 1); 1441 adrm_int32(adr, &pid, 1); 1442 adrm_int32(adr, &sid, 1); 1443 adrm_int64(adr, &port, 1); 1444 adrm_int32(adr, &machine, 1); 1445 1446 if (flags & M_SUBJECT) { 1447 if (subj_id == pid) 1448 checkflags |= M_SUBJECT; 1449 } 1450 if (flags & M_USERA) { 1451 if (m_usera == auid) 1452 checkflags |= M_USERA; 1453 } 1454 if (flags & M_USERE) { 1455 if (m_usere == euid) 1456 checkflags |= M_USERE; 1457 } 1458 if (flags & M_USERR) { 1459 if (m_userr == ruid) 1460 checkflags |= M_USERR; 1461 } 1462 if (flags & M_GROUPR) { 1463 if (m_groupr == rgid) 1464 checkflags |= M_GROUPR; 1465 } 1466 if (flags & M_GROUPE) { 1467 if (m_groupe == egid) 1468 checkflags |= M_GROUPE; 1469 } 1470 if (flags & M_SID) { 1471 if (m_sid == (au_asid_t)sid) 1472 checkflags |= M_SID; 1473 } 1474 return (-1); 1475 } 1476 1477 /* 1478 * Format of subject64_ex token: 1479 * subject token id adr_char 1480 * auid adr_int32 1481 * euid adr_int32 1482 * egid adr_int32 1483 * ruid adr_int32 1484 * rgid adr_int32 1485 * pid adr_int32 1486 * sid adr_int32 1487 * termid 1488 * port adr_int64 1489 * type adr_int32 1490 * ip address adr_u_char*type 1491 */ 1492 int 1493 subject64_ex_token(adr_t *adr) 1494 { 1495 int32_t auid, euid, egid, ruid, rgid, pid; 1496 int32_t sid; 1497 int64_t port; 1498 int32_t type; 1499 uchar_t addr[16]; 1500 1501 adrm_int32(adr, &auid, 1); 1502 adrm_int32(adr, &euid, 1); 1503 adrm_int32(adr, &egid, 1); 1504 adrm_int32(adr, &ruid, 1); 1505 adrm_int32(adr, &rgid, 1); 1506 adrm_int32(adr, &pid, 1); 1507 adrm_int32(adr, &sid, 1); 1508 adrm_int64(adr, &port, 1); 1509 adrm_int32(adr, &type, 1); 1510 adrm_u_char(adr, addr, type); 1511 1512 if (flags & M_SUBJECT) { 1513 if (subj_id == pid) 1514 checkflags = checkflags | M_SUBJECT; 1515 } 1516 if (flags & M_USERA) { 1517 if (m_usera == auid) 1518 checkflags = checkflags | M_USERA; 1519 } 1520 if (flags & M_USERE) { 1521 if (m_usere == euid) 1522 checkflags = checkflags | M_USERE; 1523 } 1524 if (flags & M_USERR) { 1525 if (m_userr == ruid) 1526 checkflags = checkflags | M_USERR; 1527 } 1528 if (flags & M_GROUPR) { 1529 if (m_groupr == egid) 1530 checkflags = checkflags | M_GROUPR; 1531 } 1532 if (flags & M_GROUPE) { 1533 if (m_groupe == egid) 1534 checkflags = checkflags | M_GROUPE; 1535 } 1536 if (flags & M_SID) { 1537 if (m_sid == (au_asid_t)sid) 1538 checkflags = checkflags | M_SID; 1539 } 1540 return (-1); 1541 } 1542 1543 /* 1544 * ----------------------------------------------------------------------- 1545 * tid_token(): Process tid token and display contents 1546 * 1547 * Format of tid token: 1548 * tid token id adr_char 1549 * address type adr_char 1550 * For address type of AU_IPADR... 1551 * remote port adr_short 1552 * local port adr_short 1553 * IP type adr_int32 1554 * IP addr adr_int32 if IPv4 1555 * IP addr 4 x adr_int32 if IPv6 1556 * address types other than AU_IPADR are not yet defined 1557 * ----------------------------------------------------------------------- 1558 */ 1559 int 1560 tid_token(adr_t *adr) 1561 { 1562 int32_t address[4]; 1563 int32_t ip_type; 1564 char tid_type; 1565 short rport; 1566 short lport; 1567 1568 adrm_char(adr, &tid_type, 1); 1569 switch (tid_type) { 1570 case AU_IPADR: 1571 adrm_short(adr, &rport, 1); 1572 adrm_short(adr, &lport, 1); 1573 adrm_int32(adr, &ip_type, 1); 1574 adrm_char(adr, (char *)&address, ip_type); 1575 break; 1576 default: 1577 return (0); 1578 } 1579 return (-1); 1580 } 1581 1582 /* 1583 * ----------------------------------------------------------------------- 1584 * zonename_token(): Process zonename token and display contents 1585 * 1586 * Format of zonename token: 1587 * zonename token id adr_char 1588 * zone name adr_string 1589 * ----------------------------------------------------------------------- 1590 */ 1591 int 1592 zonename_token(adr_t *adr) 1593 { 1594 char *name; 1595 1596 if (flags & M_ZONENAME) { 1597 get_string(adr, &name); 1598 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1599 checkflags |= M_ZONENAME; 1600 free(name); 1601 } else { 1602 skip_string(adr); 1603 } 1604 return (-1); 1605 } 1606 1607 /* 1608 * fmri_token(): 1609 * 1610 * Format of fmri token: 1611 * fmri adr_string 1612 */ 1613 int 1614 fmri_token(adr_t *adr) 1615 { 1616 if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) { 1617 char *fmri_name; 1618 1619 get_string(adr, &fmri_name); 1620 1621 /* match token against service instance */ 1622 if (scf_cmp_pattern(fmri_name, &fmri) == 1) { 1623 checkflags |= M_OBJECT; 1624 } 1625 free(fmri_name); 1626 } else { 1627 skip_string(adr); 1628 } 1629 return (-1); 1630 } 1631 1632 /* 1633 * Format of xatom token: 1634 */ 1635 int 1636 xatom_token(adr_t *adr) 1637 { 1638 skip_string(adr); 1639 1640 return (-1); 1641 } 1642 1643 /* 1644 * Format of xselect token: 1645 */ 1646 int 1647 xselect_token(adr_t *adr) 1648 { 1649 skip_string(adr); 1650 skip_string(adr); 1651 skip_string(adr); 1652 1653 return (-1); 1654 } 1655 1656 /* 1657 * anchor a path name with a slash 1658 * assume we have enough space 1659 */ 1660 void 1661 anchor_path(char *path) 1662 { 1663 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1664 *path = '/'; 1665 } 1666 1667 1668 /* 1669 * copy path to collapsed path. 1670 * collapsed path does not contain: 1671 * successive slashes 1672 * instances of dot-slash 1673 * instances of dot-dot-slash 1674 * passed path must be anchored with a '/' 1675 */ 1676 char * 1677 collapse_path(char *s) 1678 { 1679 int id; /* index of where we are in destination string */ 1680 int is; /* index of where we are in source string */ 1681 int slashseen; /* have we seen a slash */ 1682 int ls; /* length of source string */ 1683 1684 ls = strlen(s) + 1; 1685 1686 slashseen = 0; 1687 for (is = 0, id = 0; is < ls; is++) { 1688 /* thats all folks, we've reached the end of input */ 1689 if (s[is] == '\0') { 1690 if (id > 1 && s[id-1] == '/') { 1691 --id; 1692 } 1693 s[id++] = '\0'; 1694 break; 1695 } 1696 /* previous character was a / */ 1697 if (slashseen) { 1698 if (s[is] == '/') 1699 continue; /* another slash, ignore it */ 1700 } else if (s[is] == '/') { 1701 /* we see a /, just copy it and try again */ 1702 slashseen = 1; 1703 s[id++] = '/'; 1704 continue; 1705 } 1706 /* /./ seen */ 1707 if (s[is] == '.' && s[is+1] == '/') { 1708 is += 1; 1709 continue; 1710 } 1711 /* XXX/. seen */ 1712 if (s[is] == '.' && s[is+1] == '\0') { 1713 if (id > 1) 1714 id--; 1715 continue; 1716 } 1717 /* XXX/.. seen */ 1718 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1719 is += 1; 1720 if (id > 0) 1721 id--; 1722 while (id > 0 && s[--id] != '/') 1723 ; 1724 id++; 1725 continue; 1726 } 1727 /* XXX/../ seen */ 1728 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1729 is += 2; 1730 if (id > 0) 1731 id--; 1732 while (id > 0 && s[--id] != '/') 1733 ; 1734 id++; 1735 continue; 1736 } 1737 while (is < ls && (s[id++] = s[is++]) != '/') 1738 ; 1739 is--; 1740 } 1741 return (s); 1742 } 1743 1744 1745 int 1746 ipc_type_match(int flag, char type) 1747 { 1748 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1749 return (1); 1750 1751 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1752 return (1); 1753 1754 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1755 return (1); 1756 1757 return (0); 1758 } 1759 1760 1761 void 1762 skip_string(adr_t *adr) 1763 { 1764 ushort_t c; 1765 1766 adrm_u_short(adr, &c, 1); 1767 adr->adr_now += c; 1768 } 1769 1770 1771 void 1772 get_string(adr_t *adr, char **p) 1773 { 1774 ushort_t c; 1775 1776 adrm_u_short(adr, &c, 1); 1777 *p = a_calloc(1, (size_t)c); 1778 adrm_char(adr, *p, c); 1779 } 1780 1781 1782 /* 1783 * Format of host token: 1784 * host ard_uint32 1785 */ 1786 int 1787 host_token(adr_t *adr) 1788 { 1789 uint32_t host; 1790 1791 adrm_u_int32(adr, &host, 1); 1792 1793 return (-1); 1794 } 1795 1796 /* 1797 * Format of useofauth token: 1798 * uauth token id adr_char 1799 * uauth adr_string 1800 */ 1801 int 1802 useofauth_token(adr_t *adr) 1803 { 1804 skip_string(adr); 1805 return (-1); 1806 } 1807 1808 int 1809 xcolormap_token(adr_t *adr) 1810 { 1811 return (xgeneric(adr)); 1812 } 1813 1814 int 1815 xcursor_token(adr_t *adr) 1816 { 1817 return (xgeneric(adr)); 1818 } 1819 1820 int 1821 xfont_token(adr_t *adr) 1822 { 1823 return (xgeneric(adr)); 1824 } 1825 1826 int 1827 xgc_token(adr_t *adr) 1828 { 1829 return (xgeneric(adr)); 1830 } 1831 1832 int 1833 xpixmap_token(adr_t *adr) 1834 { 1835 return (xgeneric(adr)); 1836 } 1837 1838 int 1839 xwindow_token(adr_t *adr) 1840 { 1841 return (xgeneric(adr)); 1842 } 1843 1844 1845 /* 1846 * Format of xgeneric token: 1847 * XID adr_int32 1848 * creator UID adr_int32 1849 * 1850 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1851 */ 1852 int 1853 xgeneric(adr_t *adr) 1854 { 1855 int32_t xid; 1856 int32_t uid; 1857 1858 adrm_int32(adr, &xid, 1); 1859 adrm_int32(adr, &uid, 1); 1860 1861 if (flags & M_USERE) { 1862 if (m_usere == uid) 1863 checkflags = checkflags | M_USERE; 1864 } 1865 1866 return (-1); 1867 } 1868 1869 1870 /* 1871 * Format of xproperty token: 1872 * XID adr_int32 1873 * creator UID adr_int32 1874 * atom string adr_string 1875 */ 1876 int 1877 xproperty_token(adr_t *adr) 1878 { 1879 int32_t xid; 1880 int32_t uid; 1881 1882 adrm_int32(adr, &xid, 1); 1883 adrm_int32(adr, &uid, 1); 1884 skip_string(adr); 1885 1886 if (flags & M_USERE) { 1887 if (m_usere == uid) 1888 checkflags = checkflags | M_USERE; 1889 } 1890 1891 return (-1); 1892 } 1893 1894 1895 /* 1896 * Format of xclient token: 1897 * xclient id adr_int32 1898 */ 1899 int 1900 xclient_token(adr_t *adr) 1901 { 1902 int32_t client_id; 1903 1904 adrm_int32(adr, &client_id, 1); 1905 1906 return (-1); 1907 } 1908 1909 /* 1910 * Format of privilege set token: 1911 * priv_set type string 1912 * priv_set string 1913 */ 1914 1915 int 1916 privilege_token(adr_t *adr) 1917 { 1918 skip_string(adr); /* set type name */ 1919 skip_string(adr); /* privilege set */ 1920 return (-1); 1921 } 1922 1923 /* 1924 * Format of label token: 1925 * label ID 1 byte 1926 * compartment length 1 byte 1927 * classification 2 bytes 1928 * compartment words <compartment length> * 4 bytes 1929 */ 1930 int 1931 label_token(adr_t *adr) 1932 { 1933 static m_label_t *label = NULL; 1934 static size32_t l_size; 1935 int len; 1936 1937 if (label == NULL) { 1938 label = m_label_alloc(MAC_LABEL); 1939 l_size = blabel_size() - 4; 1940 } 1941 1942 if (label == NULL) { 1943 /* out of memory, should never happen; skip label */ 1944 char l; /* length */ 1945 1946 adr->adr_now += sizeof (char); 1947 adrm_char(adr, (char *)&l, 1); 1948 adr->adr_now += sizeof (short) + (4 * l); 1949 return (-1); 1950 } 1951 1952 adrm_char(adr, (char *)label, 4); 1953 len = (int)(((char *)label)[1] * 4); 1954 if (len > l_size) { 1955 return (-1); 1956 } 1957 adrm_char(adr, &((char *)label)[4], len); 1958 1959 if (flags & M_LABEL) { 1960 if (blinrange(label, m_label)) 1961 checkflags = checkflags | M_LABEL; 1962 } 1963 1964 return (-1); 1965 } 1966 1967 1968 /* 1969 * Format of useofpriv token: 1970 * success/failure adr_char 1971 * privilege(s) adr_string 1972 */ 1973 /* ARGSUSED */ 1974 int 1975 useofpriv_token(adr_t *adr) 1976 { 1977 char flag; 1978 1979 adrm_char(adr, &flag, 1); 1980 skip_string(adr); 1981 return (-1); 1982 } 1983