1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate /* 30*7c478bd9Sstevel@tonic-gate * Token processing for auditreduce. 31*7c478bd9Sstevel@tonic-gate */ 32*7c478bd9Sstevel@tonic-gate 33*7c478bd9Sstevel@tonic-gate #include <locale.h> 34*7c478bd9Sstevel@tonic-gate #include <sys/zone.h> 35*7c478bd9Sstevel@tonic-gate #include "auditr.h" 36*7c478bd9Sstevel@tonic-gate #include "toktable.h" 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gate extern int re_exec2(char *); 39*7c478bd9Sstevel@tonic-gate 40*7c478bd9Sstevel@tonic-gate static void anchor_path(char *path); 41*7c478bd9Sstevel@tonic-gate static char *collapse_path(char *s); 42*7c478bd9Sstevel@tonic-gate static void get_string(adr_t *adr, char **p); 43*7c478bd9Sstevel@tonic-gate static int ipc_type_match(int flag, char type); 44*7c478bd9Sstevel@tonic-gate static void skip_string(adr_t *adr); 45*7c478bd9Sstevel@tonic-gate static int xgeneric(adr_t *adr); 46*7c478bd9Sstevel@tonic-gate 47*7c478bd9Sstevel@tonic-gate #if AUDIT_REC 48*7c478bd9Sstevel@tonic-gate void 49*7c478bd9Sstevel@tonic-gate print_id(int id) 50*7c478bd9Sstevel@tonic-gate { 51*7c478bd9Sstevel@tonic-gate char *suffix; 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate if ((id < 0) || (id > MAXTOKEN) || 54*7c478bd9Sstevel@tonic-gate (tokentable[id].func == NOFUNC)) { 55*7c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 56*7c478bd9Sstevel@tonic-gate "token_processing: token %d not found\n", id); 57*7c478bd9Sstevel@tonic-gate return; 58*7c478bd9Sstevel@tonic-gate } 59*7c478bd9Sstevel@tonic-gate 60*7c478bd9Sstevel@tonic-gate switch (id) { 61*7c478bd9Sstevel@tonic-gate case AUT_NEWGROUPS: 62*7c478bd9Sstevel@tonic-gate suffix = "_new"; 63*7c478bd9Sstevel@tonic-gate break; 64*7c478bd9Sstevel@tonic-gate case AUT_ATTR32: 65*7c478bd9Sstevel@tonic-gate suffix = "32"; 66*7c478bd9Sstevel@tonic-gate break; 67*7c478bd9Sstevel@tonic-gate case AUT_ARG64: 68*7c478bd9Sstevel@tonic-gate case AUT_RETURN64: 69*7c478bd9Sstevel@tonic-gate case AUT_ATTR64: 70*7c478bd9Sstevel@tonic-gate case AUT_HEADER64: 71*7c478bd9Sstevel@tonic-gate case AUT_SUBJECT64: 72*7c478bd9Sstevel@tonic-gate case AUT_PROCESS64: 73*7c478bd9Sstevel@tonic-gate case AUT_OTHER_FILE64: 74*7c478bd9Sstevel@tonic-gate suffix = "64"; 75*7c478bd9Sstevel@tonic-gate break; 76*7c478bd9Sstevel@tonic-gate case AUT_SOCKET_EX: 77*7c478bd9Sstevel@tonic-gate case AUT_IN_ADDR_EX: 78*7c478bd9Sstevel@tonic-gate suffix = "_ex"; 79*7c478bd9Sstevel@tonic-gate break; 80*7c478bd9Sstevel@tonic-gate case AUT_HEADER32_EX: 81*7c478bd9Sstevel@tonic-gate case AUT_SUBJECT32_EX: 82*7c478bd9Sstevel@tonic-gate case AUT_PROCESS32_EX: 83*7c478bd9Sstevel@tonic-gate suffix = "32_ex"; 84*7c478bd9Sstevel@tonic-gate break; 85*7c478bd9Sstevel@tonic-gate case AUT_HEADER64_EX: 86*7c478bd9Sstevel@tonic-gate case AUT_SUBJECT64_EX: 87*7c478bd9Sstevel@tonic-gate case AUT_PROCESS64_EX: 88*7c478bd9Sstevel@tonic-gate suffix = "64_ex"; 89*7c478bd9Sstevel@tonic-gate break; 90*7c478bd9Sstevel@tonic-gate default: 91*7c478bd9Sstevel@tonic-gate suffix = ""; 92*7c478bd9Sstevel@tonic-gate break; 93*7c478bd9Sstevel@tonic-gate } 94*7c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "token_processing: %s%s\n", 95*7c478bd9Sstevel@tonic-gate tokentable[id].t_name, suffix); 96*7c478bd9Sstevel@tonic-gate } 97*7c478bd9Sstevel@tonic-gate #endif /* AUDIT_REC */ 98*7c478bd9Sstevel@tonic-gate 99*7c478bd9Sstevel@tonic-gate /* 100*7c478bd9Sstevel@tonic-gate * Process a token in a record to determine whether the record is interesting. 101*7c478bd9Sstevel@tonic-gate */ 102*7c478bd9Sstevel@tonic-gate 103*7c478bd9Sstevel@tonic-gate int 104*7c478bd9Sstevel@tonic-gate token_processing(adr_t *adr, int tokenid) 105*7c478bd9Sstevel@tonic-gate { 106*7c478bd9Sstevel@tonic-gate if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 107*7c478bd9Sstevel@tonic-gate (tokentable[tokenid].func != NOFUNC)) { 108*7c478bd9Sstevel@tonic-gate #if AUDIT_REC 109*7c478bd9Sstevel@tonic-gate print_id(tokenid); 110*7c478bd9Sstevel@tonic-gate #endif /* AUDIT_REC */ 111*7c478bd9Sstevel@tonic-gate return ((*tokentable[tokenid].func)(adr)); 112*7c478bd9Sstevel@tonic-gate } 113*7c478bd9Sstevel@tonic-gate 114*7c478bd9Sstevel@tonic-gate /* here if token id is not in table */ 115*7c478bd9Sstevel@tonic-gate return (-2); 116*7c478bd9Sstevel@tonic-gate } 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate 119*7c478bd9Sstevel@tonic-gate /* There should not be any file or header tokens in the middle of a record */ 120*7c478bd9Sstevel@tonic-gate 121*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 122*7c478bd9Sstevel@tonic-gate int 123*7c478bd9Sstevel@tonic-gate file_token(adr_t *adr) 124*7c478bd9Sstevel@tonic-gate { 125*7c478bd9Sstevel@tonic-gate return (-2); 126*7c478bd9Sstevel@tonic-gate } 127*7c478bd9Sstevel@tonic-gate 128*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 129*7c478bd9Sstevel@tonic-gate int 130*7c478bd9Sstevel@tonic-gate file64_token(adr_t *adr) 131*7c478bd9Sstevel@tonic-gate { 132*7c478bd9Sstevel@tonic-gate return (-2); 133*7c478bd9Sstevel@tonic-gate } 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 136*7c478bd9Sstevel@tonic-gate int 137*7c478bd9Sstevel@tonic-gate header_token(adr_t *adr) 138*7c478bd9Sstevel@tonic-gate { 139*7c478bd9Sstevel@tonic-gate return (-2); 140*7c478bd9Sstevel@tonic-gate } 141*7c478bd9Sstevel@tonic-gate 142*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 143*7c478bd9Sstevel@tonic-gate int 144*7c478bd9Sstevel@tonic-gate header32_ex_token(adr_t *adr) 145*7c478bd9Sstevel@tonic-gate { 146*7c478bd9Sstevel@tonic-gate return (-2); 147*7c478bd9Sstevel@tonic-gate } 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 150*7c478bd9Sstevel@tonic-gate int 151*7c478bd9Sstevel@tonic-gate header64_ex_token(adr_t *adr) 152*7c478bd9Sstevel@tonic-gate { 153*7c478bd9Sstevel@tonic-gate return (-2); 154*7c478bd9Sstevel@tonic-gate } 155*7c478bd9Sstevel@tonic-gate 156*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 157*7c478bd9Sstevel@tonic-gate int 158*7c478bd9Sstevel@tonic-gate header64_token(adr_t *adr) 159*7c478bd9Sstevel@tonic-gate { 160*7c478bd9Sstevel@tonic-gate return (-2); 161*7c478bd9Sstevel@tonic-gate } 162*7c478bd9Sstevel@tonic-gate 163*7c478bd9Sstevel@tonic-gate 164*7c478bd9Sstevel@tonic-gate /* 165*7c478bd9Sstevel@tonic-gate * ====================================================== 166*7c478bd9Sstevel@tonic-gate * The following token processing routines return 167*7c478bd9Sstevel@tonic-gate * -1: if the record is not interesting 168*7c478bd9Sstevel@tonic-gate * -2: if an error is found 169*7c478bd9Sstevel@tonic-gate * ====================================================== 170*7c478bd9Sstevel@tonic-gate */ 171*7c478bd9Sstevel@tonic-gate 172*7c478bd9Sstevel@tonic-gate int 173*7c478bd9Sstevel@tonic-gate trailer_token(adr_t *adr) 174*7c478bd9Sstevel@tonic-gate { 175*7c478bd9Sstevel@tonic-gate short magic_number; 176*7c478bd9Sstevel@tonic-gate uint32_t bytes; 177*7c478bd9Sstevel@tonic-gate 178*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, (ushort_t *)&magic_number, 1); 179*7c478bd9Sstevel@tonic-gate if (magic_number != AUT_TRAILER_MAGIC) { 180*7c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", 181*7c478bd9Sstevel@tonic-gate gettext("auditreduce: Bad trailer token")); 182*7c478bd9Sstevel@tonic-gate return (-2); 183*7c478bd9Sstevel@tonic-gate } 184*7c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &bytes, 1); 185*7c478bd9Sstevel@tonic-gate 186*7c478bd9Sstevel@tonic-gate return (-1); 187*7c478bd9Sstevel@tonic-gate } 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate 190*7c478bd9Sstevel@tonic-gate /* 191*7c478bd9Sstevel@tonic-gate * Format of arbitrary data token: 192*7c478bd9Sstevel@tonic-gate * arbitrary data token id adr char 193*7c478bd9Sstevel@tonic-gate * how to print adr_char 194*7c478bd9Sstevel@tonic-gate * basic unit adr_char 195*7c478bd9Sstevel@tonic-gate * unit count adr_char, specifying number of units of 196*7c478bd9Sstevel@tonic-gate * data items depends on basic unit 197*7c478bd9Sstevel@tonic-gate * 198*7c478bd9Sstevel@tonic-gate */ 199*7c478bd9Sstevel@tonic-gate int 200*7c478bd9Sstevel@tonic-gate arbitrary_data_token(adr_t *adr) 201*7c478bd9Sstevel@tonic-gate { 202*7c478bd9Sstevel@tonic-gate int i; 203*7c478bd9Sstevel@tonic-gate char c1; 204*7c478bd9Sstevel@tonic-gate short c2; 205*7c478bd9Sstevel@tonic-gate int32_t c3; 206*7c478bd9Sstevel@tonic-gate int64_t c4; 207*7c478bd9Sstevel@tonic-gate char how_to_print, basic_unit, unit_count; 208*7c478bd9Sstevel@tonic-gate 209*7c478bd9Sstevel@tonic-gate /* get how_to_print, basic_unit, and unit_count */ 210*7c478bd9Sstevel@tonic-gate adrm_char(adr, &how_to_print, 1); 211*7c478bd9Sstevel@tonic-gate adrm_char(adr, &basic_unit, 1); 212*7c478bd9Sstevel@tonic-gate adrm_char(adr, &unit_count, 1); 213*7c478bd9Sstevel@tonic-gate for (i = 0; i < unit_count; i++) { 214*7c478bd9Sstevel@tonic-gate switch (basic_unit) { 215*7c478bd9Sstevel@tonic-gate /* case AUR_BYTE: has same value as AUR_CHAR */ 216*7c478bd9Sstevel@tonic-gate case AUR_CHAR: 217*7c478bd9Sstevel@tonic-gate adrm_char(adr, &c1, 1); 218*7c478bd9Sstevel@tonic-gate break; 219*7c478bd9Sstevel@tonic-gate case AUR_SHORT: 220*7c478bd9Sstevel@tonic-gate adrm_short(adr, &c2, 1); 221*7c478bd9Sstevel@tonic-gate break; 222*7c478bd9Sstevel@tonic-gate case AUR_INT32: 223*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&c3, 1); 224*7c478bd9Sstevel@tonic-gate break; 225*7c478bd9Sstevel@tonic-gate case AUR_INT64: 226*7c478bd9Sstevel@tonic-gate adrm_int64(adr, (int64_t *)&c4, 1); 227*7c478bd9Sstevel@tonic-gate break; 228*7c478bd9Sstevel@tonic-gate default: 229*7c478bd9Sstevel@tonic-gate return (-2); 230*7c478bd9Sstevel@tonic-gate break; 231*7c478bd9Sstevel@tonic-gate } 232*7c478bd9Sstevel@tonic-gate } 233*7c478bd9Sstevel@tonic-gate return (-1); 234*7c478bd9Sstevel@tonic-gate } 235*7c478bd9Sstevel@tonic-gate 236*7c478bd9Sstevel@tonic-gate 237*7c478bd9Sstevel@tonic-gate /* 238*7c478bd9Sstevel@tonic-gate * Format of opaque token: 239*7c478bd9Sstevel@tonic-gate * opaque token id adr_char 240*7c478bd9Sstevel@tonic-gate * size adr_short 241*7c478bd9Sstevel@tonic-gate * data adr_char, size times 242*7c478bd9Sstevel@tonic-gate * 243*7c478bd9Sstevel@tonic-gate */ 244*7c478bd9Sstevel@tonic-gate int 245*7c478bd9Sstevel@tonic-gate opaque_token(adr_t *adr) 246*7c478bd9Sstevel@tonic-gate { 247*7c478bd9Sstevel@tonic-gate skip_string(adr); 248*7c478bd9Sstevel@tonic-gate return (-1); 249*7c478bd9Sstevel@tonic-gate } 250*7c478bd9Sstevel@tonic-gate 251*7c478bd9Sstevel@tonic-gate 252*7c478bd9Sstevel@tonic-gate 253*7c478bd9Sstevel@tonic-gate /* 254*7c478bd9Sstevel@tonic-gate * Format of return32 value token: 255*7c478bd9Sstevel@tonic-gate * return value token id adr_char 256*7c478bd9Sstevel@tonic-gate * error number adr_char 257*7c478bd9Sstevel@tonic-gate * return value adr_u_int32 258*7c478bd9Sstevel@tonic-gate * 259*7c478bd9Sstevel@tonic-gate */ 260*7c478bd9Sstevel@tonic-gate int 261*7c478bd9Sstevel@tonic-gate return_value32_token(adr_t *adr) 262*7c478bd9Sstevel@tonic-gate { 263*7c478bd9Sstevel@tonic-gate char errnum; 264*7c478bd9Sstevel@tonic-gate uint32_t value; 265*7c478bd9Sstevel@tonic-gate 266*7c478bd9Sstevel@tonic-gate adrm_char(adr, &errnum, 1); 267*7c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &value, 1); 268*7c478bd9Sstevel@tonic-gate if ((flags & M_SORF) && 269*7c478bd9Sstevel@tonic-gate ((global_class & mask.am_success) && (errnum == 0)) || 270*7c478bd9Sstevel@tonic-gate ((global_class & mask.am_failure) && (errnum != 0))) { 271*7c478bd9Sstevel@tonic-gate checkflags |= M_SORF; 272*7c478bd9Sstevel@tonic-gate } 273*7c478bd9Sstevel@tonic-gate return (-1); 274*7c478bd9Sstevel@tonic-gate } 275*7c478bd9Sstevel@tonic-gate 276*7c478bd9Sstevel@tonic-gate /* 277*7c478bd9Sstevel@tonic-gate * Format of return64 value token: 278*7c478bd9Sstevel@tonic-gate * return value token id adr_char 279*7c478bd9Sstevel@tonic-gate * error number adr_char 280*7c478bd9Sstevel@tonic-gate * return value adr_u_int64 281*7c478bd9Sstevel@tonic-gate * 282*7c478bd9Sstevel@tonic-gate */ 283*7c478bd9Sstevel@tonic-gate int 284*7c478bd9Sstevel@tonic-gate return_value64_token(adr_t *adr) 285*7c478bd9Sstevel@tonic-gate { 286*7c478bd9Sstevel@tonic-gate char errnum; 287*7c478bd9Sstevel@tonic-gate uint64_t value; 288*7c478bd9Sstevel@tonic-gate 289*7c478bd9Sstevel@tonic-gate adrm_char(adr, &errnum, 1); 290*7c478bd9Sstevel@tonic-gate adrm_u_int64(adr, &value, 1); 291*7c478bd9Sstevel@tonic-gate if ((flags & M_SORF) && 292*7c478bd9Sstevel@tonic-gate ((global_class & mask.am_success) && (errnum == 0)) || 293*7c478bd9Sstevel@tonic-gate ((global_class & mask.am_failure) && (errnum != 0))) { 294*7c478bd9Sstevel@tonic-gate checkflags |= M_SORF; 295*7c478bd9Sstevel@tonic-gate } 296*7c478bd9Sstevel@tonic-gate return (-1); 297*7c478bd9Sstevel@tonic-gate } 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gate 300*7c478bd9Sstevel@tonic-gate /* 301*7c478bd9Sstevel@tonic-gate * Format of sequence token: 302*7c478bd9Sstevel@tonic-gate * sequence token id adr_char 303*7c478bd9Sstevel@tonic-gate * audit_count int32_t 304*7c478bd9Sstevel@tonic-gate * 305*7c478bd9Sstevel@tonic-gate */ 306*7c478bd9Sstevel@tonic-gate int 307*7c478bd9Sstevel@tonic-gate sequence_token(adr_t *adr) 308*7c478bd9Sstevel@tonic-gate { 309*7c478bd9Sstevel@tonic-gate int32_t audit_count; 310*7c478bd9Sstevel@tonic-gate 311*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &audit_count, 1); 312*7c478bd9Sstevel@tonic-gate return (-1); 313*7c478bd9Sstevel@tonic-gate } 314*7c478bd9Sstevel@tonic-gate 315*7c478bd9Sstevel@tonic-gate 316*7c478bd9Sstevel@tonic-gate /* 317*7c478bd9Sstevel@tonic-gate * Format of text token: 318*7c478bd9Sstevel@tonic-gate * text token id adr_char 319*7c478bd9Sstevel@tonic-gate * text adr_string 320*7c478bd9Sstevel@tonic-gate * 321*7c478bd9Sstevel@tonic-gate */ 322*7c478bd9Sstevel@tonic-gate int 323*7c478bd9Sstevel@tonic-gate text_token(adr_t *adr) 324*7c478bd9Sstevel@tonic-gate { 325*7c478bd9Sstevel@tonic-gate skip_string(adr); 326*7c478bd9Sstevel@tonic-gate return (-1); 327*7c478bd9Sstevel@tonic-gate } 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate 330*7c478bd9Sstevel@tonic-gate /* 331*7c478bd9Sstevel@tonic-gate * Format of ip_addr token: 332*7c478bd9Sstevel@tonic-gate * ip token id adr_char 333*7c478bd9Sstevel@tonic-gate * address adr_int32 334*7c478bd9Sstevel@tonic-gate * 335*7c478bd9Sstevel@tonic-gate */ 336*7c478bd9Sstevel@tonic-gate int 337*7c478bd9Sstevel@tonic-gate ip_addr_token(adr_t *adr) 338*7c478bd9Sstevel@tonic-gate { 339*7c478bd9Sstevel@tonic-gate int32_t address; 340*7c478bd9Sstevel@tonic-gate 341*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&address, 4); 342*7c478bd9Sstevel@tonic-gate 343*7c478bd9Sstevel@tonic-gate return (-1); 344*7c478bd9Sstevel@tonic-gate } 345*7c478bd9Sstevel@tonic-gate 346*7c478bd9Sstevel@tonic-gate /* 347*7c478bd9Sstevel@tonic-gate * Format of ip_addr_ex token: 348*7c478bd9Sstevel@tonic-gate * ip token id adr_char 349*7c478bd9Sstevel@tonic-gate * ip type adr_int32 350*7c478bd9Sstevel@tonic-gate * address 4*adr_int32 351*7c478bd9Sstevel@tonic-gate * 352*7c478bd9Sstevel@tonic-gate */ 353*7c478bd9Sstevel@tonic-gate int 354*7c478bd9Sstevel@tonic-gate ip_addr_ex_token(adr_t *adr) 355*7c478bd9Sstevel@tonic-gate { 356*7c478bd9Sstevel@tonic-gate int32_t address[4]; 357*7c478bd9Sstevel@tonic-gate int32_t type; 358*7c478bd9Sstevel@tonic-gate 359*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&type, 1); 360*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&address, 4); 361*7c478bd9Sstevel@tonic-gate 362*7c478bd9Sstevel@tonic-gate return (-1); 363*7c478bd9Sstevel@tonic-gate } 364*7c478bd9Sstevel@tonic-gate 365*7c478bd9Sstevel@tonic-gate /* 366*7c478bd9Sstevel@tonic-gate * Format of ip token: 367*7c478bd9Sstevel@tonic-gate * ip header token id adr_char 368*7c478bd9Sstevel@tonic-gate * version adr_char 369*7c478bd9Sstevel@tonic-gate * type of service adr_char 370*7c478bd9Sstevel@tonic-gate * length adr_short 371*7c478bd9Sstevel@tonic-gate * id adr_u_short 372*7c478bd9Sstevel@tonic-gate * offset adr_u_short 373*7c478bd9Sstevel@tonic-gate * ttl adr_char 374*7c478bd9Sstevel@tonic-gate * protocol adr_char 375*7c478bd9Sstevel@tonic-gate * checksum adr_u_short 376*7c478bd9Sstevel@tonic-gate * source address adr_int32 377*7c478bd9Sstevel@tonic-gate * destination address adr_int32 378*7c478bd9Sstevel@tonic-gate * 379*7c478bd9Sstevel@tonic-gate */ 380*7c478bd9Sstevel@tonic-gate int 381*7c478bd9Sstevel@tonic-gate ip_token(adr_t *adr) 382*7c478bd9Sstevel@tonic-gate { 383*7c478bd9Sstevel@tonic-gate char version; 384*7c478bd9Sstevel@tonic-gate char type; 385*7c478bd9Sstevel@tonic-gate short len; 386*7c478bd9Sstevel@tonic-gate unsigned short id, offset, checksum; 387*7c478bd9Sstevel@tonic-gate char ttl, protocol; 388*7c478bd9Sstevel@tonic-gate int32_t src, dest; 389*7c478bd9Sstevel@tonic-gate 390*7c478bd9Sstevel@tonic-gate adrm_char(adr, &version, 1); 391*7c478bd9Sstevel@tonic-gate adrm_char(adr, &type, 1); 392*7c478bd9Sstevel@tonic-gate adrm_short(adr, &len, 1); 393*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, &id, 1); 394*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, &offset, 1); 395*7c478bd9Sstevel@tonic-gate adrm_char(adr, &ttl, 1); 396*7c478bd9Sstevel@tonic-gate adrm_char(adr, &protocol, 1); 397*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, &checksum, 1); 398*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&src, 4); 399*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&dest, 4); 400*7c478bd9Sstevel@tonic-gate 401*7c478bd9Sstevel@tonic-gate return (-1); 402*7c478bd9Sstevel@tonic-gate } 403*7c478bd9Sstevel@tonic-gate 404*7c478bd9Sstevel@tonic-gate 405*7c478bd9Sstevel@tonic-gate /* 406*7c478bd9Sstevel@tonic-gate * Format of iport token: 407*7c478bd9Sstevel@tonic-gate * ip port address token id adr_char 408*7c478bd9Sstevel@tonic-gate * port address adr_short 409*7c478bd9Sstevel@tonic-gate * 410*7c478bd9Sstevel@tonic-gate */ 411*7c478bd9Sstevel@tonic-gate int 412*7c478bd9Sstevel@tonic-gate iport_token(adr_t *adr) 413*7c478bd9Sstevel@tonic-gate { 414*7c478bd9Sstevel@tonic-gate short address; 415*7c478bd9Sstevel@tonic-gate 416*7c478bd9Sstevel@tonic-gate adrm_short(adr, &address, 1); 417*7c478bd9Sstevel@tonic-gate 418*7c478bd9Sstevel@tonic-gate return (-1); 419*7c478bd9Sstevel@tonic-gate } 420*7c478bd9Sstevel@tonic-gate 421*7c478bd9Sstevel@tonic-gate 422*7c478bd9Sstevel@tonic-gate /* 423*7c478bd9Sstevel@tonic-gate * Format of groups token: 424*7c478bd9Sstevel@tonic-gate * group token id adr_char 425*7c478bd9Sstevel@tonic-gate * group list adr_int32, 16 times 426*7c478bd9Sstevel@tonic-gate * 427*7c478bd9Sstevel@tonic-gate */ 428*7c478bd9Sstevel@tonic-gate int 429*7c478bd9Sstevel@tonic-gate group_token(adr_t *adr) 430*7c478bd9Sstevel@tonic-gate { 431*7c478bd9Sstevel@tonic-gate int gid[16]; 432*7c478bd9Sstevel@tonic-gate int i; 433*7c478bd9Sstevel@tonic-gate int flag = 0; 434*7c478bd9Sstevel@tonic-gate 435*7c478bd9Sstevel@tonic-gate for (i = 0; i < 16; i++) { 436*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&gid[i], 1); 437*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 438*7c478bd9Sstevel@tonic-gate if ((unsigned short)m_groupr == gid[i]) 439*7c478bd9Sstevel@tonic-gate flag = 1; 440*7c478bd9Sstevel@tonic-gate } 441*7c478bd9Sstevel@tonic-gate } 442*7c478bd9Sstevel@tonic-gate 443*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 444*7c478bd9Sstevel@tonic-gate if (flag) 445*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 446*7c478bd9Sstevel@tonic-gate } 447*7c478bd9Sstevel@tonic-gate return (-1); 448*7c478bd9Sstevel@tonic-gate } 449*7c478bd9Sstevel@tonic-gate 450*7c478bd9Sstevel@tonic-gate /* 451*7c478bd9Sstevel@tonic-gate * Format of newgroups token: 452*7c478bd9Sstevel@tonic-gate * group token id adr_char 453*7c478bd9Sstevel@tonic-gate * number of groups adr_short 454*7c478bd9Sstevel@tonic-gate * group list adr_int32, "number" times 455*7c478bd9Sstevel@tonic-gate * 456*7c478bd9Sstevel@tonic-gate */ 457*7c478bd9Sstevel@tonic-gate int 458*7c478bd9Sstevel@tonic-gate newgroup_token(adr_t *adr) 459*7c478bd9Sstevel@tonic-gate { 460*7c478bd9Sstevel@tonic-gate gid_t gid; 461*7c478bd9Sstevel@tonic-gate int i; 462*7c478bd9Sstevel@tonic-gate short int number; 463*7c478bd9Sstevel@tonic-gate 464*7c478bd9Sstevel@tonic-gate adrm_short(adr, &number, 1); 465*7c478bd9Sstevel@tonic-gate 466*7c478bd9Sstevel@tonic-gate for (i = 0; i < number; i++) { 467*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&gid, 1); 468*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 469*7c478bd9Sstevel@tonic-gate if (m_groupr == gid) 470*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 471*7c478bd9Sstevel@tonic-gate } 472*7c478bd9Sstevel@tonic-gate } 473*7c478bd9Sstevel@tonic-gate 474*7c478bd9Sstevel@tonic-gate return (-1); 475*7c478bd9Sstevel@tonic-gate } 476*7c478bd9Sstevel@tonic-gate 477*7c478bd9Sstevel@tonic-gate /* 478*7c478bd9Sstevel@tonic-gate * Format of argument32 token: 479*7c478bd9Sstevel@tonic-gate * argument token id adr_char 480*7c478bd9Sstevel@tonic-gate * argument number adr_char 481*7c478bd9Sstevel@tonic-gate * argument value adr_int32 482*7c478bd9Sstevel@tonic-gate * argument description adr_string 483*7c478bd9Sstevel@tonic-gate * 484*7c478bd9Sstevel@tonic-gate */ 485*7c478bd9Sstevel@tonic-gate int 486*7c478bd9Sstevel@tonic-gate argument32_token(adr_t *adr) 487*7c478bd9Sstevel@tonic-gate { 488*7c478bd9Sstevel@tonic-gate char arg_num; 489*7c478bd9Sstevel@tonic-gate int32_t arg_val; 490*7c478bd9Sstevel@tonic-gate 491*7c478bd9Sstevel@tonic-gate adrm_char(adr, &arg_num, 1); 492*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &arg_val, 1); 493*7c478bd9Sstevel@tonic-gate skip_string(adr); 494*7c478bd9Sstevel@tonic-gate 495*7c478bd9Sstevel@tonic-gate return (-1); 496*7c478bd9Sstevel@tonic-gate } 497*7c478bd9Sstevel@tonic-gate 498*7c478bd9Sstevel@tonic-gate /* 499*7c478bd9Sstevel@tonic-gate * Format of argument64 token: 500*7c478bd9Sstevel@tonic-gate * argument token id adr_char 501*7c478bd9Sstevel@tonic-gate * argument number adr_char 502*7c478bd9Sstevel@tonic-gate * argument value adr_int64 503*7c478bd9Sstevel@tonic-gate * argument description adr_string 504*7c478bd9Sstevel@tonic-gate * 505*7c478bd9Sstevel@tonic-gate */ 506*7c478bd9Sstevel@tonic-gate int 507*7c478bd9Sstevel@tonic-gate argument64_token(adr_t *adr) 508*7c478bd9Sstevel@tonic-gate { 509*7c478bd9Sstevel@tonic-gate char arg_num; 510*7c478bd9Sstevel@tonic-gate int64_t arg_val; 511*7c478bd9Sstevel@tonic-gate 512*7c478bd9Sstevel@tonic-gate adrm_char(adr, &arg_num, 1); 513*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &arg_val, 1); 514*7c478bd9Sstevel@tonic-gate skip_string(adr); 515*7c478bd9Sstevel@tonic-gate 516*7c478bd9Sstevel@tonic-gate return (-1); 517*7c478bd9Sstevel@tonic-gate } 518*7c478bd9Sstevel@tonic-gate 519*7c478bd9Sstevel@tonic-gate int 520*7c478bd9Sstevel@tonic-gate acl_token(adr_t *adr) 521*7c478bd9Sstevel@tonic-gate { 522*7c478bd9Sstevel@tonic-gate 523*7c478bd9Sstevel@tonic-gate int32_t id; 524*7c478bd9Sstevel@tonic-gate int32_t mode; 525*7c478bd9Sstevel@tonic-gate int32_t type; 526*7c478bd9Sstevel@tonic-gate 527*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1); 528*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &id, 1); 529*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1); 530*7c478bd9Sstevel@tonic-gate 531*7c478bd9Sstevel@tonic-gate return (-1); 532*7c478bd9Sstevel@tonic-gate } 533*7c478bd9Sstevel@tonic-gate 534*7c478bd9Sstevel@tonic-gate /* 535*7c478bd9Sstevel@tonic-gate * Format of attribute token: (old pre SunOS 5.7 format) 536*7c478bd9Sstevel@tonic-gate * attribute token id adr_char 537*7c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal) 538*7c478bd9Sstevel@tonic-gate * uid adr_int32 539*7c478bd9Sstevel@tonic-gate * gid adr_int32 540*7c478bd9Sstevel@tonic-gate * file system id adr_int32 541*7c478bd9Sstevel@tonic-gate * node id adr_int32 542*7c478bd9Sstevel@tonic-gate * device adr_int32 543*7c478bd9Sstevel@tonic-gate * 544*7c478bd9Sstevel@tonic-gate */ 545*7c478bd9Sstevel@tonic-gate int 546*7c478bd9Sstevel@tonic-gate attribute_token(adr_t *adr) 547*7c478bd9Sstevel@tonic-gate { 548*7c478bd9Sstevel@tonic-gate int32_t dev; 549*7c478bd9Sstevel@tonic-gate int32_t file_sysid; 550*7c478bd9Sstevel@tonic-gate int32_t gid; 551*7c478bd9Sstevel@tonic-gate int32_t mode; 552*7c478bd9Sstevel@tonic-gate int32_t nodeid; 553*7c478bd9Sstevel@tonic-gate int32_t uid; 554*7c478bd9Sstevel@tonic-gate 555*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1); 556*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 557*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1); 558*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1); 559*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &nodeid, 1); 560*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &dev, 1); 561*7c478bd9Sstevel@tonic-gate 562*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 563*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 564*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 565*7c478bd9Sstevel@tonic-gate } 566*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 567*7c478bd9Sstevel@tonic-gate if (m_groupe == gid) 568*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 569*7c478bd9Sstevel@tonic-gate } 570*7c478bd9Sstevel@tonic-gate 571*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 572*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) && 573*7c478bd9Sstevel@tonic-gate (obj_group == gid)) 574*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 575*7c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) && 576*7c478bd9Sstevel@tonic-gate (obj_owner == uid)) 577*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 578*7c478bd9Sstevel@tonic-gate } 579*7c478bd9Sstevel@tonic-gate return (-1); 580*7c478bd9Sstevel@tonic-gate } 581*7c478bd9Sstevel@tonic-gate 582*7c478bd9Sstevel@tonic-gate /* 583*7c478bd9Sstevel@tonic-gate * Format of attribute32 token: 584*7c478bd9Sstevel@tonic-gate * attribute token id adr_char 585*7c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal) 586*7c478bd9Sstevel@tonic-gate * uid adr_int32 587*7c478bd9Sstevel@tonic-gate * gid adr_int32 588*7c478bd9Sstevel@tonic-gate * file system id adr_int32 589*7c478bd9Sstevel@tonic-gate * node id adr_int64 590*7c478bd9Sstevel@tonic-gate * device adr_int32 591*7c478bd9Sstevel@tonic-gate * 592*7c478bd9Sstevel@tonic-gate */ 593*7c478bd9Sstevel@tonic-gate int 594*7c478bd9Sstevel@tonic-gate attribute32_token(adr_t *adr) 595*7c478bd9Sstevel@tonic-gate { 596*7c478bd9Sstevel@tonic-gate int32_t dev; 597*7c478bd9Sstevel@tonic-gate int32_t file_sysid; 598*7c478bd9Sstevel@tonic-gate int32_t gid; 599*7c478bd9Sstevel@tonic-gate int32_t mode; 600*7c478bd9Sstevel@tonic-gate int64_t nodeid; 601*7c478bd9Sstevel@tonic-gate int32_t uid; 602*7c478bd9Sstevel@tonic-gate 603*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1); 604*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 605*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1); 606*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1); 607*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &nodeid, 1); 608*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &dev, 1); 609*7c478bd9Sstevel@tonic-gate 610*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 611*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 612*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 613*7c478bd9Sstevel@tonic-gate } 614*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 615*7c478bd9Sstevel@tonic-gate if (m_groupe == gid) 616*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 617*7c478bd9Sstevel@tonic-gate } 618*7c478bd9Sstevel@tonic-gate 619*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 620*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) && 621*7c478bd9Sstevel@tonic-gate (obj_group == gid)) 622*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 623*7c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) && 624*7c478bd9Sstevel@tonic-gate (obj_owner == uid)) 625*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 626*7c478bd9Sstevel@tonic-gate } 627*7c478bd9Sstevel@tonic-gate return (-1); 628*7c478bd9Sstevel@tonic-gate } 629*7c478bd9Sstevel@tonic-gate 630*7c478bd9Sstevel@tonic-gate /* 631*7c478bd9Sstevel@tonic-gate * Format of attribute64 token: 632*7c478bd9Sstevel@tonic-gate * attribute token id adr_char 633*7c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal) 634*7c478bd9Sstevel@tonic-gate * uid adr_int32 635*7c478bd9Sstevel@tonic-gate * gid adr_int32 636*7c478bd9Sstevel@tonic-gate * file system id adr_int32 637*7c478bd9Sstevel@tonic-gate * node id adr_int64 638*7c478bd9Sstevel@tonic-gate * device adr_int64 639*7c478bd9Sstevel@tonic-gate * 640*7c478bd9Sstevel@tonic-gate */ 641*7c478bd9Sstevel@tonic-gate int 642*7c478bd9Sstevel@tonic-gate attribute64_token(adr_t *adr) 643*7c478bd9Sstevel@tonic-gate { 644*7c478bd9Sstevel@tonic-gate int64_t dev; 645*7c478bd9Sstevel@tonic-gate int32_t file_sysid; 646*7c478bd9Sstevel@tonic-gate int32_t gid; 647*7c478bd9Sstevel@tonic-gate int32_t mode; 648*7c478bd9Sstevel@tonic-gate int64_t nodeid; 649*7c478bd9Sstevel@tonic-gate int32_t uid; 650*7c478bd9Sstevel@tonic-gate 651*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1); 652*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 653*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1); 654*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1); 655*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &nodeid, 1); 656*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &dev, 1); 657*7c478bd9Sstevel@tonic-gate 658*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 659*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 660*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 661*7c478bd9Sstevel@tonic-gate } 662*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 663*7c478bd9Sstevel@tonic-gate if (m_groupe == gid) 664*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 665*7c478bd9Sstevel@tonic-gate } 666*7c478bd9Sstevel@tonic-gate 667*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 668*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) && 669*7c478bd9Sstevel@tonic-gate (obj_group == gid)) 670*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 671*7c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) && 672*7c478bd9Sstevel@tonic-gate (obj_owner == uid)) 673*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 674*7c478bd9Sstevel@tonic-gate } 675*7c478bd9Sstevel@tonic-gate return (-1); 676*7c478bd9Sstevel@tonic-gate } 677*7c478bd9Sstevel@tonic-gate 678*7c478bd9Sstevel@tonic-gate 679*7c478bd9Sstevel@tonic-gate /* 680*7c478bd9Sstevel@tonic-gate * Format of command token: 681*7c478bd9Sstevel@tonic-gate * attribute token id adr_char 682*7c478bd9Sstevel@tonic-gate * argc adr_short 683*7c478bd9Sstevel@tonic-gate * argv len adr_short variable amount of argv len 684*7c478bd9Sstevel@tonic-gate * argv text argv len and text 685*7c478bd9Sstevel@tonic-gate * . 686*7c478bd9Sstevel@tonic-gate * . 687*7c478bd9Sstevel@tonic-gate * . 688*7c478bd9Sstevel@tonic-gate * envp count adr_short variable amount of envp len 689*7c478bd9Sstevel@tonic-gate * envp len adr_short and text 690*7c478bd9Sstevel@tonic-gate * envp text envp len 691*7c478bd9Sstevel@tonic-gate * . 692*7c478bd9Sstevel@tonic-gate * . 693*7c478bd9Sstevel@tonic-gate * . 694*7c478bd9Sstevel@tonic-gate * 695*7c478bd9Sstevel@tonic-gate */ 696*7c478bd9Sstevel@tonic-gate int 697*7c478bd9Sstevel@tonic-gate cmd_token(adr_t *adr) 698*7c478bd9Sstevel@tonic-gate { 699*7c478bd9Sstevel@tonic-gate short cnt; 700*7c478bd9Sstevel@tonic-gate short i; 701*7c478bd9Sstevel@tonic-gate 702*7c478bd9Sstevel@tonic-gate adrm_short(adr, &cnt, 1); 703*7c478bd9Sstevel@tonic-gate 704*7c478bd9Sstevel@tonic-gate for (i = 0; i < cnt; i++) 705*7c478bd9Sstevel@tonic-gate skip_string(adr); 706*7c478bd9Sstevel@tonic-gate 707*7c478bd9Sstevel@tonic-gate adrm_short(adr, &cnt, 1); 708*7c478bd9Sstevel@tonic-gate 709*7c478bd9Sstevel@tonic-gate for (i = 0; i < cnt; i++) 710*7c478bd9Sstevel@tonic-gate skip_string(adr); 711*7c478bd9Sstevel@tonic-gate 712*7c478bd9Sstevel@tonic-gate return (-1); 713*7c478bd9Sstevel@tonic-gate } 714*7c478bd9Sstevel@tonic-gate 715*7c478bd9Sstevel@tonic-gate 716*7c478bd9Sstevel@tonic-gate /* 717*7c478bd9Sstevel@tonic-gate * Format of exit token: 718*7c478bd9Sstevel@tonic-gate * attribute token id adr_char 719*7c478bd9Sstevel@tonic-gate * return value adr_int32 720*7c478bd9Sstevel@tonic-gate * errno adr_int32 721*7c478bd9Sstevel@tonic-gate * 722*7c478bd9Sstevel@tonic-gate */ 723*7c478bd9Sstevel@tonic-gate int 724*7c478bd9Sstevel@tonic-gate exit_token(adr_t *adr) 725*7c478bd9Sstevel@tonic-gate { 726*7c478bd9Sstevel@tonic-gate int32_t retval; 727*7c478bd9Sstevel@tonic-gate int32_t errno; 728*7c478bd9Sstevel@tonic-gate 729*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &retval, 1); 730*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &errno, 1); 731*7c478bd9Sstevel@tonic-gate return (-1); 732*7c478bd9Sstevel@tonic-gate } 733*7c478bd9Sstevel@tonic-gate 734*7c478bd9Sstevel@tonic-gate /* 735*7c478bd9Sstevel@tonic-gate * Format of strings array token: 736*7c478bd9Sstevel@tonic-gate * token id adr_char 737*7c478bd9Sstevel@tonic-gate * count value adr_int32 738*7c478bd9Sstevel@tonic-gate * strings null terminated strings 739*7c478bd9Sstevel@tonic-gate */ 740*7c478bd9Sstevel@tonic-gate static int 741*7c478bd9Sstevel@tonic-gate strings_common_token(adr_t *adr) 742*7c478bd9Sstevel@tonic-gate { 743*7c478bd9Sstevel@tonic-gate int count, i; 744*7c478bd9Sstevel@tonic-gate char c; 745*7c478bd9Sstevel@tonic-gate 746*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&count, 1); 747*7c478bd9Sstevel@tonic-gate for (i = 1; i <= count; i++) { 748*7c478bd9Sstevel@tonic-gate adrm_char(adr, &c, 1); 749*7c478bd9Sstevel@tonic-gate while (c != (char)0) 750*7c478bd9Sstevel@tonic-gate adrm_char(adr, &c, 1); 751*7c478bd9Sstevel@tonic-gate } 752*7c478bd9Sstevel@tonic-gate /* no dump option here, since we will have variable length fields */ 753*7c478bd9Sstevel@tonic-gate return (-1); 754*7c478bd9Sstevel@tonic-gate } 755*7c478bd9Sstevel@tonic-gate 756*7c478bd9Sstevel@tonic-gate int 757*7c478bd9Sstevel@tonic-gate path_attr_token(adr_t *adr) 758*7c478bd9Sstevel@tonic-gate { 759*7c478bd9Sstevel@tonic-gate return (strings_common_token(adr)); 760*7c478bd9Sstevel@tonic-gate } 761*7c478bd9Sstevel@tonic-gate 762*7c478bd9Sstevel@tonic-gate int 763*7c478bd9Sstevel@tonic-gate exec_args_token(adr_t *adr) 764*7c478bd9Sstevel@tonic-gate { 765*7c478bd9Sstevel@tonic-gate return (strings_common_token(adr)); 766*7c478bd9Sstevel@tonic-gate } 767*7c478bd9Sstevel@tonic-gate 768*7c478bd9Sstevel@tonic-gate int 769*7c478bd9Sstevel@tonic-gate exec_env_token(adr_t *adr) 770*7c478bd9Sstevel@tonic-gate { 771*7c478bd9Sstevel@tonic-gate return (strings_common_token(adr)); 772*7c478bd9Sstevel@tonic-gate } 773*7c478bd9Sstevel@tonic-gate 774*7c478bd9Sstevel@tonic-gate /* 775*7c478bd9Sstevel@tonic-gate * Format of liaison token: 776*7c478bd9Sstevel@tonic-gate */ 777*7c478bd9Sstevel@tonic-gate int 778*7c478bd9Sstevel@tonic-gate liaison_token(adr_t *adr) 779*7c478bd9Sstevel@tonic-gate { 780*7c478bd9Sstevel@tonic-gate int32_t li; 781*7c478bd9Sstevel@tonic-gate 782*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &li, 1); 783*7c478bd9Sstevel@tonic-gate return (-1); 784*7c478bd9Sstevel@tonic-gate } 785*7c478bd9Sstevel@tonic-gate 786*7c478bd9Sstevel@tonic-gate 787*7c478bd9Sstevel@tonic-gate /* 788*7c478bd9Sstevel@tonic-gate * Format of path token: 789*7c478bd9Sstevel@tonic-gate * path adr_string 790*7c478bd9Sstevel@tonic-gate */ 791*7c478bd9Sstevel@tonic-gate int 792*7c478bd9Sstevel@tonic-gate path_token(adr_t *adr) 793*7c478bd9Sstevel@tonic-gate { 794*7c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 795*7c478bd9Sstevel@tonic-gate char *path; 796*7c478bd9Sstevel@tonic-gate 797*7c478bd9Sstevel@tonic-gate get_string(adr, &path); 798*7c478bd9Sstevel@tonic-gate if (path[0] != '/') 799*7c478bd9Sstevel@tonic-gate /* 800*7c478bd9Sstevel@tonic-gate * anchor the path. user apps may not do it. 801*7c478bd9Sstevel@tonic-gate */ 802*7c478bd9Sstevel@tonic-gate anchor_path(path); 803*7c478bd9Sstevel@tonic-gate /* 804*7c478bd9Sstevel@tonic-gate * match against the collapsed path. that is what user sees. 805*7c478bd9Sstevel@tonic-gate */ 806*7c478bd9Sstevel@tonic-gate if (re_exec2(collapse_path(path)) == 1) 807*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 808*7c478bd9Sstevel@tonic-gate free(path); 809*7c478bd9Sstevel@tonic-gate } else { 810*7c478bd9Sstevel@tonic-gate skip_string(adr); 811*7c478bd9Sstevel@tonic-gate } 812*7c478bd9Sstevel@tonic-gate return (-1); 813*7c478bd9Sstevel@tonic-gate } 814*7c478bd9Sstevel@tonic-gate 815*7c478bd9Sstevel@tonic-gate 816*7c478bd9Sstevel@tonic-gate /* 817*7c478bd9Sstevel@tonic-gate * Format of System V IPC permission token: 818*7c478bd9Sstevel@tonic-gate * System V IPC permission token id adr_char 819*7c478bd9Sstevel@tonic-gate * uid adr_int32 820*7c478bd9Sstevel@tonic-gate * gid adr_int32 821*7c478bd9Sstevel@tonic-gate * cuid adr_int32 822*7c478bd9Sstevel@tonic-gate * cgid adr_int32 823*7c478bd9Sstevel@tonic-gate * mode adr_int32 824*7c478bd9Sstevel@tonic-gate * seq adr_int32 825*7c478bd9Sstevel@tonic-gate * key adr_int32 826*7c478bd9Sstevel@tonic-gate * label adr_opaque, sizeof (bslabel_t) 827*7c478bd9Sstevel@tonic-gate * bytes 828*7c478bd9Sstevel@tonic-gate */ 829*7c478bd9Sstevel@tonic-gate int 830*7c478bd9Sstevel@tonic-gate s5_IPC_perm_token(adr_t *adr) 831*7c478bd9Sstevel@tonic-gate { 832*7c478bd9Sstevel@tonic-gate int32_t uid, gid, cuid, cgid, mode, seq; 833*7c478bd9Sstevel@tonic-gate int32_t key; 834*7c478bd9Sstevel@tonic-gate 835*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 836*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1); 837*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &cuid, 1); 838*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &cgid, 1); 839*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1); 840*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &seq, 1); 841*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &key, 1); 842*7c478bd9Sstevel@tonic-gate 843*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 844*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 845*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 846*7c478bd9Sstevel@tonic-gate } 847*7c478bd9Sstevel@tonic-gate 848*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 849*7c478bd9Sstevel@tonic-gate if (m_usere == cuid) 850*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 851*7c478bd9Sstevel@tonic-gate } 852*7c478bd9Sstevel@tonic-gate 853*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 854*7c478bd9Sstevel@tonic-gate if (m_groupr == gid) 855*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 856*7c478bd9Sstevel@tonic-gate } 857*7c478bd9Sstevel@tonic-gate 858*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 859*7c478bd9Sstevel@tonic-gate if (m_groupr == cgid) 860*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 861*7c478bd9Sstevel@tonic-gate } 862*7c478bd9Sstevel@tonic-gate 863*7c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && 864*7c478bd9Sstevel@tonic-gate ((obj_owner == uid) || 865*7c478bd9Sstevel@tonic-gate (obj_owner == cuid) || 866*7c478bd9Sstevel@tonic-gate (obj_group == gid) || 867*7c478bd9Sstevel@tonic-gate (obj_group == cgid))) { 868*7c478bd9Sstevel@tonic-gate 869*7c478bd9Sstevel@tonic-gate switch (obj_flag) { 870*7c478bd9Sstevel@tonic-gate case OBJ_MSGGROUP: 871*7c478bd9Sstevel@tonic-gate case OBJ_MSGOWNER: 872*7c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_MSG, ipc_type)) 873*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 874*7c478bd9Sstevel@tonic-gate break; 875*7c478bd9Sstevel@tonic-gate case OBJ_SEMGROUP: 876*7c478bd9Sstevel@tonic-gate case OBJ_SEMOWNER: 877*7c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_SEM, ipc_type)) 878*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 879*7c478bd9Sstevel@tonic-gate break; 880*7c478bd9Sstevel@tonic-gate case OBJ_SHMGROUP: 881*7c478bd9Sstevel@tonic-gate case OBJ_SHMOWNER: 882*7c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_SHM, ipc_type)) 883*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 884*7c478bd9Sstevel@tonic-gate break; 885*7c478bd9Sstevel@tonic-gate } 886*7c478bd9Sstevel@tonic-gate } 887*7c478bd9Sstevel@tonic-gate return (-1); 888*7c478bd9Sstevel@tonic-gate } 889*7c478bd9Sstevel@tonic-gate 890*7c478bd9Sstevel@tonic-gate 891*7c478bd9Sstevel@tonic-gate /* 892*7c478bd9Sstevel@tonic-gate * Format of process32 token: 893*7c478bd9Sstevel@tonic-gate * process token id adr_char 894*7c478bd9Sstevel@tonic-gate * auid adr_int32 895*7c478bd9Sstevel@tonic-gate * euid adr_int32 896*7c478bd9Sstevel@tonic-gate * egid adr_int32 897*7c478bd9Sstevel@tonic-gate * ruid adr_int32 898*7c478bd9Sstevel@tonic-gate * rgid adr_int32 899*7c478bd9Sstevel@tonic-gate * pid adr_int32 900*7c478bd9Sstevel@tonic-gate * sid adr_int32 901*7c478bd9Sstevel@tonic-gate * termid adr_int32*2 902*7c478bd9Sstevel@tonic-gate * 903*7c478bd9Sstevel@tonic-gate */ 904*7c478bd9Sstevel@tonic-gate int 905*7c478bd9Sstevel@tonic-gate process32_token(adr_t *adr) 906*7c478bd9Sstevel@tonic-gate { 907*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 908*7c478bd9Sstevel@tonic-gate int32_t sid; 909*7c478bd9Sstevel@tonic-gate int32_t port, machine; 910*7c478bd9Sstevel@tonic-gate 911*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 912*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 913*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 914*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 915*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 916*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 917*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 918*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1); 919*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1); 920*7c478bd9Sstevel@tonic-gate 921*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) { 922*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 923*7c478bd9Sstevel@tonic-gate checkflags |= M_USERA; 924*7c478bd9Sstevel@tonic-gate } 925*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 926*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 927*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 928*7c478bd9Sstevel@tonic-gate } 929*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) { 930*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 931*7c478bd9Sstevel@tonic-gate checkflags |= M_USERR; 932*7c478bd9Sstevel@tonic-gate } 933*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 934*7c478bd9Sstevel@tonic-gate if (m_groupr == rgid) 935*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 936*7c478bd9Sstevel@tonic-gate } 937*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 938*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 939*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 940*7c478bd9Sstevel@tonic-gate } 941*7c478bd9Sstevel@tonic-gate 942*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 943*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) && 944*7c478bd9Sstevel@tonic-gate (obj_id == pid)) { 945*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 946*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) && 947*7c478bd9Sstevel@tonic-gate ((obj_group == egid) || 948*7c478bd9Sstevel@tonic-gate (obj_group == rgid))) { 949*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 950*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) && 951*7c478bd9Sstevel@tonic-gate ((obj_owner == euid) || 952*7c478bd9Sstevel@tonic-gate (obj_group == ruid))) { 953*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 954*7c478bd9Sstevel@tonic-gate } 955*7c478bd9Sstevel@tonic-gate } 956*7c478bd9Sstevel@tonic-gate return (-1); 957*7c478bd9Sstevel@tonic-gate } 958*7c478bd9Sstevel@tonic-gate 959*7c478bd9Sstevel@tonic-gate /* 960*7c478bd9Sstevel@tonic-gate * Format of process32 token: 961*7c478bd9Sstevel@tonic-gate * process token id adr_char 962*7c478bd9Sstevel@tonic-gate * auid adr_int32 963*7c478bd9Sstevel@tonic-gate * euid adr_int32 964*7c478bd9Sstevel@tonic-gate * egid adr_int32 965*7c478bd9Sstevel@tonic-gate * ruid adr_int32 966*7c478bd9Sstevel@tonic-gate * rgid adr_int32 967*7c478bd9Sstevel@tonic-gate * pid adr_int32 968*7c478bd9Sstevel@tonic-gate * sid adr_int32 969*7c478bd9Sstevel@tonic-gate * termid adr_int32*6 970*7c478bd9Sstevel@tonic-gate * 971*7c478bd9Sstevel@tonic-gate */ 972*7c478bd9Sstevel@tonic-gate int 973*7c478bd9Sstevel@tonic-gate process32_ex_token(adr_t *adr) 974*7c478bd9Sstevel@tonic-gate { 975*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 976*7c478bd9Sstevel@tonic-gate int32_t sid; 977*7c478bd9Sstevel@tonic-gate int32_t port, type, addr[4]; 978*7c478bd9Sstevel@tonic-gate 979*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 980*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 981*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 982*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 983*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 984*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 985*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 986*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1); 987*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1); 988*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &addr[0], 4); 989*7c478bd9Sstevel@tonic-gate 990*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) { 991*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 992*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA; 993*7c478bd9Sstevel@tonic-gate } 994*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 995*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 996*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 997*7c478bd9Sstevel@tonic-gate } 998*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) { 999*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1000*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR; 1001*7c478bd9Sstevel@tonic-gate } 1002*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 1003*7c478bd9Sstevel@tonic-gate if (m_groupr == egid) 1004*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR; 1005*7c478bd9Sstevel@tonic-gate } 1006*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 1007*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1008*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE; 1009*7c478bd9Sstevel@tonic-gate } 1010*7c478bd9Sstevel@tonic-gate 1011*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 1012*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) && 1013*7c478bd9Sstevel@tonic-gate (obj_id == pid)) { 1014*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1015*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) && 1016*7c478bd9Sstevel@tonic-gate ((obj_group == egid) || 1017*7c478bd9Sstevel@tonic-gate (obj_group == rgid))) { 1018*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1019*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) && 1020*7c478bd9Sstevel@tonic-gate ((obj_owner == euid) || 1021*7c478bd9Sstevel@tonic-gate (obj_group == ruid))) { 1022*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1023*7c478bd9Sstevel@tonic-gate } 1024*7c478bd9Sstevel@tonic-gate } 1025*7c478bd9Sstevel@tonic-gate return (-1); 1026*7c478bd9Sstevel@tonic-gate } 1027*7c478bd9Sstevel@tonic-gate 1028*7c478bd9Sstevel@tonic-gate /* 1029*7c478bd9Sstevel@tonic-gate * Format of process64 token: 1030*7c478bd9Sstevel@tonic-gate * process token id adr_char 1031*7c478bd9Sstevel@tonic-gate * auid adr_int32 1032*7c478bd9Sstevel@tonic-gate * euid adr_int32 1033*7c478bd9Sstevel@tonic-gate * egid adr_int32 1034*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1035*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1036*7c478bd9Sstevel@tonic-gate * pid adr_int32 1037*7c478bd9Sstevel@tonic-gate * sid adr_int32 1038*7c478bd9Sstevel@tonic-gate * termid adr_int64+adr_int32 1039*7c478bd9Sstevel@tonic-gate * 1040*7c478bd9Sstevel@tonic-gate */ 1041*7c478bd9Sstevel@tonic-gate int 1042*7c478bd9Sstevel@tonic-gate process64_token(adr_t *adr) 1043*7c478bd9Sstevel@tonic-gate { 1044*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1045*7c478bd9Sstevel@tonic-gate int32_t sid; 1046*7c478bd9Sstevel@tonic-gate int64_t port; 1047*7c478bd9Sstevel@tonic-gate int32_t machine; 1048*7c478bd9Sstevel@tonic-gate 1049*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1050*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1051*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1052*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1053*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1054*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1055*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1056*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1); 1057*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1); 1058*7c478bd9Sstevel@tonic-gate 1059*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) { 1060*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1061*7c478bd9Sstevel@tonic-gate checkflags |= M_USERA; 1062*7c478bd9Sstevel@tonic-gate } 1063*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 1064*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1065*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 1066*7c478bd9Sstevel@tonic-gate } 1067*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) { 1068*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1069*7c478bd9Sstevel@tonic-gate checkflags |= M_USERR; 1070*7c478bd9Sstevel@tonic-gate } 1071*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 1072*7c478bd9Sstevel@tonic-gate if (m_groupr == rgid) 1073*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 1074*7c478bd9Sstevel@tonic-gate } 1075*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 1076*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1077*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 1078*7c478bd9Sstevel@tonic-gate } 1079*7c478bd9Sstevel@tonic-gate 1080*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 1081*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) && 1082*7c478bd9Sstevel@tonic-gate (obj_id == pid)) { 1083*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1084*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) && 1085*7c478bd9Sstevel@tonic-gate ((obj_group == egid) || 1086*7c478bd9Sstevel@tonic-gate (obj_group == rgid))) { 1087*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1088*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) && 1089*7c478bd9Sstevel@tonic-gate ((obj_owner == euid) || 1090*7c478bd9Sstevel@tonic-gate (obj_group == ruid))) { 1091*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1092*7c478bd9Sstevel@tonic-gate } 1093*7c478bd9Sstevel@tonic-gate } 1094*7c478bd9Sstevel@tonic-gate return (-1); 1095*7c478bd9Sstevel@tonic-gate } 1096*7c478bd9Sstevel@tonic-gate 1097*7c478bd9Sstevel@tonic-gate /* 1098*7c478bd9Sstevel@tonic-gate * Format of process64 token: 1099*7c478bd9Sstevel@tonic-gate * process token id adr_char 1100*7c478bd9Sstevel@tonic-gate * auid adr_int32 1101*7c478bd9Sstevel@tonic-gate * euid adr_int32 1102*7c478bd9Sstevel@tonic-gate * egid adr_int32 1103*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1104*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1105*7c478bd9Sstevel@tonic-gate * pid adr_int32 1106*7c478bd9Sstevel@tonic-gate * sid adr_int32 1107*7c478bd9Sstevel@tonic-gate * termid adr_int64+5*adr_int32 1108*7c478bd9Sstevel@tonic-gate * 1109*7c478bd9Sstevel@tonic-gate */ 1110*7c478bd9Sstevel@tonic-gate int 1111*7c478bd9Sstevel@tonic-gate process64_ex_token(adr_t *adr) 1112*7c478bd9Sstevel@tonic-gate { 1113*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1114*7c478bd9Sstevel@tonic-gate int32_t sid; 1115*7c478bd9Sstevel@tonic-gate int64_t port; 1116*7c478bd9Sstevel@tonic-gate int32_t type, addr[4]; 1117*7c478bd9Sstevel@tonic-gate 1118*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1119*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1120*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1121*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1122*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1123*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1124*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1125*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1); 1126*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1); 1127*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &addr[0], 4); 1128*7c478bd9Sstevel@tonic-gate 1129*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) { 1130*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1131*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA; 1132*7c478bd9Sstevel@tonic-gate } 1133*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) { 1134*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1135*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 1136*7c478bd9Sstevel@tonic-gate } 1137*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) { 1138*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1139*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR; 1140*7c478bd9Sstevel@tonic-gate } 1141*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) { 1142*7c478bd9Sstevel@tonic-gate if (m_groupr == egid) 1143*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR; 1144*7c478bd9Sstevel@tonic-gate } 1145*7c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) { 1146*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1147*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE; 1148*7c478bd9Sstevel@tonic-gate } 1149*7c478bd9Sstevel@tonic-gate 1150*7c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) { 1151*7c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) && 1152*7c478bd9Sstevel@tonic-gate (obj_id == pid)) { 1153*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1154*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) && 1155*7c478bd9Sstevel@tonic-gate ((obj_group == egid) || 1156*7c478bd9Sstevel@tonic-gate (obj_group == rgid))) { 1157*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1158*7c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) && 1159*7c478bd9Sstevel@tonic-gate ((obj_owner == euid) || 1160*7c478bd9Sstevel@tonic-gate (obj_group == ruid))) { 1161*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT; 1162*7c478bd9Sstevel@tonic-gate } 1163*7c478bd9Sstevel@tonic-gate } 1164*7c478bd9Sstevel@tonic-gate return (-1); 1165*7c478bd9Sstevel@tonic-gate } 1166*7c478bd9Sstevel@tonic-gate 1167*7c478bd9Sstevel@tonic-gate /* 1168*7c478bd9Sstevel@tonic-gate * Format of System V IPC token: 1169*7c478bd9Sstevel@tonic-gate * System V IPC token id adr_char 1170*7c478bd9Sstevel@tonic-gate * object id adr_int32 1171*7c478bd9Sstevel@tonic-gate * 1172*7c478bd9Sstevel@tonic-gate */ 1173*7c478bd9Sstevel@tonic-gate int 1174*7c478bd9Sstevel@tonic-gate s5_IPC_token(adr_t *adr) 1175*7c478bd9Sstevel@tonic-gate { 1176*7c478bd9Sstevel@tonic-gate int32_t ipc_id; 1177*7c478bd9Sstevel@tonic-gate 1178*7c478bd9Sstevel@tonic-gate adrm_char(adr, &ipc_type, 1); /* Global */ 1179*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ipc_id, 1); 1180*7c478bd9Sstevel@tonic-gate 1181*7c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && 1182*7c478bd9Sstevel@tonic-gate ipc_type_match(obj_flag, ipc_type) && 1183*7c478bd9Sstevel@tonic-gate (obj_id == ipc_id)) 1184*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1185*7c478bd9Sstevel@tonic-gate 1186*7c478bd9Sstevel@tonic-gate return (-1); 1187*7c478bd9Sstevel@tonic-gate } 1188*7c478bd9Sstevel@tonic-gate 1189*7c478bd9Sstevel@tonic-gate 1190*7c478bd9Sstevel@tonic-gate /* 1191*7c478bd9Sstevel@tonic-gate * Format of socket token: 1192*7c478bd9Sstevel@tonic-gate * socket_type adrm_short 1193*7c478bd9Sstevel@tonic-gate * remote_port adrm_short 1194*7c478bd9Sstevel@tonic-gate * remote_inaddr adrm_int32 1195*7c478bd9Sstevel@tonic-gate * 1196*7c478bd9Sstevel@tonic-gate */ 1197*7c478bd9Sstevel@tonic-gate int 1198*7c478bd9Sstevel@tonic-gate socket_token(adr_t *adr) 1199*7c478bd9Sstevel@tonic-gate { 1200*7c478bd9Sstevel@tonic-gate short socket_type; 1201*7c478bd9Sstevel@tonic-gate short remote_port; 1202*7c478bd9Sstevel@tonic-gate int32_t remote_inaddr; 1203*7c478bd9Sstevel@tonic-gate 1204*7c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_type, 1); 1205*7c478bd9Sstevel@tonic-gate adrm_short(adr, &remote_port, 1); 1206*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&remote_inaddr, 4); 1207*7c478bd9Sstevel@tonic-gate 1208*7c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1209*7c478bd9Sstevel@tonic-gate if (socket_flag == SOCKFLG_MACHINE) { 1210*7c478bd9Sstevel@tonic-gate if (remote_inaddr == obj_id) 1211*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1212*7c478bd9Sstevel@tonic-gate } else if (socket_flag == SOCKFLG_PORT) { 1213*7c478bd9Sstevel@tonic-gate if (remote_port == obj_id) 1214*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1215*7c478bd9Sstevel@tonic-gate } 1216*7c478bd9Sstevel@tonic-gate } 1217*7c478bd9Sstevel@tonic-gate return (-1); 1218*7c478bd9Sstevel@tonic-gate } 1219*7c478bd9Sstevel@tonic-gate 1220*7c478bd9Sstevel@tonic-gate 1221*7c478bd9Sstevel@tonic-gate /* 1222*7c478bd9Sstevel@tonic-gate * Format of socket token: 1223*7c478bd9Sstevel@tonic-gate * socket_type adrm_short 1224*7c478bd9Sstevel@tonic-gate * remote_port adrm_short 1225*7c478bd9Sstevel@tonic-gate * remote_inaddr adrm_int32 1226*7c478bd9Sstevel@tonic-gate * 1227*7c478bd9Sstevel@tonic-gate */ 1228*7c478bd9Sstevel@tonic-gate int 1229*7c478bd9Sstevel@tonic-gate socket_ex_token(adr_t *adr) 1230*7c478bd9Sstevel@tonic-gate { 1231*7c478bd9Sstevel@tonic-gate short socket_domain; 1232*7c478bd9Sstevel@tonic-gate short socket_type; 1233*7c478bd9Sstevel@tonic-gate short ip_size; 1234*7c478bd9Sstevel@tonic-gate short local_port; 1235*7c478bd9Sstevel@tonic-gate int32_t local_inaddr[4]; 1236*7c478bd9Sstevel@tonic-gate short remote_port; 1237*7c478bd9Sstevel@tonic-gate int32_t remote_inaddr[4]; 1238*7c478bd9Sstevel@tonic-gate 1239*7c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_domain, 1); 1240*7c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_type, 1); 1241*7c478bd9Sstevel@tonic-gate adrm_short(adr, &ip_size, 1); 1242*7c478bd9Sstevel@tonic-gate 1243*7c478bd9Sstevel@tonic-gate /* validate ip size */ 1244*7c478bd9Sstevel@tonic-gate if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1245*7c478bd9Sstevel@tonic-gate return (0); 1246*7c478bd9Sstevel@tonic-gate 1247*7c478bd9Sstevel@tonic-gate adrm_short(adr, &local_port, 1); 1248*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)local_inaddr, ip_size); 1249*7c478bd9Sstevel@tonic-gate 1250*7c478bd9Sstevel@tonic-gate adrm_short(adr, &remote_port, 1); 1251*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)remote_inaddr, ip_size); 1252*7c478bd9Sstevel@tonic-gate 1253*7c478bd9Sstevel@tonic-gate /* if IP type mis-match, then nothing to do */ 1254*7c478bd9Sstevel@tonic-gate if (ip_size != ip_type) 1255*7c478bd9Sstevel@tonic-gate return (-1); 1256*7c478bd9Sstevel@tonic-gate 1257*7c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1258*7c478bd9Sstevel@tonic-gate if (socket_flag == SOCKFLG_MACHINE) { 1259*7c478bd9Sstevel@tonic-gate if (ip_type == AU_IPv4) { 1260*7c478bd9Sstevel@tonic-gate if ((local_inaddr[0] == obj_id) || 1261*7c478bd9Sstevel@tonic-gate (remote_inaddr[0] == obj_id)) 1262*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1263*7c478bd9Sstevel@tonic-gate } else { 1264*7c478bd9Sstevel@tonic-gate if (((local_inaddr[0] == ip_ipv6[0]) && 1265*7c478bd9Sstevel@tonic-gate (local_inaddr[1] == ip_ipv6[1]) && 1266*7c478bd9Sstevel@tonic-gate (local_inaddr[2] == ip_ipv6[2]) && 1267*7c478bd9Sstevel@tonic-gate (local_inaddr[3] == ip_ipv6[3])) || 1268*7c478bd9Sstevel@tonic-gate ((remote_inaddr[0] == ip_ipv6[0]) && 1269*7c478bd9Sstevel@tonic-gate (remote_inaddr[1] == ip_ipv6[1]) && 1270*7c478bd9Sstevel@tonic-gate (remote_inaddr[2] == ip_ipv6[2]) && 1271*7c478bd9Sstevel@tonic-gate (remote_inaddr[3] == ip_ipv6[3]))) 1272*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1273*7c478bd9Sstevel@tonic-gate } 1274*7c478bd9Sstevel@tonic-gate } else if (socket_flag == SOCKFLG_PORT) { 1275*7c478bd9Sstevel@tonic-gate if ((local_port == obj_id) || (remote_port == obj_id)) 1276*7c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT; 1277*7c478bd9Sstevel@tonic-gate } 1278*7c478bd9Sstevel@tonic-gate } 1279*7c478bd9Sstevel@tonic-gate return (-1); 1280*7c478bd9Sstevel@tonic-gate } 1281*7c478bd9Sstevel@tonic-gate 1282*7c478bd9Sstevel@tonic-gate 1283*7c478bd9Sstevel@tonic-gate /* 1284*7c478bd9Sstevel@tonic-gate * Format of subject32 token: 1285*7c478bd9Sstevel@tonic-gate * subject token id adr_char 1286*7c478bd9Sstevel@tonic-gate * auid adr_int32 1287*7c478bd9Sstevel@tonic-gate * euid adr_int32 1288*7c478bd9Sstevel@tonic-gate * egid adr_int32 1289*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1290*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1291*7c478bd9Sstevel@tonic-gate * pid adr_int32 1292*7c478bd9Sstevel@tonic-gate * sid adr_int32 1293*7c478bd9Sstevel@tonic-gate * termid adr_int32*2 1294*7c478bd9Sstevel@tonic-gate * 1295*7c478bd9Sstevel@tonic-gate */ 1296*7c478bd9Sstevel@tonic-gate int 1297*7c478bd9Sstevel@tonic-gate subject32_token(adr_t *adr) 1298*7c478bd9Sstevel@tonic-gate { 1299*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1300*7c478bd9Sstevel@tonic-gate int32_t sid; 1301*7c478bd9Sstevel@tonic-gate int32_t port, machine; 1302*7c478bd9Sstevel@tonic-gate 1303*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1304*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1305*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1306*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1307*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1308*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1309*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1310*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1); 1311*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1); 1312*7c478bd9Sstevel@tonic-gate 1313*7c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) { 1314*7c478bd9Sstevel@tonic-gate if (subj_id == pid) 1315*7c478bd9Sstevel@tonic-gate checkflags |= M_SUBJECT; 1316*7c478bd9Sstevel@tonic-gate } 1317*7c478bd9Sstevel@tonic-gate if (flags & M_USERA) { 1318*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1319*7c478bd9Sstevel@tonic-gate checkflags |= M_USERA; 1320*7c478bd9Sstevel@tonic-gate } 1321*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1322*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1323*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 1324*7c478bd9Sstevel@tonic-gate } 1325*7c478bd9Sstevel@tonic-gate if (flags & M_USERR) { 1326*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1327*7c478bd9Sstevel@tonic-gate checkflags |= M_USERR; 1328*7c478bd9Sstevel@tonic-gate } 1329*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 1330*7c478bd9Sstevel@tonic-gate if (m_groupr == rgid) 1331*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 1332*7c478bd9Sstevel@tonic-gate } 1333*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) { 1334*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1335*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 1336*7c478bd9Sstevel@tonic-gate } 1337*7c478bd9Sstevel@tonic-gate return (-1); 1338*7c478bd9Sstevel@tonic-gate } 1339*7c478bd9Sstevel@tonic-gate 1340*7c478bd9Sstevel@tonic-gate /* 1341*7c478bd9Sstevel@tonic-gate * Format of subject32_ex token: 1342*7c478bd9Sstevel@tonic-gate * subject token id adr_char 1343*7c478bd9Sstevel@tonic-gate * auid adr_int32 1344*7c478bd9Sstevel@tonic-gate * euid adr_int32 1345*7c478bd9Sstevel@tonic-gate * egid adr_int32 1346*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1347*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1348*7c478bd9Sstevel@tonic-gate * pid adr_int32 1349*7c478bd9Sstevel@tonic-gate * sid adr_int32 1350*7c478bd9Sstevel@tonic-gate * termid_addr adr_int32*6 1351*7c478bd9Sstevel@tonic-gate * 1352*7c478bd9Sstevel@tonic-gate */ 1353*7c478bd9Sstevel@tonic-gate int 1354*7c478bd9Sstevel@tonic-gate subject32_ex_token(adr_t *adr) 1355*7c478bd9Sstevel@tonic-gate { 1356*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1357*7c478bd9Sstevel@tonic-gate int32_t sid; 1358*7c478bd9Sstevel@tonic-gate int32_t port, type, addr[4]; 1359*7c478bd9Sstevel@tonic-gate 1360*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1361*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1362*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1363*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1364*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1365*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1366*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1367*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1); 1368*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1); 1369*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &addr[0], 4); 1370*7c478bd9Sstevel@tonic-gate 1371*7c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) { 1372*7c478bd9Sstevel@tonic-gate if (subj_id == pid) 1373*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_SUBJECT; 1374*7c478bd9Sstevel@tonic-gate } 1375*7c478bd9Sstevel@tonic-gate if (flags & M_USERA) { 1376*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1377*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA; 1378*7c478bd9Sstevel@tonic-gate } 1379*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1380*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1381*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 1382*7c478bd9Sstevel@tonic-gate } 1383*7c478bd9Sstevel@tonic-gate if (flags & M_USERR) { 1384*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1385*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR; 1386*7c478bd9Sstevel@tonic-gate } 1387*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 1388*7c478bd9Sstevel@tonic-gate if (m_groupr == egid) 1389*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR; 1390*7c478bd9Sstevel@tonic-gate } 1391*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) { 1392*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1393*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE; 1394*7c478bd9Sstevel@tonic-gate } 1395*7c478bd9Sstevel@tonic-gate return (-1); 1396*7c478bd9Sstevel@tonic-gate } 1397*7c478bd9Sstevel@tonic-gate 1398*7c478bd9Sstevel@tonic-gate /* 1399*7c478bd9Sstevel@tonic-gate * Format of subject64 token: 1400*7c478bd9Sstevel@tonic-gate * subject token id adr_char 1401*7c478bd9Sstevel@tonic-gate * auid adr_int32 1402*7c478bd9Sstevel@tonic-gate * euid adr_int32 1403*7c478bd9Sstevel@tonic-gate * egid adr_int32 1404*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1405*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1406*7c478bd9Sstevel@tonic-gate * pid adr_int32 1407*7c478bd9Sstevel@tonic-gate * sid adr_int32 1408*7c478bd9Sstevel@tonic-gate * termid adr_int64+adr_int32 1409*7c478bd9Sstevel@tonic-gate * 1410*7c478bd9Sstevel@tonic-gate */ 1411*7c478bd9Sstevel@tonic-gate int 1412*7c478bd9Sstevel@tonic-gate subject64_token(adr_t *adr) 1413*7c478bd9Sstevel@tonic-gate { 1414*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1415*7c478bd9Sstevel@tonic-gate int32_t sid; 1416*7c478bd9Sstevel@tonic-gate int64_t port; 1417*7c478bd9Sstevel@tonic-gate int32_t machine; 1418*7c478bd9Sstevel@tonic-gate 1419*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1420*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1421*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1422*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1423*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1424*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1425*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1426*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1); 1427*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1); 1428*7c478bd9Sstevel@tonic-gate 1429*7c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) { 1430*7c478bd9Sstevel@tonic-gate if (subj_id == pid) 1431*7c478bd9Sstevel@tonic-gate checkflags |= M_SUBJECT; 1432*7c478bd9Sstevel@tonic-gate } 1433*7c478bd9Sstevel@tonic-gate if (flags & M_USERA) { 1434*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1435*7c478bd9Sstevel@tonic-gate checkflags |= M_USERA; 1436*7c478bd9Sstevel@tonic-gate } 1437*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1438*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1439*7c478bd9Sstevel@tonic-gate checkflags |= M_USERE; 1440*7c478bd9Sstevel@tonic-gate } 1441*7c478bd9Sstevel@tonic-gate if (flags & M_USERR) { 1442*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1443*7c478bd9Sstevel@tonic-gate checkflags |= M_USERR; 1444*7c478bd9Sstevel@tonic-gate } 1445*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 1446*7c478bd9Sstevel@tonic-gate if (m_groupr == rgid) 1447*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR; 1448*7c478bd9Sstevel@tonic-gate } 1449*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) { 1450*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1451*7c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE; 1452*7c478bd9Sstevel@tonic-gate } 1453*7c478bd9Sstevel@tonic-gate return (-1); 1454*7c478bd9Sstevel@tonic-gate } 1455*7c478bd9Sstevel@tonic-gate 1456*7c478bd9Sstevel@tonic-gate /* 1457*7c478bd9Sstevel@tonic-gate * Format of subject64 token: 1458*7c478bd9Sstevel@tonic-gate * subject token id adr_char 1459*7c478bd9Sstevel@tonic-gate * auid adr_int32 1460*7c478bd9Sstevel@tonic-gate * euid adr_int32 1461*7c478bd9Sstevel@tonic-gate * egid adr_int32 1462*7c478bd9Sstevel@tonic-gate * ruid adr_int32 1463*7c478bd9Sstevel@tonic-gate * rgid adr_int32 1464*7c478bd9Sstevel@tonic-gate * pid adr_int32 1465*7c478bd9Sstevel@tonic-gate * sid adr_int32 1466*7c478bd9Sstevel@tonic-gate * termid adr_int64+5*adr_int32 1467*7c478bd9Sstevel@tonic-gate * 1468*7c478bd9Sstevel@tonic-gate */ 1469*7c478bd9Sstevel@tonic-gate int 1470*7c478bd9Sstevel@tonic-gate subject64_ex_token(adr_t *adr) 1471*7c478bd9Sstevel@tonic-gate { 1472*7c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid; 1473*7c478bd9Sstevel@tonic-gate int32_t sid; 1474*7c478bd9Sstevel@tonic-gate int64_t port; 1475*7c478bd9Sstevel@tonic-gate int32_t type, addr[4]; 1476*7c478bd9Sstevel@tonic-gate 1477*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1); 1478*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1); 1479*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1); 1480*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1); 1481*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1); 1482*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1); 1483*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1); 1484*7c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1); 1485*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1); 1486*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &addr[0], 4); 1487*7c478bd9Sstevel@tonic-gate 1488*7c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) { 1489*7c478bd9Sstevel@tonic-gate if (subj_id == pid) 1490*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_SUBJECT; 1491*7c478bd9Sstevel@tonic-gate } 1492*7c478bd9Sstevel@tonic-gate if (flags & M_USERA) { 1493*7c478bd9Sstevel@tonic-gate if (m_usera == auid) 1494*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA; 1495*7c478bd9Sstevel@tonic-gate } 1496*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1497*7c478bd9Sstevel@tonic-gate if (m_usere == euid) 1498*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 1499*7c478bd9Sstevel@tonic-gate } 1500*7c478bd9Sstevel@tonic-gate if (flags & M_USERR) { 1501*7c478bd9Sstevel@tonic-gate if (m_userr == ruid) 1502*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR; 1503*7c478bd9Sstevel@tonic-gate } 1504*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) { 1505*7c478bd9Sstevel@tonic-gate if (m_groupr == egid) 1506*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR; 1507*7c478bd9Sstevel@tonic-gate } 1508*7c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) { 1509*7c478bd9Sstevel@tonic-gate if (m_groupe == egid) 1510*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE; 1511*7c478bd9Sstevel@tonic-gate } 1512*7c478bd9Sstevel@tonic-gate return (-1); 1513*7c478bd9Sstevel@tonic-gate } 1514*7c478bd9Sstevel@tonic-gate 1515*7c478bd9Sstevel@tonic-gate /* 1516*7c478bd9Sstevel@tonic-gate * ----------------------------------------------------------------------- 1517*7c478bd9Sstevel@tonic-gate * tid_token(): Process tid token and display contents 1518*7c478bd9Sstevel@tonic-gate * 1519*7c478bd9Sstevel@tonic-gate * Format of tid token: 1520*7c478bd9Sstevel@tonic-gate * tid token id adr_char 1521*7c478bd9Sstevel@tonic-gate * address type adr_char 1522*7c478bd9Sstevel@tonic-gate * For address type of AU_IPADR... 1523*7c478bd9Sstevel@tonic-gate * remote port adr_short 1524*7c478bd9Sstevel@tonic-gate * local port adr_short 1525*7c478bd9Sstevel@tonic-gate * IP type adr_int32 1526*7c478bd9Sstevel@tonic-gate * IP addr adr_int32 if IPv4 1527*7c478bd9Sstevel@tonic-gate * IP addr 4 x adr_int32 if IPv6 1528*7c478bd9Sstevel@tonic-gate * address types other than AU_IPADR are not yet defined 1529*7c478bd9Sstevel@tonic-gate * ----------------------------------------------------------------------- 1530*7c478bd9Sstevel@tonic-gate */ 1531*7c478bd9Sstevel@tonic-gate int 1532*7c478bd9Sstevel@tonic-gate tid_token(adr_t *adr) 1533*7c478bd9Sstevel@tonic-gate { 1534*7c478bd9Sstevel@tonic-gate int32_t address[4]; 1535*7c478bd9Sstevel@tonic-gate int32_t ip_type; 1536*7c478bd9Sstevel@tonic-gate char tid_type; 1537*7c478bd9Sstevel@tonic-gate short rport; 1538*7c478bd9Sstevel@tonic-gate short lport; 1539*7c478bd9Sstevel@tonic-gate 1540*7c478bd9Sstevel@tonic-gate adrm_char(adr, &tid_type, 1); 1541*7c478bd9Sstevel@tonic-gate switch (tid_type) { 1542*7c478bd9Sstevel@tonic-gate case AU_IPADR: 1543*7c478bd9Sstevel@tonic-gate adrm_short(adr, &rport, 1); 1544*7c478bd9Sstevel@tonic-gate adrm_short(adr, &lport, 1); 1545*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &ip_type, 1); 1546*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&address, ip_type); 1547*7c478bd9Sstevel@tonic-gate break; 1548*7c478bd9Sstevel@tonic-gate default: 1549*7c478bd9Sstevel@tonic-gate return (0); 1550*7c478bd9Sstevel@tonic-gate } 1551*7c478bd9Sstevel@tonic-gate return (-1); 1552*7c478bd9Sstevel@tonic-gate } 1553*7c478bd9Sstevel@tonic-gate 1554*7c478bd9Sstevel@tonic-gate /* 1555*7c478bd9Sstevel@tonic-gate * ----------------------------------------------------------------------- 1556*7c478bd9Sstevel@tonic-gate * zonename_token(): Process zonename token and display contents 1557*7c478bd9Sstevel@tonic-gate * 1558*7c478bd9Sstevel@tonic-gate * Format of zonename token: 1559*7c478bd9Sstevel@tonic-gate * zonename token id adr_char 1560*7c478bd9Sstevel@tonic-gate * zone name adr_string 1561*7c478bd9Sstevel@tonic-gate * ----------------------------------------------------------------------- 1562*7c478bd9Sstevel@tonic-gate */ 1563*7c478bd9Sstevel@tonic-gate int 1564*7c478bd9Sstevel@tonic-gate zonename_token(adr_t *adr) 1565*7c478bd9Sstevel@tonic-gate { 1566*7c478bd9Sstevel@tonic-gate char *name; 1567*7c478bd9Sstevel@tonic-gate 1568*7c478bd9Sstevel@tonic-gate if (flags & M_ZONENAME) { 1569*7c478bd9Sstevel@tonic-gate get_string(adr, &name); 1570*7c478bd9Sstevel@tonic-gate if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1571*7c478bd9Sstevel@tonic-gate checkflags |= M_ZONENAME; 1572*7c478bd9Sstevel@tonic-gate free(name); 1573*7c478bd9Sstevel@tonic-gate } else { 1574*7c478bd9Sstevel@tonic-gate skip_string(adr); 1575*7c478bd9Sstevel@tonic-gate } 1576*7c478bd9Sstevel@tonic-gate return (-1); 1577*7c478bd9Sstevel@tonic-gate } 1578*7c478bd9Sstevel@tonic-gate 1579*7c478bd9Sstevel@tonic-gate /* 1580*7c478bd9Sstevel@tonic-gate * Format of xatom token: 1581*7c478bd9Sstevel@tonic-gate */ 1582*7c478bd9Sstevel@tonic-gate int 1583*7c478bd9Sstevel@tonic-gate xatom_token(adr_t *adr) 1584*7c478bd9Sstevel@tonic-gate { 1585*7c478bd9Sstevel@tonic-gate skip_string(adr); 1586*7c478bd9Sstevel@tonic-gate 1587*7c478bd9Sstevel@tonic-gate return (-1); 1588*7c478bd9Sstevel@tonic-gate } 1589*7c478bd9Sstevel@tonic-gate 1590*7c478bd9Sstevel@tonic-gate /* 1591*7c478bd9Sstevel@tonic-gate * Format of xselect token: 1592*7c478bd9Sstevel@tonic-gate */ 1593*7c478bd9Sstevel@tonic-gate int 1594*7c478bd9Sstevel@tonic-gate xselect_token(adr_t *adr) 1595*7c478bd9Sstevel@tonic-gate { 1596*7c478bd9Sstevel@tonic-gate skip_string(adr); 1597*7c478bd9Sstevel@tonic-gate skip_string(adr); 1598*7c478bd9Sstevel@tonic-gate skip_string(adr); 1599*7c478bd9Sstevel@tonic-gate 1600*7c478bd9Sstevel@tonic-gate return (-1); 1601*7c478bd9Sstevel@tonic-gate } 1602*7c478bd9Sstevel@tonic-gate 1603*7c478bd9Sstevel@tonic-gate /* 1604*7c478bd9Sstevel@tonic-gate * anchor a path name with a slash 1605*7c478bd9Sstevel@tonic-gate * assume we have enough space 1606*7c478bd9Sstevel@tonic-gate */ 1607*7c478bd9Sstevel@tonic-gate void 1608*7c478bd9Sstevel@tonic-gate anchor_path(char *path) 1609*7c478bd9Sstevel@tonic-gate { 1610*7c478bd9Sstevel@tonic-gate (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1611*7c478bd9Sstevel@tonic-gate *path = '/'; 1612*7c478bd9Sstevel@tonic-gate } 1613*7c478bd9Sstevel@tonic-gate 1614*7c478bd9Sstevel@tonic-gate 1615*7c478bd9Sstevel@tonic-gate /* 1616*7c478bd9Sstevel@tonic-gate * copy path to collapsed path. 1617*7c478bd9Sstevel@tonic-gate * collapsed path does not contain: 1618*7c478bd9Sstevel@tonic-gate * successive slashes 1619*7c478bd9Sstevel@tonic-gate * instances of dot-slash 1620*7c478bd9Sstevel@tonic-gate * instances of dot-dot-slash 1621*7c478bd9Sstevel@tonic-gate * passed path must be anchored with a '/' 1622*7c478bd9Sstevel@tonic-gate */ 1623*7c478bd9Sstevel@tonic-gate char * 1624*7c478bd9Sstevel@tonic-gate collapse_path(char *s) 1625*7c478bd9Sstevel@tonic-gate { 1626*7c478bd9Sstevel@tonic-gate int id; /* index of where we are in destination string */ 1627*7c478bd9Sstevel@tonic-gate int is; /* index of where we are in source string */ 1628*7c478bd9Sstevel@tonic-gate int slashseen; /* have we seen a slash */ 1629*7c478bd9Sstevel@tonic-gate int ls; /* length of source string */ 1630*7c478bd9Sstevel@tonic-gate 1631*7c478bd9Sstevel@tonic-gate ls = strlen(s) + 1; 1632*7c478bd9Sstevel@tonic-gate 1633*7c478bd9Sstevel@tonic-gate slashseen = 0; 1634*7c478bd9Sstevel@tonic-gate for (is = 0, id = 0; is < ls; is++) { 1635*7c478bd9Sstevel@tonic-gate /* thats all folks, we've reached the end of input */ 1636*7c478bd9Sstevel@tonic-gate if (s[is] == '\0') { 1637*7c478bd9Sstevel@tonic-gate if (id > 1 && s[id-1] == '/') { 1638*7c478bd9Sstevel@tonic-gate --id; 1639*7c478bd9Sstevel@tonic-gate } 1640*7c478bd9Sstevel@tonic-gate s[id++] = '\0'; 1641*7c478bd9Sstevel@tonic-gate break; 1642*7c478bd9Sstevel@tonic-gate } 1643*7c478bd9Sstevel@tonic-gate /* previous character was a / */ 1644*7c478bd9Sstevel@tonic-gate if (slashseen) { 1645*7c478bd9Sstevel@tonic-gate if (s[is] == '/') 1646*7c478bd9Sstevel@tonic-gate continue; /* another slash, ignore it */ 1647*7c478bd9Sstevel@tonic-gate } else if (s[is] == '/') { 1648*7c478bd9Sstevel@tonic-gate /* we see a /, just copy it and try again */ 1649*7c478bd9Sstevel@tonic-gate slashseen = 1; 1650*7c478bd9Sstevel@tonic-gate s[id++] = '/'; 1651*7c478bd9Sstevel@tonic-gate continue; 1652*7c478bd9Sstevel@tonic-gate } 1653*7c478bd9Sstevel@tonic-gate /* /./ seen */ 1654*7c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '/') { 1655*7c478bd9Sstevel@tonic-gate is += 1; 1656*7c478bd9Sstevel@tonic-gate continue; 1657*7c478bd9Sstevel@tonic-gate } 1658*7c478bd9Sstevel@tonic-gate /* XXX/. seen */ 1659*7c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '\0') { 1660*7c478bd9Sstevel@tonic-gate if (id > 1) 1661*7c478bd9Sstevel@tonic-gate id--; 1662*7c478bd9Sstevel@tonic-gate continue; 1663*7c478bd9Sstevel@tonic-gate } 1664*7c478bd9Sstevel@tonic-gate /* XXX/.. seen */ 1665*7c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1666*7c478bd9Sstevel@tonic-gate is += 1; 1667*7c478bd9Sstevel@tonic-gate if (id > 0) 1668*7c478bd9Sstevel@tonic-gate id--; 1669*7c478bd9Sstevel@tonic-gate while (id > 0 && s[--id] != '/'); 1670*7c478bd9Sstevel@tonic-gate id++; 1671*7c478bd9Sstevel@tonic-gate continue; 1672*7c478bd9Sstevel@tonic-gate } 1673*7c478bd9Sstevel@tonic-gate /* XXX/../ seen */ 1674*7c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1675*7c478bd9Sstevel@tonic-gate is += 2; 1676*7c478bd9Sstevel@tonic-gate if (id > 0) 1677*7c478bd9Sstevel@tonic-gate id--; 1678*7c478bd9Sstevel@tonic-gate while (id > 0 && s[--id] != '/'); 1679*7c478bd9Sstevel@tonic-gate id++; 1680*7c478bd9Sstevel@tonic-gate continue; 1681*7c478bd9Sstevel@tonic-gate } 1682*7c478bd9Sstevel@tonic-gate while (is < ls && (s[id++] = s[is++]) != '/'); 1683*7c478bd9Sstevel@tonic-gate is--; 1684*7c478bd9Sstevel@tonic-gate } 1685*7c478bd9Sstevel@tonic-gate return (s); 1686*7c478bd9Sstevel@tonic-gate } 1687*7c478bd9Sstevel@tonic-gate 1688*7c478bd9Sstevel@tonic-gate 1689*7c478bd9Sstevel@tonic-gate int 1690*7c478bd9Sstevel@tonic-gate ipc_type_match(int flag, char type) 1691*7c478bd9Sstevel@tonic-gate { 1692*7c478bd9Sstevel@tonic-gate if (flag == OBJ_SEM && type == AT_IPC_SEM) 1693*7c478bd9Sstevel@tonic-gate return (1); 1694*7c478bd9Sstevel@tonic-gate 1695*7c478bd9Sstevel@tonic-gate if (flag == OBJ_MSG && type == AT_IPC_MSG) 1696*7c478bd9Sstevel@tonic-gate return (1); 1697*7c478bd9Sstevel@tonic-gate 1698*7c478bd9Sstevel@tonic-gate if (flag == OBJ_SHM && type == AT_IPC_SHM) 1699*7c478bd9Sstevel@tonic-gate return (1); 1700*7c478bd9Sstevel@tonic-gate 1701*7c478bd9Sstevel@tonic-gate return (0); 1702*7c478bd9Sstevel@tonic-gate } 1703*7c478bd9Sstevel@tonic-gate 1704*7c478bd9Sstevel@tonic-gate 1705*7c478bd9Sstevel@tonic-gate void 1706*7c478bd9Sstevel@tonic-gate skip_string(adr_t *adr) 1707*7c478bd9Sstevel@tonic-gate { 1708*7c478bd9Sstevel@tonic-gate ushort_t c; 1709*7c478bd9Sstevel@tonic-gate 1710*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, &c, 1); 1711*7c478bd9Sstevel@tonic-gate adr->adr_now += c; 1712*7c478bd9Sstevel@tonic-gate } 1713*7c478bd9Sstevel@tonic-gate 1714*7c478bd9Sstevel@tonic-gate 1715*7c478bd9Sstevel@tonic-gate void 1716*7c478bd9Sstevel@tonic-gate get_string(adr_t *adr, char **p) 1717*7c478bd9Sstevel@tonic-gate { 1718*7c478bd9Sstevel@tonic-gate ushort_t c; 1719*7c478bd9Sstevel@tonic-gate 1720*7c478bd9Sstevel@tonic-gate adrm_u_short(adr, &c, 1); 1721*7c478bd9Sstevel@tonic-gate *p = a_calloc(1, (size_t)c); 1722*7c478bd9Sstevel@tonic-gate adrm_char(adr, *p, c); 1723*7c478bd9Sstevel@tonic-gate } 1724*7c478bd9Sstevel@tonic-gate 1725*7c478bd9Sstevel@tonic-gate 1726*7c478bd9Sstevel@tonic-gate /* 1727*7c478bd9Sstevel@tonic-gate * Format of host token: 1728*7c478bd9Sstevel@tonic-gate * host ard_uint32 1729*7c478bd9Sstevel@tonic-gate */ 1730*7c478bd9Sstevel@tonic-gate int 1731*7c478bd9Sstevel@tonic-gate host_token(adr_t *adr) 1732*7c478bd9Sstevel@tonic-gate { 1733*7c478bd9Sstevel@tonic-gate uint32_t host; 1734*7c478bd9Sstevel@tonic-gate 1735*7c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &host, 1); 1736*7c478bd9Sstevel@tonic-gate 1737*7c478bd9Sstevel@tonic-gate return (-1); 1738*7c478bd9Sstevel@tonic-gate } 1739*7c478bd9Sstevel@tonic-gate 1740*7c478bd9Sstevel@tonic-gate /* 1741*7c478bd9Sstevel@tonic-gate * Format of useofauth token: 1742*7c478bd9Sstevel@tonic-gate * uauth token id adr_char 1743*7c478bd9Sstevel@tonic-gate * uauth adr_string 1744*7c478bd9Sstevel@tonic-gate * 1745*7c478bd9Sstevel@tonic-gate */ 1746*7c478bd9Sstevel@tonic-gate int 1747*7c478bd9Sstevel@tonic-gate useofauth_token(adr_t *adr) 1748*7c478bd9Sstevel@tonic-gate { 1749*7c478bd9Sstevel@tonic-gate skip_string(adr); 1750*7c478bd9Sstevel@tonic-gate return (-1); 1751*7c478bd9Sstevel@tonic-gate } 1752*7c478bd9Sstevel@tonic-gate 1753*7c478bd9Sstevel@tonic-gate int 1754*7c478bd9Sstevel@tonic-gate xcolormap_token(adr_t *adr) 1755*7c478bd9Sstevel@tonic-gate { 1756*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1757*7c478bd9Sstevel@tonic-gate } 1758*7c478bd9Sstevel@tonic-gate 1759*7c478bd9Sstevel@tonic-gate int 1760*7c478bd9Sstevel@tonic-gate xcursor_token(adr_t *adr) 1761*7c478bd9Sstevel@tonic-gate { 1762*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1763*7c478bd9Sstevel@tonic-gate } 1764*7c478bd9Sstevel@tonic-gate 1765*7c478bd9Sstevel@tonic-gate int 1766*7c478bd9Sstevel@tonic-gate xfont_token(adr_t *adr) 1767*7c478bd9Sstevel@tonic-gate { 1768*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1769*7c478bd9Sstevel@tonic-gate } 1770*7c478bd9Sstevel@tonic-gate 1771*7c478bd9Sstevel@tonic-gate int 1772*7c478bd9Sstevel@tonic-gate xgc_token(adr_t *adr) 1773*7c478bd9Sstevel@tonic-gate { 1774*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1775*7c478bd9Sstevel@tonic-gate } 1776*7c478bd9Sstevel@tonic-gate 1777*7c478bd9Sstevel@tonic-gate int 1778*7c478bd9Sstevel@tonic-gate xpixmap_token(adr_t *adr) 1779*7c478bd9Sstevel@tonic-gate { 1780*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1781*7c478bd9Sstevel@tonic-gate } 1782*7c478bd9Sstevel@tonic-gate 1783*7c478bd9Sstevel@tonic-gate int 1784*7c478bd9Sstevel@tonic-gate xwindow_token(adr_t *adr) 1785*7c478bd9Sstevel@tonic-gate { 1786*7c478bd9Sstevel@tonic-gate return (xgeneric(adr)); 1787*7c478bd9Sstevel@tonic-gate } 1788*7c478bd9Sstevel@tonic-gate 1789*7c478bd9Sstevel@tonic-gate 1790*7c478bd9Sstevel@tonic-gate /* 1791*7c478bd9Sstevel@tonic-gate * Format of xgeneric token: 1792*7c478bd9Sstevel@tonic-gate * XID adr_int32 1793*7c478bd9Sstevel@tonic-gate * creator UID adr_int32 1794*7c478bd9Sstevel@tonic-gate * 1795*7c478bd9Sstevel@tonic-gate * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1796*7c478bd9Sstevel@tonic-gate */ 1797*7c478bd9Sstevel@tonic-gate int 1798*7c478bd9Sstevel@tonic-gate xgeneric(adr_t *adr) 1799*7c478bd9Sstevel@tonic-gate { 1800*7c478bd9Sstevel@tonic-gate int32_t xid; 1801*7c478bd9Sstevel@tonic-gate int32_t uid; 1802*7c478bd9Sstevel@tonic-gate 1803*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &xid, 1); 1804*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 1805*7c478bd9Sstevel@tonic-gate 1806*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1807*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 1808*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 1809*7c478bd9Sstevel@tonic-gate } 1810*7c478bd9Sstevel@tonic-gate 1811*7c478bd9Sstevel@tonic-gate return (-1); 1812*7c478bd9Sstevel@tonic-gate } 1813*7c478bd9Sstevel@tonic-gate 1814*7c478bd9Sstevel@tonic-gate 1815*7c478bd9Sstevel@tonic-gate /* 1816*7c478bd9Sstevel@tonic-gate * Format of xproperty token: 1817*7c478bd9Sstevel@tonic-gate * XID adr_int32 1818*7c478bd9Sstevel@tonic-gate * creator UID adr_int32 1819*7c478bd9Sstevel@tonic-gate * atom string adr_string 1820*7c478bd9Sstevel@tonic-gate */ 1821*7c478bd9Sstevel@tonic-gate int 1822*7c478bd9Sstevel@tonic-gate xproperty_token(adr_t *adr) 1823*7c478bd9Sstevel@tonic-gate { 1824*7c478bd9Sstevel@tonic-gate int32_t xid; 1825*7c478bd9Sstevel@tonic-gate int32_t uid; 1826*7c478bd9Sstevel@tonic-gate 1827*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &xid, 1); 1828*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1); 1829*7c478bd9Sstevel@tonic-gate skip_string(adr); 1830*7c478bd9Sstevel@tonic-gate 1831*7c478bd9Sstevel@tonic-gate if (flags & M_USERE) { 1832*7c478bd9Sstevel@tonic-gate if (m_usere == uid) 1833*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE; 1834*7c478bd9Sstevel@tonic-gate } 1835*7c478bd9Sstevel@tonic-gate 1836*7c478bd9Sstevel@tonic-gate return (-1); 1837*7c478bd9Sstevel@tonic-gate } 1838*7c478bd9Sstevel@tonic-gate 1839*7c478bd9Sstevel@tonic-gate 1840*7c478bd9Sstevel@tonic-gate /* 1841*7c478bd9Sstevel@tonic-gate * Format of xclient token: 1842*7c478bd9Sstevel@tonic-gate * xclient id adr_int32 1843*7c478bd9Sstevel@tonic-gate */ 1844*7c478bd9Sstevel@tonic-gate int 1845*7c478bd9Sstevel@tonic-gate xclient_token(adr_t *adr) 1846*7c478bd9Sstevel@tonic-gate { 1847*7c478bd9Sstevel@tonic-gate int32_t client_id; 1848*7c478bd9Sstevel@tonic-gate 1849*7c478bd9Sstevel@tonic-gate adrm_int32(adr, &client_id, 1); 1850*7c478bd9Sstevel@tonic-gate 1851*7c478bd9Sstevel@tonic-gate return (-1); 1852*7c478bd9Sstevel@tonic-gate } 1853*7c478bd9Sstevel@tonic-gate 1854*7c478bd9Sstevel@tonic-gate /* 1855*7c478bd9Sstevel@tonic-gate * Format of clearance token: 1856*7c478bd9Sstevel@tonic-gate * clearance adr_char*(sizeof (bclear_t)) 1857*7c478bd9Sstevel@tonic-gate */ 1858*7c478bd9Sstevel@tonic-gate #ifndef TSOL 1859*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1860*7c478bd9Sstevel@tonic-gate #endif /* !TSOL */ 1861*7c478bd9Sstevel@tonic-gate int 1862*7c478bd9Sstevel@tonic-gate clearance_token(adr_t *adr) 1863*7c478bd9Sstevel@tonic-gate { 1864*7c478bd9Sstevel@tonic-gate #ifdef TSOL 1865*7c478bd9Sstevel@tonic-gate bclear_t clearance; 1866*7c478bd9Sstevel@tonic-gate 1867*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&clearance, sizeof (bclear_t)); 1868*7c478bd9Sstevel@tonic-gate return (-1); 1869*7c478bd9Sstevel@tonic-gate #else /* !TSOL */ 1870*7c478bd9Sstevel@tonic-gate return (-2); 1871*7c478bd9Sstevel@tonic-gate #endif /* TSOL */ 1872*7c478bd9Sstevel@tonic-gate } 1873*7c478bd9Sstevel@tonic-gate 1874*7c478bd9Sstevel@tonic-gate 1875*7c478bd9Sstevel@tonic-gate /* 1876*7c478bd9Sstevel@tonic-gate * Format of ilabel token: 1877*7c478bd9Sstevel@tonic-gate * ilabel adr_char*(sizeof (bilabel_t)) 1878*7c478bd9Sstevel@tonic-gate */ 1879*7c478bd9Sstevel@tonic-gate #ifndef TSOL 1880*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1881*7c478bd9Sstevel@tonic-gate #endif /* !TSOL */ 1882*7c478bd9Sstevel@tonic-gate int 1883*7c478bd9Sstevel@tonic-gate ilabel_token(adr_t *adr) 1884*7c478bd9Sstevel@tonic-gate { 1885*7c478bd9Sstevel@tonic-gate #ifdef TSOL 1886*7c478bd9Sstevel@tonic-gate bilabel_t ilabel; 1887*7c478bd9Sstevel@tonic-gate 1888*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&ilabel, sizeof (ilabel)); 1889*7c478bd9Sstevel@tonic-gate 1890*7c478bd9Sstevel@tonic-gate return (-1); 1891*7c478bd9Sstevel@tonic-gate #else /* !TSOL */ 1892*7c478bd9Sstevel@tonic-gate return (-2); 1893*7c478bd9Sstevel@tonic-gate #endif /* TSOL */ 1894*7c478bd9Sstevel@tonic-gate } 1895*7c478bd9Sstevel@tonic-gate 1896*7c478bd9Sstevel@tonic-gate /* 1897*7c478bd9Sstevel@tonic-gate * Format of privilege set token: 1898*7c478bd9Sstevel@tonic-gate * priv_set type string 1899*7c478bd9Sstevel@tonic-gate * priv_set string 1900*7c478bd9Sstevel@tonic-gate */ 1901*7c478bd9Sstevel@tonic-gate 1902*7c478bd9Sstevel@tonic-gate int 1903*7c478bd9Sstevel@tonic-gate privilege_token(adr_t *adr) 1904*7c478bd9Sstevel@tonic-gate { 1905*7c478bd9Sstevel@tonic-gate skip_string(adr); /* set type name */ 1906*7c478bd9Sstevel@tonic-gate skip_string(adr); /* privilege set */ 1907*7c478bd9Sstevel@tonic-gate return (-1); 1908*7c478bd9Sstevel@tonic-gate } 1909*7c478bd9Sstevel@tonic-gate 1910*7c478bd9Sstevel@tonic-gate /* 1911*7c478bd9Sstevel@tonic-gate * Format of slabel token: 1912*7c478bd9Sstevel@tonic-gate * slabel adr_char*(sizeof (bslabel_t)) 1913*7c478bd9Sstevel@tonic-gate */ 1914*7c478bd9Sstevel@tonic-gate #ifndef TSOL 1915*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1916*7c478bd9Sstevel@tonic-gate #endif /* !TSOL */ 1917*7c478bd9Sstevel@tonic-gate int 1918*7c478bd9Sstevel@tonic-gate slabel_token(adr_t *adr) 1919*7c478bd9Sstevel@tonic-gate { 1920*7c478bd9Sstevel@tonic-gate #ifdef TSOL 1921*7c478bd9Sstevel@tonic-gate bslabel_t slabel; 1922*7c478bd9Sstevel@tonic-gate 1923*7c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&slabel, sizeof (slabel)); 1924*7c478bd9Sstevel@tonic-gate 1925*7c478bd9Sstevel@tonic-gate if (flags & M_SLABEL) { 1926*7c478bd9Sstevel@tonic-gate if (blinrange(&slabel, &m_slabel)) 1927*7c478bd9Sstevel@tonic-gate checkflags = checkflags | M_SLABEL; 1928*7c478bd9Sstevel@tonic-gate } 1929*7c478bd9Sstevel@tonic-gate 1930*7c478bd9Sstevel@tonic-gate return (-1); 1931*7c478bd9Sstevel@tonic-gate #else /* !TSOL */ 1932*7c478bd9Sstevel@tonic-gate return (-2); 1933*7c478bd9Sstevel@tonic-gate #endif /* TSOL */ 1934*7c478bd9Sstevel@tonic-gate } 1935*7c478bd9Sstevel@tonic-gate 1936*7c478bd9Sstevel@tonic-gate 1937*7c478bd9Sstevel@tonic-gate /* 1938*7c478bd9Sstevel@tonic-gate * Format of useofpriv token: 1939*7c478bd9Sstevel@tonic-gate * success/failure adr_char 1940*7c478bd9Sstevel@tonic-gate * TSOL: 1941*7c478bd9Sstevel@tonic-gate * privilege adr_int32 1942*7c478bd9Sstevel@tonic-gate * SOL: 1943*7c478bd9Sstevel@tonic-gate * privilege(s) adr_string 1944*7c478bd9Sstevel@tonic-gate */ 1945*7c478bd9Sstevel@tonic-gate #ifndef TSOL 1946*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 1947*7c478bd9Sstevel@tonic-gate #endif /* !TSOL */ 1948*7c478bd9Sstevel@tonic-gate int 1949*7c478bd9Sstevel@tonic-gate useofpriv_token(adr_t *adr) 1950*7c478bd9Sstevel@tonic-gate { 1951*7c478bd9Sstevel@tonic-gate char flag; 1952*7c478bd9Sstevel@tonic-gate 1953*7c478bd9Sstevel@tonic-gate #ifdef TSOL 1954*7c478bd9Sstevel@tonic-gate priv_t priv; 1955*7c478bd9Sstevel@tonic-gate 1956*7c478bd9Sstevel@tonic-gate adrm_char(adr, &flag, 1); 1957*7c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&priv, 1); 1958*7c478bd9Sstevel@tonic-gate 1959*7c478bd9Sstevel@tonic-gate return (-1); 1960*7c478bd9Sstevel@tonic-gate #else /* !TSOL */ 1961*7c478bd9Sstevel@tonic-gate 1962*7c478bd9Sstevel@tonic-gate adrm_char(adr, &flag, 1); 1963*7c478bd9Sstevel@tonic-gate skip_string(adr); 1964*7c478bd9Sstevel@tonic-gate return (-1); 1965*7c478bd9Sstevel@tonic-gate #endif /* TSOL */ 1966*7c478bd9Sstevel@tonic-gate } 1967