1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * Token processing for auditreduce. 31 */ 32 33 #include <locale.h> 34 #include <sys/zone.h> 35 #include "auditr.h" 36 #include "toktable.h" 37 38 extern int re_exec2(char *); 39 40 static void anchor_path(char *path); 41 static char *collapse_path(char *s); 42 static void get_string(adr_t *adr, char **p); 43 static int ipc_type_match(int flag, char type); 44 static void skip_string(adr_t *adr); 45 static int xgeneric(adr_t *adr); 46 47 #if AUDIT_REC 48 void 49 print_id(int id) 50 { 51 char *suffix; 52 53 if ((id < 0) || (id > MAXTOKEN) || 54 (tokentable[id].func == NOFUNC)) { 55 (void) fprintf(stderr, 56 "token_processing: token %d not found\n", id); 57 return; 58 } 59 60 switch (id) { 61 case AUT_NEWGROUPS: 62 suffix = "_new"; 63 break; 64 case AUT_ATTR32: 65 suffix = "32"; 66 break; 67 case AUT_ARG64: 68 case AUT_RETURN64: 69 case AUT_ATTR64: 70 case AUT_HEADER64: 71 case AUT_SUBJECT64: 72 case AUT_PROCESS64: 73 case AUT_OTHER_FILE64: 74 suffix = "64"; 75 break; 76 case AUT_SOCKET_EX: 77 case AUT_IN_ADDR_EX: 78 suffix = "_ex"; 79 break; 80 case AUT_HEADER32_EX: 81 case AUT_SUBJECT32_EX: 82 case AUT_PROCESS32_EX: 83 suffix = "32_ex"; 84 break; 85 case AUT_HEADER64_EX: 86 case AUT_SUBJECT64_EX: 87 case AUT_PROCESS64_EX: 88 suffix = "64_ex"; 89 break; 90 default: 91 suffix = ""; 92 break; 93 } 94 (void) fprintf(stderr, "token_processing: %s%s\n", 95 tokentable[id].t_name, suffix); 96 } 97 #endif /* AUDIT_REC */ 98 99 /* 100 * Process a token in a record to determine whether the record is interesting. 101 */ 102 103 int 104 token_processing(adr_t *adr, int tokenid) 105 { 106 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 107 (tokentable[tokenid].func != NOFUNC)) { 108 #if AUDIT_REC 109 print_id(tokenid); 110 #endif /* AUDIT_REC */ 111 return ((*tokentable[tokenid].func)(adr)); 112 } 113 114 /* here if token id is not in table */ 115 return (-2); 116 } 117 118 119 /* There should not be any file or header tokens in the middle of a record */ 120 121 /* ARGSUSED */ 122 int 123 file_token(adr_t *adr) 124 { 125 return (-2); 126 } 127 128 /* ARGSUSED */ 129 int 130 file64_token(adr_t *adr) 131 { 132 return (-2); 133 } 134 135 /* ARGSUSED */ 136 int 137 header_token(adr_t *adr) 138 { 139 return (-2); 140 } 141 142 /* ARGSUSED */ 143 int 144 header32_ex_token(adr_t *adr) 145 { 146 return (-2); 147 } 148 149 /* ARGSUSED */ 150 int 151 header64_ex_token(adr_t *adr) 152 { 153 return (-2); 154 } 155 156 /* ARGSUSED */ 157 int 158 header64_token(adr_t *adr) 159 { 160 return (-2); 161 } 162 163 164 /* 165 * ====================================================== 166 * The following token processing routines return 167 * -1: if the record is not interesting 168 * -2: if an error is found 169 * ====================================================== 170 */ 171 172 int 173 trailer_token(adr_t *adr) 174 { 175 short magic_number; 176 uint32_t bytes; 177 178 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 179 if (magic_number != AUT_TRAILER_MAGIC) { 180 (void) fprintf(stderr, "%s\n", 181 gettext("auditreduce: Bad trailer token")); 182 return (-2); 183 } 184 adrm_u_int32(adr, &bytes, 1); 185 186 return (-1); 187 } 188 189 190 /* 191 * Format of arbitrary data token: 192 * arbitrary data token id adr char 193 * how to print adr_char 194 * basic unit adr_char 195 * unit count adr_char, specifying number of units of 196 * data items depends on basic unit 197 * 198 */ 199 int 200 arbitrary_data_token(adr_t *adr) 201 { 202 int i; 203 char c1; 204 short c2; 205 int32_t c3; 206 int64_t c4; 207 char how_to_print, basic_unit, unit_count; 208 209 /* get how_to_print, basic_unit, and unit_count */ 210 adrm_char(adr, &how_to_print, 1); 211 adrm_char(adr, &basic_unit, 1); 212 adrm_char(adr, &unit_count, 1); 213 for (i = 0; i < unit_count; i++) { 214 switch (basic_unit) { 215 /* case AUR_BYTE: has same value as AUR_CHAR */ 216 case AUR_CHAR: 217 adrm_char(adr, &c1, 1); 218 break; 219 case AUR_SHORT: 220 adrm_short(adr, &c2, 1); 221 break; 222 case AUR_INT32: 223 adrm_int32(adr, (int32_t *)&c3, 1); 224 break; 225 case AUR_INT64: 226 adrm_int64(adr, (int64_t *)&c4, 1); 227 break; 228 default: 229 return (-2); 230 break; 231 } 232 } 233 return (-1); 234 } 235 236 237 /* 238 * Format of opaque token: 239 * opaque token id adr_char 240 * size adr_short 241 * data adr_char, size times 242 * 243 */ 244 int 245 opaque_token(adr_t *adr) 246 { 247 skip_string(adr); 248 return (-1); 249 } 250 251 252 253 /* 254 * Format of return32 value token: 255 * return value token id adr_char 256 * error number adr_char 257 * return value adr_u_int32 258 * 259 */ 260 int 261 return_value32_token(adr_t *adr) 262 { 263 char errnum; 264 uint32_t value; 265 266 adrm_char(adr, &errnum, 1); 267 adrm_u_int32(adr, &value, 1); 268 if ((flags & M_SORF) && 269 ((global_class & mask.am_success) && (errnum == 0)) || 270 ((global_class & mask.am_failure) && (errnum != 0))) { 271 checkflags |= M_SORF; 272 } 273 return (-1); 274 } 275 276 /* 277 * Format of return64 value token: 278 * return value token id adr_char 279 * error number adr_char 280 * return value adr_u_int64 281 * 282 */ 283 int 284 return_value64_token(adr_t *adr) 285 { 286 char errnum; 287 uint64_t value; 288 289 adrm_char(adr, &errnum, 1); 290 adrm_u_int64(adr, &value, 1); 291 if ((flags & M_SORF) && 292 ((global_class & mask.am_success) && (errnum == 0)) || 293 ((global_class & mask.am_failure) && (errnum != 0))) { 294 checkflags |= M_SORF; 295 } 296 return (-1); 297 } 298 299 300 /* 301 * Format of sequence token: 302 * sequence token id adr_char 303 * audit_count int32_t 304 * 305 */ 306 int 307 sequence_token(adr_t *adr) 308 { 309 int32_t audit_count; 310 311 adrm_int32(adr, &audit_count, 1); 312 return (-1); 313 } 314 315 316 /* 317 * Format of text token: 318 * text token id adr_char 319 * text adr_string 320 * 321 */ 322 int 323 text_token(adr_t *adr) 324 { 325 skip_string(adr); 326 return (-1); 327 } 328 329 330 /* 331 * Format of ip_addr token: 332 * ip token id adr_char 333 * address adr_int32 334 * 335 */ 336 int 337 ip_addr_token(adr_t *adr) 338 { 339 int32_t address; 340 341 adrm_char(adr, (char *)&address, 4); 342 343 return (-1); 344 } 345 346 /* 347 * Format of ip_addr_ex token: 348 * ip token id adr_char 349 * ip type adr_int32 350 * address 4*adr_int32 351 * 352 */ 353 int 354 ip_addr_ex_token(adr_t *adr) 355 { 356 int32_t address[4]; 357 int32_t type; 358 359 adrm_int32(adr, (int32_t *)&type, 1); 360 adrm_int32(adr, (int32_t *)&address, 4); 361 362 return (-1); 363 } 364 365 /* 366 * Format of ip token: 367 * ip header token id adr_char 368 * version adr_char 369 * type of service adr_char 370 * length adr_short 371 * id adr_u_short 372 * offset adr_u_short 373 * ttl adr_char 374 * protocol adr_char 375 * checksum adr_u_short 376 * source address adr_int32 377 * destination address adr_int32 378 * 379 */ 380 int 381 ip_token(adr_t *adr) 382 { 383 char version; 384 char type; 385 short len; 386 unsigned short id, offset, checksum; 387 char ttl, protocol; 388 int32_t src, dest; 389 390 adrm_char(adr, &version, 1); 391 adrm_char(adr, &type, 1); 392 adrm_short(adr, &len, 1); 393 adrm_u_short(adr, &id, 1); 394 adrm_u_short(adr, &offset, 1); 395 adrm_char(adr, &ttl, 1); 396 adrm_char(adr, &protocol, 1); 397 adrm_u_short(adr, &checksum, 1); 398 adrm_char(adr, (char *)&src, 4); 399 adrm_char(adr, (char *)&dest, 4); 400 401 return (-1); 402 } 403 404 405 /* 406 * Format of iport token: 407 * ip port address token id adr_char 408 * port address adr_short 409 * 410 */ 411 int 412 iport_token(adr_t *adr) 413 { 414 short address; 415 416 adrm_short(adr, &address, 1); 417 418 return (-1); 419 } 420 421 422 /* 423 * Format of groups token: 424 * group token id adr_char 425 * group list adr_int32, 16 times 426 * 427 */ 428 int 429 group_token(adr_t *adr) 430 { 431 int gid[16]; 432 int i; 433 int flag = 0; 434 435 for (i = 0; i < 16; i++) { 436 adrm_int32(adr, (int32_t *)&gid[i], 1); 437 if (flags & M_GROUPR) { 438 if ((unsigned short)m_groupr == gid[i]) 439 flag = 1; 440 } 441 } 442 443 if (flags & M_GROUPR) { 444 if (flag) 445 checkflags |= M_GROUPR; 446 } 447 return (-1); 448 } 449 450 /* 451 * Format of newgroups token: 452 * group token id adr_char 453 * number of groups adr_short 454 * group list adr_int32, "number" times 455 * 456 */ 457 int 458 newgroup_token(adr_t *adr) 459 { 460 gid_t gid; 461 int i; 462 short int number; 463 464 adrm_short(adr, &number, 1); 465 466 for (i = 0; i < number; i++) { 467 adrm_int32(adr, (int32_t *)&gid, 1); 468 if (flags & M_GROUPR) { 469 if (m_groupr == gid) 470 checkflags |= M_GROUPR; 471 } 472 } 473 474 return (-1); 475 } 476 477 /* 478 * Format of argument32 token: 479 * argument token id adr_char 480 * argument number adr_char 481 * argument value adr_int32 482 * argument description adr_string 483 * 484 */ 485 int 486 argument32_token(adr_t *adr) 487 { 488 char arg_num; 489 int32_t arg_val; 490 491 adrm_char(adr, &arg_num, 1); 492 adrm_int32(adr, &arg_val, 1); 493 skip_string(adr); 494 495 return (-1); 496 } 497 498 /* 499 * Format of argument64 token: 500 * argument token id adr_char 501 * argument number adr_char 502 * argument value adr_int64 503 * argument description adr_string 504 * 505 */ 506 int 507 argument64_token(adr_t *adr) 508 { 509 char arg_num; 510 int64_t arg_val; 511 512 adrm_char(adr, &arg_num, 1); 513 adrm_int64(adr, &arg_val, 1); 514 skip_string(adr); 515 516 return (-1); 517 } 518 519 int 520 acl_token(adr_t *adr) 521 { 522 523 int32_t id; 524 int32_t mode; 525 int32_t type; 526 527 adrm_int32(adr, &type, 1); 528 adrm_int32(adr, &id, 1); 529 adrm_int32(adr, &mode, 1); 530 531 return (-1); 532 } 533 534 /* 535 * Format of attribute token: (old pre SunOS 5.7 format) 536 * attribute token id adr_char 537 * mode adr_int32 (printed in octal) 538 * uid adr_int32 539 * gid adr_int32 540 * file system id adr_int32 541 * node id adr_int32 542 * device adr_int32 543 * 544 */ 545 int 546 attribute_token(adr_t *adr) 547 { 548 int32_t dev; 549 int32_t file_sysid; 550 int32_t gid; 551 int32_t mode; 552 int32_t nodeid; 553 int32_t uid; 554 555 adrm_int32(adr, &mode, 1); 556 adrm_int32(adr, &uid, 1); 557 adrm_int32(adr, &gid, 1); 558 adrm_int32(adr, &file_sysid, 1); 559 adrm_int32(adr, &nodeid, 1); 560 adrm_int32(adr, &dev, 1); 561 562 if (!new_mode && (flags & M_USERE)) { 563 if (m_usere == uid) 564 checkflags |= M_USERE; 565 } 566 if (!new_mode && (flags & M_GROUPE)) { 567 if (m_groupe == gid) 568 checkflags |= M_GROUPE; 569 } 570 571 if (flags & M_OBJECT) { 572 if ((obj_flag & OBJ_FGROUP) && 573 (obj_group == gid)) 574 checkflags |= M_OBJECT; 575 else if ((obj_flag & OBJ_FOWNER) && 576 (obj_owner == uid)) 577 checkflags |= M_OBJECT; 578 } 579 return (-1); 580 } 581 582 /* 583 * Format of attribute32 token: 584 * attribute token id adr_char 585 * mode adr_int32 (printed in octal) 586 * uid adr_int32 587 * gid adr_int32 588 * file system id adr_int32 589 * node id adr_int64 590 * device adr_int32 591 * 592 */ 593 int 594 attribute32_token(adr_t *adr) 595 { 596 int32_t dev; 597 int32_t file_sysid; 598 int32_t gid; 599 int32_t mode; 600 int64_t nodeid; 601 int32_t uid; 602 603 adrm_int32(adr, &mode, 1); 604 adrm_int32(adr, &uid, 1); 605 adrm_int32(adr, &gid, 1); 606 adrm_int32(adr, &file_sysid, 1); 607 adrm_int64(adr, &nodeid, 1); 608 adrm_int32(adr, &dev, 1); 609 610 if (!new_mode && (flags & M_USERE)) { 611 if (m_usere == uid) 612 checkflags |= M_USERE; 613 } 614 if (!new_mode && (flags & M_GROUPE)) { 615 if (m_groupe == gid) 616 checkflags |= M_GROUPE; 617 } 618 619 if (flags & M_OBJECT) { 620 if ((obj_flag & OBJ_FGROUP) && 621 (obj_group == gid)) 622 checkflags |= M_OBJECT; 623 else if ((obj_flag & OBJ_FOWNER) && 624 (obj_owner == uid)) 625 checkflags |= M_OBJECT; 626 } 627 return (-1); 628 } 629 630 /* 631 * Format of attribute64 token: 632 * attribute token id adr_char 633 * mode adr_int32 (printed in octal) 634 * uid adr_int32 635 * gid adr_int32 636 * file system id adr_int32 637 * node id adr_int64 638 * device adr_int64 639 * 640 */ 641 int 642 attribute64_token(adr_t *adr) 643 { 644 int64_t dev; 645 int32_t file_sysid; 646 int32_t gid; 647 int32_t mode; 648 int64_t nodeid; 649 int32_t uid; 650 651 adrm_int32(adr, &mode, 1); 652 adrm_int32(adr, &uid, 1); 653 adrm_int32(adr, &gid, 1); 654 adrm_int32(adr, &file_sysid, 1); 655 adrm_int64(adr, &nodeid, 1); 656 adrm_int64(adr, &dev, 1); 657 658 if (!new_mode && (flags & M_USERE)) { 659 if (m_usere == uid) 660 checkflags |= M_USERE; 661 } 662 if (!new_mode && (flags & M_GROUPE)) { 663 if (m_groupe == gid) 664 checkflags |= M_GROUPE; 665 } 666 667 if (flags & M_OBJECT) { 668 if ((obj_flag & OBJ_FGROUP) && 669 (obj_group == gid)) 670 checkflags |= M_OBJECT; 671 else if ((obj_flag & OBJ_FOWNER) && 672 (obj_owner == uid)) 673 checkflags |= M_OBJECT; 674 } 675 return (-1); 676 } 677 678 679 /* 680 * Format of command token: 681 * attribute token id adr_char 682 * argc adr_short 683 * argv len adr_short variable amount of argv len 684 * argv text argv len and text 685 * . 686 * . 687 * . 688 * envp count adr_short variable amount of envp len 689 * envp len adr_short and text 690 * envp text envp len 691 * . 692 * . 693 * . 694 * 695 */ 696 int 697 cmd_token(adr_t *adr) 698 { 699 short cnt; 700 short i; 701 702 adrm_short(adr, &cnt, 1); 703 704 for (i = 0; i < cnt; i++) 705 skip_string(adr); 706 707 adrm_short(adr, &cnt, 1); 708 709 for (i = 0; i < cnt; i++) 710 skip_string(adr); 711 712 return (-1); 713 } 714 715 716 /* 717 * Format of exit token: 718 * attribute token id adr_char 719 * return value adr_int32 720 * errno adr_int32 721 * 722 */ 723 int 724 exit_token(adr_t *adr) 725 { 726 int32_t retval; 727 int32_t errno; 728 729 adrm_int32(adr, &retval, 1); 730 adrm_int32(adr, &errno, 1); 731 return (-1); 732 } 733 734 /* 735 * Format of strings array token: 736 * token id adr_char 737 * count value adr_int32 738 * strings null terminated strings 739 */ 740 static int 741 strings_common_token(adr_t *adr) 742 { 743 int count, i; 744 char c; 745 746 adrm_int32(adr, (int32_t *)&count, 1); 747 for (i = 1; i <= count; i++) { 748 adrm_char(adr, &c, 1); 749 while (c != (char)0) 750 adrm_char(adr, &c, 1); 751 } 752 /* no dump option here, since we will have variable length fields */ 753 return (-1); 754 } 755 756 int 757 path_attr_token(adr_t *adr) 758 { 759 return (strings_common_token(adr)); 760 } 761 762 int 763 exec_args_token(adr_t *adr) 764 { 765 return (strings_common_token(adr)); 766 } 767 768 int 769 exec_env_token(adr_t *adr) 770 { 771 return (strings_common_token(adr)); 772 } 773 774 /* 775 * Format of liaison token: 776 */ 777 int 778 liaison_token(adr_t *adr) 779 { 780 int32_t li; 781 782 adrm_int32(adr, &li, 1); 783 return (-1); 784 } 785 786 787 /* 788 * Format of path token: 789 * path adr_string 790 */ 791 int 792 path_token(adr_t *adr) 793 { 794 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 795 char *path; 796 797 get_string(adr, &path); 798 if (path[0] != '/') 799 /* 800 * anchor the path. user apps may not do it. 801 */ 802 anchor_path(path); 803 /* 804 * match against the collapsed path. that is what user sees. 805 */ 806 if (re_exec2(collapse_path(path)) == 1) 807 checkflags |= M_OBJECT; 808 free(path); 809 } else { 810 skip_string(adr); 811 } 812 return (-1); 813 } 814 815 816 /* 817 * Format of System V IPC permission token: 818 * System V IPC permission token id adr_char 819 * uid adr_int32 820 * gid adr_int32 821 * cuid adr_int32 822 * cgid adr_int32 823 * mode adr_int32 824 * seq adr_int32 825 * key adr_int32 826 * label adr_opaque, sizeof (bslabel_t) 827 * bytes 828 */ 829 int 830 s5_IPC_perm_token(adr_t *adr) 831 { 832 int32_t uid, gid, cuid, cgid, mode, seq; 833 int32_t key; 834 835 adrm_int32(adr, &uid, 1); 836 adrm_int32(adr, &gid, 1); 837 adrm_int32(adr, &cuid, 1); 838 adrm_int32(adr, &cgid, 1); 839 adrm_int32(adr, &mode, 1); 840 adrm_int32(adr, &seq, 1); 841 adrm_int32(adr, &key, 1); 842 843 if (!new_mode && (flags & M_USERE)) { 844 if (m_usere == uid) 845 checkflags |= M_USERE; 846 } 847 848 if (!new_mode && (flags & M_USERE)) { 849 if (m_usere == cuid) 850 checkflags |= M_USERE; 851 } 852 853 if (!new_mode && (flags & M_GROUPR)) { 854 if (m_groupr == gid) 855 checkflags |= M_GROUPR; 856 } 857 858 if (!new_mode && (flags & M_GROUPR)) { 859 if (m_groupr == cgid) 860 checkflags |= M_GROUPR; 861 } 862 863 if ((flags & M_OBJECT) && 864 ((obj_owner == uid) || 865 (obj_owner == cuid) || 866 (obj_group == gid) || 867 (obj_group == cgid))) { 868 869 switch (obj_flag) { 870 case OBJ_MSGGROUP: 871 case OBJ_MSGOWNER: 872 if (ipc_type_match(OBJ_MSG, ipc_type)) 873 checkflags |= M_OBJECT; 874 break; 875 case OBJ_SEMGROUP: 876 case OBJ_SEMOWNER: 877 if (ipc_type_match(OBJ_SEM, ipc_type)) 878 checkflags |= M_OBJECT; 879 break; 880 case OBJ_SHMGROUP: 881 case OBJ_SHMOWNER: 882 if (ipc_type_match(OBJ_SHM, ipc_type)) 883 checkflags |= M_OBJECT; 884 break; 885 } 886 } 887 return (-1); 888 } 889 890 891 /* 892 * Format of process32 token: 893 * process token id adr_char 894 * auid adr_int32 895 * euid adr_int32 896 * egid adr_int32 897 * ruid adr_int32 898 * rgid adr_int32 899 * pid adr_int32 900 * sid adr_int32 901 * termid adr_int32*2 902 * 903 */ 904 int 905 process32_token(adr_t *adr) 906 { 907 int32_t auid, euid, egid, ruid, rgid, pid; 908 int32_t sid; 909 int32_t port, machine; 910 911 adrm_int32(adr, &auid, 1); 912 adrm_int32(adr, &euid, 1); 913 adrm_int32(adr, &egid, 1); 914 adrm_int32(adr, &ruid, 1); 915 adrm_int32(adr, &rgid, 1); 916 adrm_int32(adr, &pid, 1); 917 adrm_int32(adr, &sid, 1); 918 adrm_int32(adr, &port, 1); 919 adrm_int32(adr, &machine, 1); 920 921 if (!new_mode && (flags & M_USERA)) { 922 if (m_usera == auid) 923 checkflags |= M_USERA; 924 } 925 if (!new_mode && (flags & M_USERE)) { 926 if (m_usere == euid) 927 checkflags |= M_USERE; 928 } 929 if (!new_mode && (flags & M_USERR)) { 930 if (m_userr == ruid) 931 checkflags |= M_USERR; 932 } 933 if (!new_mode && (flags & M_GROUPR)) { 934 if (m_groupr == rgid) 935 checkflags |= M_GROUPR; 936 } 937 if (!new_mode && (flags & M_GROUPE)) { 938 if (m_groupe == egid) 939 checkflags |= M_GROUPE; 940 } 941 942 if (flags & M_OBJECT) { 943 if ((obj_flag & OBJ_PROC) && 944 (obj_id == pid)) { 945 checkflags |= M_OBJECT; 946 } else if ((obj_flag & OBJ_PGROUP) && 947 ((obj_group == egid) || 948 (obj_group == rgid))) { 949 checkflags |= M_OBJECT; 950 } else if ((obj_flag & OBJ_POWNER) && 951 ((obj_owner == euid) || 952 (obj_group == ruid))) { 953 checkflags |= M_OBJECT; 954 } 955 } 956 return (-1); 957 } 958 959 /* 960 * Format of process32 token: 961 * process token id adr_char 962 * auid adr_int32 963 * euid adr_int32 964 * egid adr_int32 965 * ruid adr_int32 966 * rgid adr_int32 967 * pid adr_int32 968 * sid adr_int32 969 * termid adr_int32*6 970 * 971 */ 972 int 973 process32_ex_token(adr_t *adr) 974 { 975 int32_t auid, euid, egid, ruid, rgid, pid; 976 int32_t sid; 977 int32_t port, type, addr[4]; 978 979 adrm_int32(adr, &auid, 1); 980 adrm_int32(adr, &euid, 1); 981 adrm_int32(adr, &egid, 1); 982 adrm_int32(adr, &ruid, 1); 983 adrm_int32(adr, &rgid, 1); 984 adrm_int32(adr, &pid, 1); 985 adrm_int32(adr, &sid, 1); 986 adrm_int32(adr, &port, 1); 987 adrm_int32(adr, &type, 1); 988 adrm_int32(adr, &addr[0], 4); 989 990 if (!new_mode && (flags & M_USERA)) { 991 if (m_usera == auid) 992 checkflags = checkflags | M_USERA; 993 } 994 if (!new_mode && (flags & M_USERE)) { 995 if (m_usere == euid) 996 checkflags = checkflags | M_USERE; 997 } 998 if (!new_mode && (flags & M_USERR)) { 999 if (m_userr == ruid) 1000 checkflags = checkflags | M_USERR; 1001 } 1002 if (!new_mode && (flags & M_GROUPR)) { 1003 if (m_groupr == egid) 1004 checkflags = checkflags | M_GROUPR; 1005 } 1006 if (!new_mode && (flags & M_GROUPE)) { 1007 if (m_groupe == egid) 1008 checkflags = checkflags | M_GROUPE; 1009 } 1010 1011 if (flags & M_OBJECT) { 1012 if ((obj_flag & OBJ_PROC) && 1013 (obj_id == pid)) { 1014 checkflags = checkflags | M_OBJECT; 1015 } else if ((obj_flag & OBJ_PGROUP) && 1016 ((obj_group == egid) || 1017 (obj_group == rgid))) { 1018 checkflags = checkflags | M_OBJECT; 1019 } else if ((obj_flag & OBJ_POWNER) && 1020 ((obj_owner == euid) || 1021 (obj_group == ruid))) { 1022 checkflags = checkflags | M_OBJECT; 1023 } 1024 } 1025 return (-1); 1026 } 1027 1028 /* 1029 * Format of process64 token: 1030 * process token id adr_char 1031 * auid adr_int32 1032 * euid adr_int32 1033 * egid adr_int32 1034 * ruid adr_int32 1035 * rgid adr_int32 1036 * pid adr_int32 1037 * sid adr_int32 1038 * termid adr_int64+adr_int32 1039 * 1040 */ 1041 int 1042 process64_token(adr_t *adr) 1043 { 1044 int32_t auid, euid, egid, ruid, rgid, pid; 1045 int32_t sid; 1046 int64_t port; 1047 int32_t machine; 1048 1049 adrm_int32(adr, &auid, 1); 1050 adrm_int32(adr, &euid, 1); 1051 adrm_int32(adr, &egid, 1); 1052 adrm_int32(adr, &ruid, 1); 1053 adrm_int32(adr, &rgid, 1); 1054 adrm_int32(adr, &pid, 1); 1055 adrm_int32(adr, &sid, 1); 1056 adrm_int64(adr, &port, 1); 1057 adrm_int32(adr, &machine, 1); 1058 1059 if (!new_mode && (flags & M_USERA)) { 1060 if (m_usera == auid) 1061 checkflags |= M_USERA; 1062 } 1063 if (!new_mode && (flags & M_USERE)) { 1064 if (m_usere == euid) 1065 checkflags |= M_USERE; 1066 } 1067 if (!new_mode && (flags & M_USERR)) { 1068 if (m_userr == ruid) 1069 checkflags |= M_USERR; 1070 } 1071 if (!new_mode && (flags & M_GROUPR)) { 1072 if (m_groupr == rgid) 1073 checkflags |= M_GROUPR; 1074 } 1075 if (!new_mode && (flags & M_GROUPE)) { 1076 if (m_groupe == egid) 1077 checkflags |= M_GROUPE; 1078 } 1079 1080 if (flags & M_OBJECT) { 1081 if ((obj_flag & OBJ_PROC) && 1082 (obj_id == pid)) { 1083 checkflags |= M_OBJECT; 1084 } else if ((obj_flag & OBJ_PGROUP) && 1085 ((obj_group == egid) || 1086 (obj_group == rgid))) { 1087 checkflags |= M_OBJECT; 1088 } else if ((obj_flag & OBJ_POWNER) && 1089 ((obj_owner == euid) || 1090 (obj_group == ruid))) { 1091 checkflags |= M_OBJECT; 1092 } 1093 } 1094 return (-1); 1095 } 1096 1097 /* 1098 * Format of process64 token: 1099 * process token id adr_char 1100 * auid adr_int32 1101 * euid adr_int32 1102 * egid adr_int32 1103 * ruid adr_int32 1104 * rgid adr_int32 1105 * pid adr_int32 1106 * sid adr_int32 1107 * termid adr_int64+5*adr_int32 1108 * 1109 */ 1110 int 1111 process64_ex_token(adr_t *adr) 1112 { 1113 int32_t auid, euid, egid, ruid, rgid, pid; 1114 int32_t sid; 1115 int64_t port; 1116 int32_t type, addr[4]; 1117 1118 adrm_int32(adr, &auid, 1); 1119 adrm_int32(adr, &euid, 1); 1120 adrm_int32(adr, &egid, 1); 1121 adrm_int32(adr, &ruid, 1); 1122 adrm_int32(adr, &rgid, 1); 1123 adrm_int32(adr, &pid, 1); 1124 adrm_int32(adr, &sid, 1); 1125 adrm_int64(adr, &port, 1); 1126 adrm_int32(adr, &type, 1); 1127 adrm_int32(adr, &addr[0], 4); 1128 1129 if (!new_mode && (flags & M_USERA)) { 1130 if (m_usera == auid) 1131 checkflags = checkflags | M_USERA; 1132 } 1133 if (!new_mode && (flags & M_USERE)) { 1134 if (m_usere == euid) 1135 checkflags = checkflags | M_USERE; 1136 } 1137 if (!new_mode && (flags & M_USERR)) { 1138 if (m_userr == ruid) 1139 checkflags = checkflags | M_USERR; 1140 } 1141 if (!new_mode && (flags & M_GROUPR)) { 1142 if (m_groupr == egid) 1143 checkflags = checkflags | M_GROUPR; 1144 } 1145 if (!new_mode && (flags & M_GROUPE)) { 1146 if (m_groupe == egid) 1147 checkflags = checkflags | M_GROUPE; 1148 } 1149 1150 if (flags & M_OBJECT) { 1151 if ((obj_flag & OBJ_PROC) && 1152 (obj_id == pid)) { 1153 checkflags = checkflags | M_OBJECT; 1154 } else if ((obj_flag & OBJ_PGROUP) && 1155 ((obj_group == egid) || 1156 (obj_group == rgid))) { 1157 checkflags = checkflags | M_OBJECT; 1158 } else if ((obj_flag & OBJ_POWNER) && 1159 ((obj_owner == euid) || 1160 (obj_group == ruid))) { 1161 checkflags = checkflags | M_OBJECT; 1162 } 1163 } 1164 return (-1); 1165 } 1166 1167 /* 1168 * Format of System V IPC token: 1169 * System V IPC token id adr_char 1170 * object id adr_int32 1171 * 1172 */ 1173 int 1174 s5_IPC_token(adr_t *adr) 1175 { 1176 int32_t ipc_id; 1177 1178 adrm_char(adr, &ipc_type, 1); /* Global */ 1179 adrm_int32(adr, &ipc_id, 1); 1180 1181 if ((flags & M_OBJECT) && 1182 ipc_type_match(obj_flag, ipc_type) && 1183 (obj_id == ipc_id)) 1184 checkflags |= M_OBJECT; 1185 1186 return (-1); 1187 } 1188 1189 1190 /* 1191 * Format of socket token: 1192 * socket_type adrm_short 1193 * remote_port adrm_short 1194 * remote_inaddr adrm_int32 1195 * 1196 */ 1197 int 1198 socket_token(adr_t *adr) 1199 { 1200 short socket_type; 1201 short remote_port; 1202 int32_t remote_inaddr; 1203 1204 adrm_short(adr, &socket_type, 1); 1205 adrm_short(adr, &remote_port, 1); 1206 adrm_char(adr, (char *)&remote_inaddr, 4); 1207 1208 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1209 if (socket_flag == SOCKFLG_MACHINE) { 1210 if (remote_inaddr == obj_id) 1211 checkflags |= M_OBJECT; 1212 } else if (socket_flag == SOCKFLG_PORT) { 1213 if (remote_port == obj_id) 1214 checkflags |= M_OBJECT; 1215 } 1216 } 1217 return (-1); 1218 } 1219 1220 1221 /* 1222 * Format of socket token: 1223 * socket_type adrm_short 1224 * remote_port adrm_short 1225 * remote_inaddr adrm_int32 1226 * 1227 */ 1228 int 1229 socket_ex_token(adr_t *adr) 1230 { 1231 short socket_domain; 1232 short socket_type; 1233 short ip_size; 1234 short local_port; 1235 int32_t local_inaddr[4]; 1236 short remote_port; 1237 int32_t remote_inaddr[4]; 1238 1239 adrm_short(adr, &socket_domain, 1); 1240 adrm_short(adr, &socket_type, 1); 1241 adrm_short(adr, &ip_size, 1); 1242 1243 /* validate ip size */ 1244 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1245 return (0); 1246 1247 adrm_short(adr, &local_port, 1); 1248 adrm_char(adr, (char *)local_inaddr, ip_size); 1249 1250 adrm_short(adr, &remote_port, 1); 1251 adrm_char(adr, (char *)remote_inaddr, ip_size); 1252 1253 /* if IP type mis-match, then nothing to do */ 1254 if (ip_size != ip_type) 1255 return (-1); 1256 1257 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1258 if (socket_flag == SOCKFLG_MACHINE) { 1259 if (ip_type == AU_IPv4) { 1260 if ((local_inaddr[0] == obj_id) || 1261 (remote_inaddr[0] == obj_id)) 1262 checkflags |= M_OBJECT; 1263 } else { 1264 if (((local_inaddr[0] == ip_ipv6[0]) && 1265 (local_inaddr[1] == ip_ipv6[1]) && 1266 (local_inaddr[2] == ip_ipv6[2]) && 1267 (local_inaddr[3] == ip_ipv6[3])) || 1268 ((remote_inaddr[0] == ip_ipv6[0]) && 1269 (remote_inaddr[1] == ip_ipv6[1]) && 1270 (remote_inaddr[2] == ip_ipv6[2]) && 1271 (remote_inaddr[3] == ip_ipv6[3]))) 1272 checkflags |= M_OBJECT; 1273 } 1274 } else if (socket_flag == SOCKFLG_PORT) { 1275 if ((local_port == obj_id) || (remote_port == obj_id)) 1276 checkflags |= M_OBJECT; 1277 } 1278 } 1279 return (-1); 1280 } 1281 1282 1283 /* 1284 * Format of subject32 token: 1285 * subject token id adr_char 1286 * auid adr_int32 1287 * euid adr_int32 1288 * egid adr_int32 1289 * ruid adr_int32 1290 * rgid adr_int32 1291 * pid adr_int32 1292 * sid adr_int32 1293 * termid adr_int32*2 1294 * 1295 */ 1296 int 1297 subject32_token(adr_t *adr) 1298 { 1299 int32_t auid, euid, egid, ruid, rgid, pid; 1300 int32_t sid; 1301 int32_t port, machine; 1302 1303 adrm_int32(adr, &auid, 1); 1304 adrm_int32(adr, &euid, 1); 1305 adrm_int32(adr, &egid, 1); 1306 adrm_int32(adr, &ruid, 1); 1307 adrm_int32(adr, &rgid, 1); 1308 adrm_int32(adr, &pid, 1); 1309 adrm_int32(adr, &sid, 1); 1310 adrm_int32(adr, &port, 1); 1311 adrm_int32(adr, &machine, 1); 1312 1313 if (flags & M_SUBJECT) { 1314 if (subj_id == pid) 1315 checkflags |= M_SUBJECT; 1316 } 1317 if (flags & M_USERA) { 1318 if (m_usera == auid) 1319 checkflags |= M_USERA; 1320 } 1321 if (flags & M_USERE) { 1322 if (m_usere == euid) 1323 checkflags |= M_USERE; 1324 } 1325 if (flags & M_USERR) { 1326 if (m_userr == ruid) 1327 checkflags |= M_USERR; 1328 } 1329 if (flags & M_GROUPR) { 1330 if (m_groupr == rgid) 1331 checkflags |= M_GROUPR; 1332 } 1333 if (flags & M_GROUPE) { 1334 if (m_groupe == egid) 1335 checkflags |= M_GROUPE; 1336 } 1337 return (-1); 1338 } 1339 1340 /* 1341 * Format of subject32_ex token: 1342 * subject token id adr_char 1343 * auid adr_int32 1344 * euid adr_int32 1345 * egid adr_int32 1346 * ruid adr_int32 1347 * rgid adr_int32 1348 * pid adr_int32 1349 * sid adr_int32 1350 * termid_addr adr_int32*6 1351 * 1352 */ 1353 int 1354 subject32_ex_token(adr_t *adr) 1355 { 1356 int32_t auid, euid, egid, ruid, rgid, pid; 1357 int32_t sid; 1358 int32_t port, type, addr[4]; 1359 1360 adrm_int32(adr, &auid, 1); 1361 adrm_int32(adr, &euid, 1); 1362 adrm_int32(adr, &egid, 1); 1363 adrm_int32(adr, &ruid, 1); 1364 adrm_int32(adr, &rgid, 1); 1365 adrm_int32(adr, &pid, 1); 1366 adrm_int32(adr, &sid, 1); 1367 adrm_int32(adr, &port, 1); 1368 adrm_int32(adr, &type, 1); 1369 adrm_int32(adr, &addr[0], 4); 1370 1371 if (flags & M_SUBJECT) { 1372 if (subj_id == pid) 1373 checkflags = checkflags | M_SUBJECT; 1374 } 1375 if (flags & M_USERA) { 1376 if (m_usera == auid) 1377 checkflags = checkflags | M_USERA; 1378 } 1379 if (flags & M_USERE) { 1380 if (m_usere == euid) 1381 checkflags = checkflags | M_USERE; 1382 } 1383 if (flags & M_USERR) { 1384 if (m_userr == ruid) 1385 checkflags = checkflags | M_USERR; 1386 } 1387 if (flags & M_GROUPR) { 1388 if (m_groupr == egid) 1389 checkflags = checkflags | M_GROUPR; 1390 } 1391 if (flags & M_GROUPE) { 1392 if (m_groupe == egid) 1393 checkflags = checkflags | M_GROUPE; 1394 } 1395 return (-1); 1396 } 1397 1398 /* 1399 * Format of subject64 token: 1400 * subject token id adr_char 1401 * auid adr_int32 1402 * euid adr_int32 1403 * egid adr_int32 1404 * ruid adr_int32 1405 * rgid adr_int32 1406 * pid adr_int32 1407 * sid adr_int32 1408 * termid adr_int64+adr_int32 1409 * 1410 */ 1411 int 1412 subject64_token(adr_t *adr) 1413 { 1414 int32_t auid, euid, egid, ruid, rgid, pid; 1415 int32_t sid; 1416 int64_t port; 1417 int32_t machine; 1418 1419 adrm_int32(adr, &auid, 1); 1420 adrm_int32(adr, &euid, 1); 1421 adrm_int32(adr, &egid, 1); 1422 adrm_int32(adr, &ruid, 1); 1423 adrm_int32(adr, &rgid, 1); 1424 adrm_int32(adr, &pid, 1); 1425 adrm_int32(adr, &sid, 1); 1426 adrm_int64(adr, &port, 1); 1427 adrm_int32(adr, &machine, 1); 1428 1429 if (flags & M_SUBJECT) { 1430 if (subj_id == pid) 1431 checkflags |= M_SUBJECT; 1432 } 1433 if (flags & M_USERA) { 1434 if (m_usera == auid) 1435 checkflags |= M_USERA; 1436 } 1437 if (flags & M_USERE) { 1438 if (m_usere == euid) 1439 checkflags |= M_USERE; 1440 } 1441 if (flags & M_USERR) { 1442 if (m_userr == ruid) 1443 checkflags |= M_USERR; 1444 } 1445 if (flags & M_GROUPR) { 1446 if (m_groupr == rgid) 1447 checkflags |= M_GROUPR; 1448 } 1449 if (flags & M_GROUPE) { 1450 if (m_groupe == egid) 1451 checkflags |= M_GROUPE; 1452 } 1453 return (-1); 1454 } 1455 1456 /* 1457 * Format of subject64 token: 1458 * subject token id adr_char 1459 * auid adr_int32 1460 * euid adr_int32 1461 * egid adr_int32 1462 * ruid adr_int32 1463 * rgid adr_int32 1464 * pid adr_int32 1465 * sid adr_int32 1466 * termid adr_int64+5*adr_int32 1467 * 1468 */ 1469 int 1470 subject64_ex_token(adr_t *adr) 1471 { 1472 int32_t auid, euid, egid, ruid, rgid, pid; 1473 int32_t sid; 1474 int64_t port; 1475 int32_t type, addr[4]; 1476 1477 adrm_int32(adr, &auid, 1); 1478 adrm_int32(adr, &euid, 1); 1479 adrm_int32(adr, &egid, 1); 1480 adrm_int32(adr, &ruid, 1); 1481 adrm_int32(adr, &rgid, 1); 1482 adrm_int32(adr, &pid, 1); 1483 adrm_int32(adr, &sid, 1); 1484 adrm_int64(adr, &port, 1); 1485 adrm_int32(adr, &type, 1); 1486 adrm_int32(adr, &addr[0], 4); 1487 1488 if (flags & M_SUBJECT) { 1489 if (subj_id == pid) 1490 checkflags = checkflags | M_SUBJECT; 1491 } 1492 if (flags & M_USERA) { 1493 if (m_usera == auid) 1494 checkflags = checkflags | M_USERA; 1495 } 1496 if (flags & M_USERE) { 1497 if (m_usere == euid) 1498 checkflags = checkflags | M_USERE; 1499 } 1500 if (flags & M_USERR) { 1501 if (m_userr == ruid) 1502 checkflags = checkflags | M_USERR; 1503 } 1504 if (flags & M_GROUPR) { 1505 if (m_groupr == egid) 1506 checkflags = checkflags | M_GROUPR; 1507 } 1508 if (flags & M_GROUPE) { 1509 if (m_groupe == egid) 1510 checkflags = checkflags | M_GROUPE; 1511 } 1512 return (-1); 1513 } 1514 1515 /* 1516 * ----------------------------------------------------------------------- 1517 * tid_token(): Process tid token and display contents 1518 * 1519 * Format of tid token: 1520 * tid token id adr_char 1521 * address type adr_char 1522 * For address type of AU_IPADR... 1523 * remote port adr_short 1524 * local port adr_short 1525 * IP type adr_int32 1526 * IP addr adr_int32 if IPv4 1527 * IP addr 4 x adr_int32 if IPv6 1528 * address types other than AU_IPADR are not yet defined 1529 * ----------------------------------------------------------------------- 1530 */ 1531 int 1532 tid_token(adr_t *adr) 1533 { 1534 int32_t address[4]; 1535 int32_t ip_type; 1536 char tid_type; 1537 short rport; 1538 short lport; 1539 1540 adrm_char(adr, &tid_type, 1); 1541 switch (tid_type) { 1542 case AU_IPADR: 1543 adrm_short(adr, &rport, 1); 1544 adrm_short(adr, &lport, 1); 1545 adrm_int32(adr, &ip_type, 1); 1546 adrm_char(adr, (char *)&address, ip_type); 1547 break; 1548 default: 1549 return (0); 1550 } 1551 return (-1); 1552 } 1553 1554 /* 1555 * ----------------------------------------------------------------------- 1556 * zonename_token(): Process zonename token and display contents 1557 * 1558 * Format of zonename token: 1559 * zonename token id adr_char 1560 * zone name adr_string 1561 * ----------------------------------------------------------------------- 1562 */ 1563 int 1564 zonename_token(adr_t *adr) 1565 { 1566 char *name; 1567 1568 if (flags & M_ZONENAME) { 1569 get_string(adr, &name); 1570 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1571 checkflags |= M_ZONENAME; 1572 free(name); 1573 } else { 1574 skip_string(adr); 1575 } 1576 return (-1); 1577 } 1578 1579 /* 1580 * Format of xatom token: 1581 */ 1582 int 1583 xatom_token(adr_t *adr) 1584 { 1585 skip_string(adr); 1586 1587 return (-1); 1588 } 1589 1590 /* 1591 * Format of xselect token: 1592 */ 1593 int 1594 xselect_token(adr_t *adr) 1595 { 1596 skip_string(adr); 1597 skip_string(adr); 1598 skip_string(adr); 1599 1600 return (-1); 1601 } 1602 1603 /* 1604 * anchor a path name with a slash 1605 * assume we have enough space 1606 */ 1607 void 1608 anchor_path(char *path) 1609 { 1610 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1611 *path = '/'; 1612 } 1613 1614 1615 /* 1616 * copy path to collapsed path. 1617 * collapsed path does not contain: 1618 * successive slashes 1619 * instances of dot-slash 1620 * instances of dot-dot-slash 1621 * passed path must be anchored with a '/' 1622 */ 1623 char * 1624 collapse_path(char *s) 1625 { 1626 int id; /* index of where we are in destination string */ 1627 int is; /* index of where we are in source string */ 1628 int slashseen; /* have we seen a slash */ 1629 int ls; /* length of source string */ 1630 1631 ls = strlen(s) + 1; 1632 1633 slashseen = 0; 1634 for (is = 0, id = 0; is < ls; is++) { 1635 /* thats all folks, we've reached the end of input */ 1636 if (s[is] == '\0') { 1637 if (id > 1 && s[id-1] == '/') { 1638 --id; 1639 } 1640 s[id++] = '\0'; 1641 break; 1642 } 1643 /* previous character was a / */ 1644 if (slashseen) { 1645 if (s[is] == '/') 1646 continue; /* another slash, ignore it */ 1647 } else if (s[is] == '/') { 1648 /* we see a /, just copy it and try again */ 1649 slashseen = 1; 1650 s[id++] = '/'; 1651 continue; 1652 } 1653 /* /./ seen */ 1654 if (s[is] == '.' && s[is+1] == '/') { 1655 is += 1; 1656 continue; 1657 } 1658 /* XXX/. seen */ 1659 if (s[is] == '.' && s[is+1] == '\0') { 1660 if (id > 1) 1661 id--; 1662 continue; 1663 } 1664 /* XXX/.. seen */ 1665 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1666 is += 1; 1667 if (id > 0) 1668 id--; 1669 while (id > 0 && s[--id] != '/'); 1670 id++; 1671 continue; 1672 } 1673 /* XXX/../ seen */ 1674 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1675 is += 2; 1676 if (id > 0) 1677 id--; 1678 while (id > 0 && s[--id] != '/'); 1679 id++; 1680 continue; 1681 } 1682 while (is < ls && (s[id++] = s[is++]) != '/'); 1683 is--; 1684 } 1685 return (s); 1686 } 1687 1688 1689 int 1690 ipc_type_match(int flag, char type) 1691 { 1692 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1693 return (1); 1694 1695 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1696 return (1); 1697 1698 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1699 return (1); 1700 1701 return (0); 1702 } 1703 1704 1705 void 1706 skip_string(adr_t *adr) 1707 { 1708 ushort_t c; 1709 1710 adrm_u_short(adr, &c, 1); 1711 adr->adr_now += c; 1712 } 1713 1714 1715 void 1716 get_string(adr_t *adr, char **p) 1717 { 1718 ushort_t c; 1719 1720 adrm_u_short(adr, &c, 1); 1721 *p = a_calloc(1, (size_t)c); 1722 adrm_char(adr, *p, c); 1723 } 1724 1725 1726 /* 1727 * Format of host token: 1728 * host ard_uint32 1729 */ 1730 int 1731 host_token(adr_t *adr) 1732 { 1733 uint32_t host; 1734 1735 adrm_u_int32(adr, &host, 1); 1736 1737 return (-1); 1738 } 1739 1740 /* 1741 * Format of useofauth token: 1742 * uauth token id adr_char 1743 * uauth adr_string 1744 * 1745 */ 1746 int 1747 useofauth_token(adr_t *adr) 1748 { 1749 skip_string(adr); 1750 return (-1); 1751 } 1752 1753 int 1754 xcolormap_token(adr_t *adr) 1755 { 1756 return (xgeneric(adr)); 1757 } 1758 1759 int 1760 xcursor_token(adr_t *adr) 1761 { 1762 return (xgeneric(adr)); 1763 } 1764 1765 int 1766 xfont_token(adr_t *adr) 1767 { 1768 return (xgeneric(adr)); 1769 } 1770 1771 int 1772 xgc_token(adr_t *adr) 1773 { 1774 return (xgeneric(adr)); 1775 } 1776 1777 int 1778 xpixmap_token(adr_t *adr) 1779 { 1780 return (xgeneric(adr)); 1781 } 1782 1783 int 1784 xwindow_token(adr_t *adr) 1785 { 1786 return (xgeneric(adr)); 1787 } 1788 1789 1790 /* 1791 * Format of xgeneric token: 1792 * XID adr_int32 1793 * creator UID adr_int32 1794 * 1795 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1796 */ 1797 int 1798 xgeneric(adr_t *adr) 1799 { 1800 int32_t xid; 1801 int32_t uid; 1802 1803 adrm_int32(adr, &xid, 1); 1804 adrm_int32(adr, &uid, 1); 1805 1806 if (flags & M_USERE) { 1807 if (m_usere == uid) 1808 checkflags = checkflags | M_USERE; 1809 } 1810 1811 return (-1); 1812 } 1813 1814 1815 /* 1816 * Format of xproperty token: 1817 * XID adr_int32 1818 * creator UID adr_int32 1819 * atom string adr_string 1820 */ 1821 int 1822 xproperty_token(adr_t *adr) 1823 { 1824 int32_t xid; 1825 int32_t uid; 1826 1827 adrm_int32(adr, &xid, 1); 1828 adrm_int32(adr, &uid, 1); 1829 skip_string(adr); 1830 1831 if (flags & M_USERE) { 1832 if (m_usere == uid) 1833 checkflags = checkflags | M_USERE; 1834 } 1835 1836 return (-1); 1837 } 1838 1839 1840 /* 1841 * Format of xclient token: 1842 * xclient id adr_int32 1843 */ 1844 int 1845 xclient_token(adr_t *adr) 1846 { 1847 int32_t client_id; 1848 1849 adrm_int32(adr, &client_id, 1); 1850 1851 return (-1); 1852 } 1853 1854 /* 1855 * Format of clearance token: 1856 * clearance adr_char*(sizeof (bclear_t)) 1857 */ 1858 #ifndef TSOL 1859 /* ARGSUSED */ 1860 #endif /* !TSOL */ 1861 int 1862 clearance_token(adr_t *adr) 1863 { 1864 #ifdef TSOL 1865 bclear_t clearance; 1866 1867 adrm_char(adr, (char *)&clearance, sizeof (bclear_t)); 1868 return (-1); 1869 #else /* !TSOL */ 1870 return (-2); 1871 #endif /* TSOL */ 1872 } 1873 1874 1875 /* 1876 * Format of ilabel token: 1877 * ilabel adr_char*(sizeof (bilabel_t)) 1878 */ 1879 #ifndef TSOL 1880 /* ARGSUSED */ 1881 #endif /* !TSOL */ 1882 int 1883 ilabel_token(adr_t *adr) 1884 { 1885 #ifdef TSOL 1886 bilabel_t ilabel; 1887 1888 adrm_char(adr, (char *)&ilabel, sizeof (ilabel)); 1889 1890 return (-1); 1891 #else /* !TSOL */ 1892 return (-2); 1893 #endif /* TSOL */ 1894 } 1895 1896 /* 1897 * Format of privilege set token: 1898 * priv_set type string 1899 * priv_set string 1900 */ 1901 1902 int 1903 privilege_token(adr_t *adr) 1904 { 1905 skip_string(adr); /* set type name */ 1906 skip_string(adr); /* privilege set */ 1907 return (-1); 1908 } 1909 1910 /* 1911 * Format of slabel token: 1912 * slabel adr_char*(sizeof (bslabel_t)) 1913 */ 1914 #ifndef TSOL 1915 /* ARGSUSED */ 1916 #endif /* !TSOL */ 1917 int 1918 slabel_token(adr_t *adr) 1919 { 1920 #ifdef TSOL 1921 bslabel_t slabel; 1922 1923 adrm_char(adr, (char *)&slabel, sizeof (slabel)); 1924 1925 if (flags & M_SLABEL) { 1926 if (blinrange(&slabel, &m_slabel)) 1927 checkflags = checkflags | M_SLABEL; 1928 } 1929 1930 return (-1); 1931 #else /* !TSOL */ 1932 return (-2); 1933 #endif /* TSOL */ 1934 } 1935 1936 1937 /* 1938 * Format of useofpriv token: 1939 * success/failure adr_char 1940 * TSOL: 1941 * privilege adr_int32 1942 * SOL: 1943 * privilege(s) adr_string 1944 */ 1945 #ifndef TSOL 1946 /* ARGSUSED */ 1947 #endif /* !TSOL */ 1948 int 1949 useofpriv_token(adr_t *adr) 1950 { 1951 char flag; 1952 1953 #ifdef TSOL 1954 priv_t priv; 1955 1956 adrm_char(adr, &flag, 1); 1957 adrm_int32(adr, (int32_t *)&priv, 1); 1958 1959 return (-1); 1960 #else /* !TSOL */ 1961 1962 adrm_char(adr, &flag, 1); 1963 skip_string(adr); 1964 return (-1); 1965 #endif /* TSOL */ 1966 } 1967