xref: /titanic_52/usr/src/lib/libbsm/common/au_to.c (revision 70025d765b044c6d8594bb965a2247a61e991a99)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/types.h>
30 #include <unistd.h>
31 #include <bsm/audit.h>
32 #include <bsm/audit_record.h>
33 #include <bsm/libbsm.h>
34 #include <priv.h>
35 #include <sys/ipc.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <sys/time.h>
39 #include <sys/vnode.h>
40 #include <malloc.h>
41 #include <net/route.h>
42 #include <netinet/in.h>
43 #include <netinet/in_pcb.h>
44 #include <string.h>
45 
46 #define	NGROUPS		16	/* XXX - temporary */
47 
48 token_t *au_to_arg(char n, char *text, uint32_t v);
49 #pragma weak au_to_arg = au_to_arg32
50 token_t *au_to_return(char number, uint32_t value);
51 #pragma weak au_to_return = au_to_return32
52 
53 static token_t *au_to_exec(char **, char);
54 
55 static token_t *
56 get_token(int s)
57 {
58 	token_t *token;	/* Resultant token */
59 
60 	if ((token = (token_t *)malloc(sizeof (token_t))) == NULL)
61 		return (NULL);
62 	if ((token->tt_data = malloc(s)) == NULL) {
63 		free(token);
64 		return (NULL);
65 	}
66 	token->tt_size = s;
67 	token->tt_next = NULL;
68 	return (token);
69 }
70 
71 /*
72  * au_to_header
73  * return s:
74  *	pointer to header token.
75  */
76 token_t *
77 au_to_header(au_event_t e_type, au_emod_t e_mod)
78 {
79 	adr_t adr;			/* adr memory stream header */
80 	token_t *token;			/* token pointer */
81 	char version = TOKEN_VERSION;	/* version of token family */
82 	int32_t byte_count;
83 	struct timeval tv;
84 #ifdef _LP64
85 	char data_header = AUT_HEADER64;	/* header for this token */
86 
87 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
88 	    2 * sizeof (int64_t) + 2 * sizeof (short));
89 #else
90 	char data_header = AUT_HEADER32;
91 
92 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
93 	    2 * sizeof (short));
94 #endif
95 
96 	if (token == NULL)
97 		return (NULL);
98 	adr_start(&adr, token->tt_data);
99 	adr_char(&adr, &data_header, 1);	/* token ID */
100 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
101 	adr_char(&adr, &version, 1);		/* version of audit tokens */
102 	adr_short(&adr, &e_type, 1);		/* event ID */
103 	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
104 #ifdef _LP64
105 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
106 #else
107 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
108 #endif
109 	return (token);
110 }
111 
112 /*
113  * au_to_header_ex
114  * return s:
115  *	pointer to header token.
116  */
117 token_t *
118 au_to_header_ex(au_event_t e_type, au_emod_t e_mod)
119 {
120 	adr_t adr;			/* adr memory stream header */
121 	token_t *token;			/* token pointer */
122 	char version = TOKEN_VERSION;	/* version of token family */
123 	int32_t byte_count;
124 	struct timeval tv;
125 	auditinfo_addr_t audit_info;
126 	au_tid_addr_t	*host_info = &audit_info.ai_termid;
127 #ifdef _LP64
128 	char data_header = AUT_HEADER64_EX;	/* header for this token */
129 #else
130 	char data_header = AUT_HEADER32_EX;
131 #endif
132 
133 	/* If our host address can't be determined, revert to un-extended hdr */
134 
135 	if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
136 	    sizeof (audit_info)) < 0)
137 		return (au_to_header(e_type, e_mod));
138 
139 	if (host_info->at_type == AU_IPv6)
140 		if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr))
141 			return (au_to_header(e_type, e_mod));
142 	else
143 		if (host_info->at_addr[0] == htonl(INADDR_ANY))
144 			return (au_to_header(e_type, e_mod));
145 
146 #ifdef _LP64
147 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
148 	    2 * sizeof (int64_t) + 2 * sizeof (short) +
149 	    sizeof (int32_t) + host_info->at_type);
150 #else
151 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
152 	    2 * sizeof (short) + sizeof (int32_t) + host_info->at_type);
153 #endif
154 
155 	if (token == NULL)
156 		return (NULL);
157 	adr_start(&adr, token->tt_data);
158 	adr_char(&adr, &data_header, 1);	/* token ID */
159 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
160 	adr_char(&adr, &version, 1);		/* version of audit tokens */
161 	adr_short(&adr, &e_type, 1);		/* event ID */
162 	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
163 	adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
164 	adr_char(&adr, (char *)host_info->at_addr,
165 	    (int)host_info->at_type);
166 #ifdef _LP64
167 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
168 #else
169 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
170 #endif
171 	return (token);
172 }
173 
174 /*
175  * au_to_trailer
176  * return s:
177  *	pointer to a trailer token.
178  */
179 token_t *
180 au_to_trailer(void)
181 {
182 	adr_t adr;				/* adr memory stream header */
183 	token_t *token;				/* token pointer */
184 	char data_header = AUT_TRAILER;		/* header for this token */
185 	short magic = (short)AUT_TRAILER_MAGIC;	/* trailer magic number */
186 	int32_t byte_count;
187 
188 	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short));
189 	if (token == NULL)
190 		return (NULL);
191 	adr_start(&adr, token->tt_data);
192 	adr_char(&adr, &data_header, 1);	/* token ID */
193 	adr_short(&adr, &magic, 1);		/* magic number */
194 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
195 
196 	return (token);
197 }
198 
199 /*
200  * au_to_arg32
201  * return s:
202  *	pointer to an argument token.
203  */
204 token_t *
205 au_to_arg32(char n, char *text, uint32_t v)
206 {
207 	token_t *token;			/* local token */
208 	adr_t adr;			/* adr memory stream header */
209 	char data_header = AUT_ARG32;	/* header for this token */
210 	short bytes;			/* length of string */
211 
212 	bytes = strlen(text) + 1;
213 
214 	token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) +
215 	    sizeof (short) + bytes));
216 	if (token == NULL)
217 		return (NULL);
218 	adr_start(&adr, token->tt_data);
219 	adr_char(&adr, &data_header, 1);	/* token type */
220 	adr_char(&adr, &n, 1);			/* argument id */
221 	adr_int32(&adr, (int32_t *)&v, 1);	/* argument value */
222 	adr_short(&adr, &bytes, 1);
223 	adr_char(&adr, text, bytes);
224 
225 	return (token);
226 }
227 
228 /*
229  * au_to_arg64
230  * return s:
231  *	pointer to an argument token.
232  */
233 token_t *
234 au_to_arg64(char n, char *text, uint64_t v)
235 {
236 	token_t *token;			/* local token */
237 	adr_t adr;			/* adr memory stream header */
238 	char data_header = AUT_ARG64;	/* header for this token */
239 	short bytes;			/* length of string */
240 
241 	bytes = strlen(text) + 1;
242 
243 	token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) +
244 	    sizeof (short) + bytes));
245 	if (token == NULL)
246 		return (NULL);
247 	adr_start(&adr, token->tt_data);
248 	adr_char(&adr, &data_header, 1);	/* token type */
249 	adr_char(&adr, &n, 1);			/* argument id */
250 	adr_int64(&adr, (int64_t *)&v, 1);	/* argument value */
251 	adr_short(&adr, &bytes, 1);
252 	adr_char(&adr, text, bytes);
253 
254 	return (token);
255 }
256 
257 
258 /*
259  * au_to_attr
260  * return s:
261  *	pointer to an attribute token.
262  */
263 token_t *
264 au_to_attr(struct vattr *attr)
265 {
266 	token_t *token;			/* local token */
267 	adr_t adr;			/* adr memory stream header */
268 	int32_t value;
269 #ifdef _LP64
270 	char data_header = AUT_ATTR64;	/* header for this token */
271 
272 	token = get_token(sizeof (char) +
273 	    sizeof (int32_t) * 4 +
274 	    sizeof (int64_t) * 2);
275 #else
276 	char data_header = AUT_ATTR32;
277 
278 	token = get_token(sizeof (char) + sizeof (int32_t) * 5 +
279 	    sizeof (int64_t));
280 #endif
281 
282 	if (token == NULL)
283 		return (NULL);
284 	adr_start(&adr, token->tt_data);
285 	adr_char(&adr, &data_header, 1);
286 	value = (int32_t)attr->va_mode;
287 	adr_int32(&adr, &value, 1);
288 	value = (int32_t)attr->va_uid;
289 	adr_int32(&adr, &value, 1);
290 	value = (int32_t)attr->va_gid;
291 	adr_int32(&adr, &value, 1);
292 	adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
293 	adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
294 #ifdef _LP64
295 	adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
296 #else
297 	adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
298 #endif
299 
300 	return (token);
301 }
302 
303 /*
304  * au_to_data
305  * return s:
306  *	pointer to a data token.
307  */
308 token_t *
309 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
310 {
311 	adr_t adr;			/* adr memory stream header */
312 	token_t *token;			/* token pointer */
313 	char data_header = AUT_DATA;	/* header for this token */
314 	int byte_count;			/* number of bytes */
315 
316 	if (p == NULL || unit_count < 1)
317 		return (NULL);
318 
319 	/*
320 	 * Check validity of print type
321 	 */
322 	if (unit_print < AUP_BINARY || unit_print > AUP_STRING)
323 		return (NULL);
324 
325 	switch (unit_type) {
326 	case AUR_SHORT:
327 		byte_count = unit_count * sizeof (short);
328 		break;
329 	case AUR_INT32:
330 		byte_count = unit_count * sizeof (int32_t);
331 		break;
332 	case AUR_INT64:
333 		byte_count = unit_count * sizeof (int64_t);
334 		break;
335 	/* case AUR_CHAR: */
336 	case AUR_BYTE:
337 		byte_count = unit_count * sizeof (char);
338 		break;
339 	default:
340 		return (NULL);
341 	}
342 
343 	token = get_token((int)(4 * sizeof (char) + byte_count));
344 	if (token == NULL)
345 		return (NULL);
346 	adr_start(&adr, token->tt_data);
347 	adr_char(&adr, &data_header, 1);
348 	adr_char(&adr, &unit_print, 1);
349 	adr_char(&adr, &unit_type, 1);
350 	adr_char(&adr, &unit_count, 1);
351 
352 	switch (unit_type) {
353 	case AUR_SHORT:
354 		/* LINTED */
355 		adr_short(&adr, (short *)p, unit_count);
356 		break;
357 	case AUR_INT32:
358 		/* LINTED */
359 		adr_int32(&adr, (int32_t *)p, unit_count);
360 		break;
361 	case AUR_INT64:
362 		/* LINTED */
363 		adr_int64(&adr, (int64_t *)p, unit_count);
364 		break;
365 	/* case AUR_CHAR: */
366 	case AUR_BYTE:
367 		adr_char(&adr, p, unit_count);
368 		break;
369 	}
370 
371 	return (token);
372 }
373 
374 /*
375  * au_to_privset
376  *
377  * priv_type (LIMIT, INHERIT...) is the first string and privilege
378  * in translated into the second string.  The format is as follows:
379  *
380  *	token id	adr_char
381  *	priv type	adr_string (short, string)
382  *	priv set	adr_string (short, string)
383  *
384  * return s:
385  *	pointer to a AUT_PRIV token.
386  */
387 token_t *
388 au_to_privset(const char *priv_type, const priv_set_t *privilege)
389 {
390 	token_t	*token;			/* local token */
391 	adr_t	adr;			/* adr memory stream header */
392 	char	data_header = AUT_PRIV;	/* header for this token */
393 	short	t_bytes;		/* length of type string */
394 	short	p_bytes;		/* length of privilege string */
395 	char	*priv_string;		/* privilege string */
396 
397 	t_bytes = strlen(priv_type) + 1;
398 
399 	if ((privilege == NULL) || (priv_string =
400 	    priv_set_to_str(privilege, ',',
401 	    PRIV_STR_LIT)) == NULL)
402 		return (NULL);
403 
404 	p_bytes = strlen(priv_string) + 1;
405 
406 	token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes
407 	    + p_bytes));
408 	if (token == NULL)
409 		return (NULL);
410 
411 	adr_start(&adr, token->tt_data);
412 	adr_char(&adr, &data_header, 1);
413 	adr_short(&adr, &t_bytes, 1);
414 	adr_char(&adr, (char *)priv_type, t_bytes);
415 	adr_short(&adr, &p_bytes, 1);
416 	adr_char(&adr, priv_string, p_bytes);
417 
418 	free(priv_string);
419 
420 	return (token);
421 }
422 
423 /*
424  * au_to_process
425  * return s:
426  *	pointer to a process token.
427  */
428 
429 token_t *
430 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
431     pid_t pid, au_asid_t sid, au_tid_t *tid)
432 {
433 	token_t *token;			/* local token */
434 	adr_t adr;			/* adr memory stream header */
435 #ifdef _LP64
436 	char data_header = AUT_PROCESS64;	/* header for this token */
437 
438 	token = get_token(sizeof (char) + 8 * sizeof (int32_t) +
439 	    sizeof (int64_t));
440 #else
441 	char data_header = AUT_PROCESS32;
442 
443 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
444 #endif
445 
446 	if (token == NULL)
447 		return (NULL);
448 	adr_start(&adr, token->tt_data);
449 	adr_char(&adr, &data_header, 1);
450 	adr_int32(&adr, (int32_t *)&auid, 1);
451 	adr_int32(&adr, (int32_t *)&euid, 1);
452 	adr_int32(&adr, (int32_t *)&egid, 1);
453 	adr_int32(&adr, (int32_t *)&ruid, 1);
454 	adr_int32(&adr, (int32_t *)&rgid, 1);
455 	adr_int32(&adr, (int32_t *)&pid, 1);
456 	adr_int32(&adr, (int32_t *)&sid, 1);
457 #ifdef _LP64
458 	adr_int64(&adr, (int64_t *)&tid->port, 1);
459 #else
460 	adr_int32(&adr, (int32_t *)&tid->port, 1);
461 #endif
462 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
463 
464 	return (token);
465 }
466 
467 /*
468  * au_to_process_ex
469  * return s:
470  *	pointer to a process_ex token.
471  */
472 token_t *
473 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
474     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
475 {
476 	token_t *token;			/* local token */
477 	adr_t adr;			/* adr memory stream header */
478 	char data_header;		/* header for this token */
479 
480 #ifdef _LP64
481 	if (tid->at_type == AU_IPv6) {
482 		data_header = AUT_PROCESS64_EX;
483 		token = get_token(sizeof (char) + sizeof (int64_t) +
484 		    12 * sizeof (int32_t));
485 	} else {
486 		data_header = AUT_PROCESS64;
487 		token = get_token(sizeof (char) + sizeof (int64_t) +
488 		    8 * sizeof (int32_t));
489 	}
490 #else
491 	if (tid->at_type == AU_IPv6) {
492 		data_header = AUT_PROCESS32_EX;
493 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
494 	} else {
495 		data_header = AUT_PROCESS32;
496 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
497 	}
498 #endif
499 	if (token == NULL)
500 		return (NULL);
501 	adr_start(&adr, token->tt_data);
502 	adr_char(&adr, &data_header, 1);
503 	adr_int32(&adr, (int32_t *)&auid, 1);
504 	adr_int32(&adr, (int32_t *)&euid, 1);
505 	adr_int32(&adr, (int32_t *)&egid, 1);
506 	adr_int32(&adr, (int32_t *)&ruid, 1);
507 	adr_int32(&adr, (int32_t *)&rgid, 1);
508 	adr_int32(&adr, (int32_t *)&pid, 1);
509 	adr_int32(&adr, (int32_t *)&sid, 1);
510 #ifdef _LP64
511 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
512 #else
513 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
514 #endif
515 	if (tid->at_type == AU_IPv6) {
516 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
517 		adr_char(&adr, (char *)tid->at_addr, 16);
518 	} else {
519 		adr_char(&adr, (char *)tid->at_addr, 4);
520 	}
521 
522 	return (token);
523 }
524 
525 /*
526  * au_to_seq
527  * return s:
528  *	pointer to token chain containing a sequence token
529  */
530 token_t *
531 au_to_seq(int audit_count)
532 {
533 	token_t *token;			/* local token */
534 	adr_t adr;			/* adr memory stream header */
535 	char data_header = AUT_SEQ;	/* header for this token */
536 
537 	token = get_token(sizeof (char) + sizeof (int32_t));
538 	if (token == NULL)
539 		return (NULL);
540 	adr_start(&adr, token->tt_data);
541 	adr_char(&adr, &data_header, 1);
542 	adr_int32(&adr, (int32_t *)&audit_count, 1);
543 
544 	return (token);
545 }
546 
547 /*
548  * au_to_socket
549  * return s:
550  *	pointer to mbuf chain containing a socket token.
551  */
552 token_t *
553 au_to_socket(struct oldsocket *so)
554 {
555 	adr_t adr;
556 	token_t *token;
557 	char data_header = AUT_SOCKET;
558 	struct inpcb *inp = so->so_pcb;
559 
560 	token = get_token(sizeof (char) + sizeof (short) * 3 +
561 	    sizeof (int32_t) * 2);
562 	if (token == NULL)
563 		return (NULL);
564 	adr_start(&adr, token->tt_data);
565 	adr_char(&adr, &data_header, 1);
566 	adr_short(&adr, (short *)&so->so_type, 1);
567 	adr_short(&adr, (short *)&inp->inp_lport, 1);
568 	adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1);
569 	adr_short(&adr, (short *)&inp->inp_fport, 1);
570 	adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1);
571 
572 	return (token);
573 }
574 
575 /*
576  * au_to_subject
577  * return s:
578  *	pointer to a process token.
579  */
580 
581 token_t *
582 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
583     pid_t pid, au_asid_t sid, au_tid_t *tid)
584 {
585 	token_t *token;			/* local token */
586 	adr_t adr;			/* adr memory stream header */
587 #ifdef _LP64
588 	char data_header = AUT_SUBJECT64;	/* header for this token */
589 
590 	token = get_token(sizeof (char) + sizeof (int64_t) +
591 	    8 * sizeof (int32_t));
592 #else
593 	char data_header = AUT_SUBJECT32;
594 
595 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
596 #endif
597 
598 	if (token == NULL)
599 		return (NULL);
600 	adr_start(&adr, token->tt_data);
601 	adr_char(&adr, &data_header, 1);
602 	adr_int32(&adr, (int32_t *)&auid, 1);
603 	adr_int32(&adr, (int32_t *)&euid, 1);
604 	adr_int32(&adr, (int32_t *)&egid, 1);
605 	adr_int32(&adr, (int32_t *)&ruid, 1);
606 	adr_int32(&adr, (int32_t *)&rgid, 1);
607 	adr_int32(&adr, (int32_t *)&pid, 1);
608 	adr_int32(&adr, (int32_t *)&sid, 1);
609 #ifdef _LP64
610 	adr_int64(&adr, (int64_t *)&tid->port, 1);
611 #else
612 	adr_int32(&adr, (int32_t *)&tid->port, 1);
613 #endif
614 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
615 
616 	return (token);
617 }
618 
619 /*
620  * au_to_subject_ex
621  * return s:
622  *	pointer to a process token.
623  */
624 
625 token_t *
626 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
627     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
628 {
629 	token_t *token;			/* local token */
630 	adr_t adr;			/* adr memory stream header */
631 #ifdef _LP64
632 	char data_header;		/* header for this token */
633 
634 	if (tid->at_type == AU_IPv6) {
635 		data_header = AUT_SUBJECT64_EX;
636 		token = get_token(sizeof (char) + sizeof (int64_t) +
637 		    12 * sizeof (int32_t));
638 	} else {
639 		data_header = AUT_SUBJECT64;
640 		token = get_token(sizeof (char) + sizeof (int64_t) +
641 		    8 * sizeof (int32_t));
642 	}
643 #else
644 	char data_header;		/* header for this token */
645 
646 	if (tid->at_type == AU_IPv6) {
647 		data_header = AUT_SUBJECT32_EX;
648 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
649 	} else {
650 		data_header = AUT_SUBJECT32;
651 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
652 	}
653 #endif
654 
655 	if (token == NULL)
656 		return (NULL);
657 	adr_start(&adr, token->tt_data);
658 	adr_char(&adr, &data_header, 1);
659 	adr_int32(&adr, (int32_t *)&auid, 1);
660 	adr_int32(&adr, (int32_t *)&euid, 1);
661 	adr_int32(&adr, (int32_t *)&egid, 1);
662 	adr_int32(&adr, (int32_t *)&ruid, 1);
663 	adr_int32(&adr, (int32_t *)&rgid, 1);
664 	adr_int32(&adr, (int32_t *)&pid, 1);
665 	adr_int32(&adr, (int32_t *)&sid, 1);
666 #ifdef _LP64
667 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
668 #else
669 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
670 #endif
671 	if (tid->at_type == AU_IPv6) {
672 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
673 		adr_char(&adr, (char *)tid->at_addr, 16);
674 	} else {
675 		adr_char(&adr, (char *)tid->at_addr, 4);
676 	}
677 
678 	return (token);
679 }
680 
681 /*
682  * au_to_me
683  * return s:
684  *	pointer to a process token.
685  */
686 
687 token_t *
688 au_to_me(void)
689 {
690 	auditinfo_addr_t info;
691 
692 	if (getaudit_addr(&info, sizeof (info)))
693 		return (NULL);
694 	return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(),
695 	    getgid(), getpid(), info.ai_asid, &info.ai_termid));
696 }
697 /*
698  * au_to_text
699  * return s:
700  *	pointer to a text token.
701  */
702 token_t *
703 au_to_text(char *text)
704 {
705 	token_t *token;			/* local token */
706 	adr_t adr;			/* adr memory stream header */
707 	char data_header = AUT_TEXT;	/* header for this token */
708 	short bytes;			/* length of string */
709 
710 	bytes = strlen(text) + 1;
711 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
712 	if (token == NULL)
713 		return (NULL);
714 	adr_start(&adr, token->tt_data);
715 	adr_char(&adr, &data_header, 1);
716 	adr_short(&adr, &bytes, 1);
717 	adr_char(&adr, text, bytes);
718 
719 	return (token);
720 }
721 
722 /*
723  * au_to_path
724  * return s:
725  *	pointer to a path token.
726  */
727 token_t *
728 au_to_path(char *path)
729 {
730 	token_t *token;			/* local token */
731 	adr_t adr;			/* adr memory stream header */
732 	char data_header = AUT_PATH;	/* header for this token */
733 	short bytes;			/* length of string */
734 
735 	bytes = (short)strlen(path) + 1;
736 
737 	token = get_token((int)(sizeof (char) +  sizeof (short) + bytes));
738 	if (token == NULL)
739 		return (NULL);
740 	adr_start(&adr, token->tt_data);
741 	adr_char(&adr, &data_header, 1);
742 	adr_short(&adr, &bytes, 1);
743 	adr_char(&adr, path, bytes);
744 
745 	return (token);
746 }
747 
748 /*
749  * au_to_cmd
750  * return s:
751  *	pointer to an command line argument token
752  */
753 token_t *
754 au_to_cmd(uint_t argc, char **argv, char **envp)
755 {
756 	token_t *token;			/* local token */
757 	adr_t adr;			/* adr memory stream header */
758 	char data_header = AUT_CMD;	/* header for this token */
759 	short len = 0;
760 	short cnt = 0;
761 	short envc = 0;
762 	short largc = (short)argc;
763 
764 	/*
765 	 * one char for the header, one short for argc,
766 	 * one short for # envp strings.
767 	 */
768 	len = sizeof (char) + sizeof (short) + sizeof (short);
769 
770 	/* get sizes of strings */
771 
772 	for (cnt = 0; cnt < argc; cnt++) {
773 		len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1);
774 	}
775 
776 	if (envp != NULL) {
777 		for (envc = 0; envp[envc] != NULL; envc++) {
778 			len += (short)sizeof (short) +
779 			    (short)(strlen(envp[envc]) + 1);
780 		}
781 	}
782 
783 	token = get_token(len);
784 	if (token == NULL)
785 		return (NULL);
786 
787 	adr_start(&adr, token->tt_data);
788 	adr_char(&adr, &data_header, 1);
789 
790 	adr_short(&adr, &largc, 1);
791 
792 	for (cnt = 0; cnt < argc; cnt++) {
793 		len = (short)(strlen(argv[cnt]) + 1);
794 		adr_short(&adr, &len, 1);
795 		adr_char(&adr, argv[cnt], len);
796 	}
797 
798 	adr_short(&adr, &envc, 1);
799 
800 	for (cnt = 0; cnt < envc; cnt++) {
801 		len = (short)(strlen(envp[cnt]) + 1);
802 		adr_short(&adr, &len, 1);
803 		adr_char(&adr, envp[cnt], len);
804 	}
805 
806 	return (token);
807 }
808 
809 /*
810  * au_to_exit
811  * return s:
812  *	pointer to a exit value token.
813  */
814 token_t *
815 au_to_exit(int retval, int err)
816 {
817 	token_t *token;			/* local token */
818 	adr_t adr;			/* adr memory stream header */
819 	char data_header = AUT_EXIT;	/* header for this token */
820 
821 	token = get_token(sizeof (char) + (2 * sizeof (int32_t)));
822 	if (token == NULL)
823 		return (NULL);
824 	adr_start(&adr, token->tt_data);
825 	adr_char(&adr, &data_header, 1);
826 	adr_int32(&adr, (int32_t *)&retval, 1);
827 	adr_int32(&adr, (int32_t *)&err, 1);
828 
829 	return (token);
830 }
831 
832 /*
833  * au_to_return
834  * return s:
835  *	pointer to a return  value token.
836  */
837 token_t *
838 au_to_return32(char number, uint32_t value)
839 {
840 	token_t *token;				/* local token */
841 	adr_t adr;				/* adr memory stream header */
842 	char data_header = AUT_RETURN32;	/* header for this token */
843 
844 	token = get_token(2 * sizeof (char) + sizeof (int32_t));
845 	if (token == NULL)
846 		return (NULL);
847 	adr_start(&adr, token->tt_data);
848 	adr_char(&adr, &data_header, 1);
849 	adr_char(&adr, &number, 1);
850 	adr_int32(&adr, (int32_t *)&value, 1);
851 
852 	return (token);
853 }
854 
855 /*
856  * au_to_return
857  * return s:
858  *	pointer to a return  value token.
859  */
860 token_t *
861 au_to_return64(char number, uint64_t value)
862 {
863 	token_t *token;				/* local token */
864 	adr_t adr;				/* adr memory stream header */
865 	char data_header = AUT_RETURN64;	/* header for this token */
866 
867 	token = get_token(2 * sizeof (char) + sizeof (int64_t));
868 	if (token == NULL)
869 		return (NULL);
870 	adr_start(&adr, token->tt_data);
871 	adr_char(&adr, &data_header, 1);
872 	adr_char(&adr, &number, 1);
873 	adr_int64(&adr, (int64_t *)&value, 1);
874 
875 	return (token);
876 }
877 
878 
879 /*
880  * au_to_opaque
881  * return s:
882  *	pointer to a opaque token.
883  */
884 token_t *
885 au_to_opaque(char *opaque, short bytes)
886 {
887 	token_t *token;			/* local token */
888 	adr_t adr;			/* adr memory stream header */
889 	char data_header = AUT_OPAQUE;	/* header for this token */
890 
891 	if (bytes < 1)
892 		return (NULL);
893 
894 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
895 	if (token == NULL)
896 		return (NULL);
897 	adr_start(&adr, token->tt_data);
898 	adr_char(&adr, &data_header, 1);
899 	adr_short(&adr, &bytes, 1);
900 	adr_char(&adr, opaque, bytes);
901 
902 	return (token);
903 }
904 
905 /*
906  * au_to_in_addr
907  * return s:
908  *	pointer to a internet address token
909  */
910 token_t *
911 au_to_in_addr(struct in_addr *internet_addr)
912 {
913 	token_t *token;			/* local token */
914 	adr_t adr;			/* adr memory stream header */
915 	char data_header = AUT_IN_ADDR;	/* header for this token */
916 
917 	token = get_token(sizeof (char) + sizeof (uint32_t));
918 	if (token == NULL)
919 		return (NULL);
920 	adr_start(&adr, token->tt_data);
921 	adr_char(&adr, &data_header, 1);
922 	adr_int32(&adr, (int32_t *)internet_addr, 1);
923 
924 	return (token);
925 }
926 
927 /*
928  * au_to_iport
929  * return s:
930  *	pointer to token chain containing a ip port address token
931  */
932 token_t *
933 au_to_iport(ushort_t iport)
934 {
935 	token_t *token;			/* local token */
936 	adr_t adr;			/* adr memory stream header */
937 	char data_header = AUT_IPORT;	/* header for this token */
938 
939 	token = get_token(sizeof (char) + sizeof (short));
940 	if (token == NULL)
941 		return (NULL);
942 	adr_start(&adr, token->tt_data);
943 	adr_char(&adr, &data_header, 1);
944 	adr_short(&adr, (short *)&iport, 1);
945 
946 	return (token);
947 }
948 
949 token_t *
950 au_to_ipc(char type, int id)
951 {
952 	token_t *token;			/* local token */
953 	adr_t adr;			/* adr memory stream header */
954 	char data_header = AUT_IPC;	/* header for this token */
955 
956 	token = get_token((2 * sizeof (char)) + sizeof (int32_t));
957 	if (token == NULL)
958 		return (NULL);
959 	adr_start(&adr, token->tt_data);
960 	adr_char(&adr, &data_header, 1);
961 	adr_char(&adr, &type, 1);
962 	adr_int32(&adr, (int32_t *)&id, 1);
963 
964 	return (token);
965 }
966 
967 /*
968  * au_to_tid
969  *
970  * output format depends on type; at present only IP v4 and v6 addresses
971  * are defined.
972  *
973  * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type,
974  *		32 bit IP address.
975  * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type,
976  *		4 x 32 bit IP address.
977  *
978  */
979 token_t *
980 au_to_tid(au_generic_tid_t *tid)
981 {
982 	char		data_header = AUT_TID;	/* header for this token */
983 	adr_t		adr;			/* adr memory stream header */
984 	token_t		*token;			/* local token */
985 	au_ip_t		*ip;
986 
987 	switch (tid->gt_type) {
988 	case AU_IPADR:
989 		ip = &(tid->gt_adr.at_ip);
990 		token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) +
991 			sizeof (uint32_t) + ip->at_type));
992 		if (token == NULL)
993 			return (NULL);
994 
995 		adr_start(&adr, token->tt_data);
996 		adr_char(&adr, &data_header, 1);
997 		adr_char(&adr, (char *)&(tid->gt_type), 1);
998 		adr_short(&adr, (short *)&(ip->at_r_port), 1);
999 		adr_short(&adr, (short *)&(ip->at_l_port), 1);
1000 		adr_int32(&adr, (int32_t *)&(ip->at_type), 1);
1001 
1002 		adr_char(&adr, (char *)ip->at_addr, ip->at_type);
1003 
1004 		break;
1005 	default:
1006 		return (NULL);
1007 	}
1008 	return (token);
1009 }
1010 
1011 /*
1012  * The Modifier tokens
1013  */
1014 
1015 /*
1016  * au_to_groups
1017  * return s:
1018  *	pointer to a group list token.
1019  *
1020  * This function is obsolete.  Please use au_to_newgroups.
1021  */
1022 token_t *
1023 au_to_groups(int *groups)
1024 {
1025 	token_t *token;			/* local token */
1026 	adr_t adr;			/* adr memory stream header */
1027 	char data_header = AUT_GROUPS;	/* header for this token */
1028 
1029 	token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t));
1030 	if (token == NULL)
1031 		return (NULL);
1032 	adr_start(&adr, token->tt_data);
1033 	adr_char(&adr, &data_header, 1);
1034 	adr_int32(&adr, (int32_t *)groups, NGROUPS);
1035 
1036 	return (token);
1037 }
1038 
1039 /*
1040  * au_to_newgroups
1041  * return s:
1042  *	pointer to a group list token.
1043  */
1044 token_t *
1045 au_to_newgroups(int n, gid_t *groups)
1046 {
1047 	token_t *token;			/* local token */
1048 	adr_t adr;			/* adr memory stream header */
1049 	char data_header = AUT_NEWGROUPS;	/* header for this token */
1050 	short n_groups;
1051 
1052 	if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL)
1053 		return (NULL);
1054 	token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t));
1055 	if (token == NULL)
1056 		return (NULL);
1057 	n_groups = (short)n;
1058 	adr_start(&adr, token->tt_data);
1059 	adr_char(&adr, &data_header, 1);
1060 	adr_short(&adr, &n_groups, 1);
1061 	adr_int32(&adr, (int32_t *)groups, n_groups);
1062 
1063 	return (token);
1064 }
1065 
1066 /*
1067  * au_to_exec_args
1068  * returns:
1069  *	pointer to an exec args token.
1070  */
1071 token_t *
1072 au_to_exec_args(char **argv)
1073 {
1074 	return (au_to_exec(argv, AUT_EXEC_ARGS));
1075 }
1076 
1077 /*
1078  * au_to_exec_env
1079  * returns:
1080  *	pointer to an exec args token.
1081  */
1082 token_t *
1083 au_to_exec_env(char **envp)
1084 {
1085 	return (au_to_exec(envp, AUT_EXEC_ENV));
1086 }
1087 
1088 /*
1089  * au_to_exec
1090  * returns:
1091  *	pointer to an exec args token.
1092  */
1093 static token_t *
1094 au_to_exec(char **v, char data_header)
1095 {
1096 	token_t *token;
1097 	adr_t adr;
1098 	char **p;
1099 	int32_t n = 0;
1100 	int len = 0;
1101 
1102 	for (p = v; *p != NULL; p++) {
1103 		len += strlen(*p) + 1;
1104 		n++;
1105 	}
1106 	token = get_token(sizeof (char) + sizeof (int32_t) + len);
1107 	if (token == (token_t *)NULL)
1108 		return ((token_t *)NULL);
1109 	adr_start(&adr, token->tt_data);
1110 	adr_char(&adr, &data_header, 1);
1111 	adr_int32(&adr, &n, 1);
1112 	for (p = v; *p != NULL; p++) {
1113 		adr_char(&adr, *p, strlen(*p) + 1);
1114 	}
1115 	return (token);
1116 }
1117 
1118 /*
1119  * au_to_uauth
1120  * return s:
1121  *	pointer to a uauth token.
1122  */
1123 token_t *
1124 au_to_uauth(char *text)
1125 {
1126 	token_t *token;			/* local token */
1127 	adr_t adr;			/* adr memory stream header */
1128 	char data_header = AUT_UAUTH;	/* header for this token */
1129 	short bytes;			/* length of string */
1130 
1131 	bytes = strlen(text) + 1;
1132 
1133 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1134 	if (token == NULL)
1135 		return (NULL);
1136 	adr_start(&adr, token->tt_data);
1137 	adr_char(&adr, &data_header, 1);
1138 	adr_short(&adr, &bytes, 1);
1139 	adr_char(&adr, text, bytes);
1140 
1141 	return (token);
1142 }
1143 
1144 /*
1145  * au_to_xatom
1146  * return s:
1147  *	pointer to a xatom token.
1148  */
1149 token_t *
1150 au_to_xatom(ushort_t len, char *atom)
1151 {
1152 	token_t *token;			/* local token */
1153 	adr_t adr;			/* adr memory stream header */
1154 	char data_header = AUT_XATOM;	/* header for this token */
1155 
1156 	token = get_token((int)(sizeof (char) + sizeof (ushort_t) + len));
1157 	if (token == NULL)
1158 		return (NULL);
1159 	adr_start(&adr, token->tt_data);
1160 	adr_char(&adr, &data_header, 1);
1161 	adr_short(&adr, (short *)&len, 1);
1162 	adr_char(&adr, atom, len);
1163 
1164 	return (token);
1165 }
1166 
1167 /*
1168  * au_to_xproto
1169  * return s:
1170  *	pointer to a X protocol token.
1171  */
1172 token_t *
1173 au_to_xproto(pid_t pid)
1174 {
1175 	token_t *token;			/* local token */
1176 	adr_t adr;			/* adr memory stream header */
1177 	char data_header = AUT_XPROTO;	/* header for this token */
1178 	int32_t v = pid;
1179 
1180 	token = get_token(sizeof (char) + sizeof (int32_t));
1181 	if (token == NULL)
1182 		return (NULL);
1183 	adr_start(&adr, token->tt_data);
1184 	adr_char(&adr, &data_header, 1);
1185 	adr_int32(&adr, &v, 1);
1186 
1187 	return (token);
1188 }
1189 
1190 /*
1191  * au_to_xobj
1192  * return s:
1193  *	pointer to a X object token.
1194  */
1195 token_t *
1196 au_to_xobj(int oid, int xid, int cuid)
1197 {
1198 	token_t *token;			/* local token */
1199 	adr_t adr;			/* adr memory stream header */
1200 	char data_header = AUT_XOBJ;	/* header for this token */
1201 
1202 	token = get_token(sizeof (char) + 3 * sizeof (int32_t));
1203 	if (token == NULL)
1204 		return (NULL);
1205 	adr_start(&adr, token->tt_data);
1206 	adr_char(&adr, &data_header, 1);
1207 	adr_int32(&adr, (int32_t *)&oid, 1);
1208 	adr_int32(&adr, (int32_t *)&xid, 1);
1209 	adr_int32(&adr, (int32_t *)&cuid, 1);
1210 
1211 	return (token);
1212 }
1213 
1214 /*
1215  * au_to_xselect
1216  * return s:
1217  *	pointer to a X select token.
1218  */
1219 token_t *
1220 au_to_xselect(char *pstring, char *type, short dlen, char *data)
1221 {
1222 	token_t *token;			/* local token */
1223 	adr_t adr;			/* adr memory stream header */
1224 	char data_header = AUT_XSELECT;	/* header for this token */
1225 	short bytes;
1226 
1227 	bytes = strlen(pstring) + strlen(type) + 2 + dlen;
1228 	token = get_token((int)(sizeof (char) + sizeof (short) * 3 + bytes));
1229 	if (token == NULL)
1230 		return (NULL);
1231 	adr_start(&adr, token->tt_data);
1232 	adr_char(&adr, &data_header, 1);
1233 	bytes = strlen(pstring) + 1;
1234 	adr_short(&adr, &bytes, 1);
1235 	adr_char(&adr, pstring, bytes);
1236 	bytes = strlen(type) + 1;
1237 	adr_short(&adr, &bytes, 1);
1238 	adr_char(&adr, type, bytes);
1239 	adr_short(&adr, &dlen, 1);
1240 	adr_char(&adr, data, dlen);
1241 	return (token);
1242 }
1243 
1244 /*
1245  * au_to_zonename
1246  * return s:
1247  *	pointer to a zonename token.
1248  */
1249 token_t *
1250 au_to_zonename(char *name)
1251 {
1252 	token_t *token;			/* local token */
1253 	adr_t adr;			/* adr memory stream header */
1254 	char data_header = AUT_ZONENAME;	/* header for this token */
1255 	short bytes;			/* length of string */
1256 
1257 	if (name == NULL)
1258 		return (NULL);
1259 
1260 	bytes = strlen(name) + 1;
1261 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1262 	if (token == NULL)
1263 		return (NULL);
1264 	adr_start(&adr, token->tt_data);
1265 	adr_char(&adr, &data_header, 1);
1266 	adr_short(&adr, &bytes, 1);
1267 	adr_char(&adr, name, bytes);
1268 
1269 	return (token);
1270 }
1271