17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
545916cd2Sjpk * Common Development and Distribution License (the "License").
645916cd2Sjpk * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
228249a45fSJan Friedel * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
2433f5ff17SMilan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate * Token processing for auditreduce.
307c478bd9Sstevel@tonic-gate */
317c478bd9Sstevel@tonic-gate
327c478bd9Sstevel@tonic-gate #include <locale.h>
337c478bd9Sstevel@tonic-gate #include <sys/zone.h>
347c478bd9Sstevel@tonic-gate #include "auditr.h"
357c478bd9Sstevel@tonic-gate #include "toktable.h"
367c478bd9Sstevel@tonic-gate
377c478bd9Sstevel@tonic-gate extern int re_exec2(char *);
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate static void anchor_path(char *path);
407c478bd9Sstevel@tonic-gate static char *collapse_path(char *s);
417c478bd9Sstevel@tonic-gate static void get_string(adr_t *adr, char **p);
427c478bd9Sstevel@tonic-gate static int ipc_type_match(int flag, char type);
437c478bd9Sstevel@tonic-gate static void skip_string(adr_t *adr);
447c478bd9Sstevel@tonic-gate static int xgeneric(adr_t *adr);
457c478bd9Sstevel@tonic-gate
467c478bd9Sstevel@tonic-gate #if AUDIT_REC
477c478bd9Sstevel@tonic-gate void
print_id(int id)487c478bd9Sstevel@tonic-gate print_id(int id)
497c478bd9Sstevel@tonic-gate {
507c478bd9Sstevel@tonic-gate char *suffix;
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate if ((id < 0) || (id > MAXTOKEN) ||
537c478bd9Sstevel@tonic-gate (tokentable[id].func == NOFUNC)) {
547c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
557c478bd9Sstevel@tonic-gate "token_processing: token %d not found\n", id);
567c478bd9Sstevel@tonic-gate return;
577c478bd9Sstevel@tonic-gate }
587c478bd9Sstevel@tonic-gate
597c478bd9Sstevel@tonic-gate switch (id) {
607c478bd9Sstevel@tonic-gate case AUT_NEWGROUPS:
617c478bd9Sstevel@tonic-gate suffix = "_new";
627c478bd9Sstevel@tonic-gate break;
637c478bd9Sstevel@tonic-gate case AUT_ATTR32:
647c478bd9Sstevel@tonic-gate suffix = "32";
657c478bd9Sstevel@tonic-gate break;
667c478bd9Sstevel@tonic-gate case AUT_ARG64:
677c478bd9Sstevel@tonic-gate case AUT_RETURN64:
687c478bd9Sstevel@tonic-gate case AUT_ATTR64:
697c478bd9Sstevel@tonic-gate case AUT_HEADER64:
707c478bd9Sstevel@tonic-gate case AUT_SUBJECT64:
717c478bd9Sstevel@tonic-gate case AUT_PROCESS64:
727c478bd9Sstevel@tonic-gate case AUT_OTHER_FILE64:
737c478bd9Sstevel@tonic-gate suffix = "64";
747c478bd9Sstevel@tonic-gate break;
757c478bd9Sstevel@tonic-gate case AUT_SOCKET_EX:
767c478bd9Sstevel@tonic-gate case AUT_IN_ADDR_EX:
777c478bd9Sstevel@tonic-gate suffix = "_ex";
787c478bd9Sstevel@tonic-gate break;
797c478bd9Sstevel@tonic-gate case AUT_HEADER32_EX:
807c478bd9Sstevel@tonic-gate case AUT_SUBJECT32_EX:
817c478bd9Sstevel@tonic-gate case AUT_PROCESS32_EX:
827c478bd9Sstevel@tonic-gate suffix = "32_ex";
837c478bd9Sstevel@tonic-gate break;
847c478bd9Sstevel@tonic-gate case AUT_HEADER64_EX:
857c478bd9Sstevel@tonic-gate case AUT_SUBJECT64_EX:
867c478bd9Sstevel@tonic-gate case AUT_PROCESS64_EX:
877c478bd9Sstevel@tonic-gate suffix = "64_ex";
887c478bd9Sstevel@tonic-gate break;
897c478bd9Sstevel@tonic-gate default:
907c478bd9Sstevel@tonic-gate suffix = "";
917c478bd9Sstevel@tonic-gate break;
927c478bd9Sstevel@tonic-gate }
937c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "token_processing: %s%s\n",
947c478bd9Sstevel@tonic-gate tokentable[id].t_name, suffix);
957c478bd9Sstevel@tonic-gate }
967c478bd9Sstevel@tonic-gate #endif /* AUDIT_REC */
977c478bd9Sstevel@tonic-gate
987c478bd9Sstevel@tonic-gate /*
997c478bd9Sstevel@tonic-gate * Process a token in a record to determine whether the record is interesting.
1007c478bd9Sstevel@tonic-gate */
1017c478bd9Sstevel@tonic-gate
1027c478bd9Sstevel@tonic-gate int
token_processing(adr_t * adr,int tokenid)1037c478bd9Sstevel@tonic-gate token_processing(adr_t *adr, int tokenid)
1047c478bd9Sstevel@tonic-gate {
1057c478bd9Sstevel@tonic-gate if ((tokenid > 0) && (tokenid <= MAXTOKEN) &&
1067c478bd9Sstevel@tonic-gate (tokentable[tokenid].func != NOFUNC)) {
1077c478bd9Sstevel@tonic-gate #if AUDIT_REC
1087c478bd9Sstevel@tonic-gate print_id(tokenid);
1097c478bd9Sstevel@tonic-gate #endif /* AUDIT_REC */
1107c478bd9Sstevel@tonic-gate return ((*tokentable[tokenid].func)(adr));
1117c478bd9Sstevel@tonic-gate }
1127c478bd9Sstevel@tonic-gate
1137c478bd9Sstevel@tonic-gate /* here if token id is not in table */
1147c478bd9Sstevel@tonic-gate return (-2);
1157c478bd9Sstevel@tonic-gate }
1167c478bd9Sstevel@tonic-gate
1177c478bd9Sstevel@tonic-gate
1187c478bd9Sstevel@tonic-gate /* There should not be any file or header tokens in the middle of a record */
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate /* ARGSUSED */
1217c478bd9Sstevel@tonic-gate int
file_token(adr_t * adr)1227c478bd9Sstevel@tonic-gate file_token(adr_t *adr)
1237c478bd9Sstevel@tonic-gate {
1247c478bd9Sstevel@tonic-gate return (-2);
1257c478bd9Sstevel@tonic-gate }
1267c478bd9Sstevel@tonic-gate
1277c478bd9Sstevel@tonic-gate /* ARGSUSED */
1287c478bd9Sstevel@tonic-gate int
file64_token(adr_t * adr)1297c478bd9Sstevel@tonic-gate file64_token(adr_t *adr)
1307c478bd9Sstevel@tonic-gate {
1317c478bd9Sstevel@tonic-gate return (-2);
1327c478bd9Sstevel@tonic-gate }
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate /* ARGSUSED */
1357c478bd9Sstevel@tonic-gate int
header_token(adr_t * adr)1367c478bd9Sstevel@tonic-gate header_token(adr_t *adr)
1377c478bd9Sstevel@tonic-gate {
1387c478bd9Sstevel@tonic-gate return (-2);
1397c478bd9Sstevel@tonic-gate }
1407c478bd9Sstevel@tonic-gate
1417c478bd9Sstevel@tonic-gate /* ARGSUSED */
1427c478bd9Sstevel@tonic-gate int
header32_ex_token(adr_t * adr)1437c478bd9Sstevel@tonic-gate header32_ex_token(adr_t *adr)
1447c478bd9Sstevel@tonic-gate {
1457c478bd9Sstevel@tonic-gate return (-2);
1467c478bd9Sstevel@tonic-gate }
1477c478bd9Sstevel@tonic-gate
1487c478bd9Sstevel@tonic-gate /* ARGSUSED */
1497c478bd9Sstevel@tonic-gate int
header64_ex_token(adr_t * adr)1507c478bd9Sstevel@tonic-gate header64_ex_token(adr_t *adr)
1517c478bd9Sstevel@tonic-gate {
1527c478bd9Sstevel@tonic-gate return (-2);
1537c478bd9Sstevel@tonic-gate }
1547c478bd9Sstevel@tonic-gate
1557c478bd9Sstevel@tonic-gate /* ARGSUSED */
1567c478bd9Sstevel@tonic-gate int
header64_token(adr_t * adr)1577c478bd9Sstevel@tonic-gate header64_token(adr_t *adr)
1587c478bd9Sstevel@tonic-gate {
1597c478bd9Sstevel@tonic-gate return (-2);
1607c478bd9Sstevel@tonic-gate }
1617c478bd9Sstevel@tonic-gate
1627c478bd9Sstevel@tonic-gate
1637c478bd9Sstevel@tonic-gate /*
1647c478bd9Sstevel@tonic-gate * ======================================================
1657c478bd9Sstevel@tonic-gate * The following token processing routines return
1667c478bd9Sstevel@tonic-gate * -1: if the record is not interesting
1677c478bd9Sstevel@tonic-gate * -2: if an error is found
1687c478bd9Sstevel@tonic-gate * ======================================================
1697c478bd9Sstevel@tonic-gate */
1707c478bd9Sstevel@tonic-gate
1717c478bd9Sstevel@tonic-gate int
trailer_token(adr_t * adr)1727c478bd9Sstevel@tonic-gate trailer_token(adr_t *adr)
1737c478bd9Sstevel@tonic-gate {
1747c478bd9Sstevel@tonic-gate short magic_number;
1757c478bd9Sstevel@tonic-gate uint32_t bytes;
1767c478bd9Sstevel@tonic-gate
1777c478bd9Sstevel@tonic-gate adrm_u_short(adr, (ushort_t *)&magic_number, 1);
1787c478bd9Sstevel@tonic-gate if (magic_number != AUT_TRAILER_MAGIC) {
1797c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n",
180a7746f66Stz gettext("auditreduce: Bad trailer token"));
1817c478bd9Sstevel@tonic-gate return (-2);
1827c478bd9Sstevel@tonic-gate }
1837c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &bytes, 1);
1847c478bd9Sstevel@tonic-gate
1857c478bd9Sstevel@tonic-gate return (-1);
1867c478bd9Sstevel@tonic-gate }
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate
1897c478bd9Sstevel@tonic-gate /*
1907c478bd9Sstevel@tonic-gate * Format of arbitrary data token:
1917c478bd9Sstevel@tonic-gate * arbitrary data token id adr char
1927c478bd9Sstevel@tonic-gate * how to print adr_char
1937c478bd9Sstevel@tonic-gate * basic unit adr_char
1947c478bd9Sstevel@tonic-gate * unit count adr_char, specifying number of units of
1957c478bd9Sstevel@tonic-gate * data items depends on basic unit
1967c478bd9Sstevel@tonic-gate */
1977c478bd9Sstevel@tonic-gate int
arbitrary_data_token(adr_t * adr)1987c478bd9Sstevel@tonic-gate arbitrary_data_token(adr_t *adr)
1997c478bd9Sstevel@tonic-gate {
2007c478bd9Sstevel@tonic-gate int i;
2017c478bd9Sstevel@tonic-gate char c1;
2027c478bd9Sstevel@tonic-gate short c2;
2037c478bd9Sstevel@tonic-gate int32_t c3;
2047c478bd9Sstevel@tonic-gate int64_t c4;
2057c478bd9Sstevel@tonic-gate char how_to_print, basic_unit, unit_count;
2067c478bd9Sstevel@tonic-gate
2077c478bd9Sstevel@tonic-gate /* get how_to_print, basic_unit, and unit_count */
2087c478bd9Sstevel@tonic-gate adrm_char(adr, &how_to_print, 1);
2097c478bd9Sstevel@tonic-gate adrm_char(adr, &basic_unit, 1);
2107c478bd9Sstevel@tonic-gate adrm_char(adr, &unit_count, 1);
2117c478bd9Sstevel@tonic-gate for (i = 0; i < unit_count; i++) {
2127c478bd9Sstevel@tonic-gate switch (basic_unit) {
2137c478bd9Sstevel@tonic-gate /* case AUR_BYTE: has same value as AUR_CHAR */
2147c478bd9Sstevel@tonic-gate case AUR_CHAR:
2157c478bd9Sstevel@tonic-gate adrm_char(adr, &c1, 1);
2167c478bd9Sstevel@tonic-gate break;
2177c478bd9Sstevel@tonic-gate case AUR_SHORT:
2187c478bd9Sstevel@tonic-gate adrm_short(adr, &c2, 1);
2197c478bd9Sstevel@tonic-gate break;
2207c478bd9Sstevel@tonic-gate case AUR_INT32:
2217c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&c3, 1);
2227c478bd9Sstevel@tonic-gate break;
2237c478bd9Sstevel@tonic-gate case AUR_INT64:
2247c478bd9Sstevel@tonic-gate adrm_int64(adr, (int64_t *)&c4, 1);
2257c478bd9Sstevel@tonic-gate break;
2267c478bd9Sstevel@tonic-gate default:
2277c478bd9Sstevel@tonic-gate return (-2);
2287c478bd9Sstevel@tonic-gate }
2297c478bd9Sstevel@tonic-gate }
2307c478bd9Sstevel@tonic-gate return (-1);
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate
2347c478bd9Sstevel@tonic-gate /*
2357c478bd9Sstevel@tonic-gate * Format of opaque token:
2367c478bd9Sstevel@tonic-gate * opaque token id adr_char
2377c478bd9Sstevel@tonic-gate * size adr_short
2387c478bd9Sstevel@tonic-gate * data adr_char, size times
2397c478bd9Sstevel@tonic-gate */
2407c478bd9Sstevel@tonic-gate int
opaque_token(adr_t * adr)2417c478bd9Sstevel@tonic-gate opaque_token(adr_t *adr)
2427c478bd9Sstevel@tonic-gate {
2437c478bd9Sstevel@tonic-gate skip_string(adr);
2447c478bd9Sstevel@tonic-gate return (-1);
2457c478bd9Sstevel@tonic-gate }
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gate
2497c478bd9Sstevel@tonic-gate /*
2507c478bd9Sstevel@tonic-gate * Format of return32 value token:
2517c478bd9Sstevel@tonic-gate * return value token id adr_char
2527c478bd9Sstevel@tonic-gate * error number adr_char
2537c478bd9Sstevel@tonic-gate * return value adr_u_int32
2547c478bd9Sstevel@tonic-gate */
2557c478bd9Sstevel@tonic-gate int
return_value32_token(adr_t * adr)2567c478bd9Sstevel@tonic-gate return_value32_token(adr_t *adr)
2577c478bd9Sstevel@tonic-gate {
2587c478bd9Sstevel@tonic-gate char errnum;
2597c478bd9Sstevel@tonic-gate uint32_t value;
2607c478bd9Sstevel@tonic-gate
2617c478bd9Sstevel@tonic-gate adrm_char(adr, &errnum, 1);
2627c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &value, 1);
2637c478bd9Sstevel@tonic-gate if ((flags & M_SORF) &&
264a7746f66Stz ((global_class & mask.am_success) && (errnum == 0)) ||
265a7746f66Stz ((global_class & mask.am_failure) && (errnum != 0))) {
266a7746f66Stz checkflags |= M_SORF;
2677c478bd9Sstevel@tonic-gate }
2687c478bd9Sstevel@tonic-gate return (-1);
2697c478bd9Sstevel@tonic-gate }
2707c478bd9Sstevel@tonic-gate
2717c478bd9Sstevel@tonic-gate /*
2727c478bd9Sstevel@tonic-gate * Format of return64 value token:
2737c478bd9Sstevel@tonic-gate * return value token id adr_char
2747c478bd9Sstevel@tonic-gate * error number adr_char
2757c478bd9Sstevel@tonic-gate * return value adr_u_int64
2767c478bd9Sstevel@tonic-gate */
2777c478bd9Sstevel@tonic-gate int
return_value64_token(adr_t * adr)2787c478bd9Sstevel@tonic-gate return_value64_token(adr_t *adr)
2797c478bd9Sstevel@tonic-gate {
2807c478bd9Sstevel@tonic-gate char errnum;
2817c478bd9Sstevel@tonic-gate uint64_t value;
2827c478bd9Sstevel@tonic-gate
2837c478bd9Sstevel@tonic-gate adrm_char(adr, &errnum, 1);
2847c478bd9Sstevel@tonic-gate adrm_u_int64(adr, &value, 1);
2857c478bd9Sstevel@tonic-gate if ((flags & M_SORF) &&
286a7746f66Stz ((global_class & mask.am_success) && (errnum == 0)) ||
287a7746f66Stz ((global_class & mask.am_failure) && (errnum != 0))) {
288a7746f66Stz checkflags |= M_SORF;
2897c478bd9Sstevel@tonic-gate }
2907c478bd9Sstevel@tonic-gate return (-1);
2917c478bd9Sstevel@tonic-gate }
2927c478bd9Sstevel@tonic-gate
2937c478bd9Sstevel@tonic-gate
2947c478bd9Sstevel@tonic-gate /*
2957c478bd9Sstevel@tonic-gate * Format of sequence token:
2967c478bd9Sstevel@tonic-gate * sequence token id adr_char
2977c478bd9Sstevel@tonic-gate * audit_count int32_t
2987c478bd9Sstevel@tonic-gate */
2997c478bd9Sstevel@tonic-gate int
sequence_token(adr_t * adr)3007c478bd9Sstevel@tonic-gate sequence_token(adr_t *adr)
3017c478bd9Sstevel@tonic-gate {
3027c478bd9Sstevel@tonic-gate int32_t audit_count;
3037c478bd9Sstevel@tonic-gate
3047c478bd9Sstevel@tonic-gate adrm_int32(adr, &audit_count, 1);
3057c478bd9Sstevel@tonic-gate return (-1);
3067c478bd9Sstevel@tonic-gate }
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate
3097c478bd9Sstevel@tonic-gate /*
3107c478bd9Sstevel@tonic-gate * Format of text token:
3117c478bd9Sstevel@tonic-gate * text token id adr_char
3127c478bd9Sstevel@tonic-gate * text adr_string
3137c478bd9Sstevel@tonic-gate */
3147c478bd9Sstevel@tonic-gate int
text_token(adr_t * adr)3157c478bd9Sstevel@tonic-gate text_token(adr_t *adr)
3167c478bd9Sstevel@tonic-gate {
3177c478bd9Sstevel@tonic-gate skip_string(adr);
3187c478bd9Sstevel@tonic-gate return (-1);
3197c478bd9Sstevel@tonic-gate }
3207c478bd9Sstevel@tonic-gate
3217c478bd9Sstevel@tonic-gate
3227c478bd9Sstevel@tonic-gate /*
3237c478bd9Sstevel@tonic-gate * Format of ip_addr token:
3247c478bd9Sstevel@tonic-gate * ip token id adr_char
3257c478bd9Sstevel@tonic-gate * address adr_int32
3267c478bd9Sstevel@tonic-gate */
3277c478bd9Sstevel@tonic-gate int
ip_addr_token(adr_t * adr)3287c478bd9Sstevel@tonic-gate ip_addr_token(adr_t *adr)
3297c478bd9Sstevel@tonic-gate {
3307c478bd9Sstevel@tonic-gate int32_t address;
3317c478bd9Sstevel@tonic-gate
3327c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&address, 4);
3337c478bd9Sstevel@tonic-gate
3347c478bd9Sstevel@tonic-gate return (-1);
3357c478bd9Sstevel@tonic-gate }
3367c478bd9Sstevel@tonic-gate
3377c478bd9Sstevel@tonic-gate /*
3387c478bd9Sstevel@tonic-gate * Format of ip_addr_ex token:
3397c478bd9Sstevel@tonic-gate * ip token id adr_char
3407c478bd9Sstevel@tonic-gate * ip type adr_int32
3418249a45fSJan Friedel * ip address adr_u_char*type
3427c478bd9Sstevel@tonic-gate */
3437c478bd9Sstevel@tonic-gate int
ip_addr_ex_token(adr_t * adr)3447c478bd9Sstevel@tonic-gate ip_addr_ex_token(adr_t *adr)
3457c478bd9Sstevel@tonic-gate {
3467c478bd9Sstevel@tonic-gate int32_t type;
3478249a45fSJan Friedel uchar_t address[16];
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&type, 1);
3508249a45fSJan Friedel adrm_u_char(adr, address, type);
3517c478bd9Sstevel@tonic-gate
3527c478bd9Sstevel@tonic-gate return (-1);
3537c478bd9Sstevel@tonic-gate }
3547c478bd9Sstevel@tonic-gate
3557c478bd9Sstevel@tonic-gate /*
3567c478bd9Sstevel@tonic-gate * Format of ip token:
3577c478bd9Sstevel@tonic-gate * ip header token id adr_char
3587c478bd9Sstevel@tonic-gate * version adr_char
3597c478bd9Sstevel@tonic-gate * type of service adr_char
3607c478bd9Sstevel@tonic-gate * length adr_short
3617c478bd9Sstevel@tonic-gate * id adr_u_short
3627c478bd9Sstevel@tonic-gate * offset adr_u_short
3637c478bd9Sstevel@tonic-gate * ttl adr_char
3647c478bd9Sstevel@tonic-gate * protocol adr_char
3657c478bd9Sstevel@tonic-gate * checksum adr_u_short
3667c478bd9Sstevel@tonic-gate * source address adr_int32
3677c478bd9Sstevel@tonic-gate * destination address adr_int32
3687c478bd9Sstevel@tonic-gate */
3697c478bd9Sstevel@tonic-gate int
ip_token(adr_t * adr)3707c478bd9Sstevel@tonic-gate ip_token(adr_t *adr)
3717c478bd9Sstevel@tonic-gate {
3727c478bd9Sstevel@tonic-gate char version;
3737c478bd9Sstevel@tonic-gate char type;
3747c478bd9Sstevel@tonic-gate short len;
3757c478bd9Sstevel@tonic-gate unsigned short id, offset, checksum;
3767c478bd9Sstevel@tonic-gate char ttl, protocol;
3777c478bd9Sstevel@tonic-gate int32_t src, dest;
3787c478bd9Sstevel@tonic-gate
3797c478bd9Sstevel@tonic-gate adrm_char(adr, &version, 1);
3807c478bd9Sstevel@tonic-gate adrm_char(adr, &type, 1);
3817c478bd9Sstevel@tonic-gate adrm_short(adr, &len, 1);
3827c478bd9Sstevel@tonic-gate adrm_u_short(adr, &id, 1);
3837c478bd9Sstevel@tonic-gate adrm_u_short(adr, &offset, 1);
3847c478bd9Sstevel@tonic-gate adrm_char(adr, &ttl, 1);
3857c478bd9Sstevel@tonic-gate adrm_char(adr, &protocol, 1);
3867c478bd9Sstevel@tonic-gate adrm_u_short(adr, &checksum, 1);
3877c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&src, 4);
3887c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&dest, 4);
3897c478bd9Sstevel@tonic-gate
3907c478bd9Sstevel@tonic-gate return (-1);
3917c478bd9Sstevel@tonic-gate }
3927c478bd9Sstevel@tonic-gate
3937c478bd9Sstevel@tonic-gate
3947c478bd9Sstevel@tonic-gate /*
3957c478bd9Sstevel@tonic-gate * Format of iport token:
3967c478bd9Sstevel@tonic-gate * ip port address token id adr_char
3977c478bd9Sstevel@tonic-gate * port address adr_short
3987c478bd9Sstevel@tonic-gate */
3997c478bd9Sstevel@tonic-gate int
iport_token(adr_t * adr)4007c478bd9Sstevel@tonic-gate iport_token(adr_t *adr)
4017c478bd9Sstevel@tonic-gate {
4027c478bd9Sstevel@tonic-gate short address;
4037c478bd9Sstevel@tonic-gate
4047c478bd9Sstevel@tonic-gate adrm_short(adr, &address, 1);
4057c478bd9Sstevel@tonic-gate
4067c478bd9Sstevel@tonic-gate return (-1);
4077c478bd9Sstevel@tonic-gate }
4087c478bd9Sstevel@tonic-gate
4097c478bd9Sstevel@tonic-gate
4107c478bd9Sstevel@tonic-gate /*
4117c478bd9Sstevel@tonic-gate * Format of groups token:
4127c478bd9Sstevel@tonic-gate * group token id adr_char
4137c478bd9Sstevel@tonic-gate * group list adr_int32, 16 times
4147c478bd9Sstevel@tonic-gate */
4157c478bd9Sstevel@tonic-gate int
group_token(adr_t * adr)4167c478bd9Sstevel@tonic-gate group_token(adr_t *adr)
4177c478bd9Sstevel@tonic-gate {
4187c478bd9Sstevel@tonic-gate int gid[16];
4197c478bd9Sstevel@tonic-gate int i;
4207c478bd9Sstevel@tonic-gate int flag = 0;
4217c478bd9Sstevel@tonic-gate
4227c478bd9Sstevel@tonic-gate for (i = 0; i < 16; i++) {
4237c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&gid[i], 1);
4247c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
4257c478bd9Sstevel@tonic-gate if ((unsigned short)m_groupr == gid[i])
4267c478bd9Sstevel@tonic-gate flag = 1;
4277c478bd9Sstevel@tonic-gate }
4287c478bd9Sstevel@tonic-gate }
4297c478bd9Sstevel@tonic-gate
4307c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
4317c478bd9Sstevel@tonic-gate if (flag)
4327c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
4337c478bd9Sstevel@tonic-gate }
4347c478bd9Sstevel@tonic-gate return (-1);
4357c478bd9Sstevel@tonic-gate }
4367c478bd9Sstevel@tonic-gate
4377c478bd9Sstevel@tonic-gate /*
4387c478bd9Sstevel@tonic-gate * Format of newgroups token:
4397c478bd9Sstevel@tonic-gate * group token id adr_char
4407c478bd9Sstevel@tonic-gate * number of groups adr_short
4417c478bd9Sstevel@tonic-gate * group list adr_int32, "number" times
4427c478bd9Sstevel@tonic-gate */
4437c478bd9Sstevel@tonic-gate int
newgroup_token(adr_t * adr)4447c478bd9Sstevel@tonic-gate newgroup_token(adr_t *adr)
4457c478bd9Sstevel@tonic-gate {
4467c478bd9Sstevel@tonic-gate gid_t gid;
4477c478bd9Sstevel@tonic-gate int i;
4487c478bd9Sstevel@tonic-gate short int number;
4497c478bd9Sstevel@tonic-gate
4507c478bd9Sstevel@tonic-gate adrm_short(adr, &number, 1);
4517c478bd9Sstevel@tonic-gate
4527c478bd9Sstevel@tonic-gate for (i = 0; i < number; i++) {
4537c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&gid, 1);
4547c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
4557c478bd9Sstevel@tonic-gate if (m_groupr == gid)
4567c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
4577c478bd9Sstevel@tonic-gate }
4587c478bd9Sstevel@tonic-gate }
4597c478bd9Sstevel@tonic-gate
4607c478bd9Sstevel@tonic-gate return (-1);
4617c478bd9Sstevel@tonic-gate }
4627c478bd9Sstevel@tonic-gate
4637c478bd9Sstevel@tonic-gate /*
4647c478bd9Sstevel@tonic-gate * Format of argument32 token:
4657c478bd9Sstevel@tonic-gate * argument token id adr_char
4667c478bd9Sstevel@tonic-gate * argument number adr_char
4677c478bd9Sstevel@tonic-gate * argument value adr_int32
4687c478bd9Sstevel@tonic-gate * argument description adr_string
4697c478bd9Sstevel@tonic-gate */
4707c478bd9Sstevel@tonic-gate int
argument32_token(adr_t * adr)4717c478bd9Sstevel@tonic-gate argument32_token(adr_t *adr)
4727c478bd9Sstevel@tonic-gate {
4737c478bd9Sstevel@tonic-gate char arg_num;
4747c478bd9Sstevel@tonic-gate int32_t arg_val;
4757c478bd9Sstevel@tonic-gate
4767c478bd9Sstevel@tonic-gate adrm_char(adr, &arg_num, 1);
4777c478bd9Sstevel@tonic-gate adrm_int32(adr, &arg_val, 1);
4787c478bd9Sstevel@tonic-gate skip_string(adr);
4797c478bd9Sstevel@tonic-gate
4807c478bd9Sstevel@tonic-gate return (-1);
4817c478bd9Sstevel@tonic-gate }
4827c478bd9Sstevel@tonic-gate
4837c478bd9Sstevel@tonic-gate /*
4847c478bd9Sstevel@tonic-gate * Format of argument64 token:
4857c478bd9Sstevel@tonic-gate * argument token id adr_char
4867c478bd9Sstevel@tonic-gate * argument number adr_char
4877c478bd9Sstevel@tonic-gate * argument value adr_int64
4887c478bd9Sstevel@tonic-gate * argument description adr_string
4897c478bd9Sstevel@tonic-gate */
4907c478bd9Sstevel@tonic-gate int
argument64_token(adr_t * adr)4917c478bd9Sstevel@tonic-gate argument64_token(adr_t *adr)
4927c478bd9Sstevel@tonic-gate {
4937c478bd9Sstevel@tonic-gate char arg_num;
4947c478bd9Sstevel@tonic-gate int64_t arg_val;
4957c478bd9Sstevel@tonic-gate
4967c478bd9Sstevel@tonic-gate adrm_char(adr, &arg_num, 1);
4977c478bd9Sstevel@tonic-gate adrm_int64(adr, &arg_val, 1);
4987c478bd9Sstevel@tonic-gate skip_string(adr);
4997c478bd9Sstevel@tonic-gate
5007c478bd9Sstevel@tonic-gate return (-1);
5017c478bd9Sstevel@tonic-gate }
5027c478bd9Sstevel@tonic-gate
503a7746f66Stz /*
504a7746f66Stz * Format of acl token:
505a7746f66Stz * acl token id adr_char
506a7746f66Stz * acl type adr_u_int32
507a7746f66Stz * acl value adr_u_int32 (depends on type)
508a7746f66Stz * file mode adr_u_int (in octal)
509a7746f66Stz */
5107c478bd9Sstevel@tonic-gate int
acl_token(adr_t * adr)5117c478bd9Sstevel@tonic-gate acl_token(adr_t *adr)
5127c478bd9Sstevel@tonic-gate {
5137c478bd9Sstevel@tonic-gate
5147c478bd9Sstevel@tonic-gate int32_t id;
5157c478bd9Sstevel@tonic-gate int32_t mode;
5167c478bd9Sstevel@tonic-gate int32_t type;
5177c478bd9Sstevel@tonic-gate
5187c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1);
5197c478bd9Sstevel@tonic-gate adrm_int32(adr, &id, 1);
5207c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1);
5217c478bd9Sstevel@tonic-gate
5227c478bd9Sstevel@tonic-gate return (-1);
5237c478bd9Sstevel@tonic-gate }
5247c478bd9Sstevel@tonic-gate
525a7746f66Stz /*
526a7746f66Stz * Format of ace token:
527a7746f66Stz * ace token id adr_char
528a7746f66Stz * ace who adr_u_int32 (uid/gid)
529a7746f66Stz * access mask adr_u_int32
530a7746f66Stz * ace flags adr_u_int16
531a7746f66Stz * ace type adr_u_int16
532a7746f66Stz */
533a7746f66Stz int
ace_token(adr_t * adr)534a7746f66Stz ace_token(adr_t *adr)
535a7746f66Stz {
536a7746f66Stz uid_t who;
537a7746f66Stz uint32_t access_mask;
538a7746f66Stz uint16_t flags, type;
539a7746f66Stz
540a7746f66Stz adrm_uid(adr, &who, 1);
541a7746f66Stz adrm_u_int32(adr, &access_mask, 1);
542a7746f66Stz adrm_u_short(adr, &flags, 1);
543a7746f66Stz adrm_u_short(adr, &type, 1);
544a7746f66Stz
545a7746f66Stz return (-1);
546a7746f66Stz }
547a7746f66Stz
5487c478bd9Sstevel@tonic-gate /*
5497c478bd9Sstevel@tonic-gate * Format of attribute token: (old pre SunOS 5.7 format)
5507c478bd9Sstevel@tonic-gate * attribute token id adr_char
5517c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal)
5527c478bd9Sstevel@tonic-gate * uid adr_int32
5537c478bd9Sstevel@tonic-gate * gid adr_int32
5547c478bd9Sstevel@tonic-gate * file system id adr_int32
5557c478bd9Sstevel@tonic-gate * node id adr_int32
5567c478bd9Sstevel@tonic-gate * device adr_int32
5577c478bd9Sstevel@tonic-gate */
5587c478bd9Sstevel@tonic-gate int
attribute_token(adr_t * adr)5597c478bd9Sstevel@tonic-gate attribute_token(adr_t *adr)
5607c478bd9Sstevel@tonic-gate {
5617c478bd9Sstevel@tonic-gate int32_t dev;
5627c478bd9Sstevel@tonic-gate int32_t file_sysid;
5637c478bd9Sstevel@tonic-gate int32_t gid;
5647c478bd9Sstevel@tonic-gate int32_t mode;
5657c478bd9Sstevel@tonic-gate int32_t nodeid;
5667c478bd9Sstevel@tonic-gate int32_t uid;
5677c478bd9Sstevel@tonic-gate
5687c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1);
5697c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
5707c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1);
5717c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1);
5727c478bd9Sstevel@tonic-gate adrm_int32(adr, &nodeid, 1);
5737c478bd9Sstevel@tonic-gate adrm_int32(adr, &dev, 1);
5747c478bd9Sstevel@tonic-gate
5757c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
5767c478bd9Sstevel@tonic-gate if (m_usere == uid)
5777c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
5787c478bd9Sstevel@tonic-gate }
5797c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
5807c478bd9Sstevel@tonic-gate if (m_groupe == gid)
5817c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
5827c478bd9Sstevel@tonic-gate }
5837c478bd9Sstevel@tonic-gate
5847c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
5857c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) &&
5867c478bd9Sstevel@tonic-gate (obj_group == gid))
5877c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
5887c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) &&
5897c478bd9Sstevel@tonic-gate (obj_owner == uid))
5907c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
5917c478bd9Sstevel@tonic-gate }
5927c478bd9Sstevel@tonic-gate return (-1);
5937c478bd9Sstevel@tonic-gate }
5947c478bd9Sstevel@tonic-gate
5957c478bd9Sstevel@tonic-gate /*
5967c478bd9Sstevel@tonic-gate * Format of attribute32 token:
5977c478bd9Sstevel@tonic-gate * attribute token id adr_char
5987c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal)
5997c478bd9Sstevel@tonic-gate * uid adr_int32
6007c478bd9Sstevel@tonic-gate * gid adr_int32
6017c478bd9Sstevel@tonic-gate * file system id adr_int32
6027c478bd9Sstevel@tonic-gate * node id adr_int64
6037c478bd9Sstevel@tonic-gate * device adr_int32
6047c478bd9Sstevel@tonic-gate */
6057c478bd9Sstevel@tonic-gate int
attribute32_token(adr_t * adr)6067c478bd9Sstevel@tonic-gate attribute32_token(adr_t *adr)
6077c478bd9Sstevel@tonic-gate {
6087c478bd9Sstevel@tonic-gate int32_t dev;
6097c478bd9Sstevel@tonic-gate int32_t file_sysid;
6107c478bd9Sstevel@tonic-gate int32_t gid;
6117c478bd9Sstevel@tonic-gate int32_t mode;
6127c478bd9Sstevel@tonic-gate int64_t nodeid;
6137c478bd9Sstevel@tonic-gate int32_t uid;
6147c478bd9Sstevel@tonic-gate
6157c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1);
6167c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
6177c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1);
6187c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1);
6197c478bd9Sstevel@tonic-gate adrm_int64(adr, &nodeid, 1);
6207c478bd9Sstevel@tonic-gate adrm_int32(adr, &dev, 1);
6217c478bd9Sstevel@tonic-gate
6227c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
6237c478bd9Sstevel@tonic-gate if (m_usere == uid)
6247c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
6257c478bd9Sstevel@tonic-gate }
6267c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
6277c478bd9Sstevel@tonic-gate if (m_groupe == gid)
6287c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
6297c478bd9Sstevel@tonic-gate }
6307c478bd9Sstevel@tonic-gate
6317c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
6327c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) &&
6337c478bd9Sstevel@tonic-gate (obj_group == gid))
6347c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
6357c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) &&
6367c478bd9Sstevel@tonic-gate (obj_owner == uid))
6377c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
6387c478bd9Sstevel@tonic-gate }
6397c478bd9Sstevel@tonic-gate return (-1);
6407c478bd9Sstevel@tonic-gate }
6417c478bd9Sstevel@tonic-gate
6427c478bd9Sstevel@tonic-gate /*
6437c478bd9Sstevel@tonic-gate * Format of attribute64 token:
6447c478bd9Sstevel@tonic-gate * attribute token id adr_char
6457c478bd9Sstevel@tonic-gate * mode adr_int32 (printed in octal)
6467c478bd9Sstevel@tonic-gate * uid adr_int32
6477c478bd9Sstevel@tonic-gate * gid adr_int32
6487c478bd9Sstevel@tonic-gate * file system id adr_int32
6497c478bd9Sstevel@tonic-gate * node id adr_int64
6507c478bd9Sstevel@tonic-gate * device adr_int64
6517c478bd9Sstevel@tonic-gate */
6527c478bd9Sstevel@tonic-gate int
attribute64_token(adr_t * adr)6537c478bd9Sstevel@tonic-gate attribute64_token(adr_t *adr)
6547c478bd9Sstevel@tonic-gate {
6557c478bd9Sstevel@tonic-gate int64_t dev;
6567c478bd9Sstevel@tonic-gate int32_t file_sysid;
6577c478bd9Sstevel@tonic-gate int32_t gid;
6587c478bd9Sstevel@tonic-gate int32_t mode;
6597c478bd9Sstevel@tonic-gate int64_t nodeid;
6607c478bd9Sstevel@tonic-gate int32_t uid;
6617c478bd9Sstevel@tonic-gate
6627c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1);
6637c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
6647c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1);
6657c478bd9Sstevel@tonic-gate adrm_int32(adr, &file_sysid, 1);
6667c478bd9Sstevel@tonic-gate adrm_int64(adr, &nodeid, 1);
6677c478bd9Sstevel@tonic-gate adrm_int64(adr, &dev, 1);
6687c478bd9Sstevel@tonic-gate
6697c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
6707c478bd9Sstevel@tonic-gate if (m_usere == uid)
6717c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
6727c478bd9Sstevel@tonic-gate }
6737c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
6747c478bd9Sstevel@tonic-gate if (m_groupe == gid)
6757c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
6767c478bd9Sstevel@tonic-gate }
6777c478bd9Sstevel@tonic-gate
6787c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
6797c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_FGROUP) &&
6807c478bd9Sstevel@tonic-gate (obj_group == gid))
6817c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
6827c478bd9Sstevel@tonic-gate else if ((obj_flag & OBJ_FOWNER) &&
6837c478bd9Sstevel@tonic-gate (obj_owner == uid))
6847c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
6857c478bd9Sstevel@tonic-gate }
6867c478bd9Sstevel@tonic-gate return (-1);
6877c478bd9Sstevel@tonic-gate }
6887c478bd9Sstevel@tonic-gate
6897c478bd9Sstevel@tonic-gate
6907c478bd9Sstevel@tonic-gate /*
6917c478bd9Sstevel@tonic-gate * Format of command token:
6927c478bd9Sstevel@tonic-gate * attribute token id adr_char
6937c478bd9Sstevel@tonic-gate * argc adr_short
6947c478bd9Sstevel@tonic-gate * argv len adr_short variable amount of argv len
6957c478bd9Sstevel@tonic-gate * argv text argv len and text
6967c478bd9Sstevel@tonic-gate * .
6977c478bd9Sstevel@tonic-gate * .
6987c478bd9Sstevel@tonic-gate * .
6997c478bd9Sstevel@tonic-gate * envp count adr_short variable amount of envp len
7007c478bd9Sstevel@tonic-gate * envp len adr_short and text
7017c478bd9Sstevel@tonic-gate * envp text envp len
7027c478bd9Sstevel@tonic-gate * .
7037c478bd9Sstevel@tonic-gate * .
7047c478bd9Sstevel@tonic-gate * .
7057c478bd9Sstevel@tonic-gate */
7067c478bd9Sstevel@tonic-gate int
cmd_token(adr_t * adr)7077c478bd9Sstevel@tonic-gate cmd_token(adr_t *adr)
7087c478bd9Sstevel@tonic-gate {
7097c478bd9Sstevel@tonic-gate short cnt;
7107c478bd9Sstevel@tonic-gate short i;
7117c478bd9Sstevel@tonic-gate
7127c478bd9Sstevel@tonic-gate adrm_short(adr, &cnt, 1);
7137c478bd9Sstevel@tonic-gate
7147c478bd9Sstevel@tonic-gate for (i = 0; i < cnt; i++)
7157c478bd9Sstevel@tonic-gate skip_string(adr);
7167c478bd9Sstevel@tonic-gate
7177c478bd9Sstevel@tonic-gate adrm_short(adr, &cnt, 1);
7187c478bd9Sstevel@tonic-gate
7197c478bd9Sstevel@tonic-gate for (i = 0; i < cnt; i++)
7207c478bd9Sstevel@tonic-gate skip_string(adr);
7217c478bd9Sstevel@tonic-gate
7227c478bd9Sstevel@tonic-gate return (-1);
7237c478bd9Sstevel@tonic-gate }
7247c478bd9Sstevel@tonic-gate
7257c478bd9Sstevel@tonic-gate
7267c478bd9Sstevel@tonic-gate /*
7277c478bd9Sstevel@tonic-gate * Format of exit token:
7287c478bd9Sstevel@tonic-gate * attribute token id adr_char
7297c478bd9Sstevel@tonic-gate * return value adr_int32
7307c478bd9Sstevel@tonic-gate * errno adr_int32
7317c478bd9Sstevel@tonic-gate */
7327c478bd9Sstevel@tonic-gate int
exit_token(adr_t * adr)7337c478bd9Sstevel@tonic-gate exit_token(adr_t *adr)
7347c478bd9Sstevel@tonic-gate {
7357c478bd9Sstevel@tonic-gate int32_t retval;
7367c478bd9Sstevel@tonic-gate int32_t errno;
7377c478bd9Sstevel@tonic-gate
7387c478bd9Sstevel@tonic-gate adrm_int32(adr, &retval, 1);
7397c478bd9Sstevel@tonic-gate adrm_int32(adr, &errno, 1);
7407c478bd9Sstevel@tonic-gate return (-1);
7417c478bd9Sstevel@tonic-gate }
7427c478bd9Sstevel@tonic-gate
7437c478bd9Sstevel@tonic-gate /*
7447c478bd9Sstevel@tonic-gate * Format of strings array token:
7457c478bd9Sstevel@tonic-gate * token id adr_char
7467c478bd9Sstevel@tonic-gate * count value adr_int32
7477c478bd9Sstevel@tonic-gate * strings null terminated strings
7487c478bd9Sstevel@tonic-gate */
7497c478bd9Sstevel@tonic-gate static int
strings_common_token(adr_t * adr)7507c478bd9Sstevel@tonic-gate strings_common_token(adr_t *adr)
7517c478bd9Sstevel@tonic-gate {
7527c478bd9Sstevel@tonic-gate int count, i;
7537c478bd9Sstevel@tonic-gate char c;
7547c478bd9Sstevel@tonic-gate
7557c478bd9Sstevel@tonic-gate adrm_int32(adr, (int32_t *)&count, 1);
7567c478bd9Sstevel@tonic-gate for (i = 1; i <= count; i++) {
7577c478bd9Sstevel@tonic-gate adrm_char(adr, &c, 1);
7587c478bd9Sstevel@tonic-gate while (c != (char)0)
7597c478bd9Sstevel@tonic-gate adrm_char(adr, &c, 1);
7607c478bd9Sstevel@tonic-gate }
7617c478bd9Sstevel@tonic-gate /* no dump option here, since we will have variable length fields */
7627c478bd9Sstevel@tonic-gate return (-1);
7637c478bd9Sstevel@tonic-gate }
7647c478bd9Sstevel@tonic-gate
7657c478bd9Sstevel@tonic-gate int
path_attr_token(adr_t * adr)7667c478bd9Sstevel@tonic-gate path_attr_token(adr_t *adr)
7677c478bd9Sstevel@tonic-gate {
7687c478bd9Sstevel@tonic-gate return (strings_common_token(adr));
7697c478bd9Sstevel@tonic-gate }
7707c478bd9Sstevel@tonic-gate
7717c478bd9Sstevel@tonic-gate int
exec_args_token(adr_t * adr)7727c478bd9Sstevel@tonic-gate exec_args_token(adr_t *adr)
7737c478bd9Sstevel@tonic-gate {
7747c478bd9Sstevel@tonic-gate return (strings_common_token(adr));
7757c478bd9Sstevel@tonic-gate }
7767c478bd9Sstevel@tonic-gate
7777c478bd9Sstevel@tonic-gate int
exec_env_token(adr_t * adr)7787c478bd9Sstevel@tonic-gate exec_env_token(adr_t *adr)
7797c478bd9Sstevel@tonic-gate {
7807c478bd9Sstevel@tonic-gate return (strings_common_token(adr));
7817c478bd9Sstevel@tonic-gate }
7827c478bd9Sstevel@tonic-gate
7837c478bd9Sstevel@tonic-gate /*
7847c478bd9Sstevel@tonic-gate * Format of liaison token:
7857c478bd9Sstevel@tonic-gate */
7867c478bd9Sstevel@tonic-gate int
liaison_token(adr_t * adr)7877c478bd9Sstevel@tonic-gate liaison_token(adr_t *adr)
7887c478bd9Sstevel@tonic-gate {
7897c478bd9Sstevel@tonic-gate int32_t li;
7907c478bd9Sstevel@tonic-gate
7917c478bd9Sstevel@tonic-gate adrm_int32(adr, &li, 1);
7927c478bd9Sstevel@tonic-gate return (-1);
7937c478bd9Sstevel@tonic-gate }
7947c478bd9Sstevel@tonic-gate
7957c478bd9Sstevel@tonic-gate
7967c478bd9Sstevel@tonic-gate /*
7977c478bd9Sstevel@tonic-gate * Format of path token:
7987c478bd9Sstevel@tonic-gate * path adr_string
7997c478bd9Sstevel@tonic-gate */
8007c478bd9Sstevel@tonic-gate int
path_token(adr_t * adr)8017c478bd9Sstevel@tonic-gate path_token(adr_t *adr)
8027c478bd9Sstevel@tonic-gate {
8037c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) {
8047c478bd9Sstevel@tonic-gate char *path;
8057c478bd9Sstevel@tonic-gate
8067c478bd9Sstevel@tonic-gate get_string(adr, &path);
8077c478bd9Sstevel@tonic-gate if (path[0] != '/')
8087c478bd9Sstevel@tonic-gate /*
8097c478bd9Sstevel@tonic-gate * anchor the path. user apps may not do it.
8107c478bd9Sstevel@tonic-gate */
8117c478bd9Sstevel@tonic-gate anchor_path(path);
8127c478bd9Sstevel@tonic-gate /*
8137c478bd9Sstevel@tonic-gate * match against the collapsed path. that is what user sees.
8147c478bd9Sstevel@tonic-gate */
8157c478bd9Sstevel@tonic-gate if (re_exec2(collapse_path(path)) == 1)
8167c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
8177c478bd9Sstevel@tonic-gate free(path);
8187c478bd9Sstevel@tonic-gate } else {
8197c478bd9Sstevel@tonic-gate skip_string(adr);
8207c478bd9Sstevel@tonic-gate }
8217c478bd9Sstevel@tonic-gate return (-1);
8227c478bd9Sstevel@tonic-gate }
8237c478bd9Sstevel@tonic-gate
8247c478bd9Sstevel@tonic-gate
8257c478bd9Sstevel@tonic-gate /*
8267c478bd9Sstevel@tonic-gate * Format of System V IPC permission token:
8277c478bd9Sstevel@tonic-gate * System V IPC permission token id adr_char
8287c478bd9Sstevel@tonic-gate * uid adr_int32
8297c478bd9Sstevel@tonic-gate * gid adr_int32
8307c478bd9Sstevel@tonic-gate * cuid adr_int32
8317c478bd9Sstevel@tonic-gate * cgid adr_int32
8327c478bd9Sstevel@tonic-gate * mode adr_int32
8337c478bd9Sstevel@tonic-gate * seq adr_int32
8347c478bd9Sstevel@tonic-gate * key adr_int32
8357c478bd9Sstevel@tonic-gate */
8367c478bd9Sstevel@tonic-gate int
s5_IPC_perm_token(adr_t * adr)8377c478bd9Sstevel@tonic-gate s5_IPC_perm_token(adr_t *adr)
8387c478bd9Sstevel@tonic-gate {
8397c478bd9Sstevel@tonic-gate int32_t uid, gid, cuid, cgid, mode, seq;
8407c478bd9Sstevel@tonic-gate int32_t key;
8417c478bd9Sstevel@tonic-gate
8427c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
8437c478bd9Sstevel@tonic-gate adrm_int32(adr, &gid, 1);
8447c478bd9Sstevel@tonic-gate adrm_int32(adr, &cuid, 1);
8457c478bd9Sstevel@tonic-gate adrm_int32(adr, &cgid, 1);
8467c478bd9Sstevel@tonic-gate adrm_int32(adr, &mode, 1);
8477c478bd9Sstevel@tonic-gate adrm_int32(adr, &seq, 1);
8487c478bd9Sstevel@tonic-gate adrm_int32(adr, &key, 1);
8497c478bd9Sstevel@tonic-gate
8507c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
8517c478bd9Sstevel@tonic-gate if (m_usere == uid)
8527c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
8537c478bd9Sstevel@tonic-gate }
8547c478bd9Sstevel@tonic-gate
8557c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
8567c478bd9Sstevel@tonic-gate if (m_usere == cuid)
8577c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
8587c478bd9Sstevel@tonic-gate }
8597c478bd9Sstevel@tonic-gate
8607c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
8617c478bd9Sstevel@tonic-gate if (m_groupr == gid)
8627c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
8637c478bd9Sstevel@tonic-gate }
8647c478bd9Sstevel@tonic-gate
8657c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
8667c478bd9Sstevel@tonic-gate if (m_groupr == cgid)
8677c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
8687c478bd9Sstevel@tonic-gate }
8697c478bd9Sstevel@tonic-gate
8707c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) &&
8717c478bd9Sstevel@tonic-gate ((obj_owner == uid) ||
8727c478bd9Sstevel@tonic-gate (obj_owner == cuid) ||
8737c478bd9Sstevel@tonic-gate (obj_group == gid) ||
8747c478bd9Sstevel@tonic-gate (obj_group == cgid))) {
8757c478bd9Sstevel@tonic-gate
8767c478bd9Sstevel@tonic-gate switch (obj_flag) {
8777c478bd9Sstevel@tonic-gate case OBJ_MSGGROUP:
8787c478bd9Sstevel@tonic-gate case OBJ_MSGOWNER:
8797c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_MSG, ipc_type))
8807c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
8817c478bd9Sstevel@tonic-gate break;
8827c478bd9Sstevel@tonic-gate case OBJ_SEMGROUP:
8837c478bd9Sstevel@tonic-gate case OBJ_SEMOWNER:
8847c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_SEM, ipc_type))
8857c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
8867c478bd9Sstevel@tonic-gate break;
8877c478bd9Sstevel@tonic-gate case OBJ_SHMGROUP:
8887c478bd9Sstevel@tonic-gate case OBJ_SHMOWNER:
8897c478bd9Sstevel@tonic-gate if (ipc_type_match(OBJ_SHM, ipc_type))
8907c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
8917c478bd9Sstevel@tonic-gate break;
8927c478bd9Sstevel@tonic-gate }
8937c478bd9Sstevel@tonic-gate }
8947c478bd9Sstevel@tonic-gate return (-1);
8957c478bd9Sstevel@tonic-gate }
8967c478bd9Sstevel@tonic-gate
8977c478bd9Sstevel@tonic-gate
8987c478bd9Sstevel@tonic-gate /*
8997c478bd9Sstevel@tonic-gate * Format of process32 token:
9007c478bd9Sstevel@tonic-gate * process token id adr_char
9017c478bd9Sstevel@tonic-gate * auid adr_int32
9027c478bd9Sstevel@tonic-gate * euid adr_int32
9037c478bd9Sstevel@tonic-gate * egid adr_int32
9047c478bd9Sstevel@tonic-gate * ruid adr_int32
9057c478bd9Sstevel@tonic-gate * rgid adr_int32
9067c478bd9Sstevel@tonic-gate * pid adr_int32
9077c478bd9Sstevel@tonic-gate * sid adr_int32
9087c478bd9Sstevel@tonic-gate * termid adr_int32*2
9097c478bd9Sstevel@tonic-gate */
9107c478bd9Sstevel@tonic-gate int
process32_token(adr_t * adr)9117c478bd9Sstevel@tonic-gate process32_token(adr_t *adr)
9127c478bd9Sstevel@tonic-gate {
9137c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
9147c478bd9Sstevel@tonic-gate int32_t sid;
9157c478bd9Sstevel@tonic-gate int32_t port, machine;
9167c478bd9Sstevel@tonic-gate
9177c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
9187c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
9197c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
9207c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
9217c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
9227c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
9237c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
9247c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1);
9257c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1);
9267c478bd9Sstevel@tonic-gate
9277c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) {
9287c478bd9Sstevel@tonic-gate if (m_usera == auid)
9297c478bd9Sstevel@tonic-gate checkflags |= M_USERA;
9307c478bd9Sstevel@tonic-gate }
9317c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
9327c478bd9Sstevel@tonic-gate if (m_usere == euid)
9337c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
9347c478bd9Sstevel@tonic-gate }
9357c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) {
9367c478bd9Sstevel@tonic-gate if (m_userr == ruid)
9377c478bd9Sstevel@tonic-gate checkflags |= M_USERR;
9387c478bd9Sstevel@tonic-gate }
9397c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
9407c478bd9Sstevel@tonic-gate if (m_groupr == rgid)
9417c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
9427c478bd9Sstevel@tonic-gate }
9437c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
9447c478bd9Sstevel@tonic-gate if (m_groupe == egid)
9457c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
9467c478bd9Sstevel@tonic-gate }
9477c478bd9Sstevel@tonic-gate
9487c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
9497c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) &&
9507c478bd9Sstevel@tonic-gate (obj_id == pid)) {
9517c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
9527c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) &&
9537c478bd9Sstevel@tonic-gate ((obj_group == egid) ||
9547c478bd9Sstevel@tonic-gate (obj_group == rgid))) {
9557c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
9567c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) &&
9577c478bd9Sstevel@tonic-gate ((obj_owner == euid) ||
9587c478bd9Sstevel@tonic-gate (obj_group == ruid))) {
9597c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
9607c478bd9Sstevel@tonic-gate }
9617c478bd9Sstevel@tonic-gate }
9627c478bd9Sstevel@tonic-gate return (-1);
9637c478bd9Sstevel@tonic-gate }
9647c478bd9Sstevel@tonic-gate
9657c478bd9Sstevel@tonic-gate /*
9668249a45fSJan Friedel * Format of process32_ex token:
9677c478bd9Sstevel@tonic-gate * process token id adr_char
9687c478bd9Sstevel@tonic-gate * auid adr_int32
9697c478bd9Sstevel@tonic-gate * euid adr_int32
9707c478bd9Sstevel@tonic-gate * egid adr_int32
9717c478bd9Sstevel@tonic-gate * ruid adr_int32
9727c478bd9Sstevel@tonic-gate * rgid adr_int32
9737c478bd9Sstevel@tonic-gate * pid adr_int32
9747c478bd9Sstevel@tonic-gate * sid adr_int32
9758249a45fSJan Friedel * termid
9768249a45fSJan Friedel * port adr_int32
9778249a45fSJan Friedel * type adr_int32
9788249a45fSJan Friedel * ip address adr_u_char*type
9797c478bd9Sstevel@tonic-gate */
9807c478bd9Sstevel@tonic-gate int
process32_ex_token(adr_t * adr)9817c478bd9Sstevel@tonic-gate process32_ex_token(adr_t *adr)
9827c478bd9Sstevel@tonic-gate {
9837c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
9847c478bd9Sstevel@tonic-gate int32_t sid;
9858249a45fSJan Friedel int32_t port, type;
9868249a45fSJan Friedel uchar_t addr[16];
9877c478bd9Sstevel@tonic-gate
9887c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
9897c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
9907c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
9917c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
9927c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
9937c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
9947c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
9957c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1);
9967c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1);
9978249a45fSJan Friedel adrm_u_char(adr, addr, type);
9987c478bd9Sstevel@tonic-gate
9997c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) {
10007c478bd9Sstevel@tonic-gate if (m_usera == auid)
10017c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA;
10027c478bd9Sstevel@tonic-gate }
10037c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
10047c478bd9Sstevel@tonic-gate if (m_usere == euid)
10057c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
10067c478bd9Sstevel@tonic-gate }
10077c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) {
10087c478bd9Sstevel@tonic-gate if (m_userr == ruid)
10097c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR;
10107c478bd9Sstevel@tonic-gate }
10117c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
10127c478bd9Sstevel@tonic-gate if (m_groupr == egid)
10137c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR;
10147c478bd9Sstevel@tonic-gate }
10157c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
10167c478bd9Sstevel@tonic-gate if (m_groupe == egid)
10177c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE;
10187c478bd9Sstevel@tonic-gate }
10197c478bd9Sstevel@tonic-gate
10207c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
10217c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) &&
10227c478bd9Sstevel@tonic-gate (obj_id == pid)) {
10237c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
10247c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) &&
10257c478bd9Sstevel@tonic-gate ((obj_group == egid) ||
10267c478bd9Sstevel@tonic-gate (obj_group == rgid))) {
10277c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
10287c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) &&
10297c478bd9Sstevel@tonic-gate ((obj_owner == euid) ||
10307c478bd9Sstevel@tonic-gate (obj_group == ruid))) {
10317c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
10327c478bd9Sstevel@tonic-gate }
10337c478bd9Sstevel@tonic-gate }
10347c478bd9Sstevel@tonic-gate return (-1);
10357c478bd9Sstevel@tonic-gate }
10367c478bd9Sstevel@tonic-gate
10377c478bd9Sstevel@tonic-gate /*
10387c478bd9Sstevel@tonic-gate * Format of process64 token:
10397c478bd9Sstevel@tonic-gate * process token id adr_char
10407c478bd9Sstevel@tonic-gate * auid adr_int32
10417c478bd9Sstevel@tonic-gate * euid adr_int32
10427c478bd9Sstevel@tonic-gate * egid adr_int32
10437c478bd9Sstevel@tonic-gate * ruid adr_int32
10447c478bd9Sstevel@tonic-gate * rgid adr_int32
10457c478bd9Sstevel@tonic-gate * pid adr_int32
10467c478bd9Sstevel@tonic-gate * sid adr_int32
10477c478bd9Sstevel@tonic-gate * termid adr_int64+adr_int32
10487c478bd9Sstevel@tonic-gate */
10497c478bd9Sstevel@tonic-gate int
process64_token(adr_t * adr)10507c478bd9Sstevel@tonic-gate process64_token(adr_t *adr)
10517c478bd9Sstevel@tonic-gate {
10527c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
10537c478bd9Sstevel@tonic-gate int32_t sid;
10547c478bd9Sstevel@tonic-gate int64_t port;
10557c478bd9Sstevel@tonic-gate int32_t machine;
10567c478bd9Sstevel@tonic-gate
10577c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
10587c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
10597c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
10607c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
10617c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
10627c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
10637c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
10647c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1);
10657c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1);
10667c478bd9Sstevel@tonic-gate
10677c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) {
10687c478bd9Sstevel@tonic-gate if (m_usera == auid)
10697c478bd9Sstevel@tonic-gate checkflags |= M_USERA;
10707c478bd9Sstevel@tonic-gate }
10717c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
10727c478bd9Sstevel@tonic-gate if (m_usere == euid)
10737c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
10747c478bd9Sstevel@tonic-gate }
10757c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) {
10767c478bd9Sstevel@tonic-gate if (m_userr == ruid)
10777c478bd9Sstevel@tonic-gate checkflags |= M_USERR;
10787c478bd9Sstevel@tonic-gate }
10797c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
10807c478bd9Sstevel@tonic-gate if (m_groupr == rgid)
10817c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
10827c478bd9Sstevel@tonic-gate }
10837c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
10847c478bd9Sstevel@tonic-gate if (m_groupe == egid)
10857c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
10867c478bd9Sstevel@tonic-gate }
10877c478bd9Sstevel@tonic-gate
10887c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
10897c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) &&
10907c478bd9Sstevel@tonic-gate (obj_id == pid)) {
10917c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
10927c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) &&
10937c478bd9Sstevel@tonic-gate ((obj_group == egid) ||
10947c478bd9Sstevel@tonic-gate (obj_group == rgid))) {
10957c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
10967c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) &&
10977c478bd9Sstevel@tonic-gate ((obj_owner == euid) ||
10987c478bd9Sstevel@tonic-gate (obj_group == ruid))) {
10997c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
11007c478bd9Sstevel@tonic-gate }
11017c478bd9Sstevel@tonic-gate }
11027c478bd9Sstevel@tonic-gate return (-1);
11037c478bd9Sstevel@tonic-gate }
11047c478bd9Sstevel@tonic-gate
11057c478bd9Sstevel@tonic-gate /*
11068249a45fSJan Friedel * Format of process64_ex token:
11077c478bd9Sstevel@tonic-gate * process token id adr_char
11087c478bd9Sstevel@tonic-gate * auid adr_int32
11097c478bd9Sstevel@tonic-gate * euid adr_int32
11107c478bd9Sstevel@tonic-gate * egid adr_int32
11117c478bd9Sstevel@tonic-gate * ruid adr_int32
11127c478bd9Sstevel@tonic-gate * rgid adr_int32
11137c478bd9Sstevel@tonic-gate * pid adr_int32
11147c478bd9Sstevel@tonic-gate * sid adr_int32
11158249a45fSJan Friedel * termid
11168249a45fSJan Friedel * port adr_int64
11178249a45fSJan Friedel * type adr_int32
11188249a45fSJan Friedel * ip address adr_u_char*type
11197c478bd9Sstevel@tonic-gate */
11207c478bd9Sstevel@tonic-gate int
process64_ex_token(adr_t * adr)11217c478bd9Sstevel@tonic-gate process64_ex_token(adr_t *adr)
11227c478bd9Sstevel@tonic-gate {
11237c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
11247c478bd9Sstevel@tonic-gate int32_t sid;
11257c478bd9Sstevel@tonic-gate int64_t port;
11268249a45fSJan Friedel int32_t type;
11278249a45fSJan Friedel uchar_t addr[16];
11287c478bd9Sstevel@tonic-gate
11297c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
11307c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
11317c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
11327c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
11337c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
11347c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
11357c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
11367c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1);
11377c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1);
11388249a45fSJan Friedel adrm_u_char(adr, addr, type);
11397c478bd9Sstevel@tonic-gate
11407c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERA)) {
11417c478bd9Sstevel@tonic-gate if (m_usera == auid)
11427c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA;
11437c478bd9Sstevel@tonic-gate }
11447c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERE)) {
11457c478bd9Sstevel@tonic-gate if (m_usere == euid)
11467c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
11477c478bd9Sstevel@tonic-gate }
11487c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_USERR)) {
11497c478bd9Sstevel@tonic-gate if (m_userr == ruid)
11507c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR;
11517c478bd9Sstevel@tonic-gate }
11527c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPR)) {
11537c478bd9Sstevel@tonic-gate if (m_groupr == egid)
11547c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR;
11557c478bd9Sstevel@tonic-gate }
11567c478bd9Sstevel@tonic-gate if (!new_mode && (flags & M_GROUPE)) {
11577c478bd9Sstevel@tonic-gate if (m_groupe == egid)
11587c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE;
11597c478bd9Sstevel@tonic-gate }
11607c478bd9Sstevel@tonic-gate
11617c478bd9Sstevel@tonic-gate if (flags & M_OBJECT) {
11627c478bd9Sstevel@tonic-gate if ((obj_flag & OBJ_PROC) &&
11637c478bd9Sstevel@tonic-gate (obj_id == pid)) {
11647c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
11657c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_PGROUP) &&
11667c478bd9Sstevel@tonic-gate ((obj_group == egid) ||
11677c478bd9Sstevel@tonic-gate (obj_group == rgid))) {
11687c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
11697c478bd9Sstevel@tonic-gate } else if ((obj_flag & OBJ_POWNER) &&
11707c478bd9Sstevel@tonic-gate ((obj_owner == euid) ||
11717c478bd9Sstevel@tonic-gate (obj_group == ruid))) {
11727c478bd9Sstevel@tonic-gate checkflags = checkflags | M_OBJECT;
11737c478bd9Sstevel@tonic-gate }
11747c478bd9Sstevel@tonic-gate }
11757c478bd9Sstevel@tonic-gate return (-1);
11767c478bd9Sstevel@tonic-gate }
11777c478bd9Sstevel@tonic-gate
11787c478bd9Sstevel@tonic-gate /*
11797c478bd9Sstevel@tonic-gate * Format of System V IPC token:
11807c478bd9Sstevel@tonic-gate * System V IPC token id adr_char
11817c478bd9Sstevel@tonic-gate * object id adr_int32
11827c478bd9Sstevel@tonic-gate */
11837c478bd9Sstevel@tonic-gate int
s5_IPC_token(adr_t * adr)11847c478bd9Sstevel@tonic-gate s5_IPC_token(adr_t *adr)
11857c478bd9Sstevel@tonic-gate {
11867c478bd9Sstevel@tonic-gate int32_t ipc_id;
11877c478bd9Sstevel@tonic-gate
11887c478bd9Sstevel@tonic-gate adrm_char(adr, &ipc_type, 1); /* Global */
11897c478bd9Sstevel@tonic-gate adrm_int32(adr, &ipc_id, 1);
11907c478bd9Sstevel@tonic-gate
11917c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) &&
11927c478bd9Sstevel@tonic-gate ipc_type_match(obj_flag, ipc_type) &&
11937c478bd9Sstevel@tonic-gate (obj_id == ipc_id))
11947c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
11957c478bd9Sstevel@tonic-gate
11967c478bd9Sstevel@tonic-gate return (-1);
11977c478bd9Sstevel@tonic-gate }
11987c478bd9Sstevel@tonic-gate
11997c478bd9Sstevel@tonic-gate
12007c478bd9Sstevel@tonic-gate /*
12017c478bd9Sstevel@tonic-gate * Format of socket token:
12027c478bd9Sstevel@tonic-gate * socket_type adrm_short
12037c478bd9Sstevel@tonic-gate * remote_port adrm_short
12047c478bd9Sstevel@tonic-gate * remote_inaddr adrm_int32
12057c478bd9Sstevel@tonic-gate */
12067c478bd9Sstevel@tonic-gate int
socket_token(adr_t * adr)12077c478bd9Sstevel@tonic-gate socket_token(adr_t *adr)
12087c478bd9Sstevel@tonic-gate {
12097c478bd9Sstevel@tonic-gate short socket_type;
12107c478bd9Sstevel@tonic-gate short remote_port;
12117c478bd9Sstevel@tonic-gate int32_t remote_inaddr;
12127c478bd9Sstevel@tonic-gate
12137c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_type, 1);
12147c478bd9Sstevel@tonic-gate adrm_short(adr, &remote_port, 1);
12157c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&remote_inaddr, 4);
12167c478bd9Sstevel@tonic-gate
12177c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) {
12187c478bd9Sstevel@tonic-gate if (socket_flag == SOCKFLG_MACHINE) {
12197c478bd9Sstevel@tonic-gate if (remote_inaddr == obj_id)
12207c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
12217c478bd9Sstevel@tonic-gate } else if (socket_flag == SOCKFLG_PORT) {
12227c478bd9Sstevel@tonic-gate if (remote_port == obj_id)
12237c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
12247c478bd9Sstevel@tonic-gate }
12257c478bd9Sstevel@tonic-gate }
12267c478bd9Sstevel@tonic-gate return (-1);
12277c478bd9Sstevel@tonic-gate }
12287c478bd9Sstevel@tonic-gate
12297c478bd9Sstevel@tonic-gate
12307c478bd9Sstevel@tonic-gate /*
12318249a45fSJan Friedel * Format of socket_ex token:
12328249a45fSJan Friedel * socket_domain adrm_short
12337c478bd9Sstevel@tonic-gate * socket_type adrm_short
12348249a45fSJan Friedel * address_type adrm_short
12358249a45fSJan Friedel * local_port adrm_short
12368249a45fSJan Friedel * local_inaddr adrm_u_char*address_type
12377c478bd9Sstevel@tonic-gate * remote_port adrm_short
12388249a45fSJan Friedel * remote_inaddr adrm_u_char*address_type
12397c478bd9Sstevel@tonic-gate */
12407c478bd9Sstevel@tonic-gate int
socket_ex_token(adr_t * adr)12417c478bd9Sstevel@tonic-gate socket_ex_token(adr_t *adr)
12427c478bd9Sstevel@tonic-gate {
12437c478bd9Sstevel@tonic-gate short socket_domain;
12447c478bd9Sstevel@tonic-gate short socket_type;
12457c478bd9Sstevel@tonic-gate short ip_size;
12467c478bd9Sstevel@tonic-gate short local_port;
12478249a45fSJan Friedel uchar_t local_inaddr[16];
12487c478bd9Sstevel@tonic-gate short remote_port;
12498249a45fSJan Friedel uchar_t remote_inaddr[16];
12508249a45fSJan Friedel uchar_t *caddr = (uchar_t *)&obj_id;
12517c478bd9Sstevel@tonic-gate
12527c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_domain, 1);
12537c478bd9Sstevel@tonic-gate adrm_short(adr, &socket_type, 1);
12547c478bd9Sstevel@tonic-gate adrm_short(adr, &ip_size, 1);
12557c478bd9Sstevel@tonic-gate
12567c478bd9Sstevel@tonic-gate /* validate ip size */
12577c478bd9Sstevel@tonic-gate if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4))
12587c478bd9Sstevel@tonic-gate return (0);
12597c478bd9Sstevel@tonic-gate
12607c478bd9Sstevel@tonic-gate adrm_short(adr, &local_port, 1);
12617c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)local_inaddr, ip_size);
12627c478bd9Sstevel@tonic-gate
12637c478bd9Sstevel@tonic-gate adrm_short(adr, &remote_port, 1);
12647c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)remote_inaddr, ip_size);
12657c478bd9Sstevel@tonic-gate
12667c478bd9Sstevel@tonic-gate /* if IP type mis-match, then nothing to do */
12677c478bd9Sstevel@tonic-gate if (ip_size != ip_type)
12687c478bd9Sstevel@tonic-gate return (-1);
12697c478bd9Sstevel@tonic-gate
12707c478bd9Sstevel@tonic-gate if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) {
12717c478bd9Sstevel@tonic-gate if (socket_flag == SOCKFLG_MACHINE) {
12728249a45fSJan Friedel if (ip_type == AU_IPv6) {
12738249a45fSJan Friedel caddr = (uchar_t *)ip_ipv6;
12748249a45fSJan Friedel }
12758249a45fSJan Friedel if ((memcmp(local_inaddr, caddr, ip_type) == 0) ||
12768249a45fSJan Friedel (memcmp(remote_inaddr, caddr, ip_type) == 0)) {
12778249a45fSJan Friedel checkflags |= M_OBJECT;
12787c478bd9Sstevel@tonic-gate }
12797c478bd9Sstevel@tonic-gate } else if (socket_flag == SOCKFLG_PORT) {
12808249a45fSJan Friedel if ((local_port == obj_id) || (remote_port == obj_id)) {
12817c478bd9Sstevel@tonic-gate checkflags |= M_OBJECT;
12828249a45fSJan Friedel }
12837c478bd9Sstevel@tonic-gate }
12847c478bd9Sstevel@tonic-gate }
12857c478bd9Sstevel@tonic-gate return (-1);
12867c478bd9Sstevel@tonic-gate }
12877c478bd9Sstevel@tonic-gate
12887c478bd9Sstevel@tonic-gate
12897c478bd9Sstevel@tonic-gate /*
12907c478bd9Sstevel@tonic-gate * Format of subject32 token:
12917c478bd9Sstevel@tonic-gate * subject token id adr_char
12927c478bd9Sstevel@tonic-gate * auid adr_int32
12937c478bd9Sstevel@tonic-gate * euid adr_int32
12947c478bd9Sstevel@tonic-gate * egid adr_int32
12957c478bd9Sstevel@tonic-gate * ruid adr_int32
12967c478bd9Sstevel@tonic-gate * rgid adr_int32
12977c478bd9Sstevel@tonic-gate * pid adr_int32
12987c478bd9Sstevel@tonic-gate * sid adr_int32
12997c478bd9Sstevel@tonic-gate * termid adr_int32*2
13007c478bd9Sstevel@tonic-gate */
13017c478bd9Sstevel@tonic-gate int
subject32_token(adr_t * adr)13027c478bd9Sstevel@tonic-gate subject32_token(adr_t *adr)
13037c478bd9Sstevel@tonic-gate {
13047c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
13057c478bd9Sstevel@tonic-gate int32_t sid;
13067c478bd9Sstevel@tonic-gate int32_t port, machine;
13077c478bd9Sstevel@tonic-gate
13087c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
13097c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
13107c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
13117c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
13127c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
13137c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
13147c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
13157c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1);
13167c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1);
13177c478bd9Sstevel@tonic-gate
13187c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) {
13197c478bd9Sstevel@tonic-gate if (subj_id == pid)
13207c478bd9Sstevel@tonic-gate checkflags |= M_SUBJECT;
13217c478bd9Sstevel@tonic-gate }
13227c478bd9Sstevel@tonic-gate if (flags & M_USERA) {
13237c478bd9Sstevel@tonic-gate if (m_usera == auid)
13247c478bd9Sstevel@tonic-gate checkflags |= M_USERA;
13257c478bd9Sstevel@tonic-gate }
13267c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
13277c478bd9Sstevel@tonic-gate if (m_usere == euid)
13287c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
13297c478bd9Sstevel@tonic-gate }
13307c478bd9Sstevel@tonic-gate if (flags & M_USERR) {
13317c478bd9Sstevel@tonic-gate if (m_userr == ruid)
13327c478bd9Sstevel@tonic-gate checkflags |= M_USERR;
13337c478bd9Sstevel@tonic-gate }
13347c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
13357c478bd9Sstevel@tonic-gate if (m_groupr == rgid)
13367c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
13377c478bd9Sstevel@tonic-gate }
13387c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) {
13397c478bd9Sstevel@tonic-gate if (m_groupe == egid)
13407c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
13417c478bd9Sstevel@tonic-gate }
1342924c9144Sgww if (flags & M_SID) {
1343d0fa49b7STony Nguyen if (m_sid == (au_asid_t)sid)
1344924c9144Sgww checkflags |= M_SID;
1345924c9144Sgww }
13467c478bd9Sstevel@tonic-gate return (-1);
13477c478bd9Sstevel@tonic-gate }
13487c478bd9Sstevel@tonic-gate
13497c478bd9Sstevel@tonic-gate /*
13507c478bd9Sstevel@tonic-gate * Format of subject32_ex token:
13517c478bd9Sstevel@tonic-gate * subject token id adr_char
13527c478bd9Sstevel@tonic-gate * auid adr_int32
13537c478bd9Sstevel@tonic-gate * euid adr_int32
13547c478bd9Sstevel@tonic-gate * egid adr_int32
13557c478bd9Sstevel@tonic-gate * ruid adr_int32
13567c478bd9Sstevel@tonic-gate * rgid adr_int32
13577c478bd9Sstevel@tonic-gate * pid adr_int32
13587c478bd9Sstevel@tonic-gate * sid adr_int32
13598249a45fSJan Friedel * termid
13608249a45fSJan Friedel * port adr_int32
13618249a45fSJan Friedel * type adr_int32
13628249a45fSJan Friedel * ip address adr_u_char*type
13637c478bd9Sstevel@tonic-gate */
13647c478bd9Sstevel@tonic-gate int
subject32_ex_token(adr_t * adr)13657c478bd9Sstevel@tonic-gate subject32_ex_token(adr_t *adr)
13667c478bd9Sstevel@tonic-gate {
13677c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
13687c478bd9Sstevel@tonic-gate int32_t sid;
13698249a45fSJan Friedel int32_t port, type;
13708249a45fSJan Friedel uchar_t addr[16];
13717c478bd9Sstevel@tonic-gate
13727c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
13737c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
13747c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
13757c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
13767c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
13777c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
13787c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
13797c478bd9Sstevel@tonic-gate adrm_int32(adr, &port, 1);
13807c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1);
13818249a45fSJan Friedel adrm_u_char(adr, addr, type);
13827c478bd9Sstevel@tonic-gate
13837c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) {
13847c478bd9Sstevel@tonic-gate if (subj_id == pid)
13857c478bd9Sstevel@tonic-gate checkflags = checkflags | M_SUBJECT;
13867c478bd9Sstevel@tonic-gate }
13877c478bd9Sstevel@tonic-gate if (flags & M_USERA) {
13887c478bd9Sstevel@tonic-gate if (m_usera == auid)
13897c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA;
13907c478bd9Sstevel@tonic-gate }
13917c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
13927c478bd9Sstevel@tonic-gate if (m_usere == euid)
13937c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
13947c478bd9Sstevel@tonic-gate }
13957c478bd9Sstevel@tonic-gate if (flags & M_USERR) {
13967c478bd9Sstevel@tonic-gate if (m_userr == ruid)
13977c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR;
13987c478bd9Sstevel@tonic-gate }
13997c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
14007c478bd9Sstevel@tonic-gate if (m_groupr == egid)
14017c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR;
14027c478bd9Sstevel@tonic-gate }
14037c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) {
14047c478bd9Sstevel@tonic-gate if (m_groupe == egid)
14057c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE;
14067c478bd9Sstevel@tonic-gate }
1407924c9144Sgww if (flags & M_SID) {
1408d0fa49b7STony Nguyen if (m_sid == (au_asid_t)sid)
1409924c9144Sgww checkflags = checkflags | M_SID;
1410924c9144Sgww }
14117c478bd9Sstevel@tonic-gate return (-1);
14127c478bd9Sstevel@tonic-gate }
14137c478bd9Sstevel@tonic-gate
14147c478bd9Sstevel@tonic-gate /*
14157c478bd9Sstevel@tonic-gate * Format of subject64 token:
14167c478bd9Sstevel@tonic-gate * subject token id adr_char
14177c478bd9Sstevel@tonic-gate * auid adr_int32
14187c478bd9Sstevel@tonic-gate * euid adr_int32
14197c478bd9Sstevel@tonic-gate * egid adr_int32
14207c478bd9Sstevel@tonic-gate * ruid adr_int32
14217c478bd9Sstevel@tonic-gate * rgid adr_int32
14227c478bd9Sstevel@tonic-gate * pid adr_int32
14237c478bd9Sstevel@tonic-gate * sid adr_int32
14247c478bd9Sstevel@tonic-gate * termid adr_int64+adr_int32
14257c478bd9Sstevel@tonic-gate */
14267c478bd9Sstevel@tonic-gate int
subject64_token(adr_t * adr)14277c478bd9Sstevel@tonic-gate subject64_token(adr_t *adr)
14287c478bd9Sstevel@tonic-gate {
14297c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
14307c478bd9Sstevel@tonic-gate int32_t sid;
14317c478bd9Sstevel@tonic-gate int64_t port;
14327c478bd9Sstevel@tonic-gate int32_t machine;
14337c478bd9Sstevel@tonic-gate
14347c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
14357c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
14367c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
14377c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
14387c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
14397c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
14407c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
14417c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1);
14427c478bd9Sstevel@tonic-gate adrm_int32(adr, &machine, 1);
14437c478bd9Sstevel@tonic-gate
14447c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) {
14457c478bd9Sstevel@tonic-gate if (subj_id == pid)
14467c478bd9Sstevel@tonic-gate checkflags |= M_SUBJECT;
14477c478bd9Sstevel@tonic-gate }
14487c478bd9Sstevel@tonic-gate if (flags & M_USERA) {
14497c478bd9Sstevel@tonic-gate if (m_usera == auid)
14507c478bd9Sstevel@tonic-gate checkflags |= M_USERA;
14517c478bd9Sstevel@tonic-gate }
14527c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
14537c478bd9Sstevel@tonic-gate if (m_usere == euid)
14547c478bd9Sstevel@tonic-gate checkflags |= M_USERE;
14557c478bd9Sstevel@tonic-gate }
14567c478bd9Sstevel@tonic-gate if (flags & M_USERR) {
14577c478bd9Sstevel@tonic-gate if (m_userr == ruid)
14587c478bd9Sstevel@tonic-gate checkflags |= M_USERR;
14597c478bd9Sstevel@tonic-gate }
14607c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
14617c478bd9Sstevel@tonic-gate if (m_groupr == rgid)
14627c478bd9Sstevel@tonic-gate checkflags |= M_GROUPR;
14637c478bd9Sstevel@tonic-gate }
14647c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) {
14657c478bd9Sstevel@tonic-gate if (m_groupe == egid)
14667c478bd9Sstevel@tonic-gate checkflags |= M_GROUPE;
14677c478bd9Sstevel@tonic-gate }
1468924c9144Sgww if (flags & M_SID) {
1469d0fa49b7STony Nguyen if (m_sid == (au_asid_t)sid)
1470924c9144Sgww checkflags |= M_SID;
1471924c9144Sgww }
14727c478bd9Sstevel@tonic-gate return (-1);
14737c478bd9Sstevel@tonic-gate }
14747c478bd9Sstevel@tonic-gate
14757c478bd9Sstevel@tonic-gate /*
14768249a45fSJan Friedel * Format of subject64_ex token:
14777c478bd9Sstevel@tonic-gate * subject token id adr_char
14787c478bd9Sstevel@tonic-gate * auid adr_int32
14797c478bd9Sstevel@tonic-gate * euid adr_int32
14807c478bd9Sstevel@tonic-gate * egid adr_int32
14817c478bd9Sstevel@tonic-gate * ruid adr_int32
14827c478bd9Sstevel@tonic-gate * rgid adr_int32
14837c478bd9Sstevel@tonic-gate * pid adr_int32
14847c478bd9Sstevel@tonic-gate * sid adr_int32
14858249a45fSJan Friedel * termid
14868249a45fSJan Friedel * port adr_int64
14878249a45fSJan Friedel * type adr_int32
14888249a45fSJan Friedel * ip address adr_u_char*type
14897c478bd9Sstevel@tonic-gate */
14907c478bd9Sstevel@tonic-gate int
subject64_ex_token(adr_t * adr)14917c478bd9Sstevel@tonic-gate subject64_ex_token(adr_t *adr)
14927c478bd9Sstevel@tonic-gate {
14937c478bd9Sstevel@tonic-gate int32_t auid, euid, egid, ruid, rgid, pid;
14947c478bd9Sstevel@tonic-gate int32_t sid;
14957c478bd9Sstevel@tonic-gate int64_t port;
14968249a45fSJan Friedel int32_t type;
14978249a45fSJan Friedel uchar_t addr[16];
14987c478bd9Sstevel@tonic-gate
14997c478bd9Sstevel@tonic-gate adrm_int32(adr, &auid, 1);
15007c478bd9Sstevel@tonic-gate adrm_int32(adr, &euid, 1);
15017c478bd9Sstevel@tonic-gate adrm_int32(adr, &egid, 1);
15027c478bd9Sstevel@tonic-gate adrm_int32(adr, &ruid, 1);
15037c478bd9Sstevel@tonic-gate adrm_int32(adr, &rgid, 1);
15047c478bd9Sstevel@tonic-gate adrm_int32(adr, &pid, 1);
15057c478bd9Sstevel@tonic-gate adrm_int32(adr, &sid, 1);
15067c478bd9Sstevel@tonic-gate adrm_int64(adr, &port, 1);
15077c478bd9Sstevel@tonic-gate adrm_int32(adr, &type, 1);
15088249a45fSJan Friedel adrm_u_char(adr, addr, type);
15097c478bd9Sstevel@tonic-gate
15107c478bd9Sstevel@tonic-gate if (flags & M_SUBJECT) {
15117c478bd9Sstevel@tonic-gate if (subj_id == pid)
15127c478bd9Sstevel@tonic-gate checkflags = checkflags | M_SUBJECT;
15137c478bd9Sstevel@tonic-gate }
15147c478bd9Sstevel@tonic-gate if (flags & M_USERA) {
15157c478bd9Sstevel@tonic-gate if (m_usera == auid)
15167c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERA;
15177c478bd9Sstevel@tonic-gate }
15187c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
15197c478bd9Sstevel@tonic-gate if (m_usere == euid)
15207c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
15217c478bd9Sstevel@tonic-gate }
15227c478bd9Sstevel@tonic-gate if (flags & M_USERR) {
15237c478bd9Sstevel@tonic-gate if (m_userr == ruid)
15247c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERR;
15257c478bd9Sstevel@tonic-gate }
15267c478bd9Sstevel@tonic-gate if (flags & M_GROUPR) {
15277c478bd9Sstevel@tonic-gate if (m_groupr == egid)
15287c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPR;
15297c478bd9Sstevel@tonic-gate }
15307c478bd9Sstevel@tonic-gate if (flags & M_GROUPE) {
15317c478bd9Sstevel@tonic-gate if (m_groupe == egid)
15327c478bd9Sstevel@tonic-gate checkflags = checkflags | M_GROUPE;
15337c478bd9Sstevel@tonic-gate }
1534924c9144Sgww if (flags & M_SID) {
1535d0fa49b7STony Nguyen if (m_sid == (au_asid_t)sid)
1536924c9144Sgww checkflags = checkflags | M_SID;
1537924c9144Sgww }
15387c478bd9Sstevel@tonic-gate return (-1);
15397c478bd9Sstevel@tonic-gate }
15407c478bd9Sstevel@tonic-gate
15417c478bd9Sstevel@tonic-gate /*
15427c478bd9Sstevel@tonic-gate * -----------------------------------------------------------------------
15437c478bd9Sstevel@tonic-gate * tid_token(): Process tid token and display contents
15447c478bd9Sstevel@tonic-gate *
15457c478bd9Sstevel@tonic-gate * Format of tid token:
15467c478bd9Sstevel@tonic-gate * tid token id adr_char
15477c478bd9Sstevel@tonic-gate * address type adr_char
15487c478bd9Sstevel@tonic-gate * For address type of AU_IPADR...
15497c478bd9Sstevel@tonic-gate * remote port adr_short
15507c478bd9Sstevel@tonic-gate * local port adr_short
15517c478bd9Sstevel@tonic-gate * IP type adr_int32
15527c478bd9Sstevel@tonic-gate * IP addr adr_int32 if IPv4
15537c478bd9Sstevel@tonic-gate * IP addr 4 x adr_int32 if IPv6
15547c478bd9Sstevel@tonic-gate * address types other than AU_IPADR are not yet defined
15557c478bd9Sstevel@tonic-gate * -----------------------------------------------------------------------
15567c478bd9Sstevel@tonic-gate */
15577c478bd9Sstevel@tonic-gate int
tid_token(adr_t * adr)15587c478bd9Sstevel@tonic-gate tid_token(adr_t *adr)
15597c478bd9Sstevel@tonic-gate {
15607c478bd9Sstevel@tonic-gate int32_t address[4];
15617c478bd9Sstevel@tonic-gate int32_t ip_type;
15627c478bd9Sstevel@tonic-gate char tid_type;
15637c478bd9Sstevel@tonic-gate short rport;
15647c478bd9Sstevel@tonic-gate short lport;
15657c478bd9Sstevel@tonic-gate
15667c478bd9Sstevel@tonic-gate adrm_char(adr, &tid_type, 1);
15677c478bd9Sstevel@tonic-gate switch (tid_type) {
15687c478bd9Sstevel@tonic-gate case AU_IPADR:
15697c478bd9Sstevel@tonic-gate adrm_short(adr, &rport, 1);
15707c478bd9Sstevel@tonic-gate adrm_short(adr, &lport, 1);
15717c478bd9Sstevel@tonic-gate adrm_int32(adr, &ip_type, 1);
15727c478bd9Sstevel@tonic-gate adrm_char(adr, (char *)&address, ip_type);
15737c478bd9Sstevel@tonic-gate break;
15747c478bd9Sstevel@tonic-gate default:
15757c478bd9Sstevel@tonic-gate return (0);
15767c478bd9Sstevel@tonic-gate }
15777c478bd9Sstevel@tonic-gate return (-1);
15787c478bd9Sstevel@tonic-gate }
15797c478bd9Sstevel@tonic-gate
15807c478bd9Sstevel@tonic-gate /*
15817c478bd9Sstevel@tonic-gate * -----------------------------------------------------------------------
15827c478bd9Sstevel@tonic-gate * zonename_token(): Process zonename token and display contents
15837c478bd9Sstevel@tonic-gate *
15847c478bd9Sstevel@tonic-gate * Format of zonename token:
15857c478bd9Sstevel@tonic-gate * zonename token id adr_char
15867c478bd9Sstevel@tonic-gate * zone name adr_string
15877c478bd9Sstevel@tonic-gate * -----------------------------------------------------------------------
15887c478bd9Sstevel@tonic-gate */
15897c478bd9Sstevel@tonic-gate int
zonename_token(adr_t * adr)15907c478bd9Sstevel@tonic-gate zonename_token(adr_t *adr)
15917c478bd9Sstevel@tonic-gate {
15927c478bd9Sstevel@tonic-gate char *name;
15937c478bd9Sstevel@tonic-gate
15947c478bd9Sstevel@tonic-gate if (flags & M_ZONENAME) {
15957c478bd9Sstevel@tonic-gate get_string(adr, &name);
15967c478bd9Sstevel@tonic-gate if (strncmp(zonename, name, ZONENAME_MAX) == 0)
15977c478bd9Sstevel@tonic-gate checkflags |= M_ZONENAME;
15987c478bd9Sstevel@tonic-gate free(name);
15997c478bd9Sstevel@tonic-gate } else {
16007c478bd9Sstevel@tonic-gate skip_string(adr);
16017c478bd9Sstevel@tonic-gate }
16027c478bd9Sstevel@tonic-gate return (-1);
16037c478bd9Sstevel@tonic-gate }
16047c478bd9Sstevel@tonic-gate
1605103b2b15Sgww /*
1606103b2b15Sgww * fmri_token():
1607103b2b15Sgww *
1608103b2b15Sgww * Format of fmri token:
1609103b2b15Sgww * fmri adr_string
1610103b2b15Sgww */
1611103b2b15Sgww int
fmri_token(adr_t * adr)1612103b2b15Sgww fmri_token(adr_t *adr)
1613103b2b15Sgww {
1614103b2b15Sgww if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) {
1615103b2b15Sgww char *fmri_name;
1616103b2b15Sgww
1617103b2b15Sgww get_string(adr, &fmri_name);
1618103b2b15Sgww
1619103b2b15Sgww /* match token against service instance */
1620103b2b15Sgww if (scf_cmp_pattern(fmri_name, &fmri) == 1) {
1621103b2b15Sgww checkflags |= M_OBJECT;
1622103b2b15Sgww }
1623103b2b15Sgww free(fmri_name);
1624103b2b15Sgww } else {
1625103b2b15Sgww skip_string(adr);
1626103b2b15Sgww }
1627103b2b15Sgww return (-1);
1628103b2b15Sgww }
1629103b2b15Sgww
16307c478bd9Sstevel@tonic-gate /*
16317c478bd9Sstevel@tonic-gate * Format of xatom token:
16327c478bd9Sstevel@tonic-gate */
16337c478bd9Sstevel@tonic-gate int
xatom_token(adr_t * adr)16347c478bd9Sstevel@tonic-gate xatom_token(adr_t *adr)
16357c478bd9Sstevel@tonic-gate {
16367c478bd9Sstevel@tonic-gate skip_string(adr);
16377c478bd9Sstevel@tonic-gate
16387c478bd9Sstevel@tonic-gate return (-1);
16397c478bd9Sstevel@tonic-gate }
16407c478bd9Sstevel@tonic-gate
16417c478bd9Sstevel@tonic-gate /*
16427c478bd9Sstevel@tonic-gate * Format of xselect token:
16437c478bd9Sstevel@tonic-gate */
16447c478bd9Sstevel@tonic-gate int
xselect_token(adr_t * adr)16457c478bd9Sstevel@tonic-gate xselect_token(adr_t *adr)
16467c478bd9Sstevel@tonic-gate {
16477c478bd9Sstevel@tonic-gate skip_string(adr);
16487c478bd9Sstevel@tonic-gate skip_string(adr);
16497c478bd9Sstevel@tonic-gate skip_string(adr);
16507c478bd9Sstevel@tonic-gate
16517c478bd9Sstevel@tonic-gate return (-1);
16527c478bd9Sstevel@tonic-gate }
16537c478bd9Sstevel@tonic-gate
16547c478bd9Sstevel@tonic-gate /*
16557c478bd9Sstevel@tonic-gate * anchor a path name with a slash
16567c478bd9Sstevel@tonic-gate * assume we have enough space
16577c478bd9Sstevel@tonic-gate */
16587c478bd9Sstevel@tonic-gate void
anchor_path(char * path)16597c478bd9Sstevel@tonic-gate anchor_path(char *path)
16607c478bd9Sstevel@tonic-gate {
16617c478bd9Sstevel@tonic-gate (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1);
16627c478bd9Sstevel@tonic-gate *path = '/';
16637c478bd9Sstevel@tonic-gate }
16647c478bd9Sstevel@tonic-gate
16657c478bd9Sstevel@tonic-gate
16667c478bd9Sstevel@tonic-gate /*
16677c478bd9Sstevel@tonic-gate * copy path to collapsed path.
16687c478bd9Sstevel@tonic-gate * collapsed path does not contain:
16697c478bd9Sstevel@tonic-gate * successive slashes
16707c478bd9Sstevel@tonic-gate * instances of dot-slash
16717c478bd9Sstevel@tonic-gate * instances of dot-dot-slash
16727c478bd9Sstevel@tonic-gate * passed path must be anchored with a '/'
16737c478bd9Sstevel@tonic-gate */
16747c478bd9Sstevel@tonic-gate char *
collapse_path(char * s)16757c478bd9Sstevel@tonic-gate collapse_path(char *s)
16767c478bd9Sstevel@tonic-gate {
16777c478bd9Sstevel@tonic-gate int id; /* index of where we are in destination string */
16787c478bd9Sstevel@tonic-gate int is; /* index of where we are in source string */
16797c478bd9Sstevel@tonic-gate int slashseen; /* have we seen a slash */
16807c478bd9Sstevel@tonic-gate int ls; /* length of source string */
16817c478bd9Sstevel@tonic-gate
16827c478bd9Sstevel@tonic-gate ls = strlen(s) + 1;
16837c478bd9Sstevel@tonic-gate
16847c478bd9Sstevel@tonic-gate slashseen = 0;
16857c478bd9Sstevel@tonic-gate for (is = 0, id = 0; is < ls; is++) {
16867c478bd9Sstevel@tonic-gate /* thats all folks, we've reached the end of input */
16877c478bd9Sstevel@tonic-gate if (s[is] == '\0') {
16887c478bd9Sstevel@tonic-gate if (id > 1 && s[id-1] == '/') {
16897c478bd9Sstevel@tonic-gate --id;
16907c478bd9Sstevel@tonic-gate }
16917c478bd9Sstevel@tonic-gate s[id++] = '\0';
16927c478bd9Sstevel@tonic-gate break;
16937c478bd9Sstevel@tonic-gate }
16947c478bd9Sstevel@tonic-gate /* previous character was a / */
16957c478bd9Sstevel@tonic-gate if (slashseen) {
16967c478bd9Sstevel@tonic-gate if (s[is] == '/')
16977c478bd9Sstevel@tonic-gate continue; /* another slash, ignore it */
16987c478bd9Sstevel@tonic-gate } else if (s[is] == '/') {
16997c478bd9Sstevel@tonic-gate /* we see a /, just copy it and try again */
17007c478bd9Sstevel@tonic-gate slashseen = 1;
17017c478bd9Sstevel@tonic-gate s[id++] = '/';
17027c478bd9Sstevel@tonic-gate continue;
17037c478bd9Sstevel@tonic-gate }
17047c478bd9Sstevel@tonic-gate /* /./ seen */
17057c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '/') {
17067c478bd9Sstevel@tonic-gate is += 1;
17077c478bd9Sstevel@tonic-gate continue;
17087c478bd9Sstevel@tonic-gate }
17097c478bd9Sstevel@tonic-gate /* XXX/. seen */
17107c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '\0') {
17117c478bd9Sstevel@tonic-gate if (id > 1)
17127c478bd9Sstevel@tonic-gate id--;
17137c478bd9Sstevel@tonic-gate continue;
17147c478bd9Sstevel@tonic-gate }
17157c478bd9Sstevel@tonic-gate /* XXX/.. seen */
17167c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') {
17177c478bd9Sstevel@tonic-gate is += 1;
17187c478bd9Sstevel@tonic-gate if (id > 0)
17197c478bd9Sstevel@tonic-gate id--;
1720a7746f66Stz while (id > 0 && s[--id] != '/')
1721a7746f66Stz ;
17227c478bd9Sstevel@tonic-gate id++;
17237c478bd9Sstevel@tonic-gate continue;
17247c478bd9Sstevel@tonic-gate }
17257c478bd9Sstevel@tonic-gate /* XXX/../ seen */
17267c478bd9Sstevel@tonic-gate if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') {
17277c478bd9Sstevel@tonic-gate is += 2;
17287c478bd9Sstevel@tonic-gate if (id > 0)
17297c478bd9Sstevel@tonic-gate id--;
1730a7746f66Stz while (id > 0 && s[--id] != '/')
1731a7746f66Stz ;
17327c478bd9Sstevel@tonic-gate id++;
17337c478bd9Sstevel@tonic-gate continue;
17347c478bd9Sstevel@tonic-gate }
1735a7746f66Stz while (is < ls && (s[id++] = s[is++]) != '/')
1736a7746f66Stz ;
17377c478bd9Sstevel@tonic-gate is--;
17387c478bd9Sstevel@tonic-gate }
17397c478bd9Sstevel@tonic-gate return (s);
17407c478bd9Sstevel@tonic-gate }
17417c478bd9Sstevel@tonic-gate
17427c478bd9Sstevel@tonic-gate
17437c478bd9Sstevel@tonic-gate int
ipc_type_match(int flag,char type)17447c478bd9Sstevel@tonic-gate ipc_type_match(int flag, char type)
17457c478bd9Sstevel@tonic-gate {
17467c478bd9Sstevel@tonic-gate if (flag == OBJ_SEM && type == AT_IPC_SEM)
17477c478bd9Sstevel@tonic-gate return (1);
17487c478bd9Sstevel@tonic-gate
17497c478bd9Sstevel@tonic-gate if (flag == OBJ_MSG && type == AT_IPC_MSG)
17507c478bd9Sstevel@tonic-gate return (1);
17517c478bd9Sstevel@tonic-gate
17527c478bd9Sstevel@tonic-gate if (flag == OBJ_SHM && type == AT_IPC_SHM)
17537c478bd9Sstevel@tonic-gate return (1);
17547c478bd9Sstevel@tonic-gate
17557c478bd9Sstevel@tonic-gate return (0);
17567c478bd9Sstevel@tonic-gate }
17577c478bd9Sstevel@tonic-gate
17587c478bd9Sstevel@tonic-gate
17597c478bd9Sstevel@tonic-gate void
skip_string(adr_t * adr)17607c478bd9Sstevel@tonic-gate skip_string(adr_t *adr)
17617c478bd9Sstevel@tonic-gate {
17627c478bd9Sstevel@tonic-gate ushort_t c;
17637c478bd9Sstevel@tonic-gate
17647c478bd9Sstevel@tonic-gate adrm_u_short(adr, &c, 1);
17657c478bd9Sstevel@tonic-gate adr->adr_now += c;
17667c478bd9Sstevel@tonic-gate }
17677c478bd9Sstevel@tonic-gate
17687c478bd9Sstevel@tonic-gate
17697c478bd9Sstevel@tonic-gate void
get_string(adr_t * adr,char ** p)17707c478bd9Sstevel@tonic-gate get_string(adr_t *adr, char **p)
17717c478bd9Sstevel@tonic-gate {
17727c478bd9Sstevel@tonic-gate ushort_t c;
17737c478bd9Sstevel@tonic-gate
17747c478bd9Sstevel@tonic-gate adrm_u_short(adr, &c, 1);
17757c478bd9Sstevel@tonic-gate *p = a_calloc(1, (size_t)c);
17767c478bd9Sstevel@tonic-gate adrm_char(adr, *p, c);
17777c478bd9Sstevel@tonic-gate }
17787c478bd9Sstevel@tonic-gate
17797c478bd9Sstevel@tonic-gate
17807c478bd9Sstevel@tonic-gate /*
17817c478bd9Sstevel@tonic-gate * Format of host token:
17827c478bd9Sstevel@tonic-gate * host ard_uint32
17837c478bd9Sstevel@tonic-gate */
17847c478bd9Sstevel@tonic-gate int
host_token(adr_t * adr)17857c478bd9Sstevel@tonic-gate host_token(adr_t *adr)
17867c478bd9Sstevel@tonic-gate {
17877c478bd9Sstevel@tonic-gate uint32_t host;
17887c478bd9Sstevel@tonic-gate
17897c478bd9Sstevel@tonic-gate adrm_u_int32(adr, &host, 1);
17907c478bd9Sstevel@tonic-gate
17917c478bd9Sstevel@tonic-gate return (-1);
17927c478bd9Sstevel@tonic-gate }
17937c478bd9Sstevel@tonic-gate
17947c478bd9Sstevel@tonic-gate /*
17957c478bd9Sstevel@tonic-gate * Format of useofauth token:
17967c478bd9Sstevel@tonic-gate * uauth token id adr_char
17977c478bd9Sstevel@tonic-gate * uauth adr_string
17987c478bd9Sstevel@tonic-gate */
17997c478bd9Sstevel@tonic-gate int
useofauth_token(adr_t * adr)18007c478bd9Sstevel@tonic-gate useofauth_token(adr_t *adr)
18017c478bd9Sstevel@tonic-gate {
18027c478bd9Sstevel@tonic-gate skip_string(adr);
18037c478bd9Sstevel@tonic-gate return (-1);
18047c478bd9Sstevel@tonic-gate }
18057c478bd9Sstevel@tonic-gate
1806047f6e6fSgww /*
1807047f6e6fSgww * Format of user token:
1808047f6e6fSgww * user token id adr_char
1809047f6e6fSgww * uid adr_uid
1810047f6e6fSgww * username adr_string
1811047f6e6fSgww */
1812047f6e6fSgww int
user_token(adr_t * adr)1813047f6e6fSgww user_token(adr_t *adr)
1814047f6e6fSgww {
1815047f6e6fSgww uid_t uid;
1816047f6e6fSgww
1817047f6e6fSgww adrm_uid(adr, &uid, 1);
1818047f6e6fSgww skip_string(adr);
1819047f6e6fSgww
1820047f6e6fSgww if ((flags & M_OBJECT) && (obj_flag == OBJ_USER) &&
1821047f6e6fSgww (uid == obj_user)) {
1822047f6e6fSgww checkflags |= M_OBJECT;
1823047f6e6fSgww }
1824047f6e6fSgww
1825047f6e6fSgww return (-1);
1826047f6e6fSgww }
1827047f6e6fSgww
18287c478bd9Sstevel@tonic-gate int
xcolormap_token(adr_t * adr)18297c478bd9Sstevel@tonic-gate xcolormap_token(adr_t *adr)
18307c478bd9Sstevel@tonic-gate {
18317c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18327c478bd9Sstevel@tonic-gate }
18337c478bd9Sstevel@tonic-gate
18347c478bd9Sstevel@tonic-gate int
xcursor_token(adr_t * adr)18357c478bd9Sstevel@tonic-gate xcursor_token(adr_t *adr)
18367c478bd9Sstevel@tonic-gate {
18377c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18387c478bd9Sstevel@tonic-gate }
18397c478bd9Sstevel@tonic-gate
18407c478bd9Sstevel@tonic-gate int
xfont_token(adr_t * adr)18417c478bd9Sstevel@tonic-gate xfont_token(adr_t *adr)
18427c478bd9Sstevel@tonic-gate {
18437c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18447c478bd9Sstevel@tonic-gate }
18457c478bd9Sstevel@tonic-gate
18467c478bd9Sstevel@tonic-gate int
xgc_token(adr_t * adr)18477c478bd9Sstevel@tonic-gate xgc_token(adr_t *adr)
18487c478bd9Sstevel@tonic-gate {
18497c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18507c478bd9Sstevel@tonic-gate }
18517c478bd9Sstevel@tonic-gate
18527c478bd9Sstevel@tonic-gate int
xpixmap_token(adr_t * adr)18537c478bd9Sstevel@tonic-gate xpixmap_token(adr_t *adr)
18547c478bd9Sstevel@tonic-gate {
18557c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18567c478bd9Sstevel@tonic-gate }
18577c478bd9Sstevel@tonic-gate
18587c478bd9Sstevel@tonic-gate int
xwindow_token(adr_t * adr)18597c478bd9Sstevel@tonic-gate xwindow_token(adr_t *adr)
18607c478bd9Sstevel@tonic-gate {
18617c478bd9Sstevel@tonic-gate return (xgeneric(adr));
18627c478bd9Sstevel@tonic-gate }
18637c478bd9Sstevel@tonic-gate
18647c478bd9Sstevel@tonic-gate
18657c478bd9Sstevel@tonic-gate /*
18667c478bd9Sstevel@tonic-gate * Format of xgeneric token:
18677c478bd9Sstevel@tonic-gate * XID adr_int32
18687c478bd9Sstevel@tonic-gate * creator UID adr_int32
18697c478bd9Sstevel@tonic-gate *
18707c478bd9Sstevel@tonic-gate * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow
18717c478bd9Sstevel@tonic-gate */
18727c478bd9Sstevel@tonic-gate int
xgeneric(adr_t * adr)18737c478bd9Sstevel@tonic-gate xgeneric(adr_t *adr)
18747c478bd9Sstevel@tonic-gate {
18757c478bd9Sstevel@tonic-gate int32_t xid;
18767c478bd9Sstevel@tonic-gate int32_t uid;
18777c478bd9Sstevel@tonic-gate
18787c478bd9Sstevel@tonic-gate adrm_int32(adr, &xid, 1);
18797c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
18807c478bd9Sstevel@tonic-gate
18817c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
18827c478bd9Sstevel@tonic-gate if (m_usere == uid)
18837c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
18847c478bd9Sstevel@tonic-gate }
18857c478bd9Sstevel@tonic-gate
18867c478bd9Sstevel@tonic-gate return (-1);
18877c478bd9Sstevel@tonic-gate }
18887c478bd9Sstevel@tonic-gate
18897c478bd9Sstevel@tonic-gate
18907c478bd9Sstevel@tonic-gate /*
18917c478bd9Sstevel@tonic-gate * Format of xproperty token:
18927c478bd9Sstevel@tonic-gate * XID adr_int32
18937c478bd9Sstevel@tonic-gate * creator UID adr_int32
18947c478bd9Sstevel@tonic-gate * atom string adr_string
18957c478bd9Sstevel@tonic-gate */
18967c478bd9Sstevel@tonic-gate int
xproperty_token(adr_t * adr)18977c478bd9Sstevel@tonic-gate xproperty_token(adr_t *adr)
18987c478bd9Sstevel@tonic-gate {
18997c478bd9Sstevel@tonic-gate int32_t xid;
19007c478bd9Sstevel@tonic-gate int32_t uid;
19017c478bd9Sstevel@tonic-gate
19027c478bd9Sstevel@tonic-gate adrm_int32(adr, &xid, 1);
19037c478bd9Sstevel@tonic-gate adrm_int32(adr, &uid, 1);
19047c478bd9Sstevel@tonic-gate skip_string(adr);
19057c478bd9Sstevel@tonic-gate
19067c478bd9Sstevel@tonic-gate if (flags & M_USERE) {
19077c478bd9Sstevel@tonic-gate if (m_usere == uid)
19087c478bd9Sstevel@tonic-gate checkflags = checkflags | M_USERE;
19097c478bd9Sstevel@tonic-gate }
19107c478bd9Sstevel@tonic-gate
19117c478bd9Sstevel@tonic-gate return (-1);
19127c478bd9Sstevel@tonic-gate }
19137c478bd9Sstevel@tonic-gate
19147c478bd9Sstevel@tonic-gate
19157c478bd9Sstevel@tonic-gate /*
19167c478bd9Sstevel@tonic-gate * Format of xclient token:
19177c478bd9Sstevel@tonic-gate * xclient id adr_int32
19187c478bd9Sstevel@tonic-gate */
19197c478bd9Sstevel@tonic-gate int
xclient_token(adr_t * adr)19207c478bd9Sstevel@tonic-gate xclient_token(adr_t *adr)
19217c478bd9Sstevel@tonic-gate {
19227c478bd9Sstevel@tonic-gate int32_t client_id;
19237c478bd9Sstevel@tonic-gate
19247c478bd9Sstevel@tonic-gate adrm_int32(adr, &client_id, 1);
19257c478bd9Sstevel@tonic-gate
19267c478bd9Sstevel@tonic-gate return (-1);
19277c478bd9Sstevel@tonic-gate }
19287c478bd9Sstevel@tonic-gate
19297c478bd9Sstevel@tonic-gate /*
19307c478bd9Sstevel@tonic-gate * Format of privilege set token:
19317c478bd9Sstevel@tonic-gate * priv_set type string
19327c478bd9Sstevel@tonic-gate * priv_set string
19337c478bd9Sstevel@tonic-gate */
19347c478bd9Sstevel@tonic-gate
19357c478bd9Sstevel@tonic-gate int
privilege_token(adr_t * adr)19367c478bd9Sstevel@tonic-gate privilege_token(adr_t *adr)
19377c478bd9Sstevel@tonic-gate {
19387c478bd9Sstevel@tonic-gate skip_string(adr); /* set type name */
19397c478bd9Sstevel@tonic-gate skip_string(adr); /* privilege set */
19407c478bd9Sstevel@tonic-gate return (-1);
19417c478bd9Sstevel@tonic-gate }
19427c478bd9Sstevel@tonic-gate
1943*d2a70789SRichard Lowe /*
1944*d2a70789SRichard Lowe * Format of security flags token:
1945*d2a70789SRichard Lowe * security flag set string
1946*d2a70789SRichard Lowe * security flags string
1947*d2a70789SRichard Lowe */
1948*d2a70789SRichard Lowe
1949*d2a70789SRichard Lowe int
secflags_token(adr_t * adr)1950*d2a70789SRichard Lowe secflags_token(adr_t *adr)
1951*d2a70789SRichard Lowe {
1952*d2a70789SRichard Lowe skip_string(adr); /* set name */
1953*d2a70789SRichard Lowe skip_string(adr); /* security flags */
1954*d2a70789SRichard Lowe return (-1);
1955*d2a70789SRichard Lowe }
1956*d2a70789SRichard Lowe
19577c478bd9Sstevel@tonic-gate /*
1958a13cf099Sgww * Format of label token:
1959a13cf099Sgww * label ID 1 byte
1960a13cf099Sgww * compartment length 1 byte
1961a13cf099Sgww * classification 2 bytes
1962a13cf099Sgww * compartment words <compartment length> * 4 bytes
19637c478bd9Sstevel@tonic-gate */
19647c478bd9Sstevel@tonic-gate int
label_token(adr_t * adr)1965a13cf099Sgww label_token(adr_t *adr)
19667c478bd9Sstevel@tonic-gate {
1967a13cf099Sgww static m_label_t *label = NULL;
196842096647STony Nguyen static size32_t l_size;
1969a13cf099Sgww int len;
19707c478bd9Sstevel@tonic-gate
1971a13cf099Sgww if (label == NULL) {
1972a13cf099Sgww label = m_label_alloc(MAC_LABEL);
1973a13cf099Sgww l_size = blabel_size() - 4;
1974a13cf099Sgww }
1975a13cf099Sgww
1976a13cf099Sgww if (label == NULL) {
1977a13cf099Sgww /* out of memory, should never happen; skip label */
1978a13cf099Sgww char l; /* length */
1979a13cf099Sgww
1980a13cf099Sgww adr->adr_now += sizeof (char);
1981a13cf099Sgww adrm_char(adr, (char *)&l, 1);
1982a13cf099Sgww adr->adr_now += sizeof (short) + (4 * l);
1983a13cf099Sgww return (-1);
1984a13cf099Sgww }
1985a13cf099Sgww
1986a13cf099Sgww adrm_char(adr, (char *)label, 4);
1987a13cf099Sgww len = (int)(((char *)label)[1] * 4);
1988a13cf099Sgww if (len > l_size) {
1989a13cf099Sgww return (-1);
1990a13cf099Sgww }
1991a13cf099Sgww adrm_char(adr, &((char *)label)[4], len);
19927c478bd9Sstevel@tonic-gate
199345916cd2Sjpk if (flags & M_LABEL) {
1994a13cf099Sgww if (blinrange(label, m_label))
199545916cd2Sjpk checkflags = checkflags | M_LABEL;
19967c478bd9Sstevel@tonic-gate }
19977c478bd9Sstevel@tonic-gate
19987c478bd9Sstevel@tonic-gate return (-1);
19997c478bd9Sstevel@tonic-gate }
20007c478bd9Sstevel@tonic-gate
20017c478bd9Sstevel@tonic-gate
20027c478bd9Sstevel@tonic-gate /*
20037c478bd9Sstevel@tonic-gate * Format of useofpriv token:
20047c478bd9Sstevel@tonic-gate * success/failure adr_char
20057c478bd9Sstevel@tonic-gate * privilege(s) adr_string
20067c478bd9Sstevel@tonic-gate */
20077c478bd9Sstevel@tonic-gate /* ARGSUSED */
20087c478bd9Sstevel@tonic-gate int
useofpriv_token(adr_t * adr)20097c478bd9Sstevel@tonic-gate useofpriv_token(adr_t *adr)
20107c478bd9Sstevel@tonic-gate {
20117c478bd9Sstevel@tonic-gate char flag;
20127c478bd9Sstevel@tonic-gate
20137c478bd9Sstevel@tonic-gate adrm_char(adr, &flag, 1);
20147c478bd9Sstevel@tonic-gate skip_string(adr);
20157c478bd9Sstevel@tonic-gate return (-1);
20167c478bd9Sstevel@tonic-gate }
2017