1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <unistd.h> 30 #include <bsm/audit.h> 31 #include <bsm/audit_record.h> 32 #include <bsm/libbsm.h> 33 #include <priv.h> 34 #include <sys/ipc.h> 35 #include <sys/param.h> 36 #include <sys/socket.h> 37 #include <sys/time.h> 38 #include <sys/vnode.h> 39 #include <malloc.h> 40 #include <net/route.h> 41 #include <netinet/in.h> 42 #include <netinet/in_pcb.h> 43 #include <string.h> 44 #include <zone.h> 45 #include <sys/tsol/label.h> 46 #include <sys/tsol/label_macro.h> 47 48 #define NGROUPS 16 /* XXX - temporary */ 49 50 token_t *au_to_arg(char n, char *text, uint32_t v); 51 #pragma weak au_to_arg = au_to_arg32 52 token_t *au_to_return(char number, uint32_t value); 53 #pragma weak au_to_return = au_to_return32 54 55 static token_t *au_to_exec(char **, char); 56 57 static token_t * 58 get_token(int s) 59 { 60 token_t *token; /* Resultant token */ 61 62 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL) 63 return (NULL); 64 if ((token->tt_data = malloc(s)) == NULL) { 65 free(token); 66 return (NULL); 67 } 68 token->tt_size = s; 69 token->tt_next = NULL; 70 return (token); 71 } 72 73 /* 74 * au_to_header 75 * return s: 76 * pointer to header token. 77 */ 78 token_t * 79 au_to_header(au_event_t e_type, au_emod_t e_mod) 80 { 81 adr_t adr; /* adr memory stream header */ 82 token_t *token; /* token pointer */ 83 char version = TOKEN_VERSION; /* version of token family */ 84 int32_t byte_count; 85 struct timeval tv; 86 #ifdef _LP64 87 char data_header = AUT_HEADER64; /* header for this token */ 88 89 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 90 2 * sizeof (int64_t) + 2 * sizeof (short)); 91 #else 92 char data_header = AUT_HEADER32; 93 94 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 95 2 * sizeof (short)); 96 #endif 97 98 if (token == NULL) 99 return (NULL); 100 adr_start(&adr, token->tt_data); 101 adr_char(&adr, &data_header, 1); /* token ID */ 102 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 103 adr_char(&adr, &version, 1); /* version of audit tokens */ 104 adr_short(&adr, &e_type, 1); /* event ID */ 105 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 106 #ifdef _LP64 107 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 108 #else 109 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 110 #endif 111 return (token); 112 } 113 114 /* 115 * au_to_header_ex 116 * return s: 117 * pointer to header token. 118 */ 119 token_t * 120 au_to_header_ex(au_event_t e_type, au_emod_t e_mod) 121 { 122 adr_t adr; /* adr memory stream header */ 123 token_t *token; /* token pointer */ 124 char version = TOKEN_VERSION; /* version of token family */ 125 int32_t byte_count; 126 struct timeval tv; 127 auditinfo_addr_t audit_info; 128 au_tid_addr_t *host_info = &audit_info.ai_termid; 129 #ifdef _LP64 130 char data_header = AUT_HEADER64_EX; /* header for this token */ 131 #else 132 char data_header = AUT_HEADER32_EX; 133 #endif 134 135 /* If our host address can't be determined, revert to un-extended hdr */ 136 137 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 138 sizeof (audit_info)) < 0) 139 return (au_to_header(e_type, e_mod)); 140 141 if (host_info->at_type == AU_IPv6) 142 if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr)) 143 return (au_to_header(e_type, e_mod)); 144 else 145 if (host_info->at_addr[0] == htonl(INADDR_ANY)) 146 return (au_to_header(e_type, e_mod)); 147 148 #ifdef _LP64 149 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 150 2 * sizeof (int64_t) + 2 * sizeof (short) + 151 sizeof (int32_t) + host_info->at_type); 152 #else 153 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 154 2 * sizeof (short) + sizeof (int32_t) + host_info->at_type); 155 #endif 156 157 if (token == NULL) 158 return (NULL); 159 adr_start(&adr, token->tt_data); 160 adr_char(&adr, &data_header, 1); /* token ID */ 161 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 162 adr_char(&adr, &version, 1); /* version of audit tokens */ 163 adr_short(&adr, &e_type, 1); /* event ID */ 164 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 165 adr_int32(&adr, (int32_t *)&host_info->at_type, 1); 166 adr_char(&adr, (char *)host_info->at_addr, 167 (int)host_info->at_type); 168 #ifdef _LP64 169 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 170 #else 171 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 172 #endif 173 return (token); 174 } 175 176 /* 177 * au_to_trailer 178 * return s: 179 * pointer to a trailer token. 180 */ 181 token_t * 182 au_to_trailer(void) 183 { 184 adr_t adr; /* adr memory stream header */ 185 token_t *token; /* token pointer */ 186 char data_header = AUT_TRAILER; /* header for this token */ 187 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */ 188 int32_t byte_count; 189 190 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short)); 191 if (token == NULL) 192 return (NULL); 193 adr_start(&adr, token->tt_data); 194 adr_char(&adr, &data_header, 1); /* token ID */ 195 adr_short(&adr, &magic, 1); /* magic number */ 196 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 197 198 return (token); 199 } 200 201 /* 202 * au_to_arg32 203 * return s: 204 * pointer to an argument token. 205 */ 206 token_t * 207 au_to_arg32(char n, char *text, uint32_t v) 208 { 209 token_t *token; /* local token */ 210 adr_t adr; /* adr memory stream header */ 211 char data_header = AUT_ARG32; /* header for this token */ 212 short bytes; /* length of string */ 213 214 bytes = strlen(text) + 1; 215 216 token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) + 217 sizeof (short) + bytes)); 218 if (token == NULL) 219 return (NULL); 220 adr_start(&adr, token->tt_data); 221 adr_char(&adr, &data_header, 1); /* token type */ 222 adr_char(&adr, &n, 1); /* argument id */ 223 adr_int32(&adr, (int32_t *)&v, 1); /* argument value */ 224 adr_short(&adr, &bytes, 1); 225 adr_char(&adr, text, bytes); 226 227 return (token); 228 } 229 230 /* 231 * au_to_arg64 232 * return s: 233 * pointer to an argument token. 234 */ 235 token_t * 236 au_to_arg64(char n, char *text, uint64_t v) 237 { 238 token_t *token; /* local token */ 239 adr_t adr; /* adr memory stream header */ 240 char data_header = AUT_ARG64; /* header for this token */ 241 short bytes; /* length of string */ 242 243 bytes = strlen(text) + 1; 244 245 token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) + 246 sizeof (short) + bytes)); 247 if (token == NULL) 248 return (NULL); 249 adr_start(&adr, token->tt_data); 250 adr_char(&adr, &data_header, 1); /* token type */ 251 adr_char(&adr, &n, 1); /* argument id */ 252 adr_int64(&adr, (int64_t *)&v, 1); /* argument value */ 253 adr_short(&adr, &bytes, 1); 254 adr_char(&adr, text, bytes); 255 256 return (token); 257 } 258 259 260 /* 261 * au_to_attr 262 * return s: 263 * pointer to an attribute token. 264 */ 265 token_t * 266 au_to_attr(struct vattr *attr) 267 { 268 token_t *token; /* local token */ 269 adr_t adr; /* adr memory stream header */ 270 int32_t value; 271 #ifdef _LP64 272 char data_header = AUT_ATTR64; /* header for this token */ 273 274 token = get_token(sizeof (char) + 275 sizeof (int32_t) * 4 + 276 sizeof (int64_t) * 2); 277 #else 278 char data_header = AUT_ATTR32; 279 280 token = get_token(sizeof (char) + sizeof (int32_t) * 5 + 281 sizeof (int64_t)); 282 #endif 283 284 if (token == NULL) 285 return (NULL); 286 adr_start(&adr, token->tt_data); 287 adr_char(&adr, &data_header, 1); 288 value = (int32_t)attr->va_mode; 289 adr_int32(&adr, &value, 1); 290 value = (int32_t)attr->va_uid; 291 adr_int32(&adr, &value, 1); 292 value = (int32_t)attr->va_gid; 293 adr_int32(&adr, &value, 1); 294 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1); 295 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1); 296 #ifdef _LP64 297 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1); 298 #else 299 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1); 300 #endif 301 302 return (token); 303 } 304 305 /* 306 * au_to_data 307 * return s: 308 * pointer to a data token. 309 */ 310 token_t * 311 au_to_data(char unit_print, char unit_type, char unit_count, char *p) 312 { 313 adr_t adr; /* adr memory stream header */ 314 token_t *token; /* token pointer */ 315 char data_header = AUT_DATA; /* header for this token */ 316 int byte_count; /* number of bytes */ 317 318 if (p == NULL || unit_count < 1) 319 return (NULL); 320 321 /* 322 * Check validity of print type 323 */ 324 if (unit_print < AUP_BINARY || unit_print > AUP_STRING) 325 return (NULL); 326 327 switch (unit_type) { 328 case AUR_SHORT: 329 byte_count = unit_count * sizeof (short); 330 break; 331 case AUR_INT32: 332 byte_count = unit_count * sizeof (int32_t); 333 break; 334 case AUR_INT64: 335 byte_count = unit_count * sizeof (int64_t); 336 break; 337 /* case AUR_CHAR: */ 338 case AUR_BYTE: 339 byte_count = unit_count * sizeof (char); 340 break; 341 default: 342 return (NULL); 343 } 344 345 token = get_token((int)(4 * sizeof (char) + byte_count)); 346 if (token == NULL) 347 return (NULL); 348 adr_start(&adr, token->tt_data); 349 adr_char(&adr, &data_header, 1); 350 adr_char(&adr, &unit_print, 1); 351 adr_char(&adr, &unit_type, 1); 352 adr_char(&adr, &unit_count, 1); 353 354 switch (unit_type) { 355 case AUR_SHORT: 356 /* LINTED */ 357 adr_short(&adr, (short *)p, unit_count); 358 break; 359 case AUR_INT32: 360 /* LINTED */ 361 adr_int32(&adr, (int32_t *)p, unit_count); 362 break; 363 case AUR_INT64: 364 /* LINTED */ 365 adr_int64(&adr, (int64_t *)p, unit_count); 366 break; 367 /* case AUR_CHAR: */ 368 case AUR_BYTE: 369 adr_char(&adr, p, unit_count); 370 break; 371 } 372 373 return (token); 374 } 375 376 /* 377 * au_to_privset 378 * 379 * priv_type (LIMIT, INHERIT...) is the first string and privilege 380 * in translated into the second string. The format is as follows: 381 * 382 * token id adr_char 383 * priv type adr_string (short, string) 384 * priv set adr_string (short, string) 385 * 386 * return s: 387 * pointer to a AUT_PRIV token. 388 */ 389 token_t * 390 au_to_privset(const char *priv_type, const priv_set_t *privilege) 391 { 392 token_t *token; /* local token */ 393 adr_t adr; /* adr memory stream header */ 394 char data_header = AUT_PRIV; /* header for this token */ 395 short t_bytes; /* length of type string */ 396 short p_bytes; /* length of privilege string */ 397 char *priv_string; /* privilege string */ 398 399 t_bytes = strlen(priv_type) + 1; 400 401 if ((privilege == NULL) || (priv_string = 402 priv_set_to_str(privilege, ',', 403 PRIV_STR_LIT)) == NULL) 404 return (NULL); 405 406 p_bytes = strlen(priv_string) + 1; 407 408 token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes 409 + p_bytes)); 410 if (token == NULL) 411 return (NULL); 412 413 adr_start(&adr, token->tt_data); 414 adr_char(&adr, &data_header, 1); 415 adr_short(&adr, &t_bytes, 1); 416 adr_char(&adr, (char *)priv_type, t_bytes); 417 adr_short(&adr, &p_bytes, 1); 418 adr_char(&adr, priv_string, p_bytes); 419 420 free(priv_string); 421 422 return (token); 423 } 424 425 /* 426 * au_to_process 427 * return s: 428 * pointer to a process token. 429 */ 430 431 token_t * 432 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 433 pid_t pid, au_asid_t sid, au_tid_t *tid) 434 { 435 token_t *token; /* local token */ 436 adr_t adr; /* adr memory stream header */ 437 #ifdef _LP64 438 char data_header = AUT_PROCESS64; /* header for this token */ 439 440 token = get_token(sizeof (char) + 8 * sizeof (int32_t) + 441 sizeof (int64_t)); 442 #else 443 char data_header = AUT_PROCESS32; 444 445 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 446 #endif 447 448 if (token == NULL) 449 return (NULL); 450 adr_start(&adr, token->tt_data); 451 adr_char(&adr, &data_header, 1); 452 adr_int32(&adr, (int32_t *)&auid, 1); 453 adr_int32(&adr, (int32_t *)&euid, 1); 454 adr_int32(&adr, (int32_t *)&egid, 1); 455 adr_int32(&adr, (int32_t *)&ruid, 1); 456 adr_int32(&adr, (int32_t *)&rgid, 1); 457 adr_int32(&adr, (int32_t *)&pid, 1); 458 adr_int32(&adr, (int32_t *)&sid, 1); 459 #ifdef _LP64 460 adr_int64(&adr, (int64_t *)&tid->port, 1); 461 #else 462 adr_int32(&adr, (int32_t *)&tid->port, 1); 463 #endif 464 adr_int32(&adr, (int32_t *)&tid->machine, 1); 465 466 return (token); 467 } 468 469 /* 470 * au_to_process_ex 471 * return s: 472 * pointer to a process_ex token. 473 */ 474 token_t * 475 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 476 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 477 { 478 token_t *token; /* local token */ 479 adr_t adr; /* adr memory stream header */ 480 char data_header; /* header for this token */ 481 482 #ifdef _LP64 483 if (tid->at_type == AU_IPv6) { 484 data_header = AUT_PROCESS64_EX; 485 token = get_token(sizeof (char) + sizeof (int64_t) + 486 12 * sizeof (int32_t)); 487 } else { 488 data_header = AUT_PROCESS64; 489 token = get_token(sizeof (char) + sizeof (int64_t) + 490 8 * sizeof (int32_t)); 491 } 492 #else 493 if (tid->at_type == AU_IPv6) { 494 data_header = AUT_PROCESS32_EX; 495 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 496 } else { 497 data_header = AUT_PROCESS32; 498 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 499 } 500 #endif 501 if (token == NULL) 502 return (NULL); 503 adr_start(&adr, token->tt_data); 504 adr_char(&adr, &data_header, 1); 505 adr_int32(&adr, (int32_t *)&auid, 1); 506 adr_int32(&adr, (int32_t *)&euid, 1); 507 adr_int32(&adr, (int32_t *)&egid, 1); 508 adr_int32(&adr, (int32_t *)&ruid, 1); 509 adr_int32(&adr, (int32_t *)&rgid, 1); 510 adr_int32(&adr, (int32_t *)&pid, 1); 511 adr_int32(&adr, (int32_t *)&sid, 1); 512 #ifdef _LP64 513 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 514 #else 515 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 516 #endif 517 if (tid->at_type == AU_IPv6) { 518 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 519 adr_char(&adr, (char *)tid->at_addr, 16); 520 } else { 521 adr_char(&adr, (char *)tid->at_addr, 4); 522 } 523 524 return (token); 525 } 526 527 /* 528 * au_to_seq 529 * return s: 530 * pointer to token chain containing a sequence token 531 */ 532 token_t * 533 au_to_seq(int audit_count) 534 { 535 token_t *token; /* local token */ 536 adr_t adr; /* adr memory stream header */ 537 char data_header = AUT_SEQ; /* header for this token */ 538 539 token = get_token(sizeof (char) + sizeof (int32_t)); 540 if (token == NULL) 541 return (NULL); 542 adr_start(&adr, token->tt_data); 543 adr_char(&adr, &data_header, 1); 544 adr_int32(&adr, (int32_t *)&audit_count, 1); 545 546 return (token); 547 } 548 549 /* 550 * au_to_socket 551 * return s: 552 * pointer to mbuf chain containing a socket token. 553 */ 554 token_t * 555 au_to_socket(struct oldsocket *so) 556 { 557 adr_t adr; 558 token_t *token; 559 char data_header = AUT_SOCKET; 560 struct inpcb *inp = so->so_pcb; 561 562 token = get_token(sizeof (char) + sizeof (short) * 3 + 563 sizeof (int32_t) * 2); 564 if (token == NULL) 565 return (NULL); 566 adr_start(&adr, token->tt_data); 567 adr_char(&adr, &data_header, 1); 568 adr_short(&adr, (short *)&so->so_type, 1); 569 adr_short(&adr, (short *)&inp->inp_lport, 1); 570 adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1); 571 adr_short(&adr, (short *)&inp->inp_fport, 1); 572 adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1); 573 574 return (token); 575 } 576 577 /* 578 * au_to_subject 579 * return s: 580 * pointer to a process token. 581 */ 582 583 token_t * 584 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 585 pid_t pid, au_asid_t sid, au_tid_t *tid) 586 { 587 token_t *token; /* local token */ 588 adr_t adr; /* adr memory stream header */ 589 #ifdef _LP64 590 char data_header = AUT_SUBJECT64; /* header for this token */ 591 592 token = get_token(sizeof (char) + sizeof (int64_t) + 593 8 * sizeof (int32_t)); 594 #else 595 char data_header = AUT_SUBJECT32; 596 597 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 598 #endif 599 600 if (token == NULL) 601 return (NULL); 602 adr_start(&adr, token->tt_data); 603 adr_char(&adr, &data_header, 1); 604 adr_int32(&adr, (int32_t *)&auid, 1); 605 adr_int32(&adr, (int32_t *)&euid, 1); 606 adr_int32(&adr, (int32_t *)&egid, 1); 607 adr_int32(&adr, (int32_t *)&ruid, 1); 608 adr_int32(&adr, (int32_t *)&rgid, 1); 609 adr_int32(&adr, (int32_t *)&pid, 1); 610 adr_int32(&adr, (int32_t *)&sid, 1); 611 #ifdef _LP64 612 adr_int64(&adr, (int64_t *)&tid->port, 1); 613 #else 614 adr_int32(&adr, (int32_t *)&tid->port, 1); 615 #endif 616 adr_int32(&adr, (int32_t *)&tid->machine, 1); 617 618 return (token); 619 } 620 621 /* 622 * au_to_subject_ex 623 * return s: 624 * pointer to a process token. 625 */ 626 627 token_t * 628 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 629 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 630 { 631 token_t *token; /* local token */ 632 adr_t adr; /* adr memory stream header */ 633 #ifdef _LP64 634 char data_header; /* header for this token */ 635 636 if (tid->at_type == AU_IPv6) { 637 data_header = AUT_SUBJECT64_EX; 638 token = get_token(sizeof (char) + sizeof (int64_t) + 639 12 * sizeof (int32_t)); 640 } else { 641 data_header = AUT_SUBJECT64; 642 token = get_token(sizeof (char) + sizeof (int64_t) + 643 8 * sizeof (int32_t)); 644 } 645 #else 646 char data_header; /* header for this token */ 647 648 if (tid->at_type == AU_IPv6) { 649 data_header = AUT_SUBJECT32_EX; 650 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 651 } else { 652 data_header = AUT_SUBJECT32; 653 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 654 } 655 #endif 656 657 if (token == NULL) 658 return (NULL); 659 adr_start(&adr, token->tt_data); 660 adr_char(&adr, &data_header, 1); 661 adr_int32(&adr, (int32_t *)&auid, 1); 662 adr_int32(&adr, (int32_t *)&euid, 1); 663 adr_int32(&adr, (int32_t *)&egid, 1); 664 adr_int32(&adr, (int32_t *)&ruid, 1); 665 adr_int32(&adr, (int32_t *)&rgid, 1); 666 adr_int32(&adr, (int32_t *)&pid, 1); 667 adr_int32(&adr, (int32_t *)&sid, 1); 668 #ifdef _LP64 669 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 670 #else 671 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 672 #endif 673 if (tid->at_type == AU_IPv6) { 674 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 675 adr_char(&adr, (char *)tid->at_addr, 16); 676 } else { 677 adr_char(&adr, (char *)tid->at_addr, 4); 678 } 679 680 return (token); 681 } 682 683 /* 684 * au_to_me 685 * return s: 686 * pointer to a process token. 687 */ 688 689 token_t * 690 au_to_me(void) 691 { 692 auditinfo_addr_t info; 693 694 if (getaudit_addr(&info, sizeof (info))) 695 return (NULL); 696 return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(), 697 getgid(), getpid(), info.ai_asid, &info.ai_termid)); 698 } 699 /* 700 * au_to_text 701 * return s: 702 * pointer to a text token. 703 */ 704 token_t * 705 au_to_text(char *text) 706 { 707 token_t *token; /* local token */ 708 adr_t adr; /* adr memory stream header */ 709 char data_header = AUT_TEXT; /* header for this token */ 710 short bytes; /* length of string */ 711 712 bytes = strlen(text) + 1; 713 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 714 if (token == NULL) 715 return (NULL); 716 adr_start(&adr, token->tt_data); 717 adr_char(&adr, &data_header, 1); 718 adr_short(&adr, &bytes, 1); 719 adr_char(&adr, text, bytes); 720 721 return (token); 722 } 723 724 /* 725 * au_to_path 726 * return s: 727 * pointer to a path token. 728 */ 729 token_t * 730 au_to_path(char *path) 731 { 732 token_t *token; /* local token */ 733 adr_t adr; /* adr memory stream header */ 734 char data_header = AUT_PATH; /* header for this token */ 735 short bytes; /* length of string */ 736 737 bytes = (short)strlen(path) + 1; 738 739 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 740 if (token == NULL) 741 return (NULL); 742 adr_start(&adr, token->tt_data); 743 adr_char(&adr, &data_header, 1); 744 adr_short(&adr, &bytes, 1); 745 adr_char(&adr, path, bytes); 746 747 return (token); 748 } 749 750 /* 751 * au_to_cmd 752 * return s: 753 * pointer to an command line argument token 754 */ 755 token_t * 756 au_to_cmd(uint_t argc, char **argv, char **envp) 757 { 758 token_t *token; /* local token */ 759 adr_t adr; /* adr memory stream header */ 760 char data_header = AUT_CMD; /* header for this token */ 761 short len = 0; 762 short cnt = 0; 763 short envc = 0; 764 short largc = (short)argc; 765 766 /* 767 * one char for the header, one short for argc, 768 * one short for # envp strings. 769 */ 770 len = sizeof (char) + sizeof (short) + sizeof (short); 771 772 /* get sizes of strings */ 773 774 for (cnt = 0; cnt < argc; cnt++) { 775 len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1); 776 } 777 778 if (envp != NULL) { 779 for (envc = 0; envp[envc] != NULL; envc++) { 780 len += (short)sizeof (short) + 781 (short)(strlen(envp[envc]) + 1); 782 } 783 } 784 785 token = get_token(len); 786 if (token == NULL) 787 return (NULL); 788 789 adr_start(&adr, token->tt_data); 790 adr_char(&adr, &data_header, 1); 791 792 adr_short(&adr, &largc, 1); 793 794 for (cnt = 0; cnt < argc; cnt++) { 795 len = (short)(strlen(argv[cnt]) + 1); 796 adr_short(&adr, &len, 1); 797 adr_char(&adr, argv[cnt], len); 798 } 799 800 adr_short(&adr, &envc, 1); 801 802 for (cnt = 0; cnt < envc; cnt++) { 803 len = (short)(strlen(envp[cnt]) + 1); 804 adr_short(&adr, &len, 1); 805 adr_char(&adr, envp[cnt], len); 806 } 807 808 return (token); 809 } 810 811 /* 812 * au_to_exit 813 * return s: 814 * pointer to a exit value token. 815 */ 816 token_t * 817 au_to_exit(int retval, int err) 818 { 819 token_t *token; /* local token */ 820 adr_t adr; /* adr memory stream header */ 821 char data_header = AUT_EXIT; /* header for this token */ 822 823 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); 824 if (token == NULL) 825 return (NULL); 826 adr_start(&adr, token->tt_data); 827 adr_char(&adr, &data_header, 1); 828 adr_int32(&adr, (int32_t *)&retval, 1); 829 adr_int32(&adr, (int32_t *)&err, 1); 830 831 return (token); 832 } 833 834 /* 835 * au_to_return 836 * return s: 837 * pointer to a return value token. 838 */ 839 token_t * 840 au_to_return32(char number, uint32_t value) 841 { 842 token_t *token; /* local token */ 843 adr_t adr; /* adr memory stream header */ 844 char data_header = AUT_RETURN32; /* header for this token */ 845 846 token = get_token(2 * sizeof (char) + sizeof (int32_t)); 847 if (token == NULL) 848 return (NULL); 849 adr_start(&adr, token->tt_data); 850 adr_char(&adr, &data_header, 1); 851 adr_char(&adr, &number, 1); 852 adr_int32(&adr, (int32_t *)&value, 1); 853 854 return (token); 855 } 856 857 /* 858 * au_to_return 859 * return s: 860 * pointer to a return value token. 861 */ 862 token_t * 863 au_to_return64(char number, uint64_t value) 864 { 865 token_t *token; /* local token */ 866 adr_t adr; /* adr memory stream header */ 867 char data_header = AUT_RETURN64; /* header for this token */ 868 869 token = get_token(2 * sizeof (char) + sizeof (int64_t)); 870 if (token == NULL) 871 return (NULL); 872 adr_start(&adr, token->tt_data); 873 adr_char(&adr, &data_header, 1); 874 adr_char(&adr, &number, 1); 875 adr_int64(&adr, (int64_t *)&value, 1); 876 877 return (token); 878 } 879 880 881 /* 882 * au_to_opaque 883 * return s: 884 * pointer to a opaque token. 885 */ 886 token_t * 887 au_to_opaque(char *opaque, short bytes) 888 { 889 token_t *token; /* local token */ 890 adr_t adr; /* adr memory stream header */ 891 char data_header = AUT_OPAQUE; /* header for this token */ 892 893 if (bytes < 1) 894 return (NULL); 895 896 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 897 if (token == NULL) 898 return (NULL); 899 adr_start(&adr, token->tt_data); 900 adr_char(&adr, &data_header, 1); 901 adr_short(&adr, &bytes, 1); 902 adr_char(&adr, opaque, bytes); 903 904 return (token); 905 } 906 907 /* 908 * au_to_in_addr 909 * return s: 910 * pointer to a internet address token 911 */ 912 token_t * 913 au_to_in_addr(struct in_addr *internet_addr) 914 { 915 token_t *token; /* local token */ 916 adr_t adr; /* adr memory stream header */ 917 char data_header = AUT_IN_ADDR; /* header for this token */ 918 919 token = get_token(sizeof (char) + sizeof (uint32_t)); 920 if (token == NULL) 921 return (NULL); 922 adr_start(&adr, token->tt_data); 923 adr_char(&adr, &data_header, 1); 924 adr_int32(&adr, (int32_t *)internet_addr, 1); 925 926 return (token); 927 } 928 929 /* 930 * au_to_iport 931 * return s: 932 * pointer to token chain containing a ip port address token 933 */ 934 token_t * 935 au_to_iport(ushort_t iport) 936 { 937 token_t *token; /* local token */ 938 adr_t adr; /* adr memory stream header */ 939 char data_header = AUT_IPORT; /* header for this token */ 940 941 token = get_token(sizeof (char) + sizeof (short)); 942 if (token == NULL) 943 return (NULL); 944 adr_start(&adr, token->tt_data); 945 adr_char(&adr, &data_header, 1); 946 adr_short(&adr, (short *)&iport, 1); 947 948 return (token); 949 } 950 951 token_t * 952 au_to_ipc(char type, int id) 953 { 954 token_t *token; /* local token */ 955 adr_t adr; /* adr memory stream header */ 956 char data_header = AUT_IPC; /* header for this token */ 957 958 token = get_token((2 * sizeof (char)) + sizeof (int32_t)); 959 if (token == NULL) 960 return (NULL); 961 adr_start(&adr, token->tt_data); 962 adr_char(&adr, &data_header, 1); 963 adr_char(&adr, &type, 1); 964 adr_int32(&adr, (int32_t *)&id, 1); 965 966 return (token); 967 } 968 969 /* 970 * au_to_tid 971 * 972 * output format depends on type; at present only IP v4 and v6 addresses 973 * are defined. 974 * 975 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type, 976 * 32 bit IP address. 977 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type, 978 * 4 x 32 bit IP address. 979 * 980 */ 981 token_t * 982 au_to_tid(au_generic_tid_t *tid) 983 { 984 char data_header = AUT_TID; /* header for this token */ 985 adr_t adr; /* adr memory stream header */ 986 token_t *token; /* local token */ 987 au_ip_t *ip; 988 989 switch (tid->gt_type) { 990 case AU_IPADR: 991 ip = &(tid->gt_adr.at_ip); 992 token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) + 993 sizeof (uint32_t) + ip->at_type)); 994 if (token == NULL) 995 return (NULL); 996 997 adr_start(&adr, token->tt_data); 998 adr_char(&adr, &data_header, 1); 999 adr_char(&adr, (char *)&(tid->gt_type), 1); 1000 adr_short(&adr, (short *)&(ip->at_r_port), 1); 1001 adr_short(&adr, (short *)&(ip->at_l_port), 1); 1002 adr_int32(&adr, (int32_t *)&(ip->at_type), 1); 1003 1004 adr_char(&adr, (char *)ip->at_addr, ip->at_type); 1005 1006 break; 1007 default: 1008 return (NULL); 1009 } 1010 return (token); 1011 } 1012 1013 /* 1014 * The Modifier tokens 1015 */ 1016 1017 /* 1018 * au_to_groups 1019 * return s: 1020 * pointer to a group list token. 1021 * 1022 * This function is obsolete. Please use au_to_newgroups. 1023 */ 1024 token_t * 1025 au_to_groups(int *groups) 1026 { 1027 token_t *token; /* local token */ 1028 adr_t adr; /* adr memory stream header */ 1029 char data_header = AUT_GROUPS; /* header for this token */ 1030 1031 token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t)); 1032 if (token == NULL) 1033 return (NULL); 1034 adr_start(&adr, token->tt_data); 1035 adr_char(&adr, &data_header, 1); 1036 adr_int32(&adr, (int32_t *)groups, NGROUPS); 1037 1038 return (token); 1039 } 1040 1041 /* 1042 * au_to_newgroups 1043 * return s: 1044 * pointer to a group list token. 1045 */ 1046 token_t * 1047 au_to_newgroups(int n, gid_t *groups) 1048 { 1049 token_t *token; /* local token */ 1050 adr_t adr; /* adr memory stream header */ 1051 char data_header = AUT_NEWGROUPS; /* header for this token */ 1052 short n_groups; 1053 1054 if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL) 1055 return (NULL); 1056 token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t)); 1057 if (token == NULL) 1058 return (NULL); 1059 n_groups = (short)n; 1060 adr_start(&adr, token->tt_data); 1061 adr_char(&adr, &data_header, 1); 1062 adr_short(&adr, &n_groups, 1); 1063 adr_int32(&adr, (int32_t *)groups, n_groups); 1064 1065 return (token); 1066 } 1067 1068 /* 1069 * au_to_exec_args 1070 * returns: 1071 * pointer to an exec args token. 1072 */ 1073 token_t * 1074 au_to_exec_args(char **argv) 1075 { 1076 return (au_to_exec(argv, AUT_EXEC_ARGS)); 1077 } 1078 1079 /* 1080 * au_to_exec_env 1081 * returns: 1082 * pointer to an exec args token. 1083 */ 1084 token_t * 1085 au_to_exec_env(char **envp) 1086 { 1087 return (au_to_exec(envp, AUT_EXEC_ENV)); 1088 } 1089 1090 /* 1091 * au_to_exec 1092 * returns: 1093 * pointer to an exec args token. 1094 */ 1095 static token_t * 1096 au_to_exec(char **v, char data_header) 1097 { 1098 token_t *token; 1099 adr_t adr; 1100 char **p; 1101 int32_t n = 0; 1102 int len = 0; 1103 1104 for (p = v; *p != NULL; p++) { 1105 len += strlen(*p) + 1; 1106 n++; 1107 } 1108 token = get_token(sizeof (char) + sizeof (int32_t) + len); 1109 if (token == (token_t *)NULL) 1110 return ((token_t *)NULL); 1111 adr_start(&adr, token->tt_data); 1112 adr_char(&adr, &data_header, 1); 1113 adr_int32(&adr, &n, 1); 1114 for (p = v; *p != NULL; p++) { 1115 adr_char(&adr, *p, strlen(*p) + 1); 1116 } 1117 return (token); 1118 } 1119 1120 /* 1121 * au_to_uauth 1122 * return s: 1123 * pointer to a uauth token. 1124 */ 1125 token_t * 1126 au_to_uauth(char *text) 1127 { 1128 token_t *token; /* local token */ 1129 adr_t adr; /* adr memory stream header */ 1130 char data_header = AUT_UAUTH; /* header for this token */ 1131 short bytes; /* length of string */ 1132 1133 bytes = strlen(text) + 1; 1134 1135 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1136 if (token == NULL) 1137 return (NULL); 1138 adr_start(&adr, token->tt_data); 1139 adr_char(&adr, &data_header, 1); 1140 adr_short(&adr, &bytes, 1); 1141 adr_char(&adr, text, bytes); 1142 1143 return (token); 1144 } 1145 1146 /* 1147 * au_to_xatom 1148 * return s: 1149 * pointer to a xatom token. 1150 */ 1151 token_t * 1152 au_to_xatom(ushort_t len, char *atom) 1153 { 1154 token_t *token; /* local token */ 1155 adr_t adr; /* adr memory stream header */ 1156 char data_header = AUT_XATOM; /* header for this token */ 1157 1158 token = get_token((int)(sizeof (char) + sizeof (ushort_t) + len)); 1159 if (token == NULL) 1160 return (NULL); 1161 adr_start(&adr, token->tt_data); 1162 adr_char(&adr, &data_header, 1); 1163 adr_short(&adr, (short *)&len, 1); 1164 adr_char(&adr, atom, len); 1165 1166 return (token); 1167 } 1168 1169 /* 1170 * au_to_xproto 1171 * return s: 1172 * pointer to a X protocol token. 1173 */ 1174 token_t * 1175 au_to_xproto(pid_t pid) 1176 { 1177 token_t *token; /* local token */ 1178 adr_t adr; /* adr memory stream header */ 1179 char data_header = AUT_XPROTO; /* header for this token */ 1180 int32_t v = pid; 1181 1182 token = get_token(sizeof (char) + sizeof (int32_t)); 1183 if (token == NULL) 1184 return (NULL); 1185 adr_start(&adr, token->tt_data); 1186 adr_char(&adr, &data_header, 1); 1187 adr_int32(&adr, &v, 1); 1188 1189 return (token); 1190 } 1191 1192 /* 1193 * au_to_xobj 1194 * return s: 1195 * pointer to a X object token. 1196 */ 1197 token_t * 1198 au_to_xobj(int oid, int xid, int cuid) 1199 { 1200 token_t *token; /* local token */ 1201 adr_t adr; /* adr memory stream header */ 1202 char data_header = AUT_XOBJ; /* header for this token */ 1203 1204 token = get_token(sizeof (char) + 3 * sizeof (int32_t)); 1205 if (token == NULL) 1206 return (NULL); 1207 adr_start(&adr, token->tt_data); 1208 adr_char(&adr, &data_header, 1); 1209 adr_int32(&adr, (int32_t *)&oid, 1); 1210 adr_int32(&adr, (int32_t *)&xid, 1); 1211 adr_int32(&adr, (int32_t *)&cuid, 1); 1212 1213 return (token); 1214 } 1215 1216 /* 1217 * au_to_xselect 1218 * return s: 1219 * pointer to a X select token. 1220 */ 1221 token_t * 1222 au_to_xselect(char *pstring, char *type, short dlen, char *data) 1223 { 1224 token_t *token; /* local token */ 1225 adr_t adr; /* adr memory stream header */ 1226 char data_header = AUT_XSELECT; /* header for this token */ 1227 short bytes; 1228 1229 bytes = strlen(pstring) + strlen(type) + 2 + dlen; 1230 token = get_token((int)(sizeof (char) + sizeof (short) * 3 + bytes)); 1231 if (token == NULL) 1232 return (NULL); 1233 adr_start(&adr, token->tt_data); 1234 adr_char(&adr, &data_header, 1); 1235 bytes = strlen(pstring) + 1; 1236 adr_short(&adr, &bytes, 1); 1237 adr_char(&adr, pstring, bytes); 1238 bytes = strlen(type) + 1; 1239 adr_short(&adr, &bytes, 1); 1240 adr_char(&adr, type, bytes); 1241 adr_short(&adr, &dlen, 1); 1242 adr_char(&adr, data, dlen); 1243 return (token); 1244 } 1245 1246 /* 1247 * au_to_label 1248 * return s: 1249 * pointer to token chain containing a sensitivity label token. 1250 */ 1251 token_t * 1252 au_to_label(bslabel_t *label) 1253 { 1254 token_t *token; /* local token */ 1255 adr_t adr; /* adr memory stream header */ 1256 char data_header = AUT_LABEL; /* header for this token */ 1257 short bs = sizeof (bslabel_t); 1258 1259 token = get_token(sizeof (char) + bs); 1260 if (token == NULL) 1261 return (NULL); 1262 adr_start(&adr, token->tt_data); 1263 adr_char(&adr, &data_header, 1); 1264 adr_char(&adr, (char *)label, bs); 1265 1266 return (token); 1267 } 1268 1269 /* 1270 * au_to_mylabel 1271 * return s: 1272 * pointer to a slabel token. 1273 */ 1274 token_t * 1275 au_to_mylabel(void) 1276 { 1277 bslabel_t slabel; 1278 zoneid_t zid = getzoneid(); 1279 1280 if (zid == GLOBAL_ZONEID) { 1281 bsllow(&slabel); 1282 } else { 1283 if (zone_getattr(zid, ZONE_ATTR_SLBL, &slabel, 1284 sizeof (bslabel_t)) < 0) 1285 return (NULL); 1286 } 1287 return (au_to_label(&slabel)); 1288 } 1289 1290 /* 1291 * au_to_zonename 1292 * return s: 1293 * pointer to a zonename token. 1294 */ 1295 token_t * 1296 au_to_zonename(char *name) 1297 { 1298 token_t *token; /* local token */ 1299 adr_t adr; /* adr memory stream header */ 1300 char data_header = AUT_ZONENAME; /* header for this token */ 1301 short bytes; /* length of string */ 1302 1303 if (name == NULL) 1304 return (NULL); 1305 1306 bytes = strlen(name) + 1; 1307 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1308 if (token == NULL) 1309 return (NULL); 1310 adr_start(&adr, token->tt_data); 1311 adr_char(&adr, &data_header, 1); 1312 adr_short(&adr, &bytes, 1); 1313 adr_char(&adr, name, bytes); 1314 1315 return (token); 1316 } 1317 1318 /* 1319 * au_to_fmri 1320 * return s: 1321 * pointer to a fmri token. 1322 */ 1323 token_t * 1324 au_to_fmri(char *fmri) 1325 { 1326 token_t *token; /* local token */ 1327 adr_t adr; /* adr memory stream header */ 1328 char data_header = AUT_FMRI; /* header for this token */ 1329 short bytes; /* length of string */ 1330 1331 if (fmri == NULL) 1332 return (NULL); 1333 1334 bytes = strlen(fmri) + 1; 1335 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1336 if (token == NULL) 1337 return (NULL); 1338 adr_start(&adr, token->tt_data); 1339 adr_char(&adr, &data_header, 1); 1340 adr_short(&adr, &bytes, 1); 1341 adr_char(&adr, fmri, bytes); 1342 1343 return (token); 1344 } 1345