au_to.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
5aa59c4crsb * Common Development and Distribution License, Version 1.0 only
6aa59c4crsb * (the "License").  You may not use this file except in compliance
77c478bdstevel@tonic-gate * with the License.
87c478bdstevel@tonic-gate *
97c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
107c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
117c478bdstevel@tonic-gate * See the License for the specific language governing permissions
127c478bdstevel@tonic-gate * and limitations under the License.
137c478bdstevel@tonic-gate *
147c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
157c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
167c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
177c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
187c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
197c478bdstevel@tonic-gate *
207c478bdstevel@tonic-gate * CDDL HEADER END
217c478bdstevel@tonic-gate */
22ab04eb8timh/*
237c478bdstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
247c478bdstevel@tonic-gate * Use is subject to license terms.
257c478bdstevel@tonic-gate */
267c478bdstevel@tonic-gate
277c478bdstevel@tonic-gate#pragma ident	"%Z%%M%	%I%	%E% SMI"
287c478bdstevel@tonic-gate
297c478bdstevel@tonic-gate#include <sys/types.h>
307c478bdstevel@tonic-gate#include <unistd.h>
317c478bdstevel@tonic-gate#include <bsm/audit.h>
327c478bdstevel@tonic-gate#include <bsm/audit_record.h>
337c478bdstevel@tonic-gate#include <bsm/libbsm.h>
347c478bdstevel@tonic-gate#include <priv.h>
357c478bdstevel@tonic-gate#include <sys/ipc.h>
36aa59c4crsb#include <sys/param.h>
377c478bdstevel@tonic-gate#include <sys/socket.h>
387c478bdstevel@tonic-gate#include <sys/time.h>
397c478bdstevel@tonic-gate#include <sys/vnode.h>
407c478bdstevel@tonic-gate#include <malloc.h>
41da6c28aamw#include <net/route.h>
42ab04eb8timh#include <netinet/in.h>
43b38f097ck#include <netinet/in_pcb.h>
44b38f097ck#include <string.h>
457c478bdstevel@tonic-gate
467c478bdstevel@tonic-gate#define	NGROUPS		16	/* XXX - temporary */
477c478bdstevel@tonic-gate
487c478bdstevel@tonic-gatetoken_t *au_to_arg(char n, char *text, uint32_t v);
497c478bdstevel@tonic-gate#pragma weak au_to_arg = au_to_arg32
507c478bdstevel@tonic-gatetoken_t *au_to_return(char number, uint32_t value);
517c478bdstevel@tonic-gate#pragma weak au_to_return = au_to_return32
527c478bdstevel@tonic-gate
537c478bdstevel@tonic-gatestatic token_t *au_to_exec(char **, char);
547c478bdstevel@tonic-gate
557c478bdstevel@tonic-gatestatic token_t *
567c478bdstevel@tonic-gateget_token(int s)
577c478bdstevel@tonic-gate{
58da6c28aamw	token_t *token;	/* Resultant token */
59da6c28aamw
607c478bdstevel@tonic-gate	if ((token = (token_t *)malloc(sizeof (token_t))) == NULL)
617c478bdstevel@tonic-gate		return (NULL);
627c478bdstevel@tonic-gate	if ((token->tt_data = malloc(s)) == NULL) {
637c478bdstevel@tonic-gate		free(token);
647c478bdstevel@tonic-gate		return (NULL);
657c478bdstevel@tonic-gate	}
667c478bdstevel@tonic-gate	token->tt_size = s;
677c478bdstevel@tonic-gate	token->tt_next = NULL;
687c478bdstevel@tonic-gate	return (token);
697c478bdstevel@tonic-gate}
707c478bdstevel@tonic-gate
717c478bdstevel@tonic-gate/*
72da6c28aamw * au_to_header
737c478bdstevel@tonic-gate * return s:
74da6c28aamw *	pointer to header token.
75ab04eb8timh */
767c478bdstevel@tonic-gatetoken_t *
777c478bdstevel@tonic-gateau_to_header(au_event_t e_type, au_emod_t e_mod)
787c478bdstevel@tonic-gate{
797c478bdstevel@tonic-gate	adr_t adr;			/* adr memory stream header */
807c478bdstevel@tonic-gate	token_t *token;			/* token pointer */
817c478bdstevel@tonic-gate	char version = TOKEN_VERSION;	/* version of token family */
827c478bdstevel@tonic-gate	int32_t byte_count;
837c478bdstevel@tonic-gate	struct timeval tv;
847c478bdstevel@tonic-gate#ifdef _LP64
857c478bdstevel@tonic-gate	char data_header = AUT_HEADER64;	/* header for this token */
867c478bdstevel@tonic-gate
877c478bdstevel@tonic-gate	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
887c478bdstevel@tonic-gate	    2 * sizeof (int64_t) + 2 * sizeof (short));
897c478bdstevel@tonic-gate#else
907c478bdstevel@tonic-gate	char data_header = AUT_HEADER32;
917c478bdstevel@tonic-gate
927c478bdstevel@tonic-gate	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
937c478bdstevel@tonic-gate	    2 * sizeof (short));
947c478bdstevel@tonic-gate#endif
957c478bdstevel@tonic-gate
967c478bdstevel@tonic-gate	if (token == NULL)
977c478bdstevel@tonic-gate		return (NULL);
987c478bdstevel@tonic-gate	adr_start(&adr, token->tt_data);
997c478bdstevel@tonic-gate	adr_char(&adr, &data_header, 1);	/* token ID */
1007c478bdstevel@tonic-gate	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
1017c478bdstevel@tonic-gate	adr_char(&adr, &version, 1);		/* version of audit tokens */
1027c478bdstevel@tonic-gate	adr_short(&adr, &e_type, 1);		/* event ID */
1037c478bdstevel@tonic-gate	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
1047c478bdstevel@tonic-gate#ifdef _LP64
1057c478bdstevel@tonic-gate	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
1067c478bdstevel@tonic-gate#else
1077c478bdstevel@tonic-gate	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
108b38f097ck#endif
109b38f097ck	return (token);
1107c478bdstevel@tonic-gate}
1117c478bdstevel@tonic-gate
1127c478bdstevel@tonic-gate/*
113b38f097ck * au_to_header_ex
114b38f097ck * return s:
115ab04eb8timh *	pointer to header token.
1167c478bdstevel@tonic-gate */
1177c478bdstevel@tonic-gatetoken_t *
1187c478bdstevel@tonic-gateau_to_header_ex(au_event_t e_type, au_emod_t e_mod)
1197c478bdstevel@tonic-gate{
1207c478bdstevel@tonic-gate	adr_t adr;			/* adr memory stream header */
1217c478bdstevel@tonic-gate	token_t *token;			/* token pointer */
1227c478bdstevel@tonic-gate	char version = TOKEN_VERSION;	/* version of token family */
1237c478bdstevel@tonic-gate	int32_t byte_count;
1247c478bdstevel@tonic-gate	struct timeval tv;
1257c478bdstevel@tonic-gate	auditinfo_addr_t audit_info;
1267c478bdstevel@tonic-gate	au_tid_addr_t	*host_info = &audit_info.ai_termid;
1277c478bdstevel@tonic-gate#ifdef _LP64
1287c478bdstevel@tonic-gate	char data_header = AUT_HEADER64_EX;	/* header for this token */
1297c478bdstevel@tonic-gate#else
1307c478bdstevel@tonic-gate	char data_header = AUT_HEADER32_EX;
1317c478bdstevel@tonic-gate#endif
1327c478bdstevel@tonic-gate
1337c478bdstevel@tonic-gate	/* If our host address can't be determined, revert to un-extended hdr */
1347c478bdstevel@tonic-gate
1357c478bdstevel@tonic-gate	if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
1367c478bdstevel@tonic-gate	    sizeof (audit_info)) < 0)
1377c478bdstevel@tonic-gate		return (au_to_header(e_type, e_mod));
1387c478bdstevel@tonic-gate
1397c478bdstevel@tonic-gate	if (host_info->at_type == AU_IPv6)
1407c478bdstevel@tonic-gate		if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr))
1417c478bdstevel@tonic-gate			return (au_to_header(e_type, e_mod));
1427c478bdstevel@tonic-gate	else
1437c478bdstevel@tonic-gate		if (host_info->at_addr[0] == htonl(INADDR_ANY))
1447c478bdstevel@tonic-gate			return (au_to_header(e_type, e_mod));
1457c478bdstevel@tonic-gate
1467c478bdstevel@tonic-gate#ifdef _LP64
1477c478bdstevel@tonic-gate	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
148b38f097ck	    2 * sizeof (int64_t) + 2 * sizeof (short) +
149b38f097ck	    sizeof (int32_t) + host_info->at_type);
1507c478bdstevel@tonic-gate#else
1517c478bdstevel@tonic-gate	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
1527c478bdstevel@tonic-gate	    2 * sizeof (short) + sizeof (int32_t) + host_info->at_type);
1537c478bdstevel@tonic-gate#endif
1547c478bdstevel@tonic-gate
1557c478bdstevel@tonic-gate	if (token == NULL)
1567c478bdstevel@tonic-gate		return (NULL);
1577c478bdstevel@tonic-gate	adr_start(&adr, token->tt_data);
158da6c28aamw	adr_char(&adr, &data_header, 1);	/* token ID */
159da6c28aamw	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
1607c478bdstevel@tonic-gate	adr_char(&adr, &version, 1);		/* version of audit tokens */
1617c478bdstevel@tonic-gate	adr_short(&adr, &e_type, 1);		/* event ID */
1627c478bdstevel@tonic-gate	adr_short(&adr, &e_mod, 1);		/* event ID modifier */
163b38f097ck	adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
1647c478bdstevel@tonic-gate	adr_char(&adr, (char *)host_info->at_addr,
1657c478bdstevel@tonic-gate	    (int)host_info->at_type);
1667c478bdstevel@tonic-gate#ifdef _LP64
167aa59c4crsb	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
168aa59c4crsb#else
169aa59c4crsb	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
170aa59c4crsb#endif
171aa59c4crsb	return (token);
172aa59c4crsb}
173aa59c4crsb
174aa59c4crsb/*
175aa59c4crsb * au_to_trailer
1767c478bdstevel@tonic-gate * return s:
1777c478bdstevel@tonic-gate *	pointer to a trailer token.
178 */
179token_t *
180au_to_trailer(void)
181{
182	adr_t adr;				/* adr memory stream header */
183	token_t *token;				/* token pointer */
184	char data_header = AUT_TRAILER;		/* header for this token */
185	short magic = (short)AUT_TRAILER_MAGIC;	/* trailer magic number */
186	int32_t byte_count;
187
188	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short));
189	if (token == NULL)
190		return (NULL);
191	adr_start(&adr, token->tt_data);
192	adr_char(&adr, &data_header, 1);	/* token ID */
193	adr_short(&adr, &magic, 1);		/* magic number */
194	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
195
196	return (token);
197}
198
199/*
200 * au_to_arg32
201 * return s:
202 *	pointer to an argument token.
203 */
204token_t *
205au_to_arg32(char n, char *text, uint32_t v)
206{
207	token_t *token;			/* local token */
208	adr_t adr;			/* adr memory stream header */
209	char data_header = AUT_ARG32;	/* header for this token */
210	short bytes;			/* length of string */
211
212	bytes = strlen(text) + 1;
213
214	token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) +
215	    sizeof (short) + bytes));
216	if (token == NULL)
217		return (NULL);
218	adr_start(&adr, token->tt_data);
219	adr_char(&adr, &data_header, 1);	/* token type */
220	adr_char(&adr, &n, 1);			/* argument id */
221	adr_int32(&adr, (int32_t *)&v, 1);	/* argument value */
222	adr_short(&adr, &bytes, 1);
223	adr_char(&adr, text, bytes);
224
225	return (token);
226}
227
228/*
229 * au_to_arg64
230 * return s:
231 *	pointer to an argument token.
232 */
233token_t *
234au_to_arg64(char n, char *text, uint64_t v)
235{
236	token_t *token;			/* local token */
237	adr_t adr;			/* adr memory stream header */
238	char data_header = AUT_ARG64;	/* header for this token */
239	short bytes;			/* length of string */
240
241	bytes = strlen(text) + 1;
242
243	token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) +
244	    sizeof (short) + bytes));
245	if (token == NULL)
246		return (NULL);
247	adr_start(&adr, token->tt_data);
248	adr_char(&adr, &data_header, 1);	/* token type */
249	adr_char(&adr, &n, 1);			/* argument id */
250	adr_int64(&adr, (int64_t *)&v, 1);	/* argument value */
251	adr_short(&adr, &bytes, 1);
252	adr_char(&adr, text, bytes);
253
254	return (token);
255}
256
257
258/*
259 * au_to_attr
260 * return s:
261 *	pointer to an attribute token.
262 */
263token_t *
264au_to_attr(struct vattr *attr)
265{
266	token_t *token;			/* local token */
267	adr_t adr;			/* adr memory stream header */
268	int32_t value;
269#ifdef _LP64
270	char data_header = AUT_ATTR64;	/* header for this token */
271
272	token = get_token(sizeof (char) +
273	    sizeof (int32_t) * 4 +
274	    sizeof (int64_t) * 2);
275#else
276	char data_header = AUT_ATTR32;
277
278	token = get_token(sizeof (char) + sizeof (int32_t) * 5 +
279	    sizeof (int64_t));
280#endif
281
282	if (token == NULL)
283		return (NULL);
284	adr_start(&adr, token->tt_data);
285	adr_char(&adr, &data_header, 1);
286	value = (int32_t)attr->va_mode;
287	adr_int32(&adr, &value, 1);
288	value = (int32_t)attr->va_uid;
289	adr_int32(&adr, &value, 1);
290	value = (int32_t)attr->va_gid;
291	adr_int32(&adr, &value, 1);
292	adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
293	adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
294#ifdef _LP64
295	adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
296#else
297	adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
298#endif
299
300	return (token);
301}
302
303/*
304 * au_to_data
305 * return s:
306 *	pointer to a data token.
307 */
308token_t *
309au_to_data(char unit_print, char unit_type, char unit_count, char *p)
310{
311	adr_t adr;			/* adr memory stream header */
312	token_t *token;			/* token pointer */
313	char data_header = AUT_DATA;	/* header for this token */
314	int byte_count;			/* number of bytes */
315
316	if (p == NULL || unit_count < 1)
317		return (NULL);
318
319	/*
320	 * Check validity of print type
321	 */
322	if (unit_print < AUP_BINARY || unit_print > AUP_STRING)
323		return (NULL);
324
325	switch (unit_type) {
326	case AUR_SHORT:
327		byte_count = unit_count * sizeof (short);
328		break;
329	case AUR_INT32:
330		byte_count = unit_count * sizeof (int32_t);
331		break;
332	case AUR_INT64:
333		byte_count = unit_count * sizeof (int64_t);
334		break;
335	/* case AUR_CHAR: */
336	case AUR_BYTE:
337		byte_count = unit_count * sizeof (char);
338		break;
339	default:
340		return (NULL);
341	}
342
343	token = get_token((int)(4 * sizeof (char) + byte_count));
344	if (token == NULL)
345		return (NULL);
346	adr_start(&adr, token->tt_data);
347	adr_char(&adr, &data_header, 1);
348	adr_char(&adr, &unit_print, 1);
349	adr_char(&adr, &unit_type, 1);
350	adr_char(&adr, &unit_count, 1);
351
352	switch (unit_type) {
353	case AUR_SHORT:
354		/* LINTED */
355		adr_short(&adr, (short *)p, unit_count);
356		break;
357	case AUR_INT32:
358		/* LINTED */
359		adr_int32(&adr, (int32_t *)p, unit_count);
360		break;
361	case AUR_INT64:
362		/* LINTED */
363		adr_int64(&adr, (int64_t *)p, unit_count);
364		break;
365	/* case AUR_CHAR: */
366	case AUR_BYTE:
367		adr_char(&adr, p, unit_count);
368		break;
369	}
370
371	return (token);
372}
373
374/*
375 * au_to_privset
376 *
377 * priv_type (LIMIT, INHERIT...) is the first string and privilege
378 * in translated into the second string.  The format is as follows:
379 *
380 *	token id	adr_char
381 *	priv type	adr_string (short, string)
382 *	priv set	adr_string (short, string)
383 *
384 * return s:
385 *	pointer to a AUT_PRIV token.
386 */
387token_t *
388au_to_privset(const char *priv_type, const priv_set_t *privilege)
389{
390	token_t	*token;			/* local token */
391	adr_t	adr;			/* adr memory stream header */
392	char	data_header = AUT_PRIV;	/* header for this token */
393	short	t_bytes;		/* length of type string */
394	short	p_bytes;		/* length of privilege string */
395	char	*priv_string;		/* privilege string */
396
397	t_bytes = strlen(priv_type) + 1;
398
399	if ((privilege == NULL) || (priv_string =
400	    priv_set_to_str(privilege, ',',
401	    PRIV_STR_LIT)) == NULL)
402		return (NULL);
403
404	p_bytes = strlen(priv_string) + 1;
405
406	token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes
407	    + p_bytes));
408	if (token == NULL)
409		return (NULL);
410
411	adr_start(&adr, token->tt_data);
412	adr_char(&adr, &data_header, 1);
413	adr_short(&adr, &t_bytes, 1);
414	adr_char(&adr, (char *)priv_type, t_bytes);
415	adr_short(&adr, &p_bytes, 1);
416	adr_char(&adr, priv_string, p_bytes);
417
418	free(priv_string);
419
420	return (token);
421}
422
423/*
424 * au_to_process
425 * return s:
426 *	pointer to a process token.
427 */
428
429token_t *
430au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
431    pid_t pid, au_asid_t sid, au_tid_t *tid)
432{
433	token_t *token;			/* local token */
434	adr_t adr;			/* adr memory stream header */
435#ifdef _LP64
436	char data_header = AUT_PROCESS64;	/* header for this token */
437
438	token = get_token(sizeof (char) + 8 * sizeof (int32_t) +
439	    sizeof (int64_t));
440#else
441	char data_header = AUT_PROCESS32;
442
443	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
444#endif
445
446	if (token == NULL)
447		return (NULL);
448	adr_start(&adr, token->tt_data);
449	adr_char(&adr, &data_header, 1);
450	adr_int32(&adr, (int32_t *)&auid, 1);
451	adr_int32(&adr, (int32_t *)&euid, 1);
452	adr_int32(&adr, (int32_t *)&egid, 1);
453	adr_int32(&adr, (int32_t *)&ruid, 1);
454	adr_int32(&adr, (int32_t *)&rgid, 1);
455	adr_int32(&adr, (int32_t *)&pid, 1);
456	adr_int32(&adr, (int32_t *)&sid, 1);
457#ifdef _LP64
458	adr_int64(&adr, (int64_t *)&tid->port, 1);
459#else
460	adr_int32(&adr, (int32_t *)&tid->port, 1);
461#endif
462	adr_int32(&adr, (int32_t *)&tid->machine, 1);
463
464	return (token);
465}
466
467/*
468 * au_to_process_ex
469 * return s:
470 *	pointer to a process_ex token.
471 */
472token_t *
473au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
474    pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
475{
476	token_t *token;			/* local token */
477	adr_t adr;			/* adr memory stream header */
478	char data_header;		/* header for this token */
479
480#ifdef _LP64
481	if (tid->at_type == AU_IPv6) {
482		data_header = AUT_PROCESS64_EX;
483		token = get_token(sizeof (char) + sizeof (int64_t) +
484		    12 * sizeof (int32_t));
485	} else {
486		data_header = AUT_PROCESS64;
487		token = get_token(sizeof (char) + sizeof (int64_t) +
488		    8 * sizeof (int32_t));
489	}
490#else
491	if (tid->at_type == AU_IPv6) {
492		data_header = AUT_PROCESS32_EX;
493		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
494	} else {
495		data_header = AUT_PROCESS32;
496		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
497	}
498#endif
499	if (token == NULL)
500		return (NULL);
501	adr_start(&adr, token->tt_data);
502	adr_char(&adr, &data_header, 1);
503	adr_int32(&adr, (int32_t *)&auid, 1);
504	adr_int32(&adr, (int32_t *)&euid, 1);
505	adr_int32(&adr, (int32_t *)&egid, 1);
506	adr_int32(&adr, (int32_t *)&ruid, 1);
507	adr_int32(&adr, (int32_t *)&rgid, 1);
508	adr_int32(&adr, (int32_t *)&pid, 1);
509	adr_int32(&adr, (int32_t *)&sid, 1);
510#ifdef _LP64
511	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
512#else
513	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
514#endif
515	if (tid->at_type == AU_IPv6) {
516		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
517		adr_char(&adr, (char *)tid->at_addr, 16);
518	} else {
519		adr_char(&adr, (char *)tid->at_addr, 4);
520	}
521
522	return (token);
523}
524
525/*
526 * au_to_seq
527 * return s:
528 *	pointer to token chain containing a sequence token
529 */
530token_t *
531au_to_seq(int audit_count)
532{
533	token_t *token;			/* local token */
534	adr_t adr;			/* adr memory stream header */
535	char data_header = AUT_SEQ;	/* header for this token */
536
537	token = get_token(sizeof (char) + sizeof (int32_t));
538	if (token == NULL)
539		return (NULL);
540	adr_start(&adr, token->tt_data);
541	adr_char(&adr, &data_header, 1);
542	adr_int32(&adr, (int32_t *)&audit_count, 1);
543
544	return (token);
545}
546
547/*
548 * au_to_socket
549 * return s:
550 *	pointer to mbuf chain containing a socket token.
551 */
552token_t *
553au_to_socket(struct oldsocket *so)
554{
555	adr_t adr;
556	token_t *token;
557	char data_header = AUT_SOCKET;
558	struct inpcb *inp = so->so_pcb;
559
560	token = get_token(sizeof (char) + sizeof (short) * 3 +
561	    sizeof (int32_t) * 2);
562	if (token == NULL)
563		return (NULL);
564	adr_start(&adr, token->tt_data);
565	adr_char(&adr, &data_header, 1);
566	adr_short(&adr, (short *)&so->so_type, 1);
567	adr_short(&adr, (short *)&inp->inp_lport, 1);
568	adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1);
569	adr_short(&adr, (short *)&inp->inp_fport, 1);
570	adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1);
571
572	return (token);
573}
574
575/*
576 * au_to_subject
577 * return s:
578 *	pointer to a process token.
579 */
580
581token_t *
582au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
583    pid_t pid, au_asid_t sid, au_tid_t *tid)
584{
585	token_t *token;			/* local token */
586	adr_t adr;			/* adr memory stream header */
587#ifdef _LP64
588	char data_header = AUT_SUBJECT64;	/* header for this token */
589
590	token = get_token(sizeof (char) + sizeof (int64_t) +
591	    8 * sizeof (int32_t));
592#else
593	char data_header = AUT_SUBJECT32;
594
595	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
596#endif
597
598	if (token == NULL)
599		return (NULL);
600	adr_start(&adr, token->tt_data);
601	adr_char(&adr, &data_header, 1);
602	adr_int32(&adr, (int32_t *)&auid, 1);
603	adr_int32(&adr, (int32_t *)&euid, 1);
604	adr_int32(&adr, (int32_t *)&egid, 1);
605	adr_int32(&adr, (int32_t *)&ruid, 1);
606	adr_int32(&adr, (int32_t *)&rgid, 1);
607	adr_int32(&adr, (int32_t *)&pid, 1);
608	adr_int32(&adr, (int32_t *)&sid, 1);
609#ifdef _LP64
610	adr_int64(&adr, (int64_t *)&tid->port, 1);
611#else
612	adr_int32(&adr, (int32_t *)&tid->port, 1);
613#endif
614	adr_int32(&adr, (int32_t *)&tid->machine, 1);
615
616	return (token);
617}
618
619/*
620 * au_to_subject_ex
621 * return s:
622 *	pointer to a process token.
623 */
624
625token_t *
626au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
627    pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
628{
629	token_t *token;			/* local token */
630	adr_t adr;			/* adr memory stream header */
631#ifdef _LP64
632	char data_header;		/* header for this token */
633
634	if (tid->at_type == AU_IPv6) {
635		data_header = AUT_SUBJECT64_EX;
636		token = get_token(sizeof (char) + sizeof (int64_t) +
637		    12 * sizeof (int32_t));
638	} else {
639		data_header = AUT_SUBJECT64;
640		token = get_token(sizeof (char) + sizeof (int64_t) +
641		    8 * sizeof (int32_t));
642	}
643#else
644	char data_header;		/* header for this token */
645
646	if (tid->at_type == AU_IPv6) {
647		data_header = AUT_SUBJECT32_EX;
648		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
649	} else {
650		data_header = AUT_SUBJECT32;
651		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
652	}
653#endif
654
655	if (token == NULL)
656		return (NULL);
657	adr_start(&adr, token->tt_data);
658	adr_char(&adr, &data_header, 1);
659	adr_int32(&adr, (int32_t *)&auid, 1);
660	adr_int32(&adr, (int32_t *)&euid, 1);
661	adr_int32(&adr, (int32_t *)&egid, 1);
662	adr_int32(&adr, (int32_t *)&ruid, 1);
663	adr_int32(&adr, (int32_t *)&rgid, 1);
664	adr_int32(&adr, (int32_t *)&pid, 1);
665	adr_int32(&adr, (int32_t *)&sid, 1);
666#ifdef _LP64
667	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
668#else
669	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
670#endif
671	if (tid->at_type == AU_IPv6) {
672		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
673		adr_char(&adr, (char *)tid->at_addr, 16);
674	} else {
675		adr_char(&adr, (char *)tid->at_addr, 4);
676	}
677
678	return (token);
679}
680
681/*
682 * au_to_me
683 * return s:
684 *	pointer to a process token.
685 */
686
687token_t *
688au_to_me(void)
689{
690	auditinfo_addr_t info;
691
692	if (getaudit_addr(&info, sizeof (info)))
693		return (NULL);
694	return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(),
695	    getgid(), getpid(), info.ai_asid, &info.ai_termid));
696}
697/*
698 * au_to_text
699 * return s:
700 *	pointer to a text token.
701 */
702token_t *
703au_to_text(char *text)
704{
705	token_t *token;			/* local token */
706	adr_t adr;			/* adr memory stream header */
707	char data_header = AUT_TEXT;	/* header for this token */
708	short bytes;			/* length of string */
709
710	bytes = strlen(text) + 1;
711	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
712	if (token == NULL)
713		return (NULL);
714	adr_start(&adr, token->tt_data);
715	adr_char(&adr, &data_header, 1);
716	adr_short(&adr, &bytes, 1);
717	adr_char(&adr, text, bytes);
718
719	return (token);
720}
721
722/*
723 * au_to_path
724 * return s:
725 *	pointer to a path token.
726 */
727token_t *
728au_to_path(char *path)
729{
730	token_t *token;			/* local token */
731	adr_t adr;			/* adr memory stream header */
732	char data_header = AUT_PATH;	/* header for this token */
733	short bytes;			/* length of string */
734
735	bytes = (short)strlen(path) + 1;
736
737	token = get_token((int)(sizeof (char) +  sizeof (short) + bytes));
738	if (token == NULL)
739		return (NULL);
740	adr_start(&adr, token->tt_data);
741	adr_char(&adr, &data_header, 1);
742	adr_short(&adr, &bytes, 1);
743	adr_char(&adr, path, bytes);
744
745	return (token);
746}
747
748/*
749 * au_to_cmd
750 * return s:
751 *	pointer to an command line argument token
752 */
753token_t *
754au_to_cmd(uint_t argc, char **argv, char **envp)
755{
756	token_t *token;			/* local token */
757	adr_t adr;			/* adr memory stream header */
758	char data_header = AUT_CMD;	/* header for this token */
759	short len = 0;
760	short cnt = 0;
761	short envc = 0;
762	short largc = (short)argc;
763
764	/*
765	 * one char for the header, one short for argc,
766	 * one short for # envp strings.
767	 */
768	len = sizeof (char) + sizeof (short) + sizeof (short);
769
770	/* get sizes of strings */
771
772	for (cnt = 0; cnt < argc; cnt++) {
773		len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1);
774	}
775
776	if (envp != NULL) {
777		for (envc = 0; envp[envc] != NULL; envc++) {
778			len += (short)sizeof (short) +
779			    (short)(strlen(envp[envc]) + 1);
780		}
781	}
782
783	token = get_token(len);
784	if (token == NULL)
785		return (NULL);
786
787	adr_start(&adr, token->tt_data);
788	adr_char(&adr, &data_header, 1);
789
790	adr_short(&adr, &largc, 1);
791
792	for (cnt = 0; cnt < argc; cnt++) {
793		len = (short)(strlen(argv[cnt]) + 1);
794		adr_short(&adr, &len, 1);
795		adr_char(&adr, argv[cnt], len);
796	}
797
798	adr_short(&adr, &envc, 1);
799
800	for (cnt = 0; cnt < envc; cnt++) {
801		len = (short)(strlen(envp[cnt]) + 1);
802		adr_short(&adr, &len, 1);
803		adr_char(&adr, envp[cnt], len);
804	}
805
806	return (token);
807}
808
809/*
810 * au_to_exit
811 * return s:
812 *	pointer to a exit value token.
813 */
814token_t *
815au_to_exit(int retval, int err)
816{
817	token_t *token;			/* local token */
818	adr_t adr;			/* adr memory stream header */
819	char data_header = AUT_EXIT;	/* header for this token */
820
821	token = get_token(sizeof (char) + (2 * sizeof (int32_t)));
822	if (token == NULL)
823		return (NULL);
824	adr_start(&adr, token->tt_data);
825	adr_char(&adr, &data_header, 1);
826	adr_int32(&adr, (int32_t *)&retval, 1);
827	adr_int32(&adr, (int32_t *)&err, 1);
828
829	return (token);
830}
831
832/*
833 * au_to_return
834 * return s:
835 *	pointer to a return  value token.
836 */
837token_t *
838au_to_return32(char number, uint32_t value)
839{
840	token_t *token;				/* local token */
841	adr_t adr;				/* adr memory stream header */
842	char data_header = AUT_RETURN32;	/* header for this token */
843
844	token = get_token(2 * sizeof (char) + sizeof (int32_t));
845	if (token == NULL)
846		return (NULL);
847	adr_start(&adr, token->tt_data);
848	adr_char(&adr, &data_header, 1);
849	adr_char(&adr, &number, 1);
850	adr_int32(&adr, (int32_t *)&value, 1);
851
852	return (token);
853}
854
855/*
856 * au_to_return
857 * return s:
858 *	pointer to a return  value token.
859 */
860token_t *
861au_to_return64(char number, uint64_t value)
862{
863	token_t *token;				/* local token */
864	adr_t adr;				/* adr memory stream header */
865	char data_header = AUT_RETURN64;	/* header for this token */
866
867	token = get_token(2 * sizeof (char) + sizeof (int64_t));
868	if (token == NULL)
869		return (NULL);
870	adr_start(&adr, token->tt_data);
871	adr_char(&adr, &data_header, 1);
872	adr_char(&adr, &number, 1);
873	adr_int64(&adr, (int64_t *)&value, 1);
874
875	return (token);
876}
877
878
879/*
880 * au_to_opaque
881 * return s:
882 *	pointer to a opaque token.
883 */
884token_t *
885au_to_opaque(char *opaque, short bytes)
886{
887	token_t *token;			/* local token */
888	adr_t adr;			/* adr memory stream header */
889	char data_header = AUT_OPAQUE;	/* header for this token */
890
891	if (bytes < 1)
892		return (NULL);
893
894	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
895	if (token == NULL)
896		return (NULL);
897	adr_start(&adr, token->tt_data);
898	adr_char(&adr, &data_header, 1);
899	adr_short(&adr, &bytes, 1);
900	adr_char(&adr, opaque, bytes);
901
902	return (token);
903}
904
905/*
906 * au_to_in_addr
907 * return s:
908 *	pointer to a internet address token
909 */
910token_t *
911au_to_in_addr(struct in_addr *internet_addr)
912{
913	token_t *token;			/* local token */
914	adr_t adr;			/* adr memory stream header */
915	char data_header = AUT_IN_ADDR;	/* header for this token */
916
917	token = get_token(sizeof (char) + sizeof (uint32_t));
918	if (token == NULL)
919		return (NULL);
920	adr_start(&adr, token->tt_data);
921	adr_char(&adr, &data_header, 1);
922	adr_int32(&adr, (int32_t *)internet_addr, 1);
923
924	return (token);
925}
926
927/*
928 * au_to_iport
929 * return s:
930 *	pointer to token chain containing a ip port address token
931 */
932token_t *
933au_to_iport(ushort_t iport)
934{
935	token_t *token;			/* local token */
936	adr_t adr;			/* adr memory stream header */
937	char data_header = AUT_IPORT;	/* header for this token */
938
939	token = get_token(sizeof (char) + sizeof (short));
940	if (token == NULL)
941		return (NULL);
942	adr_start(&adr, token->tt_data);
943	adr_char(&adr, &data_header, 1);
944	adr_short(&adr, (short *)&iport, 1);
945
946	return (token);
947}
948
949token_t *
950au_to_ipc(char type, int id)
951{
952	token_t *token;			/* local token */
953	adr_t adr;			/* adr memory stream header */
954	char data_header = AUT_IPC;	/* header for this token */
955
956	token = get_token((2 * sizeof (char)) + sizeof (int32_t));
957	if (token == NULL)
958		return (NULL);
959	adr_start(&adr, token->tt_data);
960	adr_char(&adr, &data_header, 1);
961	adr_char(&adr, &type, 1);
962	adr_int32(&adr, (int32_t *)&id, 1);
963
964	return (token);
965}
966
967/*
968 * au_to_tid
969 *
970 * output format depends on type; at present only IP v4 and v6 addresses
971 * are defined.
972 *
973 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type,
974 *		32 bit IP address.
975 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type,
976 *		4 x 32 bit IP address.
977 *
978 */
979token_t *
980au_to_tid(au_generic_tid_t *tid)
981{
982	char		data_header = AUT_TID;	/* header for this token */
983	adr_t		adr;			/* adr memory stream header */
984	token_t		*token;			/* local token */
985	au_ip_t		*ip;
986
987	switch (tid->gt_type) {
988	case AU_IPADR:
989		ip = &(tid->gt_adr.at_ip);
990		token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) +
991			sizeof (uint32_t) + ip->at_type));
992		if (token == NULL)
993			return (NULL);
994
995		adr_start(&adr, token->tt_data);
996		adr_char(&adr, &data_header, 1);
997		adr_char(&adr, (char *)&(tid->gt_type), 1);
998		adr_short(&adr, (short *)&(ip->at_r_port), 1);
999		adr_short(&adr, (short *)&(ip->at_l_port), 1);
1000		adr_int32(&adr, (int32_t *)&(ip->at_type), 1);
1001
1002		adr_char(&adr, (char *)ip->at_addr, ip->at_type);
1003
1004		break;
1005	default:
1006		return (NULL);
1007	}
1008	return (token);
1009}
1010
1011/*
1012 * The Modifier tokens
1013 */
1014
1015/*
1016 * au_to_groups
1017 * return s:
1018 *	pointer to a group list token.
1019 *
1020 * This function is obsolete.  Please use au_to_newgroups.
1021 */
1022token_t *
1023au_to_groups(int *groups)
1024{
1025	token_t *token;			/* local token */
1026	adr_t adr;			/* adr memory stream header */
1027	char data_header = AUT_GROUPS;	/* header for this token */
1028
1029	token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t));
1030	if (token == NULL)
1031		return (NULL);
1032	adr_start(&adr, token->tt_data);
1033	adr_char(&adr, &data_header, 1);
1034	adr_int32(&adr, (int32_t *)groups, NGROUPS);
1035
1036	return (token);
1037}
1038
1039/*
1040 * au_to_newgroups
1041 * return s:
1042 *	pointer to a group list token.
1043 */
1044token_t *
1045au_to_newgroups(int n, gid_t *groups)
1046{
1047	token_t *token;			/* local token */
1048	adr_t adr;			/* adr memory stream header */
1049	char data_header = AUT_NEWGROUPS;	/* header for this token */
1050	short n_groups;
1051
1052	if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL)
1053		return (NULL);
1054	token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t));
1055	if (token == NULL)
1056		return (NULL);
1057	n_groups = (short)n;
1058	adr_start(&adr, token->tt_data);
1059	adr_char(&adr, &data_header, 1);
1060	adr_short(&adr, &n_groups, 1);
1061	adr_int32(&adr, (int32_t *)groups, n_groups);
1062
1063	return (token);
1064}
1065
1066/*
1067 * au_to_exec_args
1068 * returns:
1069 *	pointer to an exec args token.
1070 */
1071token_t *
1072au_to_exec_args(char **argv)
1073{
1074	return (au_to_exec(argv, AUT_EXEC_ARGS));
1075}
1076
1077/*
1078 * au_to_exec_env
1079 * returns:
1080 *	pointer to an exec args token.
1081 */
1082token_t *
1083au_to_exec_env(char **envp)
1084{
1085	return (au_to_exec(envp, AUT_EXEC_ENV));
1086}
1087
1088/*
1089 * au_to_exec
1090 * returns:
1091 *	pointer to an exec args token.
1092 */
1093static token_t *
1094au_to_exec(char **v, char data_header)
1095{
1096	token_t *token;
1097	adr_t adr;
1098	char **p;
1099	int32_t n = 0;
1100	int len = 0;
1101
1102	for (p = v; *p != NULL; p++) {
1103		len += strlen(*p) + 1;
1104		n++;
1105	}
1106	token = get_token(sizeof (char) + sizeof (int32_t) + len);
1107	if (token == (token_t *)NULL)
1108		return ((token_t *)NULL);
1109	adr_start(&adr, token->tt_data);
1110	adr_char(&adr, &data_header, 1);
1111	adr_int32(&adr, &n, 1);
1112	for (p = v; *p != NULL; p++) {
1113		adr_char(&adr, *p, strlen(*p) + 1);
1114	}
1115	return (token);
1116}
1117
1118/*
1119 * au_to_uauth
1120 * return s:
1121 *	pointer to a uauth token.
1122 */
1123token_t *
1124au_to_uauth(char *text)
1125{
1126	token_t *token;			/* local token */
1127	adr_t adr;			/* adr memory stream header */
1128	char data_header = AUT_UAUTH;	/* header for this token */
1129	short bytes;			/* length of string */
1130
1131	bytes = strlen(text) + 1;
1132
1133	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1134	if (token == NULL)
1135		return (NULL);
1136	adr_start(&adr, token->tt_data);
1137	adr_char(&adr, &data_header, 1);
1138	adr_short(&adr, &bytes, 1);
1139	adr_char(&adr, text, bytes);
1140
1141	return (token);
1142}
1143
1144/*
1145 * au_to_xatom
1146 * return s:
1147 *	pointer to a xatom token.
1148 */
1149token_t *
1150au_to_xatom(ushort_t len, char *atom)
1151{
1152	token_t *token;			/* local token */
1153	adr_t adr;			/* adr memory stream header */
1154	char data_header = AUT_XATOM;	/* header for this token */
1155
1156	token = get_token((int)(sizeof (char) + sizeof (ushort_t) + len));
1157	if (token == NULL)
1158		return (NULL);
1159	adr_start(&adr, token->tt_data);
1160	adr_char(&adr, &data_header, 1);
1161	adr_short(&adr, (short *)&len, 1);
1162	adr_char(&adr, atom, len);
1163
1164	return (token);
1165}
1166
1167/*
1168 * au_to_xproto
1169 * return s:
1170 *	pointer to a X protocol token.
1171 */
1172token_t *
1173au_to_xproto(pid_t pid)
1174{
1175	token_t *token;			/* local token */
1176	adr_t adr;			/* adr memory stream header */
1177	char data_header = AUT_XPROTO;	/* header for this token */
1178	int32_t v = pid;
1179
1180	token = get_token(sizeof (char) + sizeof (int32_t));
1181	if (token == NULL)
1182		return (NULL);
1183	adr_start(&adr, token->tt_data);
1184	adr_char(&adr, &data_header, 1);
1185	adr_int32(&adr, &v, 1);
1186
1187	return (token);
1188}
1189
1190/*
1191 * au_to_xobj
1192 * return s:
1193 *	pointer to a X object token.
1194 */
1195token_t *
1196au_to_xobj(int oid, int xid, int cuid)
1197{
1198	token_t *token;			/* local token */
1199	adr_t adr;			/* adr memory stream header */
1200	char data_header = AUT_XOBJ;	/* header for this token */
1201
1202	token = get_token(sizeof (char) + 3 * sizeof (int32_t));
1203	if (token == NULL)
1204		return (NULL);
1205	adr_start(&adr, token->tt_data);
1206	adr_char(&adr, &data_header, 1);
1207	adr_int32(&adr, (int32_t *)&oid, 1);
1208	adr_int32(&adr, (int32_t *)&xid, 1);
1209	adr_int32(&adr, (int32_t *)&cuid, 1);
1210
1211	return (token);
1212}
1213
1214/*
1215 * au_to_xselect
1216 * return s:
1217 *	pointer to a X select token.
1218 */
1219token_t *
1220au_to_xselect(char *pstring, char *type, short dlen, char *data)
1221{
1222	token_t *token;			/* local token */
1223	adr_t adr;			/* adr memory stream header */
1224	char data_header = AUT_XSELECT;	/* header for this token */
1225	short bytes;
1226
1227	bytes = strlen(pstring) + strlen(type) + 2 + dlen;
1228	token = get_token((int)(sizeof (char) + sizeof (short) * 3 + bytes));
1229	if (token == NULL)
1230		return (NULL);
1231	adr_start(&adr, token->tt_data);
1232	adr_char(&adr, &data_header, 1);
1233	bytes = strlen(pstring) + 1;
1234	adr_short(&adr, &bytes, 1);
1235	adr_char(&adr, pstring, bytes);
1236	bytes = strlen(type) + 1;
1237	adr_short(&adr, &bytes, 1);
1238	adr_char(&adr, type, bytes);
1239	adr_short(&adr, &dlen, 1);
1240	adr_char(&adr, data, dlen);
1241	return (token);
1242}
1243
1244/*
1245 * au_to_zonename
1246 * return s:
1247 *	pointer to a zonename token.
1248 */
1249token_t *
1250au_to_zonename(char *name)
1251{
1252	token_t *token;			/* local token */
1253	adr_t adr;			/* adr memory stream header */
1254	char data_header = AUT_ZONENAME;	/* header for this token */
1255	short bytes;			/* length of string */
1256
1257	if (name == NULL)
1258		return (NULL);
1259
1260	bytes = strlen(name) + 1;
1261	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1262	if (token == NULL)
1263		return (NULL);
1264	adr_start(&adr, token->tt_data);
1265	adr_char(&adr, &data_header, 1);
1266	adr_short(&adr, &bytes, 1);
1267	adr_char(&adr, name, bytes);
1268
1269	return (token);
1270}
1271