xref: /illumos-gate/usr/src/lib/libbsm/common/au_to.c (revision 047f6e6f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #include <sys/types.h>
28 #include <unistd.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/libbsm.h>
32 #include <priv.h>
33 #include <sys/ipc.h>
34 #include <sys/param.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #include <sys/vnode.h>
38 #include <malloc.h>
39 #include <net/route.h>
40 #include <netinet/in.h>
41 #include <netinet/in_pcb.h>
42 #include <string.h>
43 #include <ucred.h>
44 #include <zone.h>
45 #include <sys/tsol/label.h>
46 
47 #define	NGROUPS		16	/* XXX - temporary */
48 
49 token_t *au_to_arg(char n, char *text, uint32_t v);
50 #pragma weak au_to_arg = au_to_arg32
51 token_t *au_to_return(char number, uint32_t value);
52 #pragma weak au_to_return = au_to_return32
53 
54 static token_t *au_to_exec(char **, char);
55 
56 static token_t *
get_token(int s)57 get_token(int s)
58 {
59 	token_t *token;	/* Resultant token */
60 
61 	if ((token = (token_t *)malloc(sizeof (token_t))) == NULL)
62 		return (NULL);
63 	if ((token->tt_data = malloc(s)) == NULL) {
64 		free(token);
65 		return (NULL);
66 	}
67 	token->tt_size = s;
68 	token->tt_next = NULL;
69 	return (token);
70 }
71 
72 /*
73  * au_to_header
74  * return s:
75  *	pointer to header token.
76  */
77 token_t *
au_to_header(au_event_t e_type,au_emod_t e_mod)78 au_to_header(au_event_t e_type, au_emod_t e_mod)
79 {
80 	adr_t adr;			/* adr memory stream header */
81 	token_t *token;			/* token pointer */
82 	char version = TOKEN_VERSION;	/* version of token family */
83 	int32_t byte_count;
84 	struct timeval tv;
85 #ifdef _LP64
86 	char data_header = AUT_HEADER64;	/* header for this token */
87 
88 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
89 	    2 * sizeof (int64_t) + 2 * sizeof (short));
90 #else
91 	char data_header = AUT_HEADER32;
92 
93 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
94 	    2 * sizeof (short));
95 #endif
96 
97 	if (token == NULL)
98 		return (NULL);
99 	adr_start(&adr, token->tt_data);
100 	adr_char(&adr, &data_header, 1);	/* token ID */
101 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
102 	adr_char(&adr, &version, 1);		/* version of audit tokens */
103 	adr_ushort(&adr, &e_type, 1);		/* event ID */
104 	adr_ushort(&adr, &e_mod, 1);		/* event ID modifier */
105 #ifdef _LP64
106 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
107 #else
108 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
109 #endif
110 	return (token);
111 }
112 
113 /*
114  * au_to_header_ex
115  * return s:
116  *	pointer to header token.
117  */
118 token_t *
au_to_header_ex(au_event_t e_type,au_emod_t e_mod)119 au_to_header_ex(au_event_t e_type, au_emod_t e_mod)
120 {
121 	adr_t adr;			/* adr memory stream header */
122 	token_t *token;			/* token pointer */
123 	char version = TOKEN_VERSION;	/* version of token family */
124 	int32_t byte_count;
125 	struct timeval tv;
126 	auditinfo_addr_t audit_info;
127 	au_tid_addr_t	*host_info = &audit_info.ai_termid;
128 #ifdef _LP64
129 	char data_header = AUT_HEADER64_EX;	/* header for this token */
130 #else
131 	char data_header = AUT_HEADER32_EX;
132 #endif
133 
134 	/* If our host address can't be determined, revert to un-extended hdr */
135 
136 	if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
137 	    sizeof (audit_info)) < 0)
138 		return (au_to_header(e_type, e_mod));
139 
140 	if (host_info->at_type == AU_IPv6)
141 		if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr))
142 			return (au_to_header(e_type, e_mod));
143 	else
144 		if (host_info->at_addr[0] == htonl(INADDR_ANY))
145 			return (au_to_header(e_type, e_mod));
146 
147 #ifdef _LP64
148 	token = get_token(2 * sizeof (char) + sizeof (int32_t) +
149 	    2 * sizeof (int64_t) + 2 * sizeof (short) +
150 	    sizeof (int32_t) + host_info->at_type);
151 #else
152 	token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
153 	    2 * sizeof (short) + sizeof (int32_t) + host_info->at_type);
154 #endif
155 
156 	if (token == NULL)
157 		return (NULL);
158 	adr_start(&adr, token->tt_data);
159 	adr_char(&adr, &data_header, 1);	/* token ID */
160 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
161 	adr_char(&adr, &version, 1);		/* version of audit tokens */
162 	adr_ushort(&adr, &e_type, 1);		/* event ID */
163 	adr_ushort(&adr, &e_mod, 1);		/* event ID modifier */
164 	adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
165 	adr_char(&adr, (char *)host_info->at_addr,
166 	    (int)host_info->at_type);
167 #ifdef _LP64
168 	adr_int64(&adr, (int64_t *)&tv, 2);	/* time & date */
169 #else
170 	adr_int32(&adr, (int32_t *)&tv, 2);	/* time & date */
171 #endif
172 	return (token);
173 }
174 
175 /*
176  * au_to_trailer
177  * return s:
178  *	pointer to a trailer token.
179  */
180 token_t *
au_to_trailer(void)181 au_to_trailer(void)
182 {
183 	adr_t adr;				/* adr memory stream header */
184 	token_t *token;				/* token pointer */
185 	char data_header = AUT_TRAILER;		/* header for this token */
186 	short magic = (short)AUT_TRAILER_MAGIC;	/* trailer magic number */
187 	int32_t byte_count;
188 
189 	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short));
190 	if (token == NULL)
191 		return (NULL);
192 	adr_start(&adr, token->tt_data);
193 	adr_char(&adr, &data_header, 1);	/* token ID */
194 	adr_short(&adr, &magic, 1);		/* magic number */
195 	adr_int32(&adr, &byte_count, 1);	/* length of audit record */
196 
197 	return (token);
198 }
199 
200 /*
201  * au_to_arg32
202  * return s:
203  *	pointer to an argument token.
204  */
205 token_t *
au_to_arg32(char n,char * text,uint32_t v)206 au_to_arg32(char n, char *text, uint32_t v)
207 {
208 	token_t *token;			/* local token */
209 	adr_t adr;			/* adr memory stream header */
210 	char data_header = AUT_ARG32;	/* header for this token */
211 	short bytes;			/* length of string */
212 
213 	bytes = strlen(text) + 1;
214 
215 	token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) +
216 	    sizeof (short) + bytes));
217 	if (token == NULL)
218 		return (NULL);
219 	adr_start(&adr, token->tt_data);
220 	adr_char(&adr, &data_header, 1);	/* token type */
221 	adr_char(&adr, &n, 1);			/* argument id */
222 	adr_int32(&adr, (int32_t *)&v, 1);	/* argument value */
223 	adr_short(&adr, &bytes, 1);
224 	adr_char(&adr, text, bytes);
225 
226 	return (token);
227 }
228 
229 /*
230  * au_to_arg64
231  * return s:
232  *	pointer to an argument token.
233  */
234 token_t *
au_to_arg64(char n,char * text,uint64_t v)235 au_to_arg64(char n, char *text, uint64_t v)
236 {
237 	token_t *token;			/* local token */
238 	adr_t adr;			/* adr memory stream header */
239 	char data_header = AUT_ARG64;	/* header for this token */
240 	short bytes;			/* length of string */
241 
242 	bytes = strlen(text) + 1;
243 
244 	token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) +
245 	    sizeof (short) + bytes));
246 	if (token == NULL)
247 		return (NULL);
248 	adr_start(&adr, token->tt_data);
249 	adr_char(&adr, &data_header, 1);	/* token type */
250 	adr_char(&adr, &n, 1);			/* argument id */
251 	adr_int64(&adr, (int64_t *)&v, 1);	/* argument value */
252 	adr_short(&adr, &bytes, 1);
253 	adr_char(&adr, text, bytes);
254 
255 	return (token);
256 }
257 
258 
259 /*
260  * au_to_attr
261  * return s:
262  *	pointer to an attribute token.
263  */
264 token_t *
au_to_attr(struct vattr * attr)265 au_to_attr(struct vattr *attr)
266 {
267 	token_t *token;			/* local token */
268 	adr_t adr;			/* adr memory stream header */
269 	int32_t value;
270 #ifdef _LP64
271 	char data_header = AUT_ATTR64;	/* header for this token */
272 
273 	token = get_token(sizeof (char) +
274 	    sizeof (int32_t) * 4 +
275 	    sizeof (int64_t) * 2);
276 #else
277 	char data_header = AUT_ATTR32;
278 
279 	token = get_token(sizeof (char) + sizeof (int32_t) * 5 +
280 	    sizeof (int64_t));
281 #endif
282 
283 	if (token == NULL)
284 		return (NULL);
285 	adr_start(&adr, token->tt_data);
286 	adr_char(&adr, &data_header, 1);
287 	value = (int32_t)attr->va_mode;
288 	adr_int32(&adr, &value, 1);
289 	value = (int32_t)attr->va_uid;
290 	adr_int32(&adr, &value, 1);
291 	value = (int32_t)attr->va_gid;
292 	adr_int32(&adr, &value, 1);
293 	adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
294 	adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
295 #ifdef _LP64
296 	adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
297 #else
298 	adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
299 #endif
300 
301 	return (token);
302 }
303 
304 /*
305  * au_to_data
306  * return s:
307  *	pointer to a data token.
308  */
309 token_t *
au_to_data(char unit_print,char unit_type,char unit_count,char * p)310 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
311 {
312 	adr_t adr;			/* adr memory stream header */
313 	token_t *token;			/* token pointer */
314 	char data_header = AUT_DATA;	/* header for this token */
315 	int byte_count;			/* number of bytes */
316 
317 	if (p == NULL || unit_count < 1)
318 		return (NULL);
319 
320 	/*
321 	 * Check validity of print type
322 	 */
323 	if (unit_print < AUP_BINARY || unit_print > AUP_STRING)
324 		return (NULL);
325 
326 	switch (unit_type) {
327 	case AUR_SHORT:
328 		byte_count = unit_count * sizeof (short);
329 		break;
330 	case AUR_INT32:
331 		byte_count = unit_count * sizeof (int32_t);
332 		break;
333 	case AUR_INT64:
334 		byte_count = unit_count * sizeof (int64_t);
335 		break;
336 	/* case AUR_CHAR: */
337 	case AUR_BYTE:
338 		byte_count = unit_count * sizeof (char);
339 		break;
340 	default:
341 		return (NULL);
342 	}
343 
344 	token = get_token((int)(4 * sizeof (char) + byte_count));
345 	if (token == NULL)
346 		return (NULL);
347 	adr_start(&adr, token->tt_data);
348 	adr_char(&adr, &data_header, 1);
349 	adr_char(&adr, &unit_print, 1);
350 	adr_char(&adr, &unit_type, 1);
351 	adr_char(&adr, &unit_count, 1);
352 
353 	switch (unit_type) {
354 	case AUR_SHORT:
355 		/* LINTED */
356 		adr_short(&adr, (short *)p, unit_count);
357 		break;
358 	case AUR_INT32:
359 		/* LINTED */
360 		adr_int32(&adr, (int32_t *)p, unit_count);
361 		break;
362 	case AUR_INT64:
363 		/* LINTED */
364 		adr_int64(&adr, (int64_t *)p, unit_count);
365 		break;
366 	/* case AUR_CHAR: */
367 	case AUR_BYTE:
368 		adr_char(&adr, p, unit_count);
369 		break;
370 	}
371 
372 	return (token);
373 }
374 
375 /*
376  * au_to_privset
377  *
378  * priv_type (LIMIT, INHERIT...) is the first string and privilege
379  * in translated into the second string.  The format is as follows:
380  *
381  *	token id	adr_char
382  *	priv type	adr_string (short, string)
383  *	priv set	adr_string (short, string)
384  *
385  * return s:
386  *	pointer to a AUT_PRIV token.
387  */
388 token_t *
au_to_privset(const char * priv_type,const priv_set_t * privilege)389 au_to_privset(const char *priv_type, const priv_set_t *privilege)
390 {
391 	token_t	*token;			/* local token */
392 	adr_t	adr;			/* adr memory stream header */
393 	char	data_header = AUT_PRIV;	/* header for this token */
394 	short	t_bytes;		/* length of type string */
395 	short	p_bytes;		/* length of privilege string */
396 	char	*priv_string;		/* privilege string */
397 
398 	t_bytes = strlen(priv_type) + 1;
399 
400 	if ((privilege == NULL) || (priv_string =
401 	    priv_set_to_str(privilege, ',',
402 	    PRIV_STR_LIT)) == NULL)
403 		return (NULL);
404 
405 	p_bytes = strlen(priv_string) + 1;
406 
407 	token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes
408 	    + p_bytes));
409 	if (token == NULL)
410 		return (NULL);
411 
412 	adr_start(&adr, token->tt_data);
413 	adr_char(&adr, &data_header, 1);
414 	adr_short(&adr, &t_bytes, 1);
415 	adr_char(&adr, (char *)priv_type, t_bytes);
416 	adr_short(&adr, &p_bytes, 1);
417 	adr_char(&adr, priv_string, p_bytes);
418 
419 	free(priv_string);
420 
421 	return (token);
422 }
423 
424 /*
425  * au_to_process
426  * return s:
427  *	pointer to a process token.
428  */
429 
430 token_t *
au_to_process(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)431 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
432     pid_t pid, au_asid_t sid, au_tid_t *tid)
433 {
434 	token_t *token;			/* local token */
435 	adr_t adr;			/* adr memory stream header */
436 #ifdef _LP64
437 	char data_header = AUT_PROCESS64;	/* header for this token */
438 
439 	token = get_token(sizeof (char) + 8 * sizeof (int32_t) +
440 	    sizeof (int64_t));
441 #else
442 	char data_header = AUT_PROCESS32;
443 
444 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
445 #endif
446 
447 	if (token == NULL)
448 		return (NULL);
449 	adr_start(&adr, token->tt_data);
450 	adr_char(&adr, &data_header, 1);
451 	adr_int32(&adr, (int32_t *)&auid, 1);
452 	adr_int32(&adr, (int32_t *)&euid, 1);
453 	adr_int32(&adr, (int32_t *)&egid, 1);
454 	adr_int32(&adr, (int32_t *)&ruid, 1);
455 	adr_int32(&adr, (int32_t *)&rgid, 1);
456 	adr_int32(&adr, (int32_t *)&pid, 1);
457 	adr_int32(&adr, (int32_t *)&sid, 1);
458 #ifdef _LP64
459 	adr_int64(&adr, (int64_t *)&tid->port, 1);
460 #else
461 	adr_int32(&adr, (int32_t *)&tid->port, 1);
462 #endif
463 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
464 
465 	return (token);
466 }
467 
468 /*
469  * au_to_process_ex
470  * return s:
471  *	pointer to a process_ex token.
472  */
473 token_t *
au_to_process_ex(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_addr_t * tid)474 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
475     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
476 {
477 	token_t *token;			/* local token */
478 	adr_t adr;			/* adr memory stream header */
479 	char data_header;		/* header for this token */
480 
481 #ifdef _LP64
482 	if (tid->at_type == AU_IPv6) {
483 		data_header = AUT_PROCESS64_EX;
484 		token = get_token(sizeof (char) + sizeof (int64_t) +
485 		    12 * sizeof (int32_t));
486 	} else {
487 		data_header = AUT_PROCESS64;
488 		token = get_token(sizeof (char) + sizeof (int64_t) +
489 		    8 * sizeof (int32_t));
490 	}
491 #else
492 	if (tid->at_type == AU_IPv6) {
493 		data_header = AUT_PROCESS32_EX;
494 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
495 	} else {
496 		data_header = AUT_PROCESS32;
497 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
498 	}
499 #endif
500 	if (token == NULL)
501 		return (NULL);
502 	adr_start(&adr, token->tt_data);
503 	adr_char(&adr, &data_header, 1);
504 	adr_int32(&adr, (int32_t *)&auid, 1);
505 	adr_int32(&adr, (int32_t *)&euid, 1);
506 	adr_int32(&adr, (int32_t *)&egid, 1);
507 	adr_int32(&adr, (int32_t *)&ruid, 1);
508 	adr_int32(&adr, (int32_t *)&rgid, 1);
509 	adr_int32(&adr, (int32_t *)&pid, 1);
510 	adr_int32(&adr, (int32_t *)&sid, 1);
511 #ifdef _LP64
512 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
513 #else
514 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
515 #endif
516 	if (tid->at_type == AU_IPv6) {
517 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
518 		adr_char(&adr, (char *)tid->at_addr, 16);
519 	} else {
520 		adr_char(&adr, (char *)tid->at_addr, 4);
521 	}
522 
523 	return (token);
524 }
525 
526 /*
527  * au_to_seq
528  * return s:
529  *	pointer to token chain containing a sequence token
530  */
531 token_t *
au_to_seq(int audit_count)532 au_to_seq(int audit_count)
533 {
534 	token_t *token;			/* local token */
535 	adr_t adr;			/* adr memory stream header */
536 	char data_header = AUT_SEQ;	/* header for this token */
537 
538 	token = get_token(sizeof (char) + sizeof (int32_t));
539 	if (token == NULL)
540 		return (NULL);
541 	adr_start(&adr, token->tt_data);
542 	adr_char(&adr, &data_header, 1);
543 	adr_int32(&adr, (int32_t *)&audit_count, 1);
544 
545 	return (token);
546 }
547 
548 /*
549  * au_to_socket
550  * return s:
551  *	pointer to mbuf chain containing a socket token.
552  */
553 token_t *
au_to_socket(struct oldsocket * so)554 au_to_socket(struct oldsocket *so)
555 {
556 	adr_t adr;
557 	token_t *token;
558 	char data_header = AUT_SOCKET;
559 	struct inpcb *inp = so->so_pcb;
560 
561 	token = get_token(sizeof (char) + sizeof (short) * 3 +
562 	    sizeof (int32_t) * 2);
563 	if (token == NULL)
564 		return (NULL);
565 	adr_start(&adr, token->tt_data);
566 	adr_char(&adr, &data_header, 1);
567 	adr_short(&adr, (short *)&so->so_type, 1);
568 	adr_short(&adr, (short *)&inp->inp_lport, 1);
569 	adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1);
570 	adr_short(&adr, (short *)&inp->inp_fport, 1);
571 	adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1);
572 
573 	return (token);
574 }
575 
576 /*
577  * au_to_subject
578  * return s:
579  *	pointer to a process token.
580  */
581 
582 token_t *
au_to_subject(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)583 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
584     pid_t pid, au_asid_t sid, au_tid_t *tid)
585 {
586 	token_t *token;			/* local token */
587 	adr_t adr;			/* adr memory stream header */
588 #ifdef _LP64
589 	char data_header = AUT_SUBJECT64;	/* header for this token */
590 
591 	token = get_token(sizeof (char) + sizeof (int64_t) +
592 	    8 * sizeof (int32_t));
593 #else
594 	char data_header = AUT_SUBJECT32;
595 
596 	token = get_token(sizeof (char) + 9 * sizeof (int32_t));
597 #endif
598 
599 	if (token == NULL)
600 		return (NULL);
601 	adr_start(&adr, token->tt_data);
602 	adr_char(&adr, &data_header, 1);
603 	adr_int32(&adr, (int32_t *)&auid, 1);
604 	adr_int32(&adr, (int32_t *)&euid, 1);
605 	adr_int32(&adr, (int32_t *)&egid, 1);
606 	adr_int32(&adr, (int32_t *)&ruid, 1);
607 	adr_int32(&adr, (int32_t *)&rgid, 1);
608 	adr_int32(&adr, (int32_t *)&pid, 1);
609 	adr_int32(&adr, (int32_t *)&sid, 1);
610 #ifdef _LP64
611 	adr_int64(&adr, (int64_t *)&tid->port, 1);
612 #else
613 	adr_int32(&adr, (int32_t *)&tid->port, 1);
614 #endif
615 	adr_int32(&adr, (int32_t *)&tid->machine, 1);
616 
617 	return (token);
618 }
619 
620 /*
621  * au_to_subject_ex
622  * return s:
623  *	pointer to a process token.
624  */
625 
626 token_t *
au_to_subject_ex(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_addr_t * tid)627 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
628     pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
629 {
630 	token_t *token;			/* local token */
631 	adr_t adr;			/* adr memory stream header */
632 #ifdef _LP64
633 	char data_header;		/* header for this token */
634 
635 	if (tid->at_type == AU_IPv6) {
636 		data_header = AUT_SUBJECT64_EX;
637 		token = get_token(sizeof (char) + sizeof (int64_t) +
638 		    12 * sizeof (int32_t));
639 	} else {
640 		data_header = AUT_SUBJECT64;
641 		token = get_token(sizeof (char) + sizeof (int64_t) +
642 		    8 * sizeof (int32_t));
643 	}
644 #else
645 	char data_header;		/* header for this token */
646 
647 	if (tid->at_type == AU_IPv6) {
648 		data_header = AUT_SUBJECT32_EX;
649 		token = get_token(sizeof (char) + 13 * sizeof (int32_t));
650 	} else {
651 		data_header = AUT_SUBJECT32;
652 		token = get_token(sizeof (char) + 9 * sizeof (int32_t));
653 	}
654 #endif
655 
656 	if (token == NULL)
657 		return (NULL);
658 	adr_start(&adr, token->tt_data);
659 	adr_char(&adr, &data_header, 1);
660 	adr_int32(&adr, (int32_t *)&auid, 1);
661 	adr_int32(&adr, (int32_t *)&euid, 1);
662 	adr_int32(&adr, (int32_t *)&egid, 1);
663 	adr_int32(&adr, (int32_t *)&ruid, 1);
664 	adr_int32(&adr, (int32_t *)&rgid, 1);
665 	adr_int32(&adr, (int32_t *)&pid, 1);
666 	adr_int32(&adr, (int32_t *)&sid, 1);
667 #ifdef _LP64
668 	adr_int64(&adr, (int64_t *)&tid->at_port, 1);
669 #else
670 	adr_int32(&adr, (int32_t *)&tid->at_port, 1);
671 #endif
672 	if (tid->at_type == AU_IPv6) {
673 		adr_int32(&adr, (int32_t *)&tid->at_type, 1);
674 		adr_char(&adr, (char *)tid->at_addr, 16);
675 	} else {
676 		adr_char(&adr, (char *)tid->at_addr, 4);
677 	}
678 
679 	return (token);
680 }
681 
682 /*
683  * au_to_me
684  * return s:
685  *	pointer to a process token.
686  */
687 
688 token_t *
au_to_me(void)689 au_to_me(void)
690 {
691 	auditinfo_addr_t info;
692 
693 	if (getaudit_addr(&info, sizeof (info)))
694 		return (NULL);
695 	return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(),
696 	    getgid(), getpid(), info.ai_asid, &info.ai_termid));
697 }
698 /*
699  * au_to_text
700  * return s:
701  *	pointer to a text token.
702  */
703 token_t *
au_to_text(char * text)704 au_to_text(char *text)
705 {
706 	token_t *token;			/* local token */
707 	adr_t adr;			/* adr memory stream header */
708 	char data_header = AUT_TEXT;	/* header for this token */
709 	short bytes;			/* length of string */
710 
711 	bytes = strlen(text) + 1;
712 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
713 	if (token == NULL)
714 		return (NULL);
715 	adr_start(&adr, token->tt_data);
716 	adr_char(&adr, &data_header, 1);
717 	adr_short(&adr, &bytes, 1);
718 	adr_char(&adr, text, bytes);
719 
720 	return (token);
721 }
722 
723 /*
724  * au_to_path
725  * return s:
726  *	pointer to a path token.
727  */
728 token_t *
au_to_path(char * path)729 au_to_path(char *path)
730 {
731 	token_t *token;			/* local token */
732 	adr_t adr;			/* adr memory stream header */
733 	char data_header = AUT_PATH;	/* header for this token */
734 	short bytes;			/* length of string */
735 
736 	bytes = (short)strlen(path) + 1;
737 
738 	token = get_token((int)(sizeof (char) +  sizeof (short) + bytes));
739 	if (token == NULL)
740 		return (NULL);
741 	adr_start(&adr, token->tt_data);
742 	adr_char(&adr, &data_header, 1);
743 	adr_short(&adr, &bytes, 1);
744 	adr_char(&adr, path, bytes);
745 
746 	return (token);
747 }
748 
749 /*
750  * au_to_cmd
751  * return s:
752  *	pointer to an command line argument token
753  */
754 token_t *
au_to_cmd(uint_t argc,char ** argv,char ** envp)755 au_to_cmd(uint_t argc, char **argv, char **envp)
756 {
757 	token_t *token;			/* local token */
758 	adr_t adr;			/* adr memory stream header */
759 	char data_header = AUT_CMD;	/* header for this token */
760 	short len = 0;
761 	short cnt = 0;
762 	short envc = 0;
763 	short largc = (short)argc;
764 
765 	/*
766 	 * one char for the header, one short for argc,
767 	 * one short for # envp strings.
768 	 */
769 	len = sizeof (char) + sizeof (short) + sizeof (short);
770 
771 	/* get sizes of strings */
772 
773 	for (cnt = 0; cnt < argc; cnt++) {
774 		len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1);
775 	}
776 
777 	if (envp != NULL) {
778 		for (envc = 0; envp[envc] != NULL; envc++) {
779 			len += (short)sizeof (short) +
780 			    (short)(strlen(envp[envc]) + 1);
781 		}
782 	}
783 
784 	token = get_token(len);
785 	if (token == NULL)
786 		return (NULL);
787 
788 	adr_start(&adr, token->tt_data);
789 	adr_char(&adr, &data_header, 1);
790 
791 	adr_short(&adr, &largc, 1);
792 
793 	for (cnt = 0; cnt < argc; cnt++) {
794 		len = (short)(strlen(argv[cnt]) + 1);
795 		adr_short(&adr, &len, 1);
796 		adr_char(&adr, argv[cnt], len);
797 	}
798 
799 	adr_short(&adr, &envc, 1);
800 
801 	for (cnt = 0; cnt < envc; cnt++) {
802 		len = (short)(strlen(envp[cnt]) + 1);
803 		adr_short(&adr, &len, 1);
804 		adr_char(&adr, envp[cnt], len);
805 	}
806 
807 	return (token);
808 }
809 
810 /*
811  * au_to_exit
812  * return s:
813  *	pointer to a exit value token.
814  */
815 token_t *
au_to_exit(int retval,int err)816 au_to_exit(int retval, int err)
817 {
818 	token_t *token;			/* local token */
819 	adr_t adr;			/* adr memory stream header */
820 	char data_header = AUT_EXIT;	/* header for this token */
821 
822 	token = get_token(sizeof (char) + (2 * sizeof (int32_t)));
823 	if (token == NULL)
824 		return (NULL);
825 	adr_start(&adr, token->tt_data);
826 	adr_char(&adr, &data_header, 1);
827 	adr_int32(&adr, (int32_t *)&retval, 1);
828 	adr_int32(&adr, (int32_t *)&err, 1);
829 
830 	return (token);
831 }
832 
833 /*
834  * au_to_return
835  * return s:
836  *	pointer to a return  value token.
837  */
838 token_t *
au_to_return32(char number,uint32_t value)839 au_to_return32(char number, uint32_t value)
840 {
841 	token_t *token;				/* local token */
842 	adr_t adr;				/* adr memory stream header */
843 	char data_header = AUT_RETURN32;	/* header for this token */
844 
845 	token = get_token(2 * sizeof (char) + sizeof (int32_t));
846 	if (token == NULL)
847 		return (NULL);
848 	adr_start(&adr, token->tt_data);
849 	adr_char(&adr, &data_header, 1);
850 	adr_char(&adr, &number, 1);
851 	adr_int32(&adr, (int32_t *)&value, 1);
852 
853 	return (token);
854 }
855 
856 /*
857  * au_to_return
858  * return s:
859  *	pointer to a return  value token.
860  */
861 token_t *
au_to_return64(char number,uint64_t value)862 au_to_return64(char number, uint64_t value)
863 {
864 	token_t *token;				/* local token */
865 	adr_t adr;				/* adr memory stream header */
866 	char data_header = AUT_RETURN64;	/* header for this token */
867 
868 	token = get_token(2 * sizeof (char) + sizeof (int64_t));
869 	if (token == NULL)
870 		return (NULL);
871 	adr_start(&adr, token->tt_data);
872 	adr_char(&adr, &data_header, 1);
873 	adr_char(&adr, &number, 1);
874 	adr_int64(&adr, (int64_t *)&value, 1);
875 
876 	return (token);
877 }
878 
879 
880 /*
881  * au_to_opaque
882  * return s:
883  *	pointer to a opaque token.
884  */
885 token_t *
au_to_opaque(char * opaque,short bytes)886 au_to_opaque(char *opaque, short bytes)
887 {
888 	token_t *token;			/* local token */
889 	adr_t adr;			/* adr memory stream header */
890 	char data_header = AUT_OPAQUE;	/* header for this token */
891 
892 	if (bytes < 1)
893 		return (NULL);
894 
895 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
896 	if (token == NULL)
897 		return (NULL);
898 	adr_start(&adr, token->tt_data);
899 	adr_char(&adr, &data_header, 1);
900 	adr_short(&adr, &bytes, 1);
901 	adr_char(&adr, opaque, bytes);
902 
903 	return (token);
904 }
905 
906 /*
907  * au_to_in_addr
908  * return s:
909  *	pointer to an internet address token
910  */
911 token_t *
au_to_in_addr(struct in_addr * internet_addr)912 au_to_in_addr(struct in_addr *internet_addr)
913 {
914 	token_t *token;			/* local token */
915 	adr_t adr;			/* adr memory stream header */
916 	char data_header = AUT_IN_ADDR;	/* header for this token */
917 
918 	token = get_token(sizeof (char) + sizeof (struct in_addr));
919 	if (token == NULL)
920 		return (NULL);
921 	adr_start(&adr, token->tt_data);
922 	adr_char(&adr, &data_header, 1);
923 	adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
924 
925 	return (token);
926 }
927 
928 /*
929  * au_to_in_addr_ex
930  * return s:
931  *	pointer to an internet extended token
932  */
933 token_t *
au_to_in_addr_ex(struct in6_addr * addr)934 au_to_in_addr_ex(struct in6_addr *addr)
935 {
936 	token_t *token;
937 	adr_t adr;
938 
939 	if (IN6_IS_ADDR_V4MAPPED(addr)) {
940 		ipaddr_t in4;
941 
942 		/*
943 		 * An IPv4-mapped IPv6 address is really an IPv4 address
944 		 * in IPv6 format.
945 		 */
946 
947 		IN6_V4MAPPED_TO_IPADDR(addr, in4);
948 		return (au_to_in_addr((struct in_addr *)&in4));
949 
950 	} else {
951 		char data_header = AUT_IN_ADDR_EX;
952 		int32_t	type = AU_IPv6;
953 
954 		if ((token = get_token(sizeof (char) + sizeof (int32_t) +
955 		    sizeof (struct in6_addr))) == NULL) {
956 			return (NULL);
957 		}
958 
959 		adr_start(&adr, token->tt_data);
960 		adr_char(&adr, &data_header, 1);
961 		adr_int32(&adr, &type, 1);
962 		adr_char(&adr, (char *)addr, sizeof (struct in6_addr));
963 	}
964 
965 	return (token);
966 }
967 
968 /*
969  * au_to_iport
970  * return s:
971  *	pointer to token chain containing a ip port address token
972  */
973 token_t *
au_to_iport(ushort_t iport)974 au_to_iport(ushort_t iport)
975 {
976 	token_t *token;			/* local token */
977 	adr_t adr;			/* adr memory stream header */
978 	char data_header = AUT_IPORT;	/* header for this token */
979 
980 	token = get_token(sizeof (char) + sizeof (short));
981 	if (token == NULL)
982 		return (NULL);
983 	adr_start(&adr, token->tt_data);
984 	adr_char(&adr, &data_header, 1);
985 	adr_short(&adr, (short *)&iport, 1);
986 
987 	return (token);
988 }
989 
990 token_t *
au_to_ipc(char type,int id)991 au_to_ipc(char type, int id)
992 {
993 	token_t *token;			/* local token */
994 	adr_t adr;			/* adr memory stream header */
995 	char data_header = AUT_IPC;	/* header for this token */
996 
997 	token = get_token((2 * sizeof (char)) + sizeof (int32_t));
998 	if (token == NULL)
999 		return (NULL);
1000 	adr_start(&adr, token->tt_data);
1001 	adr_char(&adr, &data_header, 1);
1002 	adr_char(&adr, &type, 1);
1003 	adr_int32(&adr, (int32_t *)&id, 1);
1004 
1005 	return (token);
1006 }
1007 
1008 /*
1009  * au_to_tid
1010  *
1011  * output format depends on type; at present only IP v4 and v6 addresses
1012  * are defined.
1013  *
1014  * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type,
1015  *		32 bit IP address.
1016  * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type,
1017  *		4 x 32 bit IP address.
1018  *
1019  */
1020 token_t *
au_to_tid(au_generic_tid_t * tid)1021 au_to_tid(au_generic_tid_t *tid)
1022 {
1023 	char		data_header = AUT_TID;	/* header for this token */
1024 	adr_t		adr;			/* adr memory stream header */
1025 	token_t		*token;			/* local token */
1026 	au_ip_t		*ip;
1027 
1028 	switch (tid->gt_type) {
1029 	case AU_IPADR:
1030 		ip = &(tid->gt_adr.at_ip);
1031 		token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) +
1032 		    sizeof (uint32_t) + ip->at_type));
1033 		if (token == NULL)
1034 			return (NULL);
1035 
1036 		adr_start(&adr, token->tt_data);
1037 		adr_char(&adr, &data_header, 1);
1038 		adr_char(&adr, (char *)&(tid->gt_type), 1);
1039 		adr_short(&adr, (short *)&(ip->at_r_port), 1);
1040 		adr_short(&adr, (short *)&(ip->at_l_port), 1);
1041 		adr_int32(&adr, (int32_t *)&(ip->at_type), 1);
1042 
1043 		adr_char(&adr, (char *)ip->at_addr, ip->at_type);
1044 
1045 		break;
1046 	default:
1047 		return (NULL);
1048 	}
1049 	return (token);
1050 }
1051 
1052 /*
1053  * The Modifier tokens
1054  */
1055 
1056 /*
1057  * au_to_groups
1058  * return s:
1059  *	pointer to a group list token.
1060  *
1061  * This function is obsolete.  Please use au_to_newgroups.
1062  */
1063 token_t *
au_to_groups(int * groups)1064 au_to_groups(int *groups)
1065 {
1066 	token_t *token;			/* local token */
1067 	adr_t adr;			/* adr memory stream header */
1068 	char data_header = AUT_GROUPS;	/* header for this token */
1069 
1070 	token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t));
1071 	if (token == NULL)
1072 		return (NULL);
1073 	adr_start(&adr, token->tt_data);
1074 	adr_char(&adr, &data_header, 1);
1075 	adr_int32(&adr, (int32_t *)groups, NGROUPS);
1076 
1077 	return (token);
1078 }
1079 
1080 /*
1081  * au_to_newgroups
1082  * return s:
1083  *	pointer to a group list token.
1084  */
1085 token_t *
au_to_newgroups(int n,gid_t * groups)1086 au_to_newgroups(int n, gid_t *groups)
1087 {
1088 	token_t *token;			/* local token */
1089 	adr_t adr;			/* adr memory stream header */
1090 	char data_header = AUT_NEWGROUPS;	/* header for this token */
1091 	short n_groups;
1092 
1093 	if (n < 0 || n > SHRT_MAX || groups == NULL)
1094 		return (NULL);
1095 	token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t));
1096 	if (token == NULL)
1097 		return (NULL);
1098 	n_groups = (short)n;
1099 	adr_start(&adr, token->tt_data);
1100 	adr_char(&adr, &data_header, 1);
1101 	adr_short(&adr, &n_groups, 1);
1102 	adr_int32(&adr, (int32_t *)groups, n_groups);
1103 
1104 	return (token);
1105 }
1106 
1107 /*
1108  * au_to_exec_args
1109  * returns:
1110  *	pointer to an exec args token.
1111  */
1112 token_t *
au_to_exec_args(char ** argv)1113 au_to_exec_args(char **argv)
1114 {
1115 	return (au_to_exec(argv, AUT_EXEC_ARGS));
1116 }
1117 
1118 /*
1119  * au_to_exec_env
1120  * returns:
1121  *	pointer to an exec args token.
1122  */
1123 token_t *
au_to_exec_env(char ** envp)1124 au_to_exec_env(char **envp)
1125 {
1126 	return (au_to_exec(envp, AUT_EXEC_ENV));
1127 }
1128 
1129 /*
1130  * au_to_exec
1131  * returns:
1132  *	pointer to an exec args token.
1133  */
1134 static token_t *
au_to_exec(char ** v,char data_header)1135 au_to_exec(char **v, char data_header)
1136 {
1137 	token_t *token;
1138 	adr_t adr;
1139 	char **p;
1140 	int32_t n = 0;
1141 	int len = 0;
1142 
1143 	for (p = v; *p != NULL; p++) {
1144 		len += strlen(*p) + 1;
1145 		n++;
1146 	}
1147 	token = get_token(sizeof (char) + sizeof (int32_t) + len);
1148 	if (token == (token_t *)NULL)
1149 		return ((token_t *)NULL);
1150 	adr_start(&adr, token->tt_data);
1151 	adr_char(&adr, &data_header, 1);
1152 	adr_int32(&adr, &n, 1);
1153 	for (p = v; *p != NULL; p++) {
1154 		adr_char(&adr, *p, strlen(*p) + 1);
1155 	}
1156 	return (token);
1157 }
1158 
1159 /*
1160  * au_to_uauth
1161  * return s:
1162  *	pointer to a uauth token.
1163  */
1164 token_t *
au_to_uauth(char * text)1165 au_to_uauth(char *text)
1166 {
1167 	token_t *token;			/* local token */
1168 	adr_t adr;			/* adr memory stream header */
1169 	char data_header = AUT_UAUTH;	/* header for this token */
1170 	short bytes;			/* length of string */
1171 
1172 	bytes = strlen(text) + 1;
1173 
1174 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1175 	if (token == NULL)
1176 		return (NULL);
1177 	adr_start(&adr, token->tt_data);
1178 	adr_char(&adr, &data_header, 1);
1179 	adr_short(&adr, &bytes, 1);
1180 	adr_char(&adr, text, bytes);
1181 
1182 	return (token);
1183 }
1184 
1185 /*
1186  * au_to_upriv
1187  * return s:
1188  *	pointer to a use of privilege token.
1189  */
1190 token_t *
au_to_upriv(char sorf,char * priv)1191 au_to_upriv(char sorf, char *priv)
1192 {
1193 	token_t *token;			/* local token */
1194 	adr_t adr;			/* adr memory stream header */
1195 	char data_header = AUT_UAUTH;	/* header for this token */
1196 	short bytes;			/* length of string */
1197 
1198 	bytes = strlen(priv) + 1;
1199 
1200 	token = get_token(sizeof (char) + sizeof (char) + sizeof (short) +
1201 	    bytes);
1202 	if (token == NULL)
1203 		return (NULL);
1204 	adr_start(&adr, token->tt_data);
1205 	adr_char(&adr, &data_header, 1);
1206 	adr_char(&adr, &sorf, 1);	/* success/failure */
1207 	adr_short(&adr, &bytes, 1);
1208 	adr_char(&adr, priv, bytes);
1209 
1210 	return (token);
1211 }
1212 
1213 /*
1214  * au_to_user
1215  * return s:
1216  *	pointer to a user token.
1217  */
1218 token_t *
au_to_user(uid_t uid,char * username)1219 au_to_user(uid_t uid,  char *username)
1220 {
1221 	token_t *token;			/* local token */
1222 	adr_t adr;			/* adr memory stream header */
1223 	char data_header = AUT_USER;	/* header for this token */
1224 	short  bytes;			/* length of string */
1225 
1226 	bytes = (short)strlen(username) + 1;
1227 
1228 	token = get_token(sizeof (char) + sizeof (uid_t) + sizeof (short) +
1229 	    bytes);
1230 	if (token == NULL)
1231 		return (NULL);
1232 	adr_start(&adr, token->tt_data);
1233 	adr_char(&adr, &data_header, 1);
1234 	adr_uid(&adr, &uid, 1);
1235 	adr_short(&adr, &bytes, 1);
1236 	adr_char(&adr, username, bytes);
1237 
1238 	return (token);
1239 }
1240 
1241 /*
1242  * au_to_xatom
1243  * return s:
1244  *	pointer to a xatom token.
1245  */
1246 token_t *
au_to_xatom(char * atom)1247 au_to_xatom(char *atom)
1248 {
1249 	token_t *token;			/* local token */
1250 	adr_t adr;			/* adr memory stream header */
1251 	char data_header = AUT_XATOM;	/* header for this token */
1252 	short len;
1253 
1254 	len = strlen(atom) + 1;
1255 
1256 	token = get_token(sizeof (char) + sizeof (short) + len);
1257 	if (token == NULL)
1258 		return (NULL);
1259 	adr_start(&adr, token->tt_data);
1260 	adr_char(&adr, &data_header, 1);
1261 	adr_short(&adr, (short *)&len, 1);
1262 	adr_char(&adr, atom, len);
1263 
1264 	return (token);
1265 }
1266 
1267 /*
1268  * au_to_xselect
1269  * return s:
1270  *	pointer to a X select token.
1271  */
1272 token_t *
au_to_xselect(char * propname,char * proptype,char * windata)1273 au_to_xselect(char *propname, char *proptype, char *windata)
1274 {
1275 	token_t *token;			/* local token */
1276 	adr_t adr;			/* adr memory stream header */
1277 	char data_header = AUT_XSELECT;	/* header for this token */
1278 	short proplen;
1279 	short typelen;
1280 	short datalen;
1281 
1282 	proplen = strlen(propname) + 1;
1283 	typelen = strlen(proptype) + 1;
1284 	datalen = strlen(windata) + 1;
1285 
1286 	token = get_token(sizeof (char) + (sizeof (short) * 3) +
1287 	    proplen + typelen + datalen);
1288 	if (token == NULL)
1289 		return (NULL);
1290 	adr_start(&adr, token->tt_data);
1291 	adr_char(&adr, &data_header, 1);
1292 	adr_short(&adr, &proplen, 1);
1293 	adr_char(&adr, propname, proplen);
1294 	adr_short(&adr, &typelen, 1);
1295 	adr_char(&adr, proptype, typelen);
1296 	adr_short(&adr, &datalen, 1);
1297 	adr_char(&adr, windata, datalen);
1298 
1299 	return (token);
1300 }
1301 
1302 /*
1303  * x_common
1304  * return s:
1305  *	pointer to a common X token.
1306  */
1307 
1308 static token_t *
x_common(char data_header,int32_t xid,uid_t cuid)1309 x_common(char data_header, int32_t xid, uid_t cuid)
1310 {
1311 	token_t *token;			/* local token */
1312 	adr_t adr;			/* adr memory stream header */
1313 
1314 	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t));
1315 	if (token == NULL)
1316 		return (NULL);
1317 	adr_start(&adr, token->tt_data);
1318 	adr_char(&adr, &data_header, 1);
1319 	adr_int32(&adr, &xid, 1);
1320 	adr_uid(&adr, &cuid, 1);
1321 
1322 	return (token);
1323 }
1324 
1325 /*
1326  * au_to_xcolormap
1327  * return s:
1328  *	pointer to a X Colormap token.
1329  */
1330 
1331 token_t *
au_to_xcolormap(int32_t xid,uid_t cuid)1332 au_to_xcolormap(int32_t xid, uid_t cuid)
1333 {
1334 	return (x_common(AUT_XCOLORMAP, xid, cuid));
1335 }
1336 
1337 /*
1338  * au_to_xcursor
1339  * return s:
1340  *	pointer to a X Cursor token.
1341  */
1342 
1343 token_t *
au_to_xcursor(int32_t xid,uid_t cuid)1344 au_to_xcursor(int32_t xid, uid_t cuid)
1345 {
1346 	return (x_common(AUT_XCURSOR, xid, cuid));
1347 }
1348 
1349 /*
1350  * au_to_xfont
1351  * return s:
1352  *	pointer to a X Font token.
1353  */
1354 
1355 token_t *
au_to_xfont(int32_t xid,uid_t cuid)1356 au_to_xfont(int32_t xid, uid_t cuid)
1357 {
1358 	return (x_common(AUT_XFONT, xid, cuid));
1359 }
1360 
1361 /*
1362  * au_to_xgc
1363  * return s:
1364  *	pointer to a X Graphic Context token.
1365  */
1366 
1367 token_t *
au_to_xgc(int32_t xid,uid_t cuid)1368 au_to_xgc(int32_t xid, uid_t cuid)
1369 {
1370 	return (x_common(AUT_XGC, xid, cuid));
1371 }
1372 
1373 /*
1374  * au_to_xpixmap
1375  * return s:
1376  *	pointer to a X Pixal Map token.
1377  */
1378 
1379 token_t *
au_to_xpixmap(int32_t xid,uid_t cuid)1380 au_to_xpixmap(int32_t xid, uid_t cuid)
1381 {
1382 	return (x_common(AUT_XPIXMAP, xid, cuid));
1383 }
1384 
1385 /*
1386  * au_to_xwindow
1387  * return s:
1388  *	pointer to a X Window token.
1389  */
1390 
1391 token_t *
au_to_xwindow(int32_t xid,uid_t cuid)1392 au_to_xwindow(int32_t xid, uid_t cuid)
1393 {
1394 	return (x_common(AUT_XWINDOW, xid, cuid));
1395 }
1396 
1397 /*
1398  * au_to_xproperty
1399  * return s:
1400  *	pointer to a X Property token.
1401  */
1402 
1403 token_t *
au_to_xproperty(int32_t xid,uid_t cuid,char * propname)1404 au_to_xproperty(int32_t xid, uid_t cuid, char *propname)
1405 {
1406 	token_t *token;			/* local token */
1407 	adr_t adr;			/* adr memory stream header */
1408 	char data_header = AUT_XPROPERTY;	/* header for this token */
1409 	short proplen;
1410 
1411 	proplen = strlen(propname) + 1;
1412 
1413 	token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t) +
1414 	    sizeof (short) + proplen);
1415 	if (token == NULL)
1416 		return (NULL);
1417 	adr_start(&adr, token->tt_data);
1418 	adr_char(&adr, &data_header, 1);
1419 	adr_int32(&adr, &xid, 1);
1420 	adr_uid(&adr, &cuid, 1);
1421 	adr_short(&adr, &proplen, 1);
1422 	adr_char(&adr, propname, proplen);
1423 
1424 	return (token);
1425 }
1426 
1427 /*
1428  * au_to_xclient
1429  * return s:
1430  *	pointer to a X Client token
1431  */
1432 
1433 token_t *
au_to_xclient(uint32_t client)1434 au_to_xclient(uint32_t client)
1435 {
1436 	token_t *token;			/* local token */
1437 	adr_t adr;			/* adr memory stream header */
1438 	char data_header = AUT_XCLIENT;	/* header for this token */
1439 
1440 	token = get_token(sizeof (char) + sizeof (uint32_t));
1441 	if (token == NULL)
1442 		return (NULL);
1443 	adr_start(&adr, token->tt_data);
1444 	adr_char(&adr, &data_header, 1);
1445 	adr_int32(&adr, (int32_t *)&client, 1);
1446 
1447 	return (token);
1448 }
1449 
1450 /*
1451  * au_to_label
1452  * return s:
1453  *	pointer to a label token.
1454  */
1455 token_t *
au_to_label(m_label_t * label)1456 au_to_label(m_label_t *label)
1457 {
1458 	token_t *token;			/* local token */
1459 	adr_t adr;			/* adr memory stream header */
1460 	char data_header = AUT_LABEL;	/* header for this token */
1461 	size32_t llen = blabel_size();
1462 
1463 	token = get_token(sizeof (char) + llen);
1464 	if (token == NULL) {
1465 		return (NULL);
1466 	} else if (label == NULL) {
1467 		free(token);
1468 		return (NULL);
1469 	}
1470 	adr_start(&adr, token->tt_data);
1471 	adr_char(&adr, &data_header, 1);
1472 	adr_char(&adr, (char *)label, llen);
1473 
1474 	return (token);
1475 }
1476 
1477 /*
1478  * au_to_mylabel
1479  * return s:
1480  *	pointer to a label token.
1481  */
1482 token_t *
au_to_mylabel(void)1483 au_to_mylabel(void)
1484 {
1485 	ucred_t		*uc;
1486 	token_t		*token;
1487 
1488 	if ((uc = ucred_get(P_MYID)) == NULL) {
1489 		return (NULL);
1490 	}
1491 
1492 	token = au_to_label(ucred_getlabel(uc));
1493 	ucred_free(uc);
1494 	return (token);
1495 }
1496 
1497 /*
1498  * au_to_zonename
1499  * return s:
1500  *	pointer to a zonename token.
1501  */
1502 token_t *
au_to_zonename(char * name)1503 au_to_zonename(char *name)
1504 {
1505 	token_t *token;			/* local token */
1506 	adr_t adr;			/* adr memory stream header */
1507 	char data_header = AUT_ZONENAME;	/* header for this token */
1508 	short bytes;			/* length of string */
1509 
1510 	if (name == NULL)
1511 		return (NULL);
1512 
1513 	bytes = strlen(name) + 1;
1514 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1515 	if (token == NULL)
1516 		return (NULL);
1517 	adr_start(&adr, token->tt_data);
1518 	adr_char(&adr, &data_header, 1);
1519 	adr_short(&adr, &bytes, 1);
1520 	adr_char(&adr, name, bytes);
1521 
1522 	return (token);
1523 }
1524 
1525 /*
1526  * au_to_fmri
1527  * return s:
1528  *	pointer to a fmri token.
1529  */
1530 token_t *
au_to_fmri(char * fmri)1531 au_to_fmri(char *fmri)
1532 {
1533 	token_t *token;			/* local token */
1534 	adr_t adr;			/* adr memory stream header */
1535 	char data_header = AUT_FMRI;	/* header for this token */
1536 	short bytes;			/* length of string */
1537 
1538 	if (fmri == NULL)
1539 		return (NULL);
1540 
1541 	bytes = strlen(fmri) + 1;
1542 	token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1543 	if (token == NULL)
1544 		return (NULL);
1545 	adr_start(&adr, token->tt_data);
1546 	adr_char(&adr, &data_header, 1);
1547 	adr_short(&adr, &bytes, 1);
1548 	adr_char(&adr, fmri, bytes);
1549 
1550 	return (token);
1551 }
1552