search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kill tsol ("Trusted Solaris") aka TX ("Trusted Extensions")
[unleashed.git] / usr / src / uts / common / c2 / audit_token.c
blobec4582d849d25f32bb60efa242966f96e6b928a3
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Support routines for building audit records.
28 */
29
30 #include <sys/param.h>
31 #include <sys/systm.h> /* for rval */
32 #include <sys/time.h>
33 #include <sys/types.h>
34 #include <sys/vnode.h>
35 #include <sys/mode.h>
36 #include <sys/user.h>
37 #include <sys/session.h>
38 #include <sys/acl.h>
39 #include <sys/ipc_impl.h>
40 #include <netinet/in_systm.h>
41 #include <netinet/in.h>
42 #include <netinet/ip.h>
43 #include <sys/socket.h>
44 #include <net/route.h>
45 #include <netinet/in_pcb.h>
46 #include <c2/audit.h>
47 #include <c2/audit_kernel.h>
48 #include <c2/audit_record.h>
49 #include <sys/model.h> /* for model_t */
50 #include <sys/vmparam.h> /* for USRSTACK/USRSTACK32 */
51 #include <sys/vfs.h> /* for sonode */
52 #include <sys/socketvar.h> /* for sonode */
53 #include <sys/zone.h>
54
55 /*
56 * These are the control tokens
57 */
58
59 /*
60 * au_to_header
61 * returns:
62 * pointer to au_membuf chain containing a header token.
63 */
64 token_t *
65 au_to_header(int byte_count, au_event_t e_type, au_emod_t e_mod)
66 {
67 adr_t adr; /* adr memory stream header */
68 token_t *m; /* au_membuf pointer */
69 #ifdef _LP64
70 char data_header = AUT_HEADER64; /* header for this token */
71 static int64_t zerotime[2];
72 #else
73 char data_header = AUT_HEADER32;
74 static int32_t zerotime[2];
75 #endif
76 char version = TOKEN_VERSION; /* version of token family */
77
78 m = au_getclr();
79
80 adr_start(&adr, memtod(m, char *));
81 adr_char(&adr, &data_header, 1); /* token ID */
82 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
83 /* audit record */
84 adr_char(&adr, &version, 1); /* version of audit tokens */
85 adr_ushort(&adr, &e_type, 1); /* event ID */
86 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
87 #ifdef _LP64
88 adr_int64(&adr, zerotime, 2); /* time & date space */
89 #else
90 adr_int32(&adr, zerotime, 2);
91 #endif
92 m->len = adr_count(&adr);
93
94 return (m);
95 }
96
97 token_t *
98 au_to_header_ex(int byte_count, au_event_t e_type, au_emod_t e_mod)
99 {
100 adr_t adr; /* adr memory stream header */
101 token_t *m; /* au_membuf pointer */
102 au_kcontext_t *kctx = GET_KCTX_PZ;
103
104 #ifdef _LP64
105 char data_header = AUT_HEADER64_EX; /* header for this token */
106 static int64_t zerotime[2];
107 #else
108 char data_header = AUT_HEADER32_EX;
109 static int32_t zerotime[2];
110 #endif
111 char version = TOKEN_VERSION; /* version of token family */
112
113 m = au_getclr();
114
115 adr_start(&adr, memtod(m, char *));
116 adr_char(&adr, &data_header, 1); /* token ID */
117 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
118 /* audit record */
119 adr_char(&adr, &version, 1); /* version of audit tokens */
120 adr_ushort(&adr, &e_type, 1); /* event ID */
121 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
122 adr_uint32(&adr, &kctx->auk_info.ai_termid.at_type, 1);
123 adr_char(&adr, (char *)&kctx->auk_info.ai_termid.at_addr[0],
124 (int)kctx->auk_info.ai_termid.at_type);
125 #ifdef _LP64
126 adr_int64(&adr, zerotime, 2); /* time & date */
127 #else
128 adr_int32(&adr, zerotime, 2);
129 #endif
130 m->len = adr_count(&adr);
131
132 return (m);
133 }
134
135 /*
136 * au_to_trailer
137 * returns:
138 * pointer to au_membuf chain containing a trailer token.
139 */
140 token_t *
141 au_to_trailer(int byte_count)
142 {
143 adr_t adr; /* adr memory stream header */
144 token_t *m; /* au_membuf pointer */
145 char data_header = AUT_TRAILER; /* header for this token */
146 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */
147
148 m = au_getclr();
149
150 adr_start(&adr, memtod(m, char *));
151 adr_char(&adr, &data_header, 1); /* token ID */
152 adr_short(&adr, &magic, 1); /* magic number */
153 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
154 /* audit record */
155
156 m->len = adr_count(&adr);
157
158 return (m);
159 }
160 /*
161 * These are the data tokens
162 */
163
164 /*
165 * au_to_data
166 * returns:
167 * pointer to au_membuf chain containing a data token.
168 */
169 token_t *
170 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
171 {
172 adr_t adr; /* adr memory stream header */
173 token_t *m; /* au_membuf pointer */
174 char data_header = AUT_DATA; /* header for this token */
175
176 ASSERT(p != NULL);
177 ASSERT(unit_count != 0);
178
179 switch (unit_type) {
180 case AUR_SHORT:
181 if (sizeof (short) * unit_count >= AU_BUFSIZE)
182 return (au_to_text("au_to_data: unit count too big"));
183 break;
184 case AUR_INT32:
185 if (sizeof (int32_t) * unit_count >= AU_BUFSIZE)
186 return (au_to_text("au_to_data: unit count too big"));
187 break;
188 case AUR_INT64:
189 if (sizeof (int64_t) * unit_count >= AU_BUFSIZE)
190 return (au_to_text("au_to_data: unit count too big"));
191 break;
192 case AUR_BYTE:
193 default:
194 #ifdef _CHAR_IS_UNSIGNED
195 if (sizeof (char) * unit_count >= AU_BUFSIZE)
196 return (au_to_text("au_to_data: unit count too big"));
197 #endif
198 /*
199 * we used to check for this:
200 * sizeof (char) * (int)unit_count >= AU_BUFSIZE).
201 * but the compiler is smart enough to see that
202 * will never be >= AU_BUFSIZE, since that's 128
203 * and unit_count maxes out at 127 (signed char),
204 * and complain.
205 */
206 break;
207 }
208
209 m = au_getclr();
210
211 adr_start(&adr, memtod(m, char *));
212 adr_char(&adr, &data_header, 1);
213 adr_char(&adr, &unit_print, 1);
214 adr_char(&adr, &unit_type, 1);
215 adr_char(&adr, &unit_count, 1);
216
217 switch (unit_type) {
218 case AUR_SHORT:
219 adr_short(&adr, (short *)p, unit_count);
220 break;
221 case AUR_INT32:
222 adr_int32(&adr, (int32_t *)p, unit_count);
223 break;
224 case AUR_INT64:
225 adr_int64(&adr, (int64_t *)p, unit_count);
226 break;
227 case AUR_BYTE:
228 default:
229 adr_char(&adr, p, unit_count);
230 break;
231 }
232
233 m->len = adr_count(&adr);
234
235 return (m);
236 }
237
238 /*
239 * au_to_process
240 * au_to_subject
241 * returns:
242 * pointer to au_membuf chain containing a process token.
243 */
244 static token_t *au_to_any_process(char, uid_t, gid_t, uid_t, gid_t,
245 pid_t, au_id_t, au_asid_t, const au_tid_addr_t *atid);
246
247 token_t *
248 au_to_process(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
249 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
250 {
251 char data_header;
252
253 #ifdef _LP64
254 if (atid->at_type == AU_IPv6)
255 data_header = AUT_PROCESS64_EX;
256 else
257 data_header = AUT_PROCESS64;
258 #else
259 if (atid->at_type == AU_IPv6)
260 data_header = AUT_PROCESS32_EX;
261 else
262 data_header = AUT_PROCESS32;
263 #endif
264
265 return (au_to_any_process(data_header, uid, gid, ruid,
266 rgid, pid, auid, asid, atid));
267 }
268
269 token_t *
270 au_to_subject(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
271 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
272 {
273 char data_header;
274
275 #ifdef _LP64
276 if (atid->at_type == AU_IPv6)
277 data_header = AUT_SUBJECT64_EX;
278 else
279 data_header = AUT_SUBJECT64;
280 #else
281 if (atid->at_type == AU_IPv6)
282 data_header = AUT_SUBJECT32_EX;
283 else
284 data_header = AUT_SUBJECT32;
285 #endif
286 return (au_to_any_process(data_header, uid, gid, ruid,
287 rgid, pid, auid, asid, atid));
288 }
289
290
291 static token_t *
292 au_to_any_process(char data_header,
293 uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
294 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
295 {
296 token_t *m; /* local au_membuf */
297 adr_t adr; /* adr memory stream header */
298 int32_t value;
299
300 m = au_getclr();
301
302 adr_start(&adr, memtod(m, char *));
303 adr_char(&adr, &data_header, 1);
304 value = (int32_t)auid;
305 adr_int32(&adr, &value, 1);
306 value = (int32_t)uid;
307 adr_int32(&adr, &value, 1);
308 value = (int32_t)gid;
309 adr_int32(&adr, &value, 1);
310 value = (int32_t)ruid;
311 adr_int32(&adr, &value, 1);
312 value = (int32_t)rgid;
313 adr_int32(&adr, &value, 1);
314 value = (int32_t)pid;
315 adr_int32(&adr, &value, 1);
316 value = (int32_t)asid;
317 adr_int32(&adr, &value, 1);
318 #ifdef _LP64
319 adr_int64(&adr, (int64_t *)&(atid->at_port), 1);
320 #else
321 adr_int32(&adr, (int32_t *)&(atid->at_port), 1);
322 #endif
323 if (atid->at_type == AU_IPv6) {
324 adr_uint32(&adr, (uint_t *)&atid->at_type, 1);
325 adr_char(&adr, (char *)&atid->at_addr[0], 16);
326 } else {
327 adr_char(&adr, (char *)&(atid->at_addr[0]), 4);
328 }
329
330 m->len = adr_count(&adr);
331
332 return (m);
333 }
334
335 /*
336 * au_to_text
337 * returns:
338 * pointer to au_membuf chain containing a text token.
339 */
340 token_t *
341 au_to_text(const char *text)
342 {
343 token_t *token; /* local au_membuf */
344 adr_t adr; /* adr memory stream header */
345 char data_header = AUT_TEXT; /* header for this token */
346 short bytes; /* length of string */
347
348 token = au_getclr();
349
350 bytes = (short)strlen(text) + 1;
351 adr_start(&adr, memtod(token, char *));
352 adr_char(&adr, &data_header, 1);
353 adr_short(&adr, &bytes, 1);
354
355 token->len = (char)adr_count(&adr);
356 /*
357 * Now attach the text
358 */
359 (void) au_append_buf(text, bytes, token);
360
361 return (token);
362 }
363
364 /*
365 * au_zonename_length
366 * returns:
367 * - length of zonename token to be generated
368 * - zone name up to ZONENAME_MAX + 1 in length
369 */
370 #define ZONE_TOKEN_OVERHEAD 3
371 /*
372 * the zone token is
373 * token id (1 byte)
374 * string length (2 bytes)
375 * the string (strlen(zonename) + 1)
376 */
377 size_t
378 au_zonename_length(zone_t *zone)
379 {
380 if (zone == NULL)
381 zone = curproc->p_zone;
382 return (strlen(zone->zone_name) + 1 +
383 ZONE_TOKEN_OVERHEAD);
384 }
385
386 /*
387 * au_to_zonename
388 *
389 * A length of zero input to au_to_zonename means the length is not
390 * pre-calculated.
391 *
392 * The caller is responsible for checking the AUDIT_ZONENAME policy
393 * before calling au_zonename_length() and au_to_zonename(). If
394 * the policy changes between the calls, no harm is done, so the
395 * policy only needs to be checked once.
396 *
397 * returns:
398 * pointer to au_membuf chain containing a zonename token; NULL if
399 * policy is off.
400 *
401 * if the zonename token is generated at token generation close time,
402 * the length of the token is already known and it is ASSERTed that
403 * it has not changed. If not precalculated, zone_length must be
404 * zero.
405 */
406 token_t *
407 au_to_zonename(size_t zone_length, zone_t *zone)
408 {
409 token_t *token; /* local au_membuf */
410 adr_t adr; /* adr memory stream header */
411 char data_header = AUT_ZONENAME; /* header for this token */
412 short bytes; /* length of string */
413
414 token = au_getclr();
415
416 if (zone == NULL)
417 zone = curproc->p_zone;
418 bytes = (short)strlen(zone->zone_name) + 1;
419 /*
420 * If zone_length != 0, it was precalculated and is
421 * the token length, not the string length.
422 */
423 ASSERT((zone_length == 0) ||
424 (zone_length == (bytes + ZONE_TOKEN_OVERHEAD)));
425
426 adr_start(&adr, memtod(token, char *));
427 adr_char(&adr, &data_header, 1);
428 adr_short(&adr, &bytes, 1);
429
430 token->len = (char)adr_count(&adr);
431 (void) au_append_buf(zone->zone_name, bytes, token);
432
433 return (token);
434 }
435
436 /*
437 * au_to_strings
438 * returns:
439 * pointer to au_membuf chain containing a strings array token.
440 */
441 token_t *
442 au_to_strings(
443 char header, /* token type */
444 const char *kstrp, /* kernel string pointer */
445 ssize_t count) /* count of arguments */
446 {
447 token_t *token; /* local au_membuf */
448 token_t *m; /* local au_membuf */
449 adr_t adr; /* adr memory stream header */
450 size_t len;
451 int32_t tlen;
452
453 token = au_getclr();
454
455 adr_start(&adr, memtod(token, char *));
456 adr_char(&adr, &header, 1);
457 tlen = (int32_t)count;
458 adr_int32(&adr, &tlen, 1);
459
460 token->len = (char)adr_count(&adr);
461
462 while (count-- > 0) {
463 m = au_getclr();
464 len = strlen(kstrp) + 1;
465 (void) au_append_buf(kstrp, len, m);
466 (void) au_append_rec((token_t *)token, (token_t *)m, AU_PACK);
467 kstrp += len;
468 }
469
470 return (token);
471 }
472
473 /*
474 * au_to_exec_args
475 * returns:
476 * pointer to au_membuf chain containing a argv token.
477 */
478 token_t *
479 au_to_exec_args(const char *kstrp, ssize_t argc)
480 {
481 return (au_to_strings(AUT_EXEC_ARGS, kstrp, argc));
482 }
483
484 /*
485 * au_to_exec_env
486 * returns:
487 * pointer to au_membuf chain containing a arge token.
488 */
489 token_t *
490 au_to_exec_env(const char *kstrp, ssize_t envc)
491 {
492 return (au_to_strings(AUT_EXEC_ENV, kstrp, envc));
493 }
494
495 /*
496 * au_to_arg32
497 * char n; argument # being used
498 * char *text; text describing argument
499 * uint32_t v; argument value
500 * returns:
501 * pointer to au_membuf chain containing an argument token.
502 */
503 token_t *
504 au_to_arg32(char n, char *text, uint32_t v)
505 {
506 token_t *token; /* local au_membuf */
507 adr_t adr; /* adr memory stream header */
508 char data_header = AUT_ARG32; /* header for this token */
509 short bytes; /* length of string */
510
511 token = au_getclr();
512
513 bytes = strlen(text) + 1;
514 adr_start(&adr, memtod(token, char *));
515 adr_char(&adr, &data_header, 1); /* token type */
516 adr_char(&adr, &n, 1); /* argument id */
517 adr_uint32(&adr, &v, 1); /* argument value */
518 adr_short(&adr, &bytes, 1);
519
520 token->len = adr_count(&adr);
521 /*
522 * Now add the description
523 */
524 (void) au_append_buf(text, bytes, token);
525
526 return (token);
527 }
528
529
530 /*
531 * au_to_arg64
532 * char n; argument # being used
533 * char *text; text describing argument
534 * uint64_t v; argument value
535 * returns:
536 * pointer to au_membuf chain containing an argument token.
537 */
538 token_t *
539 au_to_arg64(char n, char *text, uint64_t v)
540 {
541 token_t *token; /* local au_membuf */
542 adr_t adr; /* adr memory stream header */
543 char data_header = AUT_ARG64; /* header for this token */
544 short bytes; /* length of string */
545
546 token = au_getclr();
547
548 bytes = strlen(text) + 1;
549 adr_start(&adr, memtod(token, char *));
550 adr_char(&adr, &data_header, 1); /* token type */
551 adr_char(&adr, &n, 1); /* argument id */
552 adr_uint64(&adr, &v, 1); /* argument value */
553 adr_short(&adr, &bytes, 1);
554
555 token->len = adr_count(&adr);
556 /*
557 * Now the description
558 */
559 (void) au_append_buf(text, bytes, token);
560
561 return (token);
562 }
563
564
565 /*
566 * au_to_path
567 * returns:
568 * pointer to au_membuf chain containing a path token.
569 */
570 token_t *
571 au_to_path(struct audit_path *app)
572 {
573 token_t *token; /* local au_membuf */
574 token_t *m; /* local au_membuf */
575 adr_t adr; /* adr memory stream header */
576 char data_header = AUT_PATH; /* header for this token */
577 short bytes; /* length of string */
578 char *path = app->audp_sect[0];
579
580 bytes = (short)(app->audp_sect[1] - app->audp_sect[0]);
581
582 /*
583 * generate path token header
584 */
585 m = au_getclr();
586 adr_start(&adr, memtod(m, char *));
587 adr_char(&adr, &data_header, 1);
588 adr_short(&adr, &bytes, 1);
589 m->len = adr_count(&adr);
590
591 /* append path string */
592 token = m;
593 (void) au_append_buf(path, bytes, token);
594
595 if (app->audp_cnt > 1) {
596 /* generate attribute path strings token */
597 m = au_to_strings(AUT_XATPATH, app->audp_sect[1],
598 app->audp_cnt - 1);
599
600 token = au_append_token(token, m);
601 }
602
603 return (token);
604 }
605
606 /*
607 * au_to_ipc
608 * returns:
609 * pointer to au_membuf chain containing a System V IPC token.
610 */
611 token_t *
612 au_to_ipc(char type, int id)
613 {
614 token_t *m; /* local au_membuf */
615 adr_t adr; /* adr memory stream header */
616 char data_header = AUT_IPC; /* header for this token */
617
618 m = au_getclr();
619
620 adr_start(&adr, memtod(m, char *));
621 adr_char(&adr, &data_header, 1);
622 adr_char(&adr, &type, 1); /* type of IPC object */
623 adr_int32(&adr, (int32_t *)&id, 1);
624
625 m->len = adr_count(&adr);
626
627 return (m);
628 }
629
630 /*
631 * au_to_return32
632 * returns:
633 * pointer to au_membuf chain containing a return value token.
634 */
635 token_t *
636 au_to_return32(int error, int32_t rv)
637 {
638 token_t *m; /* local au_membuf */
639 adr_t adr; /* adr memory stream header */
640 char data_header = AUT_RETURN32; /* header for this token */
641 int32_t val;
642 char ed = error;
643
644 m = au_getclr();
645
646 adr_start(&adr, memtod(m, char *));
647 adr_char(&adr, &data_header, 1);
648 adr_char(&adr, &ed, 1);
649
650 if (error) {
651 val = -1;
652 adr_int32(&adr, &val, 1);
653 } else {
654 adr_int32(&adr, &rv, 1);
655 }
656 m->len = adr_count(&adr);
657
658 return (m);
659 }
660
661 /*
662 * au_to_return64
663 * returns:
664 * pointer to au_membuf chain containing a return value token.
665 */
666 token_t *
667 au_to_return64(int error, int64_t rv)
668 {
669 token_t *m; /* local au_membuf */
670 adr_t adr; /* adr memory stream header */
671 char data_header = AUT_RETURN64; /* header for this token */
672 int64_t val;
673 char ed = error;
674
675 m = au_getclr();
676
677 adr_start(&adr, memtod(m, char *));
678 adr_char(&adr, &data_header, 1);
679 adr_char(&adr, &ed, 1);
680
681 if (error) {
682 val = -1;
683 adr_int64(&adr, &val, 1);
684 } else {
685 adr_int64(&adr, &rv, 1);
686 }
687 m->len = adr_count(&adr);
688
689 return (m);
690 }
691
692 #ifdef AU_MAY_USE_SOMEDAY
693 /*
694 * au_to_opaque
695 * returns:
696 * pointer to au_membuf chain containing a opaque token.
697 */
698 token_t *
699 au_to_opaque(short bytes, char *opaque)
700 {
701 token_t *token; /* local au_membuf */
702 adr_t adr; /* adr memory stream header */
703 char data_header = AUT_OPAQUE; /* header for this token */
704
705 token = au_getclr();
706
707 adr_start(&adr, memtod(token, char *));
708 adr_char(&adr, &data_header, 1);
709 adr_short(&adr, &bytes, 1);
710
711 token->len = adr_count(&adr);
712
713 /*
714 * Now attach the data
715 */
716 (void) au_append_buf(opaque, bytes, token);
717
718 return (token);
719 }
720 #endif /* AU_MAY_USE_SOMEDAY */
721
722 /*
723 * au_to_ip
724 * returns:
725 * pointer to au_membuf chain containing a ip header token
726 */
727 token_t *
728 au_to_ip(struct ip *ipp)
729 {
730 token_t *m; /* local au_membuf */
731 adr_t adr; /* adr memory stream header */
732 char data_header = AUT_IP; /* header for this token */
733
734 m = au_getclr();
735
736 adr_start(&adr, memtod(m, char *));
737 adr_char(&adr, &data_header, 1);
738 adr_char(&adr, (char *)ipp, 2);
739 adr_short(&adr, (short *)&(ipp->ip_len), 3);
740 adr_char(&adr, (char *)&(ipp->ip_ttl), 2);
741 adr_short(&adr, (short *)&(ipp->ip_sum), 1);
742 adr_int32(&adr, (int32_t *)&(ipp->ip_src), 2);
743
744 m->len = adr_count(&adr);
745
746 return (m);
747 }
748
749 /*
750 * au_to_iport
751 * returns:
752 * pointer to au_membuf chain containing a ip path token
753 */
754 token_t *
755 au_to_iport(ushort_t iport)
756 {
757 token_t *m; /* local au_membuf */
758 adr_t adr; /* adr memory stream header */
759 char data_header = AUT_IPORT; /* header for this token */
760
761 m = au_getclr();
762
763 adr_start(&adr, memtod(m, char *));
764 adr_char(&adr, &data_header, 1);
765 adr_ushort(&adr, &iport, 1);
766
767 m->len = adr_count(&adr);
768
769 return (m);
770 }
771
772 /*
773 * au_to_in_addr
774 * returns:
775 * pointer to au_membuf chain containing a ip path token
776 */
777 token_t *
778 au_to_in_addr(struct in_addr *internet_addr)
779 {
780 token_t *m; /* local au_membuf */
781 adr_t adr; /* adr memory stream header */
782 char data_header = AUT_IN_ADDR; /* header for this token */
783
784 m = au_getclr();
785
786 adr_start(&adr, memtod(m, char *));
787 adr_char(&adr, &data_header, 1);
788 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
789
790 m->len = adr_count(&adr);
791
792 return (m);
793 }
794
795 /*
796 * au_to_in_addr_ex
797 * returns:
798 * pointer to au_membuf chain containing an ipv6 token
799 */
800 token_t *
801 au_to_in_addr_ex(int32_t *internet_addr)
802 {
803 token_t *m; /* local au_membuf */
804 adr_t adr; /* adr memory stream header */
805 char data_header_v4 = AUT_IN_ADDR; /* header for v4 token */
806 char data_header_v6 = AUT_IN_ADDR_EX; /* header for v6 token */
807 int32_t type = AU_IPv6;
808
809 m = au_getclr();
810 adr_start(&adr, memtod(m, char *));
811
812 if (IN6_IS_ADDR_V4MAPPED((in6_addr_t *)internet_addr)) {
813 ipaddr_t in4;
814
815 /*
816 * An IPv4-mapped IPv6 address is really an IPv4 address
817 * in IPv6 format.
818 */
819 IN6_V4MAPPED_TO_IPADDR((in6_addr_t *)internet_addr, in4);
820
821 adr_char(&adr, &data_header_v4, 1);
822 adr_char(&adr, (char *)&in4, sizeof (ipaddr_t));
823 } else {
824 adr_char(&adr, &data_header_v6, 1);
825 adr_int32(&adr, &type, 1);
826 adr_char(&adr, (char *)internet_addr, sizeof (struct in6_addr));
827 }
828
829 m->len = adr_count(&adr);
830
831 return (m);
832 }
833
834 /*
835 * The Modifier tokens
836 */
837
838 /*
839 * au_to_attr
840 * returns:
841 * pointer to au_membuf chain containing an attribute token.
842 */
843 token_t *
844 au_to_attr(struct vattr *attr)
845 {
846 token_t *m; /* local au_membuf */
847 adr_t adr; /* adr memory stream header */
848 #ifdef _LP64
849 char data_header = AUT_ATTR64; /* header for this token */
850 #else
851 char data_header = AUT_ATTR32;
852 #endif
853 int32_t value;
854
855 m = au_getclr();
856
857 adr_start(&adr, memtod(m, char *));
858 adr_char(&adr, &data_header, 1);
859 value = (int32_t)attr->va_mode;
860 value |= (int32_t)(VTTOIF(attr->va_type));
861 adr_int32(&adr, &value, 1);
862 value = (int32_t)attr->va_uid;
863 adr_int32(&adr, &value, 1);
864 value = (int32_t)attr->va_gid;
865 adr_int32(&adr, &value, 1);
866 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
867 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
868 #ifdef _LP64
869 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
870 #else
871 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
872 #endif
873
874 m->len = adr_count(&adr);
875
876 return (m);
877 }
878
879 token_t *
880 au_to_acl(struct acl *aclp)
881 {
882 token_t *m; /* local au_membuf */
883 adr_t adr; /* adr memory stream header */
884 char data_header = AUT_ACL; /* header for this token */
885 int32_t value;
886
887 m = au_getclr();
888
889 adr_start(&adr, memtod(m, char *));
890 adr_char(&adr, &data_header, 1);
891
892 value = (int32_t)aclp->a_type;
893 adr_int32(&adr, &value, 1);
894 value = (int32_t)aclp->a_id;
895 adr_int32(&adr, &value, 1);
896 value = (int32_t)aclp->a_perm;
897 adr_int32(&adr, &value, 1);
898
899 m->len = adr_count(&adr);
900 return (m);
901 }
902
903 token_t *
904 au_to_ace(ace_t *acep)
905 {
906 token_t *m; /* local au_membuf */
907 adr_t adr; /* adr memory stream header */
908 char data_header = AUT_ACE; /* header for this token */
909
910 m = au_getclr();
911
912 adr_start(&adr, memtod(m, char *));
913 adr_char(&adr, &data_header, 1);
914
915 adr_uint32(&adr, &(acep->a_who), 1);
916 adr_uint32(&adr, &(acep->a_access_mask), 1);
917 adr_ushort(&adr, &(acep->a_flags), 1);
918 adr_ushort(&adr, &(acep->a_type), 1);
919
920 m->len = adr_count(&adr);
921 return (m);
922 }
923
924 /*
925 * au_to_ipc_perm
926 * returns:
927 * pointer to au_membuf chain containing a System V IPC attribute token.
928 */
929 token_t *
930 au_to_ipc_perm(struct kipc_perm *perm)
931 {
932 token_t *m; /* local au_membuf */
933 adr_t adr; /* adr memory stream header */
934 char data_header = AUT_IPC_PERM; /* header for this token */
935 int32_t value;
936
937 m = au_getclr();
938
939 adr_start(&adr, memtod(m, char *));
940 adr_char(&adr, &data_header, 1);
941 value = (int32_t)perm->ipc_uid;
942 adr_int32(&adr, &value, 1);
943 value = (int32_t)perm->ipc_gid;
944 adr_int32(&adr, &value, 1);
945 value = (int32_t)perm->ipc_cuid;
946 adr_int32(&adr, &value, 1);
947 value = (int32_t)perm->ipc_cgid;
948 adr_int32(&adr, &value, 1);
949 value = (int32_t)perm->ipc_mode;
950 adr_int32(&adr, &value, 1);
951 value = 0; /* seq is now obsolete */
952 adr_int32(&adr, &value, 1);
953 value = (int32_t)perm->ipc_key;
954 adr_int32(&adr, &value, 1);
955
956 m->len = adr_count(&adr);
957
958 return (m);
959 }
960
961 token_t *
962 au_to_groups(const gid_t *crgroups, uint_t crngroups)
963 {
964 token_t *m; /* local au_membuf */
965 adr_t adr; /* adr memory stream header */
966 char data_header = AUT_NEWGROUPS; /* header for this token */
967 short n_groups;
968
969 m = au_getclr();
970
971 adr_start(&adr, memtod(m, char *));
972 adr_char(&adr, &data_header, 1);
973 n_groups = (short)crngroups;
974 adr_short(&adr, &n_groups, 1);
975 adr_int32(&adr, (int32_t *)crgroups, (int)crngroups);
976
977 m->len = adr_count(&adr);
978
979 return (m);
980 }
981
982 /*
983 * au_to_socket_ex
984 * returns:
985 * pointer to au_membuf chain containing a socket token.
986 */
987 token_t *
988 au_to_socket_ex(short dom, short type, char *l, char *f)
989 {
990 adr_t adr;
991 token_t *m;
992 char data_header = AUT_SOCKET_EX;
993 struct sockaddr_in6 *addr6;
994 struct sockaddr_in *addr4;
995 short size;
996
997 m = au_getclr();
998
999 adr_start(&adr, memtod(m, char *));
1000 adr_char(&adr, &data_header, 1);
1001 adr_short(&adr, &dom, 1); /* dom of socket */
1002 adr_short(&adr, &type, 1); /* type of socket */
1003
1004 if (dom == AF_INET6) {
1005 size = AU_IPv6;
1006 adr_short(&adr, &size, 1); /* type of addresses */
1007 addr6 = (struct sockaddr_in6 *)l;
1008 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1009 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1010 addr6 = (struct sockaddr_in6 *)f;
1011 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1012 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1013 } else if (dom == AF_INET) {
1014 size = AU_IPv4;
1015 adr_short(&adr, &size, 1); /* type of addresses */
1016 addr4 = (struct sockaddr_in *)l;
1017 adr_short(&adr, (short *)&addr4->sin_port, 1);
1018 adr_char(&adr, (char *)&addr4->sin_addr, size);
1019 addr4 = (struct sockaddr_in *)f;
1020 adr_short(&adr, (short *)&addr4->sin_port, 1);
1021 adr_char(&adr, (char *)&addr4->sin_addr, size);
1022 }
1023
1024
1025 m->len = adr_count(&adr);
1026
1027 return (m);
1028 }
1029
1030 /*
1031 * au_to_seq
1032 * returns:
1033 * pointer to au_membuf chain containing a sequence token.
1034 */
1035 token_t *
1036 au_to_seq()
1037 {
1038 adr_t adr;
1039 token_t *m;
1040 char data_header = AUT_SEQ;
1041 static int32_t zerocount;
1042
1043 m = au_getclr();
1044
1045 adr_start(&adr, memtod(m, char *));
1046
1047 adr_char(&adr, &data_header, 1);
1048
1049 adr_int32(&adr, &zerocount, 1);
1050
1051 m->len = adr_count(&adr);
1052
1053 return (m);
1054 }
1055
1056 token_t *
1057 au_to_sock_inet(struct sockaddr_in *s_inet)
1058 {
1059 adr_t adr;
1060 token_t *m;
1061 char data_header = AUT_SOCKET;
1062
1063 m = au_getclr();
1064
1065 adr_start(&adr, memtod(m, char *));
1066 adr_char(&adr, &data_header, 1);
1067 adr_short(&adr, (short *)&s_inet->sin_family, 1);
1068 adr_short(&adr, (short *)&s_inet->sin_port, 1);
1069
1070 /* remote addr */
1071 adr_int32(&adr, (int32_t *)&s_inet->sin_addr.s_addr, 1);
1072
1073 m->len = (uchar_t)adr_count(&adr);
1074
1075 return (m);
1076 }
1077
1078 extern int maxprivbytes;
1079
1080 token_t *
1081 au_to_privset(
1082 const char *set,
1083 const priv_set_t *pset,
1084 char data_header,
1085 int success)
1086 {
1087 token_t *token, *m;
1088 adr_t adr;
1089 int priv;
1090 const char *pname;
1091 char sf = (char)success;
1092 char *buf, *q;
1093 short sz;
1094 boolean_t full;
1095
1096 token = au_getclr();
1097
1098 adr_start(&adr, memtod(token, char *));
1099 adr_char(&adr, &data_header, 1);
1100 /*
1101 * set is not used for AUT_UPRIV and sf (== success) is not
1102 * used for AUT_PRIV
1103 */
1104 if (data_header == AUT_UPRIV) {
1105 adr_char(&adr, &sf, 1);
1106 } else {
1107 sz = strlen(set) + 1;
1108 adr_short(&adr, &sz, 1);
1109
1110 token->len = (uchar_t)adr_count(&adr);
1111 m = au_getclr();
1112
1113 (void) au_append_buf(set, sz, m);
1114 (void) au_append_rec(token, m, AU_PACK);
1115 adr.adr_now += sz;
1116 }
1117
1118 full = priv_isfullset(pset);
1119
1120 if (full) {
1121 buf = "ALL";
1122 sz = strlen(buf) + 1;
1123 } else {
1124 q = buf = kmem_alloc(maxprivbytes, KM_SLEEP);
1125 *buf = '\0';
1126
1127 for (priv = 0; (pname = priv_getbynum(priv)) != NULL; priv++) {
1128 if (priv_ismember(pset, priv)) {
1129 if (q != buf)
1130 *q++ = ',';
1131 (void) strcpy(q, pname);
1132 q += strlen(q);
1133 }
1134 }
1135 sz = (q - buf) + 1;
1136 }
1137
1138 adr_short(&adr, &sz, 1);
1139 token->len = (uchar_t)adr_count(&adr);
1140
1141 m = au_getclr();
1142 (void) au_append_buf(buf, sz, m);
1143 (void) au_append_rec(token, m, AU_PACK);
1144
1145 if (!full)
1146 kmem_free(buf, maxprivbytes);
1147
1148 return (token);
1149 }
1150
1151 token_t *
1152 au_to_secflags(const char *which, secflagset_t set)
1153 {
1154 token_t *token, *m;
1155 adr_t adr;
1156 char data_header = AUT_SECFLAGS;
1157 short sz;
1158 char secstr[1024];
1159
1160 token = au_getclr();
1161
1162 adr_start(&adr, memtod(token, char *));
1163 adr_char(&adr, &data_header, 1);
1164
1165 sz = strlen(which) + 1;
1166 adr_short(&adr, &sz, 1);
1167
1168 token->len = (uchar_t)adr_count(&adr);
1169 m = au_getclr();
1170 (void) au_append_buf(which, sz, m);
1171 (void) au_append_rec(token, m, AU_PACK);
1172 adr.adr_now += sz;
1173
1174 secflags_to_str(set, secstr, sizeof (secstr));
1175 sz = strlen(secstr) + 1;
1176 adr_short(&adr, &sz, 1);
1177 token->len = (uchar_t)adr_count(&adr);
1178 m = au_getclr();
1179 (void) au_append_buf(secstr, sz, m);
1180 (void) au_append_rec(token, m, AU_PACK);
1181
1182 return (token);
1183 }
Unleashed OS