1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #include <ctype.h> 28 #include <dirent.h> 29 #include <grp.h> 30 #include <libintl.h> 31 #include <limits.h> 32 #include <locale.h> 33 #include <pwd.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <sys/types.h> 38 #include <sys/inttypes.h> 39 #include <sys/file.h> 40 #include <sys/param.h> 41 #include <sys/uio.h> 42 #include <sys/stat.h> 43 #include <sys/acl.h> 44 #include <sys/socket.h> 45 #include <sys/errno.h> 46 #include <sys/ipc.h> 47 #include <sys/sem.h> 48 #include <sys/systm.h> 49 #include <netinet/in.h> 50 #include <sys/tiuser.h> 51 #include <rpc/types.h> 52 #include <rpc/auth.h> 53 #include <rpc/auth_unix.h> 54 #include <rpc/svc.h> 55 #include <rpc/xdr.h> 56 #include <nfs/nfs.h> 57 #include <sys/fs/ufs_quota.h> 58 #include <sys/time.h> 59 #include <sys/mkdev.h> 60 #include <unistd.h> 61 62 #include <bsm/audit.h> 63 #include <bsm/audit_record.h> 64 #include <bsm/libbsm.h> 65 66 #include <tsol/label.h> 67 68 #include "praudit.h" 69 #include "toktable.h" 70 71 #include <netdb.h> 72 #include <arpa/inet.h> 73 74 static char *anchor_path(char *); 75 static char *collapse_path(char *); 76 77 78 /* 79 * ----------------------------------------------------------------------- 80 * is_file_token: 81 * Tests whether the specified token id represents a type 82 * of file token. 83 * return codes : 1 - tokenid is a file token type 84 * : 0 - otherwise 85 * ----------------------------------------------------------------------- 86 */ 87 int 88 is_file_token(int tokenid) 89 { 90 if ((tokenid == AUT_OTHER_FILE32) || (tokenid == AUT_OTHER_FILE64)) 91 return (1); 92 93 return (0); 94 } 95 96 /* 97 * ----------------------------------------------------------------------- 98 * is_header_token: 99 * Tests whether the specified token id represents a type 100 * of header token (signifying the start of a record). 101 * return codes : 1 - tokenid is a header type 102 * : 0 - otherwise 103 * ----------------------------------------------------------------------- 104 */ 105 int 106 is_header_token(int tokenid) 107 { 108 if ((tokenid == AUT_OHEADER) || (tokenid == AUT_HEADER32) || 109 (tokenid == AUT_HEADER32_EX) || (tokenid == AUT_HEADER64) || 110 (tokenid == AUT_HEADER64_EX)) 111 return (1); 112 113 return (0); 114 } 115 116 /* 117 * ----------------------------------------------------------------------- 118 * is_token: 119 * Tests whether the specified token id represents a true 120 * token, as opposed to a regular tag. 121 * return codes : 1 - tokenid is a true token 122 * : 0 - otherwise 123 * ----------------------------------------------------------------------- 124 */ 125 int 126 is_token(int tokenid) 127 { 128 if ((tokenid > 0) && (tokenid <= MAXTOKEN)) 129 return (1); 130 131 return (0); 132 } 133 134 135 /* 136 * ----------------------------------------------------------------------- 137 * exit_token() : Process information label token and display contents 138 * return codes : -1 - error 139 * : 0 - successful 140 * NOTE: At the time of call, the label token id has been retrieved 141 * 142 * Format of exit token: 143 * exit token id adr_char 144 * ----------------------------------------------------------------------- 145 */ 146 int 147 exit_token(pr_context_t *context) 148 { 149 int returnstat; 150 int retval; 151 uval_t uval; 152 153 if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0) 154 return (returnstat); 155 156 if ((returnstat = pr_adr_int32(context, (int32_t *)&retval, 1)) == 0) { 157 if (!(context->format & PRF_RAWM)) { 158 char *emsg = strerror(retval); 159 160 if (emsg == NULL) 161 uval.string_val = gettext("Unknown errno"); 162 else 163 uval.string_val = gettext(emsg); 164 uval.uvaltype = PRA_STRING; 165 } else { 166 uval.uvaltype = PRA_INT32; 167 uval.int32_val = retval; 168 } 169 returnstat = pa_print(context, &uval, 0); 170 } 171 if (returnstat == 0) 172 returnstat = close_tag(context, TAG_ERRVAL); 173 174 return (process_tag(context, TAG_RETVAL, returnstat, 1)); 175 } 176 177 /* 178 * ------------------------------------------------------------------ 179 * file_token() : prints out seconds of time and other file name 180 * return codes : -1 - error 181 * : 0 - successful, valid file token fields 182 * At the time of entry, the file token ID has already been retrieved 183 * 184 * Format of file token: 185 * file token id adr_char 186 * seconds of time adr_u_int 187 * name of other file adr_string 188 * ------------------------------------------------------------------ 189 */ 190 int 191 file_token(pr_context_t *context) 192 { 193 int returnstat; 194 195 returnstat = pa_utime32(context, 0, 0); /* time from usecs */ 196 197 /* other file name */ 198 returnstat = pa_file_string(context, returnstat, 1); 199 200 return (returnstat); 201 } 202 203 int 204 file64_token(pr_context_t *context) 205 { 206 int returnstat; 207 208 returnstat = pa_utime64(context, 0, 0); /* time from usecs */ 209 210 /* other file name */ 211 returnstat = pa_file_string(context, returnstat, 1); 212 213 return (returnstat); 214 } 215 216 /* 217 * ----------------------------------------------------------------------- 218 * header_token() : Process record header token and display contents 219 * return codes : -1 - error 220 * : 0 - successful 221 * : 1 - warning, password entry not found 222 * 223 * NOTE: At the time of call, the header token id has been retrieved 224 * 225 * Format of header token: 226 * header token id adr_char 227 * record byte count adr_u_int 228 * event type adr_u_short (printed either ASCII or raw) 229 * event class adr_u_int (printed either ASCII or raw) 230 * event action adr_u_int 231 * if extended: extended host name (IPv4/IPv6) 232 * seconds of time adr_u_int (printed either ASCII or raw) 233 * nanoseconds of time adr_u_int 234 * ----------------------------------------------------------------------- 235 */ 236 int 237 header_token(pr_context_t *context) 238 { 239 int returnstat; 240 241 returnstat = pa_reclen(context, 0); /* record byte */ 242 /* version ID */ 243 returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0); 244 /* event type */ 245 returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0); 246 /* event modifier */ 247 returnstat = pa_event_modifier(context, returnstat, 0); 248 /* time from nsec */ 249 returnstat = pa_ntime32(context, returnstat, 1); 250 251 return (returnstat); 252 } 253 254 int 255 header64_token(pr_context_t *context) 256 { 257 int returnstat; 258 259 returnstat = pa_reclen(context, 0); /* record byte */ 260 /* version ID */ 261 returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0); 262 /* event type */ 263 returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0); 264 /* event modifier */ 265 returnstat = pa_event_modifier(context, returnstat, 0); 266 /* time from nsec */ 267 returnstat = pa_ntime64(context, returnstat, 1); 268 269 return (returnstat); 270 } 271 272 int 273 header32_ex_token(pr_context_t *context) 274 { 275 int returnstat; 276 277 returnstat = pa_reclen(context, 0); /* record byte */ 278 /* version ID */ 279 returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0); 280 /* event type */ 281 returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0); 282 /* event modifier */ 283 returnstat = pa_event_modifier(context, returnstat, 0); 284 /* machine name */ 285 returnstat = pa_hostname_ex(context, returnstat, 0); 286 /* time from nsec */ 287 returnstat = pa_ntime32(context, returnstat, 1); 288 289 return (returnstat); 290 } 291 292 int 293 header64_ex_token(pr_context_t *context) 294 { 295 int returnstat; 296 297 returnstat = pa_reclen(context, 0); /* record byte */ 298 /* version ID */ 299 returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0); 300 /* event type */ 301 returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0); 302 /* event modifier */ 303 returnstat = pa_event_modifier(context, returnstat, 0); 304 /* machine name */ 305 returnstat = pa_hostname_ex(context, returnstat, 0); 306 /* time from nsec */ 307 returnstat = pa_ntime64(context, returnstat, 1); 308 309 return (returnstat); 310 } 311 312 /* 313 * ----------------------------------------------------------------------- 314 * trailer_token() : Process record trailer token and display contents 315 * return codes : -1 - error 316 * : 0 - successful 317 * NOTE: At the time of call, the trailer token id has already been 318 * retrieved 319 * 320 * Format of trailer token: 321 * trailer token id adr_char 322 * record sequence no adr_u_short (should be AUT_TRAILER_MAGIC) 323 * record byte count adr_u_int 324 * ----------------------------------------------------------------------- 325 */ 326 int 327 trailer_token(pr_context_t *context) 328 { 329 short magic_number; 330 331 if (pr_adr_u_short(context, (ushort_t *)&magic_number, 1) < 0) { 332 (void) fprintf(stderr, gettext( 333 "praudit: Cannot retrieve trailer magic number\n")); 334 return (-1); 335 } else { 336 if (magic_number != AUT_TRAILER_MAGIC) { 337 (void) fprintf(stderr, gettext( 338 "praudit: Invalid trailer magic number\n")); 339 return (-1); 340 } else 341 /* Do not display trailer in XML mode */ 342 if (context->format & PRF_XMLM) { 343 uint32_t junk; 344 int retstat; 345 346 retstat = pr_adr_u_int32(context, &junk, 1); 347 return (retstat); 348 } else { 349 return (pa_adr_u_int32(context, 0, 1)); 350 } 351 } 352 } 353 354 /* 355 * ----------------------------------------------------------------------- 356 * arbitrary_data_token(): 357 * Process arbitrary data token and display contents 358 * return codes : -1 - error 359 * : 0 - successful 360 * NOTE: At the time of call, the arbitrary data token id has already 361 * been retrieved 362 * 363 * Format of arbitrary data token: 364 * arbitrary data token id adr char 365 * how to print adr_char 366 * From audit_record.h, this may be either: 367 * AUP_BINARY binary 368 * AUP_OCTAL octal 369 * AUP_DECIMAL decimal 370 * AUP_HEX hexadecimal 371 * basic unit adr_char 372 * From audit_record.h, this may be either: 373 * AUR_BYTE byte 374 * AUR_CHAR char 375 * AUR_SHORT short 376 * AUR_INT32 int32_t 377 * AUR_INT64 int64_t 378 * unit count adr_char, specifying number of units of 379 * data in the "data items" parameter below 380 * data items depends on basic unit 381 * 382 * ----------------------------------------------------------------------- 383 */ 384 int 385 arbitrary_data_token(pr_context_t *context) 386 { 387 int returnstat; 388 int i; 389 char c1; 390 short c2; 391 int32_t c3; 392 int64_t c4; 393 char how_to_print, basic_unit, unit_count, fwid; 394 char *p; 395 int index = 0; 396 char *pformat = "%*s"; 397 398 uval_t uval; 399 400 if ((returnstat = pr_adr_char(context, &how_to_print, 1)) != 0) 401 return (returnstat); 402 403 if ((returnstat = pr_adr_char(context, &basic_unit, 1)) != 0) 404 return (returnstat); 405 406 if ((returnstat = pr_adr_char(context, &unit_count, 1)) != 0) 407 return (returnstat); 408 409 if (!(context->format & PRF_RAWM)) { 410 uval.uvaltype = PRA_STRING; 411 uval.string_val = htp2string(how_to_print); 412 } else { 413 uval.uvaltype = PRA_INT32; 414 uval.int32_val = (int)how_to_print; 415 } 416 417 if ((returnstat = open_tag(context, TAG_ARBPRINT)) != 0) 418 return (returnstat); 419 if ((returnstat = pa_print(context, &uval, 0)) < 0) 420 return (returnstat); 421 if ((returnstat = close_tag(context, TAG_ARBPRINT)) != 0) 422 return (returnstat); 423 424 if (!(context->format & PRF_RAWM)) { 425 uval.uvaltype = PRA_STRING; 426 uval.string_val = bu2string(basic_unit); 427 } else { 428 uval.uvaltype = PRA_INT32; 429 uval.int32_val = (int32_t)basic_unit; 430 } 431 432 if ((returnstat = open_tag(context, TAG_ARBTYPE)) != 0) 433 return (returnstat); 434 if ((returnstat = pa_print(context, &uval, 0)) < 0) 435 return (returnstat); 436 if ((returnstat = close_tag(context, TAG_ARBTYPE)) != 0) 437 return (returnstat); 438 439 uval.uvaltype = PRA_INT32; 440 uval.int32_val = (int32_t)unit_count; 441 442 if ((returnstat = open_tag(context, TAG_ARBCOUNT)) != 0) 443 return (returnstat); 444 if ((returnstat = pa_print(context, &uval, 1)) < 0) 445 return (returnstat); 446 if ((returnstat = close_tag(context, TAG_ARBCOUNT)) != 0) 447 return (returnstat); 448 449 /* Done with attributes; force end of token open */ 450 if ((returnstat = finish_open_tag(context)) != 0) 451 return (returnstat); 452 453 /* get the field width in case we need to format output */ 454 fwid = findfieldwidth(basic_unit, how_to_print); 455 p = (char *)malloc(80); 456 457 /* now get the data items and print them */ 458 for (i = 0; (i < unit_count); i++) { 459 switch (basic_unit) { 460 /* case AUR_BYTE: */ 461 case AUR_CHAR: 462 if (pr_adr_char(context, &c1, 1) == 0) 463 (void) convert_char_to_string(how_to_print, 464 c1, p); 465 else { 466 free(p); 467 return (-1); 468 } 469 break; 470 case AUR_SHORT: 471 if (pr_adr_short(context, &c2, 1) == 0) 472 (void) convert_short_to_string(how_to_print, 473 c2, p); 474 else { 475 free(p); 476 return (-1); 477 } 478 break; 479 case AUR_INT32: 480 if (pr_adr_int32(context, &c3, 1) == 0) 481 (void) convert_int32_to_string(how_to_print, 482 c3, p); 483 else { 484 free(p); 485 return (-1); 486 } 487 break; 488 case AUR_INT64: 489 if (pr_adr_int64(context, &c4, 1) == 0) 490 (void) convert_int64_to_string(how_to_print, 491 c4, p); 492 else { 493 free(p); 494 return (-1); 495 } 496 break; 497 default: 498 free(p); 499 return (-1); 500 /*NOTREACHED*/ 501 } 502 503 /* 504 * At this point, we have successfully retrieved a data 505 * item and converted it into an ASCII string pointed to 506 * by p. If all output is to be printed on one line, 507 * simply separate the data items by a space (or by the 508 * delimiter if this is the last data item), otherwise, we 509 * need to format the output before display. 510 */ 511 if (context->format & PRF_ONELINE) { 512 returnstat = pr_printf(context, "%s", p); 513 if ((returnstat >= 0) && (i == (unit_count - 1))) 514 returnstat = pr_printf(context, "%s", 515 context->SEPARATOR); 516 else 517 returnstat = pr_putchar(context, ' '); 518 } else { /* format output */ 519 returnstat = pr_printf(context, pformat, fwid, p); 520 index += fwid; 521 if ((returnstat >= 0) && 522 (((index + fwid) > 75) || 523 (i == (unit_count - 1)))) { 524 returnstat = pr_putchar(context, '\n'); 525 index = 0; 526 } 527 } /* else if PRF_ONELINE */ 528 if (returnstat < 0) { 529 free(p); 530 return (returnstat); 531 } 532 } 533 free(p); 534 535 return (returnstat); 536 } 537 538 /* 539 * ----------------------------------------------------------------------- 540 * opaque_token() : Process opaque token and display contents 541 * return codes : -1 - error 542 * : 0 - successful 543 * NOTE: At the time of call, the opaque token id has already been 544 * retrieved 545 * 546 * Format of opaque token: 547 * opaque token id adr_char 548 * size adr_short 549 * data adr_char, size times 550 * ----------------------------------------------------------------------- 551 */ 552 int 553 opaque_token(pr_context_t *context) 554 { 555 int returnstat; 556 short size; 557 char *charp; 558 uval_t uval; 559 560 561 /* print the size of the token */ 562 if (pr_adr_short(context, &size, 1) == 0) { 563 uval.uvaltype = PRA_SHORT; 564 uval.short_val = size; 565 returnstat = pa_print(context, &uval, 0); 566 } else 567 returnstat = -1; 568 569 /* now print out the data field in hexadecimal */ 570 if (returnstat >= 0) { 571 /* try to allocate memory for the character string */ 572 if ((charp = (char *)malloc(size * sizeof (char))) == NULL) 573 returnstat = -1; 574 else { 575 if ((returnstat = pr_adr_char(context, charp, 576 size)) == 0) { 577 /* print out in hexadecimal format */ 578 uval.uvaltype = PRA_STRING; 579 uval.string_val = hexconvert(charp, size, size); 580 if (uval.string_val) { 581 returnstat = pa_print(context, 582 &uval, 1); 583 free(uval.string_val); 584 } 585 } 586 free(charp); 587 } 588 } 589 590 return (returnstat); 591 } 592 593 /* 594 * ----------------------------------------------------------------------- 595 * path_token() : Process path token and display contents 596 * return codes : -1 - error 597 * : 0 - successful 598 * NOTE: At the time of call, the path token id has been retrieved 599 * 600 * Format of path token: 601 * token id adr_char 602 * path adr_string 603 * ----------------------------------------------------------------------- 604 */ 605 int 606 path_token(pr_context_t *context) 607 { 608 char *path; /* path */ 609 char *apath; /* anchored path */ 610 char *cpath; /* collapsed path */ 611 short length; 612 int returnstat; 613 uval_t uval; 614 615 /* 616 * We need to know how much space to allocate for our string, so 617 * read the length first, then call pr_adr_char to read those bytes. 618 */ 619 if (pr_adr_short(context, &length, 1) == 0) { 620 if ((path = (char *)malloc(length + 1)) == NULL) { 621 returnstat = -1; 622 } else if (pr_adr_char(context, path, length) == 0) { 623 path[length] = '\0'; 624 uval.uvaltype = PRA_STRING; 625 if (*path != '/') { 626 apath = anchor_path(path); 627 free(path); 628 } else 629 apath = path; 630 cpath = collapse_path(apath); 631 uval.string_val = cpath; 632 returnstat = pa_print(context, &uval, 1); 633 free(cpath); 634 } else { 635 free(path); 636 returnstat = -1; 637 } 638 return (returnstat); 639 } else 640 return (-1); 641 } 642 643 /* 644 * anchor a path name with a slash 645 */ 646 char * 647 anchor_path(char *sp) 648 { 649 char *dp; /* destination path */ 650 char *tp; /* temporary path */ 651 size_t len; 652 653 len = strlen(sp) + 2; 654 if ((dp = tp = (char *)calloc(1, len)) == (char *)0) 655 return ((char *)0); 656 657 *dp++ = '/'; 658 659 (void) strlcpy(dp, sp, len); 660 661 return (tp); 662 } 663 664 /* 665 * copy path to collapsed path. 666 * collapsed path does not contain: 667 * successive slashes 668 * instances of dot-slash 669 * instances of dot-dot-slash 670 * passed path must be anchored with a '/' 671 */ 672 char * 673 collapse_path(char *s) 674 { 675 int id; /* index of where we are in destination string */ 676 int is; /* index of where we are in source string */ 677 int slashseen; /* have we seen a slash */ 678 int ls; /* length of source string */ 679 680 ls = strlen(s) + 1; 681 682 slashseen = 0; 683 for (is = 0, id = 0; is < ls; is++) { 684 /* thats all folks, we've reached the end of input */ 685 if (s[is] == '\0') { 686 if (id > 1 && s[id-1] == '/') { 687 --id; 688 } 689 s[id++] = '\0'; 690 break; 691 } 692 /* previous character was a / */ 693 if (slashseen) { 694 if (s[is] == '/') 695 continue; /* another slash, ignore it */ 696 } else if (s[is] == '/') { 697 /* we see a /, just copy it and try again */ 698 slashseen = 1; 699 s[id++] = '/'; 700 continue; 701 } 702 /* /./ seen */ 703 if (s[is] == '.' && s[is+1] == '/') { 704 is += 1; 705 continue; 706 } 707 /* XXX/. seen */ 708 if (s[is] == '.' && s[is+1] == '\0') { 709 if (id > 1) 710 id--; 711 continue; 712 } 713 /* XXX/.. seen */ 714 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 715 is += 1; 716 if (id > 0) 717 id--; 718 while (id > 0 && s[--id] != '/') 719 continue; 720 id++; 721 continue; 722 } 723 /* XXX/../ seen */ 724 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 725 is += 2; 726 if (id > 0) 727 id--; 728 while (id > 0 && s[--id] != '/') 729 continue; 730 id++; 731 continue; 732 } 733 while (is < ls && (s[id++] = s[is++]) != '/') 734 continue; 735 is--; 736 } 737 return (s); 738 } 739 740 /* 741 * ----------------------------------------------------------------------- 742 * cmd_token() : Process cmd token and display contents 743 * return codes : -1 - error 744 * : 0 - successful 745 * NOTE: At the time of call, the cmd token id has been retrieved 746 * 747 * Format of command token: 748 * token id adr_char 749 * argc adr_short 750 * N*argv[i] adr_string (short, string) 751 * env cnt adr_short 752 * N*arge[i] adr_string (short, string) 753 * ----------------------------------------------------------------------- 754 */ 755 int 756 cmd_token(pr_context_t *context) 757 { 758 int returnstat; 759 short num; 760 761 returnstat = pr_adr_short(context, &num, 1); 762 if (returnstat < 0) 763 return (returnstat); 764 765 if (!(context->format & PRF_XMLM)) { 766 returnstat = pr_printf(context, "%s%s%d%s", 767 (context->format & PRF_ONELINE) ? "" : gettext("argcnt"), 768 (context->format & PRF_ONELINE) ? "" : context->SEPARATOR, 769 num, context->SEPARATOR); 770 if (returnstat < 0) 771 return (returnstat); 772 } 773 774 for (; num > 0; num--) { 775 if ((returnstat = process_tag(context, TAG_ARGV, 776 returnstat, 0)) < 0) 777 return (returnstat); 778 } 779 780 if ((returnstat = pr_adr_short(context, &num, 1)) < 0) 781 return (returnstat); 782 783 if (!(context->format & PRF_XMLM)) { 784 returnstat = pr_printf(context, "%s%s%d%s", 785 (context->format & PRF_ONELINE) ? "" : gettext("envcnt"), 786 (context->format & PRF_ONELINE) ? "" : context->SEPARATOR, 787 num, context->SEPARATOR); 788 if (returnstat < 0) 789 return (returnstat); 790 } 791 792 if ((num == 0) && !(context->format & PRF_XMLM)) { 793 returnstat = do_newline(context, 1); 794 if (returnstat < 0) 795 return (returnstat); 796 } 797 798 for (; num > 1; num--) { 799 if ((returnstat = process_tag(context, TAG_ARGE, 800 returnstat, 0)) < 0) 801 return (returnstat); 802 } 803 if (num) 804 returnstat = process_tag(context, TAG_ARGE, returnstat, 1); 805 806 return (returnstat); 807 808 } 809 810 /* 811 * ----------------------------------------------------------------------- 812 * argument32_token() : Process argument token and display contents 813 * return codes : -1 - error 814 * : 0 - successful 815 * NOTE: At the time of call, the arg token id has been retrieved 816 * 817 * Format of argument token: 818 * current directory token id adr_char 819 * argument number adr_char 820 * argument value adr_int32 821 * argument description adr_string 822 * ----------------------------------------------------------------------- 823 */ 824 int 825 argument32_token(pr_context_t *context) 826 { 827 int returnstat; 828 829 returnstat = process_tag(context, TAG_ARGNUM, 0, 0); 830 returnstat = process_tag(context, TAG_ARGVAL32, returnstat, 0); 831 returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1); 832 833 return (returnstat); 834 835 } 836 837 /* 838 * ----------------------------------------------------------------------- 839 * argument64_token() : Process argument token and display contents 840 * return codes : -1 - error 841 * : 0 - successful 842 * NOTE: At the time of call, the arg token id has been retrieved 843 * 844 * Format of 64 bit argument token: 845 * current directory token id adr_char 846 * argument number adr_char 847 * argument value adr_int64 848 * argument description adr_string 849 * ----------------------------------------------------------------------- 850 */ 851 int 852 argument64_token(pr_context_t *context) 853 { 854 int returnstat; 855 856 returnstat = process_tag(context, TAG_ARGNUM, 0, 0); 857 returnstat = process_tag(context, TAG_ARGVAL64, returnstat, 0); 858 returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1); 859 860 return (returnstat); 861 862 } 863 864 /* 865 * ----------------------------------------------------------------------- 866 * process_token() : Process process token and display contents 867 * return codes : -1 - error 868 * : 0 - successful 869 * NOTE: At the time of call, the process token id has been retrieved 870 * 871 * Format of process token: 872 * process token id adr_char 873 * auid adr_u_int32 874 * euid adr_u_int32 875 * egid adr_u_int32 876 * ruid adr_u_int32 877 * egid adr_u_int32 878 * pid adr_u_int32 879 * sid adr_u_int32 880 * tid adr_u_int32, adr_u_int32 881 * ----------------------------------------------------------------------- 882 */ 883 int 884 process32_token(pr_context_t *context) 885 { 886 int returnstat; 887 888 /* auid */ 889 returnstat = process_tag(context, TAG_AUID, 0, 0); 890 /* uid */ 891 returnstat = process_tag(context, TAG_UID, returnstat, 0); 892 /* gid */ 893 returnstat = process_tag(context, TAG_GID, returnstat, 0); 894 /* ruid */ 895 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 896 /* rgid */ 897 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 898 /* pid */ 899 returnstat = process_tag(context, TAG_PID, returnstat, 0); 900 /* sid */ 901 returnstat = process_tag(context, TAG_SID, returnstat, 0); 902 /* tid */ 903 returnstat = process_tag(context, TAG_TID32, returnstat, 1); 904 905 return (returnstat); 906 } 907 908 int 909 process64_token(pr_context_t *context) 910 { 911 int returnstat; 912 913 /* auid */ 914 returnstat = process_tag(context, TAG_AUID, 0, 0); 915 /* uid */ 916 returnstat = process_tag(context, TAG_UID, returnstat, 0); 917 /* gid */ 918 returnstat = process_tag(context, TAG_GID, returnstat, 0); 919 /* ruid */ 920 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 921 /* rgid */ 922 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 923 /* pid */ 924 returnstat = process_tag(context, TAG_PID, returnstat, 0); 925 /* sid */ 926 returnstat = process_tag(context, TAG_SID, returnstat, 0); 927 /* tid */ 928 returnstat = process_tag(context, TAG_TID64, returnstat, 1); 929 930 return (returnstat); 931 } 932 933 /* 934 * ----------------------------------------------------------------------- 935 * process_ex_token() : Process process token and display contents 936 * return codes : -1 - error 937 * : 0 - successful 938 * NOTE: At the time of call, the process token id has been retrieved 939 * 940 * Format of extended process token: 941 * process token id adr_char 942 * auid adr_u_int32 943 * euid adr_u_int32 944 * egid adr_u_int32 945 * ruid adr_u_int32 946 * egid adr_u_int32 947 * pid adr_u_int32 948 * sid adr_u_int32 949 * tid adr_u_int32, adr_u_int32, 4*adr_u_int32 950 * ----------------------------------------------------------------------- 951 */ 952 int 953 process32_ex_token(pr_context_t *context) 954 { 955 int returnstat; 956 957 /* auid */ 958 returnstat = process_tag(context, TAG_AUID, 0, 0); 959 /* uid */ 960 returnstat = process_tag(context, TAG_UID, returnstat, 0); 961 /* gid */ 962 returnstat = process_tag(context, TAG_GID, returnstat, 0); 963 /* ruid */ 964 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 965 /* rgid */ 966 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 967 /* pid */ 968 returnstat = process_tag(context, TAG_PID, returnstat, 0); 969 /* sid */ 970 returnstat = process_tag(context, TAG_SID, returnstat, 0); 971 /* tid */ 972 returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1); 973 974 return (returnstat); 975 } 976 977 int 978 process64_ex_token(pr_context_t *context) 979 { 980 int returnstat; 981 982 /* auid */ 983 returnstat = process_tag(context, TAG_AUID, 0, 0); 984 /* uid */ 985 returnstat = process_tag(context, TAG_UID, returnstat, 0); 986 /* gid */ 987 returnstat = process_tag(context, TAG_GID, returnstat, 0); 988 /* ruid */ 989 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 990 /* rgid */ 991 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 992 /* pid */ 993 returnstat = process_tag(context, TAG_PID, returnstat, 0); 994 /* sid */ 995 returnstat = process_tag(context, TAG_SID, returnstat, 0); 996 /* tid */ 997 returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1); 998 999 return (returnstat); 1000 } 1001 1002 /* 1003 * ----------------------------------------------------------------------- 1004 * return_value32_token(): Process return value and display contents 1005 * return codes : -1 - error 1006 * : 0 - successful 1007 * NOTE: At the time of call, the return value token id has been retrieved 1008 * 1009 * Format of return value token: 1010 * return value token id adr_char 1011 * error number adr_char 1012 * return value adr_int32 1013 * ----------------------------------------------------------------------- 1014 */ 1015 int 1016 return_value32_token(pr_context_t *context) 1017 { 1018 int returnstat; 1019 uchar_t number; 1020 int32_t value; 1021 char pb[512]; /* print buffer */ 1022 uval_t uval; 1023 bool_t used_ret_val = 0; 1024 1025 /* 1026 * Every audit record generated contains a return token. 1027 * 1028 * The return token is a special token. It indicates the success 1029 * or failure of the event that contains it. 1030 * The return32 token contains two pieces of data: 1031 * 1032 * char number; 1033 * int32_t return_value; 1034 * 1035 * For audit records generated by the kernel: 1036 * The kernel always puts a positive value in "number". 1037 * Upon success "number" is 0. 1038 * Upon failure "number" is a positive errno value that is less than 1039 * sys_nerr. 1040 * 1041 * For audit records generated at the user level: 1042 * Upon success "number" is 0. 1043 * Upon failure "number" is -1. 1044 * 1045 * For both kernel and user land the value of "return_value" is 1046 * arbitrary. For the kernel it contains the return value of 1047 * the system call. For user land it contains an arbitrary return 1048 * value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE 1049 * and above are messages defined in adt_event.h. ADT_FAIL_PAM and 1050 * above are messages from pam_strerror(). No interpretation is done 1051 * on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or 1052 * ADT_FAIL_PAM values. 1053 */ 1054 if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0) 1055 return (returnstat); 1056 1057 if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) { 1058 if (!(context->format & PRF_RAWM)) { 1059 used_ret_val = 1; 1060 pa_error(number, pb, sizeof (pb)); 1061 uval.uvaltype = PRA_STRING; 1062 uval.string_val = pb; 1063 if ((returnstat = pa_print(context, &uval, 0)) != 0) 1064 return (returnstat); 1065 if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0) 1066 return (returnstat); 1067 if ((returnstat = open_tag(context, TAG_RETVAL)) != 0) 1068 return (returnstat); 1069 1070 if ((returnstat = pr_adr_int32( 1071 context, &value, 1)) != 0) 1072 return (returnstat); 1073 1074 pa_retval(number, value, pb, sizeof (pb)); 1075 } else { 1076 uval.uvaltype = PRA_INT32; 1077 if ((char)number == -1) 1078 uval.int32_val = -1; 1079 else 1080 uval.int32_val = number; 1081 } 1082 returnstat = pa_print(context, &uval, used_ret_val); 1083 } 1084 if (used_ret_val) { 1085 if (returnstat == 0) 1086 returnstat = close_tag(context, TAG_RETVAL); 1087 return (returnstat); 1088 } 1089 if (!returnstat) 1090 if (returnstat = close_tag(context, TAG_ERRVAL)) 1091 return (returnstat); 1092 1093 return (process_tag(context, TAG_RETVAL, returnstat, 1)); 1094 } 1095 1096 /* 1097 * ----------------------------------------------------------------------- 1098 * return_value64_token(): Process return value and display contents 1099 * return codes : -1 - error 1100 * : 0 - successful 1101 * NOTE: At the time of call, the return value token id has been retrieved 1102 * 1103 * Format of return value token: 1104 * return value token id adr_char 1105 * error number adr_char 1106 * return value adr_int64 1107 * 1108 * HOWEVER, the 64 bit return value is a concatenation of two 1109 * 32 bit return values; the first of which is the same as is 1110 * carried in the return32 token. The second 32 bits are ignored 1111 * here so that the displayed return token will have the same 1112 * number whether the application is 32 or 64 bits. 1113 * ----------------------------------------------------------------------- 1114 */ 1115 int 1116 return_value64_token(pr_context_t *context) 1117 { 1118 int returnstat; 1119 uchar_t number; 1120 rval_t rval; 1121 char pb[512]; /* print buffer */ 1122 uval_t uval; 1123 1124 /* 1125 * Every audit record generated contains a return token. 1126 * 1127 * The return token is a special token. It indicates the success 1128 * or failure of the event that contains it. 1129 * The return64 token contains two pieces of data: 1130 * 1131 * char number; 1132 * int64_t return_value; 1133 * 1134 * For audit records generated by the kernel: 1135 * The kernel always puts a positive value in "number". 1136 * Upon success "number" is 0. 1137 * Upon failure "number" is a positive errno value that is less than 1138 * sys_nerr. 1139 * 1140 * For audit records generated at the user level: 1141 * Upon success "number" is 0. 1142 * Upon failure "number" is -1. 1143 * 1144 * For both kernel and user land the value of "return_value" is 1145 * arbitrary. For the kernel it contains the return value of 1146 * the system call. For user land it contains an arbitrary return 1147 * value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE 1148 * and above are messages defined in adt_event.h. ADT_FAIL_PAM and 1149 * above are messages from pam_strerror(). No interpretation is done 1150 * on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or 1151 * ADT_FAIL_PAM values. 1152 * 1153 * The 64 bit return value consists of two 32bit parts; for 1154 * system calls, the first part is the value returned by the 1155 * system call and the second part depends on the system call 1156 * implementation. In most cases, the second part is either 0 1157 * or garbage; because of that, it is omitted from the praudit 1158 * output. 1159 */ 1160 if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0) 1161 return (returnstat); 1162 1163 if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) { 1164 if (!(context->format & PRF_RAWM)) { 1165 pa_error(number, pb, sizeof (pb)); 1166 uval.uvaltype = PRA_STRING; 1167 uval.string_val = pb; 1168 if ((returnstat = pa_print(context, &uval, 0)) != 0) 1169 return (returnstat); 1170 1171 if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0) 1172 return (returnstat); 1173 if ((returnstat = open_tag(context, TAG_RETVAL)) != 0) 1174 return (returnstat); 1175 1176 if ((returnstat = pr_adr_int64(context, 1177 &rval.r_vals, 1)) != 0) 1178 return (returnstat); 1179 pa_retval(number, rval.r_val1, pb, sizeof (pb)); 1180 } else { 1181 uval.uvaltype = PRA_INT32; 1182 if ((char)number == -1) 1183 uval.int32_val = -1; 1184 else 1185 uval.int32_val = number; 1186 1187 if ((returnstat = pa_print(context, &uval, 0)) != 0) 1188 return (returnstat); 1189 1190 if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0) 1191 return (returnstat); 1192 if ((returnstat = open_tag(context, TAG_RETVAL)) != 0) 1193 return (returnstat); 1194 1195 if ((returnstat = pr_adr_int64(context, 1196 &rval.r_vals, 1)) != 0) 1197 return (returnstat); 1198 uval.int32_val = rval.r_val1; 1199 } 1200 returnstat = pa_print(context, &uval, 1); 1201 } else { 1202 return (returnstat); 1203 } 1204 1205 if (returnstat == 0) 1206 returnstat = close_tag(context, TAG_RETVAL); 1207 1208 return (returnstat); 1209 } 1210 1211 /* 1212 * ----------------------------------------------------------------------- 1213 * subject32_token() : Process subject token and display contents 1214 * return codes : -1 - error 1215 * : 0 - successful 1216 * NOTE: At the time of call, the subject token id has been retrieved 1217 * 1218 * Format of subject token: 1219 * subject token id adr_char 1220 * auid adr_u_int32 1221 * euid adr_u_int32 1222 * egid adr_u_int32 1223 * ruid adr_u_int32 1224 * egid adr_u_int32 1225 * pid adr_u_int32 1226 * sid adr_u_int32 1227 * tid adr_u_int32, adr_u_int32 1228 * ----------------------------------------------------------------------- 1229 */ 1230 int 1231 subject32_token(pr_context_t *context) 1232 { 1233 int returnstat; 1234 1235 /* auid */ 1236 returnstat = process_tag(context, TAG_AUID, 0, 0); 1237 /* uid */ 1238 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1239 /* gid */ 1240 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1241 /* ruid */ 1242 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 1243 /* rgid */ 1244 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 1245 /* pid */ 1246 returnstat = process_tag(context, TAG_PID, returnstat, 0); 1247 /* sid */ 1248 returnstat = process_tag(context, TAG_SID, returnstat, 0); 1249 /* tid */ 1250 returnstat = process_tag(context, TAG_TID32, returnstat, 1); 1251 1252 return (returnstat); 1253 } 1254 1255 int 1256 subject64_token(pr_context_t *context) 1257 { 1258 int returnstat; 1259 1260 /* auid */ 1261 returnstat = process_tag(context, TAG_AUID, 0, 0); 1262 /* uid */ 1263 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1264 /* gid */ 1265 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1266 /* ruid */ 1267 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 1268 /* rgid */ 1269 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 1270 /* pid */ 1271 returnstat = process_tag(context, TAG_PID, returnstat, 0); 1272 /* sid */ 1273 returnstat = process_tag(context, TAG_SID, returnstat, 0); 1274 /* tid */ 1275 returnstat = process_tag(context, TAG_TID64, returnstat, 1); 1276 1277 return (returnstat); 1278 } 1279 1280 /* 1281 * ----------------------------------------------------------------------- 1282 * subject_ex_token(): Process subject token and display contents 1283 * return codes : -1 - error 1284 * : 0 - successful 1285 * NOTE: At the time of call, the subject token id has been retrieved 1286 * 1287 * Format of extended subject token: 1288 * subject token id adr_char 1289 * auid adr_u_int32 1290 * euid adr_u_int32 1291 * egid adr_u_int32 1292 * ruid adr_u_int32 1293 * egid adr_u_int32 1294 * pid adr_u_int32 1295 * sid adr_u_int32 1296 * tid adr_u_int32, adr_u_int32 1297 * ----------------------------------------------------------------------- 1298 */ 1299 int 1300 subject32_ex_token(pr_context_t *context) 1301 { 1302 int returnstat; 1303 1304 /* auid */ 1305 returnstat = process_tag(context, TAG_AUID, 0, 0); 1306 /* uid */ 1307 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1308 /* gid */ 1309 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1310 /* ruid */ 1311 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 1312 /* rgid */ 1313 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 1314 /* pid */ 1315 returnstat = process_tag(context, TAG_PID, returnstat, 0); 1316 /* sid */ 1317 returnstat = process_tag(context, TAG_SID, returnstat, 0); 1318 /* tid */ 1319 returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1); 1320 1321 return (returnstat); 1322 } 1323 1324 int 1325 subject64_ex_token(pr_context_t *context) 1326 { 1327 int returnstat; 1328 1329 /* auid */ 1330 returnstat = process_tag(context, TAG_AUID, 0, 0); 1331 /* uid */ 1332 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1333 /* gid */ 1334 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1335 /* ruid */ 1336 returnstat = process_tag(context, TAG_RUID, returnstat, 0); 1337 /* rgid */ 1338 returnstat = process_tag(context, TAG_RGID, returnstat, 0); 1339 /* pid */ 1340 returnstat = process_tag(context, TAG_PID, returnstat, 0); 1341 /* sid */ 1342 returnstat = process_tag(context, TAG_SID, returnstat, 0); 1343 /* tid */ 1344 returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1); 1345 1346 return (returnstat); 1347 } 1348 1349 /* 1350 * ----------------------------------------------------------------------- 1351 * s5_IPC_token() : Process System V IPC token and display contents 1352 * return codes : -1 - error 1353 * : 0 - successful 1354 * NOTE: At the time of call, the System V IPC id has been retrieved 1355 * 1356 * Format of System V IPC token: 1357 * System V IPC token id adr_char 1358 * object id adr_int32 1359 * ----------------------------------------------------------------------- 1360 */ 1361 int 1362 s5_IPC_token(pr_context_t *context) 1363 { 1364 int returnstat; 1365 uchar_t ipctype; 1366 uval_t uval; 1367 1368 /* 1369 * TRANSLATION_NOTE 1370 * These names refer to the type of System V IPC object: 1371 * message queue, semaphore, shared memory. 1372 */ 1373 1374 if (pr_adr_u_char(context, &ipctype, 1) == 0) { 1375 if ((returnstat = open_tag(context, TAG_IPCTYPE)) != 0) 1376 return (returnstat); 1377 1378 if (!(context->format & PRF_RAWM)) { 1379 /* print in ASCII form */ 1380 uval.uvaltype = PRA_STRING; 1381 switch (ipctype) { 1382 case AT_IPC_MSG: 1383 uval.string_val = gettext("msg"); 1384 break; 1385 case AT_IPC_SEM: 1386 uval.string_val = gettext("sem"); 1387 break; 1388 case AT_IPC_SHM: 1389 uval.string_val = gettext("shm"); 1390 break; 1391 } 1392 returnstat = pa_print(context, &uval, 0); 1393 } 1394 /* print in integer form */ 1395 if ((context->format & PRF_RAWM) || (returnstat == 1)) { 1396 uval.uvaltype = PRA_BYTE; 1397 uval.char_val = ipctype; 1398 returnstat = pa_print(context, &uval, 0); 1399 } 1400 if ((returnstat = close_tag(context, TAG_IPCTYPE)) != 0) 1401 return (returnstat); 1402 1403 /* next get and print ipc id */ 1404 return (process_tag(context, TAG_IPCID, returnstat, 1)); 1405 } else { 1406 /* cannot retrieve ipc type */ 1407 return (-1); 1408 } 1409 } 1410 1411 /* 1412 * ----------------------------------------------------------------------- 1413 * text_token() : Process text token and display contents 1414 * return codes : -1 - error 1415 * : 0 - successful 1416 * NOTE: At the time of call, the text token id has been retrieved 1417 * 1418 * Format of text token: 1419 * text token id adr_char 1420 * text adr_string 1421 * ----------------------------------------------------------------------- 1422 */ 1423 int 1424 text_token(pr_context_t *context) 1425 { 1426 return (pa_adr_string(context, 0, 1)); 1427 } 1428 1429 /* 1430 * ----------------------------------------------------------------------- 1431 * tid_token() : Process a generic terminal id token / AUT_TID 1432 * return codes : -1 - error 1433 * : 0 - successful 1434 * NOTE: At the time of call, the token id has been retrieved 1435 * 1436 * Format of tid token: 1437 * ip token id adr_char 1438 * terminal type adr_char 1439 * terminal type = AU_IPADR: 1440 * remote port: adr_short 1441 * local port: adr_short 1442 * IP type: adt_int32 -- AU_IPv4 or AU_IPv6 1443 * address: adr_int32 if IPv4, else 4 * adr_int32 1444 * ----------------------------------------------------------------------- 1445 */ 1446 int 1447 tid_token(pr_context_t *context) 1448 { 1449 int returnstat; 1450 uchar_t type; 1451 uval_t uval; 1452 1453 if ((returnstat = pr_adr_u_char(context, &type, 1)) != 0) 1454 return (returnstat); 1455 uval.uvaltype = PRA_STRING; 1456 if ((returnstat = open_tag(context, TAG_TID_TYPE)) != 0) 1457 return (returnstat); 1458 1459 switch (type) { 1460 default: 1461 return (-1); /* other than IP type is not implemented */ 1462 case AU_IPADR: 1463 uval.string_val = "ip"; 1464 returnstat = pa_print(context, &uval, 0); 1465 returnstat = close_tag(context, TAG_TID_TYPE); 1466 returnstat = open_tag(context, TAG_IP); 1467 returnstat = process_tag(context, TAG_IP_REMOTE, returnstat, 0); 1468 returnstat = process_tag(context, TAG_IP_LOCAL, returnstat, 0); 1469 returnstat = process_tag(context, TAG_IP_ADR, returnstat, 1); 1470 returnstat = close_tag(context, TAG_IP); 1471 break; 1472 } 1473 return (returnstat); 1474 } 1475 1476 /* 1477 * ----------------------------------------------------------------------- 1478 * ip_addr_token() : Process ip token and display contents 1479 * return codes : -1 - error 1480 * : 0 - successful 1481 * NOTE: At the time of call, the ip token id has been retrieved 1482 * 1483 * Format of ip address token: 1484 * ip token id adr_char 1485 * address adr_int32 (printed in hex) 1486 * ----------------------------------------------------------------------- 1487 */ 1488 1489 int 1490 ip_addr_token(pr_context_t *context) 1491 { 1492 return (pa_hostname(context, 0, 1)); 1493 } 1494 1495 int 1496 ip_addr_ex_token(pr_context_t *context) 1497 { 1498 int returnstat; 1499 uint32_t ip_addr[16]; 1500 uint32_t ip_type; 1501 struct in_addr ia; 1502 char *ipstring; 1503 char buf[256]; 1504 uval_t uval; 1505 1506 /* get address type */ 1507 if ((returnstat = pr_adr_u_int32(context, &ip_type, 1)) != 0) 1508 return (returnstat); 1509 1510 /* legal address types are either AU_IPv4 or AU_IPv6 only */ 1511 if ((ip_type != AU_IPv4) && (ip_type != AU_IPv6)) 1512 return (-1); 1513 1514 /* get address (4/16) */ 1515 if ((returnstat = pr_adr_char(context, (char *)ip_addr, ip_type)) != 0) 1516 return (returnstat); 1517 1518 uval.uvaltype = PRA_STRING; 1519 if (ip_type == AU_IPv4) { 1520 uval.string_val = buf; 1521 1522 if (!(context->format & PRF_RAWM)) { 1523 get_Hname(ip_addr[0], buf, sizeof (buf)); 1524 return (pa_print(context, &uval, 1)); 1525 } 1526 1527 ia.s_addr = ip_addr[0]; 1528 if ((ipstring = inet_ntoa(ia)) == NULL) 1529 return (-1); 1530 1531 (void) snprintf(buf, sizeof (buf), "%s", ipstring); 1532 1533 } else { 1534 uval.string_val = buf; 1535 1536 if (!(context->format & PRF_RAWM)) { 1537 get_Hname_ex(ip_addr, buf, sizeof (buf)); 1538 return (pa_print(context, &uval, 1)); 1539 } 1540 1541 (void) inet_ntop(AF_INET6, (void *) ip_addr, buf, 1542 sizeof (buf)); 1543 1544 } 1545 1546 return (pa_print(context, &uval, 1)); 1547 } 1548 1549 /* 1550 * ----------------------------------------------------------------------- 1551 * ip_token() : Process ip header token and display contents 1552 * return codes : -1 - error 1553 * : 0 - successful 1554 * NOTE: At the time of call, the ip token id has been retrieved 1555 * 1556 * Format of ip header token: 1557 * ip header token id adr_char 1558 * version adr_char (printed in hex) 1559 * type of service adr_char (printed in hex) 1560 * length adr_short 1561 * id adr_u_short 1562 * offset adr_u_short 1563 * ttl adr_char (printed in hex) 1564 * protocol adr_char (printed in hex) 1565 * checksum adr_u_short 1566 * source address adr_int32 (printed in hex) 1567 * destination address adr_int32 (printed in hex) 1568 * ----------------------------------------------------------------------- 1569 */ 1570 int 1571 ip_token(pr_context_t *context) 1572 { 1573 int returnstat; 1574 1575 returnstat = process_tag(context, TAG_IPVERS, 0, 0); 1576 returnstat = process_tag(context, TAG_IPSERV, returnstat, 0); 1577 returnstat = process_tag(context, TAG_IPLEN, returnstat, 0); 1578 returnstat = process_tag(context, TAG_IPID, returnstat, 0); 1579 returnstat = process_tag(context, TAG_IPOFFS, returnstat, 0); 1580 returnstat = process_tag(context, TAG_IPTTL, returnstat, 0); 1581 returnstat = process_tag(context, TAG_IPPROTO, returnstat, 0); 1582 returnstat = process_tag(context, TAG_IPCKSUM, returnstat, 0); 1583 returnstat = process_tag(context, TAG_IPSRC, returnstat, 0); 1584 returnstat = process_tag(context, TAG_IPDEST, returnstat, 1); 1585 1586 return (returnstat); 1587 } 1588 1589 /* 1590 * ----------------------------------------------------------------------- 1591 * iport_token() : Process ip port address token and display contents 1592 * return codes : -1 - error 1593 * : 0 - successful 1594 * NOTE: At time of call, the ip port address token id has been retrieved 1595 * 1596 * Format of ip port token: 1597 * ip port address token id adr_char 1598 * port address adr_short (in_port_t == uint16_t) 1599 * ----------------------------------------------------------------------- 1600 */ 1601 int 1602 iport_token(pr_context_t *context) 1603 { 1604 return (pa_adr_u_short(context, 0, 1)); 1605 } 1606 1607 /* 1608 * ----------------------------------------------------------------------- 1609 * socket_token() : Process socket token and display contents 1610 * return codes : -1 - error 1611 * : 0 - successful 1612 * NOTE: At time of call, the socket token id has been retrieved 1613 * 1614 * Format of socket token: 1615 * ip socket token id adr_char 1616 * socket type adr_short (in hex) 1617 * foreign port adr_short (in hex) 1618 * foreign internet address adr_hostname/adr_int32 (in ascii/hex) 1619 * ----------------------------------------------------------------------- 1620 * 1621 * Note: local port and local internet address have been removed for 5.x 1622 */ 1623 int 1624 socket_token(pr_context_t *context) 1625 { 1626 int returnstat; 1627 1628 returnstat = process_tag(context, TAG_SOCKTYPE, 0, 0); 1629 returnstat = process_tag(context, TAG_SOCKPORT, returnstat, 0); 1630 if (returnstat != 0) 1631 return (returnstat); 1632 1633 if ((returnstat = open_tag(context, TAG_SOCKADDR)) != 0) 1634 return (returnstat); 1635 1636 if ((returnstat = pa_hostname(context, returnstat, 1)) != 0) 1637 return (returnstat); 1638 1639 return (close_tag(context, TAG_SOCKADDR)); 1640 } 1641 1642 /* 1643 * ----------------------------------------------------------------------- 1644 * socket_ex_token() : Process socket token and display contents 1645 * return codes : -1 - error 1646 * : 0 - successful 1647 * NOTE: At time of call, the extended socket token id has been retrieved 1648 * 1649 * Format of extended socket token: 1650 * token id adr_char 1651 * socket domain adr_short (in hex) 1652 * socket type adr_short (in hex) 1653 * IP address type adr_short (in hex) [not displayed] 1654 * local port adr_short (in hex) 1655 * local internet address adr_hostname/adr_int32 (in ascii/hex) 1656 * foreign port adr_short (in hex) 1657 * foreign internet address adr_hostname/adr_int32 (in ascii/hex) 1658 * ----------------------------------------------------------------------- 1659 * 1660 * Note: local port and local internet address have been removed for 5.x 1661 */ 1662 int 1663 socket_ex_token(pr_context_t *context) 1664 { 1665 int returnstat; 1666 1667 returnstat = process_tag(context, TAG_SOCKEXDOM, 0, 0); 1668 returnstat = process_tag(context, TAG_SOCKEXTYPE, returnstat, 0); 1669 returnstat = pa_hostname_so(context, returnstat, 1); 1670 1671 return (returnstat); 1672 } 1673 1674 /* 1675 * ----------------------------------------------------------------------- 1676 * sequence_token() : Process sequence token and display contents 1677 * return codes : -1 - error 1678 * : 0 - successful 1679 * NOTE: At time of call, the socket token id has been retrieved 1680 * 1681 * Format of sequence token: 1682 * sequence token id adr_char 1683 * sequence number adr_u_int32 (in hex) 1684 * ----------------------------------------------------------------------- 1685 */ 1686 int 1687 sequence_token(pr_context_t *context) 1688 { 1689 return (process_tag(context, TAG_SEQNUM, 0, 1)); 1690 } 1691 1692 /* 1693 * ----------------------------------------------------------------------- 1694 * acl_token() : Process access control list term 1695 * return codes : -1 - error 1696 * : 0 - successful 1697 * 1698 * Format of acl token: 1699 * token id adr_char 1700 * term type adr_u_int32 1701 * term value adr_u_int32 (depends on type) 1702 * file mode adr_u_int (in octal) 1703 * ----------------------------------------------------------------------- 1704 */ 1705 int 1706 acl_token(pr_context_t *context) 1707 { 1708 int returnstat; 1709 1710 returnstat = pa_pw_uid_gr_gid(context, 0, 0); 1711 1712 return (process_tag(context, TAG_MODE, returnstat, 1)); 1713 } 1714 1715 /* 1716 * ----------------------------------------------------------------------- 1717 * ace_token() : Process ZFS/NFSv4 access control list term 1718 * return codes : -1 - error 1719 * : 0 - successful 1720 * 1721 * Format of ace token: 1722 * token id adr_char 1723 * term who adr_u_int32 (uid/gid) 1724 * term mask adr_u_int32 1725 * term flags adr_u_int16 1726 * term type adr_u_int16 1727 * ----------------------------------------------------------------------- 1728 */ 1729 int 1730 ace_token(pr_context_t *context) 1731 { 1732 return (pa_ace(context, 0, 1)); 1733 } 1734 1735 /* 1736 * ----------------------------------------------------------------------- 1737 * attribute_token() : Process attribute token and display contents 1738 * return codes : -1 - error 1739 * : 0 - successful 1740 * NOTE: At the time of call, the attribute token id has been retrieved 1741 * 1742 * Format of attribute token: 1743 * attribute token id adr_char 1744 * mode adr_u_int (printed in octal) 1745 * uid adr_u_int 1746 * gid adr_u_int 1747 * file system id adr_int 1748 * 1749 * node id adr_int (attribute_token 1750 * pre SunOS 5.7) 1751 * device adr_u_int 1752 * or 1753 * node id adr_int64 (attribute32_token) 1754 * device adr_u_int 1755 * or 1756 * node id adr_int64 (attribute64_token) 1757 * device adr_u_int64 1758 * ----------------------------------------------------------------------- 1759 */ 1760 int 1761 attribute_token(pr_context_t *context) 1762 { 1763 int returnstat; 1764 1765 returnstat = process_tag(context, TAG_MODE, 0, 0); 1766 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1767 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1768 returnstat = process_tag(context, TAG_FSID, returnstat, 0); 1769 returnstat = process_tag(context, TAG_NODEID32, returnstat, 0); 1770 returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1); 1771 1772 return (returnstat); 1773 } 1774 1775 int 1776 attribute32_token(pr_context_t *context) 1777 { 1778 int returnstat; 1779 1780 returnstat = process_tag(context, TAG_MODE, 0, 0); 1781 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1782 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1783 returnstat = process_tag(context, TAG_FSID, returnstat, 0); 1784 returnstat = process_tag(context, TAG_NODEID64, returnstat, 0); 1785 returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1); 1786 1787 return (returnstat); 1788 } 1789 1790 int 1791 attribute64_token(pr_context_t *context) 1792 { 1793 int returnstat; 1794 1795 returnstat = process_tag(context, TAG_MODE, 0, 0); 1796 returnstat = process_tag(context, TAG_UID, returnstat, 0); 1797 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1798 returnstat = process_tag(context, TAG_FSID, returnstat, 0); 1799 returnstat = process_tag(context, TAG_NODEID64, returnstat, 0); 1800 returnstat = process_tag(context, TAG_DEVICE64, returnstat, 1); 1801 1802 return (returnstat); 1803 } 1804 1805 /* 1806 * ----------------------------------------------------------------------- 1807 * group_token() : Process group token and display contents 1808 * return codes : -1 - error 1809 * : 0 - successful 1810 * NOTE: At the time of call, the group token id has been retrieved 1811 * NOTE: This token is obsolete; it supports exactly NGROUPS_MAX 1812 * groups. 1813 * 1814 * Format of group token: 1815 * group token id adr_char 1816 * group list adr_long, 16 times 1817 * ----------------------------------------------------------------------- 1818 */ 1819 int 1820 group_token(pr_context_t *context) 1821 { 1822 int returnstat = 0; 1823 int i; 1824 1825 for (i = 0; i < NGROUPS_MAX - 1; i++) { 1826 if ((returnstat = process_tag(context, TAG_GROUPID, 1827 returnstat, 0)) < 0) 1828 return (returnstat); 1829 } 1830 1831 return (process_tag(context, TAG_GROUPID, returnstat, 1)); 1832 } 1833 1834 /* 1835 * ----------------------------------------------------------------------- 1836 * newgroup_token() : Process group token and display contents 1837 * return codes : -1 - error 1838 * : 0 - successful 1839 * NOTE: At the time of call, the group token id has been retrieved 1840 * 1841 * Format of new group token: 1842 * group token id adr_char 1843 * group number adr_short 1844 * group list adr_int32, group number times 1845 * ----------------------------------------------------------------------- 1846 */ 1847 int 1848 newgroup_token(pr_context_t *context) 1849 { 1850 int returnstat; 1851 int i, num; 1852 short n_groups; 1853 1854 returnstat = pr_adr_short(context, &n_groups, 1); 1855 if (returnstat != 0) 1856 return (returnstat); 1857 1858 num = (int)n_groups; 1859 if (num == 0) { 1860 if (!(context->format & PRF_XMLM)) { 1861 returnstat = do_newline(context, 1); 1862 } 1863 return (returnstat); 1864 } 1865 for (i = 0; i < num - 1; i++) { 1866 if ((returnstat = process_tag(context, TAG_GROUPID, 1867 returnstat, 0)) < 0) 1868 return (returnstat); 1869 } 1870 1871 return (process_tag(context, TAG_GROUPID, returnstat, 1)); 1872 } 1873 1874 static int 1875 string_token_common(pr_context_t *context, int tag) 1876 { 1877 int returnstat; 1878 int num; 1879 1880 returnstat = pr_adr_int32(context, (int32_t *)&num, 1); 1881 if (returnstat != 0) 1882 return (returnstat); 1883 1884 if (!(context->format & PRF_XMLM)) { 1885 returnstat = pr_printf(context, "%d%s", num, 1886 context->SEPARATOR); 1887 if (returnstat != 0) 1888 return (returnstat); 1889 } 1890 1891 if (num == 0) 1892 return (do_newline(context, 1)); 1893 1894 for (; num > 1; num--) { 1895 if ((returnstat = (process_tag(context, tag, 1896 returnstat, 0))) < 0) 1897 return (returnstat); 1898 } 1899 1900 return (process_tag(context, tag, returnstat, 1)); 1901 } 1902 1903 int 1904 path_attr_token(pr_context_t *context) 1905 { 1906 return (string_token_common(context, TAG_XAT)); 1907 } 1908 1909 int 1910 exec_args_token(pr_context_t *context) 1911 { 1912 return (string_token_common(context, TAG_ARG)); 1913 } 1914 1915 int 1916 exec_env_token(pr_context_t *context) 1917 { 1918 return (string_token_common(context, TAG_ENV)); 1919 } 1920 1921 /* 1922 * ----------------------------------------------------------------------- 1923 * s5_IPC_perm_token() : Process System V IPC permission token and display 1924 * contents 1925 * return codes : -1 - error 1926 * : 0 - successful 1927 * NOTE: At the time of call, the System V IPC permission token id 1928 * has been retrieved 1929 * 1930 * Format of System V IPC permission token: 1931 * System V IPC permission token id adr_char 1932 * uid adr_u_int32 1933 * gid adr_u_int32 1934 * cuid adr_u_int32 1935 * cgid adr_u_int32 1936 * mode adr_u_int32 1937 * seq adr_u_int32 1938 * key adr_int32 1939 * ----------------------------------------------------------------------- 1940 */ 1941 int 1942 s5_IPC_perm_token(pr_context_t *context) 1943 { 1944 int returnstat; 1945 1946 returnstat = process_tag(context, TAG_UID, 0, 0); 1947 returnstat = process_tag(context, TAG_GID, returnstat, 0); 1948 returnstat = process_tag(context, TAG_CUID, returnstat, 0); 1949 returnstat = process_tag(context, TAG_CGID, returnstat, 0); 1950 returnstat = process_tag(context, TAG_MODE, returnstat, 0); 1951 returnstat = process_tag(context, TAG_SEQ, returnstat, 0); 1952 returnstat = process_tag(context, TAG_KEY, returnstat, 1); 1953 1954 return (returnstat); 1955 } 1956 1957 /* 1958 * ----------------------------------------------------------------------- 1959 * host_token() : Process host token and display contents 1960 * return codes : -1 - error 1961 * : 0 - successful 1962 * NOTE: At the time of call, the host token id has been retrieved 1963 * 1964 * Format of host token: 1965 * host token id adr_char 1966 * hostid adr_u_int32 1967 * ----------------------------------------------------------------------- 1968 */ 1969 int 1970 host_token(pr_context_t *context) 1971 { 1972 return (pa_hostname(context, 0, 1)); 1973 } 1974 1975 /* 1976 * ----------------------------------------------------------------------- 1977 * liaison_token() : Process liaison token and display contents 1978 * return codes : -1 - error 1979 * : 0 - successful 1980 * NOTE: At the time of call, the liaison token id has been retrieved 1981 * 1982 * Format of liaison token: 1983 * liaison token id adr_char 1984 * liaison adr_u_int32 1985 * ----------------------------------------------------------------------- 1986 */ 1987 int 1988 liaison_token(pr_context_t *context) 1989 { 1990 return (pa_liaison(context, 0, 1)); 1991 } 1992 1993 /* 1994 * ----------------------------------------------------------------------- 1995 * useofauth_token(): Process useofauth token and display contents 1996 * return codes : -1 - error 1997 * : 0 - successful 1998 * NOTE: At the time of call, the uauth token id has been retrieved 1999 * 2000 * Format of useofauth token: 2001 * uauth token id adr_char 2002 * uauth adr_string 2003 * ----------------------------------------------------------------------- 2004 */ 2005 int 2006 useofauth_token(pr_context_t *context) 2007 { 2008 return (pa_adr_string(context, 0, 1)); 2009 } 2010 2011 /* 2012 * ----------------------------------------------------------------------- 2013 * user_token(): Process user token and display contents 2014 * return codes : -1 - error 2015 * : 0 - successful 2016 * NOTE: At the time of call, the user token id has been retrieved 2017 * 2018 * Format of user token: 2019 * user token id adr_char 2020 * user id adr_uid 2021 * user name adr_string 2022 * ----------------------------------------------------------------------- 2023 */ 2024 int 2025 user_token(pr_context_t *context) 2026 { 2027 int returnstat; 2028 2029 returnstat = process_tag(context, TAG_UID, 0, 0); 2030 return (process_tag(context, TAG_USERNAME, returnstat, 1)); 2031 } 2032 2033 /* 2034 * ----------------------------------------------------------------------- 2035 * zonename_token(): Process zonename token and display contents 2036 * return codes : -1 - error 2037 * : 0 - successful 2038 * NOTE: At the time of call, the zonename token id has been retrieved 2039 * 2040 * Format of zonename token: 2041 * zonename token id adr_char 2042 * zone name adr_string 2043 * ----------------------------------------------------------------------- 2044 */ 2045 int 2046 zonename_token(pr_context_t *context) 2047 { 2048 return (process_tag(context, TAG_ZONENAME, 0, 1)); 2049 } 2050 2051 /* 2052 * ----------------------------------------------------------------------- 2053 * fmri_token(): Process fmri token and display contents 2054 * return codes : -1 - error 2055 * : 0 - successful 2056 * NOTE: At the time of call, the fmri token id has been retrieved 2057 * 2058 * Format of fmri token: 2059 * fmri token id adr_char 2060 * service instance name adr_string 2061 * ----------------------------------------------------------------------- 2062 */ 2063 int 2064 fmri_token(pr_context_t *context) 2065 { 2066 return (pa_adr_string(context, 0, 1)); 2067 } 2068 2069 /* 2070 * ----------------------------------------------------------------------- 2071 * xatom_token() : Process Xatom token and display contents in hex. 2072 * return codes : -1 - error 2073 * : 0 - successful 2074 * NOTE: At the time of call, the xatom token id has been retrieved 2075 * 2076 * Format of xatom token: 2077 * token id adr_char 2078 * length adr_short 2079 * atom adr_char length times 2080 * ----------------------------------------------------------------------- 2081 */ 2082 int 2083 xatom_token(pr_context_t *context) 2084 { 2085 return (pa_adr_string(context, 0, 1)); 2086 } 2087 2088 int 2089 xcolormap_token(pr_context_t *context) 2090 { 2091 return (pa_xgeneric(context)); 2092 } 2093 2094 int 2095 xcursor_token(pr_context_t *context) 2096 { 2097 return (pa_xgeneric(context)); 2098 } 2099 2100 int 2101 xfont_token(pr_context_t *context) 2102 { 2103 return (pa_xgeneric(context)); 2104 } 2105 2106 int 2107 xgc_token(pr_context_t *context) 2108 { 2109 return (pa_xgeneric(context)); 2110 } 2111 2112 int 2113 xpixmap_token(pr_context_t *context) 2114 { 2115 return (pa_xgeneric(context)); 2116 } 2117 2118 int 2119 xwindow_token(pr_context_t *context) 2120 { 2121 return (pa_xgeneric(context)); 2122 } 2123 2124 /* 2125 * ----------------------------------------------------------------------- 2126 * xproperty_token(): Process Xproperty token and display contents 2127 * 2128 * return codes : -1 - error 2129 * : 0 - successful 2130 * NOTE: At the time of call, the xproperty token id has been retrieved 2131 * 2132 * Format of xproperty token: 2133 * token id adr_char 2134 * XID adr_u_int32 2135 * creator UID adr_u_int32 2136 * text adr_text 2137 * ----------------------------------------------------------------------- 2138 */ 2139 int 2140 xproperty_token(pr_context_t *context) 2141 { 2142 int returnstat; 2143 2144 returnstat = process_tag(context, TAG_XID, 0, 0); 2145 returnstat = process_tag(context, TAG_XCUID, returnstat, 0); 2146 2147 /* Done with attributes; force end of token open */ 2148 if (returnstat == 0) 2149 returnstat = finish_open_tag(context); 2150 2151 returnstat = pa_adr_string(context, returnstat, 1); 2152 2153 return (returnstat); 2154 } 2155 2156 /* 2157 * ----------------------------------------------------------------------- 2158 * xselect_token(): Process Xselect token and display contents in hex 2159 * 2160 * return codes : -1 - error 2161 * : 0 - successful 2162 * NOTE: At the time of call, the xselect token id has been retrieved 2163 * 2164 * Format of xselect token 2165 * text token id adr_char 2166 * property text adr_string 2167 * property type adr_string 2168 * property data adr_string 2169 * ----------------------------------------------------------------------- 2170 */ 2171 int 2172 xselect_token(pr_context_t *context) 2173 { 2174 int returnstat; 2175 2176 returnstat = process_tag(context, TAG_XSELTEXT, 0, 0); 2177 returnstat = process_tag(context, TAG_XSELTYPE, returnstat, 0); 2178 returnstat = process_tag(context, TAG_XSELDATA, returnstat, 1); 2179 2180 return (returnstat); 2181 } 2182 2183 /* 2184 * ----------------------------------------------------------------------- 2185 * xclient_token(): Process Xclient token and display contents in hex. 2186 * 2187 * return codes : -1 - error 2188 * : 0 - successful 2189 * 2190 * Format of xclient token: 2191 * token id adr_char 2192 * client adr_int32 2193 * ----------------------------------------------------------------------- 2194 */ 2195 int 2196 xclient_token(pr_context_t *context) 2197 { 2198 return (pa_adr_int32(context, 0, 1)); 2199 } 2200 2201 /* 2202 * ----------------------------------------------------------------------- 2203 * label_token() : Process label token and display contents 2204 * return codes : -1 - error 2205 * : 0 - successful 2206 * NOTE: At the time of call, the label token id has been retrieved 2207 * 2208 * Format of label token: 2209 * label token id adr_char 2210 * label ID adr_char 2211 * label compartment length adr_char 2212 * label classification adr_short 2213 * label compartment words <compartment length> * 4 adr_char 2214 * ----------------------------------------------------------------------- 2215 */ 2216 /*ARGSUSED*/ 2217 int 2218 label_token(pr_context_t *context) 2219 { 2220 static m_label_t *label = NULL; 2221 static size32_t l_size; 2222 int len; 2223 int returnstat; 2224 uval_t uval; 2225 2226 if (label == NULL) { 2227 if ((label = m_label_alloc(MAC_LABEL)) == NULL) { 2228 return (-1); 2229 } 2230 l_size = blabel_size() - 4; 2231 } 2232 if ((returnstat = pr_adr_char(context, (char *)label, 4)) == 0) { 2233 len = (int)(((char *)label)[1] * 4); 2234 if ((len > l_size) || 2235 (pr_adr_char(context, &((char *)label)[4], len) != 0)) { 2236 return (-1); 2237 } 2238 uval.uvaltype = PRA_STRING; 2239 if (!(context->format & PRF_RAWM)) { 2240 /* print in ASCII form */ 2241 if (label_to_str(label, &uval.string_val, M_LABEL, 2242 DEF_NAMES) == 0) { 2243 returnstat = pa_print(context, &uval, 1); 2244 } else /* cannot convert to string */ 2245 returnstat = 1; 2246 } 2247 /* print in hexadecimal form */ 2248 if ((context->format & PRF_RAWM) || (returnstat == 1)) { 2249 uval.string_val = hexconvert((char *)label, len, len); 2250 if (uval.string_val) { 2251 returnstat = pa_print(context, &uval, 1); 2252 } 2253 } 2254 free(uval.string_val); 2255 } 2256 return (returnstat); 2257 } 2258 2259 /* 2260 * ----------------------------------------------------------------------- 2261 * useofpriv_token() : Process priv token and display contents 2262 * return codes : -1 - error 2263 * : 0 - successful 2264 * NOTE: At the time of call, the useofpriv token id has been retrieved 2265 * 2266 * Format of useofpriv token: 2267 * useofpriv token id adr_char 2268 * success/failure flag adr_char 2269 * priv adr_int32 (Trusted Solaris) 2270 * priv_set '\0' separated privileges. 2271 * ----------------------------------------------------------------------- 2272 */ 2273 /*ARGSUSED*/ 2274 int 2275 useofpriv_token(pr_context_t *context) 2276 { 2277 int returnstat; 2278 char sf; 2279 uval_t uval; 2280 2281 if ((returnstat = pr_adr_char(context, &sf, 1)) != 0) { 2282 return (returnstat); 2283 } 2284 if (!(context->format & PRF_RAWM)) { 2285 /* print in ASCII form */ 2286 2287 if ((returnstat = open_tag(context, TAG_RESULT)) != 0) 2288 return (returnstat); 2289 2290 uval.uvaltype = PRA_STRING; 2291 if (sf) { 2292 uval.string_val = gettext("successful use of priv"); 2293 returnstat = pa_print(context, &uval, 0); 2294 } else { 2295 uval.string_val = gettext("failed use of priv"); 2296 returnstat = pa_print(context, &uval, 0); 2297 } 2298 if (returnstat == 0) 2299 returnstat = close_tag(context, TAG_RESULT); 2300 2301 /* Done with attributes; force end of token open */ 2302 if (returnstat == 0) 2303 returnstat = finish_open_tag(context); 2304 } else { 2305 /* print in hexadecimal form */ 2306 if ((returnstat = open_tag(context, TAG_RESULT)) != 0) 2307 return (returnstat); 2308 uval.uvaltype = PRA_SHORT; 2309 uval.short_val = sf; 2310 returnstat = pa_print(context, &uval, 0); 2311 if (returnstat == 0) 2312 returnstat = close_tag(context, TAG_RESULT); 2313 2314 /* Done with attributes; force end of token open */ 2315 if (returnstat == 0) 2316 returnstat = finish_open_tag(context); 2317 } 2318 return (pa_adr_string(context, 0, 1)); 2319 } 2320 2321 /* 2322 * ----------------------------------------------------------------------- 2323 * privilege_token() : Process privilege token and display contents 2324 * return codes : -1 - error 2325 * : 0 - successful 2326 * NOTE: At the time of call, the privilege token id has been retrieved 2327 * 2328 * Format of privilege token: 2329 * privilege token id adr_char 2330 * privilege type adr_string 2331 * privilege adr_string 2332 * ----------------------------------------------------------------------- 2333 */ 2334 int 2335 privilege_token(pr_context_t *context) 2336 { 2337 int returnstat; 2338 2339 /* privilege type: */ 2340 returnstat = process_tag(context, TAG_SETTYPE, 0, 0); 2341 2342 /* Done with attributes; force end of token open */ 2343 if (returnstat == 0) 2344 returnstat = finish_open_tag(context); 2345 2346 /* privilege: */ 2347 return (pa_adr_string(context, returnstat, 1)); 2348 } 2349 2350 /* 2351 * ----------------------------------------------------------------------- 2352 * secflags_token() : Process privilege token and display contents 2353 * return codes : -1 - error 2354 * : 0 - successful 2355 * NOTE: At the time of call, the secflags token id has been retrieved 2356 * 2357 * Format of secflags token: 2358 * secflags token id adr_char 2359 * secflag set name adr_string 2360 * secflags adr_string 2361 * ----------------------------------------------------------------------- 2362 */ 2363 int 2364 secflags_token(pr_context_t *context) 2365 { 2366 int returnstat; 2367 2368 /* Set name */ 2369 returnstat = process_tag(context, TAG_SETTYPE, 0, 0); 2370 2371 /* Done with attributes; force end of token open */ 2372 if (returnstat == 0) 2373 returnstat = finish_open_tag(context); 2374 2375 /* set */ 2376 return (pa_adr_string(context, returnstat, 1)); 2377 }