Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit_token.c
+++ new/usr/src/uts/common/c2/audit_token.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 /*
27 27 * Support routines for building audit records.
28 28 */
29 29
30 30 #include <sys/param.h>
31 31 #include <sys/systm.h> /* for rval */
32 32 #include <sys/time.h>
33 33 #include <sys/types.h>
34 34 #include <sys/vnode.h>
35 35 #include <sys/mode.h>
36 36 #include <sys/user.h>
37 37 #include <sys/session.h>
38 38 #include <sys/acl.h>
39 39 #include <sys/ipc_impl.h>
40 40 #include <netinet/in_systm.h>
41 41 #include <netinet/in.h>
42 42 #include <netinet/ip.h>
43 43 #include <sys/socket.h>
44 44 #include <net/route.h>
45 45 #include <netinet/in_pcb.h>
46 46 #include <c2/audit.h>
47 47 #include <c2/audit_kernel.h>
48 48 #include <c2/audit_record.h>
49 49 #include <sys/model.h> /* for model_t */
50 50 #include <sys/vmparam.h> /* for USRSTACK/USRSTACK32 */
51 51 #include <sys/vfs.h> /* for sonode */
52 52 #include <sys/socketvar.h> /* for sonode */
53 53 #include <sys/zone.h>
54 54 #include <sys/tsol/label.h>
55 55
56 56 /*
57 57 * These are the control tokens
58 58 */
59 59
60 60 /*
61 61 * au_to_header
62 62 * returns:
63 63 * pointer to au_membuf chain containing a header token.
64 64 */
65 65 token_t *
66 66 au_to_header(int byte_count, au_event_t e_type, au_emod_t e_mod)
67 67 {
68 68 adr_t adr; /* adr memory stream header */
69 69 token_t *m; /* au_membuf pointer */
70 70 #ifdef _LP64
71 71 char data_header = AUT_HEADER64; /* header for this token */
72 72 static int64_t zerotime[2];
73 73 #else
74 74 char data_header = AUT_HEADER32;
75 75 static int32_t zerotime[2];
76 76 #endif
77 77 char version = TOKEN_VERSION; /* version of token family */
78 78
79 79 m = au_getclr();
80 80
81 81 adr_start(&adr, memtod(m, char *));
82 82 adr_char(&adr, &data_header, 1); /* token ID */
83 83 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
84 84 /* audit record */
85 85 adr_char(&adr, &version, 1); /* version of audit tokens */
86 86 adr_ushort(&adr, &e_type, 1); /* event ID */
87 87 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
88 88 #ifdef _LP64
89 89 adr_int64(&adr, zerotime, 2); /* time & date space */
90 90 #else
91 91 adr_int32(&adr, zerotime, 2);
92 92 #endif
93 93 m->len = adr_count(&adr);
94 94
95 95 return (m);
96 96 }
97 97
98 98 token_t *
99 99 au_to_header_ex(int byte_count, au_event_t e_type, au_emod_t e_mod)
100 100 {
101 101 adr_t adr; /* adr memory stream header */
102 102 token_t *m; /* au_membuf pointer */
103 103 au_kcontext_t *kctx = GET_KCTX_PZ;
104 104
105 105 #ifdef _LP64
106 106 char data_header = AUT_HEADER64_EX; /* header for this token */
107 107 static int64_t zerotime[2];
108 108 #else
109 109 char data_header = AUT_HEADER32_EX;
110 110 static int32_t zerotime[2];
111 111 #endif
112 112 char version = TOKEN_VERSION; /* version of token family */
113 113
114 114 m = au_getclr();
115 115
116 116 adr_start(&adr, memtod(m, char *));
117 117 adr_char(&adr, &data_header, 1); /* token ID */
118 118 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
119 119 /* audit record */
120 120 adr_char(&adr, &version, 1); /* version of audit tokens */
121 121 adr_ushort(&adr, &e_type, 1); /* event ID */
122 122 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
123 123 adr_uint32(&adr, &kctx->auk_info.ai_termid.at_type, 1);
124 124 adr_char(&adr, (char *)&kctx->auk_info.ai_termid.at_addr[0],
125 125 (int)kctx->auk_info.ai_termid.at_type);
126 126 #ifdef _LP64
127 127 adr_int64(&adr, zerotime, 2); /* time & date */
128 128 #else
129 129 adr_int32(&adr, zerotime, 2);
130 130 #endif
131 131 m->len = adr_count(&adr);
132 132
133 133 return (m);
134 134 }
135 135
136 136 /*
137 137 * au_to_trailer
138 138 * returns:
139 139 * pointer to au_membuf chain containing a trailer token.
140 140 */
141 141 token_t *
142 142 au_to_trailer(int byte_count)
143 143 {
144 144 adr_t adr; /* adr memory stream header */
145 145 token_t *m; /* au_membuf pointer */
146 146 char data_header = AUT_TRAILER; /* header for this token */
147 147 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */
148 148
149 149 m = au_getclr();
150 150
151 151 adr_start(&adr, memtod(m, char *));
152 152 adr_char(&adr, &data_header, 1); /* token ID */
153 153 adr_short(&adr, &magic, 1); /* magic number */
154 154 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
155 155 /* audit record */
156 156
157 157 m->len = adr_count(&adr);
158 158
159 159 return (m);
160 160 }
161 161 /*
162 162 * These are the data tokens
163 163 */
164 164
165 165 /*
166 166 * au_to_data
167 167 * returns:
168 168 * pointer to au_membuf chain containing a data token.
169 169 */
170 170 token_t *
171 171 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
172 172 {
173 173 adr_t adr; /* adr memory stream header */
174 174 token_t *m; /* au_membuf pointer */
175 175 char data_header = AUT_DATA; /* header for this token */
176 176
177 177 ASSERT(p != NULL);
178 178 ASSERT(unit_count != 0);
179 179
180 180 switch (unit_type) {
181 181 case AUR_SHORT:
182 182 if (sizeof (short) * unit_count >= AU_BUFSIZE)
183 183 return (au_to_text("au_to_data: unit count too big"));
184 184 break;
185 185 case AUR_INT32:
186 186 if (sizeof (int32_t) * unit_count >= AU_BUFSIZE)
187 187 return (au_to_text("au_to_data: unit count too big"));
188 188 break;
189 189 case AUR_INT64:
190 190 if (sizeof (int64_t) * unit_count >= AU_BUFSIZE)
191 191 return (au_to_text("au_to_data: unit count too big"));
192 192 break;
193 193 case AUR_BYTE:
194 194 default:
195 195 #ifdef _CHAR_IS_UNSIGNED
196 196 if (sizeof (char) * unit_count >= AU_BUFSIZE)
197 197 return (au_to_text("au_to_data: unit count too big"));
198 198 #endif
199 199 /*
200 200 * we used to check for this:
201 201 * sizeof (char) * (int)unit_count >= AU_BUFSIZE).
202 202 * but the compiler is smart enough to see that
203 203 * will never be >= AU_BUFSIZE, since that's 128
204 204 * and unit_count maxes out at 127 (signed char),
205 205 * and complain.
206 206 */
207 207 break;
208 208 }
209 209
210 210 m = au_getclr();
211 211
212 212 adr_start(&adr, memtod(m, char *));
213 213 adr_char(&adr, &data_header, 1);
214 214 adr_char(&adr, &unit_print, 1);
215 215 adr_char(&adr, &unit_type, 1);
216 216 adr_char(&adr, &unit_count, 1);
217 217
218 218 switch (unit_type) {
219 219 case AUR_SHORT:
220 220 adr_short(&adr, (short *)p, unit_count);
221 221 break;
222 222 case AUR_INT32:
223 223 adr_int32(&adr, (int32_t *)p, unit_count);
224 224 break;
225 225 case AUR_INT64:
226 226 adr_int64(&adr, (int64_t *)p, unit_count);
227 227 break;
228 228 case AUR_BYTE:
229 229 default:
230 230 adr_char(&adr, p, unit_count);
231 231 break;
232 232 }
233 233
234 234 m->len = adr_count(&adr);
235 235
236 236 return (m);
237 237 }
238 238
239 239 /*
240 240 * au_to_process
241 241 * au_to_subject
242 242 * returns:
243 243 * pointer to au_membuf chain containing a process token.
244 244 */
245 245 static token_t *au_to_any_process(char, uid_t, gid_t, uid_t, gid_t,
246 246 pid_t, au_id_t, au_asid_t, const au_tid_addr_t *atid);
247 247
248 248 token_t *
249 249 au_to_process(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
250 250 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
251 251 {
252 252 char data_header;
253 253
254 254 #ifdef _LP64
255 255 if (atid->at_type == AU_IPv6)
256 256 data_header = AUT_PROCESS64_EX;
257 257 else
258 258 data_header = AUT_PROCESS64;
259 259 #else
260 260 if (atid->at_type == AU_IPv6)
261 261 data_header = AUT_PROCESS32_EX;
262 262 else
263 263 data_header = AUT_PROCESS32;
264 264 #endif
265 265
266 266 return (au_to_any_process(data_header, uid, gid, ruid,
267 267 rgid, pid, auid, asid, atid));
268 268 }
269 269
270 270 token_t *
271 271 au_to_subject(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
272 272 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
273 273 {
274 274 char data_header;
275 275
276 276 #ifdef _LP64
277 277 if (atid->at_type == AU_IPv6)
278 278 data_header = AUT_SUBJECT64_EX;
279 279 else
280 280 data_header = AUT_SUBJECT64;
281 281 #else
282 282 if (atid->at_type == AU_IPv6)
283 283 data_header = AUT_SUBJECT32_EX;
284 284 else
285 285 data_header = AUT_SUBJECT32;
286 286 #endif
287 287 return (au_to_any_process(data_header, uid, gid, ruid,
288 288 rgid, pid, auid, asid, atid));
289 289 }
290 290
291 291
292 292 static token_t *
293 293 au_to_any_process(char data_header,
294 294 uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
295 295 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
296 296 {
297 297 token_t *m; /* local au_membuf */
298 298 adr_t adr; /* adr memory stream header */
299 299 int32_t value;
300 300
301 301 m = au_getclr();
302 302
303 303 adr_start(&adr, memtod(m, char *));
304 304 adr_char(&adr, &data_header, 1);
305 305 value = (int32_t)auid;
306 306 adr_int32(&adr, &value, 1);
307 307 value = (int32_t)uid;
308 308 adr_int32(&adr, &value, 1);
309 309 value = (int32_t)gid;
310 310 adr_int32(&adr, &value, 1);
311 311 value = (int32_t)ruid;
312 312 adr_int32(&adr, &value, 1);
313 313 value = (int32_t)rgid;
314 314 adr_int32(&adr, &value, 1);
315 315 value = (int32_t)pid;
316 316 adr_int32(&adr, &value, 1);
317 317 value = (int32_t)asid;
318 318 adr_int32(&adr, &value, 1);
319 319 #ifdef _LP64
320 320 adr_int64(&adr, (int64_t *)&(atid->at_port), 1);
321 321 #else
322 322 adr_int32(&adr, (int32_t *)&(atid->at_port), 1);
323 323 #endif
324 324 if (atid->at_type == AU_IPv6) {
325 325 adr_uint32(&adr, (uint_t *)&atid->at_type, 1);
326 326 adr_char(&adr, (char *)&atid->at_addr[0], 16);
327 327 } else {
328 328 adr_char(&adr, (char *)&(atid->at_addr[0]), 4);
329 329 }
330 330
331 331 m->len = adr_count(&adr);
332 332
333 333 return (m);
334 334 }
335 335
336 336 /*
337 337 * au_to_text
338 338 * returns:
339 339 * pointer to au_membuf chain containing a text token.
340 340 */
341 341 token_t *
342 342 au_to_text(const char *text)
343 343 {
344 344 token_t *token; /* local au_membuf */
345 345 adr_t adr; /* adr memory stream header */
346 346 char data_header = AUT_TEXT; /* header for this token */
347 347 short bytes; /* length of string */
348 348
349 349 token = au_getclr();
350 350
351 351 bytes = (short)strlen(text) + 1;
352 352 adr_start(&adr, memtod(token, char *));
353 353 adr_char(&adr, &data_header, 1);
354 354 adr_short(&adr, &bytes, 1);
355 355
356 356 token->len = (char)adr_count(&adr);
357 357 /*
358 358 * Now attach the text
359 359 */
360 360 (void) au_append_buf(text, bytes, token);
361 361
362 362 return (token);
363 363 }
364 364
365 365 /*
366 366 * au_zonename_length
367 367 * returns:
368 368 * - length of zonename token to be generated
369 369 * - zone name up to ZONENAME_MAX + 1 in length
370 370 */
371 371 #define ZONE_TOKEN_OVERHEAD 3
372 372 /*
373 373 * the zone token is
374 374 * token id (1 byte)
375 375 * string length (2 bytes)
376 376 * the string (strlen(zonename) + 1)
377 377 */
378 378 size_t
379 379 au_zonename_length(zone_t *zone)
380 380 {
381 381 if (zone == NULL)
382 382 zone = curproc->p_zone;
383 383 return (strlen(zone->zone_name) + 1 +
384 384 ZONE_TOKEN_OVERHEAD);
385 385 }
386 386
387 387 /*
388 388 * au_to_zonename
389 389 *
390 390 * A length of zero input to au_to_zonename means the length is not
391 391 * pre-calculated.
392 392 *
393 393 * The caller is responsible for checking the AUDIT_ZONENAME policy
394 394 * before calling au_zonename_length() and au_to_zonename(). If
395 395 * the policy changes between the calls, no harm is done, so the
396 396 * policy only needs to be checked once.
397 397 *
398 398 * returns:
399 399 * pointer to au_membuf chain containing a zonename token; NULL if
400 400 * policy is off.
401 401 *
402 402 * if the zonename token is generated at token generation close time,
403 403 * the length of the token is already known and it is ASSERTed that
404 404 * it has not changed. If not precalculated, zone_length must be
405 405 * zero.
406 406 */
407 407 token_t *
408 408 au_to_zonename(size_t zone_length, zone_t *zone)
409 409 {
410 410 token_t *token; /* local au_membuf */
411 411 adr_t adr; /* adr memory stream header */
412 412 char data_header = AUT_ZONENAME; /* header for this token */
413 413 short bytes; /* length of string */
414 414
415 415 token = au_getclr();
416 416
417 417 if (zone == NULL)
418 418 zone = curproc->p_zone;
419 419 bytes = (short)strlen(zone->zone_name) + 1;
420 420 /*
421 421 * If zone_length != 0, it was precalculated and is
422 422 * the token length, not the string length.
423 423 */
424 424 ASSERT((zone_length == 0) ||
425 425 (zone_length == (bytes + ZONE_TOKEN_OVERHEAD)));
426 426
427 427 adr_start(&adr, memtod(token, char *));
428 428 adr_char(&adr, &data_header, 1);
429 429 adr_short(&adr, &bytes, 1);
430 430
431 431 token->len = (char)adr_count(&adr);
432 432 (void) au_append_buf(zone->zone_name, bytes, token);
433 433
434 434 return (token);
435 435 }
436 436
437 437 /*
438 438 * au_to_strings
439 439 * returns:
440 440 * pointer to au_membuf chain containing a strings array token.
441 441 */
442 442 token_t *
443 443 au_to_strings(
444 444 char header, /* token type */
445 445 const char *kstrp, /* kernel string pointer */
446 446 ssize_t count) /* count of arguments */
447 447 {
448 448 token_t *token; /* local au_membuf */
449 449 token_t *m; /* local au_membuf */
450 450 adr_t adr; /* adr memory stream header */
451 451 size_t len;
452 452 int32_t tlen;
453 453
454 454 token = au_getclr();
455 455
456 456 adr_start(&adr, memtod(token, char *));
457 457 adr_char(&adr, &header, 1);
458 458 tlen = (int32_t)count;
459 459 adr_int32(&adr, &tlen, 1);
460 460
461 461 token->len = (char)adr_count(&adr);
462 462
463 463 while (count-- > 0) {
464 464 m = au_getclr();
465 465 len = strlen(kstrp) + 1;
466 466 (void) au_append_buf(kstrp, len, m);
467 467 (void) au_append_rec((token_t *)token, (token_t *)m, AU_PACK);
468 468 kstrp += len;
469 469 }
470 470
471 471 return (token);
472 472 }
473 473
474 474 /*
475 475 * au_to_exec_args
476 476 * returns:
477 477 * pointer to au_membuf chain containing a argv token.
478 478 */
479 479 token_t *
480 480 au_to_exec_args(const char *kstrp, ssize_t argc)
481 481 {
482 482 return (au_to_strings(AUT_EXEC_ARGS, kstrp, argc));
483 483 }
484 484
485 485 /*
486 486 * au_to_exec_env
487 487 * returns:
488 488 * pointer to au_membuf chain containing a arge token.
489 489 */
490 490 token_t *
491 491 au_to_exec_env(const char *kstrp, ssize_t envc)
492 492 {
493 493 return (au_to_strings(AUT_EXEC_ENV, kstrp, envc));
494 494 }
495 495
496 496 /*
497 497 * au_to_arg32
498 498 * char n; argument # being used
499 499 * char *text; text describing argument
500 500 * uint32_t v; argument value
501 501 * returns:
502 502 * pointer to au_membuf chain containing an argument token.
503 503 */
504 504 token_t *
505 505 au_to_arg32(char n, char *text, uint32_t v)
506 506 {
507 507 token_t *token; /* local au_membuf */
508 508 adr_t adr; /* adr memory stream header */
509 509 char data_header = AUT_ARG32; /* header for this token */
510 510 short bytes; /* length of string */
511 511
512 512 token = au_getclr();
513 513
514 514 bytes = strlen(text) + 1;
515 515 adr_start(&adr, memtod(token, char *));
516 516 adr_char(&adr, &data_header, 1); /* token type */
517 517 adr_char(&adr, &n, 1); /* argument id */
518 518 adr_uint32(&adr, &v, 1); /* argument value */
519 519 adr_short(&adr, &bytes, 1);
520 520
521 521 token->len = adr_count(&adr);
522 522 /*
523 523 * Now add the description
524 524 */
525 525 (void) au_append_buf(text, bytes, token);
526 526
527 527 return (token);
528 528 }
529 529
530 530
531 531 /*
532 532 * au_to_arg64
533 533 * char n; argument # being used
534 534 * char *text; text describing argument
535 535 * uint64_t v; argument value
536 536 * returns:
537 537 * pointer to au_membuf chain containing an argument token.
538 538 */
539 539 token_t *
540 540 au_to_arg64(char n, char *text, uint64_t v)
541 541 {
542 542 token_t *token; /* local au_membuf */
543 543 adr_t adr; /* adr memory stream header */
544 544 char data_header = AUT_ARG64; /* header for this token */
545 545 short bytes; /* length of string */
546 546
547 547 token = au_getclr();
548 548
549 549 bytes = strlen(text) + 1;
550 550 adr_start(&adr, memtod(token, char *));
551 551 adr_char(&adr, &data_header, 1); /* token type */
552 552 adr_char(&adr, &n, 1); /* argument id */
553 553 adr_uint64(&adr, &v, 1); /* argument value */
554 554 adr_short(&adr, &bytes, 1);
555 555
556 556 token->len = adr_count(&adr);
557 557 /*
558 558 * Now the description
559 559 */
560 560 (void) au_append_buf(text, bytes, token);
561 561
562 562 return (token);
563 563 }
564 564
565 565
566 566 /*
567 567 * au_to_path
568 568 * returns:
569 569 * pointer to au_membuf chain containing a path token.
570 570 */
571 571 token_t *
572 572 au_to_path(struct audit_path *app)
573 573 {
574 574 token_t *token; /* local au_membuf */
575 575 token_t *m; /* local au_membuf */
576 576 adr_t adr; /* adr memory stream header */
577 577 char data_header = AUT_PATH; /* header for this token */
578 578 short bytes; /* length of string */
579 579 char *path = app->audp_sect[0];
580 580
581 581 bytes = (short)(app->audp_sect[1] - app->audp_sect[0]);
582 582
583 583 /*
584 584 * generate path token header
585 585 */
586 586 m = au_getclr();
587 587 adr_start(&adr, memtod(m, char *));
588 588 adr_char(&adr, &data_header, 1);
589 589 adr_short(&adr, &bytes, 1);
590 590 m->len = adr_count(&adr);
591 591
592 592 /* append path string */
593 593 token = m;
594 594 (void) au_append_buf(path, bytes, token);
595 595
596 596 if (app->audp_cnt > 1) {
597 597 /* generate attribute path strings token */
598 598 m = au_to_strings(AUT_XATPATH, app->audp_sect[1],
599 599 app->audp_cnt - 1);
600 600
601 601 token = au_append_token(token, m);
602 602 }
603 603
604 604 return (token);
605 605 }
606 606
607 607 /*
608 608 * au_to_ipc
609 609 * returns:
610 610 * pointer to au_membuf chain containing a System V IPC token.
611 611 */
612 612 token_t *
613 613 au_to_ipc(char type, int id)
614 614 {
615 615 token_t *m; /* local au_membuf */
616 616 adr_t adr; /* adr memory stream header */
617 617 char data_header = AUT_IPC; /* header for this token */
618 618
619 619 m = au_getclr();
620 620
621 621 adr_start(&adr, memtod(m, char *));
622 622 adr_char(&adr, &data_header, 1);
623 623 adr_char(&adr, &type, 1); /* type of IPC object */
624 624 adr_int32(&adr, (int32_t *)&id, 1);
625 625
626 626 m->len = adr_count(&adr);
627 627
628 628 return (m);
629 629 }
630 630
631 631 /*
632 632 * au_to_return32
633 633 * returns:
634 634 * pointer to au_membuf chain containing a return value token.
635 635 */
636 636 token_t *
637 637 au_to_return32(int error, int32_t rv)
638 638 {
639 639 token_t *m; /* local au_membuf */
640 640 adr_t adr; /* adr memory stream header */
641 641 char data_header = AUT_RETURN32; /* header for this token */
642 642 int32_t val;
643 643 char ed = error;
644 644
645 645 m = au_getclr();
646 646
647 647 adr_start(&adr, memtod(m, char *));
648 648 adr_char(&adr, &data_header, 1);
649 649 adr_char(&adr, &ed, 1);
650 650
651 651 if (error) {
652 652 val = -1;
653 653 adr_int32(&adr, &val, 1);
654 654 } else {
655 655 adr_int32(&adr, &rv, 1);
656 656 }
657 657 m->len = adr_count(&adr);
658 658
659 659 return (m);
660 660 }
661 661
662 662 /*
663 663 * au_to_return64
664 664 * returns:
665 665 * pointer to au_membuf chain containing a return value token.
666 666 */
667 667 token_t *
668 668 au_to_return64(int error, int64_t rv)
669 669 {
670 670 token_t *m; /* local au_membuf */
671 671 adr_t adr; /* adr memory stream header */
672 672 char data_header = AUT_RETURN64; /* header for this token */
673 673 int64_t val;
674 674 char ed = error;
675 675
676 676 m = au_getclr();
677 677
678 678 adr_start(&adr, memtod(m, char *));
679 679 adr_char(&adr, &data_header, 1);
680 680 adr_char(&adr, &ed, 1);
681 681
682 682 if (error) {
683 683 val = -1;
684 684 adr_int64(&adr, &val, 1);
685 685 } else {
686 686 adr_int64(&adr, &rv, 1);
687 687 }
688 688 m->len = adr_count(&adr);
689 689
690 690 return (m);
691 691 }
692 692
693 693 #ifdef AU_MAY_USE_SOMEDAY
694 694 /*
695 695 * au_to_opaque
696 696 * returns:
697 697 * pointer to au_membuf chain containing a opaque token.
698 698 */
699 699 token_t *
700 700 au_to_opaque(short bytes, char *opaque)
701 701 {
702 702 token_t *token; /* local au_membuf */
703 703 adr_t adr; /* adr memory stream header */
704 704 char data_header = AUT_OPAQUE; /* header for this token */
705 705
706 706 token = au_getclr();
707 707
708 708 adr_start(&adr, memtod(token, char *));
709 709 adr_char(&adr, &data_header, 1);
710 710 adr_short(&adr, &bytes, 1);
711 711
712 712 token->len = adr_count(&adr);
713 713
714 714 /*
715 715 * Now attach the data
716 716 */
717 717 (void) au_append_buf(opaque, bytes, token);
718 718
719 719 return (token);
720 720 }
721 721 #endif /* AU_MAY_USE_SOMEDAY */
722 722
723 723 /*
724 724 * au_to_ip
725 725 * returns:
726 726 * pointer to au_membuf chain containing a ip header token
727 727 */
728 728 token_t *
729 729 au_to_ip(struct ip *ipp)
730 730 {
731 731 token_t *m; /* local au_membuf */
732 732 adr_t adr; /* adr memory stream header */
733 733 char data_header = AUT_IP; /* header for this token */
734 734
735 735 m = au_getclr();
736 736
737 737 adr_start(&adr, memtod(m, char *));
738 738 adr_char(&adr, &data_header, 1);
739 739 adr_char(&adr, (char *)ipp, 2);
740 740 adr_short(&adr, (short *)&(ipp->ip_len), 3);
741 741 adr_char(&adr, (char *)&(ipp->ip_ttl), 2);
742 742 adr_short(&adr, (short *)&(ipp->ip_sum), 1);
743 743 adr_int32(&adr, (int32_t *)&(ipp->ip_src), 2);
744 744
745 745 m->len = adr_count(&adr);
746 746
747 747 return (m);
748 748 }
749 749
750 750 /*
751 751 * au_to_iport
752 752 * returns:
753 753 * pointer to au_membuf chain containing a ip path token
754 754 */
755 755 token_t *
756 756 au_to_iport(ushort_t iport)
757 757 {
758 758 token_t *m; /* local au_membuf */
759 759 adr_t adr; /* adr memory stream header */
760 760 char data_header = AUT_IPORT; /* header for this token */
761 761
762 762 m = au_getclr();
763 763
764 764 adr_start(&adr, memtod(m, char *));
765 765 adr_char(&adr, &data_header, 1);
766 766 adr_ushort(&adr, &iport, 1);
767 767
768 768 m->len = adr_count(&adr);
769 769
770 770 return (m);
771 771 }
772 772
773 773 /*
774 774 * au_to_in_addr
775 775 * returns:
776 776 * pointer to au_membuf chain containing a ip path token
777 777 */
778 778 token_t *
779 779 au_to_in_addr(struct in_addr *internet_addr)
780 780 {
781 781 token_t *m; /* local au_membuf */
782 782 adr_t adr; /* adr memory stream header */
783 783 char data_header = AUT_IN_ADDR; /* header for this token */
784 784
785 785 m = au_getclr();
786 786
787 787 adr_start(&adr, memtod(m, char *));
788 788 adr_char(&adr, &data_header, 1);
789 789 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
790 790
791 791 m->len = adr_count(&adr);
792 792
793 793 return (m);
794 794 }
795 795
796 796 /*
797 797 * au_to_in_addr_ex
798 798 * returns:
799 799 * pointer to au_membuf chain containing an ipv6 token
800 800 */
801 801 token_t *
802 802 au_to_in_addr_ex(int32_t *internet_addr)
803 803 {
804 804 token_t *m; /* local au_membuf */
805 805 adr_t adr; /* adr memory stream header */
806 806 char data_header_v4 = AUT_IN_ADDR; /* header for v4 token */
807 807 char data_header_v6 = AUT_IN_ADDR_EX; /* header for v6 token */
808 808 int32_t type = AU_IPv6;
809 809
810 810 m = au_getclr();
811 811 adr_start(&adr, memtod(m, char *));
812 812
813 813 if (IN6_IS_ADDR_V4MAPPED((in6_addr_t *)internet_addr)) {
814 814 ipaddr_t in4;
815 815
816 816 /*
817 817 * An IPv4-mapped IPv6 address is really an IPv4 address
818 818 * in IPv6 format.
819 819 */
820 820 IN6_V4MAPPED_TO_IPADDR((in6_addr_t *)internet_addr, in4);
821 821
822 822 adr_char(&adr, &data_header_v4, 1);
823 823 adr_char(&adr, (char *)&in4, sizeof (ipaddr_t));
824 824 } else {
825 825 adr_char(&adr, &data_header_v6, 1);
826 826 adr_int32(&adr, &type, 1);
827 827 adr_char(&adr, (char *)internet_addr, sizeof (struct in6_addr));
828 828 }
829 829
830 830 m->len = adr_count(&adr);
831 831
832 832 return (m);
833 833 }
834 834
835 835 /*
836 836 * The Modifier tokens
837 837 */
838 838
839 839 /*
840 840 * au_to_attr
841 841 * returns:
842 842 * pointer to au_membuf chain containing an attribute token.
843 843 */
844 844 token_t *
845 845 au_to_attr(struct vattr *attr)
846 846 {
847 847 token_t *m; /* local au_membuf */
848 848 adr_t adr; /* adr memory stream header */
849 849 #ifdef _LP64
850 850 char data_header = AUT_ATTR64; /* header for this token */
851 851 #else
852 852 char data_header = AUT_ATTR32;
853 853 #endif
854 854 int32_t value;
855 855
856 856 m = au_getclr();
857 857
858 858 adr_start(&adr, memtod(m, char *));
859 859 adr_char(&adr, &data_header, 1);
860 860 value = (int32_t)attr->va_mode;
861 861 value |= (int32_t)(VTTOIF(attr->va_type));
862 862 adr_int32(&adr, &value, 1);
863 863 value = (int32_t)attr->va_uid;
864 864 adr_int32(&adr, &value, 1);
865 865 value = (int32_t)attr->va_gid;
866 866 adr_int32(&adr, &value, 1);
867 867 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
868 868 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
869 869 #ifdef _LP64
870 870 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
871 871 #else
872 872 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
873 873 #endif
874 874
875 875 m->len = adr_count(&adr);
876 876
877 877 return (m);
878 878 }
879 879
880 880 token_t *
881 881 au_to_acl(struct acl *aclp)
882 882 {
883 883 token_t *m; /* local au_membuf */
884 884 adr_t adr; /* adr memory stream header */
885 885 char data_header = AUT_ACL; /* header for this token */
886 886 int32_t value;
887 887
888 888 m = au_getclr();
889 889
890 890 adr_start(&adr, memtod(m, char *));
891 891 adr_char(&adr, &data_header, 1);
892 892
893 893 value = (int32_t)aclp->a_type;
894 894 adr_int32(&adr, &value, 1);
895 895 value = (int32_t)aclp->a_id;
896 896 adr_int32(&adr, &value, 1);
897 897 value = (int32_t)aclp->a_perm;
898 898 adr_int32(&adr, &value, 1);
899 899
900 900 m->len = adr_count(&adr);
901 901 return (m);
902 902 }
903 903
904 904 token_t *
905 905 au_to_ace(ace_t *acep)
906 906 {
907 907 token_t *m; /* local au_membuf */
908 908 adr_t adr; /* adr memory stream header */
909 909 char data_header = AUT_ACE; /* header for this token */
910 910
911 911 m = au_getclr();
912 912
913 913 adr_start(&adr, memtod(m, char *));
914 914 adr_char(&adr, &data_header, 1);
915 915
916 916 adr_uint32(&adr, &(acep->a_who), 1);
917 917 adr_uint32(&adr, &(acep->a_access_mask), 1);
918 918 adr_ushort(&adr, &(acep->a_flags), 1);
919 919 adr_ushort(&adr, &(acep->a_type), 1);
920 920
921 921 m->len = adr_count(&adr);
922 922 return (m);
923 923 }
924 924
925 925 /*
926 926 * au_to_ipc_perm
927 927 * returns:
928 928 * pointer to au_membuf chain containing a System V IPC attribute token.
929 929 */
930 930 token_t *
931 931 au_to_ipc_perm(struct kipc_perm *perm)
932 932 {
933 933 token_t *m; /* local au_membuf */
934 934 adr_t adr; /* adr memory stream header */
935 935 char data_header = AUT_IPC_PERM; /* header for this token */
936 936 int32_t value;
937 937
938 938 m = au_getclr();
939 939
940 940 adr_start(&adr, memtod(m, char *));
941 941 adr_char(&adr, &data_header, 1);
942 942 value = (int32_t)perm->ipc_uid;
943 943 adr_int32(&adr, &value, 1);
944 944 value = (int32_t)perm->ipc_gid;
945 945 adr_int32(&adr, &value, 1);
946 946 value = (int32_t)perm->ipc_cuid;
947 947 adr_int32(&adr, &value, 1);
948 948 value = (int32_t)perm->ipc_cgid;
949 949 adr_int32(&adr, &value, 1);
950 950 value = (int32_t)perm->ipc_mode;
951 951 adr_int32(&adr, &value, 1);
952 952 value = 0; /* seq is now obsolete */
953 953 adr_int32(&adr, &value, 1);
954 954 value = (int32_t)perm->ipc_key;
955 955 adr_int32(&adr, &value, 1);
956 956
957 957 m->len = adr_count(&adr);
958 958
959 959 return (m);
960 960 }
961 961
962 962 token_t *
963 963 au_to_groups(const gid_t *crgroups, uint_t crngroups)
964 964 {
965 965 token_t *m; /* local au_membuf */
966 966 adr_t adr; /* adr memory stream header */
967 967 char data_header = AUT_NEWGROUPS; /* header for this token */
968 968 short n_groups;
969 969
970 970 m = au_getclr();
971 971
972 972 adr_start(&adr, memtod(m, char *));
973 973 adr_char(&adr, &data_header, 1);
974 974 n_groups = (short)crngroups;
975 975 adr_short(&adr, &n_groups, 1);
976 976 adr_int32(&adr, (int32_t *)crgroups, (int)crngroups);
977 977
978 978 m->len = adr_count(&adr);
979 979
980 980 return (m);
981 981 }
982 982
983 983 /*
984 984 * au_to_socket_ex
985 985 * returns:
986 986 * pointer to au_membuf chain containing a socket token.
987 987 */
988 988 token_t *
989 989 au_to_socket_ex(short dom, short type, char *l, char *f)
990 990 {
991 991 adr_t adr;
992 992 token_t *m;
993 993 char data_header = AUT_SOCKET_EX;
994 994 struct sockaddr_in6 *addr6;
995 995 struct sockaddr_in *addr4;
996 996 short size;
997 997
998 998 m = au_getclr();
999 999
1000 1000 adr_start(&adr, memtod(m, char *));
1001 1001 adr_char(&adr, &data_header, 1);
1002 1002 adr_short(&adr, &dom, 1); /* dom of socket */
1003 1003 adr_short(&adr, &type, 1); /* type of socket */
1004 1004
1005 1005 if (dom == AF_INET6) {
1006 1006 size = AU_IPv6;
1007 1007 adr_short(&adr, &size, 1); /* type of addresses */
1008 1008 addr6 = (struct sockaddr_in6 *)l;
1009 1009 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1010 1010 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1011 1011 addr6 = (struct sockaddr_in6 *)f;
1012 1012 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1013 1013 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1014 1014 } else if (dom == AF_INET) {
1015 1015 size = AU_IPv4;
1016 1016 adr_short(&adr, &size, 1); /* type of addresses */
1017 1017 addr4 = (struct sockaddr_in *)l;
1018 1018 adr_short(&adr, (short *)&addr4->sin_port, 1);
1019 1019 adr_char(&adr, (char *)&addr4->sin_addr, size);
1020 1020 addr4 = (struct sockaddr_in *)f;
1021 1021 adr_short(&adr, (short *)&addr4->sin_port, 1);
1022 1022 adr_char(&adr, (char *)&addr4->sin_addr, size);
1023 1023 }
1024 1024
1025 1025
1026 1026 m->len = adr_count(&adr);
1027 1027
1028 1028 return (m);
1029 1029 }
1030 1030
1031 1031 /*
1032 1032 * au_to_seq
1033 1033 * returns:
1034 1034 * pointer to au_membuf chain containing a sequence token.
1035 1035 */
1036 1036 token_t *
1037 1037 au_to_seq()
1038 1038 {
1039 1039 adr_t adr;
1040 1040 token_t *m;
1041 1041 char data_header = AUT_SEQ;
1042 1042 static int32_t zerocount;
1043 1043
1044 1044 m = au_getclr();
1045 1045
1046 1046 adr_start(&adr, memtod(m, char *));
1047 1047
1048 1048 adr_char(&adr, &data_header, 1);
1049 1049
1050 1050 adr_int32(&adr, &zerocount, 1);
1051 1051
1052 1052 m->len = adr_count(&adr);
1053 1053
1054 1054 return (m);
1055 1055 }
1056 1056
1057 1057 token_t *
1058 1058 au_to_sock_inet(struct sockaddr_in *s_inet)
1059 1059 {
1060 1060 adr_t adr;
1061 1061 token_t *m;
1062 1062 char data_header = AUT_SOCKET;
1063 1063
1064 1064 m = au_getclr();
1065 1065
1066 1066 adr_start(&adr, memtod(m, char *));
1067 1067 adr_char(&adr, &data_header, 1);
1068 1068 adr_short(&adr, (short *)&s_inet->sin_family, 1);
1069 1069 adr_short(&adr, (short *)&s_inet->sin_port, 1);
1070 1070
1071 1071 /* remote addr */
1072 1072 adr_int32(&adr, (int32_t *)&s_inet->sin_addr.s_addr, 1);
1073 1073
1074 1074 m->len = (uchar_t)adr_count(&adr);
1075 1075
1076 1076 return (m);
1077 1077 }
1078 1078
1079 1079 extern int maxprivbytes;
1080 1080
1081 1081 token_t *
1082 1082 au_to_privset(
1083 1083 const char *set,
1084 1084 const priv_set_t *pset,
1085 1085 char data_header,
1086 1086 int success)
1087 1087 {
1088 1088 token_t *token, *m;
1089 1089 adr_t adr;
1090 1090 int priv;
1091 1091 const char *pname;
1092 1092 char sf = (char)success;
1093 1093 char *buf, *q;
1094 1094 short sz;
1095 1095 boolean_t full;
1096 1096
1097 1097 token = au_getclr();
1098 1098
1099 1099 adr_start(&adr, memtod(token, char *));
1100 1100 adr_char(&adr, &data_header, 1);
1101 1101 /*
1102 1102 * set is not used for AUT_UPRIV and sf (== success) is not
1103 1103 * used for AUT_PRIV
1104 1104 */
1105 1105 if (data_header == AUT_UPRIV) {
1106 1106 adr_char(&adr, &sf, 1);
1107 1107 } else {
1108 1108 sz = strlen(set) + 1;
1109 1109 adr_short(&adr, &sz, 1);
1110 1110
1111 1111 token->len = (uchar_t)adr_count(&adr);
1112 1112 m = au_getclr();
1113 1113
1114 1114 (void) au_append_buf(set, sz, m);
1115 1115 (void) au_append_rec(token, m, AU_PACK);
1116 1116 adr.adr_now += sz;
1117 1117 }
1118 1118
1119 1119 full = priv_isfullset(pset);
1120 1120
1121 1121 if (full) {
1122 1122 buf = "ALL";
1123 1123 sz = strlen(buf) + 1;
1124 1124 } else {
1125 1125 q = buf = kmem_alloc(maxprivbytes, KM_SLEEP);
1126 1126 *buf = '\0';
1127 1127
1128 1128 for (priv = 0; (pname = priv_getbynum(priv)) != NULL; priv++) {
1129 1129 if (priv_ismember(pset, priv)) {
1130 1130 if (q != buf)
1131 1131 *q++ = ',';
1132 1132 (void) strcpy(q, pname);
1133 1133 q += strlen(q);
1134 1134 }
1135 1135 }
1136 1136 sz = (q - buf) + 1;
1137 1137 }
1138 1138
1139 1139 adr_short(&adr, &sz, 1);
1140 1140 token->len = (uchar_t)adr_count(&adr);
1141 1141
|
↓ open down ↓ |
1141 lines elided |
↑ open up ↑ |
1142 1142 m = au_getclr();
1143 1143 (void) au_append_buf(buf, sz, m);
1144 1144 (void) au_append_rec(token, m, AU_PACK);
1145 1145
1146 1146 if (!full)
1147 1147 kmem_free(buf, maxprivbytes);
1148 1148
1149 1149 return (token);
1150 1150 }
1151 1151
1152 +token_t *
1153 +au_to_secflags(const char *which, secflagset_t set)
1154 +{
1155 + token_t *token, *m;
1156 + adr_t adr;
1157 + char data_header = AUT_SECFLAGS;
1158 + short sz;
1159 + char secstr[1024];
1160 +
1161 + token = au_getclr();
1162 +
1163 + adr_start(&adr, memtod(token, char *));
1164 + adr_char(&adr, &data_header, 1);
1165 +
1166 + sz = strlen(which) + 1;
1167 + adr_short(&adr, &sz, 1);
1168 +
1169 + token->len = (uchar_t)adr_count(&adr);
1170 + m = au_getclr();
1171 + (void) au_append_buf(which, sz, m);
1172 + (void) au_append_rec(token, m, AU_PACK);
1173 + adr.adr_now += sz;
1174 +
1175 + secflags_to_str(set, secstr, sizeof (secstr));
1176 + sz = strlen(secstr) + 1;
1177 + adr_short(&adr, &sz, 1);
1178 + token->len = (uchar_t)adr_count(&adr);
1179 + m = au_getclr();
1180 + (void) au_append_buf(secstr, sz, m);
1181 + (void) au_append_rec(token, m, AU_PACK);
1182 +
1183 + return (token);
1184 +}
1185 +
1152 1186 /*
1153 1187 * au_to_label
1154 1188 * returns:
1155 1189 * pointer to au_membuf chain containing a label token.
1156 1190 */
1157 1191 token_t *
1158 1192 au_to_label(bslabel_t *label)
1159 1193 {
1160 1194 token_t *m; /* local au_membuf */
1161 1195 adr_t adr; /* adr memory stream header */
1162 1196 char data_header = AUT_LABEL; /* header for this token */
1163 1197
1164 1198 m = au_getclr();
1165 1199
1166 1200 adr_start(&adr, memtod(m, char *));
1167 1201 adr_char(&adr, &data_header, 1);
1168 1202 adr_char(&adr, (char *)label, sizeof (_mac_label_impl_t));
1169 1203
1170 1204 m->len = adr_count(&adr);
1171 1205
1172 1206 return (m);
1173 1207 }
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX