4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26
27 #define _REENTRANT
28
29 #include <ctype.h>
30 #include <errno.h>
31 #include <grp.h>
32 #include <libintl.h>
33 #include <netdb.h>
34 #include <time.h>
35 #include <pwd.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <wchar.h>
40
41 #include <arpa/inet.h>
42
43 #include <bsm/audit.h>
44 #include <bsm/audit_record.h>
45 #include <bsm/libbsm.h>
46 #include <security/pam_appl.h>
47
48 #include <sys/inttypes.h>
49 #include <sys/mkdev.h>
50 #include <sys/types.h>
51 #include <aclutils.h>
52
53 #include "praudit.h"
54 #include "toktable.h"
55 #include "adt_xlate.h"
56
57 static void convertascii(char *p, char *c, int size);
58 static int convertbinary(char *p, char *c, int size);
59 static void eventmodifier2string(au_emod_t emodifier, char *modstring,
60 size_t modlen);
61 static int do_mtime32(pr_context_t *context, int status, int flag,
62 uint32_t scale);
63 static int do_mtime64(pr_context_t *context, int status, int flag,
64 uint64_t scale);
65
66 /*
67 * ------------------------------------------------------
68 * field widths for arbitrary data token type
69 * ------------------------------------------------------
70 */
71 static struct fw {
3097 *alloc = INITIAL_ALLOC;
3098 s[0] = '\0';
3099 *str = s;
3100 }
3101
3102 needed = strlen(s) + strlen(what) + 1;
3103 if (*alloc < needed) {
3104 newstr = realloc(s, needed);
3105 if (newstr == NULL)
3106 return (-1);
3107 s = newstr;
3108 *alloc = needed;
3109 *str = s;
3110 }
3111 (void) strlcat(s, what, *alloc);
3112
3113 return (0);
3114 }
3115
3116 static int
3117 pa_ace_access_mask(pr_context_t *context, ace_t *ace, int status, int flag)
3118 {
3119 int returnstat, i;
3120 uval_t uval;
3121 char *permstr = NULL;
3122 size_t permstr_alloc = 0;
3123
3124 if (status < 0)
3125 return (status);
3126
3127 /*
3128 * TRANSLATION_NOTE
3129 * ace->a_access_mask refers to access mask of ZFS/NFSv4 ACL entry.
3130 */
3131 if ((returnstat = open_tag(context, TAG_ACEMASK)) != 0)
3132 return (returnstat);
3133 if (context->format & PRF_SHORTM &&
3134 ((permstr = malloc(15)) != NULL)) {
3135 for (i = 0; i < 14; i++)
3136 permstr[i] = '-';
3137
3138 if (ace->a_access_mask & ACE_READ_DATA)
3139 permstr[0] = 'r';
3140 if (ace->a_access_mask & ACE_WRITE_DATA)
3141 permstr[1] = 'w';
3142 if (ace->a_access_mask & ACE_EXECUTE)
3143 permstr[2] = 'x';
3144 if (ace->a_access_mask & ACE_APPEND_DATA)
3145 permstr[3] = 'p';
3146 if (ace->a_access_mask & ACE_DELETE)
3147 permstr[4] = 'd';
3148 if (ace->a_access_mask & ACE_DELETE_CHILD)
3149 permstr[5] = 'D';
3150 if (ace->a_access_mask & ACE_READ_ATTRIBUTES)
3151 permstr[6] = 'a';
3152 if (ace->a_access_mask & ACE_WRITE_ATTRIBUTES)
3153 permstr[7] = 'A';
3154 if (ace->a_access_mask & ACE_READ_NAMED_ATTRS)
3155 permstr[8] = 'R';
3156 if (ace->a_access_mask & ACE_WRITE_NAMED_ATTRS)
3157 permstr[9] = 'W';
3158 if (ace->a_access_mask & ACE_READ_ACL)
3159 permstr[10] = 'c';
3160 if (ace->a_access_mask & ACE_WRITE_ACL)
3161 permstr[11] = 'C';
3162 if (ace->a_access_mask & ACE_WRITE_OWNER)
3163 permstr[12] = 'o';
3164 if (ace->a_access_mask & ACE_SYNCHRONIZE)
3165 permstr[13] = 's';
3166 permstr[14] = '\0';
3167 uval.uvaltype = PRA_STRING;
3168 uval.string_val = permstr;
3169 } else if (!(context->format & PRF_RAWM)) {
3170
3171 /*
3172 * Note this differs from acltext.c:ace_perm_txt()
3173 * because we don't know if the acl belongs to a file
3174 * or directory. ace mask value are the same
3175 * nonetheless, see sys/acl.h
3176 */
3177 if (ace->a_access_mask & ACE_LIST_DIRECTORY) {
3178 returnstat = strappend(&permstr, gettext(READ_DIR_TXT),
3179 &permstr_alloc);
3180 }
3181 if (ace->a_access_mask & ACE_ADD_FILE) {
3182 returnstat = strappend(&permstr, gettext(ADD_FILE_TXT),
3183 &permstr_alloc);
3184 }
3185 if (ace->a_access_mask & ACE_ADD_SUBDIRECTORY) {
3186 returnstat = strappend(&permstr, gettext(ADD_DIR_TXT),
3187 &permstr_alloc);
3188 }
3189 if (ace->a_access_mask & ACE_READ_NAMED_ATTRS) {
3190 returnstat = strappend(&permstr,
3191 gettext(READ_XATTR_TXT), &permstr_alloc);
3192 }
3193 if (ace->a_access_mask & ACE_WRITE_NAMED_ATTRS) {
3194 returnstat = strappend(&permstr,
3195 gettext(WRITE_XATTR_TXT), &permstr_alloc);
3196 }
3197 if (ace->a_access_mask & ACE_EXECUTE) {
3198 returnstat = strappend(&permstr,
3199 gettext(EXECUTE_TXT), &permstr_alloc);
3200 }
3201 if (ace->a_access_mask & ACE_DELETE_CHILD) {
3202 returnstat = strappend(&permstr,
3203 gettext(DELETE_CHILD_TXT), &permstr_alloc);
3204 }
3205 if (ace->a_access_mask & ACE_READ_ATTRIBUTES) {
3206 returnstat = strappend(&permstr,
3207 gettext(READ_ATTRIBUTES_TXT), &permstr_alloc);
3208 }
3209 if (ace->a_access_mask & ACE_WRITE_ATTRIBUTES) {
3210 returnstat = strappend(&permstr,
3211 gettext(WRITE_ATTRIBUTES_TXT), &permstr_alloc);
3212 }
3213 if (ace->a_access_mask & ACE_DELETE) {
3214 returnstat = strappend(&permstr, gettext(DELETE_TXT),
3215 &permstr_alloc);
3216 }
3217 if (ace->a_access_mask & ACE_READ_ACL) {
3218 returnstat = strappend(&permstr, gettext(READ_ACL_TXT),
3219 &permstr_alloc);
3220 }
3221 if (ace->a_access_mask & ACE_WRITE_ACL) {
3222 returnstat = strappend(&permstr, gettext(WRITE_ACL_TXT),
3223 &permstr_alloc);
3224 }
3225 if (ace->a_access_mask & ACE_WRITE_OWNER) {
3226 returnstat = strappend(&permstr,
3227 gettext(WRITE_OWNER_TXT), &permstr_alloc);
3228 }
3229 if (ace->a_access_mask & ACE_SYNCHRONIZE) {
3230 returnstat = strappend(&permstr,
3231 gettext(SYNCHRONIZE_TXT), &permstr_alloc);
3232 }
3233 if (permstr[strlen(permstr) - 1] == '/')
3234 permstr[strlen(permstr) - 1] = '\0';
3235 uval.uvaltype = PRA_STRING;
3236 uval.string_val = permstr;
3237 }
3238 if ((permstr == NULL) || (returnstat != 0) ||
3239 (context->format & PRF_RAWM)) {
3240 uval.uvaltype = PRA_UINT32;
3241 uval.uint32_val = ace->a_access_mask;
3242 }
3243 returnstat = pa_print(context, &uval, flag);
3244
3245 if (permstr != NULL)
3246 free(permstr);
3247 if (returnstat != 0)
3248 return (returnstat);
3249 return (close_tag(context, TAG_ACEMASK));
3250 }
3251
3252 static int
3253 pa_ace_type(pr_context_t *context, ace_t *ace, int status, int flag)
3254 {
3255 int returnstat;
3256 uval_t uval;
3257
3258 if (status < 0)
3259 return (status);
3260
3261 /*
3297 int returnstat;
3298 ace_t ace;
3299
3300 if (status < 0)
3301 return (status);
3302
3303 if ((returnstat = pr_adr_u_int32(context, &ace.a_who, 1)) != 0)
3304 return (returnstat);
3305 if ((returnstat = pr_adr_u_int32(context, &ace.a_access_mask, 1)) != 0)
3306 return (returnstat);
3307 if ((returnstat = pr_adr_u_short(context, &ace.a_flags, 1)) != 0)
3308 return (returnstat);
3309 if ((returnstat = pr_adr_u_short(context, &ace.a_type, 1)) != 0)
3310 return (returnstat);
3311
3312 if ((returnstat = pa_ace_flags(context, &ace, returnstat, 0)) != 0)
3313 return (returnstat);
3314 /* pa_ace_who can returns 1 if uid/gid is not found */
3315 if ((returnstat = pa_ace_who(context, &ace, returnstat, 0)) < 0)
3316 return (returnstat);
3317 if ((returnstat = pa_ace_access_mask(context, &ace,
3318 returnstat, 0)) != 0)
3319 return (returnstat);
3320 return (pa_ace_type(context, &ace, returnstat, flag));
3321 }
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
26 */
27
28
29 #define _REENTRANT
30
31 #include <ctype.h>
32 #include <errno.h>
33 #include <grp.h>
34 #include <libintl.h>
35 #include <netdb.h>
36 #include <time.h>
37 #include <pwd.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <wchar.h>
42
43 #include <arpa/inet.h>
44
45 #include <bsm/audit.h>
46 #include <bsm/audit_record.h>
47 #include <bsm/libbsm.h>
48 #include <security/pam_appl.h>
49
50 #include <sys/inttypes.h>
51 #include <sys/mkdev.h>
52 #include <sys/types.h>
53 #include <aclutils.h>
54 #include <smbsrv/libsmb.h>
55
56 #include "praudit.h"
57 #include "toktable.h"
58 #include "adt_xlate.h"
59
60 static void convertascii(char *p, char *c, int size);
61 static int convertbinary(char *p, char *c, int size);
62 static void eventmodifier2string(au_emod_t emodifier, char *modstring,
63 size_t modlen);
64 static int do_mtime32(pr_context_t *context, int status, int flag,
65 uint32_t scale);
66 static int do_mtime64(pr_context_t *context, int status, int flag,
67 uint64_t scale);
68
69 /*
70 * ------------------------------------------------------
71 * field widths for arbitrary data token type
72 * ------------------------------------------------------
73 */
74 static struct fw {
3100 *alloc = INITIAL_ALLOC;
3101 s[0] = '\0';
3102 *str = s;
3103 }
3104
3105 needed = strlen(s) + strlen(what) + 1;
3106 if (*alloc < needed) {
3107 newstr = realloc(s, needed);
3108 if (newstr == NULL)
3109 return (-1);
3110 s = newstr;
3111 *alloc = needed;
3112 *str = s;
3113 }
3114 (void) strlcat(s, what, *alloc);
3115
3116 return (0);
3117 }
3118
3119 static int
3120 pa_ace_access_mask(pr_context_t *context, uint32_t mask, int status, int flag)
3121 {
3122 int returnstat, i;
3123 uval_t uval;
3124 char *permstr = NULL;
3125 size_t permstr_alloc = 0;
3126
3127 if (status < 0)
3128 return (status);
3129
3130 /*
3131 * TRANSLATION_NOTE
3132 * mask refers to access mask of ZFS/NFSv4 ACL entry.
3133 */
3134 if ((returnstat = open_tag(context, TAG_ACEMASK)) != 0)
3135 return (returnstat);
3136 if (context->format & PRF_SHORTM &&
3137 ((permstr = malloc(15)) != NULL)) {
3138 for (i = 0; i < 14; i++)
3139 permstr[i] = '-';
3140
3141 if (mask & ACE_READ_DATA)
3142 permstr[0] = 'r';
3143 if (mask & ACE_WRITE_DATA)
3144 permstr[1] = 'w';
3145 if (mask & ACE_EXECUTE)
3146 permstr[2] = 'x';
3147 if (mask & ACE_APPEND_DATA)
3148 permstr[3] = 'p';
3149 if (mask & ACE_DELETE)
3150 permstr[4] = 'd';
3151 if (mask & ACE_DELETE_CHILD)
3152 permstr[5] = 'D';
3153 if (mask & ACE_READ_ATTRIBUTES)
3154 permstr[6] = 'a';
3155 if (mask & ACE_WRITE_ATTRIBUTES)
3156 permstr[7] = 'A';
3157 if (mask & ACE_READ_NAMED_ATTRS)
3158 permstr[8] = 'R';
3159 if (mask & ACE_WRITE_NAMED_ATTRS)
3160 permstr[9] = 'W';
3161 if (mask & ACE_READ_ACL)
3162 permstr[10] = 'c';
3163 if (mask & ACE_WRITE_ACL)
3164 permstr[11] = 'C';
3165 if (mask & ACE_WRITE_OWNER)
3166 permstr[12] = 'o';
3167 if (mask & ACE_SYNCHRONIZE)
3168 permstr[13] = 's';
3169 permstr[14] = '\0';
3170 uval.uvaltype = PRA_STRING;
3171 uval.string_val = permstr;
3172 } else if (!(context->format & PRF_RAWM)) {
3173
3174 /*
3175 * Note this differs from acltext.c:ace_perm_txt()
3176 * because we don't know if the acl belongs to a file
3177 * or directory. ace mask value are the same
3178 * nonetheless, see sys/acl.h
3179 */
3180 if (mask & ACE_LIST_DIRECTORY) {
3181 returnstat = strappend(&permstr, gettext(READ_DIR_TXT),
3182 &permstr_alloc);
3183 }
3184 if (mask & ACE_ADD_FILE) {
3185 returnstat = strappend(&permstr, gettext(ADD_FILE_TXT),
3186 &permstr_alloc);
3187 }
3188 if (mask & ACE_ADD_SUBDIRECTORY) {
3189 returnstat = strappend(&permstr, gettext(ADD_DIR_TXT),
3190 &permstr_alloc);
3191 }
3192 if (mask & ACE_READ_NAMED_ATTRS) {
3193 returnstat = strappend(&permstr,
3194 gettext(READ_XATTR_TXT), &permstr_alloc);
3195 }
3196 if (mask & ACE_WRITE_NAMED_ATTRS) {
3197 returnstat = strappend(&permstr,
3198 gettext(WRITE_XATTR_TXT), &permstr_alloc);
3199 }
3200 if (mask & ACE_EXECUTE) {
3201 returnstat = strappend(&permstr,
3202 gettext(EXECUTE_TXT), &permstr_alloc);
3203 }
3204 if (mask & ACE_DELETE_CHILD) {
3205 returnstat = strappend(&permstr,
3206 gettext(DELETE_CHILD_TXT), &permstr_alloc);
3207 }
3208 if (mask & ACE_READ_ATTRIBUTES) {
3209 returnstat = strappend(&permstr,
3210 gettext(READ_ATTRIBUTES_TXT), &permstr_alloc);
3211 }
3212 if (mask & ACE_WRITE_ATTRIBUTES) {
3213 returnstat = strappend(&permstr,
3214 gettext(WRITE_ATTRIBUTES_TXT), &permstr_alloc);
3215 }
3216 if (mask & ACE_DELETE) {
3217 returnstat = strappend(&permstr, gettext(DELETE_TXT),
3218 &permstr_alloc);
3219 }
3220 if (mask & ACE_READ_ACL) {
3221 returnstat = strappend(&permstr, gettext(READ_ACL_TXT),
3222 &permstr_alloc);
3223 }
3224 if (mask & ACE_WRITE_ACL) {
3225 returnstat = strappend(&permstr, gettext(WRITE_ACL_TXT),
3226 &permstr_alloc);
3227 }
3228 if (mask & ACE_WRITE_OWNER) {
3229 returnstat = strappend(&permstr,
3230 gettext(WRITE_OWNER_TXT), &permstr_alloc);
3231 }
3232 if (mask & ACE_SYNCHRONIZE) {
3233 returnstat = strappend(&permstr,
3234 gettext(SYNCHRONIZE_TXT), &permstr_alloc);
3235 }
3236 if (permstr[strlen(permstr) - 1] == '/')
3237 permstr[strlen(permstr) - 1] = '\0';
3238 uval.uvaltype = PRA_STRING;
3239 uval.string_val = permstr;
3240 }
3241 if ((permstr == NULL) || (returnstat != 0) ||
3242 (context->format & PRF_RAWM)) {
3243 uval.uvaltype = PRA_HEX32;
3244 uval.int32_val = mask;
3245 }
3246 returnstat = pa_print(context, &uval, flag);
3247
3248 if (permstr != NULL)
3249 free(permstr);
3250 if (returnstat != 0)
3251 return (returnstat);
3252 return (close_tag(context, TAG_ACEMASK));
3253 }
3254
3255 static int
3256 pa_ace_type(pr_context_t *context, ace_t *ace, int status, int flag)
3257 {
3258 int returnstat;
3259 uval_t uval;
3260
3261 if (status < 0)
3262 return (status);
3263
3264 /*
3300 int returnstat;
3301 ace_t ace;
3302
3303 if (status < 0)
3304 return (status);
3305
3306 if ((returnstat = pr_adr_u_int32(context, &ace.a_who, 1)) != 0)
3307 return (returnstat);
3308 if ((returnstat = pr_adr_u_int32(context, &ace.a_access_mask, 1)) != 0)
3309 return (returnstat);
3310 if ((returnstat = pr_adr_u_short(context, &ace.a_flags, 1)) != 0)
3311 return (returnstat);
3312 if ((returnstat = pr_adr_u_short(context, &ace.a_type, 1)) != 0)
3313 return (returnstat);
3314
3315 if ((returnstat = pa_ace_flags(context, &ace, returnstat, 0)) != 0)
3316 return (returnstat);
3317 /* pa_ace_who can returns 1 if uid/gid is not found */
3318 if ((returnstat = pa_ace_who(context, &ace, returnstat, 0)) < 0)
3319 return (returnstat);
3320 if ((returnstat = pa_ace_access_mask(context, ace.a_access_mask,
3321 returnstat, 0)) != 0)
3322 return (returnstat);
3323 return (pa_ace_type(context, &ace, returnstat, flag));
3324 }
3325
3326 int
3327 pa_access_mask(pr_context_t *context, int status, int flag)
3328 {
3329 int returnstat;
3330 uint32_t mask;
3331
3332 if (status < 0)
3333 return (status);
3334
3335 returnstat = pr_adr_u_int32(context, &mask, 1);
3336 return (pa_ace_access_mask(context, mask, returnstat, flag));
3337 }
3338
3339 int
3340 pa_wsid(pr_context_t *context, int status, int flag)
3341 {
3342 int returnstat;
3343 short length;
3344 char *sid;
3345 uval_t uval;
3346 char *name = NULL;
3347
3348 if (status < 0)
3349 return (status);
3350 if ((returnstat = open_tag(context, TAG_WSID)) != 0)
3351 return (returnstat);
3352
3353 if ((returnstat = pr_adr_short(context, &length, 1)) != 0)
3354 return (returnstat);
3355 if ((sid = (char *)malloc(length + 1)) == NULL)
3356 return (-1);
3357 if ((returnstat = pr_adr_char(context, sid, length)) != 0) {
3358 free(sid);
3359 return (returnstat);
3360 }
3361
3362 uval.uvaltype = PRA_STRING;
3363 uval.string_val = sid;
3364 if ((context->format & PRF_RAWM) == 0) {
3365 int rc;
3366 int flag = IDMAP_REQ_FLG_USE_CACHE;
3367 rc = idmap_getwinnamebysid(sid, flag, &name);
3368 if (rc == IDMAP_SUCCESS)
3369 uval.string_val = name;
3370 else
3371 (void) fprintf(stderr,
3372 gettext("praudit: failed to map sid to name "
3373 "rc=%d\n"), rc);
3374 }
3375 returnstat = pa_print(context, &uval, flag);
3376 free(sid);
3377 if (name != NULL)
3378 free(name);
3379 if (returnstat == 0)
3380 returnstat = close_tag(context, TAG_WSID);
3381 return (returnstat);
3382 }
|