Print this page
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/auditd_plugins/syslog/systoken.c
+++ new/usr/src/lib/auditd_plugins/syslog/systoken.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
24 25 * Copyright 2012 Milan Jurik. All rights reserved.
26 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
25 27 */
26 28
27 29
28 30 /*
29 31 * Token processing for sysupd; each token function does one
30 32 * or more operations. All of them bump the buffer pointer
31 33 * to the next token; some of them extract one or more data
32 34 * from the token.
33 35 */
34 36
35 37 #define DEBUG 0
36 38 #if DEBUG
37 39 #define DPRINT(x) { (void) fprintf x; }
38 40 #else
39 41 #define DPRINT(x)
40 42 #endif
41 43
42 44 #include <locale.h>
43 45 #include <stdlib.h>
44 46 #include <stdio.h>
45 47 #include <string.h>
46 48 #include <sys/types.h>
47 49 #include <bsm/libbsm.h>
48 50 #include <sys/tsol/label.h>
49 51 #include "toktable.h" /* ../praudit */
50 52 #include "sysplugin.h"
51 53 #include "systoken.h"
52 54 #include <audit_plugin.h>
53 55
54 56 #if DEBUG
55 57 static FILE *dbfp; /* debug file */
56 58 #endif
57 59
58 60 static void anchor_path(char *);
59 61 static size_t collapse_path(char *, size_t);
60 62 static void get_bytes_to_string(parse_context_t *, size_t *, char **,
61 63 size_t);
62 64 static void skip_bytes(parse_context_t *);
63 65 static void skip_string(parse_context_t *);
64 66 static int xgeneric(parse_context_t *);
65 67
66 68 /*
67 69 * Process a token in a record to (1) extract data of interest if any
68 70 * and (2) point to the next token.
69 71 *
70 72 * returns 0 if ok. + or - values are of debug value:
71 73 *
72 74 * returns -1 if the parsing of the token failed.
73 75 *
74 76 * returns +<previous id> if the token is not found. This value
75 77 * is used to help determine where in the record the problem
76 78 * occurred. The common failure case is that the parsing of
77 79 * token M is incorrect and the buffer pointer ends up pointing
78 80 * to garbage. The positive error value of M *may* be the id of
79 81 * the incorrectly parsed token.
80 82 */
81 83
82 84 int
83 85 parse_token(parse_context_t *ctx)
84 86 {
85 87 char tokenid;
86 88 static char prev_tokenid = -1;
87 89 int rc;
88 90
89 91 #if DEBUG
90 92 static boolean_t first = 1;
91 93
92 94 if (first) {
93 95 dbfp = __auditd_debug_file_open();
94 96 first = 0;
95 97 }
96 98 #endif
97 99
98 100 adrm_char(&(ctx->adr), &tokenid, 1);
99 101
100 102 if ((tokenid > 0) && (tokentable[tokenid].func != NOFUNC)) {
101 103 rc = (*tokentable[tokenid].func)(ctx);
102 104 prev_tokenid = tokenid;
103 105 return (rc);
104 106 }
105 107 /* here if token id is not in table */
106 108 return (prev_tokenid);
107 109 }
108 110
109 111 /* There should not be any file tokens in the middle of a record */
110 112
111 113 /* ARGSUSED */
112 114 int
113 115 file_token(parse_context_t *ctx)
114 116 {
115 117
116 118 return (-1);
117 119 }
118 120
119 121 /* ARGSUSED */
120 122 int
121 123 file64_token(parse_context_t *ctx)
122 124 {
123 125 return (-1);
124 126 }
125 127
126 128 static void
127 129 common_header(parse_context_t *ctx)
128 130 {
129 131 adrm_u_int32(&(ctx->adr), &(ctx->out.sf_reclen), 1);
130 132 ctx->adr.adr_now += sizeof (char); /* version number */
131 133 adrm_u_short(&(ctx->adr), &(ctx->out.sf_eventid), 1);
132 134 ctx->adr.adr_now += sizeof (short); /* modifier */
133 135 }
134 136
135 137 /*
136 138 * 32bit header
137 139 */
138 140 int
139 141 header_token(parse_context_t *ctx)
140 142 {
141 143 common_header(ctx);
142 144 ctx->adr.adr_now += 2 * sizeof (int32_t); /* time */
143 145
144 146 return (0);
145 147 }
146 148
147 149
148 150 int
149 151 header32_ex_token(parse_context_t *ctx)
150 152 {
151 153 int32_t type;
152 154
153 155 common_header(ctx);
154 156
155 157 adrm_int32(&(ctx->adr), &type, 1); /* tid type */
156 158 ctx->adr.adr_now += type * sizeof (char); /* ip address */
157 159
158 160 ctx->adr.adr_now += 2 * sizeof (int32_t); /* time */
159 161
160 162 return (0);
161 163 }
162 164
163 165
164 166 int
165 167 header64_ex_token(parse_context_t *ctx)
166 168 {
167 169 int32_t type;
168 170
169 171 common_header(ctx);
170 172
171 173 adrm_int32(&(ctx->adr), &type, 1); /* tid type */
172 174 ctx->adr.adr_now += type * sizeof (char); /* ip address */
173 175
174 176 ctx->adr.adr_now += 2 * sizeof (int64_t); /* time */
175 177
176 178 return (0);
177 179 }
178 180
179 181
180 182 int
181 183 header64_token(parse_context_t *ctx)
182 184 {
183 185 common_header(ctx);
184 186
185 187 ctx->adr.adr_now += 2 * sizeof (int64_t); /* time */
186 188
187 189 return (0);
188 190 }
189 191
190 192
191 193 /*
192 194 * ======================================================
193 195 * The following token processing routines return
194 196 * 0: if parsed ok
195 197 * -1: can't parse and can't determine location of next token
196 198 * ======================================================
197 199 */
198 200
199 201 int
200 202 trailer_token(parse_context_t *ctx)
201 203 {
202 204 short magic_number;
203 205 uint32_t bytes;
204 206
205 207 adrm_u_short(&(ctx->adr), (ushort_t *)&magic_number, 1);
206 208 if (magic_number != AUT_TRAILER_MAGIC)
207 209 return (-1);
208 210
209 211 adrm_u_int32(&(ctx->adr), &bytes, 1);
210 212
211 213 return (0);
212 214 }
213 215
214 216
215 217 /*
216 218 * Format of arbitrary data token:
217 219 * arbitrary data token id &(ctx->adr) char
218 220 * how to print adr_char
219 221 * basic unit adr_char
220 222 * unit count adr_char, specifying number of units of
221 223 * data items depends on basic unit
222 224 *
223 225 */
224 226 int
225 227 arbitrary_data_token(parse_context_t *ctx)
226 228 {
227 229 char basic_unit, unit_count;
228 230
229 231 ctx->adr.adr_now += sizeof (char); /* how to print */
230 232
231 233 adrm_char(&(ctx->adr), &basic_unit, 1);
232 234 adrm_char(&(ctx->adr), &unit_count, 1);
233 235
234 236 switch (basic_unit) {
235 237 case AUR_CHAR: /* same as AUR_BYTE */
236 238 ctx->adr.adr_now += unit_count * sizeof (char);
237 239 break;
238 240 case AUR_SHORT:
239 241 ctx->adr.adr_now += unit_count * sizeof (short);
240 242 break;
241 243 case AUR_INT32: /* same as AUR_INT */
242 244 ctx->adr.adr_now += unit_count * sizeof (int32_t);
243 245 break;
244 246 case AUR_INT64:
245 247 ctx->adr.adr_now += unit_count * sizeof (int64_t);
246 248 break;
247 249 default:
248 250 return (-1);
249 251 }
250 252 return (0);
251 253 }
252 254
253 255
254 256 /*
255 257 * Format of opaque token:
256 258 * opaque token id adr_char
257 259 * size adr_short
258 260 * data adr_char, size times
259 261 *
260 262 */
261 263 int
262 264 opaque_token(parse_context_t *ctx)
263 265 {
264 266 skip_bytes(ctx);
265 267 return (0);
266 268 }
267 269
268 270
269 271 /*
270 272 * Format of return32 value token:
271 273 * return value token id adr_char
272 274 * error number adr_char
273 275 * return value adr_u_int32
274 276 *
275 277 */
276 278 int
277 279 return_value32_token(parse_context_t *ctx)
278 280 {
279 281 char errnum;
280 282
281 283 adrm_char(&(ctx->adr), &errnum, 1); /* pass / fail */
282 284 ctx->adr.adr_now += sizeof (int32_t); /* error code */
283 285
284 286 ctx->out.sf_pass = (errnum == 0) ? 1 : -1;
285 287
286 288 return (0);
287 289 }
288 290
289 291 /*
290 292 * Format of return64 value token:
291 293 * return value token id adr_char
292 294 * error number adr_char
293 295 * return value adr_u_int64
294 296 *
295 297 */
296 298 int
297 299 return_value64_token(parse_context_t *ctx)
298 300 {
299 301 char errnum;
300 302
301 303 adrm_char(&(ctx->adr), &errnum, 1); /* pass / fail */
302 304 ctx->adr.adr_now += sizeof (int64_t); /* error code */
303 305
304 306 ctx->out.sf_pass = (errnum == 0) ? 1 : -1;
305 307
306 308 return (0);
307 309 }
308 310
309 311
310 312 /*
311 313 * Format of sequence token:
312 314 * sequence token id adr_char
313 315 * audit_count int32_t
314 316 *
315 317 */
316 318 int
317 319 sequence_token(parse_context_t *ctx)
318 320 {
319 321 adrm_int32(&(ctx->adr), &(ctx->out.sf_sequence), 1);
320 322 return (0);
321 323 }
322 324
323 325
324 326 /*
325 327 * Format of text token:
326 328 * text token id adr_char
327 329 * text adr_string
328 330 */
329 331 int
330 332 text_token(parse_context_t *ctx)
331 333 {
332 334 ushort_t len;
333 335 size_t separator_sz = 0;
334 336 char *bp; /* pointer to output string */
335 337
336 338 adrm_u_short(&(ctx->adr), &len, 1);
337 339
338 340 if (ctx->out.sf_textlen > 0)
339 341 separator_sz = sizeof (AU_TEXT_NAME) - 1;
340 342
341 343 DPRINT((dbfp, "text_token: start length=%d, add length=%d+%d\n",
342 344 ctx->out.sf_textlen, (size_t)len, separator_sz));
343 345
344 346 ctx->out.sf_text = realloc(ctx->out.sf_text,
345 347 ctx->out.sf_textlen + (size_t)len + separator_sz);
346 348
347 349 if (ctx->out.sf_text == NULL)
348 350 return (-1);
349 351
350 352 bp = ctx->out.sf_text;
351 353
352 354 if (ctx->out.sf_textlen != 0) { /* concatenation? */
353 355 bp += ctx->out.sf_textlen;
354 356 bp += strlcpy(bp, AU_TEXT_NAME, separator_sz + 1);
355 357 ctx->out.sf_textlen += separator_sz;
356 358 DPRINT((dbfp, "text_token: l is %d\n%s\n", ctx->out.sf_textlen,
357 359 ctx->out.sf_text));
358 360 }
359 361 adrm_char(&(ctx->adr), bp, len);
360 362 len--; /* includes EOS */
361 363 *(bp + len) = '\0';
362 364
363 365 ctx->out.sf_textlen += len;
364 366 DPRINT((dbfp, "text_token: l=%d\n%s\n", ctx->out.sf_textlen,
365 367 ctx->out.sf_text));
366 368
367 369 return (0);
368 370 }
369 371
370 372 /*
371 373 * Format of tid token:
372 374 * ip token id adr_char
373 375 * terminal type adr_char
374 376 * terminal type = AU_IPADR:
375 377 * remote port: ushort
376 378 * local port: ushort
377 379 * IP type: int32 -- AU_IPv4 or AU_IPv6
378 380 * address: int32 if IPv4, else 4 * int32
379 381 */
380 382 int
381 383 tid_token(parse_context_t *ctx)
382 384 {
383 385 uchar_t type;
384 386 int32_t ip_length;
385 387
386 388 adrm_char(&(ctx->adr), (char *)&type, 1);
387 389
388 390 switch (type) {
389 391 default:
390 392 return (-1); /* other than IP type is not implemented */
391 393 case AU_IPADR:
392 394 ctx->adr.adr_now += 2 * sizeof (ushort_t);
393 395 adrm_int32(&(ctx->adr), &ip_length, 1);
394 396 ctx->adr.adr_now += ip_length;
395 397 break;
396 398 }
397 399 return (0);
398 400 }
399 401
400 402 /*
401 403 * Format of ip_addr token:
402 404 * ip token id adr_char
403 405 * address adr_int32
404 406 *
405 407 */
406 408 int
407 409 ip_addr_token(parse_context_t *ctx)
408 410 {
409 411 ctx->adr.adr_now += sizeof (int32_t);
410 412
411 413 return (0);
412 414 }
413 415
414 416 /*
415 417 * Format of ip_addr_ex token:
416 418 * ip token id adr_char
417 419 * ip type adr_int32
418 420 * ip address adr_u_char*type
419 421 *
420 422 */
421 423 int
422 424 ip_addr_ex_token(parse_context_t *ctx)
423 425 {
424 426 int32_t type;
425 427
426 428 adrm_int32(&(ctx->adr), &type, 1); /* ip type */
427 429 ctx->adr.adr_now += type * sizeof (uchar_t); /* ip address */
428 430
429 431 return (0);
430 432 }
431 433
432 434 /*
433 435 * Format of ip token:
434 436 * ip header token id adr_char
435 437 * version adr_char
436 438 * type of service adr_char
437 439 * length adr_short
438 440 * id adr_u_short
439 441 * offset adr_u_short
440 442 * ttl adr_char
441 443 * protocol adr_char
442 444 * checksum adr_u_short
443 445 * source address adr_int32
444 446 * destination address adr_int32
445 447 *
446 448 */
447 449 int
448 450 ip_token(parse_context_t *ctx)
449 451 {
450 452 ctx->adr.adr_now += (2 * sizeof (char)) + (3 * sizeof (short)) +
451 453 (2 * sizeof (char)) + sizeof (short) + (2 * sizeof (int32_t));
452 454 return (0);
453 455 }
454 456
455 457
456 458 /*
457 459 * Format of iport token:
458 460 * ip port address token id adr_char
459 461 * port address adr_short
460 462 *
461 463 */
462 464 int
463 465 iport_token(parse_context_t *ctx)
464 466 {
465 467 ctx->adr.adr_now += sizeof (short);
466 468
467 469 return (0);
468 470 }
469 471
470 472
471 473 /*
472 474 * Format of groups token:
473 475 * group token id adr_char
474 476 * group list adr_int32, 16 times
475 477 *
476 478 */
477 479 int
478 480 group_token(parse_context_t *ctx)
479 481 {
480 482 ctx->adr.adr_now += 16 * sizeof (int32_t);
481 483
482 484 return (0);
483 485 }
484 486
485 487 /*
486 488 * Format of newgroups token:
487 489 * group token id adr_char
488 490 * number of groups adr_short
489 491 * group list adr_int32, "number" times
490 492 *
491 493 */
492 494 int
493 495 newgroup_token(parse_context_t *ctx)
494 496 {
495 497 short int number;
496 498
497 499 adrm_short(&(ctx->adr), &number, 1);
498 500
499 501 ctx->adr.adr_now += number * sizeof (int32_t);
500 502
501 503 return (0);
502 504 }
503 505
504 506 /*
505 507 * Format of argument32 token:
506 508 * argument token id adr_char
507 509 * argument number adr_char
508 510 * argument value adr_int32
509 511 * argument description adr_string
510 512 *
511 513 */
512 514 int
513 515 argument32_token(parse_context_t *ctx)
514 516 {
515 517 ctx->adr.adr_now += sizeof (char) + sizeof (int32_t);
516 518 skip_bytes(ctx);
517 519
518 520 return (0);
519 521 }
520 522
521 523 /*
522 524 * Format of argument64 token:
523 525 * argument token id adr_char
524 526 * argument number adr_char
525 527 * argument value adr_int64
526 528 * argument description adr_string
527 529 *
528 530 */
529 531 int
530 532 argument64_token(parse_context_t *ctx)
531 533 {
532 534 ctx->adr.adr_now += sizeof (char) + sizeof (int64_t);
533 535 skip_bytes(ctx);
534 536
535 537 return (0);
536 538 }
537 539
538 540 /*
539 541 * Format of acl token:
540 542 * acl token id adr_char
541 543 * type adr_u_int32
542 544 * value adr_u_int32
543 545 * mode adr_u_int32
544 546 */
545 547 int
546 548 acl_token(parse_context_t *ctx)
547 549 {
548 550 ctx->adr.adr_now += 3 * sizeof (uint32_t);
549 551
550 552 return (0);
551 553 }
552 554
553 555 /*
554 556 * Format of ace token:
555 557 * ace token id adr_char
556 558 * id adr_u_int32
557 559 * access_mask adr_u_int32
558 560 * flags adr_u_short
559 561 * type adr_u_short
560 562 */
561 563 int
562 564 ace_token(parse_context_t *ctx)
563 565 {
564 566 ctx->adr.adr_now += 2 * sizeof (uint32_t) + 2 * sizeof (ushort_t);
565 567
566 568 return (0);
567 569 }
568 570
569 571 /*
570 572 * Format of attribute token: (old pre SunOS 5.7 format)
571 573 * attribute token id adr_char
572 574 * mode adr_int32 (printed in octal)
573 575 * uid adr_int32
574 576 * gid adr_int32
575 577 * file system id adr_int32
576 578 * node id adr_int32
577 579 * device adr_int32
578 580 *
579 581 */
580 582 int
581 583 attribute_token(parse_context_t *ctx)
582 584 {
583 585 ctx->adr.adr_now += 6 * sizeof (int32_t);
584 586
585 587 return (0);
586 588 }
587 589
588 590 /*
589 591 * Format of attribute32 token:
590 592 * attribute token id adr_char
591 593 * mode adr_int32 (printed in octal)
592 594 * uid adr_int32
593 595 * gid adr_int32
594 596 * file system id adr_int32
595 597 * node id adr_int64
596 598 * device adr_int32
597 599 *
598 600 */
599 601 int
600 602 attribute32_token(parse_context_t *ctx)
601 603 {
602 604 ctx->adr.adr_now += (5 * sizeof (int32_t)) + sizeof (int64_t);
603 605
604 606 return (0);
605 607 }
606 608
607 609 /*
608 610 * Format of attribute64 token:
609 611 * attribute token id adr_char
610 612 * mode adr_int32 (printed in octal)
611 613 * uid adr_int32
612 614 * gid adr_int32
613 615 * file system id adr_int32
614 616 * node id adr_int64
615 617 * device adr_int64
616 618 *
617 619 */
618 620 int
619 621 attribute64_token(parse_context_t *ctx)
620 622 {
621 623 ctx->adr.adr_now += (4 * sizeof (int32_t)) + (2 * sizeof (int64_t));
622 624
623 625 return (0);
624 626 }
625 627
626 628
627 629 /*
628 630 * Format of command token:
629 631 * attribute token id adr_char
630 632 * argc adr_short
631 633 * argv len adr_short variable amount of argv len
632 634 * argv text argv len and text
633 635 * .
634 636 * .
635 637 * .
636 638 * envp count adr_short variable amount of envp len
637 639 * envp len adr_short and text
638 640 * envp text envp len
639 641 * .
640 642 * .
641 643 * .
642 644 *
643 645 */
644 646 int
645 647 cmd_token(parse_context_t *ctx)
646 648 {
647 649 short cnt;
648 650 short i;
649 651
650 652 adrm_short(&(ctx->adr), &cnt, 1);
651 653
652 654 for (i = 0; i < cnt; i++)
653 655 skip_bytes(ctx);
654 656
655 657 adrm_short(&(ctx->adr), &cnt, 1);
656 658
657 659 for (i = 0; i < cnt; i++)
658 660 skip_bytes(ctx);
659 661
660 662 return (0);
661 663 }
662 664
663 665
664 666 /*
665 667 * Format of exit token:
666 668 * attribute token id adr_char
667 669 * return value adr_int32
668 670 * errno adr_int32
669 671 *
670 672 */
671 673 int
672 674 exit_token(parse_context_t *ctx)
673 675 {
674 676 int32_t retval;
675 677
676 678 adrm_int32(&(ctx->adr), &retval, 1);
677 679 ctx->adr.adr_now += sizeof (int32_t);
678 680
679 681 ctx->out.sf_pass = (retval == 0) ? 1 : -1;
680 682 return (0);
681 683 }
682 684
683 685 /*
684 686 * Format of exec_args token:
685 687 * attribute token id adr_char
686 688 * count value adr_int32
687 689 * strings null terminated strings
688 690 *
689 691 */
690 692 int
691 693 exec_args_token(parse_context_t *ctx)
692 694 {
693 695 int count, i;
694 696
695 697 adrm_int32(&(ctx->adr), (int32_t *)&count, 1);
696 698 for (i = 1; i <= count; i++) {
697 699 skip_string(ctx);
698 700 }
699 701
700 702 return (0);
701 703 }
702 704
703 705 /*
704 706 * Format of exec_env token:
705 707 * attribute token id adr_char
706 708 * count value adr_int32
707 709 * strings null terminated strings
708 710 *
709 711 */
710 712 int
711 713 exec_env_token(parse_context_t *ctx)
712 714 {
713 715 int count, i;
714 716
715 717 adrm_int32(&(ctx->adr), (int32_t *)&count, 1);
716 718 for (i = 1; i <= count; i++)
717 719 skip_string(ctx);
718 720
719 721 return (0);
720 722 }
721 723
722 724 /*
723 725 * Format of liaison token:
724 726 */
725 727 int
726 728 liaison_token(parse_context_t *ctx)
727 729 {
728 730 ctx->adr.adr_now += sizeof (int32_t);
729 731
730 732 return (0);
731 733 }
732 734
733 735
734 736 /*
735 737 * Format of path token:
736 738 * path adr_string
737 739 */
738 740 int
739 741 path_token(parse_context_t *ctx)
740 742 {
741 743 get_bytes_to_string(ctx, &(ctx->out.sf_pathlen), &(ctx->out.sf_path),
742 744 0);
743 745 if (ctx->out.sf_path == NULL)
744 746 return (-1);
745 747 /*
746 748 * anchor the path because collapse_path needs it
747 749 */
748 750 if (*(ctx->out.sf_path) != '/') {
749 751 anchor_path(ctx->out.sf_path);
750 752 ctx->out.sf_pathlen++;
751 753 }
752 754 ctx->out.sf_pathlen = collapse_path(ctx->out.sf_path,
753 755 ctx->out.sf_pathlen);
754 756
755 757 return (0);
756 758 }
757 759
758 760 /*
759 761 * path attr token / AUT_XATPATH
760 762 *
761 763 * Format of path attr token:
762 764 * token id adr_char
763 765 * string count adr_int32
764 766 * strings adr_string
765 767 *
766 768 * the sequence of strings is converted to a single string with
767 769 * a blank separator replacing the EOS for all but the last
768 770 * string.
769 771 */
770 772 int
771 773 path_attr_token(parse_context_t *ctx)
772 774 {
773 775 int count, i;
774 776 int last_len;
775 777 size_t offset;
776 778 char *p;
777 779
778 780 adrm_int32(&(ctx->adr), &count, 1);
779 781
780 782 offset = ctx->out.sf_atpathlen;
781 783 p = ctx->adr.adr_now;
782 784 for (i = 0; i <= count; i++) {
783 785 last_len = strlen(p);
784 786 ctx->out.sf_atpathlen += last_len + 1;
785 787 p += last_len + 1;
786 788 }
787 789 ctx->out.sf_atpath = realloc(ctx->out.sf_atpath, ctx->out.sf_atpathlen);
788 790 ctx->out.sf_atpath += offset;
789 791 p = ctx->out.sf_atpath; /* save for fix up, below */
790 792 (void) memcpy(ctx->out.sf_atpath, ctx->adr.adr_now,
791 793 ctx->out.sf_atpathlen - offset);
792 794 ctx->out.sf_atpathlen--;
793 795
794 796 /* fix up: replace each eos except the last with ' ' */
795 797
796 798 for (i = 0; i < count; i++) {
797 799 while (*p++ != '\0')
798 800 ;
799 801 *(p - 1) = ' ';
800 802 }
801 803 return (0);
802 804 }
803 805
804 806
805 807 /*
806 808 * Format of System V IPC permission token:
807 809 * System V IPC permission token id adr_char
808 810 * uid adr_int32
809 811 * gid adr_int32
810 812 * cuid adr_int32
811 813 * cgid adr_int32
812 814 * mode adr_int32
813 815 * seq adr_int32
814 816 * key adr_int32
815 817 */
816 818 int
817 819 s5_IPC_perm_token(parse_context_t *ctx)
818 820 {
819 821 ctx->adr.adr_now += (7 * sizeof (int32_t));
820 822 return (0);
821 823 }
822 824
823 825 static void
824 826 common_process(parse_context_t *ctx)
825 827 {
826 828 int32_t ruid, rgid, egid, pid;
827 829 uint32_t asid;
828 830
829 831 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_pauid), 1);
830 832 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_peuid), 1);
831 833 adrm_int32(&(ctx->adr), &egid, 1);
832 834 adrm_int32(&(ctx->adr), &ruid, 1);
833 835 adrm_int32(&(ctx->adr), &rgid, 1);
834 836 adrm_int32(&(ctx->adr), &pid, 1);
835 837 adrm_u_int32(&(ctx->adr), &asid, 1);
836 838 }
837 839
838 840 /*
839 841 * Format of process32 token:
840 842 * process token id adr_char
841 843 * auid adr_int32
842 844 * euid adr_int32
843 845 * egid adr_int32
844 846 * ruid adr_int32
845 847 * rgid adr_int32
846 848 * pid adr_int32
847 849 * sid adr_int32
848 850 * termid adr_int32*2
849 851 *
850 852 */
851 853 int
852 854 process32_token(parse_context_t *ctx)
853 855 {
854 856 int32_t port, machine;
855 857
856 858 common_process(ctx);
857 859
858 860 adrm_int32(&(ctx->adr), &port, 1);
859 861 adrm_int32(&(ctx->adr), &machine, 1);
860 862
861 863 return (0);
862 864 }
863 865
864 866 /*
865 867 * Format of process32_ex token:
866 868 * process token id adr_char
867 869 * auid adr_int32
868 870 * euid adr_int32
869 871 * egid adr_int32
870 872 * ruid adr_int32
871 873 * rgid adr_int32
872 874 * pid adr_int32
873 875 * sid adr_int32
874 876 * termid
875 877 * port adr_int32
876 878 * type adr_int32
877 879 * ip address adr_u_char*type
878 880 *
879 881 */
880 882 int
881 883 process32_ex_token(parse_context_t *ctx)
882 884 {
883 885 int32_t port, type;
884 886 uchar_t addr[16];
885 887
886 888 common_process(ctx);
887 889
888 890 adrm_int32(&(ctx->adr), &port, 1);
889 891 adrm_int32(&(ctx->adr), &type, 1);
890 892 adrm_u_char(&(ctx->adr), addr, type);
891 893
892 894 return (0);
893 895 }
894 896
895 897 /*
896 898 * Format of process64 token:
897 899 * process token id adr_char
898 900 * auid adr_int32
899 901 * euid adr_int32
900 902 * egid adr_int32
901 903 * ruid adr_int32
902 904 * rgid adr_int32
903 905 * pid adr_int32
904 906 * sid adr_int32
905 907 * termid adr_int64+adr_int32
906 908 *
907 909 */
908 910 int
909 911 process64_token(parse_context_t *ctx)
910 912 {
911 913 int64_t port;
912 914 int32_t machine;
913 915
914 916 common_process(ctx);
915 917
916 918 adrm_int64(&(ctx->adr), &port, 1);
917 919 adrm_int32(&(ctx->adr), &machine, 1);
918 920
919 921 return (0);
920 922 }
921 923
922 924 /*
923 925 * Format of process64_ex token:
924 926 * process token id adr_char
925 927 * auid adr_int32
926 928 * euid adr_int32
927 929 * egid adr_int32
928 930 * ruid adr_int32
929 931 * rgid adr_int32
930 932 * pid adr_int32
931 933 * sid adr_int32
932 934 * termid
933 935 * port adr_int64
934 936 * type adr_int32
935 937 * ip address adr_u_char*type
936 938 *
937 939 */
938 940 int
939 941 process64_ex_token(parse_context_t *ctx)
940 942 {
941 943 int64_t port;
942 944 int32_t type;
943 945 uchar_t addr[16];
944 946
945 947 common_process(ctx);
946 948
947 949 adrm_int64(&(ctx->adr), &port, 1);
948 950 adrm_int32(&(ctx->adr), &type, 1);
949 951 adrm_u_char(&(ctx->adr), addr, type);
950 952
951 953 return (0);
952 954 }
953 955
954 956 /*
955 957 * Format of System V IPC token:
956 958 * System V IPC token id adr_char
957 959 * System V IPC type adr_char
958 960 * object id adr_int32
959 961 *
960 962 */
961 963 int
962 964 s5_IPC_token(parse_context_t *ctx)
963 965 {
964 966 ctx->adr.adr_now += sizeof (char);
965 967 ctx->adr.adr_now += sizeof (int32_t);
966 968
967 969 return (0);
968 970 }
969 971
970 972
971 973 /*
972 974 * Format of socket token:
973 975 * socket_type adrm_short
974 976 * remote_port adrm_short
975 977 * remote_inaddr adrm_int32
976 978 *
977 979 */
978 980 int
979 981 socket_token(parse_context_t *ctx)
980 982 {
981 983 ctx->adr.adr_now += (2 * sizeof (short)) + sizeof (int32_t);
982 984
983 985 return (0);
984 986 }
985 987
986 988
987 989 /*
988 990 * Format of socket_ex token:
989 991 * socket_domain adrm_short
990 992 * socket_type adrm_short
991 993 * address_type adrm_short
992 994 * local_port adrm_short
993 995 * local_inaddr adrm_u_char*address_type
994 996 * remote_port adrm_short
995 997 * remote_inaddr adrm_u_char*address_type
996 998 *
997 999 */
998 1000 int
999 1001 socket_ex_token(parse_context_t *ctx)
1000 1002 {
1001 1003 short ip_size;
1002 1004
1003 1005 ctx->adr.adr_now += (2 * sizeof (short));
1004 1006 adrm_short(&(ctx->adr), &ip_size, 1);
1005 1007
1006 1008 ctx->adr.adr_now += sizeof (short) + (ip_size * sizeof (char)) +
1007 1009 sizeof (short) + (ip_size * sizeof (char));
1008 1010 return (0);
1009 1011 }
1010 1012
1011 1013
1012 1014 static void
1013 1015 common_subject(parse_context_t *ctx)
1014 1016 {
1015 1017 int32_t ruid, rgid, pid;
1016 1018
1017 1019 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_auid), 1);
1018 1020 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_euid), 1);
1019 1021 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_egid), 1);
1020 1022 adrm_int32(&(ctx->adr), &ruid, 1);
1021 1023 adrm_int32(&(ctx->adr), &rgid, 1);
1022 1024 adrm_int32(&(ctx->adr), &pid, 1);
1023 1025 adrm_u_int32(&(ctx->adr), (uint32_t *)&(ctx->out.sf_asid), 1);
1024 1026 }
1025 1027
1026 1028 /*
1027 1029 * Format of subject32 token:
1028 1030 * subject token id adr_char
1029 1031 * auid adr_int32
1030 1032 * euid adr_int32
1031 1033 * egid adr_int32
1032 1034 * ruid adr_int32
1033 1035 * rgid adr_int32
1034 1036 * pid adr_int32
1035 1037 * sid adr_int32
1036 1038 * termid adr_int32*2
1037 1039 *
1038 1040 */
1039 1041 int
1040 1042 subject32_token(parse_context_t *ctx)
1041 1043 {
1042 1044 int32_t port; /* not used in output */
1043 1045
1044 1046 common_subject(ctx);
1045 1047
1046 1048 adrm_int32(&(ctx->adr), &port, 1);
1047 1049 ctx->out.sf_tid.at_type = AU_IPv4;
1048 1050 adrm_u_char(&(ctx->adr), (uchar_t *)&(ctx->out.sf_tid.at_addr[0]), 4);
1049 1051
1050 1052 return (0);
1051 1053 }
1052 1054
1053 1055 /*
1054 1056 * Format of subject32_ex token:
1055 1057 * subject token id adr_char
1056 1058 * auid adr_int32
1057 1059 * euid adr_int32
1058 1060 * egid adr_int32
1059 1061 * ruid adr_int32
1060 1062 * rgid adr_int32
1061 1063 * pid adr_int32
1062 1064 * sid adr_int32
1063 1065 * termid
1064 1066 * port adr_int32
1065 1067 * type adr_int32
1066 1068 * ip address adr_u_char*type
1067 1069 *
1068 1070 */
1069 1071 int
1070 1072 subject32_ex_token(parse_context_t *ctx)
1071 1073 {
1072 1074 int32_t port; /* not used in output */
1073 1075
1074 1076 common_subject(ctx);
1075 1077
1076 1078 adrm_int32(&(ctx->adr), &port, 1);
1077 1079 adrm_u_int32(&(ctx->adr), &(ctx->out.sf_tid.at_type), 1);
1078 1080 adrm_u_char(&(ctx->adr), (uchar_t *)&(ctx->out.sf_tid.at_addr[0]),
1079 1081 ctx->out.sf_tid.at_type);
1080 1082
1081 1083 return (0);
1082 1084 }
1083 1085
1084 1086 /*
1085 1087 * Format of subject64 token:
1086 1088 * subject token id adr_char
1087 1089 * auid adr_int32
1088 1090 * euid adr_int32
1089 1091 * egid adr_int32
1090 1092 * ruid adr_int32
1091 1093 * rgid adr_int32
1092 1094 * pid adr_int32
1093 1095 * sid adr_int32
1094 1096 * termid adr_int64+adr_int32
1095 1097 *
1096 1098 */
1097 1099 int
1098 1100 subject64_token(parse_context_t *ctx)
1099 1101 {
1100 1102 int64_t port;
1101 1103
1102 1104 common_subject(ctx);
1103 1105
1104 1106 adrm_int64(&(ctx->adr), &port, 1);
1105 1107 ctx->out.sf_tid.at_type = AU_IPv4;
1106 1108 adrm_u_char(&(ctx->adr), (uchar_t *)&(ctx->out.sf_tid.at_addr[0]), 4);
1107 1109
1108 1110 return (0);
1109 1111 }
1110 1112
1111 1113 /*
1112 1114 * Format of subject64_ex token:
1113 1115 * subject token id adr_char
1114 1116 * auid adr_int32
1115 1117 * euid adr_int32
1116 1118 * egid adr_int32
1117 1119 * ruid adr_int32
1118 1120 * rgid adr_int32
1119 1121 * pid adr_int32
1120 1122 * sid adr_int32
1121 1123 * termid
1122 1124 * port adr_int64
1123 1125 * type adr_int32
1124 1126 * ip address adr_u_char*type
1125 1127 *
1126 1128 */
1127 1129 int
1128 1130 subject64_ex_token(parse_context_t *ctx)
1129 1131 {
1130 1132 int64_t port;
1131 1133
1132 1134 common_subject(ctx);
1133 1135
1134 1136 adrm_int64(&(ctx->adr), &port, 1);
1135 1137 adrm_u_int32(&(ctx->adr), &(ctx->out.sf_tid.at_type), 1);
1136 1138 adrm_u_char(&(ctx->adr), (uchar_t *)&(ctx->out.sf_tid.at_addr[0]),
1137 1139 ctx->out.sf_tid.at_type);
1138 1140
1139 1141 return (0);
1140 1142 }
1141 1143
1142 1144
1143 1145 int
1144 1146 xatom_token(parse_context_t *ctx)
1145 1147 {
1146 1148 skip_bytes(ctx);
1147 1149
1148 1150 return (0);
1149 1151 }
1150 1152
1151 1153
1152 1154 int
1153 1155 xselect_token(parse_context_t *ctx)
1154 1156 {
1155 1157 skip_bytes(ctx);
1156 1158 skip_bytes(ctx);
1157 1159 skip_bytes(ctx);
1158 1160
1159 1161 return (0);
1160 1162 }
1161 1163
1162 1164 /*
1163 1165 * anchor a path name with a slash
1164 1166 * assume we have enough space
1165 1167 */
1166 1168 static void
1167 1169 anchor_path(char *path)
1168 1170 {
1169 1171
1170 1172 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1);
1171 1173 *path = '/';
1172 1174 }
1173 1175
1174 1176
1175 1177 /*
1176 1178 * copy path to collapsed path.
1177 1179 * collapsed path does not contain:
1178 1180 * successive slashes
1179 1181 * instances of dot-slash
1180 1182 * instances of dot-dot-slash
1181 1183 * passed path must be anchored with a '/'
1182 1184 */
1183 1185 static size_t
1184 1186 collapse_path(char *s, size_t ls)
1185 1187 {
1186 1188 int id; /* index of where we are in destination string */
1187 1189 int is; /* index of where we are in source string */
1188 1190 int slashseen; /* have we seen a slash */
1189 1191
1190 1192 ls++; /* source length including '\0' */
1191 1193
1192 1194 slashseen = 0;
1193 1195 for (is = 0, id = 0; is < ls; is++) {
1194 1196 if (s[is] == '\0') {
1195 1197 if (id > 1 && s[id-1] == '/') {
1196 1198 --id;
1197 1199 }
1198 1200 s[id++] = '\0';
1199 1201 break;
1200 1202 }
1201 1203 /* previous character was a / */
1202 1204 if (slashseen) {
1203 1205 if (s[is] == '/')
1204 1206 continue; /* another slash, ignore it */
1205 1207 } else if (s[is] == '/') {
1206 1208 /* we see a /, just copy it and try again */
1207 1209 slashseen = 1;
1208 1210 s[id++] = '/';
1209 1211 continue;
1210 1212 }
1211 1213 /* /./ seen */
1212 1214 if (s[is] == '.' && s[is+1] == '/') {
1213 1215 is += 1;
1214 1216 continue;
1215 1217 }
1216 1218 /* XXX/. seen */
1217 1219 if (s[is] == '.' && s[is+1] == '\0') {
1218 1220 if (id > 1)
1219 1221 id--;
1220 1222 continue;
1221 1223 }
1222 1224 /* XXX/.. seen */
1223 1225 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') {
1224 1226 is += 1;
1225 1227 if (id > 0)
1226 1228 id--;
1227 1229 while (id > 0 && s[--id] != '/')
1228 1230 ;
1229 1231 id++;
1230 1232 continue;
1231 1233 }
1232 1234 /* XXX/../ seen */
1233 1235 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') {
1234 1236 is += 2;
1235 1237 if (id > 0)
1236 1238 id--;
1237 1239 while (id > 0 && s[--id] != '/')
1238 1240 ;
1239 1241 id++;
1240 1242 continue;
1241 1243 }
1242 1244 while (is < ls && (s[id++] = s[is++]) != '/')
1243 1245 ;
1244 1246 is--;
1245 1247 }
1246 1248 return ((size_t)id - 1);
1247 1249 }
1248 1250
1249 1251 /*
1250 1252 * for tokens with sub-fields that include a length, this
1251 1253 * skips the sub-field.
1252 1254 */
1253 1255
1254 1256 static void
1255 1257 skip_bytes(parse_context_t *ctx)
1256 1258 {
1257 1259 ushort_t c;
1258 1260
1259 1261 adrm_u_short(&(ctx->adr), &c, 1);
1260 1262 ctx->adr.adr_now += c;
1261 1263 }
1262 1264
1263 1265 static void
1264 1266 skip_string(parse_context_t *ctx)
1265 1267 {
1266 1268 char c;
1267 1269
1268 1270 do {
1269 1271 adrm_char(&(ctx->adr), &c, 1);
1270 1272 } while (c != (char)0);
1271 1273 }
1272 1274
1273 1275 /*
1274 1276 * add a byte to specified length so there can be a prefix of
1275 1277 * '/' added (if needed for paths). Another is added for '\0'
1276 1278 *
1277 1279 * if offset is zero, new data overwrites old, if any. Otherwise
1278 1280 * new data is appended to the end.
1279 1281 */
1280 1282
1281 1283 static void
1282 1284 get_bytes_to_string(parse_context_t *ctx, size_t *l, char **p,
1283 1285 size_t offset)
1284 1286 {
1285 1287 ushort_t len;
1286 1288 char *bp;
1287 1289
1288 1290 adrm_u_short(&(ctx->adr), &len, 1);
1289 1291
1290 1292 len++; /* in case need to add '/' prefix */
1291 1293 *p = realloc(*p, 1 + (size_t)len + offset);
1292 1294 if (*p == NULL) {
1293 1295 perror("audit_sysudp.so");
1294 1296 return;
1295 1297 }
1296 1298 if (offset > 0)
1297 1299 offset--; /* overwrite end of string */
1298 1300
1299 1301 *l = (size_t)len - 2 + offset;
1300 1302
1301 1303 bp = *p + offset;
1302 1304 adrm_char(&(ctx->adr), bp, len - 1);
1303 1305 *(bp + len - 1) = '\0';
1304 1306 }
1305 1307
1306 1308
1307 1309 /*
1308 1310 * Format of host token:
1309 1311 * host adr_uint32
1310 1312 */
1311 1313 int
1312 1314 host_token(parse_context_t *ctx)
1313 1315 {
1314 1316 ctx->adr.adr_now += sizeof (int32_t);
1315 1317
1316 1318 return (0);
1317 1319 }
1318 1320
1319 1321 /*
1320 1322 * Format of useofauth token:
1321 1323 * uauth token id adr_char
1322 1324 * uauth adr_string
1323 1325 *
1324 1326 */
1325 1327 int
1326 1328 useofauth_token(parse_context_t *ctx)
1327 1329 {
1328 1330 get_bytes_to_string(ctx, &(ctx->out.sf_uauthlen),
1329 1331 &(ctx->out.sf_uauth), 0);
1330 1332
1331 1333 return (0);
1332 1334 }
1333 1335
1334 1336 /*
1335 1337 * Format of user token:
1336 1338 * user token id adr_char
1337 1339 * uid adr_uid
1338 1340 * username adr_string
1339 1341 *
1340 1342 */
1341 1343 int
1342 1344 user_token(parse_context_t *ctx)
1343 1345 {
1344 1346 ctx->adr.adr_now += sizeof (uid_t);
1345 1347 skip_bytes(ctx);
1346 1348
1347 1349 return (0);
1348 1350 }
1349 1351
1350 1352 /*
1351 1353 * Format of zonename token:
1352 1354 * zonename token id adr_char
1353 1355 * zonename adr_string
1354 1356 *
1355 1357 */
1356 1358 int
1357 1359 zonename_token(parse_context_t *ctx)
1358 1360 {
1359 1361 get_bytes_to_string(ctx,
1360 1362 &(ctx->out.sf_zonelen),
1361 1363 &(ctx->out.sf_zonename),
1362 1364 0);
1363 1365
1364 1366 return (0);
1365 1367 }
1366 1368
1367 1369 /*
1368 1370 * Format of fmri token:
1369 1371 * fmri token id adr_char
1370 1372 * fmri adr_string
1371 1373 */
1372 1374 int
1373 1375 fmri_token(parse_context_t *ctx)
1374 1376 {
1375 1377 skip_bytes(ctx);
1376 1378
1377 1379 return (0);
1378 1380 }
1379 1381
1380 1382 int
1381 1383 xcolormap_token(parse_context_t *ctx)
1382 1384 {
1383 1385 return (xgeneric(ctx));
1384 1386 }
1385 1387
1386 1388 int
1387 1389 xcursor_token(parse_context_t *ctx)
1388 1390 {
1389 1391 return (xgeneric(ctx));
1390 1392 }
1391 1393
1392 1394 int
1393 1395 xfont_token(parse_context_t *ctx)
1394 1396 {
1395 1397 return (xgeneric(ctx));
1396 1398 }
1397 1399
1398 1400 int
1399 1401 xgc_token(parse_context_t *ctx)
1400 1402 {
1401 1403 return (xgeneric(ctx));
1402 1404 }
1403 1405
1404 1406 int
1405 1407 xpixmap_token(parse_context_t *ctx)
1406 1408 {
1407 1409 return (xgeneric(ctx));
1408 1410 }
1409 1411
1410 1412 int
1411 1413 xwindow_token(parse_context_t *ctx)
1412 1414 {
1413 1415 return (xgeneric(ctx));
1414 1416 }
1415 1417 /*
1416 1418 * Format of xgeneric token:
1417 1419 * XID adr_int32
1418 1420 * creator UID adr_int32
1419 1421 *
1420 1422 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow
1421 1423 */
1422 1424 static int
1423 1425 xgeneric(parse_context_t *ctx)
1424 1426 {
1425 1427 ctx->adr.adr_now += 2 * sizeof (int32_t);
1426 1428
1427 1429 return (0);
1428 1430 }
1429 1431 /*
1430 1432 * Format of xproperty token:
1431 1433 * XID adr_int32
1432 1434 * creator UID adr_int32
1433 1435 * atom string adr_string
1434 1436 */
1435 1437 int
1436 1438 xproperty_token(parse_context_t *ctx)
1437 1439 {
1438 1440 ctx->adr.adr_now += 2 * sizeof (int32_t);
1439 1441
1440 1442 return (0);
1441 1443 }
1442 1444 /*
1443 1445 * Format of xclient token:
1444 1446 * xclient id adr_int32
1445 1447 */
1446 1448 int
1447 1449 xclient_token(parse_context_t *ctx)
1448 1450 {
1449 1451 ctx->adr.adr_now += sizeof (int32_t);
1450 1452
1451 1453 return (0);
1452 1454 }
1453 1455
1454 1456 /*
1455 1457 * -----------------------------------------------------------------------
1456 1458 * privilege_token() : Process privilege token and display contents
1457 1459 *
1458 1460 * Format of privilege token:
1459 1461 * privilege token id adr_char
1460 1462 * privilege type adr_string
1461 1463 * privilege adr_string
1462 1464 * -----------------------------------------------------------------------
1463 1465 */
1464 1466
1465 1467 int
1466 1468 privilege_token(parse_context_t *ctx)
1467 1469 {
1468 1470 skip_bytes(ctx);
1469 1471 skip_bytes(ctx);
1470 1472
1471 1473 return (0);
1472 1474 }
1473 1475
1474 1476 /*
1475 1477 * -----------------------------------------------------------------------
1476 1478 * secflags_token() : Process secflags token and display contents
1477 1479 *
1478 1480 * Format of privilege token:
1479 1481 * secflags token id adr_char
1480 1482 * secflag set name adr_string
1481 1483 * secflags adr_string
1482 1484 * -----------------------------------------------------------------------
1483 1485 */
1484 1486 int
1485 1487 secflags_token(parse_context_t *ctx)
1486 1488 {
1487 1489 skip_bytes(ctx);
1488 1490 skip_bytes(ctx);
1489 1491
1490 1492 return (0);
1491 1493 }
1492 1494
1493 1495 /*
1494 1496 * Format of label token:
1495 1497 * label ID 1 byte
1496 1498 * compartment length 1 byte
1497 1499 * classification 2 bytes
1498 1500 * compartment words <compartment length> * 4 bytes
1499 1501 */
1500 1502 int
1501 1503 label_token(parse_context_t *ctx)
1502 1504 {
1503 1505 char c;
1504 1506
1505 1507 ctx->adr.adr_now += sizeof (char); /* label ID */
1506 1508 adrm_char(&(ctx->adr), &c, 1);
1507 1509
1508 1510 ctx->adr.adr_now += sizeof (ushort_t); /* classification */
1509 1511 ctx->adr.adr_now += 4 * c; /* compartments */
1510 1512
1511 1513 return (0);
1512 1514 }
1513 1515
1514 1516 /*
1515 1517 * Format of useofpriv token:
|
↓ open down ↓ |
1481 lines elided |
↑ open up ↑ |
1516 1518 * priv_type adr_char
1517 1519 * priv_set_t adr_short
1518 1520 * priv_set adr_char*(sizeof (priv_set_t))
1519 1521 */
1520 1522 int
1521 1523 useofpriv_token(parse_context_t *ctx)
1522 1524 {
1523 1525 ctx->adr.adr_now += sizeof (char); /* success / fail */
1524 1526 skip_bytes(ctx);
1525 1527
1528 + return (0);
1529 +}
1530 +
1531 +/*
1532 + * Format of access_mask token:
1533 + * access_mask adr_u_int32
1534 + */
1535 +int
1536 +access_mask_token(parse_context_t *ctx)
1537 +{
1538 + ctx->adr.adr_now += sizeof (uint32_t);
1539 +
1540 + return (0);
1541 +}
1542 +
1543 +/*
1544 + * Format of wsid token:
1545 + * wsid adr_string
1546 + */
1547 +int
1548 +wsid_token(parse_context_t *ctx)
1549 +{
1550 + skip_bytes(ctx);
1551 +
1526 1552 return (0);
1527 1553 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX