Print this page
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit_token.c
+++ new/usr/src/uts/common/c2/audit_token.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 26 */
25 27
26 28 /*
27 29 * Support routines for building audit records.
28 30 */
29 31
30 32 #include <sys/param.h>
31 33 #include <sys/systm.h> /* for rval */
32 34 #include <sys/time.h>
33 35 #include <sys/types.h>
34 36 #include <sys/vnode.h>
35 37 #include <sys/mode.h>
36 38 #include <sys/user.h>
37 39 #include <sys/session.h>
38 40 #include <sys/acl.h>
39 41 #include <sys/ipc_impl.h>
40 42 #include <netinet/in_systm.h>
41 43 #include <netinet/in.h>
42 44 #include <netinet/ip.h>
43 45 #include <sys/socket.h>
44 46 #include <net/route.h>
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
45 47 #include <netinet/in_pcb.h>
46 48 #include <c2/audit.h>
47 49 #include <c2/audit_kernel.h>
48 50 #include <c2/audit_record.h>
49 51 #include <sys/model.h> /* for model_t */
50 52 #include <sys/vmparam.h> /* for USRSTACK/USRSTACK32 */
51 53 #include <sys/vfs.h> /* for sonode */
52 54 #include <sys/socketvar.h> /* for sonode */
53 55 #include <sys/zone.h>
54 56 #include <sys/tsol/label.h>
57 +#include <sys/cmn_err.h>
55 58
56 59 /*
57 60 * These are the control tokens
58 61 */
59 62
60 63 /*
61 64 * au_to_header
62 65 * returns:
63 66 * pointer to au_membuf chain containing a header token.
64 67 */
65 68 token_t *
66 69 au_to_header(int byte_count, au_event_t e_type, au_emod_t e_mod)
67 70 {
68 71 adr_t adr; /* adr memory stream header */
69 72 token_t *m; /* au_membuf pointer */
70 73 #ifdef _LP64
71 74 char data_header = AUT_HEADER64; /* header for this token */
72 75 static int64_t zerotime[2];
73 76 #else
74 77 char data_header = AUT_HEADER32;
75 78 static int32_t zerotime[2];
76 79 #endif
77 80 char version = TOKEN_VERSION; /* version of token family */
78 81
79 82 m = au_getclr();
80 83
81 84 adr_start(&adr, memtod(m, char *));
82 85 adr_char(&adr, &data_header, 1); /* token ID */
83 86 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
84 87 /* audit record */
85 88 adr_char(&adr, &version, 1); /* version of audit tokens */
86 89 adr_ushort(&adr, &e_type, 1); /* event ID */
87 90 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
88 91 #ifdef _LP64
89 92 adr_int64(&adr, zerotime, 2); /* time & date space */
90 93 #else
91 94 adr_int32(&adr, zerotime, 2);
92 95 #endif
93 96 m->len = adr_count(&adr);
94 97
95 98 return (m);
96 99 }
97 100
98 101 token_t *
99 102 au_to_header_ex(int byte_count, au_event_t e_type, au_emod_t e_mod)
100 103 {
101 104 adr_t adr; /* adr memory stream header */
102 105 token_t *m; /* au_membuf pointer */
103 106 au_kcontext_t *kctx = GET_KCTX_PZ;
104 107
105 108 #ifdef _LP64
106 109 char data_header = AUT_HEADER64_EX; /* header for this token */
107 110 static int64_t zerotime[2];
108 111 #else
109 112 char data_header = AUT_HEADER32_EX;
110 113 static int32_t zerotime[2];
111 114 #endif
112 115 char version = TOKEN_VERSION; /* version of token family */
113 116
114 117 m = au_getclr();
115 118
116 119 adr_start(&adr, memtod(m, char *));
117 120 adr_char(&adr, &data_header, 1); /* token ID */
118 121 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
119 122 /* audit record */
120 123 adr_char(&adr, &version, 1); /* version of audit tokens */
121 124 adr_ushort(&adr, &e_type, 1); /* event ID */
122 125 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
123 126 adr_uint32(&adr, &kctx->auk_info.ai_termid.at_type, 1);
124 127 adr_char(&adr, (char *)&kctx->auk_info.ai_termid.at_addr[0],
125 128 (int)kctx->auk_info.ai_termid.at_type);
126 129 #ifdef _LP64
127 130 adr_int64(&adr, zerotime, 2); /* time & date */
128 131 #else
129 132 adr_int32(&adr, zerotime, 2);
130 133 #endif
131 134 m->len = adr_count(&adr);
132 135
133 136 return (m);
134 137 }
135 138
136 139 /*
137 140 * au_to_trailer
138 141 * returns:
139 142 * pointer to au_membuf chain containing a trailer token.
140 143 */
141 144 token_t *
142 145 au_to_trailer(int byte_count)
143 146 {
144 147 adr_t adr; /* adr memory stream header */
145 148 token_t *m; /* au_membuf pointer */
146 149 char data_header = AUT_TRAILER; /* header for this token */
147 150 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */
148 151
149 152 m = au_getclr();
150 153
151 154 adr_start(&adr, memtod(m, char *));
152 155 adr_char(&adr, &data_header, 1); /* token ID */
153 156 adr_short(&adr, &magic, 1); /* magic number */
154 157 adr_int32(&adr, (int32_t *)&byte_count, 1); /* length of */
155 158 /* audit record */
156 159
157 160 m->len = adr_count(&adr);
158 161
159 162 return (m);
160 163 }
161 164 /*
162 165 * These are the data tokens
163 166 */
164 167
165 168 /*
166 169 * au_to_data
167 170 * returns:
168 171 * pointer to au_membuf chain containing a data token.
169 172 */
170 173 token_t *
171 174 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
172 175 {
173 176 adr_t adr; /* adr memory stream header */
174 177 token_t *m; /* au_membuf pointer */
175 178 char data_header = AUT_DATA; /* header for this token */
176 179
177 180 ASSERT(p != NULL);
178 181 ASSERT(unit_count != 0);
179 182
180 183 switch (unit_type) {
181 184 case AUR_SHORT:
182 185 if (sizeof (short) * unit_count >= AU_BUFSIZE)
183 186 return (au_to_text("au_to_data: unit count too big"));
184 187 break;
185 188 case AUR_INT32:
186 189 if (sizeof (int32_t) * unit_count >= AU_BUFSIZE)
187 190 return (au_to_text("au_to_data: unit count too big"));
188 191 break;
189 192 case AUR_INT64:
190 193 if (sizeof (int64_t) * unit_count >= AU_BUFSIZE)
191 194 return (au_to_text("au_to_data: unit count too big"));
192 195 break;
193 196 case AUR_BYTE:
194 197 default:
195 198 #ifdef _CHAR_IS_UNSIGNED
196 199 if (sizeof (char) * unit_count >= AU_BUFSIZE)
197 200 return (au_to_text("au_to_data: unit count too big"));
198 201 #endif
199 202 /*
200 203 * we used to check for this:
201 204 * sizeof (char) * (int)unit_count >= AU_BUFSIZE).
202 205 * but the compiler is smart enough to see that
203 206 * will never be >= AU_BUFSIZE, since that's 128
204 207 * and unit_count maxes out at 127 (signed char),
205 208 * and complain.
206 209 */
207 210 break;
208 211 }
209 212
210 213 m = au_getclr();
211 214
212 215 adr_start(&adr, memtod(m, char *));
213 216 adr_char(&adr, &data_header, 1);
214 217 adr_char(&adr, &unit_print, 1);
215 218 adr_char(&adr, &unit_type, 1);
216 219 adr_char(&adr, &unit_count, 1);
217 220
218 221 switch (unit_type) {
219 222 case AUR_SHORT:
220 223 adr_short(&adr, (short *)p, unit_count);
221 224 break;
222 225 case AUR_INT32:
223 226 adr_int32(&adr, (int32_t *)p, unit_count);
224 227 break;
225 228 case AUR_INT64:
226 229 adr_int64(&adr, (int64_t *)p, unit_count);
227 230 break;
228 231 case AUR_BYTE:
229 232 default:
230 233 adr_char(&adr, p, unit_count);
231 234 break;
232 235 }
233 236
234 237 m->len = adr_count(&adr);
235 238
236 239 return (m);
237 240 }
238 241
239 242 /*
240 243 * au_to_process
241 244 * au_to_subject
242 245 * returns:
243 246 * pointer to au_membuf chain containing a process token.
244 247 */
245 248 static token_t *au_to_any_process(char, uid_t, gid_t, uid_t, gid_t,
246 249 pid_t, au_id_t, au_asid_t, const au_tid_addr_t *atid);
247 250
248 251 token_t *
249 252 au_to_process(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
250 253 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
251 254 {
252 255 char data_header;
253 256
254 257 #ifdef _LP64
255 258 if (atid->at_type == AU_IPv6)
256 259 data_header = AUT_PROCESS64_EX;
257 260 else
258 261 data_header = AUT_PROCESS64;
259 262 #else
260 263 if (atid->at_type == AU_IPv6)
261 264 data_header = AUT_PROCESS32_EX;
262 265 else
263 266 data_header = AUT_PROCESS32;
264 267 #endif
265 268
266 269 return (au_to_any_process(data_header, uid, gid, ruid,
267 270 rgid, pid, auid, asid, atid));
268 271 }
269 272
270 273 token_t *
271 274 au_to_subject(uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
272 275 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
273 276 {
274 277 char data_header;
275 278
276 279 #ifdef _LP64
277 280 if (atid->at_type == AU_IPv6)
278 281 data_header = AUT_SUBJECT64_EX;
279 282 else
280 283 data_header = AUT_SUBJECT64;
281 284 #else
282 285 if (atid->at_type == AU_IPv6)
283 286 data_header = AUT_SUBJECT32_EX;
284 287 else
285 288 data_header = AUT_SUBJECT32;
286 289 #endif
287 290 return (au_to_any_process(data_header, uid, gid, ruid,
288 291 rgid, pid, auid, asid, atid));
289 292 }
290 293
291 294
292 295 static token_t *
293 296 au_to_any_process(char data_header,
294 297 uid_t uid, gid_t gid, uid_t ruid, gid_t rgid, pid_t pid,
295 298 au_id_t auid, au_asid_t asid, const au_tid_addr_t *atid)
296 299 {
297 300 token_t *m; /* local au_membuf */
298 301 adr_t adr; /* adr memory stream header */
299 302 int32_t value;
300 303
301 304 m = au_getclr();
302 305
303 306 adr_start(&adr, memtod(m, char *));
304 307 adr_char(&adr, &data_header, 1);
305 308 value = (int32_t)auid;
306 309 adr_int32(&adr, &value, 1);
307 310 value = (int32_t)uid;
308 311 adr_int32(&adr, &value, 1);
309 312 value = (int32_t)gid;
310 313 adr_int32(&adr, &value, 1);
311 314 value = (int32_t)ruid;
312 315 adr_int32(&adr, &value, 1);
313 316 value = (int32_t)rgid;
314 317 adr_int32(&adr, &value, 1);
315 318 value = (int32_t)pid;
316 319 adr_int32(&adr, &value, 1);
317 320 value = (int32_t)asid;
318 321 adr_int32(&adr, &value, 1);
319 322 #ifdef _LP64
320 323 adr_int64(&adr, (int64_t *)&(atid->at_port), 1);
321 324 #else
322 325 adr_int32(&adr, (int32_t *)&(atid->at_port), 1);
323 326 #endif
324 327 if (atid->at_type == AU_IPv6) {
325 328 adr_uint32(&adr, (uint_t *)&atid->at_type, 1);
326 329 adr_char(&adr, (char *)&atid->at_addr[0], 16);
327 330 } else {
328 331 adr_char(&adr, (char *)&(atid->at_addr[0]), 4);
329 332 }
330 333
331 334 m->len = adr_count(&adr);
332 335
333 336 return (m);
334 337 }
335 338
336 339 /*
337 340 * au_to_text
338 341 * returns:
339 342 * pointer to au_membuf chain containing a text token.
340 343 */
341 344 token_t *
342 345 au_to_text(const char *text)
343 346 {
344 347 token_t *token; /* local au_membuf */
345 348 adr_t adr; /* adr memory stream header */
346 349 char data_header = AUT_TEXT; /* header for this token */
347 350 short bytes; /* length of string */
348 351
349 352 token = au_getclr();
350 353
351 354 bytes = (short)strlen(text) + 1;
352 355 adr_start(&adr, memtod(token, char *));
353 356 adr_char(&adr, &data_header, 1);
354 357 adr_short(&adr, &bytes, 1);
355 358
356 359 token->len = (char)adr_count(&adr);
357 360 /*
358 361 * Now attach the text
359 362 */
360 363 (void) au_append_buf(text, bytes, token);
361 364
362 365 return (token);
363 366 }
364 367
365 368 /*
366 369 * au_zonename_length
367 370 * returns:
368 371 * - length of zonename token to be generated
369 372 * - zone name up to ZONENAME_MAX + 1 in length
370 373 */
371 374 #define ZONE_TOKEN_OVERHEAD 3
372 375 /*
373 376 * the zone token is
374 377 * token id (1 byte)
375 378 * string length (2 bytes)
376 379 * the string (strlen(zonename) + 1)
377 380 */
378 381 size_t
379 382 au_zonename_length(zone_t *zone)
380 383 {
381 384 if (zone == NULL)
382 385 zone = curproc->p_zone;
383 386 return (strlen(zone->zone_name) + 1 +
384 387 ZONE_TOKEN_OVERHEAD);
385 388 }
386 389
387 390 /*
388 391 * au_to_zonename
389 392 *
390 393 * A length of zero input to au_to_zonename means the length is not
391 394 * pre-calculated.
392 395 *
393 396 * The caller is responsible for checking the AUDIT_ZONENAME policy
394 397 * before calling au_zonename_length() and au_to_zonename(). If
395 398 * the policy changes between the calls, no harm is done, so the
396 399 * policy only needs to be checked once.
397 400 *
398 401 * returns:
399 402 * pointer to au_membuf chain containing a zonename token; NULL if
400 403 * policy is off.
401 404 *
402 405 * if the zonename token is generated at token generation close time,
403 406 * the length of the token is already known and it is ASSERTed that
404 407 * it has not changed. If not precalculated, zone_length must be
405 408 * zero.
406 409 */
407 410 token_t *
408 411 au_to_zonename(size_t zone_length, zone_t *zone)
409 412 {
410 413 token_t *token; /* local au_membuf */
411 414 adr_t adr; /* adr memory stream header */
412 415 char data_header = AUT_ZONENAME; /* header for this token */
413 416 short bytes; /* length of string */
414 417
415 418 token = au_getclr();
416 419
417 420 if (zone == NULL)
418 421 zone = curproc->p_zone;
419 422 bytes = (short)strlen(zone->zone_name) + 1;
420 423 /*
421 424 * If zone_length != 0, it was precalculated and is
422 425 * the token length, not the string length.
423 426 */
424 427 ASSERT((zone_length == 0) ||
425 428 (zone_length == (bytes + ZONE_TOKEN_OVERHEAD)));
426 429
427 430 adr_start(&adr, memtod(token, char *));
428 431 adr_char(&adr, &data_header, 1);
429 432 adr_short(&adr, &bytes, 1);
430 433
431 434 token->len = (char)adr_count(&adr);
432 435 (void) au_append_buf(zone->zone_name, bytes, token);
433 436
434 437 return (token);
435 438 }
436 439
437 440 /*
438 441 * au_to_strings
439 442 * returns:
440 443 * pointer to au_membuf chain containing a strings array token.
441 444 */
442 445 token_t *
443 446 au_to_strings(
444 447 char header, /* token type */
445 448 const char *kstrp, /* kernel string pointer */
446 449 ssize_t count) /* count of arguments */
447 450 {
448 451 token_t *token; /* local au_membuf */
449 452 token_t *m; /* local au_membuf */
450 453 adr_t adr; /* adr memory stream header */
451 454 size_t len;
452 455 int32_t tlen;
453 456
454 457 token = au_getclr();
455 458
456 459 adr_start(&adr, memtod(token, char *));
457 460 adr_char(&adr, &header, 1);
458 461 tlen = (int32_t)count;
459 462 adr_int32(&adr, &tlen, 1);
460 463
461 464 token->len = (char)adr_count(&adr);
462 465
463 466 while (count-- > 0) {
464 467 m = au_getclr();
465 468 len = strlen(kstrp) + 1;
466 469 (void) au_append_buf(kstrp, len, m);
467 470 (void) au_append_rec((token_t *)token, (token_t *)m, AU_PACK);
468 471 kstrp += len;
469 472 }
470 473
471 474 return (token);
472 475 }
473 476
474 477 /*
475 478 * au_to_exec_args
476 479 * returns:
477 480 * pointer to au_membuf chain containing a argv token.
478 481 */
479 482 token_t *
480 483 au_to_exec_args(const char *kstrp, ssize_t argc)
481 484 {
482 485 return (au_to_strings(AUT_EXEC_ARGS, kstrp, argc));
483 486 }
484 487
485 488 /*
486 489 * au_to_exec_env
487 490 * returns:
488 491 * pointer to au_membuf chain containing a arge token.
489 492 */
490 493 token_t *
491 494 au_to_exec_env(const char *kstrp, ssize_t envc)
492 495 {
493 496 return (au_to_strings(AUT_EXEC_ENV, kstrp, envc));
494 497 }
495 498
496 499 /*
497 500 * au_to_arg32
498 501 * char n; argument # being used
499 502 * char *text; text describing argument
500 503 * uint32_t v; argument value
501 504 * returns:
502 505 * pointer to au_membuf chain containing an argument token.
503 506 */
504 507 token_t *
505 508 au_to_arg32(char n, char *text, uint32_t v)
506 509 {
507 510 token_t *token; /* local au_membuf */
508 511 adr_t adr; /* adr memory stream header */
509 512 char data_header = AUT_ARG32; /* header for this token */
510 513 short bytes; /* length of string */
511 514
512 515 token = au_getclr();
513 516
514 517 bytes = strlen(text) + 1;
515 518 adr_start(&adr, memtod(token, char *));
516 519 adr_char(&adr, &data_header, 1); /* token type */
517 520 adr_char(&adr, &n, 1); /* argument id */
518 521 adr_uint32(&adr, &v, 1); /* argument value */
519 522 adr_short(&adr, &bytes, 1);
520 523
521 524 token->len = adr_count(&adr);
522 525 /*
523 526 * Now add the description
524 527 */
525 528 (void) au_append_buf(text, bytes, token);
526 529
527 530 return (token);
528 531 }
529 532
530 533
531 534 /*
532 535 * au_to_arg64
533 536 * char n; argument # being used
534 537 * char *text; text describing argument
535 538 * uint64_t v; argument value
536 539 * returns:
537 540 * pointer to au_membuf chain containing an argument token.
538 541 */
539 542 token_t *
540 543 au_to_arg64(char n, char *text, uint64_t v)
541 544 {
542 545 token_t *token; /* local au_membuf */
543 546 adr_t adr; /* adr memory stream header */
544 547 char data_header = AUT_ARG64; /* header for this token */
545 548 short bytes; /* length of string */
546 549
547 550 token = au_getclr();
548 551
549 552 bytes = strlen(text) + 1;
550 553 adr_start(&adr, memtod(token, char *));
551 554 adr_char(&adr, &data_header, 1); /* token type */
552 555 adr_char(&adr, &n, 1); /* argument id */
553 556 adr_uint64(&adr, &v, 1); /* argument value */
554 557 adr_short(&adr, &bytes, 1);
555 558
556 559 token->len = adr_count(&adr);
557 560 /*
558 561 * Now the description
559 562 */
560 563 (void) au_append_buf(text, bytes, token);
561 564
562 565 return (token);
563 566 }
564 567
565 568
566 569 /*
567 570 * au_to_path
568 571 * returns:
569 572 * pointer to au_membuf chain containing a path token.
570 573 */
571 574 token_t *
572 575 au_to_path(struct audit_path *app)
573 576 {
574 577 token_t *token; /* local au_membuf */
575 578 token_t *m; /* local au_membuf */
576 579 adr_t adr; /* adr memory stream header */
577 580 char data_header = AUT_PATH; /* header for this token */
578 581 short bytes; /* length of string */
579 582 char *path = app->audp_sect[0];
580 583
581 584 bytes = (short)(app->audp_sect[1] - app->audp_sect[0]);
582 585
583 586 /*
584 587 * generate path token header
585 588 */
586 589 m = au_getclr();
587 590 adr_start(&adr, memtod(m, char *));
588 591 adr_char(&adr, &data_header, 1);
589 592 adr_short(&adr, &bytes, 1);
590 593 m->len = adr_count(&adr);
591 594
592 595 /* append path string */
593 596 token = m;
594 597 (void) au_append_buf(path, bytes, token);
595 598
596 599 if (app->audp_cnt > 1) {
597 600 /* generate attribute path strings token */
|
↓ open down ↓ |
533 lines elided |
↑ open up ↑ |
598 601 m = au_to_strings(AUT_XATPATH, app->audp_sect[1],
599 602 app->audp_cnt - 1);
600 603
601 604 token = au_append_token(token, m);
602 605 }
603 606
604 607 return (token);
605 608 }
606 609
607 610 /*
611 + * au_to_path_string
612 + * returns:
613 + * pointer to au_membuf chain containing a path token.
614 + */
615 +token_t *
616 +au_to_path_string(const char *path)
617 +{
618 + token_t *token; /* local au_membuf */
619 + adr_t adr; /* adr memory stream header */
620 + char data_header = AUT_PATH; /* header for this token */
621 + short bytes; /* length of string */
622 +
623 + bytes = strlen(path) + 1;
624 +
625 + /*
626 + * generate path token header
627 + */
628 + token = au_getclr();
629 + adr_start(&adr, memtod(token, char *));
630 + adr_char(&adr, &data_header, 1);
631 + adr_short(&adr, &bytes, 1);
632 + token->len = adr_count(&adr);
633 +
634 + /* append path string */
635 + (void) au_append_buf(path, bytes, token);
636 +
637 + return (token);
638 +}
639 +
640 +/*
608 641 * au_to_ipc
609 642 * returns:
610 643 * pointer to au_membuf chain containing a System V IPC token.
611 644 */
612 645 token_t *
613 646 au_to_ipc(char type, int id)
614 647 {
615 648 token_t *m; /* local au_membuf */
616 649 adr_t adr; /* adr memory stream header */
617 650 char data_header = AUT_IPC; /* header for this token */
618 651
619 652 m = au_getclr();
620 653
621 654 adr_start(&adr, memtod(m, char *));
622 655 adr_char(&adr, &data_header, 1);
623 656 adr_char(&adr, &type, 1); /* type of IPC object */
624 657 adr_int32(&adr, (int32_t *)&id, 1);
625 658
626 659 m->len = adr_count(&adr);
627 660
628 661 return (m);
629 662 }
630 663
631 664 /*
632 665 * au_to_return32
633 666 * returns:
634 667 * pointer to au_membuf chain containing a return value token.
635 668 */
636 669 token_t *
637 670 au_to_return32(int error, int32_t rv)
638 671 {
639 672 token_t *m; /* local au_membuf */
640 673 adr_t adr; /* adr memory stream header */
641 674 char data_header = AUT_RETURN32; /* header for this token */
642 675 int32_t val;
643 676 char ed = error;
644 677
645 678 m = au_getclr();
646 679
647 680 adr_start(&adr, memtod(m, char *));
648 681 adr_char(&adr, &data_header, 1);
649 682 adr_char(&adr, &ed, 1);
650 683
651 684 if (error) {
652 685 val = -1;
653 686 adr_int32(&adr, &val, 1);
654 687 } else {
655 688 adr_int32(&adr, &rv, 1);
656 689 }
657 690 m->len = adr_count(&adr);
658 691
659 692 return (m);
660 693 }
661 694
662 695 /*
663 696 * au_to_return64
664 697 * returns:
665 698 * pointer to au_membuf chain containing a return value token.
666 699 */
667 700 token_t *
668 701 au_to_return64(int error, int64_t rv)
669 702 {
670 703 token_t *m; /* local au_membuf */
671 704 adr_t adr; /* adr memory stream header */
672 705 char data_header = AUT_RETURN64; /* header for this token */
673 706 int64_t val;
674 707 char ed = error;
675 708
676 709 m = au_getclr();
677 710
678 711 adr_start(&adr, memtod(m, char *));
679 712 adr_char(&adr, &data_header, 1);
680 713 adr_char(&adr, &ed, 1);
681 714
682 715 if (error) {
683 716 val = -1;
684 717 adr_int64(&adr, &val, 1);
685 718 } else {
686 719 adr_int64(&adr, &rv, 1);
687 720 }
688 721 m->len = adr_count(&adr);
689 722
690 723 return (m);
691 724 }
692 725
693 726 #ifdef AU_MAY_USE_SOMEDAY
694 727 /*
695 728 * au_to_opaque
696 729 * returns:
697 730 * pointer to au_membuf chain containing a opaque token.
698 731 */
699 732 token_t *
700 733 au_to_opaque(short bytes, char *opaque)
701 734 {
702 735 token_t *token; /* local au_membuf */
703 736 adr_t adr; /* adr memory stream header */
704 737 char data_header = AUT_OPAQUE; /* header for this token */
705 738
706 739 token = au_getclr();
707 740
708 741 adr_start(&adr, memtod(token, char *));
709 742 adr_char(&adr, &data_header, 1);
710 743 adr_short(&adr, &bytes, 1);
711 744
712 745 token->len = adr_count(&adr);
713 746
714 747 /*
715 748 * Now attach the data
716 749 */
717 750 (void) au_append_buf(opaque, bytes, token);
718 751
719 752 return (token);
720 753 }
721 754 #endif /* AU_MAY_USE_SOMEDAY */
722 755
723 756 /*
724 757 * au_to_ip
725 758 * returns:
726 759 * pointer to au_membuf chain containing a ip header token
727 760 */
728 761 token_t *
729 762 au_to_ip(struct ip *ipp)
730 763 {
731 764 token_t *m; /* local au_membuf */
732 765 adr_t adr; /* adr memory stream header */
733 766 char data_header = AUT_IP; /* header for this token */
734 767
735 768 m = au_getclr();
736 769
737 770 adr_start(&adr, memtod(m, char *));
738 771 adr_char(&adr, &data_header, 1);
739 772 adr_char(&adr, (char *)ipp, 2);
740 773 adr_short(&adr, (short *)&(ipp->ip_len), 3);
741 774 adr_char(&adr, (char *)&(ipp->ip_ttl), 2);
742 775 adr_short(&adr, (short *)&(ipp->ip_sum), 1);
743 776 adr_int32(&adr, (int32_t *)&(ipp->ip_src), 2);
744 777
745 778 m->len = adr_count(&adr);
746 779
747 780 return (m);
748 781 }
749 782
750 783 /*
751 784 * au_to_iport
752 785 * returns:
753 786 * pointer to au_membuf chain containing a ip path token
754 787 */
755 788 token_t *
756 789 au_to_iport(ushort_t iport)
757 790 {
758 791 token_t *m; /* local au_membuf */
759 792 adr_t adr; /* adr memory stream header */
760 793 char data_header = AUT_IPORT; /* header for this token */
761 794
762 795 m = au_getclr();
763 796
764 797 adr_start(&adr, memtod(m, char *));
765 798 adr_char(&adr, &data_header, 1);
766 799 adr_ushort(&adr, &iport, 1);
767 800
768 801 m->len = adr_count(&adr);
769 802
770 803 return (m);
771 804 }
772 805
773 806 /*
774 807 * au_to_in_addr
775 808 * returns:
776 809 * pointer to au_membuf chain containing a ip path token
777 810 */
778 811 token_t *
779 812 au_to_in_addr(struct in_addr *internet_addr)
780 813 {
781 814 token_t *m; /* local au_membuf */
782 815 adr_t adr; /* adr memory stream header */
783 816 char data_header = AUT_IN_ADDR; /* header for this token */
784 817
785 818 m = au_getclr();
786 819
787 820 adr_start(&adr, memtod(m, char *));
788 821 adr_char(&adr, &data_header, 1);
789 822 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
790 823
791 824 m->len = adr_count(&adr);
792 825
793 826 return (m);
794 827 }
795 828
796 829 /*
797 830 * au_to_in_addr_ex
798 831 * returns:
799 832 * pointer to au_membuf chain containing an ipv6 token
800 833 */
801 834 token_t *
802 835 au_to_in_addr_ex(int32_t *internet_addr)
803 836 {
804 837 token_t *m; /* local au_membuf */
805 838 adr_t adr; /* adr memory stream header */
806 839 char data_header_v4 = AUT_IN_ADDR; /* header for v4 token */
807 840 char data_header_v6 = AUT_IN_ADDR_EX; /* header for v6 token */
808 841 int32_t type = AU_IPv6;
809 842
810 843 m = au_getclr();
811 844 adr_start(&adr, memtod(m, char *));
812 845
813 846 if (IN6_IS_ADDR_V4MAPPED((in6_addr_t *)internet_addr)) {
814 847 ipaddr_t in4;
815 848
816 849 /*
817 850 * An IPv4-mapped IPv6 address is really an IPv4 address
818 851 * in IPv6 format.
819 852 */
820 853 IN6_V4MAPPED_TO_IPADDR((in6_addr_t *)internet_addr, in4);
821 854
822 855 adr_char(&adr, &data_header_v4, 1);
823 856 adr_char(&adr, (char *)&in4, sizeof (ipaddr_t));
824 857 } else {
825 858 adr_char(&adr, &data_header_v6, 1);
826 859 adr_int32(&adr, &type, 1);
827 860 adr_char(&adr, (char *)internet_addr, sizeof (struct in6_addr));
828 861 }
829 862
830 863 m->len = adr_count(&adr);
831 864
832 865 return (m);
833 866 }
834 867
835 868 /*
836 869 * The Modifier tokens
837 870 */
838 871
839 872 /*
840 873 * au_to_attr
841 874 * returns:
842 875 * pointer to au_membuf chain containing an attribute token.
843 876 */
844 877 token_t *
845 878 au_to_attr(struct vattr *attr)
846 879 {
847 880 token_t *m; /* local au_membuf */
848 881 adr_t adr; /* adr memory stream header */
849 882 #ifdef _LP64
850 883 char data_header = AUT_ATTR64; /* header for this token */
851 884 #else
852 885 char data_header = AUT_ATTR32;
853 886 #endif
854 887 int32_t value;
855 888
856 889 m = au_getclr();
857 890
858 891 adr_start(&adr, memtod(m, char *));
859 892 adr_char(&adr, &data_header, 1);
860 893 value = (int32_t)attr->va_mode;
861 894 value |= (int32_t)(VTTOIF(attr->va_type));
862 895 adr_int32(&adr, &value, 1);
863 896 value = (int32_t)attr->va_uid;
864 897 adr_int32(&adr, &value, 1);
865 898 value = (int32_t)attr->va_gid;
866 899 adr_int32(&adr, &value, 1);
867 900 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
868 901 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
869 902 #ifdef _LP64
870 903 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
871 904 #else
872 905 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
873 906 #endif
874 907
875 908 m->len = adr_count(&adr);
876 909
877 910 return (m);
878 911 }
879 912
880 913 token_t *
881 914 au_to_acl(struct acl *aclp)
882 915 {
883 916 token_t *m; /* local au_membuf */
884 917 adr_t adr; /* adr memory stream header */
885 918 char data_header = AUT_ACL; /* header for this token */
886 919 int32_t value;
887 920
888 921 m = au_getclr();
889 922
890 923 adr_start(&adr, memtod(m, char *));
891 924 adr_char(&adr, &data_header, 1);
892 925
893 926 value = (int32_t)aclp->a_type;
894 927 adr_int32(&adr, &value, 1);
895 928 value = (int32_t)aclp->a_id;
896 929 adr_int32(&adr, &value, 1);
897 930 value = (int32_t)aclp->a_perm;
898 931 adr_int32(&adr, &value, 1);
899 932
900 933 m->len = adr_count(&adr);
901 934 return (m);
902 935 }
903 936
904 937 token_t *
905 938 au_to_ace(ace_t *acep)
906 939 {
907 940 token_t *m; /* local au_membuf */
908 941 adr_t adr; /* adr memory stream header */
909 942 char data_header = AUT_ACE; /* header for this token */
910 943
911 944 m = au_getclr();
912 945
913 946 adr_start(&adr, memtod(m, char *));
914 947 adr_char(&adr, &data_header, 1);
915 948
916 949 adr_uint32(&adr, &(acep->a_who), 1);
917 950 adr_uint32(&adr, &(acep->a_access_mask), 1);
918 951 adr_ushort(&adr, &(acep->a_flags), 1);
919 952 adr_ushort(&adr, &(acep->a_type), 1);
920 953
921 954 m->len = adr_count(&adr);
922 955 return (m);
923 956 }
924 957
925 958 /*
926 959 * au_to_ipc_perm
927 960 * returns:
928 961 * pointer to au_membuf chain containing a System V IPC attribute token.
929 962 */
930 963 token_t *
931 964 au_to_ipc_perm(struct kipc_perm *perm)
932 965 {
933 966 token_t *m; /* local au_membuf */
934 967 adr_t adr; /* adr memory stream header */
935 968 char data_header = AUT_IPC_PERM; /* header for this token */
936 969 int32_t value;
937 970
938 971 m = au_getclr();
939 972
940 973 adr_start(&adr, memtod(m, char *));
941 974 adr_char(&adr, &data_header, 1);
942 975 value = (int32_t)perm->ipc_uid;
943 976 adr_int32(&adr, &value, 1);
944 977 value = (int32_t)perm->ipc_gid;
945 978 adr_int32(&adr, &value, 1);
946 979 value = (int32_t)perm->ipc_cuid;
947 980 adr_int32(&adr, &value, 1);
948 981 value = (int32_t)perm->ipc_cgid;
949 982 adr_int32(&adr, &value, 1);
950 983 value = (int32_t)perm->ipc_mode;
951 984 adr_int32(&adr, &value, 1);
952 985 value = 0; /* seq is now obsolete */
953 986 adr_int32(&adr, &value, 1);
954 987 value = (int32_t)perm->ipc_key;
955 988 adr_int32(&adr, &value, 1);
956 989
957 990 m->len = adr_count(&adr);
958 991
959 992 return (m);
960 993 }
961 994
962 995 token_t *
963 996 au_to_groups(const gid_t *crgroups, uint_t crngroups)
964 997 {
965 998 token_t *m; /* local au_membuf */
966 999 adr_t adr; /* adr memory stream header */
967 1000 char data_header = AUT_NEWGROUPS; /* header for this token */
968 1001 short n_groups;
969 1002
970 1003 m = au_getclr();
971 1004
972 1005 adr_start(&adr, memtod(m, char *));
973 1006 adr_char(&adr, &data_header, 1);
974 1007 n_groups = (short)crngroups;
975 1008 adr_short(&adr, &n_groups, 1);
976 1009 adr_int32(&adr, (int32_t *)crgroups, (int)crngroups);
977 1010
978 1011 m->len = adr_count(&adr);
979 1012
980 1013 return (m);
981 1014 }
982 1015
983 1016 /*
984 1017 * au_to_socket_ex
985 1018 * returns:
986 1019 * pointer to au_membuf chain containing a socket token.
987 1020 */
988 1021 token_t *
989 1022 au_to_socket_ex(short dom, short type, char *l, char *f)
990 1023 {
991 1024 adr_t adr;
992 1025 token_t *m;
993 1026 char data_header = AUT_SOCKET_EX;
994 1027 struct sockaddr_in6 *addr6;
995 1028 struct sockaddr_in *addr4;
996 1029 short size;
997 1030
998 1031 m = au_getclr();
999 1032
1000 1033 adr_start(&adr, memtod(m, char *));
1001 1034 adr_char(&adr, &data_header, 1);
1002 1035 adr_short(&adr, &dom, 1); /* dom of socket */
1003 1036 adr_short(&adr, &type, 1); /* type of socket */
1004 1037
1005 1038 if (dom == AF_INET6) {
1006 1039 size = AU_IPv6;
1007 1040 adr_short(&adr, &size, 1); /* type of addresses */
1008 1041 addr6 = (struct sockaddr_in6 *)l;
1009 1042 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1010 1043 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1011 1044 addr6 = (struct sockaddr_in6 *)f;
1012 1045 adr_short(&adr, (short *)&addr6->sin6_port, 1);
1013 1046 adr_char(&adr, (char *)&addr6->sin6_addr, size);
1014 1047 } else if (dom == AF_INET) {
1015 1048 size = AU_IPv4;
1016 1049 adr_short(&adr, &size, 1); /* type of addresses */
1017 1050 addr4 = (struct sockaddr_in *)l;
1018 1051 adr_short(&adr, (short *)&addr4->sin_port, 1);
1019 1052 adr_char(&adr, (char *)&addr4->sin_addr, size);
1020 1053 addr4 = (struct sockaddr_in *)f;
1021 1054 adr_short(&adr, (short *)&addr4->sin_port, 1);
1022 1055 adr_char(&adr, (char *)&addr4->sin_addr, size);
1023 1056 }
1024 1057
1025 1058
1026 1059 m->len = adr_count(&adr);
1027 1060
1028 1061 return (m);
1029 1062 }
1030 1063
1031 1064 /*
1032 1065 * au_to_seq
1033 1066 * returns:
1034 1067 * pointer to au_membuf chain containing a sequence token.
1035 1068 */
1036 1069 token_t *
1037 1070 au_to_seq()
1038 1071 {
1039 1072 adr_t adr;
1040 1073 token_t *m;
1041 1074 char data_header = AUT_SEQ;
1042 1075 static int32_t zerocount;
1043 1076
1044 1077 m = au_getclr();
1045 1078
1046 1079 adr_start(&adr, memtod(m, char *));
1047 1080
1048 1081 adr_char(&adr, &data_header, 1);
1049 1082
1050 1083 adr_int32(&adr, &zerocount, 1);
1051 1084
1052 1085 m->len = adr_count(&adr);
1053 1086
1054 1087 return (m);
1055 1088 }
1056 1089
1057 1090 token_t *
1058 1091 au_to_sock_inet(struct sockaddr_in *s_inet)
1059 1092 {
1060 1093 adr_t adr;
1061 1094 token_t *m;
1062 1095 char data_header = AUT_SOCKET;
1063 1096
1064 1097 m = au_getclr();
1065 1098
1066 1099 adr_start(&adr, memtod(m, char *));
1067 1100 adr_char(&adr, &data_header, 1);
1068 1101 adr_short(&adr, (short *)&s_inet->sin_family, 1);
1069 1102 adr_short(&adr, (short *)&s_inet->sin_port, 1);
1070 1103
1071 1104 /* remote addr */
1072 1105 adr_int32(&adr, (int32_t *)&s_inet->sin_addr.s_addr, 1);
1073 1106
1074 1107 m->len = (uchar_t)adr_count(&adr);
1075 1108
1076 1109 return (m);
1077 1110 }
1078 1111
1079 1112 extern int maxprivbytes;
1080 1113
1081 1114 token_t *
1082 1115 au_to_privset(
1083 1116 const char *set,
1084 1117 const priv_set_t *pset,
1085 1118 char data_header,
1086 1119 int success)
1087 1120 {
1088 1121 token_t *token, *m;
1089 1122 adr_t adr;
1090 1123 int priv;
1091 1124 const char *pname;
1092 1125 char sf = (char)success;
1093 1126 char *buf, *q;
1094 1127 short sz;
1095 1128 boolean_t full;
1096 1129
1097 1130 token = au_getclr();
1098 1131
1099 1132 adr_start(&adr, memtod(token, char *));
1100 1133 adr_char(&adr, &data_header, 1);
1101 1134 /*
1102 1135 * set is not used for AUT_UPRIV and sf (== success) is not
1103 1136 * used for AUT_PRIV
1104 1137 */
1105 1138 if (data_header == AUT_UPRIV) {
1106 1139 adr_char(&adr, &sf, 1);
1107 1140 } else {
1108 1141 sz = strlen(set) + 1;
1109 1142 adr_short(&adr, &sz, 1);
1110 1143
1111 1144 token->len = (uchar_t)adr_count(&adr);
1112 1145 m = au_getclr();
1113 1146
1114 1147 (void) au_append_buf(set, sz, m);
1115 1148 (void) au_append_rec(token, m, AU_PACK);
1116 1149 adr.adr_now += sz;
1117 1150 }
1118 1151
1119 1152 full = priv_isfullset(pset);
1120 1153
1121 1154 if (full) {
1122 1155 buf = "ALL";
1123 1156 sz = strlen(buf) + 1;
1124 1157 } else {
1125 1158 q = buf = kmem_alloc(maxprivbytes, KM_SLEEP);
1126 1159 *buf = '\0';
1127 1160
1128 1161 for (priv = 0; (pname = priv_getbynum(priv)) != NULL; priv++) {
1129 1162 if (priv_ismember(pset, priv)) {
1130 1163 if (q != buf)
1131 1164 *q++ = ',';
1132 1165 (void) strcpy(q, pname);
1133 1166 q += strlen(q);
1134 1167 }
1135 1168 }
1136 1169 sz = (q - buf) + 1;
1137 1170 }
1138 1171
1139 1172 adr_short(&adr, &sz, 1);
1140 1173 token->len = (uchar_t)adr_count(&adr);
1141 1174
1142 1175 m = au_getclr();
1143 1176 (void) au_append_buf(buf, sz, m);
1144 1177 (void) au_append_rec(token, m, AU_PACK);
1145 1178
1146 1179 if (!full)
1147 1180 kmem_free(buf, maxprivbytes);
1148 1181
1149 1182 return (token);
1150 1183 }
1151 1184
1152 1185 token_t *
1153 1186 au_to_secflags(const char *which, secflagset_t set)
1154 1187 {
1155 1188 token_t *token, *m;
1156 1189 adr_t adr;
1157 1190 char data_header = AUT_SECFLAGS;
1158 1191 short sz;
1159 1192 char secstr[1024];
1160 1193
1161 1194 token = au_getclr();
1162 1195
1163 1196 adr_start(&adr, memtod(token, char *));
1164 1197 adr_char(&adr, &data_header, 1);
1165 1198
1166 1199 sz = strlen(which) + 1;
1167 1200 adr_short(&adr, &sz, 1);
1168 1201
1169 1202 token->len = (uchar_t)adr_count(&adr);
1170 1203 m = au_getclr();
1171 1204 (void) au_append_buf(which, sz, m);
1172 1205 (void) au_append_rec(token, m, AU_PACK);
1173 1206 adr.adr_now += sz;
1174 1207
1175 1208 secflags_to_str(set, secstr, sizeof (secstr));
1176 1209 sz = strlen(secstr) + 1;
1177 1210 adr_short(&adr, &sz, 1);
1178 1211 token->len = (uchar_t)adr_count(&adr);
1179 1212 m = au_getclr();
1180 1213 (void) au_append_buf(secstr, sz, m);
1181 1214 (void) au_append_rec(token, m, AU_PACK);
1182 1215
1183 1216 return (token);
1184 1217 }
1185 1218
1186 1219 /*
1187 1220 * au_to_label
1188 1221 * returns:
1189 1222 * pointer to au_membuf chain containing a label token.
1190 1223 */
1191 1224 token_t *
1192 1225 au_to_label(bslabel_t *label)
1193 1226 {
1194 1227 token_t *m; /* local au_membuf */
1195 1228 adr_t adr; /* adr memory stream header */
1196 1229 char data_header = AUT_LABEL; /* header for this token */
|
↓ open down ↓ |
579 lines elided |
↑ open up ↑ |
1197 1230
1198 1231 m = au_getclr();
1199 1232
1200 1233 adr_start(&adr, memtod(m, char *));
1201 1234 adr_char(&adr, &data_header, 1);
1202 1235 adr_char(&adr, (char *)label, sizeof (_mac_label_impl_t));
1203 1236
1204 1237 m->len = adr_count(&adr);
1205 1238
1206 1239 return (m);
1240 +}
1241 +
1242 +token_t *
1243 +au_to_access_mask(uint32_t access)
1244 +{
1245 + token_t *m; /* local au_membuf */
1246 + adr_t adr; /* adr memory stream header */
1247 + char data_header = AUT_ACCESS_MASK; /* header for this token */
1248 +
1249 + m = au_getclr();
1250 +
1251 + adr_start(&adr, memtod(m, char *));
1252 + adr_char(&adr, &data_header, 1);
1253 +
1254 + adr_uint32(&adr, &access, 1);
1255 +
1256 + m->len = adr_count(&adr);
1257 + return (m);
1258 +}
1259 +
1260 +token_t *
1261 +au_to_wsid(ksid_t *ks)
1262 +{
1263 + token_t *token; /* local au_membuf */
1264 + adr_t adr; /* adr memory stream header */
1265 + char data_header = AUT_WSID; /* header for this token */
1266 + short bytes; /* length of string */
1267 + char sidbuf[256]; /* SMB_SID_STRSZ */
1268 +
1269 + sidbuf[0] = '\0';
1270 + (void) snprintf(sidbuf, sizeof (sidbuf), "%s-%u",
1271 + ksid_getdomain(ks), ksid_getrid(ks));
1272 +
1273 + token = au_getclr();
1274 +
1275 + bytes = (short)strlen(sidbuf) + 1;
1276 + adr_start(&adr, memtod(token, char *));
1277 + adr_char(&adr, &data_header, 1);
1278 + adr_short(&adr, &bytes, 1);
1279 +
1280 + token->len = (char)adr_count(&adr);
1281 + (void) au_append_buf(sidbuf, bytes, token);
1282 +
1283 + return (token);
1207 1284 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX