Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/bsd/kern/kern_bsm_token.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. 7 * 8 * This file contains Original Code and/or Modifications of Original Code 9 * as defined in and that are subject to the Apple Public Source License 10 * Version 2.0 (the 'License'). You may not use this file except in 11 * compliance with the License. Please obtain a copy of the License at 12 * http://www.opensource.apple.com/apsl/ and read it before using this 13 * file. 14 * 15 * The Original Code and all software distributed under the License are 16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 20 * Please see the License for the specific language governing rights and 21 * limitations under the License. 22 * 23 * @APPLE_LICENSE_HEADER_END@ 24 */ 25 #include <sys/types.h> 26 #include <sys/bsm_token.h> 27 #include <sys/audit.h> 28 #include <sys/un.h> 29 #include <kern/clock.h> 30 31 #define GET_TOKEN_AREA(tok, dptr, length) \ 32 do {\ 33 kmem_alloc(kernel_map, &tok, sizeof(*tok)); \ 34 if(tok != NULL)\ 35 {\ 36 tok->len = length;\ 37 kmem_alloc(kernel_map, &tok->t_data, \ 38 length * sizeof(u_char));\ 39 if((dptr = tok->t_data) == NULL)\ 40 {\ 41 kmem_free(kernel_map, tok, sizeof(*tok));\ 42 tok = NULL;\ 43 }\ 44 else\ 45 {\ 46 memset(dptr, 0, length);\ 47 }\ 48 }\ 49 }while(0) 50 51 52 53 /* 54 * token ID 1 byte 55 * argument # 1 byte 56 * argument value 4 bytes/8 bytes (32-bit/64-bit value) 57 * text length 2 bytes 58 * text N bytes + 1 terminating NULL byte 59 */ 60 token_t *au_to_arg32(char n, char *text, u_int32_t v) 61 { 62 token_t *t; 63 u_char *dptr; 64 u_int16_t textlen; 65 66 if(text == NULL) { 67 return NULL; 68 } 69 70 /* Make sure that text is null terminated */ 71 textlen = strlen(text); 72 if(text[textlen] != '\0') { 73 return NULL; 74 } 75 76 GET_TOKEN_AREA(t, dptr, 9 + textlen); 77 if(t == NULL) { 78 return NULL; 79 } 80 81 textlen += 1; 82 83 ADD_U_CHAR(dptr, AU_ARG32_TOKEN); 84 ADD_U_CHAR(dptr, n); 85 ADD_U_INT32(dptr, v); 86 ADD_U_INT16(dptr, textlen); 87 ADD_STRING(dptr, text, textlen); 88 89 return t; 90 91 } 92 93 token_t *au_to_arg64(char n, char *text, u_int64_t v) 94 { 95 token_t *t; 96 u_char *dptr; 97 u_int16_t textlen; 98 99 if(text == NULL) { 100 return NULL; 101 } 102 103 /* Make sure that text is null terminated */ 104 textlen = strlen(text); 105 if(text[textlen] != '\0') { 106 return NULL; 107 } 108 109 GET_TOKEN_AREA(t, dptr, 13 + textlen); 110 if(t == NULL) { 111 return NULL; 112 } 113 114 textlen += 1; 115 116 ADD_U_CHAR(dptr, AU_ARG64_TOKEN); 117 ADD_U_CHAR(dptr, n); 118 ADD_U_INT64(dptr, v); 119 ADD_U_INT16(dptr, textlen); 120 ADD_STRING(dptr, text, textlen); 121 122 return t; 123 124 } 125 126 token_t *au_to_arg(char n, char *text, u_int32_t v) 127 { 128 return au_to_arg32(n, text, v); 129 } 130 131 /* 132 * token ID 1 byte 133 * file access mode 4 bytes 134 * owner user ID 4 bytes 135 * owner group ID 4 bytes 136 * file system ID 4 bytes 137 * node ID 8 bytes 138 * device 4 bytes/8 bytes (32-bit/64-bit) 139 */ 140 token_t *au_to_attr32(struct vattr *attr) 141 { 142 token_t *t; 143 u_char *dptr; 144 145 if(attr == NULL) { 146 return NULL; 147 } 148 149 150 GET_TOKEN_AREA(t, dptr, 29); 151 if(t == NULL) { 152 return NULL; 153 } 154 155 ADD_U_CHAR(dptr, AU_ATTR32_TOKEN); 156 ADD_U_INT32(dptr, attr->va_mode); 157 ADD_U_INT32(dptr, attr->va_uid); 158 ADD_U_INT32(dptr, attr->va_gid); 159 ADD_U_INT32(dptr, attr->va_fsid); 160 ADD_U_INT64(dptr, attr->va_fileid); 161 ADD_U_INT32(dptr, attr->va_rdev); 162 163 return t; 164 } 165 166 token_t *au_to_attr64(struct vattr *attr) 167 { 168 token_t *t; 169 u_char *dptr; 170 171 if(attr == NULL) { 172 return NULL; 173 } 174 175 176 GET_TOKEN_AREA(t, dptr, 33); 177 if(t == NULL) { 178 return NULL; 179 } 180 181 ADD_U_CHAR(dptr, AU_ATTR64_TOKEN); 182 ADD_U_INT32(dptr, attr->va_mode); 183 ADD_U_INT32(dptr, attr->va_uid); 184 ADD_U_INT32(dptr, attr->va_gid); 185 ADD_U_INT32(dptr, attr->va_fsid); 186 ADD_U_INT64(dptr, attr->va_fileid); 187 ADD_U_INT64(dptr, attr->va_rdev); 188 189 return t; 190 } 191 192 token_t *au_to_attr(struct vattr *attr) 193 { 194 return au_to_attr32(attr); 195 196 } 197 198 199 /* 200 * token ID 1 byte 201 * how to print 1 byte 202 * basic unit 1 byte 203 * unit count 1 byte 204 * data items (depends on basic unit) 205 */ 206 token_t *au_to_data(char unit_print, char unit_type, 207 char unit_count, char *p) 208 { 209 token_t *t; 210 u_char *dptr; 211 size_t datasize, totdata; 212 213 if(p == NULL) { 214 return NULL; 215 } 216 217 /* Determine the size of the basic unit */ 218 switch(unit_type) { 219 case AUR_BYTE: datasize = AUR_BYTE_SIZE; 220 break; 221 222 case AUR_SHORT: datasize = AUR_SHORT_SIZE; 223 break; 224 225 case AUR_LONG: datasize = AUR_LONG_SIZE; 226 break; 227 228 default: return NULL; 229 } 230 231 totdata = datasize * unit_count; 232 233 GET_TOKEN_AREA(t, dptr, totdata + 4); 234 if(t == NULL) { 235 return NULL; 236 } 237 238 ADD_U_CHAR(dptr, AU_ARB_TOKEN); 239 ADD_U_CHAR(dptr, unit_print); 240 ADD_U_CHAR(dptr, unit_type); 241 ADD_U_CHAR(dptr, unit_count); 242 ADD_MEM(dptr, p, totdata); 243 244 return t; 245 } 246 247 248 /* 249 * token ID 1 byte 250 * status 4 bytes 251 * return value 4 bytes 252 */ 253 token_t *au_to_exit(int retval, int err) 254 { 255 token_t *t; 256 u_char *dptr; 257 258 GET_TOKEN_AREA(t, dptr, 9); 259 if(t == NULL) { 260 return NULL; 261 } 262 263 ADD_U_CHAR(dptr, AU_EXIT_TOKEN); 264 ADD_U_INT32(dptr, err); 265 ADD_U_INT32(dptr, retval); 266 267 return t; 268 } 269 270 /* 271 */ 272 token_t *au_to_groups(int *groups) 273 { 274 return au_to_newgroups(MAX_GROUPS, groups); 275 } 276 277 /* 278 * token ID 1 byte 279 * number groups 2 bytes 280 * group list count * 4 bytes 281 */ 282 token_t *au_to_newgroups(u_int16_t n, gid_t *groups) 283 { 284 token_t *t; 285 u_char *dptr; 286 int i; 287 288 if(groups == NULL) { 289 return NULL; 290 } 291 292 GET_TOKEN_AREA(t, dptr, n * 4 + 3); 293 if(t == NULL) { 294 return NULL; 295 } 296 297 ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN); 298 ADD_U_INT16(dptr, n); 299 for(i = 0; i < n; i++) { 300 ADD_U_INT32(dptr, groups[i]); 301 } 302 303 return t; 304 } 305 306 307 308 309 /* 310 * token ID 1 byte 311 * internet address 4 bytes 312 */ 313 token_t *au_to_in_addr(struct in_addr *internet_addr) 314 { 315 token_t *t; 316 u_char *dptr; 317 318 if(internet_addr == NULL) { 319 return NULL; 320 } 321 322 GET_TOKEN_AREA(t, dptr, 5); 323 if(t == NULL) { 324 return NULL; 325 } 326 327 ADD_U_CHAR(dptr, AU_IN_ADDR_TOKEN); 328 ADD_U_INT32(dptr, internet_addr->s_addr); 329 330 return t; 331 } 332 333 /* 334 * token ID 1 byte 335 * address type/length 4 bytes 336 * Address 16 bytes 337 */ 338 token_t *au_to_in_addr_ex(struct in6_addr *internet_addr) 339 { 340 token_t *t; 341 u_char *dptr; 342 343 if(internet_addr == NULL) { 344 return NULL; 345 } 346 347 GET_TOKEN_AREA(t, dptr, 21); 348 if(t == NULL) { 349 return NULL; 350 } 351 352 ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN); 353 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]); 354 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]); 355 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]); 356 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]); 357 358 return t; 359 } 360 361 /* 362 * token ID 1 byte 363 * ip header 20 bytes 364 */ 365 token_t *au_to_ip(struct ip *ip) 366 { 367 token_t *t; 368 u_char *dptr; 369 370 if(ip == NULL) { 371 return NULL; 372 } 373 374 GET_TOKEN_AREA(t, dptr, 21); 375 if(t == NULL) { 376 return NULL; 377 } 378 379 ADD_U_CHAR(dptr, AU_IP_TOKEN); 380 ADD_MEM(dptr, ip, sizeof(struct ip)); 381 382 return t; 383 } 384 385 /* 386 * token ID 1 byte 387 * object ID type 1 byte 388 * object ID 4 bytes 389 */ 390 token_t *au_to_ipc(char type, int id) 391 { 392 token_t *t; 393 u_char *dptr; 394 395 396 GET_TOKEN_AREA(t, dptr, 6); 397 if(t == NULL) { 398 return NULL; 399 } 400 401 ADD_U_CHAR(dptr, AU_IPC_TOKEN); 402 ADD_U_CHAR(dptr, type); 403 ADD_U_INT32(dptr, id); 404 405 return t; 406 } 407 408 /* 409 * token ID 1 byte 410 * owner user ID 4 bytes 411 * owner group ID 4 bytes 412 * creator user ID 4 bytes 413 * creator group ID 4 bytes 414 * access mode 4 bytes 415 * slot sequence # 4 bytes 416 * key 4 bytes 417 */ 418 token_t *au_to_ipc_perm(struct ipc_perm *perm) 419 { 420 token_t *t; 421 u_char *dptr; 422 423 if(perm == NULL) { 424 return NULL; 425 } 426 427 GET_TOKEN_AREA(t, dptr, 29); 428 if(t == NULL) { 429 return NULL; 430 } 431 432 ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN); 433 ADD_U_INT32(dptr, perm->uid); 434 ADD_U_INT32(dptr, perm->gid); 435 ADD_U_INT32(dptr, perm->cuid); 436 ADD_U_INT32(dptr, perm->cgid); 437 ADD_U_INT32(dptr, perm->mode); 438 ADD_U_INT32(dptr, perm->seq); 439 ADD_U_INT32(dptr, perm->key); 440 441 return t; 442 } 443 444 445 /* 446 * token ID 1 byte 447 * port IP address 2 bytes 448 */ 449 token_t *au_to_iport(u_int16_t iport) 450 { 451 token_t *t; 452 u_char *dptr; 453 454 455 GET_TOKEN_AREA(t, dptr, 3); 456 if(t == NULL) { 457 return NULL; 458 } 459 460 ADD_U_CHAR(dptr, AU_IPORT_TOKEN); 461 ADD_U_INT16(dptr, iport); 462 463 return t; 464 } 465 466 467 /* 468 * token ID 1 byte 469 * size 2 bytes 470 * data size bytes 471 */ 472 token_t *au_to_opaque(char *data, u_int16_t bytes) 473 { 474 token_t *t; 475 u_char *dptr; 476 477 if((data == NULL) || (bytes <= 0)) { 478 return NULL; 479 } 480 481 GET_TOKEN_AREA(t, dptr, bytes + 3); 482 if(t == NULL) { 483 return NULL; 484 } 485 486 ADD_U_CHAR(dptr, AU_OPAQUE_TOKEN); 487 ADD_U_INT16(dptr, bytes); 488 ADD_MEM(dptr, data, bytes); 489 490 return t; 491 } 492 493 #ifdef KERNEL 494 /* 495 * Kernel version of the add file token function, where the time value 496 * is passed in as an additional parameter. 497 * token ID 1 byte 498 * seconds of time 4 bytes 499 * milliseconds of time 4 bytes 500 * file name len 2 bytes 501 * file pathname N bytes + 1 terminating NULL byte 502 */ 503 token_t *kau_to_file(char *file, struct timeval *tv) 504 { 505 token_t *t; 506 u_char *dptr; 507 u_int16_t filelen; 508 u_int32_t timems = tv->tv_usec/1000; /* We need time in ms */ 509 510 if(file == NULL) { 511 return NULL; 512 } 513 /* Make sure that text is null terminated */ 514 filelen = strlen(file); 515 if(file[filelen] != '\0') { 516 return NULL; 517 } 518 519 GET_TOKEN_AREA(t, dptr, filelen + 12); 520 if(t == NULL) { 521 return NULL; 522 } 523 524 filelen += 1; 525 526 ADD_U_CHAR(dptr, AU_FILE_TOKEN); 527 528 /* Add the timestamp */ 529 ADD_U_INT32(dptr, tv->tv_sec); 530 ADD_U_INT32(dptr, timems); 531 532 ADD_U_INT16(dptr, filelen); 533 ADD_STRING(dptr, file, filelen); 534 535 return t; 536 537 } 538 #endif 539 540 /* 541 * token ID 1 byte 542 * text length 2 bytes 543 * text N bytes + 1 terminating NULL byte 544 */ 545 token_t *au_to_text(char *text) 546 { 547 token_t *t; 548 u_char *dptr; 549 u_int16_t textlen; 550 551 if(text == NULL) { 552 return NULL; 553 } 554 /* Make sure that text is null terminated */ 555 textlen = strlen(text); 556 if(text[textlen] != '\0') { 557 return NULL; 558 } 559 560 GET_TOKEN_AREA(t, dptr, textlen + 4); 561 if(t == NULL) { 562 return NULL; 563 } 564 565 textlen += 1; 566 567 ADD_U_CHAR(dptr, AU_TEXT_TOKEN); 568 ADD_U_INT16(dptr, textlen); 569 ADD_STRING(dptr, text, textlen); 570 571 return t; 572 } 573 574 /* 575 * token ID 1 byte 576 * path length 2 bytes 577 * path N bytes + 1 terminating NULL byte 578 */ 579 token_t *au_to_path(char *text) 580 { 581 token_t *t; 582 u_char *dptr; 583 u_int16_t textlen; 584 585 if(text == NULL) { 586 return NULL; 587 } 588 /* Make sure that text is null terminated */ 589 textlen = strlen(text); 590 if(text[textlen] != '\0') { 591 return NULL; 592 } 593 594 GET_TOKEN_AREA(t, dptr, textlen + 4); 595 if(t == NULL) { 596 return NULL; 597 } 598 599 textlen += 1; 600 601 ADD_U_CHAR(dptr, AU_PATH_TOKEN); 602 ADD_U_INT16(dptr, textlen); 603 ADD_STRING(dptr, text, textlen); 604 605 return t; 606 } 607 608 /* 609 * token ID 1 byte 610 * audit ID 4 bytes 611 * effective user ID 4 bytes 612 * effective group ID 4 bytes 613 * real user ID 4 bytes 614 * real group ID 4 bytes 615 * process ID 4 bytes 616 * session ID 4 bytes 617 * terminal ID 618 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 619 * machine address 4 bytes 620 */ 621 token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, 622 uid_t ruid, gid_t rgid, pid_t pid, 623 au_asid_t sid, au_tid_t *tid) 624 { 625 token_t *t; 626 u_char *dptr; 627 628 if(tid == NULL) { 629 return NULL; 630 } 631 632 GET_TOKEN_AREA(t, dptr, 37); 633 if(t == NULL) { 634 return NULL; 635 } 636 637 ADD_U_CHAR(dptr, AU_PROCESS_32_TOKEN); 638 ADD_U_INT32(dptr, auid); 639 ADD_U_INT32(dptr, euid); 640 ADD_U_INT32(dptr, egid); 641 ADD_U_INT32(dptr, ruid); 642 ADD_U_INT32(dptr, rgid); 643 ADD_U_INT32(dptr, pid); 644 ADD_U_INT32(dptr, sid); 645 ADD_U_INT32(dptr, tid->port); 646 ADD_U_INT32(dptr, tid->machine); 647 648 return t; 649 } 650 651 token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, 652 uid_t ruid, gid_t rgid, pid_t pid, 653 au_asid_t sid, au_tid_t *tid) 654 { 655 token_t *t; 656 u_char *dptr; 657 658 if(tid == NULL) { 659 return NULL; 660 } 661 662 GET_TOKEN_AREA(t, dptr, 41); 663 if(t == NULL) { 664 return NULL; 665 } 666 667 ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN); 668 ADD_U_INT32(dptr, auid); 669 ADD_U_INT32(dptr, euid); 670 ADD_U_INT32(dptr, egid); 671 ADD_U_INT32(dptr, ruid); 672 ADD_U_INT32(dptr, rgid); 673 ADD_U_INT32(dptr, pid); 674 ADD_U_INT32(dptr, sid); 675 ADD_U_INT64(dptr, tid->port); 676 ADD_U_INT32(dptr, tid->machine); 677 678 return t; 679 } 680 681 token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, 682 uid_t ruid, gid_t rgid, pid_t pid, 683 au_asid_t sid, au_tid_t *tid) 684 { 685 return au_to_process32(auid, euid, egid, ruid, rgid, pid, 686 sid, tid); 687 } 688 689 690 /* 691 * token ID 1 byte 692 * audit ID 4 bytes 693 * effective user ID 4 bytes 694 * effective group ID 4 bytes 695 * real user ID 4 bytes 696 * real group ID 4 bytes 697 * process ID 4 bytes 698 * session ID 4 bytes 699 * terminal ID 700 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 701 * address type-len 4 bytes 702 * machine address 16 bytes 703 */ 704 token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, 705 uid_t ruid, gid_t rgid, pid_t pid, 706 au_asid_t sid, au_tid_addr_t *tid) 707 { 708 token_t *t; 709 u_char *dptr; 710 711 if(tid == NULL) { 712 return NULL; 713 } 714 715 GET_TOKEN_AREA(t, dptr, 53); 716 if(t == NULL) { 717 return NULL; 718 } 719 720 ADD_U_CHAR(dptr, AU_PROCESS_32_EX_TOKEN); 721 ADD_U_INT32(dptr, auid); 722 ADD_U_INT32(dptr, euid); 723 ADD_U_INT32(dptr, egid); 724 ADD_U_INT32(dptr, ruid); 725 ADD_U_INT32(dptr, rgid); 726 ADD_U_INT32(dptr, pid); 727 ADD_U_INT32(dptr, sid); 728 ADD_U_INT32(dptr, tid->at_port); 729 ADD_U_INT32(dptr, tid->at_type); 730 ADD_U_INT32(dptr, tid->at_addr[0]); 731 ADD_U_INT32(dptr, tid->at_addr[1]); 732 ADD_U_INT32(dptr, tid->at_addr[2]); 733 ADD_U_INT32(dptr, tid->at_addr[3]); 734 735 return t; 736 } 737 738 token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, 739 uid_t ruid, gid_t rgid, pid_t pid, 740 au_asid_t sid, au_tid_addr_t *tid) 741 { 742 token_t *t; 743 u_char *dptr; 744 745 if(tid == NULL) { 746 return NULL; 747 } 748 749 GET_TOKEN_AREA(t, dptr, 57); 750 if(t == NULL) { 751 return NULL; 752 } 753 754 ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN); 755 ADD_U_INT32(dptr, auid); 756 ADD_U_INT32(dptr, euid); 757 ADD_U_INT32(dptr, egid); 758 ADD_U_INT32(dptr, ruid); 759 ADD_U_INT32(dptr, rgid); 760 ADD_U_INT32(dptr, pid); 761 ADD_U_INT32(dptr, sid); 762 ADD_U_INT64(dptr, tid->at_port); 763 ADD_U_INT32(dptr, tid->at_type); 764 ADD_U_INT32(dptr, tid->at_addr[0]); 765 ADD_U_INT32(dptr, tid->at_addr[1]); 766 ADD_U_INT32(dptr, tid->at_addr[2]); 767 ADD_U_INT32(dptr, tid->at_addr[3]); 768 769 return t; 770 } 771 772 token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, 773 uid_t ruid, gid_t rgid, pid_t pid, 774 au_asid_t sid, au_tid_addr_t *tid) 775 { 776 return au_to_process32_ex(auid, euid, egid, ruid, rgid, 777 pid, sid, tid); 778 } 779 780 /* 781 * token ID 1 byte 782 * error status 1 byte 783 * return value 4 bytes/8 bytes (32-bit/64-bit value) 784 */ 785 token_t *au_to_return32(char status, u_int32_t ret) 786 { 787 token_t *t; 788 u_char *dptr; 789 790 791 GET_TOKEN_AREA(t, dptr, 6); 792 if(t == NULL) { 793 return NULL; 794 } 795 796 ADD_U_CHAR(dptr, AU_RETURN_32_TOKEN); 797 ADD_U_CHAR(dptr, status); 798 ADD_U_INT32(dptr, ret); 799 800 return t; 801 } 802 803 token_t *au_to_return64(char status, u_int64_t ret) 804 { 805 token_t *t; 806 u_char *dptr; 807 808 809 GET_TOKEN_AREA(t, dptr, 10); 810 if(t == NULL) { 811 return NULL; 812 } 813 814 ADD_U_CHAR(dptr, AU_RETURN_64_TOKEN); 815 ADD_U_CHAR(dptr, status); 816 ADD_U_INT64(dptr, ret); 817 818 return t; 819 } 820 821 token_t *au_to_return(char status, u_int32_t ret) 822 { 823 return au_to_return32(status, ret); 824 } 825 826 /* 827 * token ID 1 byte 828 * sequence number 4 bytes 829 */ 830 token_t *au_to_seq(long audit_count) 831 { 832 token_t *t; 833 u_char *dptr; 834 835 836 GET_TOKEN_AREA(t, dptr, 5); 837 if(t == NULL) { 838 return NULL; 839 } 840 841 ADD_U_CHAR(dptr, AU_SEQ_TOKEN); 842 ADD_U_INT32(dptr, audit_count); 843 844 return t; 845 } 846 847 /* 848 * token ID 1 byte 849 * socket type 2 bytes 850 * remote port 2 bytes 851 * remote Internet address 4 bytes 852 */ 853 token_t *au_to_socket(struct socket *so) 854 { 855 return au_to_socket_ex_32(so); 856 } 857 858 /* 859 * token ID 1 byte 860 * socket type 2 bytes 861 * local port 2 bytes 862 * address type/length 4 bytes 863 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address) 864 * remote port 4 bytes 865 * address type/length 4 bytes 866 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) 867 */ 868 token_t *au_to_socket_ex_32(struct socket *so) 869 { 870 return NULL; 871 } 872 token_t *au_to_socket_ex_128(struct socket *so) 873 { 874 return NULL; 875 } 876 877 /* 878 * token ID 1 byte 879 * socket family 2 bytes 880 * local port 2 bytes 881 * socket address 4 bytes 882 */ 883 token_t *au_to_sock_inet32(struct sockaddr_in *so) 884 { 885 token_t *t; 886 u_char *dptr; 887 888 if(so == NULL) { 889 return NULL; 890 } 891 892 GET_TOKEN_AREA(t, dptr, 9); 893 if(t == NULL) { 894 return NULL; 895 } 896 897 ADD_U_CHAR(dptr, AU_SOCK_INET_32_TOKEN); 898 /* In Darwin, sin_family is one octet, but BSM defines the token 899 * to store two. So we copy in a 0 first. 900 */ 901 ADD_U_CHAR(dptr, 0); 902 ADD_U_CHAR(dptr, so->sin_family); 903 ADD_U_INT16(dptr, so->sin_port); 904 ADD_U_INT32(dptr, so->sin_addr.s_addr); 905 906 return t; 907 908 } 909 910 token_t *au_to_sock_inet128(struct sockaddr_in6 *so) 911 { 912 token_t *t; 913 u_char *dptr; 914 915 if(so == NULL) { 916 return NULL; 917 } 918 919 GET_TOKEN_AREA(t, dptr, 21); 920 if(t == NULL) { 921 return NULL; 922 } 923 924 ADD_U_CHAR(dptr, AU_SOCK_INET_128_TOKEN); 925 /* In Darwin, sin_family is one octet, but BSM defines the token 926 * to store two. So we copy in a 0 first. 927 */ 928 ADD_U_CHAR(dptr, 0); 929 ADD_U_CHAR(dptr, so->sin6_family); 930 ADD_U_INT16(dptr, so->sin6_port); 931 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]); 932 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]); 933 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]); 934 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]); 935 936 return t; 937 938 939 940 } 941 942 /* 943 * token ID 1 byte 944 * socket family 2 bytes 945 * path 104 bytes 946 */ 947 token_t *au_to_sock_unix(struct sockaddr_un *so) 948 { 949 token_t *t; 950 u_char *dptr; 951 952 if(so == NULL) { 953 return NULL; 954 } 955 956 GET_TOKEN_AREA(t, dptr, 107); 957 if(t == NULL) { 958 return NULL; 959 } 960 961 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN); 962 /* BSM token has two bytes for family */ 963 ADD_U_CHAR(dptr, 0); 964 ADD_U_CHAR(dptr, so->sun_family); 965 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path)); 966 967 return t; 968 969 } 970 971 token_t *au_to_sock_inet(struct sockaddr_in *so) 972 { 973 return au_to_sock_inet32(so); 974 } 975 976 /* 977 * token ID 1 byte 978 * audit ID 4 bytes 979 * effective user ID 4 bytes 980 * effective group ID 4 bytes 981 * real user ID 4 bytes 982 * real group ID 4 bytes 983 * process ID 4 bytes 984 * session ID 4 bytes 985 * terminal ID 986 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 987 * machine address 4 bytes 988 */ 989 token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, 990 uid_t ruid, gid_t rgid, pid_t pid, 991 au_asid_t sid, au_tid_t *tid) 992 { 993 token_t *t; 994 u_char *dptr; 995 996 if(tid == NULL) { 997 return NULL; 998 } 999 1000 GET_TOKEN_AREA(t, dptr, 37); 1001 if(t == NULL) { 1002 return NULL; 1003 } 1004 1005 ADD_U_CHAR(dptr, AU_SUBJECT_32_TOKEN); 1006 ADD_U_INT32(dptr, auid); 1007 ADD_U_INT32(dptr, euid); 1008 ADD_U_INT32(dptr, egid); 1009 ADD_U_INT32(dptr, ruid); 1010 ADD_U_INT32(dptr, rgid); 1011 ADD_U_INT32(dptr, pid); 1012 ADD_U_INT32(dptr, sid); 1013 ADD_U_INT32(dptr, tid->port); 1014 ADD_U_INT32(dptr, tid->machine); 1015 1016 return t; 1017 } 1018 1019 token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, 1020 uid_t ruid, gid_t rgid, pid_t pid, 1021 au_asid_t sid, au_tid_t *tid) 1022 { 1023 token_t *t; 1024 u_char *dptr; 1025 1026 if(tid == NULL) { 1027 return NULL; 1028 } 1029 1030 GET_TOKEN_AREA(t, dptr, 41); 1031 if(t == NULL) { 1032 return NULL; 1033 } 1034 1035 ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN); 1036 ADD_U_INT32(dptr, auid); 1037 ADD_U_INT32(dptr, euid); 1038 ADD_U_INT32(dptr, egid); 1039 ADD_U_INT32(dptr, ruid); 1040 ADD_U_INT32(dptr, rgid); 1041 ADD_U_INT32(dptr, pid); 1042 ADD_U_INT32(dptr, sid); 1043 ADD_U_INT64(dptr, tid->port); 1044 ADD_U_INT32(dptr, tid->machine); 1045 1046 return t; 1047 } 1048 1049 token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, 1050 uid_t ruid, gid_t rgid, pid_t pid, 1051 au_asid_t sid, au_tid_t *tid) 1052 { 1053 return au_to_subject32(auid, euid, egid, ruid, rgid, 1054 pid, sid, tid); 1055 1056 } 1057 1058 /* 1059 * token ID 1 byte 1060 * audit ID 4 bytes 1061 * effective user ID 4 bytes 1062 * effective group ID 4 bytes 1063 * real user ID 4 bytes 1064 * real group ID 4 bytes 1065 * process ID 4 bytes 1066 * session ID 4 bytes 1067 * terminal ID 1068 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 1069 * address type/length 4 bytes 1070 * machine address 16 bytes 1071 */ 1072 token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, 1073 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, 1074 au_asid_t sid, au_tid_addr_t *tid) 1075 { 1076 token_t *t; 1077 u_char *dptr; 1078 1079 if(tid == NULL) { 1080 return NULL; 1081 } 1082 1083 GET_TOKEN_AREA(t, dptr, 53); 1084 if(t == NULL) { 1085 return NULL; 1086 } 1087 1088 ADD_U_CHAR(dptr, AU_SUBJECT_32_EX_TOKEN); 1089 ADD_U_INT32(dptr, auid); 1090 ADD_U_INT32(dptr, euid); 1091 ADD_U_INT32(dptr, egid); 1092 ADD_U_INT32(dptr, ruid); 1093 ADD_U_INT32(dptr, rgid); 1094 ADD_U_INT32(dptr, pid); 1095 ADD_U_INT32(dptr, sid); 1096 ADD_U_INT32(dptr, tid->at_port); 1097 ADD_U_INT32(dptr, tid->at_type); 1098 ADD_U_INT32(dptr, tid->at_addr[0]); 1099 ADD_U_INT32(dptr, tid->at_addr[1]); 1100 ADD_U_INT32(dptr, tid->at_addr[2]); 1101 ADD_U_INT32(dptr, tid->at_addr[3]); 1102 1103 return t; 1104 } 1105 1106 token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, 1107 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, 1108 au_asid_t sid, au_tid_addr_t *tid) 1109 { 1110 token_t *t; 1111 u_char *dptr; 1112 1113 if(tid == NULL) { 1114 return NULL; 1115 } 1116 1117 GET_TOKEN_AREA(t, dptr, 57); 1118 if(t == NULL) { 1119 return NULL; 1120 } 1121 1122 ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN); 1123 ADD_U_INT32(dptr, auid); 1124 ADD_U_INT32(dptr, euid); 1125 ADD_U_INT32(dptr, egid); 1126 ADD_U_INT32(dptr, ruid); 1127 ADD_U_INT32(dptr, rgid); 1128 ADD_U_INT32(dptr, pid); 1129 ADD_U_INT32(dptr, sid); 1130 ADD_U_INT64(dptr, tid->at_port); 1131 ADD_U_INT32(dptr, tid->at_type); 1132 ADD_U_INT32(dptr, tid->at_addr[0]); 1133 ADD_U_INT32(dptr, tid->at_addr[1]); 1134 ADD_U_INT32(dptr, tid->at_addr[2]); 1135 ADD_U_INT32(dptr, tid->at_addr[3]); 1136 1137 return t; 1138 } 1139 1140 token_t *au_to_subject_ex(au_id_t auid, uid_t euid, 1141 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, 1142 au_asid_t sid, au_tid_addr_t *tid) 1143 { 1144 return au_to_subject32_ex(auid, euid, egid, ruid, rgid, 1145 pid, sid, tid); 1146 1147 } 1148 1149 /* 1150 * token ID 1 byte 1151 * count 4 bytes 1152 * text count null-terminated strings 1153 */ 1154 token_t *au_to_exec_args(const char **args) 1155 { 1156 token_t *t; 1157 u_char *dptr; 1158 const char *nextarg; 1159 int i, count = 0; 1160 size_t totlen = 0; 1161 1162 if(args == NULL) { 1163 return NULL; 1164 } 1165 1166 nextarg = *args; 1167 1168 while(nextarg != NULL) { 1169 int nextlen; 1170 1171 nextlen = strlen(nextarg); 1172 if(nextarg[nextlen] != '\0') { 1173 return NULL; 1174 } 1175 1176 totlen += nextlen + 1; 1177 count++; 1178 nextarg = *(args + count); 1179 } 1180 1181 1182 GET_TOKEN_AREA(t, dptr, 5 + totlen); 1183 if(t == NULL) { 1184 return NULL; 1185 } 1186 1187 ADD_U_CHAR(dptr, AU_EXEC_ARG_TOKEN); 1188 ADD_U_INT32(dptr, count); 1189 1190 for(i =0; i< count; i++) { 1191 nextarg = *(args + i); 1192 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 1193 } 1194 1195 return t; 1196 } 1197 1198 1199 /* 1200 * token ID 1 byte 1201 * count 4 bytes 1202 * text count null-terminated strings 1203 */ 1204 token_t *au_to_exec_env(const char **env) 1205 { 1206 token_t *t; 1207 u_char *dptr; 1208 int i, count = 0; 1209 size_t totlen = 0; 1210 const char *nextenv; 1211 1212 if(env == NULL) { 1213 return NULL; 1214 } 1215 1216 nextenv = *env; 1217 1218 while(nextenv != NULL) { 1219 int nextlen; 1220 1221 nextlen = strlen(nextenv); 1222 if(nextenv[nextlen] != '\0') { 1223 return NULL; 1224 } 1225 1226 totlen += nextlen + 1; 1227 count++; 1228 nextenv = *(env + count); 1229 } 1230 1231 1232 GET_TOKEN_AREA(t, dptr, 5 + totlen); 1233 if(t == NULL) { 1234 return NULL; 1235 } 1236 1237 ADD_U_CHAR(dptr, AU_EXEC_ENV_TOKEN); 1238 ADD_U_INT32(dptr, count); 1239 1240 for(i =0; i< count; i++) { 1241 nextenv = *(env + i); 1242 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 1243 } 1244 1245 return t; 1246 } 1247 1248 1249 #ifdef KERNEL 1250 /* 1251 * Kernel version of the BSM header token functions. These versions take 1252 * a timespec struct as an additional parameter in order to obtain the 1253 * create time value for the BSM audit record. 1254 * token ID 1 byte 1255 * record byte count 4 bytes 1256 * version # 1 byte [2] 1257 * event type 2 bytes 1258 * event modifier 2 bytes 1259 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1260 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1261 */ 1262 token_t *kau_to_header32(struct timespec *ctime, int rec_size, 1263 au_event_t e_type, au_emod_t e_mod) 1264 { 1265 token_t *t; 1266 u_char *dptr; 1267 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */ 1268 1269 GET_TOKEN_AREA(t, dptr, 18); 1270 if(t == NULL) { 1271 return NULL; 1272 } 1273 1274 ADD_U_CHAR(dptr, AU_HEADER_32_TOKEN); 1275 ADD_U_INT32(dptr, rec_size); 1276 ADD_U_CHAR(dptr, HEADER_VERSION); 1277 ADD_U_INT16(dptr, e_type); 1278 ADD_U_INT16(dptr, e_mod); 1279 1280 /* Add the timestamp */ 1281 ADD_U_INT32(dptr, ctime->tv_sec); 1282 ADD_U_INT32(dptr, timems); 1283 1284 return t; 1285 } 1286 1287 token_t *kau_to_header64(struct timespec *ctime, int rec_size, 1288 au_event_t e_type, au_emod_t e_mod) 1289 { 1290 token_t *t; 1291 u_char *dptr; 1292 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */ 1293 1294 GET_TOKEN_AREA(t, dptr, 26); 1295 if(t == NULL) { 1296 return NULL; 1297 } 1298 1299 ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN); 1300 ADD_U_INT32(dptr, rec_size); 1301 ADD_U_CHAR(dptr, HEADER_VERSION); 1302 ADD_U_INT16(dptr, e_type); 1303 ADD_U_INT16(dptr, e_mod); 1304 1305 /* Add the timestamp */ 1306 ADD_U_INT32(dptr, ctime->tv_sec); 1307 ADD_U_INT32(dptr, timems); 1308 1309 return t; 1310 } 1311 1312 token_t *kau_to_header(struct timespec *ctime, int rec_size, 1313 au_event_t e_type, au_emod_t e_mod) 1314 { 1315 return kau_to_header32(ctime, rec_size, e_type, e_mod); 1316 } 1317 1318 #endif 1319 1320 /* 1321 * token ID 1 byte 1322 * trailer magic number 2 bytes 1323 * record byte count 4 bytes 1324 */ 1325 token_t *au_to_trailer(int rec_size) 1326 { 1327 token_t *t; 1328 u_char *dptr; 1329 u_int16_t magic = TRAILER_PAD_MAGIC; 1330 1331 1332 GET_TOKEN_AREA(t, dptr, 7); 1333 if(t == NULL) { 1334 return NULL; 1335 } 1336 1337 ADD_U_CHAR(dptr, AU_TRAILER_TOKEN); 1338 ADD_U_INT16(dptr, magic); 1339 ADD_U_INT32(dptr, rec_size); 1340 1341 return t; 1342 1343 } 1344
Cache object: 60180c8f04f7d6dddaeb9e369f44a6e9
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]