Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/audit/audit_bsm_token.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * Copyright (c) 2005 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This code was developed in part by Robert N. M. Watson, Senior Principal 7 * Scientist, SPARTA, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 18 * its contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 25 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 * 33 * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#23 $ 34 * $FreeBSD: releng/6.2/sys/security/audit/audit_bsm_token.c 164286 2006-11-14 20:42:41Z cvs2svn $ 35 */ 36 37 #include <sys/types.h> 38 #include <sys/endian.h> 39 #include <sys/queue.h> 40 #include <sys/socket.h> 41 #include <sys/time.h> 42 43 #include <sys/ipc.h> 44 #include <sys/libkern.h> 45 #include <sys/malloc.h> 46 #include <sys/un.h> 47 48 #include <netinet/in.h> 49 #include <netinet/in_systm.h> 50 #include <netinet/ip.h> 51 52 #include <sys/socketvar.h> 53 54 #include <bsm/audit.h> 55 #include <bsm/audit_internal.h> 56 #include <bsm/audit_record.h> 57 #include <security/audit/audit.h> 58 #include <security/audit/audit_private.h> 59 60 #define GET_TOKEN_AREA(t, dptr, length) do { \ 61 t = malloc(sizeof(token_t), M_AUDITBSM, M_WAITOK); \ 62 t->t_data = malloc(length, M_AUDITBSM, M_WAITOK | M_ZERO); \ 63 t->len = length; \ 64 dptr = t->t_data; \ 65 } while (0) 66 67 /* 68 * token ID 1 byte 69 * argument # 1 byte 70 * argument value 4 bytes/8 bytes (32-bit/64-bit value) 71 * text length 2 bytes 72 * text N bytes + 1 terminating NULL byte 73 */ 74 token_t * 75 au_to_arg32(char n, char *text, u_int32_t v) 76 { 77 token_t *t; 78 u_char *dptr = NULL; 79 u_int16_t textlen; 80 81 textlen = strlen(text); 82 textlen += 1; 83 84 GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + 85 sizeof(u_int16_t) + textlen); 86 87 ADD_U_CHAR(dptr, AUT_ARG32); 88 ADD_U_CHAR(dptr, n); 89 ADD_U_INT32(dptr, v); 90 ADD_U_INT16(dptr, textlen); 91 ADD_STRING(dptr, text, textlen); 92 93 return (t); 94 95 } 96 97 token_t * 98 au_to_arg64(char n, char *text, u_int64_t v) 99 { 100 token_t *t; 101 u_char *dptr = NULL; 102 u_int16_t textlen; 103 104 textlen = strlen(text); 105 textlen += 1; 106 107 GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + 108 sizeof(u_int16_t) + textlen); 109 110 ADD_U_CHAR(dptr, AUT_ARG64); 111 ADD_U_CHAR(dptr, n); 112 ADD_U_INT64(dptr, v); 113 ADD_U_INT16(dptr, textlen); 114 ADD_STRING(dptr, text, textlen); 115 116 return (t); 117 118 } 119 120 token_t * 121 au_to_arg(char n, char *text, u_int32_t v) 122 { 123 124 return (au_to_arg32(n, text, v)); 125 } 126 127 #if defined(_KERNEL) || defined(KERNEL) 128 /* 129 * token ID 1 byte 130 * file access mode 4 bytes 131 * owner user ID 4 bytes 132 * owner group ID 4 bytes 133 * file system ID 4 bytes 134 * node ID 8 bytes 135 * device 4 bytes/8 bytes (32-bit/64-bit) 136 */ 137 token_t * 138 au_to_attr32(struct vnode_au_info *vni) 139 { 140 token_t *t; 141 u_char *dptr = NULL; 142 u_int16_t pad0_16 = 0; 143 u_int16_t pad0_32 = 0; 144 145 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 146 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); 147 148 ADD_U_CHAR(dptr, AUT_ATTR32); 149 150 /* 151 * Darwin defines the size for the file mode 152 * as 2 bytes; BSM defines 4 so pad with 0 153 */ 154 ADD_U_INT16(dptr, pad0_16); 155 ADD_U_INT16(dptr, vni->vn_mode); 156 157 ADD_U_INT32(dptr, vni->vn_uid); 158 ADD_U_INT32(dptr, vni->vn_gid); 159 ADD_U_INT32(dptr, vni->vn_fsid); 160 161 /* 162 * Some systems use 32-bit file ID's, other's use 64-bit file IDs. 163 * Attempt to handle both, and let the compiler sort it out. If we 164 * could pick this out at compile-time, it would be better, so as to 165 * avoid the else case below. 166 */ 167 if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 168 ADD_U_INT32(dptr, pad0_32); 169 ADD_U_INT32(dptr, vni->vn_fileid); 170 } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 171 ADD_U_INT64(dptr, vni->vn_fileid); 172 else 173 ADD_U_INT64(dptr, 0LL); 174 175 ADD_U_INT32(dptr, vni->vn_dev); 176 177 return (t); 178 } 179 180 token_t * 181 au_to_attr64(struct vnode_au_info *vni) 182 { 183 184 return (NULL); 185 } 186 187 token_t * 188 au_to_attr(struct vnode_au_info *vni) 189 { 190 191 return (au_to_attr32(vni)); 192 } 193 #endif /* !(defined(_KERNEL) || defined(KERNEL) */ 194 195 /* 196 * token ID 1 byte 197 * how to print 1 byte 198 * basic unit 1 byte 199 * unit count 1 byte 200 * data items (depends on basic unit) 201 */ 202 token_t * 203 au_to_data(char unit_print, char unit_type, char unit_count, char *p) 204 { 205 token_t *t; 206 u_char *dptr = NULL; 207 size_t datasize, totdata; 208 209 /* Determine the size of the basic unit. */ 210 switch (unit_type) { 211 case AUR_BYTE: 212 /* case AUR_CHAR: */ 213 datasize = AUR_BYTE_SIZE; 214 break; 215 216 case AUR_SHORT: 217 datasize = AUR_SHORT_SIZE; 218 break; 219 220 case AUR_INT32: 221 /* case AUR_INT: */ 222 datasize = AUR_INT32_SIZE; 223 break; 224 225 case AUR_INT64: 226 datasize = AUR_INT64_SIZE; 227 break; 228 229 default: 230 return (NULL); 231 } 232 233 totdata = datasize * unit_count; 234 235 GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); 236 237 ADD_U_CHAR(dptr, AUT_DATA); 238 ADD_U_CHAR(dptr, unit_print); 239 ADD_U_CHAR(dptr, unit_type); 240 ADD_U_CHAR(dptr, unit_count); 241 ADD_MEM(dptr, p, totdata); 242 243 return (t); 244 } 245 246 247 /* 248 * token ID 1 byte 249 * status 4 bytes 250 * return value 4 bytes 251 */ 252 token_t * 253 au_to_exit(int retval, int err) 254 { 255 token_t *t; 256 u_char *dptr = NULL; 257 258 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); 259 260 ADD_U_CHAR(dptr, AUT_EXIT); 261 ADD_U_INT32(dptr, err); 262 ADD_U_INT32(dptr, retval); 263 264 return (t); 265 } 266 267 /* 268 */ 269 token_t * 270 au_to_groups(int *groups) 271 { 272 273 return (au_to_newgroups(AUDIT_MAX_GROUPS, groups)); 274 } 275 276 /* 277 * token ID 1 byte 278 * number groups 2 bytes 279 * group list count * 4 bytes 280 */ 281 token_t * 282 au_to_newgroups(u_int16_t n, gid_t *groups) 283 { 284 token_t *t; 285 u_char *dptr = NULL; 286 int i; 287 288 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 289 n * sizeof(u_int32_t)); 290 291 ADD_U_CHAR(dptr, AUT_NEWGROUPS); 292 ADD_U_INT16(dptr, n); 293 for (i = 0; i < n; i++) 294 ADD_U_INT32(dptr, groups[i]); 295 296 return (t); 297 } 298 299 /* 300 * token ID 1 byte 301 * internet address 4 bytes 302 */ 303 token_t * 304 au_to_in_addr(struct in_addr *internet_addr) 305 { 306 token_t *t; 307 u_char *dptr = NULL; 308 309 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); 310 311 ADD_U_CHAR(dptr, AUT_IN_ADDR); 312 ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); 313 314 return (t); 315 } 316 317 /* 318 * token ID 1 byte 319 * address type/length 4 bytes 320 * Address 16 bytes 321 */ 322 token_t * 323 au_to_in_addr_ex(struct in6_addr *internet_addr) 324 { 325 token_t *t; 326 u_char *dptr = NULL; 327 u_int32_t type = AF_INET6; 328 329 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); 330 331 ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); 332 ADD_U_INT32(dptr, type); 333 ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); 334 335 return (t); 336 } 337 338 /* 339 * token ID 1 byte 340 * ip header 20 bytes 341 */ 342 token_t * 343 au_to_ip(struct ip *ip) 344 { 345 token_t *t; 346 u_char *dptr = NULL; 347 348 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); 349 350 ADD_U_CHAR(dptr, AUT_IP); 351 /* 352 * XXXRW: Any byte order work needed on the IP header before writing? 353 */ 354 ADD_MEM(dptr, ip, sizeof(struct ip)); 355 356 return (t); 357 } 358 359 /* 360 * token ID 1 byte 361 * object ID type 1 byte 362 * object ID 4 bytes 363 */ 364 token_t * 365 au_to_ipc(char type, int id) 366 { 367 token_t *t; 368 u_char *dptr = NULL; 369 370 GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 371 372 ADD_U_CHAR(dptr, AUT_IPC); 373 ADD_U_CHAR(dptr, type); 374 ADD_U_INT32(dptr, id); 375 376 return (t); 377 } 378 379 /* 380 * token ID 1 byte 381 * owner user ID 4 bytes 382 * owner group ID 4 bytes 383 * creator user ID 4 bytes 384 * creator group ID 4 bytes 385 * access mode 4 bytes 386 * slot sequence # 4 bytes 387 * key 4 bytes 388 */ 389 token_t * 390 au_to_ipc_perm(struct ipc_perm *perm) 391 { 392 token_t *t; 393 u_char *dptr = NULL; 394 u_int16_t pad0 = 0; 395 396 GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); 397 398 ADD_U_CHAR(dptr, AUT_IPC_PERM); 399 400 /* 401 * Darwin defines the sizes for ipc_perm members 402 * as 2 bytes; BSM defines 4 so pad with 0 403 */ 404 ADD_U_INT16(dptr, pad0); 405 ADD_U_INT16(dptr, perm->uid); 406 407 ADD_U_INT16(dptr, pad0); 408 ADD_U_INT16(dptr, perm->gid); 409 410 ADD_U_INT16(dptr, pad0); 411 ADD_U_INT16(dptr, perm->cuid); 412 413 ADD_U_INT16(dptr, pad0); 414 ADD_U_INT16(dptr, perm->cgid); 415 416 ADD_U_INT16(dptr, pad0); 417 ADD_U_INT16(dptr, perm->mode); 418 419 ADD_U_INT16(dptr, pad0); 420 ADD_U_INT16(dptr, perm->seq); 421 422 ADD_U_INT32(dptr, perm->key); 423 424 return (t); 425 } 426 427 /* 428 * token ID 1 byte 429 * port IP address 2 bytes 430 */ 431 token_t * 432 au_to_iport(u_int16_t iport) 433 { 434 token_t *t; 435 u_char *dptr = NULL; 436 437 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); 438 439 ADD_U_CHAR(dptr, AUT_IPORT); 440 ADD_U_INT16(dptr, iport); 441 442 return (t); 443 } 444 445 /* 446 * token ID 1 byte 447 * size 2 bytes 448 * data size bytes 449 */ 450 token_t * 451 au_to_opaque(char *data, u_int16_t bytes) 452 { 453 token_t *t; 454 u_char *dptr = NULL; 455 456 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); 457 458 ADD_U_CHAR(dptr, AUT_OPAQUE); 459 ADD_U_INT16(dptr, bytes); 460 ADD_MEM(dptr, data, bytes); 461 462 return (t); 463 } 464 465 /* 466 * token ID 1 byte 467 * seconds of time 4 bytes 468 * milliseconds of time 4 bytes 469 * file name len 2 bytes 470 * file pathname N bytes + 1 terminating NULL byte 471 */ 472 token_t * 473 au_to_file(char *file, struct timeval tm) 474 { 475 token_t *t; 476 u_char *dptr = NULL; 477 u_int16_t filelen; 478 u_int32_t timems; 479 480 filelen = strlen(file); 481 filelen += 1; 482 483 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + 484 sizeof(u_int16_t) + filelen); 485 486 timems = tm.tv_usec/1000; 487 488 ADD_U_CHAR(dptr, AUT_OTHER_FILE32); 489 ADD_U_INT32(dptr, tm.tv_sec); 490 ADD_U_INT32(dptr, timems); /* We need time in ms. */ 491 ADD_U_INT16(dptr, filelen); 492 ADD_STRING(dptr, file, filelen); 493 494 return (t); 495 } 496 497 /* 498 * token ID 1 byte 499 * text length 2 bytes 500 * text N bytes + 1 terminating NULL byte 501 */ 502 token_t * 503 au_to_text(char *text) 504 { 505 token_t *t; 506 u_char *dptr = NULL; 507 u_int16_t textlen; 508 509 textlen = strlen(text); 510 textlen += 1; 511 512 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 513 514 ADD_U_CHAR(dptr, AUT_TEXT); 515 ADD_U_INT16(dptr, textlen); 516 ADD_STRING(dptr, text, textlen); 517 518 return (t); 519 } 520 521 /* 522 * token ID 1 byte 523 * path length 2 bytes 524 * path N bytes + 1 terminating NULL byte 525 */ 526 token_t * 527 au_to_path(char *text) 528 { 529 token_t *t; 530 u_char *dptr = NULL; 531 u_int16_t textlen; 532 533 textlen = strlen(text); 534 textlen += 1; 535 536 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 537 538 ADD_U_CHAR(dptr, AUT_PATH); 539 ADD_U_INT16(dptr, textlen); 540 ADD_STRING(dptr, text, textlen); 541 542 return (t); 543 } 544 545 /* 546 * token ID 1 byte 547 * audit ID 4 bytes 548 * effective user ID 4 bytes 549 * effective group ID 4 bytes 550 * real user ID 4 bytes 551 * real group ID 4 bytes 552 * process ID 4 bytes 553 * session ID 4 bytes 554 * terminal ID 555 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 556 * machine address 4 bytes 557 */ 558 token_t * 559 au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 560 pid_t pid, au_asid_t sid, au_tid_t *tid) 561 { 562 token_t *t; 563 u_char *dptr = NULL; 564 565 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 566 567 ADD_U_CHAR(dptr, AUT_PROCESS32); 568 ADD_U_INT32(dptr, auid); 569 ADD_U_INT32(dptr, euid); 570 ADD_U_INT32(dptr, egid); 571 ADD_U_INT32(dptr, ruid); 572 ADD_U_INT32(dptr, rgid); 573 ADD_U_INT32(dptr, pid); 574 ADD_U_INT32(dptr, sid); 575 ADD_U_INT32(dptr, tid->port); 576 ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 577 578 return (t); 579 } 580 581 token_t * 582 au_to_process64(__unused au_id_t auid, __unused uid_t euid, 583 __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, 584 __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) 585 { 586 587 return (NULL); 588 } 589 590 token_t * 591 au_to_process(__unused au_id_t auid, __unused uid_t euid, 592 __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, 593 __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) 594 { 595 596 return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, 597 tid)); 598 } 599 600 /* 601 * token ID 1 byte 602 * audit ID 4 bytes 603 * effective user ID 4 bytes 604 * effective group ID 4 bytes 605 * real user ID 4 bytes 606 * real group ID 4 bytes 607 * process ID 4 bytes 608 * session ID 4 bytes 609 * terminal ID 610 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 611 * address type-len 4 bytes 612 * machine address 4/16 bytes 613 */ 614 token_t * 615 au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 616 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 617 { 618 token_t *t; 619 u_char *dptr = NULL; 620 621 if (tid->at_type == AU_IPv6) 622 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 623 sizeof(u_int32_t)); 624 else 625 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 626 sizeof(u_int32_t)); 627 628 ADD_U_CHAR(dptr, AUT_PROCESS32_EX); 629 ADD_U_INT32(dptr, auid); 630 ADD_U_INT32(dptr, euid); 631 ADD_U_INT32(dptr, egid); 632 ADD_U_INT32(dptr, ruid); 633 ADD_U_INT32(dptr, rgid); 634 ADD_U_INT32(dptr, pid); 635 ADD_U_INT32(dptr, sid); 636 ADD_U_INT32(dptr, tid->at_port); 637 ADD_U_INT32(dptr, tid->at_type); 638 ADD_U_INT32(dptr, tid->at_addr[0]); 639 if (tid->at_type == AU_IPv6) { 640 ADD_U_INT32(dptr, tid->at_addr[1]); 641 ADD_U_INT32(dptr, tid->at_addr[2]); 642 ADD_U_INT32(dptr, tid->at_addr[3]); 643 } 644 return (t); 645 } 646 647 token_t * 648 au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 649 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 650 { 651 652 return (NULL); 653 } 654 655 token_t * 656 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 657 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 658 { 659 660 return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, 661 tid)); 662 } 663 664 /* 665 * token ID 1 byte 666 * error status 1 byte 667 * return value 4 bytes/8 bytes (32-bit/64-bit value) 668 */ 669 token_t * 670 au_to_return32(char status, u_int32_t ret) 671 { 672 token_t *t; 673 u_char *dptr = NULL; 674 675 GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 676 677 ADD_U_CHAR(dptr, AUT_RETURN32); 678 ADD_U_CHAR(dptr, status); 679 ADD_U_INT32(dptr, ret); 680 681 return (t); 682 } 683 684 token_t * 685 au_to_return64(char status, u_int64_t ret) 686 { 687 token_t *t; 688 u_char *dptr = NULL; 689 690 GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); 691 692 ADD_U_CHAR(dptr, AUT_RETURN64); 693 ADD_U_CHAR(dptr, status); 694 ADD_U_INT64(dptr, ret); 695 696 return (t); 697 } 698 699 token_t * 700 au_to_return(char status, u_int32_t ret) 701 { 702 703 return (au_to_return32(status, ret)); 704 } 705 706 /* 707 * token ID 1 byte 708 * sequence number 4 bytes 709 */ 710 token_t * 711 au_to_seq(long audit_count) 712 { 713 token_t *t; 714 u_char *dptr = NULL; 715 716 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); 717 718 ADD_U_CHAR(dptr, AUT_SEQ); 719 ADD_U_INT32(dptr, audit_count); 720 721 return (t); 722 } 723 724 /* 725 * token ID 1 byte 726 * socket type 2 bytes 727 * local port 2 bytes 728 * local Internet address 4 bytes 729 * remote port 2 bytes 730 * remote Internet address 4 bytes 731 */ 732 token_t * 733 au_to_socket(struct socket *so) 734 { 735 736 /* XXXRW ... */ 737 return (NULL); 738 } 739 740 /* 741 * Kernel-specific version of the above function. 742 */ 743 #ifdef _KERNEL 744 token_t * 745 kau_to_socket(struct socket_au_info *soi) 746 { 747 token_t *t; 748 u_char *dptr; 749 u_int16_t so_type; 750 751 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 752 sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t)); 753 754 ADD_U_CHAR(dptr, AU_SOCK_TOKEN); 755 /* Coerce the socket type into a short value */ 756 so_type = soi->so_type; 757 ADD_U_INT16(dptr, so_type); 758 ADD_U_INT16(dptr, soi->so_lport); 759 ADD_U_INT32(dptr, soi->so_laddr); 760 ADD_U_INT16(dptr, soi->so_rport); 761 ADD_U_INT32(dptr, soi->so_raddr); 762 763 return (t); 764 } 765 #endif 766 767 /* 768 * token ID 1 byte 769 * socket type 2 bytes 770 * local port 2 bytes 771 * address type/length 4 bytes 772 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address) 773 * remote port 4 bytes 774 * address type/length 4 bytes 775 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) 776 */ 777 token_t * 778 au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la, 779 struct sockaddr *ra) 780 { 781 782 return (NULL); 783 } 784 785 token_t * 786 au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la, 787 struct sockaddr *ra) 788 { 789 790 return (NULL); 791 } 792 793 /* 794 * token ID 1 byte 795 * socket family 2 bytes 796 * path 104 bytes 797 */ 798 token_t * 799 au_to_sock_unix(struct sockaddr_un *so) 800 { 801 token_t *t; 802 u_char *dptr; 803 804 GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); 805 806 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN); 807 /* BSM token has two bytes for family */ 808 ADD_U_CHAR(dptr, 0); 809 ADD_U_CHAR(dptr, so->sun_family); 810 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); 811 812 return (t); 813 } 814 815 /* 816 * token ID 1 byte 817 * socket family 2 bytes 818 * local port 2 bytes 819 * socket address 4 bytes 820 */ 821 token_t * 822 au_to_sock_inet32(struct sockaddr_in *so) 823 { 824 token_t *t; 825 u_char *dptr = NULL; 826 uint16_t family; 827 828 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + 829 sizeof(uint32_t)); 830 831 ADD_U_CHAR(dptr, AUT_SOCKINET32); 832 /* 833 * BSM defines the family field as 16 bits, but many operating 834 * systems have an 8-bit sin_family field. Extend to 16 bits before 835 * writing into the token. Assume that both the port and the address 836 * in the sockaddr_in are already in network byte order, but family 837 * is in local byte order. 838 * 839 * XXXRW: Should a name space conversion be taking place on the value 840 * of sin_family? 841 */ 842 family = so->sin_family; 843 ADD_U_INT16(dptr, family); 844 ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); 845 ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); 846 847 return (t); 848 849 } 850 851 token_t * 852 au_to_sock_inet128(struct sockaddr_in6 *so) 853 { 854 token_t *t; 855 u_char *dptr = NULL; 856 857 GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 858 4 * sizeof(u_int32_t)); 859 860 ADD_U_CHAR(dptr, AUT_SOCKINET128); 861 /* 862 * In Darwin, sin6_family is one octet, but BSM defines the token 863 * to store two. So we copy in a 0 first. 864 */ 865 ADD_U_CHAR(dptr, 0); 866 ADD_U_CHAR(dptr, so->sin6_family); 867 868 ADD_U_INT16(dptr, so->sin6_port); 869 ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); 870 871 return (t); 872 873 } 874 875 token_t * 876 au_to_sock_inet(struct sockaddr_in *so) 877 { 878 879 return (au_to_sock_inet32(so)); 880 } 881 882 /* 883 * token ID 1 byte 884 * audit ID 4 bytes 885 * effective user ID 4 bytes 886 * effective group ID 4 bytes 887 * real user ID 4 bytes 888 * real group ID 4 bytes 889 * process ID 4 bytes 890 * session ID 4 bytes 891 * terminal ID 892 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 893 * machine address 4 bytes 894 */ 895 token_t * 896 au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 897 pid_t pid, au_asid_t sid, au_tid_t *tid) 898 { 899 token_t *t; 900 u_char *dptr = NULL; 901 902 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 903 904 ADD_U_CHAR(dptr, AUT_SUBJECT32); 905 ADD_U_INT32(dptr, auid); 906 ADD_U_INT32(dptr, euid); 907 ADD_U_INT32(dptr, egid); 908 ADD_U_INT32(dptr, ruid); 909 ADD_U_INT32(dptr, rgid); 910 ADD_U_INT32(dptr, pid); 911 ADD_U_INT32(dptr, sid); 912 ADD_U_INT32(dptr, tid->port); 913 ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 914 915 return (t); 916 } 917 918 token_t * 919 au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 920 pid_t pid, au_asid_t sid, au_tid_t *tid) 921 { 922 923 return (NULL); 924 } 925 926 token_t * 927 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 928 pid_t pid, au_asid_t sid, au_tid_t *tid) 929 { 930 931 return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 932 tid)); 933 } 934 935 /* 936 * token ID 1 byte 937 * audit ID 4 bytes 938 * effective user ID 4 bytes 939 * effective group ID 4 bytes 940 * real user ID 4 bytes 941 * real group ID 4 bytes 942 * process ID 4 bytes 943 * session ID 4 bytes 944 * terminal ID 945 * port ID 4 bytes/8 bytes (32-bit/64-bit value) 946 * address type/length 4 bytes 947 * machine address 4/16 bytes 948 */ 949 token_t * 950 au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 951 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 952 { 953 token_t *t; 954 u_char *dptr = NULL; 955 956 if (tid->at_type == AU_IPv6) 957 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 958 sizeof(u_int32_t)); 959 else 960 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 961 sizeof(u_int32_t)); 962 963 ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); 964 ADD_U_INT32(dptr, auid); 965 ADD_U_INT32(dptr, euid); 966 ADD_U_INT32(dptr, egid); 967 ADD_U_INT32(dptr, ruid); 968 ADD_U_INT32(dptr, rgid); 969 ADD_U_INT32(dptr, pid); 970 ADD_U_INT32(dptr, sid); 971 ADD_U_INT32(dptr, tid->at_port); 972 ADD_U_INT32(dptr, tid->at_type); 973 ADD_U_INT32(dptr, tid->at_addr[0]); 974 if (tid->at_type == AU_IPv6) { 975 ADD_U_INT32(dptr, tid->at_addr[1]); 976 ADD_U_INT32(dptr, tid->at_addr[2]); 977 ADD_U_INT32(dptr, tid->at_addr[3]); 978 } 979 return (t); 980 } 981 982 token_t * 983 au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 984 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 985 { 986 987 return (NULL); 988 } 989 990 token_t * 991 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 992 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 993 { 994 995 return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, 996 tid)); 997 } 998 999 #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) 1000 /* 1001 * Collects audit information for the current process 1002 * and creates a subject token from it 1003 */ 1004 token_t * 1005 au_to_me(void) 1006 { 1007 auditinfo_t auinfo; 1008 1009 if (getaudit(&auinfo) != 0) 1010 return (NULL); 1011 1012 return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), 1013 getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); 1014 } 1015 #endif 1016 1017 #if defined(_KERNEL) || defined(KERNEL) 1018 static token_t * 1019 au_to_exec_strings(char *strs, int count, u_char type) 1020 { 1021 token_t *t; 1022 u_char *dptr = NULL; 1023 u_int32_t totlen; 1024 int ctr; 1025 char *p; 1026 1027 totlen = 0; 1028 ctr = count; 1029 p = strs; 1030 while (ctr-- > 0) { 1031 totlen += strlen(p) + 1; 1032 p = strs + totlen; 1033 } 1034 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1035 ADD_U_CHAR(dptr, type); 1036 ADD_U_INT32(dptr, count); 1037 ADD_STRING(dptr, strs, totlen); 1038 1039 return (t); 1040 } 1041 1042 /* 1043 * token ID 1 byte 1044 * count 4 bytes 1045 * text count null-terminated strings 1046 */ 1047 token_t * 1048 au_to_exec_args(char *args, int argc) 1049 { 1050 1051 return (au_to_exec_strings(args, argc, AUT_EXEC_ARGS)); 1052 } 1053 1054 /* 1055 * token ID 1 byte 1056 * count 4 bytes 1057 * text count null-terminated strings 1058 */ 1059 token_t * 1060 au_to_exec_env(char *envs, int envc) 1061 { 1062 1063 return (au_to_exec_strings(envs, envc, AUT_EXEC_ENV)); 1064 } 1065 #else 1066 /* 1067 * token ID 1 byte 1068 * count 4 bytes 1069 * text count null-terminated strings 1070 */ 1071 token_t * 1072 au_to_exec_args(char **argv) 1073 { 1074 token_t *t; 1075 u_char *dptr = NULL; 1076 const char *nextarg; 1077 int i, count = 0; 1078 size_t totlen = 0; 1079 1080 nextarg = *argv; 1081 1082 while (nextarg != NULL) { 1083 int nextlen; 1084 1085 nextlen = strlen(nextarg); 1086 totlen += nextlen + 1; 1087 count++; 1088 nextarg = *(argv + count); 1089 } 1090 1091 totlen += count * sizeof(char); /* nul terminations. */ 1092 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1093 1094 ADD_U_CHAR(dptr, AUT_EXEC_ARGS); 1095 ADD_U_INT32(dptr, count); 1096 1097 for (i = 0; i < count; i++) { 1098 nextarg = *(argv + i); 1099 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 1100 } 1101 1102 return (t); 1103 } 1104 1105 /* 1106 * token ID 1 byte 1107 * count 4 bytes 1108 * text count null-terminated strings 1109 */ 1110 token_t * 1111 au_to_exec_env(char **envp) 1112 { 1113 token_t *t; 1114 u_char *dptr = NULL; 1115 int i, count = 0; 1116 size_t totlen = 0; 1117 const char *nextenv; 1118 1119 nextenv = *envp; 1120 1121 while (nextenv != NULL) { 1122 int nextlen; 1123 1124 nextlen = strlen(nextenv); 1125 totlen += nextlen + 1; 1126 count++; 1127 nextenv = *(envp + count); 1128 } 1129 1130 totlen += sizeof(char) * count; 1131 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1132 1133 ADD_U_CHAR(dptr, AUT_EXEC_ENV); 1134 ADD_U_INT32(dptr, count); 1135 1136 for (i = 0; i < count; i++) { 1137 nextenv = *(envp + i); 1138 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 1139 } 1140 1141 return (t); 1142 } 1143 #endif 1144 1145 /* 1146 * token ID 1 byte 1147 * record byte count 4 bytes 1148 * version # 1 byte [2] 1149 * event type 2 bytes 1150 * event modifier 2 bytes 1151 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1152 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1153 */ 1154 token_t * 1155 au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1156 struct timeval tm) 1157 { 1158 token_t *t; 1159 u_char *dptr = NULL; 1160 u_int32_t timems; 1161 1162 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1163 sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 1164 1165 ADD_U_CHAR(dptr, AUT_HEADER32); 1166 ADD_U_INT32(dptr, rec_size); 1167 ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1168 ADD_U_INT16(dptr, e_type); 1169 ADD_U_INT16(dptr, e_mod); 1170 1171 timems = tm.tv_usec/1000; 1172 /* Add the timestamp */ 1173 ADD_U_INT32(dptr, tm.tv_sec); 1174 ADD_U_INT32(dptr, timems); /* We need time in ms. */ 1175 1176 return (t); 1177 } 1178 1179 /* 1180 * token ID 1 byte 1181 * trailer magic number 2 bytes 1182 * record byte count 4 bytes 1183 */ 1184 token_t * 1185 au_to_trailer(int rec_size) 1186 { 1187 token_t *t; 1188 u_char *dptr = NULL; 1189 u_int16_t magic = TRAILER_PAD_MAGIC; 1190 1191 GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 1192 sizeof(u_int32_t)); 1193 1194 ADD_U_CHAR(dptr, AUT_TRAILER); 1195 ADD_U_INT16(dptr, magic); 1196 ADD_U_INT32(dptr, rec_size); 1197 1198 return (t); 1199 }
Cache object: 1e20f19010d198954ce13afc77f6aaa5
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]