search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / libbsm / common / adt_token.c
blob40a150e041fa67bb1e6865b5504fa9ddb864a429
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * adt_token.c
23 *
24 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
25 * Use is subject to license terms.
26 *
27 * This file does not provide any user callable functions. See adt.c
28 */
29
30 #include <bsm/adt.h>
31 #include <bsm/adt_event.h>
32 #include <bsm/audit.h>
33
34 #include <adt_xlate.h>
35 #include <alloca.h>
36 #include <assert.h>
37 #include <netdb.h>
38 #include <priv.h>
39 #include <string.h>
40 #include <strings.h>
41 #include <stdlib.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <sys/priv_names.h>
46 #include <sys/socket.h>
47 #include <sys/types.h>
48 #include <sys/vnode.h>
49
50 #ifdef C2_DEBUG
51 #define DPRINTF(x) { (void) printf x; }
52 #define DFLUSH (void) fflush(stdout);
53
54 /* 0x + Classification + Compartments + end of string */
55 #define HEX_SIZE 2 + 2*2 + 2*32 + 1
56
57 #else /* !C2_DEBUG */
58 #define DPRINTF(x)
59 #define DFLUSH
60 #endif /* C2_DEBUG */
61
62 static adt_token_func_t adt_getTokenFunction(char);
63
64 static char *empty = "";
65
66 /*
67 * call adt_token_open() first and adt_token_close() last.
68 *
69 * au_open is sort of broken; it returns a -1 when out of memory that
70 * you're supposed to ignore; au_write and au_close return without
71 * doing anything when a -1 is passed. This code sort of follows the
72 * au_open model except that it calls syslog to indicate underlying
73 * brokenness. Other than that, -1 is ignored.
74 */
75
76 void
77 adt_token_open(struct adt_event_state *event)
78 {
79 static int have_syslogged = 0;
80
81 event->ae_event_handle = au_open();
82 if (event->ae_event_handle < 0) {
83 if (!have_syslogged) {
84 adt_write_syslog("au_open failed", ENOMEM);
85 have_syslogged = 1;
86 }
87 } else {
88 have_syslogged = 0;
89 }
90 }
91
92 /*
93 * call generate_token for each token in the order you want the tokens
94 * generated.
95 */
96
97 void
98 adt_generate_token(struct entry *p_entry, void *p_data,
99 struct adt_event_state *event)
100 {
101 adt_token_func_t p_func;
102
103 assert((p_entry != NULL) && (p_data != NULL) && (event != NULL));
104
105 p_func = adt_getTokenFunction(p_entry->en_token_id);
106 assert(p_func != NULL);
107
108 DPRINTF(("p_entry=%p, p_data=%p, offset=%llu, msgFmt=%s\n",
109 (void *)p_entry, p_data, (long long)p_entry->en_offset,
110 p_entry->en_msg_format));
111 DFLUSH
112
113 (*p_func)(p_entry->en_type_def,
114 (char *)p_data + p_entry->en_offset, p_entry->en_required, event,
115 p_entry->en_msg_format);
116 }
117
118 /* call this last */
119
120 int
121 adt_token_close(struct adt_event_state *event)
122 {
123 int rc;
124
125 rc = au_close(event->ae_event_handle, AU_TO_WRITE,
126 event->ae_internal_id);
127 if (rc < 0)
128 adt_write_syslog("au_close failed", errno);
129 return (rc);
130 }
131
132 /*
133 * one function per token -- see the jump table at the end of file
134 */
135
136 /* ARGSUSED */
137 static void
138 adt_to_return(datadef *def, void *p_data, int required,
139 struct adt_event_state *event, char *notUsed)
140 {
141
142 #ifdef _LP64
143 (void) au_write(event->ae_event_handle,
144 au_to_return64((int64_t)event->ae_rc, event->ae_type));
145 #else
146 (void) au_write(event->ae_event_handle,
147 au_to_return32((int32_t)event->ae_rc, event->ae_type));
148 #endif
149 }
150
151 /*
152 * AUT_CMD
153 *
154 * the command line is described with argc and argv and the environment
155 * with envp. The envp list is NULL terminated and has no separate
156 * counter; envp will be a NULL list unless the AUDIT_ARGE policy is
157 * set.
158 */
159
160 /* ARGSUSED */
161 static void
162 adt_to_cmd(datadef *def, void *p_data, int required,
163 struct adt_event_state *event, char *notUsed)
164 {
165 struct adt_internal_state *sp = event->ae_session;
166 int argc;
167 char **argv;
168 char **envp = NULL;
169
170 argc = ((union convert *)p_data)->tint;
171 p_data = adt_adjust_address(p_data, sizeof (int), sizeof (char **));
172 argv = ((union convert *)p_data)->tchar2star;
173 p_data = adt_adjust_address(p_data, sizeof (char **), sizeof (char **));
174
175 if (sp->as_kernel_audit_policy & AUDIT_ARGE)
176 envp = ((union convert *)p_data)->tchar2star;
177
178 (void) au_write(event->ae_event_handle,
179 au_to_cmd(argc, argv, envp));
180 }
181
182 /*
183 * special case of AUT_CMD with 1 argument that is
184 * a string showing the whole command and no envp
185 */
186 /* ARGSUSED */
187 static void
188 adt_to_cmd1(datadef *def, void *p_data, int required,
189 struct adt_event_state *event, char *notUsed)
190 {
191 char *string;
192
193 string = ((union convert *)p_data)->tcharstar;
194
195 if (string == NULL) {
196 if (required) {
197 string = empty;
198 } else {
199 return;
200 }
201 }
202 /* argc is hardcoded as 1 */
203 (void) au_write(event->ae_event_handle, au_to_cmd(1, &string,
204 NULL));
205 }
206
207 /*
208 * adt_to_tid -- generic address (ip is only one defined at present)
209 * input:
210 * terminal type: ADT_IPv4, ADT_IPv6...
211 * case: ADT_IPv4 or ADT_IPv6...
212 * ip type
213 * remote port
214 * local port
215 * address
216 * case: not defined...
217 */
218 /* ARGSUSED */
219 static void
220 adt_to_tid(datadef *def, void *p_data, int required,
221 struct adt_event_state *event, char *notUsed)
222 {
223 au_generic_tid_t tid;
224 uint32_t type;
225 au_ip_t *ip;
226
227 type = ((union convert *)p_data)->tuint32;
228
229 switch (type) {
230 case ADT_IPv4:
231 case ADT_IPv6:
232 p_data = adt_adjust_address(p_data, sizeof (uint32_t),
233 sizeof (uint32_t));
234
235 tid.gt_type = AU_IPADR;
236 ip = &(tid.gt_adr.at_ip);
237
238 ip->at_type = (type == ADT_IPv4) ?
239 AU_IPv4 : AU_IPv6;
240
241 ip->at_r_port = ((union convert *)p_data)->tuint16;
242 p_data = adt_adjust_address(p_data, sizeof (uint16_t),
243 sizeof (uint16_t));
244
245 ip->at_l_port = ((union convert *)p_data)->tuint16;
246
247 /* arg3 is for the array element, not the array size */
248 p_data = adt_adjust_address(p_data, sizeof (uint16_t),
249 sizeof (uint32_t));
250
251 (void) memcpy(ip->at_addr, p_data, ip->at_type);
252 break;
253 default:
254 adt_write_syslog("Invalid terminal id type", EINVAL);
255 return;
256 }
257 (void) au_write(event->ae_event_handle, au_to_tid(&tid));
258 }
259
260 /*
261 * au_to_frmi takes a char * that is the fmri.
262 */
263 /* ARGSUSED */
264 static void
265 adt_to_frmi(datadef *def, void *p_data, int required,
266 struct adt_event_state *event, char *notUsed)
267 {
268 char *fmri;
269
270 DPRINTF((" adt_to_fmri dd_datatype=%d\n", def->dd_datatype));
271
272 fmri = ((union convert *)p_data)->tcharstar;
273
274 if (fmri == NULL) {
275 if (required) {
276 fmri = empty;
277 } else {
278 return;
279 }
280 }
281 DPRINTF((" fmri=%s\n", fmri));
282 (void) au_write(event->ae_event_handle, au_to_fmri(fmri));
283 }
284
285 /*
286 * au_to_newgroups takes a length and an array of gids
287 * as input. The input to adt_to_newgroups is a length
288 * and a pointer to an array of gids.
289 */
290
291 /* ARGSUSED */
292 static void
293 adt_to_newgroups(datadef *def, void *p_data, int required,
294 struct adt_event_state *event, char *notUsed)
295 {
296 int n;
297 gid_t *groups;
298
299 n = ((union convert *)p_data)->tint;
300 if (n < 1) {
301 if (required) {
302 n = 0; /* in case negative n was passed */
303 } else {
304 return;
305 }
306 }
307 p_data = adt_adjust_address(p_data, sizeof (int), sizeof (int32_t *));
308
309 groups = ((union convert *)p_data)->tgidstar;
310
311 (void) au_write(event->ae_event_handle, au_to_newgroups(n, groups));
312 }
313
314 /* ARGSUSED */
315 static void
316 adt_to_path(datadef *def, void *p_data, int required,
317 struct adt_event_state *event, char *notUsed)
318 {
319 char *path;
320
321 path = ((union convert *)p_data)->tcharstar;
322
323 if (path != NULL) {
324 DPRINTF((" path=%s\n", path));
325 (void) au_write(event->ae_event_handle, au_to_path(path));
326 } else {
327 DPRINTF((" Null path\n"));
328 if (required) {
329 (void) au_write(event->ae_event_handle,
330 au_to_path(empty));
331 }
332 }
333 }
334
335 /*
336 * dummy token id: AUT_PATHLIST
337 */
338
339 /* ARGSUSED */
340 static void
341 adt_to_pathlist(datadef *def, void *p_data, int required,
342 struct adt_event_state *event, char *notUsed)
343 {
344 char *path;
345 char *working_buf;
346 char *pathlist;
347 char *last_str;
348
349 pathlist = ((union convert *)p_data)->tcharstar;
350
351 if (pathlist != NULL) {
352 working_buf = strdup(pathlist);
353 if (working_buf == NULL) {
354 adt_write_syslog("audit failure", errno);
355 if (required) {
356 (void) au_write(event->ae_event_handle,
357 au_to_path(empty));
358 }
359 return;
360 }
361 for (path = strtok_r(working_buf, " ", &last_str);
362 path; path = strtok_r(NULL, " ", &last_str)) {
363 DPRINTF((" path=%s\n", path));
364 (void) au_write(event->ae_event_handle,
365 au_to_path(path));
366 }
367 } else {
368 DPRINTF((" Null path list\n"));
369 if (required)
370 (void) au_write(event->ae_event_handle,
371 au_to_path(empty));
372 }
373 }
374
375 /*
376 * AUT_PRIV
377 */
378
379 /* ARGSUSED */
380 static void
381 adt_to_priv(datadef *def, void *p_data, int required,
382 struct adt_event_state *event, const char *priv_type)
383 {
384 priv_set_t *privilege;
385
386 privilege = ((union convert *)p_data)->tprivstar;
387
388 if (privilege != NULL) {
389 (void) au_write(event->ae_event_handle,
390 au_to_privset(priv_type, privilege));
391 } else {
392 if (required) {
393 DPRINTF((" Null privilege\n"));
394 (void) au_write(event->ae_event_handle,
395 au_to_privset(empty, NULL));
396 }
397 }
398 }
399
400 /*
401 * -AUT_PRIV_L AUT_PRIV for a limit set
402 */
403
404 /* ARGSUSED */
405 static void
406 adt_to_priv_limit(datadef *def, void *p_data, int required,
407 struct adt_event_state *event, char *notUsed)
408 {
409 adt_to_priv(def, p_data, required, event, PRIV_LIMIT);
410 }
411
412 /*
413 * -AUT_PRIV_I AUT_PRIV for an inherit set
414 */
415
416 /* ARGSUSED */
417 static void
418 adt_to_priv_inherit(datadef *def, void *p_data, int required,
419 struct adt_event_state *event, char *notUsed)
420 {
421 adt_to_priv(def, p_data, required, event, PRIV_INHERITABLE);
422 }
423
424 /* ARGSUSED */
425 static void
426 adt_to_priv_effective(datadef *def, void *p_data, int required,
427 struct adt_event_state *event, char *notUsed)
428 {
429 adt_to_priv(def, p_data, required, event, PRIV_EFFECTIVE);
430 }
431
432 static void
433 getCharacteristics(struct auditpinfo_addr *info, pid_t *pid)
434 {
435 int rc;
436
437 if (*pid == 0) { /* getpinfo for this pid */
438 info->ap_pid = getpid();
439 } else {
440 info->ap_pid = *pid;
441 }
442
443 rc = auditon(A_GETPINFO_ADDR, (caddr_t)info,
444 sizeof (struct auditpinfo_addr));
445 if (rc == -1) {
446 info->ap_auid = AU_NOAUDITID;
447 info->ap_asid = 0;
448 (void) memset(&(info->ap_termid), 0,
449 sizeof (au_tid_addr_t));
450 info->ap_termid.at_type = AU_IPv4;
451 }
452 }
453
454 /*
455 * AUT_PROCESS
456 *
457 */
458
459 /* ARGSUSED */
460 static void
461 adt_to_process(datadef *def, void *p_data, int required,
462 struct adt_event_state *event, char *notUsed)
463 {
464 au_id_t auid;
465 uid_t euid;
466 gid_t egid;
467 uid_t ruid;
468 gid_t rgid;
469 pid_t pid;
470 au_asid_t sid;
471 au_tid_addr_t *tid;
472 struct auditpinfo_addr info;
473
474 auid = ((union convert *)p_data)->tuid;
475 p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (uid_t));
476 euid = ((union convert *)p_data)->tuid;
477 p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (gid_t));
478 egid = ((union convert *)p_data)->tgid;
479 p_data = adt_adjust_address(p_data, sizeof (gid_t), sizeof (uid_t));
480 ruid = ((union convert *)p_data)->tuid;
481 p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (gid_t));
482 rgid = ((union convert *)p_data)->tgid;
483 p_data = adt_adjust_address(p_data, sizeof (gid_t), sizeof (pid_t));
484 pid = ((union convert *)p_data)->tpid;
485 p_data = adt_adjust_address(p_data, sizeof (pid_t), sizeof (uint32_t));
486 sid = ((union convert *)p_data)->tuint32;
487 p_data = adt_adjust_address(p_data, sizeof (uint32_t),
488 sizeof (au_tid_addr_t *));
489 tid = ((union convert *)p_data)->ttermid;
490
491 getCharacteristics(&info, &pid);
492
493 if (auid == AU_NOAUDITID)
494 auid = info.ap_auid;
495
496 if (euid == AU_NOAUDITID)
497 euid = geteuid();
498
499 if (egid == AU_NOAUDITID)
500 egid = getegid();
501
502 if (ruid == AU_NOAUDITID)
503 ruid = getuid();
504
505 if (rgid == AU_NOAUDITID)
506 rgid = getgid();
507
508 if (tid == NULL)
509 tid = &(info.ap_termid);
510
511 if (sid == 0)
512 sid = info.ap_asid;
513
514 if (pid == 0)
515 pid = info.ap_pid;
516
517 (void) au_write(event->ae_event_handle,
518 au_to_process_ex(auid, euid, egid, ruid, rgid, pid, sid, tid));
519 }
520
521 /*
522 * Generate subject information.
523 * If the group audit policy is set, generate the subject group token.
524 *
525 * The required flag does not apply here.
526 *
527 * Non-attributable records are indicated by an auid of AU_NOAUDITID;
528 * no subject token or group token is generated for a non-attributable
529 * record.
530 */
531
532 /* ARGSUSED */
533 static void
534 adt_to_subject(datadef *def, void *p_data, int required,
535 struct adt_event_state *event, char *notUsed)
536 {
537 struct adt_internal_state *sp = event->ae_session;
538
539 if (sp->as_info.ai_auid == AU_NOAUDITID)
540 return;
541
542 assert(sp->as_have_user_data == ADT_HAVE_ALL);
543
544 (void) au_write(event->ae_event_handle,
545 au_to_subject_ex(sp->as_info.ai_auid,
546 sp->as_euid, sp->as_egid, sp->as_ruid, sp->as_rgid,
547 sp->as_pid, sp->as_info.ai_asid,
548 &(sp->as_info.ai_termid)));
549 /*
550 * Add optional tokens if in the process model.
551 * In a session model, the groups list is undefined.
552 */
553 if (sp->as_session_model == ADT_PROCESS_MODEL) {
554 if (sp->as_kernel_audit_policy & AUDIT_GROUP) {
555 int group_count;
556 int maxgrp = getgroups(0, NULL);
557 gid_t *grouplist = alloca(maxgrp * sizeof (gid_t));
558
559 if ((group_count = getgroups(maxgrp, grouplist)) > 0) {
560 (void) au_write(event->ae_event_handle,
561 au_to_newgroups(group_count, grouplist));
562 }
563 }
564 }
565 }
566
567 /*
568 * adt_to_text()
569 *
570 * The format string, normally null, is sort of a wrapper around
571 * the input. adt_write_text() is a wrapper around au_write that
572 * handles the format string
573 *
574 */
575 #define TEXT_LENGTH 49
576
577 static void
578 adt_write_text(int handle, char *main_text, const char *format)
579 {
580 char buffer[TEXT_LENGTH * 2 + 1];
581
582 if (format == NULL) {
583 (void) au_write(handle, au_to_text(main_text));
584 } else {
585 (void) snprintf(buffer, TEXT_LENGTH * 2, format, main_text);
586 (void) au_write(handle, au_to_text(buffer));
587 }
588 }
589
590 static void
591 adt_to_text(datadef *def, void *p_data, int required,
592 struct adt_event_state *event, char *format)
593 {
594 static int have_syslogged = 0;
595 char *string;
596 char **string_list;
597 char buffer[TEXT_LENGTH + 1];
598 time_t date;
599 struct tm tm;
600 uint32_t *int_list;
601 int written, available;
602 int i, arrayCount;
603 struct msg_text *list;
604 int list_index;
605
606 DPRINTF((" adt_to_text dd_datatype=%d\n", def->dd_datatype));
607 switch (def->dd_datatype) {
608 case ADT_DATE:
609 /*
610 * Consider creating a separate token type for dates
611 * -- store as longs and format them in praudit.
612 * For now, a date is input as a time_t and output as
613 * a text token. If we do this, we need to consider
614 * carrying timezone info so that praudit can
615 * represent times in an unambiguous manner.
616 */
617 date = ((union convert *)p_data)->tlong;
618 if (strftime(buffer, sizeof (buffer), "%x",
619 localtime_r(&date, &tm)) > TEXT_LENGTH) {
620 if (required) {
621 (void) strncpy(buffer, "invalid date",
622 TEXT_LENGTH);
623 } else {
624 break;
625 }
626 }
627 DPRINTF((" text=%s\n", buffer));
628 adt_write_text(event->ae_event_handle, buffer, format);
629 break;
630 /*
631 * The "input size" is overloaded to mean the list number
632 * and the msg_selector indexes the desired string in
633 * that list
634 */
635 case ADT_MSG:
636 list = &adt_msg_text[(enum adt_msg_list)def->dd_input_size];
637 list_index = ((union convert *)p_data)->msg_selector;
638
639 if ((list_index + list->ml_offset < list->ml_min_index) ||
640 (list_index + list->ml_offset > list->ml_max_index)) {
641 string = "Invalid message index";
642 } else {
643 string = list->ml_msg_list[list_index +
644 list->ml_offset];
645 }
646
647 if (string == NULL) { /* null is valid; means skip */
648 if (required) {
649 string = empty;
650 } else {
651 break;
652 }
653 }
654 DPRINTF((" text=%s\n", string));
655 adt_write_text(event->ae_event_handle, string, format);
656 break;
657 case ADT_UID:
658 case ADT_GID:
659 case ADT_UINT:
660 case ADT_UINT32:
661 (void) snprintf(buffer, TEXT_LENGTH, "%u",
662 ((union convert *)p_data)->tuint);
663
664 DPRINTF((" text=%s\n", buffer));
665 adt_write_text(event->ae_event_handle, buffer, format);
666 break;
667 case ADT_INT:
668 case ADT_INT32:
669 (void) snprintf(buffer, TEXT_LENGTH, "%d",
670 ((union convert *)p_data)->tint);
671
672 DPRINTF((" text=%s\n", buffer));
673 adt_write_text(event->ae_event_handle, buffer, format);
674 break;
675 case ADT_LONG:
676 (void) snprintf(buffer, TEXT_LENGTH, "%ld",
677 ((union convert *)p_data)->tlong);
678
679 DPRINTF((" text=%s\n", buffer));
680 adt_write_text(event->ae_event_handle, buffer, format);
681 break;
682 case ADT_UIDSTAR:
683 case ADT_GIDSTAR:
684 case ADT_UINT32STAR:
685 int_list = ((union convert *)p_data)->tuint32star;
686 p_data = adt_adjust_address(p_data, sizeof (int *),
687 sizeof (int));
688 arrayCount = ((union convert *)p_data)->tint;
689
690 string = buffer;
691 available = TEXT_LENGTH; /* space available in buffer */
692
693 if (arrayCount < 0)
694 arrayCount = 0;
695
696 if ((arrayCount > 0) && (int_list != NULL)) {
697 for (; arrayCount > 0; arrayCount--) {
698 written = snprintf(string, available,
699 "%d ", *int_list++);
700 if (written < 1)
701 break;
702 string += written;
703 available -= written;
704 }
705 } else if (required) {
706 string = empty;
707 } else {
708 break;
709 }
710
711 adt_write_text(event->ae_event_handle, buffer, format);
712 break;
713 case ADT_ULONG:
714 (void) snprintf(buffer, TEXT_LENGTH, "%lu",
715 ((union convert *)p_data)->tulong);
716
717 DPRINTF((" text=%s\n", buffer));
718 adt_write_text(event->ae_event_handle, buffer, format);
719 break;
720 case ADT_UINT64:
721 (void) snprintf(buffer, TEXT_LENGTH, "%llu",
722 ((union convert *)p_data)->tuint64);
723
724 DPRINTF((" text=%s\n", buffer));
725 adt_write_text(event->ae_event_handle, buffer, format);
726 break;
727 case ADT_CHARSTAR:
728 string = ((union convert *)p_data)->tcharstar;
729
730 if (string == NULL) {
731 if (required) {
732 string = empty;
733 } else {
734 break;
735 }
736 }
737 DPRINTF((" text=%s\n", string));
738 adt_write_text(event->ae_event_handle, string, format);
739 break;
740 case ADT_CHAR2STAR:
741 string_list = ((union convert *)p_data)->tchar2star;
742 p_data = adt_adjust_address(p_data, sizeof (char **),
743 sizeof (int));
744 arrayCount = ((union convert *)p_data)->tint;
745
746 if (arrayCount < 0)
747 arrayCount = 0;
748
749 if ((arrayCount > 0) && (string_list != NULL)) {
750 for (i = 0; i < arrayCount; i++) {
751 string = string_list[i];
752 if (string != NULL)
753 adt_write_text(event->ae_event_handle,
754 string, format);
755 }
756 } else if (required) {
757 adt_write_text(event->ae_event_handle, empty, format);
758 } else {
759 break;
760 }
761 break;
762 default:
763 if (!have_syslogged) { /* don't flood the log */
764 adt_write_syslog("unsupported data conversion",
765 ENOTSUP);
766 have_syslogged = 1;
767 }
768 break;
769 }
770 DFLUSH
771 }
772
773 /*
774 * AUT_UAUTH
775 */
776
777 /* ARGSUSED */
778 static void
779 adt_to_uauth(datadef *def, void *p_data, int required,
780 struct adt_event_state *event, char *format)
781 {
782 char *string;
783
784 DPRINTF((" adt_to_uauth dd_datatype=%d\n", def->dd_datatype));
785
786 string = ((union convert *)p_data)->tcharstar;
787
788 if (string == NULL) {
789 if (required) {
790 string = empty;
791 } else {
792 return;
793 }
794 }
795 DPRINTF((" text=%s\n", string));
796 (void) au_write(event->ae_event_handle, au_to_uauth(string));
797 }
798
799 /*
800 * AUT_USER
801 */
802
803 /* ARGSUSED */
804 static void
805 adt_to_user(datadef *def, void *p_data, int required,
806 struct adt_event_state *event, char *format)
807 {
808 uid_t uid;
809 char *username;
810
811 DPRINTF((" adt_to_user dd_datatype=%d\n", def->dd_datatype));
812
813 uid = ((union convert *)p_data)->tuid;
814 p_data = adt_adjust_address(p_data, sizeof (uid_t), sizeof (uid_t));
815
816 username = ((union convert *)p_data)->tcharstar;
817
818 if (username == NULL) {
819 if (required) {
820 username = empty;
821 } else {
822 return;
823 }
824 }
825 DPRINTF((" username=%s\n", username));
826 (void) au_write(event->ae_event_handle, au_to_user(uid, username));
827 }
828
829 /*
830 * AUT_ZONENAME
831 */
832
833 /* ARGSUSED */
834 static void
835 adt_to_zonename(datadef *def, void *p_data, int required,
836 struct adt_event_state *event, char *notUsed)
837 {
838 char *name;
839
840 name = ((union convert *)p_data)->tcharstar;
841
842 if (name != NULL) {
843 DPRINTF((" name=%s\n", name));
844 (void) au_write(event->ae_event_handle, au_to_zonename(name));
845 } else {
846 DPRINTF((" Null name\n"));
847 if (required) {
848 (void) au_write(event->ae_event_handle,
849 au_to_zonename(empty));
850 }
851 }
852 }
853
854 /*
855 * ADT_IN_PEER dummy token
856 */
857
858 /* ARGSUSED */
859 static void
860 adt_to_in_peer(datadef *def, void *p_data, int required,
861 struct adt_event_state *event, char *notUsed)
862 {
863 int sock;
864 struct sockaddr_in6 peer;
865 int peerlen = sizeof (peer);
866
867 DPRINTF((" adt_to_in_peer dd_datatype=%d\n", def->dd_datatype));
868
869 sock = ((union convert *)p_data)->tfd;
870
871 if (sock < 0) {
872 DPRINTF((" Socket fd %d\n", sock));
873 if (required) {
874 adt_write_syslog("adt_to_in_peer no required socket",
875 0);
876 }
877 return;
878 }
879 if (getpeername(sock, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
880 < 0) {
881
882 adt_write_syslog("adt_to_in_addr getpeername", errno);
883 return;
884 }
885 if (peer.sin6_family == AF_INET6) {
886 (void) au_write(event->ae_event_handle,
887 au_to_in_addr_ex(&(peer.sin6_addr)));
888 (void) au_write(event->ae_event_handle,
889 au_to_iport((ushort_t)peer.sin6_port));
890 } else {
891 (void) au_write(event->ae_event_handle,
892 au_to_in_addr(&(((struct sockaddr_in *)&peer)->sin_addr)));
893 (void) au_write(event->ae_event_handle,
894 au_to_iport(
895 (ushort_t)(((struct sockaddr_in *)&peer)->sin_port)));
896 }
897 }
898
899 /*
900 * ADT_IN_REMOTE dummy token
901 *
902 * Similar to ADT_IN_PEER except the input is
903 * an IP address type (ADT_IPv4 | ADT_IPv6) and an address V4/V6
904 */
905
906 /* ARGSUSED */
907 static void
908 adt_to_in_remote(datadef *def, void *p_data, int required,
909 struct adt_event_state *event, char *notUsed)
910 {
911 int32_t type;
912
913 DPRINTF((" adt_to_in_remote dd_datatype=%d\n", def->dd_datatype));
914
915 type = ((union convert *)p_data)->tuint32;
916
917 if (type == 0) {
918 if (required == 0) {
919 return;
920 }
921 /* required and not specified */
922 adt_write_syslog("adt_to_in_remote required address not "
923 "specified", 0);
924 type = ADT_IPv4;
925 }
926 p_data = adt_adjust_address(p_data, sizeof (int32_t),
927 sizeof (uint32_t));
928
929 switch (type) {
930 case ADT_IPv4:
931 (void) au_write(event->ae_event_handle, au_to_in_addr(
932 (struct in_addr *)&(((union convert *)p_data)->tuint32)));
933 break;
934 case ADT_IPv6:
935 (void) au_write(event->ae_event_handle, au_to_in_addr_ex(
936 (struct in6_addr *)&(((union convert *)p_data)->tuint32)));
937 break;
938 default:
939 adt_write_syslog("adt_to_in_remote invalid type", EINVAL);
940 return;
941 }
942 }
943
944 /*
945 * adt_to_iport takes a uint16_t IP port.
946 */
947
948 /* ARGSUSED */
949 static void
950 adt_to_iport(datadef *def, void *p_data, int required,
951 struct adt_event_state *event, char *notUsed)
952 {
953 ushort_t port;
954
955 DPRINTF((" adt_to_iport dd_datatype=%d\n", def->dd_datatype));
956
957 port = ((union convert *)p_data)->tuint16;
958
959 if (port == 0) {
960 if (required == 0) {
961 return;
962 }
963 /* required and not specified */
964 adt_write_syslog("adt_to_iport no required port", 0);
965 }
966 (void) au_write(event->ae_event_handle, au_to_iport(port));
967
968 }
969
970
971 /*
972 * This is a compact table that defines only the tokens that are
973 * actually generated in the adt.xml file. It can't be a pure
974 * indexed table because the adt.xml language defines internal extension
975 * tokens for some processing. VIZ. ADT_CMD_ALT, ADT_AUT_PRIV_* (see
976 * adt_xlate.h), and the -AUT_PATH value.
977 */
978
979 #define MAX_TOKEN_JMP 21
980
981 static struct token_jmp token_table[MAX_TOKEN_JMP] =
982 {
983 {AUT_CMD, adt_to_cmd},
984 {ADT_CMD_ALT, adt_to_cmd1},
985 {AUT_FMRI, adt_to_frmi},
986 {ADT_IN_PEER, adt_to_in_peer},
987 {ADT_IN_REMOTE, adt_to_in_remote},
988 {AUT_IPORT, adt_to_iport},
989 {AUT_NEWGROUPS, adt_to_newgroups},
990 {AUT_PATH, adt_to_path},
991 {-AUT_PATH, adt_to_pathlist}, /* private extension of token values */
992 {ADT_AUT_PRIV_L, adt_to_priv_limit},
993 {ADT_AUT_PRIV_I, adt_to_priv_inherit},
994 {ADT_AUT_PRIV_E, adt_to_priv_effective},
995 {AUT_PROCESS, adt_to_process},
996 {AUT_RETURN, adt_to_return},
997 {AUT_SUBJECT, adt_to_subject},
998 {AUT_TEXT, adt_to_text},
999 {AUT_TID, adt_to_tid},
1000 {AUT_UAUTH, adt_to_uauth},
1001 {AUT_USER, adt_to_user},
1002 {AUT_ZONENAME, adt_to_zonename}
1003 };
1004
1005 /*
1006 * {AUT_ACL, adt_to_acl}, not used
1007 * {AUT_ARBITRARY, adt_to_arbitrary}, AUT_ARBITRARY is undefined
1008 * {AUT_ARG, adt_to_arg}, not used
1009 * {AUT_ATTR, adt_to_attr}, not used in mountd
1010 * {AUT_XATOM, adt_to_atom}, not used
1011 * {AUT_EXEC_ARGS, adt_to_exec_args}, not used
1012 * {AUT_EXEC_ENV, adt_to_exec_env}, not used
1013 * {AUT_EXIT, adt_to_exit}, obsolete
1014 * {AUT_FILE, adt_to_file}, AUT_FILE is undefined
1015 * {AUT_XCOLORMAP, adt_to_colormap}, not used
1016 * {AUT_XCURSOR, adt_to_cursor}, not used
1017 * {AUT_XFONT, adt_to_font}, not used
1018 * {AUT_XGC, adt_to_gc}, not used
1019 * {AUT_GROUPS, adt_to_groups}, obsolete
1020 * {AUT_HEADER, adt_to_header}, generated by au_close
1021 * {AUT_IP, adt_to_ip}, not used
1022 * {AUT_IPC, adt_to_ipc}, not used
1023 * {AUT_IPC_PERM, adt_to_ipc_perm}, not used
1024 * {AUT_OPAQUE, adt_to_opaque}, not used
1025 * {AUT_XPIXMAP, adt_to_pixmap}, not used
1026 * {AUT_XPROPERTY, adt_to_property}, not used
1027 * {AUT_SEQ, adt_to_seq}, not used
1028 * {AUT_SOCKET, adt_to_socket}, not used
1029 * {AUT_SOCKET_INET, adt_to_socket_inet}, AUT_SOCKET_INET is undefined
1030 * {AUT_TRAILER, adt_to_trailer}, generated by au_close
1031 * {AUT_XCLIENT, adt_to_xclient} not used
1032 */
1033
1034 /* find function to generate token */
1035
1036 static adt_token_func_t
1037 adt_getTokenFunction(char token_id)
1038 {
1039 int i;
1040 struct token_jmp *p_jmp = token_table;
1041
1042 for (i = 0; i < MAX_TOKEN_JMP; i++) {
1043 if (token_id == p_jmp->jmp_id) {
1044 return (p_jmp->jmp_to);
1045 }
1046 p_jmp++;
1047 }
1048 errno = EINVAL;
1049 return (NULL);
1050 }
1051
1052 /*
1053 * adjustAddress -- given the address of data, its size, and the type of
1054 * the next data field, calculate the offset to the next piece of data.
1055 * Depending on the caller, "current" and "next" mean the current pointer
1056 * and the next pointer or the last pointer and the current pointer.
1057 */
1058 void *
1059 adt_adjust_address(void *current_address, size_t current_size,
1060 size_t next_size)
1061 {
1062 ptrdiff_t adjustment;
1063 ptrdiff_t remainder;
1064
1065 adjustment = (size_t)current_address + current_size;
1066
1067 if (next_size) {
1068 remainder = adjustment % next_size;
1069 if (remainder != 0)
1070 adjustment += next_size - remainder;
1071 }
1072 return ((char *)adjustment);
1073 }
unleashed repo fork