token.c revision 924c9144ce09475b72695d4f01dae8d8970412bd
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER START
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * The contents of this file are subject to the terms of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Common Development and Distribution License, Version 1.0 only
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * (the "License"). You may not use this file except in compliance
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * with the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * or http://www.opensolaris.org/os/licensing.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * See the License for the specific language governing permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * and limitations under the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * When distributing Covered Code, include this CDDL HEADER in each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * If applicable, add the following below this CDDL HEADER, with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * fields enclosed by brackets "[]" replaced with your own identifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * information: Portions Copyright [yyyy] [name of copyright owner]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER END
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Use is subject to license terms.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#pragma ident "%Z%%M% %I% %E% SMI"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Token processing for auditreduce.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <locale.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <sys/zone.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include "auditr.h"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include "toktable.h"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinextern int re_exec2(char *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void anchor_path(char *path);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic char *collapse_path(char *s);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void get_string(adr_t *adr, char **p);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic int ipc_type_match(int flag, char type);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void skip_string(adr_t *adr);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic int xgeneric(adr_t *adr);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#if AUDIT_REC
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinvoid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinprint_id(int id)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *suffix;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((id < 0) || (id > MAXTOKEN) ||
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (tokentable[id].func == NOFUNC)) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) fprintf(stderr,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin "token_processing: token %d not found\n", id);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin switch (id) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_NEWGROUPS:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "_new";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_ATTR32:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "32";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_ARG64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_RETURN64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_ATTR64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_HEADER64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_SUBJECT64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_PROCESS64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_OTHER_FILE64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "64";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_SOCKET_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_IN_ADDR_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "_ex";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_HEADER32_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_SUBJECT32_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_PROCESS32_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "32_ex";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_HEADER64_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_SUBJECT64_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUT_PROCESS64_EX:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "64_ex";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin suffix = "";
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) fprintf(stderr, "token_processing: %s%s\n",
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin tokentable[id].t_name, suffix);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#endif /* AUDIT_REC */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Process a token in a record to determine whether the record is interesting.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintoken_processing(adr_t *adr, int tokenid)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((tokenid > 0) && (tokenid <= MAXTOKEN) &&
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (tokentable[tokenid].func != NOFUNC)) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#if AUDIT_REC
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin print_id(tokenid);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#endif /* AUDIT_REC */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return ((*tokentable[tokenid].func)(adr));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* here if token id is not in table */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* There should not be any file or header tokens in the middle of a record */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinfile_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinfile64_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinheader_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinheader32_ex_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinheader64_ex_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* ARGSUSED */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinheader64_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * ======================================================
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * The following token processing routines return
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * -1: if the record is not interesting
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * -2: if an error is found
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * ======================================================
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintrailer_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin short magic_number;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin uint32_t bytes;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_u_short(adr, (ushort_t *)&magic_number, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (magic_number != AUT_TRAILER_MAGIC) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) fprintf(stderr, "%s\n",
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin gettext("auditreduce: Bad trailer token"));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_u_int32(adr, &bytes, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of arbitrary data token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * arbitrary data token id adr char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * how to print adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * basic unit adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * unit count adr_char, specifying number of units of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * data items depends on basic unit
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinarbitrary_data_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int i;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char c1;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin short c2;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int32_t c3;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int64_t c4;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char how_to_print, basic_unit, unit_count;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* get how_to_print, basic_unit, and unit_count */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &how_to_print, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &basic_unit, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &unit_count, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (i = 0; i < unit_count; i++) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin switch (basic_unit) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* case AUR_BYTE: has same value as AUR_CHAR */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUR_CHAR:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &c1, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUR_SHORT:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_short(adr, &c2, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUR_INT32:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_int32(adr, (int32_t *)&c3, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case AUR_INT64:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_int64(adr, (int64_t *)&c4, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-2);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of opaque token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * opaque token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * size adr_short
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * data adr_char, size times
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinopaque_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin skip_string(adr);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of return32 value token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * return value token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * error number adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * return value adr_u_int32
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinreturn_value32_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char errnum;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin uint32_t value;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &errnum, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_u_int32(adr, &value, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((flags & M_SORF) &&
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ((global_class & mask.am_success) && (errnum == 0)) ||
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ((global_class & mask.am_failure) && (errnum != 0))) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin checkflags |= M_SORF;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of return64 value token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * return value token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * error number adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * return value adr_u_int64
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinreturn_value64_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char errnum;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin uint64_t value;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, &errnum, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_u_int64(adr, &value, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((flags & M_SORF) &&
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ((global_class & mask.am_success) && (errnum == 0)) ||
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ((global_class & mask.am_failure) && (errnum != 0))) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin checkflags |= M_SORF;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of sequence token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * sequence token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * audit_count int32_t
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinsequence_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int32_t audit_count;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_int32(adr, &audit_count, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of text token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * text token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * text adr_string
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintext_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin skip_string(adr);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of ip_addr token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * ip token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * address adr_int32
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinip_addr_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int32_t address;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_char(adr, (char *)&address, 4);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Format of ip_addr_ex token:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * ip token id adr_char
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * ip type adr_int32
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * address 4*adr_int32
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinip_addr_ex_token(adr_t *adr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int32_t address[4];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int32_t type;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_int32(adr, (int32_t *)&type, 1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin adrm_int32(adr, (int32_t *)&address, 4);
return (-1);
}
/*
* Format of ip token:
* ip header token id adr_char
* version adr_char
* type of service adr_char
* length adr_short
* id adr_u_short
* offset adr_u_short
* ttl adr_char
* protocol adr_char
* checksum adr_u_short
* source address adr_int32
* destination address adr_int32
*
*/
int
ip_token(adr_t *adr)
{
char version;
char type;
short len;
unsigned short id, offset, checksum;
char ttl, protocol;
int32_t src, dest;
adrm_char(adr, &version, 1);
adrm_char(adr, &type, 1);
adrm_short(adr, &len, 1);
adrm_u_short(adr, &id, 1);
adrm_u_short(adr, &offset, 1);
adrm_char(adr, &ttl, 1);
adrm_char(adr, &protocol, 1);
adrm_u_short(adr, &checksum, 1);
adrm_char(adr, (char *)&src, 4);
adrm_char(adr, (char *)&dest, 4);
return (-1);
}
/*
* Format of iport token:
* ip port address token id adr_char
* port address adr_short
*
*/
int
iport_token(adr_t *adr)
{
short address;
adrm_short(adr, &address, 1);
return (-1);
}
/*
* Format of groups token:
* group token id adr_char
* group list adr_int32, 16 times
*
*/
int
group_token(adr_t *adr)
{
int gid[16];
int i;
int flag = 0;
for (i = 0; i < 16; i++) {
adrm_int32(adr, (int32_t *)&gid[i], 1);
if (flags & M_GROUPR) {
if ((unsigned short)m_groupr == gid[i])
flag = 1;
}
}
if (flags & M_GROUPR) {
if (flag)
checkflags |= M_GROUPR;
}
return (-1);
}
/*
* Format of newgroups token:
* group token id adr_char
* number of groups adr_short
* group list adr_int32, "number" times
*
*/
int
newgroup_token(adr_t *adr)
{
gid_t gid;
int i;
short int number;
adrm_short(adr, &number, 1);
for (i = 0; i < number; i++) {
adrm_int32(adr, (int32_t *)&gid, 1);
if (flags & M_GROUPR) {
if (m_groupr == gid)
checkflags |= M_GROUPR;
}
}
return (-1);
}
/*
* Format of argument32 token:
* argument token id adr_char
* argument number adr_char
* argument value adr_int32
* argument description adr_string
*
*/
int
argument32_token(adr_t *adr)
{
char arg_num;
int32_t arg_val;
adrm_char(adr, &arg_num, 1);
adrm_int32(adr, &arg_val, 1);
skip_string(adr);
return (-1);
}
/*
* Format of argument64 token:
* argument token id adr_char
* argument number adr_char
* argument value adr_int64
* argument description adr_string
*
*/
int
argument64_token(adr_t *adr)
{
char arg_num;
int64_t arg_val;
adrm_char(adr, &arg_num, 1);
adrm_int64(adr, &arg_val, 1);
skip_string(adr);
return (-1);
}
int
acl_token(adr_t *adr)
{
int32_t id;
int32_t mode;
int32_t type;
adrm_int32(adr, &type, 1);
adrm_int32(adr, &id, 1);
adrm_int32(adr, &mode, 1);
return (-1);
}
/*
* Format of attribute token: (old pre SunOS 5.7 format)
* attribute token id adr_char
* mode adr_int32 (printed in octal)
* uid adr_int32
* gid adr_int32
* file system id adr_int32
* node id adr_int32
* device adr_int32
*
*/
int
attribute_token(adr_t *adr)
{
int32_t dev;
int32_t file_sysid;
int32_t gid;
int32_t mode;
int32_t nodeid;
int32_t uid;
adrm_int32(adr, &mode, 1);
adrm_int32(adr, &uid, 1);
adrm_int32(adr, &gid, 1);
adrm_int32(adr, &file_sysid, 1);
adrm_int32(adr, &nodeid, 1);
adrm_int32(adr, &dev, 1);
if (!new_mode && (flags & M_USERE)) {
if (m_usere == uid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == gid)
checkflags |= M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_FGROUP) &&
(obj_group == gid))
checkflags |= M_OBJECT;
else if ((obj_flag & OBJ_FOWNER) &&
(obj_owner == uid))
checkflags |= M_OBJECT;
}
return (-1);
}
/*
* Format of attribute32 token:
* attribute token id adr_char
* mode adr_int32 (printed in octal)
* uid adr_int32
* gid adr_int32
* file system id adr_int32
* node id adr_int64
* device adr_int32
*
*/
int
attribute32_token(adr_t *adr)
{
int32_t dev;
int32_t file_sysid;
int32_t gid;
int32_t mode;
int64_t nodeid;
int32_t uid;
adrm_int32(adr, &mode, 1);
adrm_int32(adr, &uid, 1);
adrm_int32(adr, &gid, 1);
adrm_int32(adr, &file_sysid, 1);
adrm_int64(adr, &nodeid, 1);
adrm_int32(adr, &dev, 1);
if (!new_mode && (flags & M_USERE)) {
if (m_usere == uid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == gid)
checkflags |= M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_FGROUP) &&
(obj_group == gid))
checkflags |= M_OBJECT;
else if ((obj_flag & OBJ_FOWNER) &&
(obj_owner == uid))
checkflags |= M_OBJECT;
}
return (-1);
}
/*
* Format of attribute64 token:
* attribute token id adr_char
* mode adr_int32 (printed in octal)
* uid adr_int32
* gid adr_int32
* file system id adr_int32
* node id adr_int64
* device adr_int64
*
*/
int
attribute64_token(adr_t *adr)
{
int64_t dev;
int32_t file_sysid;
int32_t gid;
int32_t mode;
int64_t nodeid;
int32_t uid;
adrm_int32(adr, &mode, 1);
adrm_int32(adr, &uid, 1);
adrm_int32(adr, &gid, 1);
adrm_int32(adr, &file_sysid, 1);
adrm_int64(adr, &nodeid, 1);
adrm_int64(adr, &dev, 1);
if (!new_mode && (flags & M_USERE)) {
if (m_usere == uid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == gid)
checkflags |= M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_FGROUP) &&
(obj_group == gid))
checkflags |= M_OBJECT;
else if ((obj_flag & OBJ_FOWNER) &&
(obj_owner == uid))
checkflags |= M_OBJECT;
}
return (-1);
}
/*
* Format of command token:
* attribute token id adr_char
* argc adr_short
* argv len adr_short variable amount of argv len
* argv text argv len and text
* .
* .
* .
* envp count adr_short variable amount of envp len
* envp len adr_short and text
* envp text envp len
* .
* .
* .
*
*/
int
cmd_token(adr_t *adr)
{
short cnt;
short i;
adrm_short(adr, &cnt, 1);
for (i = 0; i < cnt; i++)
skip_string(adr);
adrm_short(adr, &cnt, 1);
for (i = 0; i < cnt; i++)
skip_string(adr);
return (-1);
}
/*
* Format of exit token:
* attribute token id adr_char
* return value adr_int32
* errno adr_int32
*
*/
int
exit_token(adr_t *adr)
{
int32_t retval;
int32_t errno;
adrm_int32(adr, &retval, 1);
adrm_int32(adr, &errno, 1);
return (-1);
}
/*
* Format of strings array token:
* token id adr_char
* count value adr_int32
* strings null terminated strings
*/
static int
strings_common_token(adr_t *adr)
{
int count, i;
char c;
adrm_int32(adr, (int32_t *)&count, 1);
for (i = 1; i <= count; i++) {
adrm_char(adr, &c, 1);
while (c != (char)0)
adrm_char(adr, &c, 1);
}
/* no dump option here, since we will have variable length fields */
return (-1);
}
int
path_attr_token(adr_t *adr)
{
return (strings_common_token(adr));
}
int
exec_args_token(adr_t *adr)
{
return (strings_common_token(adr));
}
int
exec_env_token(adr_t *adr)
{
return (strings_common_token(adr));
}
/*
* Format of liaison token:
*/
int
liaison_token(adr_t *adr)
{
int32_t li;
adrm_int32(adr, &li, 1);
return (-1);
}
/*
* Format of path token:
* path adr_string
*/
int
path_token(adr_t *adr)
{
if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) {
char *path;
get_string(adr, &path);
if (path[0] != '/')
/*
* anchor the path. user apps may not do it.
*/
anchor_path(path);
/*
* match against the collapsed path. that is what user sees.
*/
if (re_exec2(collapse_path(path)) == 1)
checkflags |= M_OBJECT;
free(path);
} else {
skip_string(adr);
}
return (-1);
}
/*
* Format of System V IPC permission token:
* System V IPC permission token id adr_char
* uid adr_int32
* gid adr_int32
* cuid adr_int32
* cgid adr_int32
* mode adr_int32
* seq adr_int32
* key adr_int32
* label adr_opaque, sizeof (bslabel_t)
* bytes
*/
int
s5_IPC_perm_token(adr_t *adr)
{
int32_t uid, gid, cuid, cgid, mode, seq;
int32_t key;
adrm_int32(adr, &uid, 1);
adrm_int32(adr, &gid, 1);
adrm_int32(adr, &cuid, 1);
adrm_int32(adr, &cgid, 1);
adrm_int32(adr, &mode, 1);
adrm_int32(adr, &seq, 1);
adrm_int32(adr, &key, 1);
if (!new_mode && (flags & M_USERE)) {
if (m_usere == uid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_USERE)) {
if (m_usere == cuid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == gid)
checkflags |= M_GROUPR;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == cgid)
checkflags |= M_GROUPR;
}
if ((flags & M_OBJECT) &&
((obj_owner == uid) ||
(obj_owner == cuid) ||
(obj_group == gid) ||
(obj_group == cgid))) {
switch (obj_flag) {
case OBJ_MSGGROUP:
case OBJ_MSGOWNER:
if (ipc_type_match(OBJ_MSG, ipc_type))
checkflags |= M_OBJECT;
break;
case OBJ_SEMGROUP:
case OBJ_SEMOWNER:
if (ipc_type_match(OBJ_SEM, ipc_type))
checkflags |= M_OBJECT;
break;
case OBJ_SHMGROUP:
case OBJ_SHMOWNER:
if (ipc_type_match(OBJ_SHM, ipc_type))
checkflags |= M_OBJECT;
break;
}
}
return (-1);
}
/*
* Format of process32 token:
* process token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int32*2
*
*/
int
process32_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int32_t port, machine;
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int32(adr, &port, 1);
adrm_int32(adr, &machine, 1);
if (!new_mode && (flags & M_USERA)) {
if (m_usera == auid)
checkflags |= M_USERA;
}
if (!new_mode && (flags & M_USERE)) {
if (m_usere == euid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_USERR)) {
if (m_userr == ruid)
checkflags |= M_USERR;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == rgid)
checkflags |= M_GROUPR;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == egid)
checkflags |= M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_PROC) &&
(obj_id == pid)) {
checkflags |= M_OBJECT;
} else if ((obj_flag & OBJ_PGROUP) &&
((obj_group == egid) ||
(obj_group == rgid))) {
checkflags |= M_OBJECT;
} else if ((obj_flag & OBJ_POWNER) &&
((obj_owner == euid) ||
(obj_group == ruid))) {
checkflags |= M_OBJECT;
}
}
return (-1);
}
/*
* Format of process32 token:
* process token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int32*6
*
*/
int
process32_ex_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int32_t port, type, addr[4];
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int32(adr, &port, 1);
adrm_int32(adr, &type, 1);
adrm_int32(adr, &addr[0], 4);
if (!new_mode && (flags & M_USERA)) {
if (m_usera == auid)
checkflags = checkflags | M_USERA;
}
if (!new_mode && (flags & M_USERE)) {
if (m_usere == euid)
checkflags = checkflags | M_USERE;
}
if (!new_mode && (flags & M_USERR)) {
if (m_userr == ruid)
checkflags = checkflags | M_USERR;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == egid)
checkflags = checkflags | M_GROUPR;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == egid)
checkflags = checkflags | M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_PROC) &&
(obj_id == pid)) {
checkflags = checkflags | M_OBJECT;
} else if ((obj_flag & OBJ_PGROUP) &&
((obj_group == egid) ||
(obj_group == rgid))) {
checkflags = checkflags | M_OBJECT;
} else if ((obj_flag & OBJ_POWNER) &&
((obj_owner == euid) ||
(obj_group == ruid))) {
checkflags = checkflags | M_OBJECT;
}
}
return (-1);
}
/*
* Format of process64 token:
* process token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int64+adr_int32
*
*/
int
process64_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int64_t port;
int32_t machine;
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int64(adr, &port, 1);
adrm_int32(adr, &machine, 1);
if (!new_mode && (flags & M_USERA)) {
if (m_usera == auid)
checkflags |= M_USERA;
}
if (!new_mode && (flags & M_USERE)) {
if (m_usere == euid)
checkflags |= M_USERE;
}
if (!new_mode && (flags & M_USERR)) {
if (m_userr == ruid)
checkflags |= M_USERR;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == rgid)
checkflags |= M_GROUPR;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == egid)
checkflags |= M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_PROC) &&
(obj_id == pid)) {
checkflags |= M_OBJECT;
} else if ((obj_flag & OBJ_PGROUP) &&
((obj_group == egid) ||
(obj_group == rgid))) {
checkflags |= M_OBJECT;
} else if ((obj_flag & OBJ_POWNER) &&
((obj_owner == euid) ||
(obj_group == ruid))) {
checkflags |= M_OBJECT;
}
}
return (-1);
}
/*
* Format of process64 token:
* process token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int64+5*adr_int32
*
*/
int
process64_ex_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int64_t port;
int32_t type, addr[4];
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int64(adr, &port, 1);
adrm_int32(adr, &type, 1);
adrm_int32(adr, &addr[0], 4);
if (!new_mode && (flags & M_USERA)) {
if (m_usera == auid)
checkflags = checkflags | M_USERA;
}
if (!new_mode && (flags & M_USERE)) {
if (m_usere == euid)
checkflags = checkflags | M_USERE;
}
if (!new_mode && (flags & M_USERR)) {
if (m_userr == ruid)
checkflags = checkflags | M_USERR;
}
if (!new_mode && (flags & M_GROUPR)) {
if (m_groupr == egid)
checkflags = checkflags | M_GROUPR;
}
if (!new_mode && (flags & M_GROUPE)) {
if (m_groupe == egid)
checkflags = checkflags | M_GROUPE;
}
if (flags & M_OBJECT) {
if ((obj_flag & OBJ_PROC) &&
(obj_id == pid)) {
checkflags = checkflags | M_OBJECT;
} else if ((obj_flag & OBJ_PGROUP) &&
((obj_group == egid) ||
(obj_group == rgid))) {
checkflags = checkflags | M_OBJECT;
} else if ((obj_flag & OBJ_POWNER) &&
((obj_owner == euid) ||
(obj_group == ruid))) {
checkflags = checkflags | M_OBJECT;
}
}
return (-1);
}
/*
* Format of System V IPC token:
* System V IPC token id adr_char
* object id adr_int32
*
*/
int
s5_IPC_token(adr_t *adr)
{
int32_t ipc_id;
adrm_char(adr, &ipc_type, 1); /* Global */
adrm_int32(adr, &ipc_id, 1);
if ((flags & M_OBJECT) &&
ipc_type_match(obj_flag, ipc_type) &&
(obj_id == ipc_id))
checkflags |= M_OBJECT;
return (-1);
}
/*
* Format of socket token:
* socket_type adrm_short
* remote_port adrm_short
* remote_inaddr adrm_int32
*
*/
int
socket_token(adr_t *adr)
{
short socket_type;
short remote_port;
int32_t remote_inaddr;
adrm_short(adr, &socket_type, 1);
adrm_short(adr, &remote_port, 1);
adrm_char(adr, (char *)&remote_inaddr, 4);
if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) {
if (socket_flag == SOCKFLG_MACHINE) {
if (remote_inaddr == obj_id)
checkflags |= M_OBJECT;
} else if (socket_flag == SOCKFLG_PORT) {
if (remote_port == obj_id)
checkflags |= M_OBJECT;
}
}
return (-1);
}
/*
* Format of socket token:
* socket_type adrm_short
* remote_port adrm_short
* remote_inaddr adrm_int32
*
*/
int
socket_ex_token(adr_t *adr)
{
short socket_domain;
short socket_type;
short ip_size;
short local_port;
int32_t local_inaddr[4];
short remote_port;
int32_t remote_inaddr[4];
adrm_short(adr, &socket_domain, 1);
adrm_short(adr, &socket_type, 1);
adrm_short(adr, &ip_size, 1);
/* validate ip size */
if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4))
return (0);
adrm_short(adr, &local_port, 1);
adrm_char(adr, (char *)local_inaddr, ip_size);
adrm_short(adr, &remote_port, 1);
adrm_char(adr, (char *)remote_inaddr, ip_size);
/* if IP type mis-match, then nothing to do */
if (ip_size != ip_type)
return (-1);
if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) {
if (socket_flag == SOCKFLG_MACHINE) {
if (ip_type == AU_IPv4) {
if ((local_inaddr[0] == obj_id) ||
(remote_inaddr[0] == obj_id))
checkflags |= M_OBJECT;
} else {
if (((local_inaddr[0] == ip_ipv6[0]) &&
(local_inaddr[1] == ip_ipv6[1]) &&
(local_inaddr[2] == ip_ipv6[2]) &&
(local_inaddr[3] == ip_ipv6[3])) ||
((remote_inaddr[0] == ip_ipv6[0]) &&
(remote_inaddr[1] == ip_ipv6[1]) &&
(remote_inaddr[2] == ip_ipv6[2]) &&
(remote_inaddr[3] == ip_ipv6[3])))
checkflags |= M_OBJECT;
}
} else if (socket_flag == SOCKFLG_PORT) {
if ((local_port == obj_id) || (remote_port == obj_id))
checkflags |= M_OBJECT;
}
}
return (-1);
}
/*
* Format of subject32 token:
* subject token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int32*2
*
*/
int
subject32_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int32_t port, machine;
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int32(adr, &port, 1);
adrm_int32(adr, &machine, 1);
if (flags & M_SUBJECT) {
if (subj_id == pid)
checkflags |= M_SUBJECT;
}
if (flags & M_USERA) {
if (m_usera == auid)
checkflags |= M_USERA;
}
if (flags & M_USERE) {
if (m_usere == euid)
checkflags |= M_USERE;
}
if (flags & M_USERR) {
if (m_userr == ruid)
checkflags |= M_USERR;
}
if (flags & M_GROUPR) {
if (m_groupr == rgid)
checkflags |= M_GROUPR;
}
if (flags & M_GROUPE) {
if (m_groupe == egid)
checkflags |= M_GROUPE;
}
if (flags & M_SID) {
if (m_sid == sid)
checkflags |= M_SID;
}
return (-1);
}
/*
* Format of subject32_ex token:
* subject token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid_addr adr_int32*6
*
*/
int
subject32_ex_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int32_t port, type, addr[4];
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int32(adr, &port, 1);
adrm_int32(adr, &type, 1);
adrm_int32(adr, &addr[0], 4);
if (flags & M_SUBJECT) {
if (subj_id == pid)
checkflags = checkflags | M_SUBJECT;
}
if (flags & M_USERA) {
if (m_usera == auid)
checkflags = checkflags | M_USERA;
}
if (flags & M_USERE) {
if (m_usere == euid)
checkflags = checkflags | M_USERE;
}
if (flags & M_USERR) {
if (m_userr == ruid)
checkflags = checkflags | M_USERR;
}
if (flags & M_GROUPR) {
if (m_groupr == egid)
checkflags = checkflags | M_GROUPR;
}
if (flags & M_GROUPE) {
if (m_groupe == egid)
checkflags = checkflags | M_GROUPE;
}
if (flags & M_SID) {
if (m_sid == sid)
checkflags = checkflags | M_SID;
}
return (-1);
}
/*
* Format of subject64 token:
* subject token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int64+adr_int32
*
*/
int
subject64_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int64_t port;
int32_t machine;
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int64(adr, &port, 1);
adrm_int32(adr, &machine, 1);
if (flags & M_SUBJECT) {
if (subj_id == pid)
checkflags |= M_SUBJECT;
}
if (flags & M_USERA) {
if (m_usera == auid)
checkflags |= M_USERA;
}
if (flags & M_USERE) {
if (m_usere == euid)
checkflags |= M_USERE;
}
if (flags & M_USERR) {
if (m_userr == ruid)
checkflags |= M_USERR;
}
if (flags & M_GROUPR) {
if (m_groupr == rgid)
checkflags |= M_GROUPR;
}
if (flags & M_GROUPE) {
if (m_groupe == egid)
checkflags |= M_GROUPE;
}
if (flags & M_SID) {
if (m_sid == sid)
checkflags |= M_SID;
}
return (-1);
}
/*
* Format of subject64 token:
* subject token id adr_char
* auid adr_int32
* euid adr_int32
* egid adr_int32
* ruid adr_int32
* rgid adr_int32
* pid adr_int32
* sid adr_int32
* termid adr_int64+5*adr_int32
*
*/
int
subject64_ex_token(adr_t *adr)
{
int32_t auid, euid, egid, ruid, rgid, pid;
int32_t sid;
int64_t port;
int32_t type, addr[4];
adrm_int32(adr, &auid, 1);
adrm_int32(adr, &euid, 1);
adrm_int32(adr, &egid, 1);
adrm_int32(adr, &ruid, 1);
adrm_int32(adr, &rgid, 1);
adrm_int32(adr, &pid, 1);
adrm_int32(adr, &sid, 1);
adrm_int64(adr, &port, 1);
adrm_int32(adr, &type, 1);
adrm_int32(adr, &addr[0], 4);
if (flags & M_SUBJECT) {
if (subj_id == pid)
checkflags = checkflags | M_SUBJECT;
}
if (flags & M_USERA) {
if (m_usera == auid)
checkflags = checkflags | M_USERA;
}
if (flags & M_USERE) {
if (m_usere == euid)
checkflags = checkflags | M_USERE;
}
if (flags & M_USERR) {
if (m_userr == ruid)
checkflags = checkflags | M_USERR;
}
if (flags & M_GROUPR) {
if (m_groupr == egid)
checkflags = checkflags | M_GROUPR;
}
if (flags & M_GROUPE) {
if (m_groupe == egid)
checkflags = checkflags | M_GROUPE;
}
if (flags & M_SID) {
if (m_sid == sid)
checkflags = checkflags | M_SID;
}
return (-1);
}
/*
* -----------------------------------------------------------------------
* tid_token(): Process tid token and display contents
*
* Format of tid token:
* tid token id adr_char
* address type adr_char
* For address type of AU_IPADR...
* remote port adr_short
* local port adr_short
* IP type adr_int32
* IP addr adr_int32 if IPv4
* IP addr 4 x adr_int32 if IPv6
* address types other than AU_IPADR are not yet defined
* -----------------------------------------------------------------------
*/
int
tid_token(adr_t *adr)
{
int32_t address[4];
int32_t ip_type;
char tid_type;
short rport;
short lport;
adrm_char(adr, &tid_type, 1);
switch (tid_type) {
case AU_IPADR:
adrm_short(adr, &rport, 1);
adrm_short(adr, &lport, 1);
adrm_int32(adr, &ip_type, 1);
adrm_char(adr, (char *)&address, ip_type);
break;
default:
return (0);
}
return (-1);
}
/*
* -----------------------------------------------------------------------
* zonename_token(): Process zonename token and display contents
*
* Format of zonename token:
* zonename token id adr_char
* zone name adr_string
* -----------------------------------------------------------------------
*/
int
zonename_token(adr_t *adr)
{
char *name;
if (flags & M_ZONENAME) {
get_string(adr, &name);
if (strncmp(zonename, name, ZONENAME_MAX) == 0)
checkflags |= M_ZONENAME;
free(name);
} else {
skip_string(adr);
}
return (-1);
}
/*
* Format of xatom token:
*/
int
xatom_token(adr_t *adr)
{
skip_string(adr);
return (-1);
}
/*
* Format of xselect token:
*/
int
xselect_token(adr_t *adr)
{
skip_string(adr);
skip_string(adr);
skip_string(adr);
return (-1);
}
/*
* anchor a path name with a slash
* assume we have enough space
*/
void
anchor_path(char *path)
{
(void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1);
*path = '/';
}
/*
* copy path to collapsed path.
* collapsed path does not contain:
* successive slashes
* instances of dot-slash
* instances of dot-dot-slash
* passed path must be anchored with a '/'
*/
char *
collapse_path(char *s)
{
int id; /* index of where we are in destination string */
int is; /* index of where we are in source string */
int slashseen; /* have we seen a slash */
int ls; /* length of source string */
ls = strlen(s) + 1;
slashseen = 0;
for (is = 0, id = 0; is < ls; is++) {
/* thats all folks, we've reached the end of input */
if (s[is] == '\0') {
if (id > 1 && s[id-1] == '/') {
--id;
}
s[id++] = '\0';
break;
}
/* previous character was a / */
if (slashseen) {
if (s[is] == '/')
continue; /* another slash, ignore it */
} else if (s[is] == '/') {
/* we see a /, just copy it and try again */
slashseen = 1;
s[id++] = '/';
continue;
}
/* /./ seen */
if (s[is] == '.' && s[is+1] == '/') {
is += 1;
continue;
}
/* XXX/. seen */
if (s[is] == '.' && s[is+1] == '\0') {
if (id > 1)
id--;
continue;
}
/* XXX/.. seen */
if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') {
is += 1;
if (id > 0)
id--;
while (id > 0 && s[--id] != '/');
id++;
continue;
}
/* XXX/../ seen */
if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') {
is += 2;
if (id > 0)
id--;
while (id > 0 && s[--id] != '/');
id++;
continue;
}
while (is < ls && (s[id++] = s[is++]) != '/');
is--;
}
return (s);
}
int
ipc_type_match(int flag, char type)
{
if (flag == OBJ_SEM && type == AT_IPC_SEM)
return (1);
if (flag == OBJ_MSG && type == AT_IPC_MSG)
return (1);
if (flag == OBJ_SHM && type == AT_IPC_SHM)
return (1);
return (0);
}
void
skip_string(adr_t *adr)
{
ushort_t c;
adrm_u_short(adr, &c, 1);
adr->adr_now += c;
}
void
get_string(adr_t *adr, char **p)
{
ushort_t c;
adrm_u_short(adr, &c, 1);
*p = a_calloc(1, (size_t)c);
adrm_char(adr, *p, c);
}
/*
* Format of host token:
* host ard_uint32
*/
int
host_token(adr_t *adr)
{
uint32_t host;
adrm_u_int32(adr, &host, 1);
return (-1);
}
/*
* Format of useofauth token:
* uauth token id adr_char
* uauth adr_string
*
*/
int
useofauth_token(adr_t *adr)
{
skip_string(adr);
return (-1);
}
int
xcolormap_token(adr_t *adr)
{
return (xgeneric(adr));
}
int
xcursor_token(adr_t *adr)
{
return (xgeneric(adr));
}
int
xfont_token(adr_t *adr)
{
return (xgeneric(adr));
}
int
xgc_token(adr_t *adr)
{
return (xgeneric(adr));
}
int
xpixmap_token(adr_t *adr)
{
return (xgeneric(adr));
}
int
xwindow_token(adr_t *adr)
{
return (xgeneric(adr));
}
/*
* Format of xgeneric token:
* XID adr_int32
* creator UID adr_int32
*
* Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow
*/
int
xgeneric(adr_t *adr)
{
int32_t xid;
int32_t uid;
adrm_int32(adr, &xid, 1);
adrm_int32(adr, &uid, 1);
if (flags & M_USERE) {
if (m_usere == uid)
checkflags = checkflags | M_USERE;
}
return (-1);
}
/*
* Format of xproperty token:
* XID adr_int32
* creator UID adr_int32
* atom string adr_string
*/
int
xproperty_token(adr_t *adr)
{
int32_t xid;
int32_t uid;
adrm_int32(adr, &xid, 1);
adrm_int32(adr, &uid, 1);
skip_string(adr);
if (flags & M_USERE) {
if (m_usere == uid)
checkflags = checkflags | M_USERE;
}
return (-1);
}
/*
* Format of xclient token:
* xclient id adr_int32
*/
int
xclient_token(adr_t *adr)
{
int32_t client_id;
adrm_int32(adr, &client_id, 1);
return (-1);
}
/*
* Format of clearance token:
* clearance adr_char*(sizeof (bclear_t))
*/
#ifndef TSOL
/* ARGSUSED */
#endif /* !TSOL */
int
clearance_token(adr_t *adr)
{
#ifdef TSOL
bclear_t clearance;
adrm_char(adr, (char *)&clearance, sizeof (bclear_t));
return (-1);
#else /* !TSOL */
return (-2);
#endif /* TSOL */
}
/*
* Format of ilabel token:
* ilabel adr_char*(sizeof (bilabel_t))
*/
#ifndef TSOL
/* ARGSUSED */
#endif /* !TSOL */
int
ilabel_token(adr_t *adr)
{
#ifdef TSOL
bilabel_t ilabel;
adrm_char(adr, (char *)&ilabel, sizeof (ilabel));
return (-1);
#else /* !TSOL */
return (-2);
#endif /* TSOL */
}
/*
* Format of privilege set token:
* priv_set type string
* priv_set string
*/
int
privilege_token(adr_t *adr)
{
skip_string(adr); /* set type name */
skip_string(adr); /* privilege set */
return (-1);
}
/*
* Format of slabel token:
* slabel adr_char*(sizeof (bslabel_t))
*/
#ifndef TSOL
/* ARGSUSED */
#endif /* !TSOL */
int
slabel_token(adr_t *adr)
{
#ifdef TSOL
bslabel_t slabel;
adrm_char(adr, (char *)&slabel, sizeof (slabel));
if (flags & M_SLABEL) {
if (blinrange(&slabel, &m_slabel))
checkflags = checkflags | M_SLABEL;
}
return (-1);
#else /* !TSOL */
return (-2);
#endif /* TSOL */
}
/*
* Format of useofpriv token:
* success/failure adr_char
* TSOL:
* privilege adr_int32
* SOL:
* privilege(s) adr_string
*/
#ifndef TSOL
/* ARGSUSED */
#endif /* !TSOL */
int
useofpriv_token(adr_t *adr)
{
char flag;
#ifdef TSOL
priv_t priv;
adrm_char(adr, &flag, 1);
adrm_int32(adr, (int32_t *)&priv, 1);
return (-1);
#else /* !TSOL */
adrm_char(adr, &flag, 1);
skip_string(adr);
return (-1);
#endif /* TSOL */
}