token.c revision 103b2b152ab1f30e081cd8f98b88e71e6cd6d2fc
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or
* See the License for the specific language governing permissions
* and limitations under the License.
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
#pragma ident "%Z%%M% %I% %E% SMI"
#include <ctype.h>
#include <dirent.h>
#include <grp.h>
#include <libintl.h>
#include <limits.h>
#include <locale.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/inttypes.h>
#include <sys/file.h>
#include <sys/param.h>
#include <sys/uio.h>
#include <sys/stat.h>
#include <sys/acl.h>
#include <sys/socket.h>
#include <sys/errno.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <sys/systm.h>
#include <netinet/in.h>
#include <sys/tiuser.h>
#include <rpc/types.h>
#include <rpc/auth.h>
#include <rpc/auth_unix.h>
#include <rpc/svc.h>
#include <rpc/xdr.h>
#include <nfs/nfs.h>
#include <sys/fs/ufs_quota.h>
#include <sys/time.h>
#include <sys/mkdev.h>
#include <unistd.h>
#include <bsm/audit.h>
#include <bsm/audit_record.h>
#include <bsm/libbsm.h>
#include <tsol/label.h>
#include <sys/tsol/label_macro.h>
#include "praudit.h"
#include "toktable.h"
#include <netdb.h>
#include <arpa/inet.h>
static char *anchor_path(char *);
static char *collapse_path(char *);
* -----------------------------------------------------------------------
* is_file_token:
* Tests whether the specified token id represents a type
* of file token.
* return codes : 1 - tokenid is a file token type
* : 0 - otherwise
* -----------------------------------------------------------------------
is_file_token(int tokenid)
if ((tokenid == AUT_OTHER_FILE32) || (tokenid == AUT_OTHER_FILE64))
return (1);
return (0);
* -----------------------------------------------------------------------
* is_header_token:
* Tests whether the specified token id represents a type
* of header token (signifying the start of a record).
* return codes : 1 - tokenid is a header type
* : 0 - otherwise
* -----------------------------------------------------------------------
is_header_token(int tokenid)
if ((tokenid == AUT_OHEADER) || (tokenid == AUT_HEADER32) ||
(tokenid == AUT_HEADER32_EX) || (tokenid == AUT_HEADER64) ||
(tokenid == AUT_HEADER64_EX))
return (1);
return (0);
* -----------------------------------------------------------------------
* is_token:
* Tests whether the specified token id represents a true
* token, as opposed to a regular tag.
* return codes : 1 - tokenid is a true token
* : 0 - otherwise
* -----------------------------------------------------------------------
is_token(int tokenid)
if ((tokenid > 0) && (tokenid <= MAXTOKEN))
return (1);
return (0);
* -----------------------------------------------------------------------
* exit_token() : Process information label token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the label token id has been retrieved
* Format of exit token:
* exit token id adr_char
* -----------------------------------------------------------------------
exit_token(pr_context_t *context)
int returnstat;
int retval;
uval_t uval;
if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_int32(context, (int32_t *)&retval, 1)) == 0) {
if (!(context->format & PRF_RAWM)) {
char *emsg = strerror(retval);
if (emsg == NULL)
uval.string_val = gettext("Unknown errno");
uval.string_val = gettext(emsg);
uval.uvaltype = PRA_STRING;
} else {
uval.uvaltype = PRA_INT32;
uval.int32_val = retval;
returnstat = pa_print(context, &uval, 0);
if (returnstat == 0)
returnstat = close_tag(context, TAG_ERRVAL);
return (process_tag(context, TAG_RETVAL, returnstat, 1));
* ------------------------------------------------------------------
* file_token() : prints out seconds of time and other file name
* return codes : -1 - error
* : 0 - successful, valid file token fields
* At the time of entry, the file token ID has already been retrieved
* Format of file token:
* file token id adr_char
* seconds of time adr_u_int
* name of other file adr_string
* ------------------------------------------------------------------
file_token(pr_context_t *context)
int returnstat;
returnstat = pa_utime32(context, 0, 0); /* time from usecs */
/* other file name */
returnstat = pa_file_string(context, returnstat, 1);
return (returnstat);
file64_token(pr_context_t *context)
int returnstat;
returnstat = pa_utime64(context, 0, 0); /* time from usecs */
/* other file name */
returnstat = pa_file_string(context, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* header_token() : Process record header token and display contents
* return codes : -1 - error
* : 0 - successful
* : 1 - warning, password entry not found
* NOTE: At the time of call, the header token id has been retrieved
* Format of header token:
* header token id adr_char
* record byte count adr_u_int
* event type adr_u_short (printed either ASCII or raw)
* event class adr_u_int (printed either ASCII or raw)
* event action adr_u_int
* if extended: extended host name (IPv4/IPv6)
* seconds of time adr_u_int (printed either ASCII or raw)
* nanoseconds of time adr_u_int
* -----------------------------------------------------------------------
header_token(pr_context_t *context)
int returnstat;
returnstat = pa_reclen(context, 0); /* record byte */
/* version ID */
returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
/* event type */
returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
/* event modifier */
returnstat = pa_event_modifier(context, returnstat, 0);
/* time from nsec */
returnstat = pa_ntime32(context, returnstat, 1);
return (returnstat);
header64_token(pr_context_t *context)
int returnstat;
returnstat = pa_reclen(context, 0); /* record byte */
/* version ID */
returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
/* event type */
returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
/* event modifier */
returnstat = pa_event_modifier(context, returnstat, 0);
/* time from nsec */
returnstat = pa_ntime64(context, returnstat, 1);
return (returnstat);
header32_ex_token(pr_context_t *context)
int returnstat;
returnstat = pa_reclen(context, 0); /* record byte */
/* version ID */
returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
/* event type */
returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
/* event modifier */
returnstat = pa_event_modifier(context, returnstat, 0);
/* machine name */
returnstat = pa_hostname_ex(context, returnstat, 0);
/* time from nsec */
returnstat = pa_ntime32(context, returnstat, 1);
return (returnstat);
header64_ex_token(pr_context_t *context)
int returnstat;
returnstat = pa_reclen(context, 0); /* record byte */
/* version ID */
returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
/* event type */
returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
/* event modifier */
returnstat = pa_event_modifier(context, returnstat, 0);
/* machine name */
returnstat = pa_hostname_ex(context, returnstat, 0);
/* time from nsec */
returnstat = pa_ntime64(context, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* trailer_token() : Process record trailer token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the trailer token id has already been
* retrieved
* Format of trailer token:
* trailer token id adr_char
* record sequence no adr_u_short (should be AUT_TRAILER_MAGIC)
* record byte count adr_u_int
* -----------------------------------------------------------------------
trailer_token(pr_context_t *context)
short magic_number;
if (pr_adr_u_short(context, (ushort_t *)&magic_number, 1) < 0) {
(void) fprintf(stderr, gettext(
"praudit: Cannot retrieve trailer magic number\n"));
return (-1);
} else {
if (magic_number != AUT_TRAILER_MAGIC) {
(void) fprintf(stderr, gettext(
"praudit: Invalid trailer magic number\n"));
return (-1);
} else
/* Do not display trailer in XML mode */
if (context->format & PRF_XMLM) {
uint32_t junk;
int retstat;
retstat = pr_adr_u_int32(context, &junk, 1);
return (retstat);
} else {
return (pa_adr_u_int32(context, 0, 1));
* -----------------------------------------------------------------------
* arbitrary_data_token():
* Process arbitrary data token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the arbitrary data token id has already
* been retrieved
* Format of arbitrary data token:
* arbitrary data token id adr char
* how to print adr_char
* From audit_record.h, this may be either:
* AUP_BINARY binary
* AUP_OCTAL octal
* AUP_DECIMAL decimal
* AUP_HEX hexadecimal
* basic unit adr_char
* From audit_record.h, this may be either:
* AUR_BYTE byte
* AUR_CHAR char
* AUR_SHORT short
* AUR_INT32 int32_t
* AUR_INT64 int64_t
* unit count adr_char, specifying number of units of
* data in the "data items" parameter below
* data items depends on basic unit
* -----------------------------------------------------------------------
arbitrary_data_token(pr_context_t *context)
int returnstat;
int i;
char c1;
short c2;
int32_t c3;
int64_t c4;
char how_to_print, basic_unit, unit_count, fwid;
char *p;
int index = 0;
char *pformat = "%*s";
uval_t uval;
if ((returnstat = pr_adr_char(context, &how_to_print, 1)) != 0)
return (returnstat);
if ((returnstat = pr_adr_char(context, &basic_unit, 1)) != 0)
return (returnstat);
if ((returnstat = pr_adr_char(context, &unit_count, 1)) != 0)
return (returnstat);
if (!(context->format & PRF_RAWM)) {
uval.uvaltype = PRA_STRING;
uval.string_val = htp2string(how_to_print);
} else {
uval.uvaltype = PRA_INT32;
uval.int32_val = (int)how_to_print;
if ((returnstat = open_tag(context, TAG_ARBPRINT)) != 0)
return (returnstat);
if ((returnstat = pa_print(context, &uval, 0)) < 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ARBPRINT)) != 0)
return (returnstat);
if (!(context->format & PRF_RAWM)) {
uval.uvaltype = PRA_STRING;
uval.string_val = bu2string(basic_unit);
} else {
uval.uvaltype = PRA_INT32;
uval.int32_val = (int32_t)basic_unit;
if ((returnstat = open_tag(context, TAG_ARBTYPE)) != 0)
return (returnstat);
if ((returnstat = pa_print(context, &uval, 0)) < 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ARBTYPE)) != 0)
return (returnstat);
uval.uvaltype = PRA_INT32;
uval.int32_val = (int32_t)unit_count;
if ((returnstat = open_tag(context, TAG_ARBCOUNT)) != 0)
return (returnstat);
if ((returnstat = pa_print(context, &uval, 1)) < 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ARBCOUNT)) != 0)
return (returnstat);
/* Done with attributes; force end of token open */
if ((returnstat = finish_open_tag(context)) != 0)
return (returnstat);
/* get the field width in case we need to format output */
fwid = findfieldwidth(basic_unit, how_to_print);
p = (char *)malloc(80);
/* now get the data items and print them */
for (i = 0; (i < unit_count); i++) {
switch (basic_unit) {
/* case AUR_BYTE: */
case AUR_CHAR:
if (pr_adr_char(context, &c1, 1) == 0)
(void) convert_char_to_string(how_to_print,
c1, p);
else {
return (-1);
if (pr_adr_short(context, &c2, 1) == 0)
(void) convert_short_to_string(how_to_print,
c2, p);
else {
return (-1);
case AUR_INT32:
if (pr_adr_int32(context, &c3, 1) == 0)
(void) convert_int32_to_string(how_to_print,
c3, p);
else {
return (-1);
case AUR_INT64:
if (pr_adr_int64(context, &c4, 1) == 0)
(void) convert_int64_to_string(how_to_print,
c4, p);
else {
return (-1);
return (-1);
* At this point, we have successfully retrieved a data
* item and converted it into an ASCII string pointed to
* by p. If all output is to be printed on one line,
* simply separate the data items by a space (or by the
* delimiter if this is the last data item), otherwise, we
* need to format the output before display.
if (context->format & PRF_ONELINE) {
returnstat = pr_printf(context, "%s", p);
if ((returnstat >= 0) && (i == (unit_count - 1)))
returnstat = pr_printf(context, "%s",
returnstat = pr_putchar(context, ' ');
} else { /* format output */
returnstat = pr_printf(context, pformat, fwid, p);
index += fwid;
if ((returnstat >= 0) &&
(((index + fwid) > 75) ||
(i == (unit_count - 1)))) {
returnstat = pr_putchar(context, '\n');
index = 0;
} /* else if PRF_ONELINE */
if (returnstat < 0) {
return (returnstat);
return (returnstat);
* -----------------------------------------------------------------------
* opaque_token() : Process opaque token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the opaque token id has already been
* retrieved
* Format of opaque token:
* opaque token id adr_char
* size adr_short
* data adr_char, size times
* -----------------------------------------------------------------------
opaque_token(pr_context_t *context)
int returnstat;
short size;
char *charp;
uval_t uval;
/* print the size of the token */
if (pr_adr_short(context, &size, 1) == 0) {
uval.uvaltype = PRA_SHORT;
uval.short_val = size;
returnstat = pa_print(context, &uval, 0);
} else
returnstat = -1;
/* now print out the data field in hexadecimal */
if (returnstat >= 0) {
/* try to allocate memory for the character string */
if ((charp = (char *)malloc(size * sizeof (char))) == NULL)
returnstat = -1;
else {
if ((returnstat = pr_adr_char(context, charp,
size)) == 0) {
/* print out in hexadecimal format */
uval.uvaltype = PRA_STRING;
uval.string_val = hexconvert(charp, size, size);
if (uval.string_val) {
returnstat = pa_print(context,
&uval, 1);
return (returnstat);
* -----------------------------------------------------------------------
* path_token() : Process path token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the path token id has been retrieved
* Format of path token:
* token id adr_char
* path adr_string
* -----------------------------------------------------------------------
path_token(pr_context_t *context)
char *path; /* path */
char *apath; /* anchored path */
char *cpath; /* collapsed path */
short length;
int returnstat;
uval_t uval;
* We need to know how much space to allocate for our string, so
* read the length first, then call pr_adr_char to read those bytes.
if (pr_adr_short(context, &length, 1) == 0) {
if ((path = (char *)malloc(length + 1)) == NULL) {
returnstat = -1;
} else if (pr_adr_char(context, path, length) == 0) {
path[length] = '\0';
uval.uvaltype = PRA_STRING;
if (*path != '/') {
apath = anchor_path(path);
} else
apath = path;
cpath = collapse_path(apath);
uval.string_val = cpath;
returnstat = pa_print(context, &uval, 1);
} else {
returnstat = -1;
return (returnstat);
} else
return (-1);
* anchor a path name with a slash
char *
anchor_path(char *sp)
char *dp; /* destination path */
char *tp; /* temporary path */
size_t len;
len = strlen(sp) + 2;
if ((dp = tp = (char *)calloc(1, len)) == (char *)0)
return ((char *)0);
*dp++ = '/';
(void) strlcpy(dp, sp, len);
return (tp);
* copy path to collapsed path.
* collapsed path does not contain:
* successive slashes
* instances of dot-slash
* instances of dot-dot-slash
* passed path must be anchored with a '/'
char *
collapse_path(char *s)
int id; /* index of where we are in destination string */
int is; /* index of where we are in source string */
int slashseen; /* have we seen a slash */
int ls; /* length of source string */
ls = strlen(s) + 1;
slashseen = 0;
for (is = 0, id = 0; is < ls; is++) {
/* thats all folks, we've reached the end of input */
if (s[is] == '\0') {
if (id > 1 && s[id-1] == '/') {
s[id++] = '\0';
/* previous character was a / */
if (slashseen) {
if (s[is] == '/')
continue; /* another slash, ignore it */
} else if (s[is] == '/') {
/* we see a /, just copy it and try again */
slashseen = 1;
s[id++] = '/';
/* /./ seen */
if (s[is] == '.' && s[is+1] == '/') {
is += 1;
/* XXX/. seen */
if (s[is] == '.' && s[is+1] == '\0') {
if (id > 1)
/* XXX/.. seen */
if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') {
is += 1;
if (id > 0)
while (id > 0 && s[--id] != '/');
/* XXX/../ seen */
if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') {
is += 2;
if (id > 0)
while (id > 0 && s[--id] != '/');
while (is < ls && (s[id++] = s[is++]) != '/');
return (s);
* -----------------------------------------------------------------------
* cmd_token() : Process cmd token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the cmd token id has been retrieved
* Format of command token:
* token id adr_char
* argc adr_short
* N*argv[i] adr_string (short, string)
* env cnt adr_short
* N*arge[i] adr_string (short, string)
* -----------------------------------------------------------------------
cmd_token(pr_context_t *context)
int returnstat;
short num;
returnstat = pr_adr_short(context, &num, 1);
if (returnstat < 0)
return (returnstat);
if (!(context->format & PRF_XMLM)) {
returnstat = pr_printf(context, "%s%s%d%s",
(context->format & PRF_ONELINE) ? "" : gettext("argcnt"),
(context->format & PRF_ONELINE) ? "" : context->SEPARATOR,
num, context->SEPARATOR);
if (returnstat < 0)
return (returnstat);
for (; num > 0; num--) {
if ((returnstat = process_tag(context, TAG_ARGV,
returnstat, 0)) < 0)
return (returnstat);
if ((returnstat = pr_adr_short(context, &num, 1)) < 0)
return (returnstat);
if (!(context->format & PRF_XMLM)) {
returnstat = pr_printf(context, "%s%s%d%s",
(context->format & PRF_ONELINE) ? "" : gettext("envcnt"),
(context->format & PRF_ONELINE) ? "" : context->SEPARATOR,
num, context->SEPARATOR);
if (returnstat < 0)
return (returnstat);
if ((num == 0) && !(context->format & PRF_XMLM)) {
returnstat = pr_putchar(context, '\n');
if (returnstat < 0)
return (returnstat);
for (; num > 1; num--) {
if ((returnstat = process_tag(context, TAG_ARGE,
returnstat, 0)) < 0)
return (returnstat);
if (num)
returnstat = process_tag(context, TAG_ARGE, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* argument32_token() : Process argument token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the arg token id has been retrieved
* Format of argument token:
* current directory token id adr_char
* argument number adr_char
* argument value adr_int32
* argument description adr_string
* -----------------------------------------------------------------------
argument32_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_ARGNUM, 0, 0);
returnstat = process_tag(context, TAG_ARGVAL32, returnstat, 0);
returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* argument64_token() : Process argument token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the arg token id has been retrieved
* Format of 64 bit argument token:
* current directory token id adr_char
* argument number adr_char
* argument value adr_int64
* argument description adr_string
* -----------------------------------------------------------------------
argument64_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_ARGNUM, 0, 0);
returnstat = process_tag(context, TAG_ARGVAL64, returnstat, 0);
returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* process_token() : Process process token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the process token id has been retrieved
* Format of process token:
* process token id adr_char
* auid adr_u_int32
* euid adr_u_int32
* egid adr_u_int32
* ruid adr_u_int32
* egid adr_u_int32
* pid adr_u_int32
* sid adr_u_int32
* tid adr_u_int32, adr_u_int32
* -----------------------------------------------------------------------
process32_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID32, returnstat, 1);
return (returnstat);
process64_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID64, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* process_ex_token() : Process process token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the process token id has been retrieved
* Format of extended process token:
* process token id adr_char
* auid adr_u_int32
* euid adr_u_int32
* egid adr_u_int32
* ruid adr_u_int32
* egid adr_u_int32
* pid adr_u_int32
* sid adr_u_int32
* tid adr_u_int32, adr_u_int32, 4*adr_u_int32
* -----------------------------------------------------------------------
process32_ex_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1);
return (returnstat);
process64_ex_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* return_value32_token(): Process return value and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the return value token id has been retrieved
* Format of return value token:
* return value token id adr_char
* error number adr_char
* return value adr_int32
* -----------------------------------------------------------------------
return_value32_token(pr_context_t *context)
int returnstat;
uchar_t number;
int32_t value;
char pb[512]; /* print buffer */
uval_t uval;
bool_t used_ret_val = 0;
* Every audit record generated contains a return token.
* The return token is a special token. It indicates the success
* or failure of the event that contains it.
* The return32 token contains two pieces of data:
* char number;
* int32_t return_value;
* For audit records generated by the kernel:
* The kernel always puts a positive value in "number".
* Upon success "number" is 0.
* Upon failure "number" is a positive errno value that is less than
* sys_nerr.
* For audit records generated at the user level:
* Upon success "number" is 0.
* Upon failure "number" is -1.
* For both kernel and user land the value of "return_value" is
* arbitrary. For the kernel it contains the return value of
* the system call. For user land it contains an arbitrary return
* value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE
* and above are messages defined in adt_event.h. ADT_FAIL_PAM and
* above are messages from pam_strerror(). No interpretation is done
* on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or
* ADT_FAIL_PAM values.
if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) {
if (!(context->format & PRF_RAWM)) {
used_ret_val = 1;
pa_error(number, pb, sizeof (pb));
uval.uvaltype = PRA_STRING;
uval.string_val = pb;
if ((returnstat = pa_print(context, &uval, 0)) != 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_int32(
context, &value, 1)) != 0)
return (returnstat);
pa_retval(value, pb, sizeof (pb));
} else {
uval.uvaltype = PRA_INT32;
if ((char)number == -1)
uval.int32_val = -1;
uval.int32_val = number;
returnstat = pa_print(context, &uval, used_ret_val);
if (used_ret_val) {
if (returnstat == 0)
returnstat = close_tag(context, TAG_RETVAL);
return (returnstat);
if (!returnstat)
if (returnstat = close_tag(context, TAG_ERRVAL))
return (returnstat);
return (process_tag(context, TAG_RETVAL, returnstat, 1));
* -----------------------------------------------------------------------
* return_value64_token(): Process return value and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the return value token id has been retrieved
* Format of return value token:
* return value token id adr_char
* error number adr_char
* return value adr_int64
* HOWEVER, the 64 bit return value is a concatenation of two
* 32 bit return values; the first of which is the same as is
* carried in the return32 token. The second 32 bits are ignored
* here so that the displayed return token will have the same
* number whether the application is 32 or 64 bits.
* -----------------------------------------------------------------------
return_value64_token(pr_context_t *context)
int returnstat;
uchar_t number;
rval_t rval;
char pb[512]; /* print buffer */
uval_t uval;
* Every audit record generated contains a return token.
* The return token is a special token. It indicates the success
* or failure of the event that contains it.
* The return64 token contains two pieces of data:
* char number;
* int64_t return_value;
* For audit records generated by the kernel:
* The kernel always puts a positive value in "number".
* Upon success "number" is 0.
* Upon failure "number" is a positive errno value that is less than
* sys_nerr.
* For audit records generated at the user level:
* Upon success "number" is 0.
* Upon failure "number" is -1.
* For both kernel and user land the value of "return_value" is
* arbitrary. For the kernel it contains the return value of
* the system call. For user land it contains an arbitrary return
* value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE
* and above are messages defined in adt_event.h. ADT_FAIL_PAM and
* above are messages from pam_strerror(). No interpretation is done
* on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or
* ADT_FAIL_PAM values.
* The 64 bit return value consists of two 32bit parts; for
* system calls, the first part is the value returned by the
* system call and the second part depends on the system call
* implementation. In most cases, the second part is either 0
* or garbage; because of that, it is omitted from the praudit
* output.
if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) {
if (!(context->format & PRF_RAWM)) {
pa_error(number, pb, sizeof (pb));
uval.uvaltype = PRA_STRING;
uval.string_val = pb;
if ((returnstat = pa_print(context, &uval, 0)) != 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_int64(context,
&rval.r_vals, 1)) != 0)
return (returnstat);
pa_retval(rval.r_val1, pb, sizeof (pb));
} else {
uval.uvaltype = PRA_INT32;
if ((char)number == -1)
uval.int32_val = -1;
uval.int32_val = number;
if ((returnstat = pa_print(context, &uval, 0)) != 0)
return (returnstat);
if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
return (returnstat);
if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
return (returnstat);
if ((returnstat = pr_adr_int64(context,
&rval.r_vals, 1)) != 0)
return (returnstat);
uval.int32_val = rval.r_val1;
returnstat = pa_print(context, &uval, 1);
} else {
return (returnstat);
if (returnstat == 0)
returnstat = close_tag(context, TAG_RETVAL);
return (returnstat);
* -----------------------------------------------------------------------
* subject32_token() : Process subject token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the subject token id has been retrieved
* Format of subject token:
* subject token id adr_char
* auid adr_u_int32
* euid adr_u_int32
* egid adr_u_int32
* ruid adr_u_int32
* egid adr_u_int32
* pid adr_u_int32
* sid adr_u_int32
* tid adr_u_int32, adr_u_int32
* -----------------------------------------------------------------------
subject32_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID32, returnstat, 1);
return (returnstat);
subject64_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID64, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* subject_ex_token(): Process subject token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the subject token id has been retrieved
* Format of extended subject token:
* subject token id adr_char
* auid adr_u_int32
* euid adr_u_int32
* egid adr_u_int32
* ruid adr_u_int32
* egid adr_u_int32
* pid adr_u_int32
* sid adr_u_int32
* tid adr_u_int32, adr_u_int32
* -----------------------------------------------------------------------
subject32_ex_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1);
return (returnstat);
subject64_ex_token(pr_context_t *context)
int returnstat;
/* auid */
returnstat = process_tag(context, TAG_AUID, 0, 0);
/* uid */
returnstat = process_tag(context, TAG_UID, returnstat, 0);
/* gid */
returnstat = process_tag(context, TAG_GID, returnstat, 0);
/* ruid */
returnstat = process_tag(context, TAG_RUID, returnstat, 0);
/* rgid */
returnstat = process_tag(context, TAG_RGID, returnstat, 0);
/* pid */
returnstat = process_tag(context, TAG_PID, returnstat, 0);
/* sid */
returnstat = process_tag(context, TAG_SID, returnstat, 0);
/* tid */
returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* s5_IPC_token() : Process System V IPC token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the System V IPC id has been retrieved
* Format of System V IPC token:
* System V IPC token id adr_char
* object id adr_int32
* -----------------------------------------------------------------------
s5_IPC_token(pr_context_t *context)
int returnstat;
uchar_t ipctype;
uval_t uval;
* These names refer to the type of System V IPC object:
* message queue, semaphore, shared memory.
if (pr_adr_u_char(context, &ipctype, 1) == 0) {
if ((returnstat = open_tag(context, TAG_IPCTYPE)) != 0)
return (returnstat);
if (!(context->format & PRF_RAWM)) {
/* print in ASCII form */
uval.uvaltype = PRA_STRING;
switch (ipctype) {
case AT_IPC_MSG:
uval.string_val = gettext("msg");
case AT_IPC_SEM:
uval.string_val = gettext("sem");
case AT_IPC_SHM:
uval.string_val = gettext("shm");
returnstat = pa_print(context, &uval, 0);
/* print in integer form */
if ((context->format & PRF_RAWM) || (returnstat == 1)) {
uval.uvaltype = PRA_BYTE;
uval.char_val = ipctype;
returnstat = pa_print(context, &uval, 0);
if ((returnstat = close_tag(context, TAG_IPCTYPE)) != 0)
return (returnstat);
/* next get and print ipc id */
return (process_tag(context, TAG_IPCID, returnstat, 1));
} else {
/* cannot retrieve ipc type */
return (-1);
* -----------------------------------------------------------------------
* text_token() : Process text token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the text token id has been retrieved
* Format of text token:
* text token id adr_char
* text adr_string
* -----------------------------------------------------------------------
text_token(pr_context_t *context)
return (pa_adr_string(context, 0, 1));
* -----------------------------------------------------------------------
* tid_token() : Process a generic terminal id token / AUT_TID
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the token id has been retrieved
* Format of tid token:
* ip token id adr_char
* terminal type adr_char
* terminal type = AU_IPADR:
* remote port: adr_short
* local port: adr_short
* IP type: adt_int32 -- AU_IPv4 or AU_IPv6
* address: adr_int32 if IPv4, else 4 * adr_int32
* -----------------------------------------------------------------------
tid_token(pr_context_t *context)
int returnstat;
uchar_t type;
uval_t uval;
if ((returnstat = pr_adr_u_char(context, &type, 1)) != 0)
return (returnstat);
uval.uvaltype = PRA_STRING;
if ((returnstat = open_tag(context, TAG_TID_TYPE)) != 0)
return (returnstat);
switch (type) {
return (-1); /* other than IP type is not implemented */
case AU_IPADR:
uval.string_val = "ip";
returnstat = pa_print(context, &uval, 0);
returnstat = close_tag(context, TAG_TID_TYPE);
returnstat = open_tag(context, TAG_IP);
returnstat = process_tag(context, TAG_IP_REMOTE, returnstat, 0);
returnstat = process_tag(context, TAG_IP_LOCAL, returnstat, 0);
returnstat = process_tag(context, TAG_IP_ADR, returnstat, 1);
returnstat = close_tag(context, TAG_IP);
return (returnstat);
* -----------------------------------------------------------------------
* ip_addr_token() : Process ip token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the ip token id has been retrieved
* Format of ip address token:
* ip token id adr_char
* address adr_int32 (printed in hex)
* -----------------------------------------------------------------------
ip_addr_token(pr_context_t *context)
return (pa_hostname(context, 0, 1));
ip_addr_ex_token(pr_context_t *context)
int returnstat;
uint32_t ip_addr[16];
uint32_t ip_type;
struct in_addr ia;
char *ipstring;
char buf[256];
uval_t uval;
/* get address type */
if ((returnstat = pr_adr_u_int32(context, &ip_type, 1)) != 0)
return (returnstat);
/* legal address types are either AU_IPv4 or AU_IPv6 only */
if ((ip_type != AU_IPv4) && (ip_type != AU_IPv6))
return (-1);
/* get address (4/16) */
if ((returnstat = pr_adr_char(context, (char *)ip_addr, ip_type)) != 0)
return (returnstat);
uval.uvaltype = PRA_STRING;
if (ip_type == AU_IPv4) {
uval.string_val = buf;
if (!(context->format & PRF_RAWM)) {
get_Hname(ip_addr[0], buf, sizeof (buf));
return (pa_print(context, &uval, 1));
ia.s_addr = ip_addr[0];
if ((ipstring = inet_ntoa(ia)) == NULL)
return (-1);
(void) snprintf(buf, sizeof (buf), "%s", ipstring);
} else {
uval.string_val = buf;
if (!(context->format & PRF_RAWM)) {
get_Hname_ex(ip_addr, buf, sizeof (buf));
return (pa_print(context, &uval, 1));
(void) inet_ntop(AF_INET6, (void *) ip_addr, buf,
sizeof (buf));
return (pa_print(context, &uval, 1));
* -----------------------------------------------------------------------
* ip_token() : Process ip header token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the ip token id has been retrieved
* Format of ip header token:
* ip header token id adr_char
* version adr_char (printed in hex)
* type of service adr_char (printed in hex)
* length adr_short
* id adr_u_short
* offset adr_u_short
* ttl adr_char (printed in hex)
* protocol adr_char (printed in hex)
* checksum adr_u_short
* source address adr_int32 (printed in hex)
* destination address adr_int32 (printed in hex)
* -----------------------------------------------------------------------
ip_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_IPVERS, 0, 0);
returnstat = process_tag(context, TAG_IPSERV, returnstat, 0);
returnstat = process_tag(context, TAG_IPLEN, returnstat, 0);
returnstat = process_tag(context, TAG_IPID, returnstat, 0);
returnstat = process_tag(context, TAG_IPOFFS, returnstat, 0);
returnstat = process_tag(context, TAG_IPTTL, returnstat, 0);
returnstat = process_tag(context, TAG_IPPROTO, returnstat, 0);
returnstat = process_tag(context, TAG_IPCKSUM, returnstat, 0);
returnstat = process_tag(context, TAG_IPSRC, returnstat, 0);
returnstat = process_tag(context, TAG_IPDEST, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* iport_token() : Process ip port address token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At time of call, the ip port address token id has been retrieved
* Format of ip port token:
* ip port address token id adr_char
* port address adr_short (in hex)
* -----------------------------------------------------------------------
iport_token(pr_context_t *context)
return (pa_adr_shorthex(context, 0, 1));
* -----------------------------------------------------------------------
* socket_token() : Process socket token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At time of call, the socket token id has been retrieved
* Format of socket token:
* ip socket token id adr_char
* socket type adr_short (in hex)
* foreign port adr_short (in hex)
* foreign internet address adr_hostname/adr_int32 (in ascii/hex)
* -----------------------------------------------------------------------
* Note: local port and local internet address have been removed for 5.x
socket_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_SOCKTYPE, 0, 0);
returnstat = process_tag(context, TAG_SOCKPORT, returnstat, 0);
if (returnstat != 0)
return (returnstat);
if ((returnstat = open_tag(context, TAG_SOCKADDR)) != 0)
return (returnstat);
if ((returnstat = pa_hostname(context, returnstat, 1)) != 0)
return (returnstat);
return (close_tag(context, TAG_SOCKADDR));
* -----------------------------------------------------------------------
* socket_ex_token() : Process socket token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At time of call, the extended socket token id has been retrieved
* Format of extended socket token:
* token id adr_char
* socket domain adr_short (in hex)
* socket type adr_short (in hex)
* IP address type adr_short (in hex) [not displayed]
* local port adr_short (in hex)
* local internet address adr_hostname/adr_int32 (in ascii/hex)
* foreign port adr_short (in hex)
* foreign internet address adr_hostname/adr_int32 (in ascii/hex)
* -----------------------------------------------------------------------
* Note: local port and local internet address have been removed for 5.x
socket_ex_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_SOCKEXDOM, 0, 0);
returnstat = process_tag(context, TAG_SOCKEXTYPE, returnstat, 0);
returnstat = pa_hostname_so(context, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* sequence_token() : Process sequence token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At time of call, the socket token id has been retrieved
* Format of sequence token:
* sequence token id adr_char
* sequence number adr_u_int32 (in hex)
* -----------------------------------------------------------------------
sequence_token(pr_context_t *context)
return (process_tag(context, TAG_SEQNUM, 0, 1));
* -----------------------------------------------------------------------
* acl_token() : Process access control list term
* return codes : -1 - error
* : 0 - successful
* Format of acl token:
* token id adr_char
* term type adr_u_int32
* term value adr_u_int32 (depends on type)
* file mode adr_u_int (in octal)
* -----------------------------------------------------------------------
acl_token(pr_context_t *context)
int returnstat;
returnstat = pa_pw_uid_gr_gid(context, 0, 0);
return (process_tag(context, TAG_MODE, returnstat, 1));
* -----------------------------------------------------------------------
* attribute_token() : Process attribute token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the attribute token id has been retrieved
* Format of attribute token:
* attribute token id adr_char
* mode adr_u_int (printed in octal)
* uid adr_u_int
* gid adr_u_int
* file system id adr_int
* node id adr_int (attribute_token
* pre SunOS 5.7)
* device adr_u_int
* or
* node id adr_int64 (attribute32_token)
* device adr_u_int
* or
* node id adr_int64 (attribute64_token)
* device adr_u_int64
* -----------------------------------------------------------------------
attribute_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_MODE, 0, 0);
returnstat = process_tag(context, TAG_UID, returnstat, 0);
returnstat = process_tag(context, TAG_GID, returnstat, 0);
returnstat = process_tag(context, TAG_FSID, returnstat, 0);
returnstat = process_tag(context, TAG_NODEID32, returnstat, 0);
returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1);
return (returnstat);
attribute32_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_MODE, 0, 0);
returnstat = process_tag(context, TAG_UID, returnstat, 0);
returnstat = process_tag(context, TAG_GID, returnstat, 0);
returnstat = process_tag(context, TAG_FSID, returnstat, 0);
returnstat = process_tag(context, TAG_NODEID64, returnstat, 0);
returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1);
return (returnstat);
attribute64_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_MODE, 0, 0);
returnstat = process_tag(context, TAG_UID, returnstat, 0);
returnstat = process_tag(context, TAG_GID, returnstat, 0);
returnstat = process_tag(context, TAG_FSID, returnstat, 0);
returnstat = process_tag(context, TAG_NODEID64, returnstat, 0);
returnstat = process_tag(context, TAG_DEVICE64, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* group_token() : Process group token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the group token id has been retrieved
* Format of group token:
* group token id adr_char
* group list adr_long, 16 times
* -----------------------------------------------------------------------
group_token(pr_context_t *context)
int returnstat = 0;
int i;
for (i = 0; i < NGROUPS_MAX - 1; i++) {
if ((returnstat = process_tag(context, TAG_GROUPID,
returnstat, 0)) < 0)
return (returnstat);
return (process_tag(context, TAG_GROUPID, returnstat, 1));
* -----------------------------------------------------------------------
* newgroup_token() : Process group token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the group token id has been retrieved
* Format of new group token:
* group token id adr_char
* group number adr_short
* group list adr_int32, group number times
* -----------------------------------------------------------------------
newgroup_token(pr_context_t *context)
int returnstat;
int i, num;
short n_groups;
returnstat = pr_adr_short(context, &n_groups, 1);
if (returnstat != 0)
return (returnstat);
num = (int)n_groups;
if (num == 0) {
if (!(context->format & PRF_XMLM)) {
/* sigh, have to put out a '\n' */
returnstat = pr_putchar(context, '\n');
return (returnstat);
for (i = 0; i < num - 1; i++) {
if ((returnstat = process_tag(context, TAG_GROUPID,
returnstat, 0)) < 0)
return (returnstat);
return (process_tag(context, TAG_GROUPID, returnstat, 1));
static int
string_token_common(pr_context_t *context, int tag)
int returnstat;
int num;
returnstat = pr_adr_int32(context, (int32_t *)&num, 1);
if (returnstat != 0)
return (returnstat);
if (!(context->format & PRF_XMLM)) {
returnstat = pr_printf(context, "%d%s", num,
if (returnstat != 0)
return (returnstat);
if (num == 0)
return (0);
for (; num > 1; num--) {
if ((returnstat = (process_tag(context, tag,
returnstat, 0))) < 0)
return (returnstat);
return (process_tag(context, tag, returnstat, 1));
path_attr_token(pr_context_t *context)
return (string_token_common(context, TAG_XAT));
exec_args_token(pr_context_t *context)
return (string_token_common(context, TAG_ARG));
exec_env_token(pr_context_t *context)
return (string_token_common(context, TAG_ENV));
* -----------------------------------------------------------------------
* s5_IPC_perm_token() : Process System V IPC permission token and display
* contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the System V IPC permission token id
* has been retrieved
* Format of System V IPC permission token:
* System V IPC permission token id adr_char
* uid adr_u_int32
* gid adr_u_int32
* cuid adr_u_int32
* cgid adr_u_int32
* mode adr_u_int32
* seq adr_u_int32
* key adr_int32
* -----------------------------------------------------------------------
s5_IPC_perm_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_UID, 0, 0);
returnstat = process_tag(context, TAG_GID, returnstat, 0);
returnstat = process_tag(context, TAG_CUID, returnstat, 0);
returnstat = process_tag(context, TAG_CGID, returnstat, 0);
returnstat = process_tag(context, TAG_MODE, returnstat, 0);
returnstat = process_tag(context, TAG_SEQ, returnstat, 0);
returnstat = process_tag(context, TAG_KEY, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* host_token() : Process host token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the host token id has been retrieved
* Format of host token:
* host token id adr_char
* hostid adr_u_int32
* -----------------------------------------------------------------------
host_token(pr_context_t *context)
return (pa_hostname(context, 0, 1));
* -----------------------------------------------------------------------
* liaison_token() : Process liaison token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the liaison token id has been retrieved
* Format of liaison token:
* liaison token id adr_char
* liaison adr_u_int32
* -----------------------------------------------------------------------
liaison_token(pr_context_t *context)
return (pa_liaison(context, 0, 1));
* -----------------------------------------------------------------------
* useofauth_token(): Process useofauth token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the uauth token id has been retrieved
* Format of useofauth token:
* uauth token id adr_char
* uauth adr_string
* -----------------------------------------------------------------------
useofauth_token(pr_context_t *context)
return (pa_adr_string(context, 0, 1));
* -----------------------------------------------------------------------
* zonename_token(): Process zonename token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the zonename token id has been retrieved
* Format of zonename token:
* zonename token id adr_char
* zone name adr_string
* -----------------------------------------------------------------------
zonename_token(pr_context_t *context)
return (process_tag(context, TAG_ZONENAME, 0, 1));
* -----------------------------------------------------------------------
* fmri_token(): Process fmri token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the fmri token id has been retrieved
* Format of fmri token:
* fmri token id adr_char
* service instance name adr_string
* -----------------------------------------------------------------------
fmri_token(pr_context_t *context)
return (pa_adr_string(context, 0, 1));
* -----------------------------------------------------------------------
* xatom_token() : Process Xatom token and display contents in hex.
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the xatom token id has been retrieved
* Format of xatom token:
* token id adr_char
* length adr_short
* atom adr_char length times
* -----------------------------------------------------------------------
xatom_token(pr_context_t *context)
return (pa_adr_string(context, 0, 1));
xcolormap_token(pr_context_t *context)
return (pa_xgeneric(context));
xcursor_token(pr_context_t *context)
return (pa_xgeneric(context));
xfont_token(pr_context_t *context)
return (pa_xgeneric(context));
xgc_token(pr_context_t *context)
return (pa_xgeneric(context));
xpixmap_token(pr_context_t *context)
return (pa_xgeneric(context));
xwindow_token(pr_context_t *context)
return (pa_xgeneric(context));
* -----------------------------------------------------------------------
* xproperty_token(): Process Xproperty token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the xproperty token id has been retrieved
* Format of xproperty token:
* token id adr_char
* XID adr_u_int32
* creator UID adr_u_int32
* text adr_text
* -----------------------------------------------------------------------
xproperty_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_XID, 0, 0);
returnstat = process_tag(context, TAG_XCUID, returnstat, 0);
/* Done with attributes; force end of token open */
if (returnstat == 0)
returnstat = finish_open_tag(context);
returnstat = pa_adr_string(context, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* xselect_token(): Process Xselect token and display contents in hex
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the xselect token id has been retrieved
* Format of xselect token
* text token id adr_char
* property text adr_string
* property type adr_string
* property data adr_string
* -----------------------------------------------------------------------
xselect_token(pr_context_t *context)
int returnstat;
returnstat = process_tag(context, TAG_XSELTEXT, 0, 0);
returnstat = process_tag(context, TAG_XSELTYPE, returnstat, 0);
returnstat = process_tag(context, TAG_XSELDATA, returnstat, 1);
return (returnstat);
* -----------------------------------------------------------------------
* xclient_token(): Process Xclient token and display contents in hex.
* return codes : -1 - error
* : 0 - successful
* Format of xclient token:
* token id adr_char
* client adr_int32
* -----------------------------------------------------------------------
xclient_token(pr_context_t *context)
return (pa_adr_int32(context, 0, 1));
* -----------------------------------------------------------------------
* slabel_token() : Process sensitivity label token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the slabel token id has been retrieved
* Format of sensitivity label token:
* slabel token id adr_char
* label adr_char, sizeof (bslabel_t) bytes
* -----------------------------------------------------------------------
slabel_token(pr_context_t *context)
bslabel_t label;
int returnstat;
char strbuf[2048];
char *sp = strbuf;
uval_t uval;
if ((returnstat = pr_adr_char(context, (char *)&label,
sizeof (label))) == 0) {
uval.uvaltype = PRA_STRING;
if (!(context->format & PRF_RAWM)) {
/* print in ASCII form */
if (label_to_str(&label, &sp, M_LABEL,
DEF_NAMES) == 0) {
uval.string_val = sp;
returnstat = pa_print(context, &uval, 1);
} else /* cannot convert to string */
returnstat = 1;
/* print in hexadecimal form */
if ((context->format & PRF_RAWM) || (returnstat == 1)) {
uval.string_val = hexconvert((char *)&label,
sizeof (bslabel_t), sizeof (bslabel_t));
if (uval.string_val) {
returnstat = pa_print(context, &uval, 1);
return (returnstat);
* -----------------------------------------------------------------------
* useofpriv_token() : Process priv token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the useofpriv token id has been retrieved
* Format of useofpriv token:
* useofpriv token id adr_char
* success/failure flag adr_char
* priv adr_int32 (Trusted Solaris)
* priv_set '\0' separated privileges.
* -----------------------------------------------------------------------
useofpriv_token(pr_context_t *context)
int returnstat;
char sf;
uval_t uval;
if ((returnstat = pr_adr_char(context, &sf, 1)) != 0) {
return (returnstat);
if (!(context->format & PRF_RAWM)) {
/* print in ASCII form */
if ((returnstat = open_tag(context, TAG_RESULT)) != 0)
return (returnstat);
uval.uvaltype = PRA_STRING;
if (sf) {
uval.string_val = gettext("successful use of priv");
returnstat = pa_print(context, &uval, 0);
} else {
uval.string_val = gettext("failed use of priv");
returnstat = pa_print(context, &uval, 0);
if (returnstat == 0)
returnstat = close_tag(context, TAG_RESULT);
/* Done with attributes; force end of token open */
if (returnstat == 0)
returnstat = finish_open_tag(context);
} else {
/* print in hexadecimal form */
if ((returnstat = open_tag(context, TAG_RESULT)) != 0)
return (returnstat);
uval.uvaltype = PRA_SHORT;
uval.short_val = sf;
returnstat = pa_print(context, &uval, 0);
if (returnstat == 0)
returnstat = close_tag(context, TAG_RESULT);
/* Done with attributes; force end of token open */
if (returnstat == 0)
returnstat = finish_open_tag(context);
return (pa_adr_string(context, 0, 1));
* -----------------------------------------------------------------------
* privilege_token() : Process privilege token and display contents
* return codes : -1 - error
* : 0 - successful
* NOTE: At the time of call, the privilege token id has been retrieved
* Format of privilege token:
* privilege token id adr_char
* privilege type adr_string
* privilege adr_string
* -----------------------------------------------------------------------
privilege_token(pr_context_t *context)
int returnstat;
/* privilege type: */
returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
/* Done with attributes; force end of token open */
if (returnstat == 0)
returnstat = finish_open_tag(context);
/* privilege: */
return (pa_adr_string(context, returnstat, 1));