audit_token.c revision 9e9e6ab82d4247028c312ff50a65b8a05a194b33
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Support routines for building audit records.
*/
#include <sys/ipc_impl.h>
#include <netinet/in_systm.h>
#include <c2/audit_kernel.h>
#include <c2/audit_record.h>
/*
* These are the control tokens
*/
/*
* au_to_header
* returns:
* pointer to au_membuf chain containing a header token.
*/
token_t *
{
token_t *m; /* au_membuf pointer */
#ifdef _LP64
#else
char data_header = AUT_HEADER32;
#endif
m = au_getclr();
/* audit record */
#ifdef _LP64
#else
#endif
return (m);
}
token_t *
{
token_t *m; /* au_membuf pointer */
#ifdef _LP64
#else
char data_header = AUT_HEADER32_EX;
#endif
m = au_getclr();
/* audit record */
#ifdef _LP64
#else
#endif
return (m);
}
/*
* au_to_trailer
* returns:
* pointer to au_membuf chain containing a trailer token.
*/
token_t *
au_to_trailer(int byte_count)
{
token_t *m; /* au_membuf pointer */
m = au_getclr();
/* audit record */
return (m);
}
/*
* These are the data tokens
*/
/*
* au_to_data
* returns:
* pointer to au_membuf chain containing a data token.
*/
token_t *
{
token_t *m; /* au_membuf pointer */
ASSERT(unit_count != 0);
switch (unit_type) {
case AUR_SHORT:
if (sizeof (short) * unit_count >= AU_BUFSIZE)
return (au_to_text("au_to_data: unit count too big"));
break;
case AUR_INT32:
return (au_to_text("au_to_data: unit count too big"));
break;
case AUR_INT64:
return (au_to_text("au_to_data: unit count too big"));
break;
case AUR_BYTE:
default:
#ifdef _CHAR_IS_UNSIGNED
if (sizeof (char) * unit_count >= AU_BUFSIZE)
return (au_to_text("au_to_data: unit count too big"));
#endif
/*
* we used to check for this:
* sizeof (char) * (int)unit_count >= AU_BUFSIZE).
* but the compiler is smart enough to see that
* will never be >= AU_BUFSIZE, since that's 128
* and unit_count maxes out at 127 (signed char),
* and complain.
*/
break;
}
m = au_getclr();
switch (unit_type) {
case AUR_SHORT:
break;
case AUR_INT32:
break;
case AUR_INT64:
break;
case AUR_BYTE:
default:
break;
}
return (m);
}
/*
* au_to_process
* au_to_subject
* returns:
* pointer to au_membuf chain containing a process token.
*/
token_t *
{
char data_header;
#ifdef _LP64
else
#else
else
#endif
}
token_t *
{
char data_header;
#ifdef _LP64
else
#else
else
#endif
}
static token_t *
au_to_any_process(char data_header,
{
token_t *m; /* local au_membuf */
m = au_getclr();
#ifdef _LP64
#else
#endif
} else {
}
return (m);
}
/*
* au_to_text
* returns:
* pointer to au_membuf chain containing a text token.
*/
token_t *
au_to_text(const char *text)
{
short bytes; /* length of string */
/*
* Now attach the text
*/
return (token);
}
/*
* au_zonename_length
* returns:
* - length of zonename token to be generated
* - zone name up to ZONENAME_MAX + 1 in length
*/
#define ZONE_TOKEN_OVERHEAD 3
/*
* the zone token is
* token id (1 byte)
* string length (2 bytes)
* the string (strlen(zonename) + 1)
*/
{
}
/*
* au_to_zonename
*
* A length of zero input to au_to_zonename means the length is not
* pre-calculated.
*
* The caller is responsible for checking the AUDIT_ZONENAME policy
* before calling au_zonename_length() and au_to_zonename(). If
* the policy changes between the calls, no harm is done, so the
* policy only needs to be checked once.
*
* returns:
* pointer to au_membuf chain containing a zonename token; NULL if
* policy is off.
*
* if the zonename token is generated at token generation close time,
* the length of the token is already known and it is ASSERTed that
* it has not changed. If not precalculated, zone_length must be
* zero.
*/
token_t *
{
short bytes; /* length of string */
/*
* If zone_length != 0, it was precalculated and is
* the token length, not the string length.
*/
ASSERT((zone_length == 0) ||
return (token);
}
/*
* au_to_strings
* returns:
* pointer to au_membuf chain containing a strings array token.
*/
token_t *
char header, /* token type */
const char *kstrp, /* kernel string pointer */
{
token_t *m; /* local au_membuf */
while (count-- > 0) {
m = au_getclr();
}
return (token);
}
/*
* au_to_exec_args
* returns:
* pointer to au_membuf chain containing a argv token.
*/
token_t *
{
}
/*
* au_to_exec_env
* returns:
* pointer to au_membuf chain containing a arge token.
*/
token_t *
{
}
/*
* au_to_arg32
* char n; argument # being used
* char *text; text describing argument
* uint32_t v; argument value
* returns:
* pointer to au_membuf chain containing an argument token.
*/
token_t *
{
short bytes; /* length of string */
/*
* Now add the description
*/
return (token);
}
/*
* au_to_arg64
* char n; argument # being used
* char *text; text describing argument
* uint64_t v; argument value
* returns:
* pointer to au_membuf chain containing an argument token.
*/
token_t *
{
short bytes; /* length of string */
/*
* Now the description
*/
return (token);
}
/*
* au_to_path
* returns:
* pointer to au_membuf chain containing a path token.
*/
token_t *
{
token_t *m; /* local au_membuf */
short bytes; /* length of string */
/*
* generate path token header
*/
m = au_getclr();
/* append path string */
token = m;
/* generate attribute path strings token */
}
return (token);
}
/*
* au_to_ipc
* returns:
* pointer to au_membuf chain containing a System V IPC token.
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}
/*
* au_to_return32
* returns:
* pointer to au_membuf chain containing a return value token.
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
if (error) {
val = -1;
} else {
}
return (m);
}
/*
* au_to_return64
* returns:
* pointer to au_membuf chain containing a return value token.
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
if (error) {
val = -1;
} else {
}
return (m);
}
#ifdef AU_MAY_USE_SOMEDAY
/*
* au_to_opaque
* returns:
* pointer to au_membuf chain containing a opaque token.
*/
token_t *
{
/*
* Now attach the data
*/
return (token);
}
#endif /* AU_MAY_USE_SOMEDAY */
/*
* au_to_ip
* returns:
* pointer to au_membuf chain containing a ip header token
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}
/*
* au_to_iport
* returns:
* pointer to au_membuf chain containing a ip path token
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}
/*
* au_to_in_addr
* returns:
* pointer to au_membuf chain containing a ip path token
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}
/*
* au_to_in_addr_ex
* returns:
* pointer to au_membuf chain containing an ipv6 token
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
} else {
}
return (m);
}
/*
* The Modifier tokens
*/
/*
* au_to_attr
* returns:
* pointer to au_membuf chain containing an attribute token.
*/
token_t *
{
token_t *m; /* local au_membuf */
#ifdef _LP64
#else
char data_header = AUT_ATTR32;
#endif
m = au_getclr();
#ifdef _LP64
#else
#endif
return (m);
}
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}
/*
* au_to_ipc_perm
* returns:
* pointer to au_membuf chain containing a System V IPC attribute token.
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
value = 0; /* seq is now obsolete */
return (m);
}
token_t *
{
token_t *m; /* local au_membuf */
short n_groups;
m = au_getclr();
return (m);
}
/*
* au_to_socket_ex
* returns:
* pointer to au_membuf chain containing a socket token.
*/
token_t *
{
token_t *m;
char data_header = AUT_SOCKET_EX;
struct sockaddr_in6 *addr6;
struct sockaddr_in *addr4;
short size;
m = au_getclr();
addr6 = (struct sockaddr_in6 *)l;
addr6 = (struct sockaddr_in6 *)f;
addr4 = (struct sockaddr_in *)l;
addr4 = (struct sockaddr_in *)f;
}
return (m);
}
/*
* au_to_seq
* returns:
* pointer to au_membuf chain containing a sequence token.
*/
token_t *
{
token_t *m;
char data_header = AUT_SEQ;
m = au_getclr();
return (m);
}
token_t *
{
token_t *m;
char data_header = AUT_SOCKET;
m = au_getclr();
/* remote addr */
return (m);
}
extern int maxprivbytes;
token_t *
const char *set,
const priv_set_t *pset,
char data_header,
int success)
{
int priv;
const char *pname;
char *buf, *q;
short sz;
/*
* set is not used for AUT_UPRIV and sf (== success) is not
* used for AUT_PRIV
*/
if (data_header == AUT_UPRIV) {
} else {
m = au_getclr();
}
if (full) {
buf = "ALL";
} else {
*buf = '\0';
if (q != buf)
*q++ = ',';
q += strlen(q);
}
}
}
m = au_getclr();
if (!full)
return (token);
}
/*
* au_to_label
* returns:
* pointer to au_membuf chain containing a label token.
*/
token_t *
{
token_t *m; /* local au_membuf */
m = au_getclr();
return (m);
}