summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/libbsm/bsm_token.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/libbsm/bsm_token.c')
-rw-r--r--contrib/openbsm/libbsm/bsm_token.c194
1 files changed, 144 insertions, 50 deletions
diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c
index f9692d1..c9aa1a9 100644
--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@@ -30,15 +30,15 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#72 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#85 $
*/
#include <sys/types.h>
#include <config/config.h>
-#ifdef HAVE_SYS_ENDIAN_H
+#if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC)
#include <sys/endian.h>
-#else /* !HAVE_SYS_ENDIAN_H */
+#else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_MACHINE_ENDIAN_H
#include <machine/endian.h>
#else /* !HAVE_MACHINE_ENDIAN_H */
@@ -49,7 +49,7 @@
#endif /* !HAVE_ENDIAN_H */
#endif /* !HAVE_MACHINE_ENDIAN_H */
#include <compat/endian.h>
-#endif /* !HAVE_SYS_ENDIAN_H */
+#endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
#else /* !HAVE_FULL_QUEUE_H */
@@ -178,8 +178,12 @@ au_to_attr32(struct vnode_au_info *vni)
ADD_U_CHAR(dptr, AUT_ATTR32);
/*
- * Darwin defines the size for the file mode as 2 bytes; BSM defines
- * 4 so pad with 0.
+ * BSD defines the size for the file mode as 2 bytes; BSM defines 4
+ * so pad with 0.
+ *
+ * XXXRW: Possibly should be conditionally compiled.
+ *
+ * XXXRW: Should any conversions take place on the mode?
*/
ADD_U_INT16(dptr, pad0_16);
ADD_U_INT16(dptr, vni->vn_mode);
@@ -223,8 +227,12 @@ au_to_attr64(struct vnode_au_info *vni)
ADD_U_CHAR(dptr, AUT_ATTR64);
/*
- * Darwin defines the size for the file mode as 2 bytes; BSM defines
- * 4 so pad with 0.
+ * BSD defines the size for the file mode as 2 bytes; BSM defines 4
+ * so pad with 0.
+ *
+ * XXXRW: Possibly should be conditionally compiled.
+ *
+ * XXXRW: Should any conversions take place on the mode?
*/
ADD_U_INT16(dptr, pad0_16);
ADD_U_INT16(dptr, vni->vn_mode);
@@ -305,6 +313,10 @@ au_to_data(char unit_print, char unit_type, char unit_count, const char *p)
if (t == NULL)
return (NULL);
+ /*
+ * XXXRW: We should be byte-swapping each data item for multi-byte
+ * types.
+ */
ADD_U_CHAR(dptr, AUT_DATA);
ADD_U_CHAR(dptr, unit_print);
ADD_U_CHAR(dptr, unit_type);
@@ -401,7 +413,7 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
{
token_t *t;
u_char *dptr = NULL;
- u_int32_t type = AF_INET6;
+ u_int32_t type = AU_IPv6;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
if (t == NULL)
@@ -482,20 +494,30 @@ au_to_ipc_perm(struct ipc_perm *perm)
ADD_U_CHAR(dptr, AUT_IPC_PERM);
/*
- * Darwin defines the sizes for ipc_perm members as 2 bytes; BSM
- * defines 4 so pad with 0.
+ * Systems vary significantly in what types they use in struct
+ * ipc_perm; at least a few still use 16-bit uid's and gid's, so
+ * allow for that, as BSM define 32-bit values here.
+ * Some systems define the sizes for ipc_perm members as 2 bytes;
+ * BSM defines 4 so pad with 0.
+ *
+ * XXXRW: Possibly shoulid be conditionally compiled, and more cases
+ * need to be handled.
*/
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->uid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->gid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->cuid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->cgid);
+ if (sizeof(perm->uid) != sizeof(u_int32_t)) {
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->uid);
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->gid);
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->cuid);
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->cgid);
+ } else {
+ ADD_U_INT32(dptr, perm->uid);
+ ADD_U_INT32(dptr, perm->gid);
+ ADD_U_INT32(dptr, perm->cuid);
+ ADD_U_INT32(dptr, perm->cgid);
+ }
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->mode);
@@ -616,6 +638,8 @@ au_to_text(const char *text)
textlen = strlen(text);
textlen += 1;
+ /* XXXRW: Should validate length against token size limit. */
+
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
@@ -686,6 +710,13 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
+
+ /*
+ * Note: Solaris will write out IPv6 addresses here as a 32-bit
+ * address type and 16 bytes of address, but for IPv4 addresses it
+ * simply writes the 4-byte address directly. We support only IPv4
+ * addresses for process32 tokens.
+ */
ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
@@ -712,6 +743,13 @@ au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT64(dptr, tid->port);
+
+ /*
+ * Note: Solaris will write out IPv6 addresses here as a 32-bit
+ * address type and 16 bytes of address, but for IPv4 addresses it
+ * simply writes the 4-byte address directly. We support only IPv4
+ * addresses for process64 tokens.
+ */
ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
@@ -899,6 +937,60 @@ au_to_seq(long audit_count)
/*
* token ID 1 byte
+ * socket domain 2 bytes
+ * socket type 2 bytes
+ * address type 2 byte
+ * local port 2 bytes
+ * local address 4 bytes/16 bytes (IPv4/IPv6 address)
+ * remote port 2 bytes
+ * remote address 4 bytes/16 bytes (IPv4/IPv6 address)
+ */
+token_t *
+au_to_socket_ex(u_short so_domain, u_short so_type,
+ struct sockaddr *sa_local, struct sockaddr *sa_remote)
+{
+ token_t *t;
+ u_char *dptr = NULL;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+
+ if (so_domain == AF_INET)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
+ else if (so_domain == AF_INET6)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t));
+ else {
+ errno = EINVAL;
+ return (NULL);
+ }
+
+ ADD_U_CHAR(dptr, AUT_SOCKET_EX);
+ ADD_U_INT16(dptr, so_domain); /* XXXRW: explicitly convert? */
+ ADD_U_INT16(dptr, so_type); /* XXXRW: explicitly convert? */
+ if (so_domain == AF_INET) {
+ ADD_U_INT16(dptr, AU_IPv4);
+ sin = (struct sockaddr_in *)sa_local;
+ ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
+ sin = (struct sockaddr_in *)sa_remote;
+ ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
+ } else {
+ ADD_U_INT16(dptr, AU_IPv6);
+ sin6 = (struct sockaddr_in6 *)sa_local;
+ ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
+ sin6 = (struct sockaddr_in6 *)sa_remote;
+ ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
+ }
+
+ return (t);
+}
+
+/*
+ * token ID 1 byte
* socket family 2 bytes
* path 104 bytes
*/
@@ -971,8 +1063,9 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
ADD_U_CHAR(dptr, AUT_SOCKINET128);
/*
- * In Darwin, sin6_family is one octet, but BSM defines the token
- * to store two. So we copy in a 0 first.
+ * In BSD, sin6_family is one octet, but BSM defines the token to
+ * store two. So we copy in a 0 first. XXXRW: Possibly should be
+ * conditionally compiled.
*/
ADD_U_CHAR(dptr, 0);
ADD_U_CHAR(dptr, so->sin6_family);
@@ -1207,7 +1300,6 @@ au_to_exec_args(char **argv)
nextarg = *(argv + count);
}
- totlen += count * sizeof(char); /* nul terminations. */
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@@ -1224,27 +1316,6 @@ au_to_exec_args(char **argv)
}
/*
- * token ID 1 byte
- * zonename length 2 bytes
- * zonename N bytes + 1 terminating NULL byte
- */
-token_t *
-au_to_zonename(const char *zonename)
-{
- u_char *dptr = NULL;
- u_int16_t textlen;
- token_t *t;
-
- textlen = strlen(zonename);
- textlen += 1;
- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
- ADD_U_CHAR(dptr, AUT_ZONENAME);
- ADD_U_INT16(dptr, textlen);
- ADD_STRING(dptr, zonename, textlen);
- return (t);
-}
-
-/*
* token ID 1 byte
* count 4 bytes
* text count null-terminated strings
@@ -1269,7 +1340,6 @@ au_to_exec_env(char **envp)
nextenv = *(envp + count);
}
- totlen += sizeof(char) * count;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@@ -1287,6 +1357,29 @@ au_to_exec_env(char **envp)
/*
* token ID 1 byte
+ * zonename length 2 bytes
+ * zonename N bytes + 1 terminating NULL byte
+ */
+token_t *
+au_to_zonename(const char *zonename)
+{
+ u_char *dptr = NULL;
+ u_int16_t textlen;
+ token_t *t;
+
+ textlen = strlen(zonename) + 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_ZONENAME);
+ ADD_U_INT16(dptr, textlen);
+ ADD_STRING(dptr, zonename, textlen);
+ return (t);
+}
+
+/*
+ * token ID 1 byte
* record byte count 4 bytes
* version # 1 byte [2]
* event type 2 bytes
@@ -1338,9 +1431,10 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
{
token_t *t;
u_char *dptr = NULL;
- u_int32_t timems, hostid;
- au_tid_addr_t *tid = &aia->ai_termid;
+ u_int32_t timems;
+ au_tid_addr_t *tid;
+ tid = &aia->ai_termid;
if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6)
return (NULL);
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
@@ -1462,7 +1556,7 @@ au_to_trailer(int rec_size)
{
token_t *t;
u_char *dptr = NULL;
- u_int16_t magic = TRAILER_PAD_MAGIC;
+ u_int16_t magic = AUT_TRAILER_MAGIC;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
sizeof(u_int32_t));
OpenPOWER on IntegriCloud