1 /* |
|
2 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. |
|
3 * Use is subject to license terms. |
|
4 */ |
|
5 |
|
6 #pragma ident "@(#)au_to_tsol.c 1.3 06/03/05 SMI" |
|
7 |
|
8 #include <sys/types.h> |
|
9 #include <unistd.h> |
|
10 #include <bsm/audit.h> |
|
11 #include <bsm/audit_record.h> |
|
12 #include <bsm/libbsm.h> |
|
13 #include <priv.h> |
|
14 #include <sys/ipc.h> |
|
15 #include <sys/param.h> |
|
16 #include <sys/socket.h> |
|
17 #include <sys/time.h> |
|
18 #include <sys/vnode.h> |
|
19 #include <sys/tsol/label.h> |
|
20 #include <malloc.h> |
|
21 #include <net/route.h> |
|
22 #include <netinet/in.h> |
|
23 #include <netinet/in_pcb.h> |
|
24 #include <string.h> |
|
25 |
|
26 |
|
27 static token_t * |
|
28 get_token(int s) |
|
29 { |
|
30 token_t *token; /* Resultant token */ |
|
31 |
|
32 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL) |
|
33 return (NULL); |
|
34 if ((token->tt_data = malloc(s)) == NULL) { |
|
35 free(token); |
|
36 return (NULL); |
|
37 } |
|
38 token->tt_size = s; |
|
39 token->tt_next = NULL; |
|
40 return (token); |
|
41 } |
|
42 |
|
43 /* |
|
44 * au_to_in_addr_ex |
|
45 * returns: |
|
46 * pointer to an extended IP address token |
|
47 */ |
|
48 token_t * |
|
49 au_to_in_addr_ex(int32_t *internet_addr) |
|
50 { |
|
51 token_t *token; /* local token */ |
|
52 adr_t adr; /* adr memory stream header */ |
|
53 char data_header_v4 = AUT_IN_ADDR; /* header for v4 token */ |
|
54 char data_header_v6 = AUT_IN_ADDR_EX; /* header for v6 token */ |
|
55 int32_t type = AU_IPv6; |
|
56 |
|
57 if (IN6_IS_ADDR_V4MAPPED((in6_addr_t *)internet_addr)) { |
|
58 struct in_addr ip; |
|
59 |
|
60 IN6_V4MAPPED_TO_INADDR((struct in6_addr *)internet_addr, &ip); |
|
61 |
|
62 token = get_token(sizeof (char) + |
|
63 (sizeof (char) * sizeof (struct in_addr))); |
|
64 if (token == (token_t *)0) |
|
65 return ((token_t *)0); |
|
66 adr_start(&adr, token->tt_data); |
|
67 adr_char(&adr, &data_header_v4, 1); |
|
68 adr_char(&adr, (char *)&ip, sizeof (struct in_addr)); |
|
69 } else { |
|
70 token = get_token(sizeof (char) + sizeof (uint32_t) + |
|
71 (sizeof (char) * sizeof (struct in6_addr))); |
|
72 if (token == (token_t *)0) |
|
73 return ((token_t *)0); |
|
74 adr_start(&adr, token->tt_data); |
|
75 adr_char(&adr, &data_header_v6, 1); |
|
76 adr_int32(&adr, (int32_t *)&type, 1); |
|
77 adr_char(&adr, (char *)internet_addr, sizeof (struct in6_addr)); |
|
78 } |
|
79 |
|
80 return (token); |
|
81 } |
|
82 |
|
83 /* |
|
84 * au_to_tsol_xclient |
|
85 * return s: |
|
86 * pointer to a xclient token. |
|
87 */ |
|
88 token_t * |
|
89 au_to_tsol_xclient(uint32_t client) |
|
90 { |
|
91 token_t *token; /* local token */ |
|
92 adr_t adr; /* adr memory stream header */ |
|
93 char data_header = AUT_XCLIENT; /* header for this token */ |
|
94 |
|
95 token = get_token(sizeof (char) + sizeof (int32_t)); |
|
96 if (token == (token_t *)0) |
|
97 return ((token_t *)0); |
|
98 adr_start(&adr, token->tt_data); |
|
99 adr_char(&adr, &data_header, 1); |
|
100 adr_int32(&adr, (int32_t *)&client, 1); |
|
101 |
|
102 return (token); |
|
103 } |
|
104 |
|
105 /* |
|
106 * au_to_ipc_perm |
|
107 * return s: |
|
108 * pointer to token containing a System V IPC attribute token. |
|
109 */ |
|
110 token_t * |
|
111 au_to_ipc_perm(struct ipc_perm *perm) |
|
112 { |
|
113 token_t *token; /* local token */ |
|
114 adr_t adr; /* adr memory stream header */ |
|
115 char data_header = AUT_IPC_PERM; /* header for this token */ |
|
116 int32_t value; |
|
117 |
|
118 token = get_token(sizeof (char) + (sizeof (int32_t)*7)); |
|
119 if (token == (token_t *)0) |
|
120 return ((token_t *)0); |
|
121 adr_start(&adr, token->tt_data); |
|
122 adr_char(&adr, &data_header, 1); |
|
123 value = (int32_t)perm->uid; |
|
124 adr_int32(&adr, &value, 1); |
|
125 value = (int32_t)perm->gid; |
|
126 adr_int32(&adr, &value, 1); |
|
127 value = (int32_t)perm->cuid; |
|
128 adr_int32(&adr, &value, 1); |
|
129 value = (int32_t)perm->cgid; |
|
130 adr_int32(&adr, &value, 1); |
|
131 value = (int32_t)perm->mode; |
|
132 adr_int32(&adr, &value, 1); |
|
133 value = (int32_t)perm->seq; |
|
134 adr_int32(&adr, &value, 1); |
|
135 value = (int32_t)perm->key; |
|
136 adr_int32(&adr, &value, 1); |
|
137 |
|
138 return (token); |
|
139 } |
|
140 |
|
141 /* |
|
142 * au_to_upriv |
|
143 * return s: |
|
144 * pointer to token chain containing a use of a privilege token. |
|
145 */ |
|
146 token_t * |
|
147 au_to_upriv(char flag, char *priv) |
|
148 { |
|
149 token_t *token; /* local token */ |
|
150 adr_t adr; /* adr memory stream header */ |
|
151 char data_header = AUT_UPRIV; /* header for this token */ |
|
152 short bytes; /* length of string */ |
|
153 |
|
154 bytes = strlen(priv) + 1; |
|
155 |
|
156 token = get_token(sizeof (char) + sizeof (char) + sizeof (ushort_t) + |
|
157 bytes); |
|
158 if (token == (token_t *)0) |
|
159 return ((token_t *)0); |
|
160 adr_start(&adr, token->tt_data); |
|
161 adr_char(&adr, &data_header, 1); |
|
162 adr_char(&adr, &flag, 1); /* success/failure */ |
|
163 adr_short(&adr, &bytes, 1); |
|
164 adr_char(&adr, priv, bytes); |
|
165 |
|
166 return (token); |
|
167 } |
|
168 |
|
169 /* |
|
170 * au_to_tsol_xatom |
|
171 * return s: |
|
172 * pointer to token chain containing a XATOM token. |
|
173 */ |
|
174 token_t * |
|
175 au_to_tsol_xatom(char *atom) |
|
176 { |
|
177 token_t *token; /* local token */ |
|
178 adr_t adr; /* adr memory stream header */ |
|
179 char data_header = AUT_XATOM; /* header for this token */ |
|
180 short bytes; /* length of string */ |
|
181 |
|
182 bytes = strlen(atom) + 1; |
|
183 |
|
184 token = get_token(sizeof (char) + sizeof (ushort_t) + bytes); |
|
185 if (token == (token_t *)0) |
|
186 return ((token_t *)0); |
|
187 adr_start(&adr, token->tt_data); |
|
188 adr_char(&adr, &data_header, 1); |
|
189 adr_short(&adr, &bytes, 1); |
|
190 adr_char(&adr, atom, bytes); |
|
191 |
|
192 return (token); |
|
193 } |
|
194 |
|
195 /* |
|
196 * au_to_tsol_xcolormap |
|
197 * return s: |
|
198 * pointer to token chain containing a XCOLORMAP token. |
|
199 */ |
|
200 token_t * |
|
201 au_to_tsol_xcolormap(int32_t xid, uid_t cuid) |
|
202 { |
|
203 token_t *token; /* local token */ |
|
204 adr_t adr; /* adr memory stream header */ |
|
205 char data_header = AUT_XCOLORMAP; /* header for this token */ |
|
206 |
|
207 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
208 if (token == (token_t *)0) |
|
209 return ((token_t *)0); |
|
210 adr_start(&adr, token->tt_data); |
|
211 adr_char(&adr, &data_header, 1); |
|
212 adr_int32(&adr, &xid, 1); |
|
213 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
214 |
|
215 return (token); |
|
216 } |
|
217 |
|
218 /* |
|
219 * au_to_tsol_xcursor |
|
220 * return s: |
|
221 * pointer to token chain containing a XCURSOR token. |
|
222 */ |
|
223 token_t * |
|
224 au_to_tsol_xcursor(int32_t xid, uid_t cuid) |
|
225 { |
|
226 token_t *token; /* local token */ |
|
227 adr_t adr; /* adr memory stream header */ |
|
228 char data_header = AUT_XCURSOR; /* header for this token */ |
|
229 |
|
230 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
231 if (token == (token_t *)0) |
|
232 return ((token_t *)0); |
|
233 adr_start(&adr, token->tt_data); |
|
234 adr_char(&adr, &data_header, 1); |
|
235 adr_int32(&adr, &xid, 1); |
|
236 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
237 |
|
238 return (token); |
|
239 } |
|
240 |
|
241 /* |
|
242 * au_to_tsol_xfont |
|
243 * return s: |
|
244 * pointer to token chain containing a XFONT token. |
|
245 */ |
|
246 token_t * |
|
247 au_to_tsol_xfont(int32_t xid, uid_t cuid) |
|
248 { |
|
249 token_t *token; /* local token */ |
|
250 adr_t adr; /* adr memory stream header */ |
|
251 char data_header = AUT_XFONT; /* header for this token */ |
|
252 |
|
253 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
254 if (token == (token_t *)0) |
|
255 return ((token_t *)0); |
|
256 adr_start(&adr, token->tt_data); |
|
257 adr_char(&adr, &data_header, 1); |
|
258 adr_int32(&adr, &xid, 1); |
|
259 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
260 |
|
261 return (token); |
|
262 } |
|
263 |
|
264 /* |
|
265 * au_to_tsol_xgc |
|
266 * return s: |
|
267 * pointer to token chain containing a XGC token. |
|
268 */ |
|
269 token_t * |
|
270 au_to_tsol_xgc(int32_t xid, uid_t cuid) |
|
271 { |
|
272 token_t *token; /* local token */ |
|
273 adr_t adr; /* adr memory stream header */ |
|
274 char data_header = AUT_XGC; /* header for this token */ |
|
275 |
|
276 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
277 if (token == (token_t *)0) |
|
278 return ((token_t *)0); |
|
279 adr_start(&adr, token->tt_data); |
|
280 adr_char(&adr, &data_header, 1); |
|
281 adr_int32(&adr, &xid, 1); |
|
282 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
283 |
|
284 return (token); |
|
285 } |
|
286 |
|
287 /* |
|
288 * au_to_tsol_xpixmap |
|
289 * return s: |
|
290 * pointer to token chain containing a XPIXMAP token. |
|
291 */ |
|
292 token_t * |
|
293 au_to_tsol_xpixmap(int32_t xid, uid_t cuid) |
|
294 { |
|
295 token_t *token; /* local token */ |
|
296 adr_t adr; /* adr memory stream header */ |
|
297 char data_header = AUT_XPIXMAP; /* header for this token */ |
|
298 |
|
299 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
300 if (token == (token_t *)0) |
|
301 return ((token_t *)0); |
|
302 adr_start(&adr, token->tt_data); |
|
303 adr_char(&adr, &data_header, 1); |
|
304 adr_int32(&adr, &xid, 1); |
|
305 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
306 |
|
307 return (token); |
|
308 } |
|
309 |
|
310 /* |
|
311 * au_to_tsol_xproperty |
|
312 * return s: |
|
313 * pointer to token chain containing a ... token. |
|
314 */ |
|
315 token_t * |
|
316 au_to_tsol_xproperty(int32_t xid, uid_t cuid, char *name) |
|
317 { |
|
318 token_t *token; /* local token */ |
|
319 adr_t adr; /* adr memory stream header */ |
|
320 char data_header = AUT_XPROPERTY; /* header for this token */ |
|
321 short bytes; /* length of string */ |
|
322 |
|
323 bytes = strlen(name) + 1; |
|
324 |
|
325 token = get_token(sizeof (char) + (2 * sizeof (int32_t)) |
|
326 + sizeof (short) + bytes); |
|
327 if (token == (token_t *)0) |
|
328 return ((token_t *)0); |
|
329 adr_start(&adr, token->tt_data); |
|
330 adr_char(&adr, &data_header, 1); |
|
331 adr_int32(&adr, &xid, 1); |
|
332 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
333 adr_short(&adr, &bytes, 1); |
|
334 adr_char(&adr, name, bytes); |
|
335 |
|
336 return (token); |
|
337 } |
|
338 |
|
339 /* |
|
340 * au_to_tsol_xselect |
|
341 * return s: |
|
342 * pointer to token chain containing a ... token. |
|
343 */ |
|
344 token_t * |
|
345 au_to_tsol_xselect(char *propname, char *proptype, char *windata) |
|
346 { |
|
347 token_t *token; /* local token */ |
|
348 adr_t adr; /* adr memory stream header */ |
|
349 char data_header = AUT_XSELECT; /* header for this token */ |
|
350 short bytes1, bytes2, bytes3; /* length of string */ |
|
351 |
|
352 bytes1 = strlen(propname) + 1; |
|
353 bytes2 = strlen(proptype) + 1; |
|
354 bytes3 = strlen(windata) + 1; |
|
355 |
|
356 token = get_token(sizeof (char) + (3 * sizeof (short)) + |
|
357 bytes1 + bytes2 + bytes3); |
|
358 if (token == (token_t *)0) |
|
359 return ((token_t *)0); |
|
360 adr_start(&adr, token->tt_data); |
|
361 adr_char(&adr, &data_header, 1); |
|
362 adr_short(&adr, &bytes1, 1); |
|
363 adr_char(&adr, propname, bytes1); |
|
364 adr_short(&adr, &bytes2, 1); |
|
365 adr_char(&adr, proptype, bytes2); |
|
366 adr_short(&adr, &bytes3, 1); |
|
367 adr_char(&adr, windata, bytes3); |
|
368 |
|
369 return (token); |
|
370 } |
|
371 |
|
372 /* |
|
373 * au_to_tsol_xwindow |
|
374 * return s: |
|
375 * pointer to token chain containing a XWINDOW token. |
|
376 */ |
|
377 token_t * |
|
378 au_to_tsol_xwindow(int32_t xid, uid_t cuid) |
|
379 { |
|
380 token_t *token; /* local token */ |
|
381 adr_t adr; /* adr memory stream header */ |
|
382 char data_header = AUT_XWINDOW; /* header for this token */ |
|
383 |
|
384 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); |
|
385 if (token == (token_t *)0) |
|
386 return ((token_t *)0); |
|
387 adr_start(&adr, token->tt_data); |
|
388 adr_char(&adr, &data_header, 1); |
|
389 adr_int32(&adr, &xid, 1); |
|
390 adr_int32(&adr, (int32_t *)&cuid, 1); |
|
391 |
|
392 return (token); |
|
393 } |
|