]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/kern_bsm_token.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-792.12.6.tar.gz
[apple/xnu.git] / bsd / kern / kern_bsm_token.c
CommitLineData
55e303ae 1/*
91447636 2 * Copyright (c) 2003-2004 Apple Computer, Inc. All rights reserved.
55e303ae 3 *
8ad349bb 4 * @APPLE_LICENSE_OSREFERENCE_HEADER_START@
55e303ae 5 *
8ad349bb
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the
10 * License may not be used to create, or enable the creation or
11 * redistribution of, unlawful or unlicensed copies of an Apple operating
12 * system, or to circumvent, violate, or enable the circumvention or
13 * violation of, any terms of an Apple operating system software license
14 * agreement.
15 *
16 * Please obtain a copy of the License at
17 * http://www.opensource.apple.com/apsl/ and read it before using this
18 * file.
19 *
20 * The Original Code and all software distributed under the License are
21 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
22 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
23 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
25 * Please see the License for the specific language governing rights and
26 * limitations under the License.
27 *
28 * @APPLE_LICENSE_OSREFERENCE_HEADER_END@
55e303ae 29 */
e5568f75 30
55e303ae 31#include <sys/types.h>
55e303ae 32#include <sys/un.h>
e5568f75 33#include <sys/event.h>
91447636 34#include <sys/ucred.h>
e5568f75 35
91447636 36#include <sys/ipc.h>
e5568f75
A		 37#include <bsm/audit.h>
38#include <bsm/audit_record.h>
39#include <bsm/audit_klib.h>
40#include <bsm/audit_kernel.h>
41
55e303ae 42#include <kern/clock.h>
91447636
A		 43#include <kern/kalloc.h>
44
45#include <string.h>
55e303ae
A		 46
47#define GET_TOKEN_AREA(tok, dptr, length) \
48 do {\
e5568f75 49 tok = (token_t *)kalloc(sizeof(*tok) + length); \
55e303ae
A		 50 if(tok != NULL)\
51 {\
52 tok->len = length;\
e5568f75 53 dptr = tok->t_data = (u_char *)&tok[1];\
91447636
A		 54 memset(dptr, 0, length);\
55 }\
55e303ae
A		 56 }while(0)
57
58
59
60/*
61 * token ID 1 byte
62 * argument # 1 byte
63 * argument value 4 bytes/8 bytes (32-bit/64-bit value)
64 * text length 2 bytes
65 * text N bytes + 1 terminating NULL byte
66 */
67token_t *au_to_arg32(char n, char *text, u_int32_t v)
68{
69 token_t *t;
70 u_char *dptr;
71 u_int16_t textlen;
72
73 if(text == NULL) {
74 return NULL;
75 }
76
77 /* Make sure that text is null terminated */
78 textlen = strlen(text);
79 if(text[textlen] != '\0') {
80 return NULL;
81 }
82
83 GET_TOKEN_AREA(t, dptr, 9 + textlen);
84 if(t == NULL) {
85 return NULL;
86 }
87
88 textlen += 1;
89
90 ADD_U_CHAR(dptr, AU_ARG32_TOKEN);
91 ADD_U_CHAR(dptr, n);
92 ADD_U_INT32(dptr, v);
93 ADD_U_INT16(dptr, textlen);
94 ADD_STRING(dptr, text, textlen);
95
96 return t;
97
98}
99
100token_t *au_to_arg64(char n, char *text, u_int64_t v)
101{
102 token_t *t;
103 u_char *dptr;
104 u_int16_t textlen;
105
106 if(text == NULL) {
107 return NULL;
108 }
109
110 /* Make sure that text is null terminated */
111 textlen = strlen(text);
112 if(text[textlen] != '\0') {
113 return NULL;
114 }
115
116 GET_TOKEN_AREA(t, dptr, 13 + textlen);
117 if(t == NULL) {
118 return NULL;
119 }
120
121 textlen += 1;
122
123 ADD_U_CHAR(dptr, AU_ARG64_TOKEN);
124 ADD_U_CHAR(dptr, n);
125 ADD_U_INT64(dptr, v);
126 ADD_U_INT16(dptr, textlen);
127 ADD_STRING(dptr, text, textlen);
128
129 return t;
130
131}
132
133token_t *au_to_arg(char n, char *text, u_int32_t v)
134{
135 return au_to_arg32(n, text, v);
136}
137
138/*
139 * token ID 1 byte
140 * file access mode 4 bytes
141 * owner user ID 4 bytes
142 * owner group ID 4 bytes
143 * file system ID 4 bytes
144 * node ID 8 bytes
145 * device 4 bytes/8 bytes (32-bit/64-bit)
146 */
91447636 147token_t *au_to_attr32(__unused struct vnode_attr *attr)
e5568f75
A		 148{
149 return NULL;
150}
151
152/* Kernel-specific version of the above function */
153token_t *kau_to_attr32(struct vnode_au_info *vni)
55e303ae
A		 154{
155 token_t *t;
156 u_char *dptr;
e5568f75
A		 157 u_int64_t fileid;
158 u_int16_t pad0_16 = 0;
159 u_int32_t pad0_32 = 0;
55e303ae 160
e5568f75 161 if(vni == NULL) {
55e303ae
A		 162 return NULL;
163 }
164
55e303ae
A		 165 GET_TOKEN_AREA(t, dptr, 29);
166 if(t == NULL) {
167 return NULL;
168 }
169
170 ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
e5568f75
A		 171
172 /*
173 * Darwin defines the size for the file mode as 2 bytes;
174 * BSM defines 4. So we copy in a 0 first.
175 */
176 ADD_U_INT16(dptr, pad0_16);
177 ADD_U_INT16(dptr, vni->vn_mode);
178
179 ADD_U_INT32(dptr, vni->vn_uid);
180 ADD_U_INT32(dptr, vni->vn_gid);
181 ADD_U_INT32(dptr, vni->vn_fsid);
182
183 /*
184 * Darwin defines the size for fileid as 4 bytes;
185 * BSM defines 8. So we copy in a 0 first.
186 */
187 fileid = vni->vn_fileid;
188 ADD_U_INT32(dptr, pad0_32);
189 ADD_U_INT32(dptr, fileid);
190
191 ADD_U_INT32(dptr, vni->vn_dev);
55e303ae
A		 192
193 return t;
194}
195
91447636 196token_t *au_to_attr64(__unused struct vnode_attr *attr)
55e303ae 197{
91447636 198 return NULL;
e5568f75 199}
91447636
A		 200
201token_t *kau_to_attr64(__unused struct vnode_au_info *vni)
e5568f75
A		 202{
203 return NULL;
55e303ae
A		 204}
205
91447636 206token_t *au_to_attr(struct vnode_attr *attr)
55e303ae
A		 207{
208 return au_to_attr32(attr);
209
210}
211
212
213/*
214 * token ID 1 byte
215 * how to print 1 byte
216 * basic unit 1 byte
217 * unit count 1 byte
218 * data items (depends on basic unit)
219 */
220token_t *au_to_data(char unit_print, char unit_type,
221 char unit_count, char *p)
222{
223 token_t *t;
224 u_char *dptr;
225 size_t datasize, totdata;
226
227 if(p == NULL) {
228 return NULL;
229 }
230
231 /* Determine the size of the basic unit */
232 switch(unit_type) {
233 case AUR_BYTE: datasize = AUR_BYTE_SIZE;
234 break;
235
236 case AUR_SHORT: datasize = AUR_SHORT_SIZE;
237 break;
238
239 case AUR_LONG: datasize = AUR_LONG_SIZE;
240 break;
241
242 default: return NULL;
243 }
244
245 totdata = datasize * unit_count;
246
247 GET_TOKEN_AREA(t, dptr, totdata + 4);
248 if(t == NULL) {
249 return NULL;
250 }
251
252 ADD_U_CHAR(dptr, AU_ARB_TOKEN);
253 ADD_U_CHAR(dptr, unit_print);
254 ADD_U_CHAR(dptr, unit_type);
255 ADD_U_CHAR(dptr, unit_count);
256 ADD_MEM(dptr, p, totdata);
257
258 return t;
259}
260
55e303ae
A		 261/*
262 * token ID 1 byte
263 * status 4 bytes
264 * return value 4 bytes
265 */
266token_t *au_to_exit(int retval, int err)
267{
268 token_t *t;
269 u_char *dptr;
270
271 GET_TOKEN_AREA(t, dptr, 9);
272 if(t == NULL) {
273 return NULL;
274 }
275
276 ADD_U_CHAR(dptr, AU_EXIT_TOKEN);
277 ADD_U_INT32(dptr, err);
278 ADD_U_INT32(dptr, retval);
279
280 return t;
281}
282
283/*
284 */
285token_t *au_to_groups(int *groups)
286{
287 return au_to_newgroups(MAX_GROUPS, groups);
288}
289
290/*
291 * token ID 1 byte
292 * number groups 2 bytes
293 * group list count * 4 bytes
294 */
295token_t *au_to_newgroups(u_int16_t n, gid_t *groups)
296{
297 token_t *t;
298 u_char *dptr;
299 int i;
300
301 if(groups == NULL) {
302 return NULL;
303 }
304
305 GET_TOKEN_AREA(t, dptr, n * 4 + 3);
306 if(t == NULL) {
307 return NULL;
308 }
309
310 ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN);
311 ADD_U_INT16(dptr, n);
312 for(i = 0; i < n; i++) {
313 ADD_U_INT32(dptr, groups[i]);
314 }
315
316 return t;
317}
318
319
320
321
322/*
323 * token ID 1 byte
324 * internet address 4 bytes
325 */
326token_t *au_to_in_addr(struct in_addr *internet_addr)
327{
328 token_t *t;
329 u_char *dptr;
330
331 if(internet_addr == NULL) {
332 return NULL;
333 }
334
335 GET_TOKEN_AREA(t, dptr, 5);
336 if(t == NULL) {
337 return NULL;
338 }
339
340 ADD_U_CHAR(dptr, AU_IN_ADDR_TOKEN);
341 ADD_U_INT32(dptr, internet_addr->s_addr);
342
343 return t;
344}
345
346/*
347 * token ID 1 byte
348 * address type/length 4 bytes
349 * Address 16 bytes
350 */
351token_t *au_to_in_addr_ex(struct in6_addr *internet_addr)
352{
353 token_t *t;
354 u_char *dptr;
e5568f75 355 u_int32_t type = AF_INET6;
55e303ae
A		 356
357 if(internet_addr == NULL) {
358 return NULL;
359 }
360
361 GET_TOKEN_AREA(t, dptr, 21);
362 if(t == NULL) {
363 return NULL;
364 }
365
366 ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN);
e5568f75 367 ADD_U_INT32(dptr, type);
55e303ae
A		 368 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
369 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
370 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
371 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]);
372
373 return t;
374}
375
376/*
377 * token ID 1 byte
378 * ip header 20 bytes
379 */
380token_t *au_to_ip(struct ip *ip)
381{
382 token_t *t;
383 u_char *dptr;
384
385 if(ip == NULL) {
386 return NULL;
387 }
388
389 GET_TOKEN_AREA(t, dptr, 21);
390 if(t == NULL) {
391 return NULL;
392 }
393
394 ADD_U_CHAR(dptr, AU_IP_TOKEN);
395 ADD_MEM(dptr, ip, sizeof(struct ip));
396
397 return t;
398}
399
400/*
401 * token ID 1 byte
402 * object ID type 1 byte
403 * object ID 4 bytes
404 */
405token_t *au_to_ipc(char type, int id)
406{
407 token_t *t;
408 u_char *dptr;
409
410
411 GET_TOKEN_AREA(t, dptr, 6);
412 if(t == NULL) {
413 return NULL;
414 }
415
416 ADD_U_CHAR(dptr, AU_IPC_TOKEN);
417 ADD_U_CHAR(dptr, type);
418 ADD_U_INT32(dptr, id);
419
420 return t;
421}
422
423/*
424 * token ID 1 byte
425 * owner user ID 4 bytes
426 * owner group ID 4 bytes
427 * creator user ID 4 bytes
428 * creator group ID 4 bytes
429 * access mode 4 bytes
430 * slot sequence # 4 bytes
431 * key 4 bytes
432 */
433token_t *au_to_ipc_perm(struct ipc_perm *perm)
434{
435 token_t *t;
436 u_char *dptr;
e5568f75 437 u_int16_t pad0 = 0;
55e303ae
A		 438
439 if(perm == NULL) {
440 return NULL;
441 }
442
443 GET_TOKEN_AREA(t, dptr, 29);
444 if(t == NULL) {
445 return NULL;
446 }
447
e5568f75
A		 448 /*
449 * Darwin defines the sizes for ipc_perm members
450 * as 2 bytes; BSM defines 4. So we copy in a 0 first.
451 */
55e303ae 452 ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
e5568f75
A		 453
454 ADD_U_INT16(dptr, pad0);
455 ADD_U_INT16(dptr, perm->uid);
456
457 ADD_U_INT16(dptr, pad0);
458 ADD_U_INT16(dptr, perm->gid);
459
460 ADD_U_INT16(dptr, pad0);
461 ADD_U_INT16(dptr, perm->cuid);
462
463 ADD_U_INT16(dptr, pad0);
464 ADD_U_INT16(dptr, perm->cgid);
465
466 ADD_U_INT16(dptr, pad0);
467 ADD_U_INT16(dptr, perm->mode);
468
469 ADD_U_INT16(dptr, pad0);
470 ADD_U_INT16(dptr, perm->seq);
471
472 ADD_U_INT16(dptr, pad0);
473 ADD_U_INT16(dptr, perm->key);
55e303ae
A		 474
475 return t;
476}
477
478
479/*
480 * token ID 1 byte
481 * port IP address 2 bytes
482 */
483token_t *au_to_iport(u_int16_t iport)
484{
485 token_t *t;
486 u_char *dptr;
487
488
489 GET_TOKEN_AREA(t, dptr, 3);
490 if(t == NULL) {
491 return NULL;
492 }
493
494 ADD_U_CHAR(dptr, AU_IPORT_TOKEN);
495 ADD_U_INT16(dptr, iport);
496
497 return t;
498}
499
500
501/*
502 * token ID 1 byte
503 * size 2 bytes
504 * data size bytes
505 */
506token_t *au_to_opaque(char *data, u_int16_t bytes)
507{
508 token_t *t;
509 u_char *dptr;
510
511 if((data == NULL) || (bytes <= 0)) {
512 return NULL;
513 }
514
515 GET_TOKEN_AREA(t, dptr, bytes + 3);
516 if(t == NULL) {
517 return NULL;
518 }
519
520 ADD_U_CHAR(dptr, AU_OPAQUE_TOKEN);
521 ADD_U_INT16(dptr, bytes);
522 ADD_MEM(dptr, data, bytes);
523
524 return t;
525}
526
55e303ae
A		 527/*
528 * Kernel version of the add file token function, where the time value
529 * is passed in as an additional parameter.
530 * token ID 1 byte
531 * seconds of time 4 bytes
532 * milliseconds of time 4 bytes
533 * file name len 2 bytes
534 * file pathname N bytes + 1 terminating NULL byte
535 */
91447636 536token_t *kau_to_file(const char *file, const struct timeval *tv)
55e303ae
A		 537{
538 token_t *t;
539 u_char *dptr;
540 u_int16_t filelen;
541 u_int32_t timems = tv->tv_usec/1000; /* We need time in ms */
542
543 if(file == NULL) {
544 return NULL;
545 }
546 /* Make sure that text is null terminated */
547 filelen = strlen(file);
548 if(file[filelen] != '\0') {
549 return NULL;
550 }
551
552 GET_TOKEN_AREA(t, dptr, filelen + 12);
553 if(t == NULL) {
554 return NULL;
555 }
556
557 filelen += 1;
558
559 ADD_U_CHAR(dptr, AU_FILE_TOKEN);
560
561 /* Add the timestamp */
562 ADD_U_INT32(dptr, tv->tv_sec);
563 ADD_U_INT32(dptr, timems);
564
565 ADD_U_INT16(dptr, filelen);
566 ADD_STRING(dptr, file, filelen);
567
568 return t;
569
570}
55e303ae
A		 571
572/*
573 * token ID 1 byte
574 * text length 2 bytes
575 * text N bytes + 1 terminating NULL byte
576 */
577token_t *au_to_text(char *text)
578{
579 token_t *t;
580 u_char *dptr;
581 u_int16_t textlen;
582
583 if(text == NULL) {
584 return NULL;
585 }
586 /* Make sure that text is null terminated */
587 textlen = strlen(text);
588 if(text[textlen] != '\0') {
589 return NULL;
590 }
591
592 GET_TOKEN_AREA(t, dptr, textlen + 4);
593 if(t == NULL) {
594 return NULL;
595 }
596
597 textlen += 1;
598
599 ADD_U_CHAR(dptr, AU_TEXT_TOKEN);
600 ADD_U_INT16(dptr, textlen);
601 ADD_STRING(dptr, text, textlen);
602
603 return t;
604}
605
606/*
607 * token ID 1 byte
608 * path length 2 bytes
609 * path N bytes + 1 terminating NULL byte
610 */
611token_t *au_to_path(char *text)
612{
613 token_t *t;
614 u_char *dptr;
615 u_int16_t textlen;
616
617 if(text == NULL) {
618 return NULL;
619 }
620 /* Make sure that text is null terminated */
621 textlen = strlen(text);
622 if(text[textlen] != '\0') {
623 return NULL;
624 }
625
626 GET_TOKEN_AREA(t, dptr, textlen + 4);
627 if(t == NULL) {
628 return NULL;
629 }
630
631 textlen += 1;
632
633 ADD_U_CHAR(dptr, AU_PATH_TOKEN);
634 ADD_U_INT16(dptr, textlen);
635 ADD_STRING(dptr, text, textlen);
636
637 return t;
638}
639
640/*
641 * token ID 1 byte
642 * audit ID 4 bytes
643 * effective user ID 4 bytes
644 * effective group ID 4 bytes
645 * real user ID 4 bytes
646 * real group ID 4 bytes
647 * process ID 4 bytes
648 * session ID 4 bytes
649 * terminal ID
650 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
651 * machine address 4 bytes
652 */
653token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
654 uid_t ruid, gid_t rgid, pid_t pid,
655 au_asid_t sid, au_tid_t *tid)
656{
657 token_t *t;
658 u_char *dptr;
659
660 if(tid == NULL) {
661 return NULL;
662 }
663
664 GET_TOKEN_AREA(t, dptr, 37);
665 if(t == NULL) {
666 return NULL;
667 }
668
669 ADD_U_CHAR(dptr, AU_PROCESS_32_TOKEN);
670 ADD_U_INT32(dptr, auid);
671 ADD_U_INT32(dptr, euid);
672 ADD_U_INT32(dptr, egid);
673 ADD_U_INT32(dptr, ruid);
674 ADD_U_INT32(dptr, rgid);
675 ADD_U_INT32(dptr, pid);
676 ADD_U_INT32(dptr, sid);
677 ADD_U_INT32(dptr, tid->port);
678 ADD_U_INT32(dptr, tid->machine);
679
680 return t;
681}
682
91447636
A		 683token_t *au_to_process64(__unused au_id_t auid,
684 __unused uid_t euid,
685 __unused gid_t egid,
686 __unused uid_t ruid,
687 __unused gid_t rgid,
688 __unused pid_t pid,
689 __unused au_asid_t sid,
690 __unused au_tid_t *tid)
55e303ae 691{
91447636
A		 692 return NULL;
693 }
55e303ae
A		 694
695token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
696 uid_t ruid, gid_t rgid, pid_t pid,
697 au_asid_t sid, au_tid_t *tid)
698{
699 return au_to_process32(auid, euid, egid, ruid, rgid, pid,
700 sid, tid);
701}
702
703
704/*
705 * token ID 1 byte
706 * audit ID 4 bytes
707 * effective user ID 4 bytes
708 * effective group ID 4 bytes
709 * real user ID 4 bytes
710 * real group ID 4 bytes
711 * process ID 4 bytes
712 * session ID 4 bytes
713 * terminal ID
714 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
715 * address type-len 4 bytes
716 * machine address 16 bytes
717 */
718token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
719 uid_t ruid, gid_t rgid, pid_t pid,
720 au_asid_t sid, au_tid_addr_t *tid)
721{
722 token_t *t;
723 u_char *dptr;
724
725 if(tid == NULL) {
726 return NULL;
727 }
728
729 GET_TOKEN_AREA(t, dptr, 53);
730 if(t == NULL) {
731 return NULL;
732 }
733
734 ADD_U_CHAR(dptr, AU_PROCESS_32_EX_TOKEN);
735 ADD_U_INT32(dptr, auid);
736 ADD_U_INT32(dptr, euid);
737 ADD_U_INT32(dptr, egid);
738 ADD_U_INT32(dptr, ruid);
739 ADD_U_INT32(dptr, rgid);
740 ADD_U_INT32(dptr, pid);
741 ADD_U_INT32(dptr, sid);
742 ADD_U_INT32(dptr, tid->at_port);
743 ADD_U_INT32(dptr, tid->at_type);
744 ADD_U_INT32(dptr, tid->at_addr[0]);
745 ADD_U_INT32(dptr, tid->at_addr[1]);
746 ADD_U_INT32(dptr, tid->at_addr[2]);
747 ADD_U_INT32(dptr, tid->at_addr[3]);
748
749 return t;
750}
751
91447636
A		 752token_t *au_to_process64_ex(
753 __unused au_id_t auid,
754 __unused uid_t euid,
755 __unused gid_t egid,
756 __unused uid_t ruid,
757 __unused gid_t rgid,
758 __unused pid_t pid,
759 __unused au_asid_t sid,
760 __unused au_tid_addr_t *tid)
55e303ae 761{
e5568f75 762 return NULL;
55e303ae 763}
91447636 764
55e303ae
A		 765token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
766 uid_t ruid, gid_t rgid, pid_t pid,
767 au_asid_t sid, au_tid_addr_t *tid)
768{
769 return au_to_process32_ex(auid, euid, egid, ruid, rgid,
770 pid, sid, tid);
771}
772
773/*
774 * token ID 1 byte
775 * error status 1 byte
776 * return value 4 bytes/8 bytes (32-bit/64-bit value)
777 */
778token_t *au_to_return32(char status, u_int32_t ret)
779{
780 token_t *t;
781 u_char *dptr;
782
783
784 GET_TOKEN_AREA(t, dptr, 6);
785 if(t == NULL) {
786 return NULL;
787 }
788
789 ADD_U_CHAR(dptr, AU_RETURN_32_TOKEN);
790 ADD_U_CHAR(dptr, status);
791 ADD_U_INT32(dptr, ret);
792
793 return t;
794}
795
796token_t *au_to_return64(char status, u_int64_t ret)
797{
798 token_t *t;
799 u_char *dptr;
800
801
802 GET_TOKEN_AREA(t, dptr, 10);
803 if(t == NULL) {
804 return NULL;
805 }
806
807 ADD_U_CHAR(dptr, AU_RETURN_64_TOKEN);
808 ADD_U_CHAR(dptr, status);
809 ADD_U_INT64(dptr, ret);
810
811 return t;
812}
813
814token_t *au_to_return(char status, u_int32_t ret)
815{
816 return au_to_return32(status, ret);
817}
818
819/*
820 * token ID 1 byte
821 * sequence number 4 bytes
822 */
823token_t *au_to_seq(long audit_count)
824{
825 token_t *t;
826 u_char *dptr;
827
828
829 GET_TOKEN_AREA(t, dptr, 5);
830 if(t == NULL) {
831 return NULL;
832 }
833
834 ADD_U_CHAR(dptr, AU_SEQ_TOKEN);
835 ADD_U_INT32(dptr, audit_count);
836
837 return t;
838}
839
840/*
841 * token ID 1 byte
842 * socket type 2 bytes
e5568f75
A		 843 * local port 2 bytes
844 * local Internet address 4 bytes
55e303ae
A		 845 * remote port 2 bytes
846 * remote Internet address 4 bytes
847 */
91447636 848token_t *au_to_socket(__unused struct socket *so)
55e303ae 849{
e5568f75
A		 850 return NULL;
851}
852
853/*
854 * Kernel-specific version of the above function.
855 */
856token_t *kau_to_socket(struct socket_au_info *soi)
857{
858 token_t *t;
859 u_char *dptr;
860 u_int16_t so_type;
861
862 if(soi == NULL) {
863 return NULL;
864 }
865
866 GET_TOKEN_AREA(t, dptr, 15);
867 if(t == NULL) {
868 return NULL;
869 }
870
871 ADD_U_CHAR(dptr, AU_SOCK_TOKEN);
872 /* Coerce the socket type into a short value */
873 so_type = soi->so_type;
874 ADD_U_INT16(dptr, so_type);
875 ADD_U_INT16(dptr, soi->so_lport);
876 ADD_U_INT32(dptr, soi->so_laddr);
877 ADD_U_INT16(dptr, soi->so_rport);
878 ADD_U_INT32(dptr, soi->so_raddr);
879
880 return t;
55e303ae
A		 881}
882
883/*
884 * token ID 1 byte
885 * socket type 2 bytes
886 * local port 2 bytes
887 * address type/length 4 bytes
888 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
889 * remote port 4 bytes
890 * address type/length 4 bytes
891 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
892 */
91447636
A		 893token_t *au_to_socket_ex_32(
894 __unused u_int16_t lp,
895 __unused u_int16_t rp,
896 __unused struct sockaddr *la,
897 __unused struct sockaddr *ra)
55e303ae
A		 898{
899 return NULL;
900}
e5568f75 901
91447636
A		 902token_t *au_to_socket_ex_128(
903 __unused u_int16_t lp,
904 __unused u_int16_t rp,
905 __unused struct sockaddr *la,
906 __unused struct sockaddr *ra)
55e303ae
A		 907{
908 return NULL;
909}
910
911/*
912 * token ID 1 byte
913 * socket family 2 bytes
914 * local port 2 bytes
915 * socket address 4 bytes
916 */
917token_t *au_to_sock_inet32(struct sockaddr_in *so)
918{
919 token_t *t;
920 u_char *dptr;
921
922 if(so == NULL) {
923 return NULL;
924 }
925
926 GET_TOKEN_AREA(t, dptr, 9);
927 if(t == NULL) {
928 return NULL;
929 }
930
931 ADD_U_CHAR(dptr, AU_SOCK_INET_32_TOKEN);
932 /* In Darwin, sin_family is one octet, but BSM defines the token
933 * to store two. So we copy in a 0 first.
934 */
935 ADD_U_CHAR(dptr, 0);
936 ADD_U_CHAR(dptr, so->sin_family);
937 ADD_U_INT16(dptr, so->sin_port);
938 ADD_U_INT32(dptr, so->sin_addr.s_addr);
939
940 return t;
941
942}
943
944token_t *au_to_sock_inet128(struct sockaddr_in6 *so)
945{
946 token_t *t;
947 u_char *dptr;
948
949 if(so == NULL) {
950 return NULL;
951 }
952
953 GET_TOKEN_AREA(t, dptr, 21);
954 if(t == NULL) {
955 return NULL;
956 }
957
958 ADD_U_CHAR(dptr, AU_SOCK_INET_128_TOKEN);
959 /* In Darwin, sin_family is one octet, but BSM defines the token
960 * to store two. So we copy in a 0 first.
961 */
962 ADD_U_CHAR(dptr, 0);
963 ADD_U_CHAR(dptr, so->sin6_family);
964 ADD_U_INT16(dptr, so->sin6_port);
965 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]);
966 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]);
967 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]);
968 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]);
969
970 return t;
971
972
973
974}
975
976/*
977 * token ID 1 byte
978 * socket family 2 bytes
979 * path 104 bytes
980 */
981token_t *au_to_sock_unix(struct sockaddr_un *so)
982{
983 token_t *t;
984 u_char *dptr;
985
986 if(so == NULL) {
987 return NULL;
988 }
989
990 GET_TOKEN_AREA(t, dptr, 107);
991 if(t == NULL) {
992 return NULL;
993 }
994
995 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN);
996 /* BSM token has two bytes for family */
997 ADD_U_CHAR(dptr, 0);
998 ADD_U_CHAR(dptr, so->sun_family);
999 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path));
1000
1001 return t;
1002
1003}
1004
1005token_t *au_to_sock_inet(struct sockaddr_in *so)
1006{
1007 return au_to_sock_inet32(so);
1008}
1009
1010/*
1011 * token ID 1 byte
1012 * audit ID 4 bytes
1013 * effective user ID 4 bytes
1014 * effective group ID 4 bytes
1015 * real user ID 4 bytes
1016 * real group ID 4 bytes
1017 * process ID 4 bytes
1018 * session ID 4 bytes
1019 * terminal ID
1020 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1021 * machine address 4 bytes
1022 */
1023token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
1024 uid_t ruid, gid_t rgid, pid_t pid,
1025 au_asid_t sid, au_tid_t *tid)
1026{
1027 token_t *t;
1028 u_char *dptr;
1029
1030 if(tid == NULL) {
1031 return NULL;
1032 }
1033
1034 GET_TOKEN_AREA(t, dptr, 37);
1035 if(t == NULL) {
1036 return NULL;
1037 }
1038
1039 ADD_U_CHAR(dptr, AU_SUBJECT_32_TOKEN);
1040 ADD_U_INT32(dptr, auid);
1041 ADD_U_INT32(dptr, euid);
1042 ADD_U_INT32(dptr, egid);
1043 ADD_U_INT32(dptr, ruid);
1044 ADD_U_INT32(dptr, rgid);
1045 ADD_U_INT32(dptr, pid);
1046 ADD_U_INT32(dptr, sid);
1047 ADD_U_INT32(dptr, tid->port);
1048 ADD_U_INT32(dptr, tid->machine);
1049
1050 return t;
1051}
1052
91447636
A		 1053token_t *au_to_subject64(
1054 __unused au_id_t auid,
1055 __unused uid_t euid,
1056 __unused gid_t egid,
1057 __unused uid_t ruid,
1058 __unused gid_t rgid,
1059 __unused pid_t pid,
1060 __unused au_asid_t sid,
1061 __unused au_tid_t *tid)
55e303ae 1062{
91447636
A		 1063 return NULL;
1064 }
1065
55e303ae
A		 1066token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
1067 uid_t ruid, gid_t rgid, pid_t pid,
1068 au_asid_t sid, au_tid_t *tid)
1069{
1070 return au_to_subject32(auid, euid, egid, ruid, rgid,
1071 pid, sid, tid);
1072
1073}
1074
1075/*
1076 * token ID 1 byte
1077 * audit ID 4 bytes
1078 * effective user ID 4 bytes
1079 * effective group ID 4 bytes
1080 * real user ID 4 bytes
1081 * real group ID 4 bytes
1082 * process ID 4 bytes
1083 * session ID 4 bytes
1084 * terminal ID
1085 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1086 * address type/length 4 bytes
1087 * machine address 16 bytes
1088 */
1089token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
1090 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1091 au_asid_t sid, au_tid_addr_t *tid)
1092{
1093 token_t *t;
1094 u_char *dptr;
1095
1096 if(tid == NULL) {
1097 return NULL;
1098 }
1099
1100 GET_TOKEN_AREA(t, dptr, 53);
1101 if(t == NULL) {
1102 return NULL;
1103 }
1104
1105 ADD_U_CHAR(dptr, AU_SUBJECT_32_EX_TOKEN);
1106 ADD_U_INT32(dptr, auid);
1107 ADD_U_INT32(dptr, euid);
1108 ADD_U_INT32(dptr, egid);
1109 ADD_U_INT32(dptr, ruid);
1110 ADD_U_INT32(dptr, rgid);
1111 ADD_U_INT32(dptr, pid);
1112 ADD_U_INT32(dptr, sid);
1113 ADD_U_INT32(dptr, tid->at_port);
1114 ADD_U_INT32(dptr, tid->at_type);
1115 ADD_U_INT32(dptr, tid->at_addr[0]);
1116 ADD_U_INT32(dptr, tid->at_addr[1]);
1117 ADD_U_INT32(dptr, tid->at_addr[2]);
1118 ADD_U_INT32(dptr, tid->at_addr[3]);
1119
1120 return t;
1121}
1122
91447636
A		 1123token_t *au_to_subject64_ex(
1124 __unused au_id_t auid,
1125 __unused uid_t euid,
1126 __unused gid_t egid,
1127 __unused uid_t ruid,
1128 __unused gid_t rgid,
1129 __unused pid_t pid,
1130 __unused au_asid_t sid,
1131 __unused au_tid_addr_t *tid)
55e303ae 1132{
e5568f75 1133 return NULL;
55e303ae
A		 1134}
1135
1136token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
1137 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1138 au_asid_t sid, au_tid_addr_t *tid)
1139{
1140 return au_to_subject32_ex(auid, euid, egid, ruid, rgid,
1141 pid, sid, tid);
1142
1143}
1144
1145/*
1146 * token ID 1 byte
1147 * count 4 bytes
1148 * text count null-terminated strings
1149 */
1150token_t *au_to_exec_args(const char **args)
1151{
1152 token_t *t;
1153 u_char *dptr;
1154 const char *nextarg;
1155 int i, count = 0;
1156 size_t totlen = 0;
1157
1158 if(args == NULL) {
1159 return NULL;
1160 }
1161
1162 nextarg = *args;
1163
1164 while(nextarg != NULL) {
1165 int nextlen;
1166
1167 nextlen = strlen(nextarg);
1168 if(nextarg[nextlen] != '\0') {
1169 return NULL;
1170 }
1171
1172 totlen += nextlen + 1;
1173 count++;
1174 nextarg = *(args + count);
1175 }
1176
1177
1178 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1179 if(t == NULL) {
1180 return NULL;
1181 }
1182
1183 ADD_U_CHAR(dptr, AU_EXEC_ARG_TOKEN);
1184 ADD_U_INT32(dptr, count);
1185
1186 for(i =0; i< count; i++) {
1187 nextarg = *(args + i);
1188 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
1189 }
1190
1191 return t;
1192}
1193
1194
1195/*
1196 * token ID 1 byte
1197 * count 4 bytes
1198 * text count null-terminated strings
1199 */
1200token_t *au_to_exec_env(const char **env)
1201{
1202 token_t *t;
1203 u_char *dptr;
1204 int i, count = 0;
1205 size_t totlen = 0;
1206 const char *nextenv;
1207
1208 if(env == NULL) {
1209 return NULL;
1210 }
1211
1212 nextenv = *env;
1213
1214 while(nextenv != NULL) {
1215 int nextlen;
1216
1217 nextlen = strlen(nextenv);
1218 if(nextenv[nextlen] != '\0') {
1219 return NULL;
1220 }
1221
1222 totlen += nextlen + 1;
1223 count++;
1224 nextenv = *(env + count);
1225 }
1226
1227
1228 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1229 if(t == NULL) {
1230 return NULL;
1231 }
1232
1233 ADD_U_CHAR(dptr, AU_EXEC_ENV_TOKEN);
1234 ADD_U_INT32(dptr, count);
1235
1236 for(i =0; i< count; i++) {
1237 nextenv = *(env + i);
1238 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
1239 }
1240
1241 return t;
1242}
1243
1244
55e303ae
A		 1245/*
1246 * Kernel version of the BSM header token functions. These versions take
1247 * a timespec struct as an additional parameter in order to obtain the
1248 * create time value for the BSM audit record.
1249 * token ID 1 byte
1250 * record byte count 4 bytes
1251 * version # 1 byte [2]
1252 * event type 2 bytes
1253 * event modifier 2 bytes
1254 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1255 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1256 */
91447636 1257token_t *kau_to_header32(const struct timespec *ctime, int rec_size,
55e303ae
A		 1258 au_event_t e_type, au_emod_t e_mod)
1259{
1260 token_t *t;
1261 u_char *dptr;
1262 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
1263
1264 GET_TOKEN_AREA(t, dptr, 18);
1265 if(t == NULL) {
1266 return NULL;
1267 }
1268
1269 ADD_U_CHAR(dptr, AU_HEADER_32_TOKEN);
1270 ADD_U_INT32(dptr, rec_size);
1271 ADD_U_CHAR(dptr, HEADER_VERSION);
1272 ADD_U_INT16(dptr, e_type);
1273 ADD_U_INT16(dptr, e_mod);
1274
1275 /* Add the timestamp */
1276 ADD_U_INT32(dptr, ctime->tv_sec);
1277 ADD_U_INT32(dptr, timems);
1278
1279 return t;
1280}
1281
91447636
A		 1282token_t *kau_to_header64(
1283 __unused const struct timespec *ctime,
1284 __unused int rec_size,
1285 __unused au_event_t e_type,
1286 __unused au_emod_t e_mod)
55e303ae 1287{
e5568f75 1288 return NULL;
55e303ae 1289}
91447636
A		 1290
1291token_t *kau_to_header(const struct timespec *ctime, int rec_size,
55e303ae
A		 1292 au_event_t e_type, au_emod_t e_mod)
1293{
1294 return kau_to_header32(ctime, rec_size, e_type, e_mod);
1295}
1296
55e303ae
A		 1297/*
1298 * token ID 1 byte
1299 * trailer magic number 2 bytes
1300 * record byte count 4 bytes
1301 */
1302token_t *au_to_trailer(int rec_size)
1303{
1304 token_t *t;
1305 u_char *dptr;
1306 u_int16_t magic = TRAILER_PAD_MAGIC;
1307
1308
1309 GET_TOKEN_AREA(t, dptr, 7);
1310 if(t == NULL) {
1311 return NULL;
1312 }
1313
1314 ADD_U_CHAR(dptr, AU_TRAILER_TOKEN);
1315 ADD_U_INT16(dptr, magic);
1316 ADD_U_INT32(dptr, rec_size);
1317
1318 return t;
1319
1320}
1321
mirror of XNU