]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/kern_bsm_token.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-792.17.14.tar.gz
[apple/xnu.git] / bsd / kern / kern_bsm_token.c
CommitLineData
55e303ae 1/*
91447636 2 * Copyright (c) 2003-2004 Apple Computer, Inc. All rights reserved.
55e303ae 3 *
8f6c56a5 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
55e303ae 5 *
8f6c56a5
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
8ad349bb 24 * limitations under the License.
8f6c56a5
A		 25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
55e303ae 27 */
e5568f75 28
55e303ae 29#include <sys/types.h>
55e303ae 30#include <sys/un.h>
e5568f75 31#include <sys/event.h>
91447636 32#include <sys/ucred.h>
e5568f75 33
91447636 34#include <sys/ipc.h>
e5568f75
A		 35#include <bsm/audit.h>
36#include <bsm/audit_record.h>
37#include <bsm/audit_klib.h>
38#include <bsm/audit_kernel.h>
39
55e303ae 40#include <kern/clock.h>
91447636
A		 41#include <kern/kalloc.h>
42
43#include <string.h>
55e303ae
A		 44
45#define GET_TOKEN_AREA(tok, dptr, length) \
46 do {\
e5568f75 47 tok = (token_t *)kalloc(sizeof(*tok) + length); \
55e303ae
A		 48 if(tok != NULL)\
49 {\
50 tok->len = length;\
e5568f75 51 dptr = tok->t_data = (u_char *)&tok[1];\
91447636
A		 52 memset(dptr, 0, length);\
53 }\
55e303ae
A		 54 }while(0)
55
56
57
58/*
59 * token ID 1 byte
60 * argument # 1 byte
61 * argument value 4 bytes/8 bytes (32-bit/64-bit value)
62 * text length 2 bytes
63 * text N bytes + 1 terminating NULL byte
64 */
65token_t *au_to_arg32(char n, char *text, u_int32_t v)
66{
67 token_t *t;
68 u_char *dptr;
69 u_int16_t textlen;
70
71 if(text == NULL) {
72 return NULL;
73 }
74
75 /* Make sure that text is null terminated */
76 textlen = strlen(text);
77 if(text[textlen] != '\0') {
78 return NULL;
79 }
80
81 GET_TOKEN_AREA(t, dptr, 9 + textlen);
82 if(t == NULL) {
83 return NULL;
84 }
85
86 textlen += 1;
87
88 ADD_U_CHAR(dptr, AU_ARG32_TOKEN);
89 ADD_U_CHAR(dptr, n);
90 ADD_U_INT32(dptr, v);
91 ADD_U_INT16(dptr, textlen);
92 ADD_STRING(dptr, text, textlen);
93
94 return t;
95
96}
97
98token_t *au_to_arg64(char n, char *text, u_int64_t v)
99{
100 token_t *t;
101 u_char *dptr;
102 u_int16_t textlen;
103
104 if(text == NULL) {
105 return NULL;
106 }
107
108 /* Make sure that text is null terminated */
109 textlen = strlen(text);
110 if(text[textlen] != '\0') {
111 return NULL;
112 }
113
114 GET_TOKEN_AREA(t, dptr, 13 + textlen);
115 if(t == NULL) {
116 return NULL;
117 }
118
119 textlen += 1;
120
121 ADD_U_CHAR(dptr, AU_ARG64_TOKEN);
122 ADD_U_CHAR(dptr, n);
123 ADD_U_INT64(dptr, v);
124 ADD_U_INT16(dptr, textlen);
125 ADD_STRING(dptr, text, textlen);
126
127 return t;
128
129}
130
131token_t *au_to_arg(char n, char *text, u_int32_t v)
132{
133 return au_to_arg32(n, text, v);
134}
135
136/*
137 * token ID 1 byte
138 * file access mode 4 bytes
139 * owner user ID 4 bytes
140 * owner group ID 4 bytes
141 * file system ID 4 bytes
142 * node ID 8 bytes
143 * device 4 bytes/8 bytes (32-bit/64-bit)
144 */
91447636 145token_t *au_to_attr32(__unused struct vnode_attr *attr)
e5568f75
A		 146{
147 return NULL;
148}
149
150/* Kernel-specific version of the above function */
151token_t *kau_to_attr32(struct vnode_au_info *vni)
55e303ae
A		 152{
153 token_t *t;
154 u_char *dptr;
e5568f75
A		 155 u_int64_t fileid;
156 u_int16_t pad0_16 = 0;
157 u_int32_t pad0_32 = 0;
55e303ae 158
e5568f75 159 if(vni == NULL) {
55e303ae
A		 160 return NULL;
161 }
162
55e303ae
A		 163 GET_TOKEN_AREA(t, dptr, 29);
164 if(t == NULL) {
165 return NULL;
166 }
167
168 ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
e5568f75
A		 169
170 /*
171 * Darwin defines the size for the file mode as 2 bytes;
172 * BSM defines 4. So we copy in a 0 first.
173 */
174 ADD_U_INT16(dptr, pad0_16);
175 ADD_U_INT16(dptr, vni->vn_mode);
176
177 ADD_U_INT32(dptr, vni->vn_uid);
178 ADD_U_INT32(dptr, vni->vn_gid);
179 ADD_U_INT32(dptr, vni->vn_fsid);
180
181 /*
182 * Darwin defines the size for fileid as 4 bytes;
183 * BSM defines 8. So we copy in a 0 first.
184 */
185 fileid = vni->vn_fileid;
186 ADD_U_INT32(dptr, pad0_32);
187 ADD_U_INT32(dptr, fileid);
188
189 ADD_U_INT32(dptr, vni->vn_dev);
55e303ae
A		 190
191 return t;
192}
193
91447636 194token_t *au_to_attr64(__unused struct vnode_attr *attr)
55e303ae 195{
91447636 196 return NULL;
e5568f75 197}
91447636
A		 198
199token_t *kau_to_attr64(__unused struct vnode_au_info *vni)
e5568f75
A		 200{
201 return NULL;
55e303ae
A		 202}
203
91447636 204token_t *au_to_attr(struct vnode_attr *attr)
55e303ae
A		 205{
206 return au_to_attr32(attr);
207
208}
209
210
211/*
212 * token ID 1 byte
213 * how to print 1 byte
214 * basic unit 1 byte
215 * unit count 1 byte
216 * data items (depends on basic unit)
217 */
218token_t *au_to_data(char unit_print, char unit_type,
219 char unit_count, char *p)
220{
221 token_t *t;
222 u_char *dptr;
223 size_t datasize, totdata;
224
225 if(p == NULL) {
226 return NULL;
227 }
228
229 /* Determine the size of the basic unit */
230 switch(unit_type) {
231 case AUR_BYTE: datasize = AUR_BYTE_SIZE;
232 break;
233
234 case AUR_SHORT: datasize = AUR_SHORT_SIZE;
235 break;
236
237 case AUR_LONG: datasize = AUR_LONG_SIZE;
238 break;
239
240 default: return NULL;
241 }
242
243 totdata = datasize * unit_count;
244
245 GET_TOKEN_AREA(t, dptr, totdata + 4);
246 if(t == NULL) {
247 return NULL;
248 }
249
250 ADD_U_CHAR(dptr, AU_ARB_TOKEN);
251 ADD_U_CHAR(dptr, unit_print);
252 ADD_U_CHAR(dptr, unit_type);
253 ADD_U_CHAR(dptr, unit_count);
254 ADD_MEM(dptr, p, totdata);
255
256 return t;
257}
258
55e303ae
A		 259/*
260 * token ID 1 byte
261 * status 4 bytes
262 * return value 4 bytes
263 */
264token_t *au_to_exit(int retval, int err)
265{
266 token_t *t;
267 u_char *dptr;
268
269 GET_TOKEN_AREA(t, dptr, 9);
270 if(t == NULL) {
271 return NULL;
272 }
273
274 ADD_U_CHAR(dptr, AU_EXIT_TOKEN);
275 ADD_U_INT32(dptr, err);
276 ADD_U_INT32(dptr, retval);
277
278 return t;
279}
280
281/*
282 */
283token_t *au_to_groups(int *groups)
284{
285 return au_to_newgroups(MAX_GROUPS, groups);
286}
287
288/*
289 * token ID 1 byte
290 * number groups 2 bytes
291 * group list count * 4 bytes
292 */
293token_t *au_to_newgroups(u_int16_t n, gid_t *groups)
294{
295 token_t *t;
296 u_char *dptr;
297 int i;
298
299 if(groups == NULL) {
300 return NULL;
301 }
302
303 GET_TOKEN_AREA(t, dptr, n * 4 + 3);
304 if(t == NULL) {
305 return NULL;
306 }
307
308 ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN);
309 ADD_U_INT16(dptr, n);
310 for(i = 0; i < n; i++) {
311 ADD_U_INT32(dptr, groups[i]);
312 }
313
314 return t;
315}
316
317
318
319
320/*
321 * token ID 1 byte
322 * internet address 4 bytes
323 */
324token_t *au_to_in_addr(struct in_addr *internet_addr)
325{
326 token_t *t;
327 u_char *dptr;
328
329 if(internet_addr == NULL) {
330 return NULL;
331 }
332
333 GET_TOKEN_AREA(t, dptr, 5);
334 if(t == NULL) {
335 return NULL;
336 }
337
338 ADD_U_CHAR(dptr, AU_IN_ADDR_TOKEN);
339 ADD_U_INT32(dptr, internet_addr->s_addr);
340
341 return t;
342}
343
344/*
345 * token ID 1 byte
346 * address type/length 4 bytes
347 * Address 16 bytes
348 */
349token_t *au_to_in_addr_ex(struct in6_addr *internet_addr)
350{
351 token_t *t;
352 u_char *dptr;
e5568f75 353 u_int32_t type = AF_INET6;
55e303ae
A		 354
355 if(internet_addr == NULL) {
356 return NULL;
357 }
358
359 GET_TOKEN_AREA(t, dptr, 21);
360 if(t == NULL) {
361 return NULL;
362 }
363
364 ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN);
e5568f75 365 ADD_U_INT32(dptr, type);
55e303ae
A		 366 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
367 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
368 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
369 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]);
370
371 return t;
372}
373
374/*
375 * token ID 1 byte
376 * ip header 20 bytes
377 */
378token_t *au_to_ip(struct ip *ip)
379{
380 token_t *t;
381 u_char *dptr;
382
383 if(ip == NULL) {
384 return NULL;
385 }
386
387 GET_TOKEN_AREA(t, dptr, 21);
388 if(t == NULL) {
389 return NULL;
390 }
391
392 ADD_U_CHAR(dptr, AU_IP_TOKEN);
393 ADD_MEM(dptr, ip, sizeof(struct ip));
394
395 return t;
396}
397
398/*
399 * token ID 1 byte
400 * object ID type 1 byte
401 * object ID 4 bytes
402 */
403token_t *au_to_ipc(char type, int id)
404{
405 token_t *t;
406 u_char *dptr;
407
408
409 GET_TOKEN_AREA(t, dptr, 6);
410 if(t == NULL) {
411 return NULL;
412 }
413
414 ADD_U_CHAR(dptr, AU_IPC_TOKEN);
415 ADD_U_CHAR(dptr, type);
416 ADD_U_INT32(dptr, id);
417
418 return t;
419}
420
421/*
422 * token ID 1 byte
423 * owner user ID 4 bytes
424 * owner group ID 4 bytes
425 * creator user ID 4 bytes
426 * creator group ID 4 bytes
427 * access mode 4 bytes
428 * slot sequence # 4 bytes
429 * key 4 bytes
430 */
431token_t *au_to_ipc_perm(struct ipc_perm *perm)
432{
433 token_t *t;
434 u_char *dptr;
e5568f75 435 u_int16_t pad0 = 0;
55e303ae
A		 436
437 if(perm == NULL) {
438 return NULL;
439 }
440
441 GET_TOKEN_AREA(t, dptr, 29);
442 if(t == NULL) {
443 return NULL;
444 }
445
e5568f75
A		 446 /*
447 * Darwin defines the sizes for ipc_perm members
448 * as 2 bytes; BSM defines 4. So we copy in a 0 first.
449 */
55e303ae 450 ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
e5568f75
A		 451
452 ADD_U_INT16(dptr, pad0);
453 ADD_U_INT16(dptr, perm->uid);
454
455 ADD_U_INT16(dptr, pad0);
456 ADD_U_INT16(dptr, perm->gid);
457
458 ADD_U_INT16(dptr, pad0);
459 ADD_U_INT16(dptr, perm->cuid);
460
461 ADD_U_INT16(dptr, pad0);
462 ADD_U_INT16(dptr, perm->cgid);
463
464 ADD_U_INT16(dptr, pad0);
465 ADD_U_INT16(dptr, perm->mode);
466
467 ADD_U_INT16(dptr, pad0);
468 ADD_U_INT16(dptr, perm->seq);
469
470 ADD_U_INT16(dptr, pad0);
471 ADD_U_INT16(dptr, perm->key);
55e303ae
A		 472
473 return t;
474}
475
476
477/*
478 * token ID 1 byte
479 * port IP address 2 bytes
480 */
481token_t *au_to_iport(u_int16_t iport)
482{
483 token_t *t;
484 u_char *dptr;
485
486
487 GET_TOKEN_AREA(t, dptr, 3);
488 if(t == NULL) {
489 return NULL;
490 }
491
492 ADD_U_CHAR(dptr, AU_IPORT_TOKEN);
493 ADD_U_INT16(dptr, iport);
494
495 return t;
496}
497
498
499/*
500 * token ID 1 byte
501 * size 2 bytes
502 * data size bytes
503 */
504token_t *au_to_opaque(char *data, u_int16_t bytes)
505{
506 token_t *t;
507 u_char *dptr;
508
509 if((data == NULL) || (bytes <= 0)) {
510 return NULL;
511 }
512
513 GET_TOKEN_AREA(t, dptr, bytes + 3);
514 if(t == NULL) {
515 return NULL;
516 }
517
518 ADD_U_CHAR(dptr, AU_OPAQUE_TOKEN);
519 ADD_U_INT16(dptr, bytes);
520 ADD_MEM(dptr, data, bytes);
521
522 return t;
523}
524
55e303ae
A		 525/*
526 * Kernel version of the add file token function, where the time value
527 * is passed in as an additional parameter.
528 * token ID 1 byte
529 * seconds of time 4 bytes
530 * milliseconds of time 4 bytes
531 * file name len 2 bytes
532 * file pathname N bytes + 1 terminating NULL byte
533 */
91447636 534token_t *kau_to_file(const char *file, const struct timeval *tv)
55e303ae
A		 535{
536 token_t *t;
537 u_char *dptr;
538 u_int16_t filelen;
539 u_int32_t timems = tv->tv_usec/1000; /* We need time in ms */
540
541 if(file == NULL) {
542 return NULL;
543 }
544 /* Make sure that text is null terminated */
545 filelen = strlen(file);
546 if(file[filelen] != '\0') {
547 return NULL;
548 }
549
550 GET_TOKEN_AREA(t, dptr, filelen + 12);
551 if(t == NULL) {
552 return NULL;
553 }
554
555 filelen += 1;
556
557 ADD_U_CHAR(dptr, AU_FILE_TOKEN);
558
559 /* Add the timestamp */
560 ADD_U_INT32(dptr, tv->tv_sec);
561 ADD_U_INT32(dptr, timems);
562
563 ADD_U_INT16(dptr, filelen);
564 ADD_STRING(dptr, file, filelen);
565
566 return t;
567
568}
55e303ae
A		 569
570/*
571 * token ID 1 byte
572 * text length 2 bytes
573 * text N bytes + 1 terminating NULL byte
574 */
575token_t *au_to_text(char *text)
576{
577 token_t *t;
578 u_char *dptr;
579 u_int16_t textlen;
580
581 if(text == NULL) {
582 return NULL;
583 }
584 /* Make sure that text is null terminated */
585 textlen = strlen(text);
586 if(text[textlen] != '\0') {
587 return NULL;
588 }
589
590 GET_TOKEN_AREA(t, dptr, textlen + 4);
591 if(t == NULL) {
592 return NULL;
593 }
594
595 textlen += 1;
596
597 ADD_U_CHAR(dptr, AU_TEXT_TOKEN);
598 ADD_U_INT16(dptr, textlen);
599 ADD_STRING(dptr, text, textlen);
600
601 return t;
602}
603
604/*
605 * token ID 1 byte
606 * path length 2 bytes
607 * path N bytes + 1 terminating NULL byte
608 */
609token_t *au_to_path(char *text)
610{
611 token_t *t;
612 u_char *dptr;
613 u_int16_t textlen;
614
615 if(text == NULL) {
616 return NULL;
617 }
618 /* Make sure that text is null terminated */
619 textlen = strlen(text);
620 if(text[textlen] != '\0') {
621 return NULL;
622 }
623
624 GET_TOKEN_AREA(t, dptr, textlen + 4);
625 if(t == NULL) {
626 return NULL;
627 }
628
629 textlen += 1;
630
631 ADD_U_CHAR(dptr, AU_PATH_TOKEN);
632 ADD_U_INT16(dptr, textlen);
633 ADD_STRING(dptr, text, textlen);
634
635 return t;
636}
637
638/*
639 * token ID 1 byte
640 * audit ID 4 bytes
641 * effective user ID 4 bytes
642 * effective group ID 4 bytes
643 * real user ID 4 bytes
644 * real group ID 4 bytes
645 * process ID 4 bytes
646 * session ID 4 bytes
647 * terminal ID
648 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
649 * machine address 4 bytes
650 */
651token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
652 uid_t ruid, gid_t rgid, pid_t pid,
653 au_asid_t sid, au_tid_t *tid)
654{
655 token_t *t;
656 u_char *dptr;
657
658 if(tid == NULL) {
659 return NULL;
660 }
661
662 GET_TOKEN_AREA(t, dptr, 37);
663 if(t == NULL) {
664 return NULL;
665 }
666
667 ADD_U_CHAR(dptr, AU_PROCESS_32_TOKEN);
668 ADD_U_INT32(dptr, auid);
669 ADD_U_INT32(dptr, euid);
670 ADD_U_INT32(dptr, egid);
671 ADD_U_INT32(dptr, ruid);
672 ADD_U_INT32(dptr, rgid);
673 ADD_U_INT32(dptr, pid);
674 ADD_U_INT32(dptr, sid);
675 ADD_U_INT32(dptr, tid->port);
676 ADD_U_INT32(dptr, tid->machine);
677
678 return t;
679}
680
91447636
A		 681token_t *au_to_process64(__unused au_id_t auid,
682 __unused uid_t euid,
683 __unused gid_t egid,
684 __unused uid_t ruid,
685 __unused gid_t rgid,
686 __unused pid_t pid,
687 __unused au_asid_t sid,
688 __unused au_tid_t *tid)
55e303ae 689{
91447636
A		 690 return NULL;
691 }
55e303ae
A		 692
693token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
694 uid_t ruid, gid_t rgid, pid_t pid,
695 au_asid_t sid, au_tid_t *tid)
696{
697 return au_to_process32(auid, euid, egid, ruid, rgid, pid,
698 sid, tid);
699}
700
701
702/*
703 * token ID 1 byte
704 * audit ID 4 bytes
705 * effective user ID 4 bytes
706 * effective group ID 4 bytes
707 * real user ID 4 bytes
708 * real group ID 4 bytes
709 * process ID 4 bytes
710 * session ID 4 bytes
711 * terminal ID
712 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
713 * address type-len 4 bytes
714 * machine address 16 bytes
715 */
716token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
717 uid_t ruid, gid_t rgid, pid_t pid,
718 au_asid_t sid, au_tid_addr_t *tid)
719{
720 token_t *t;
721 u_char *dptr;
722
723 if(tid == NULL) {
724 return NULL;
725 }
726
727 GET_TOKEN_AREA(t, dptr, 53);
728 if(t == NULL) {
729 return NULL;
730 }
731
732 ADD_U_CHAR(dptr, AU_PROCESS_32_EX_TOKEN);
733 ADD_U_INT32(dptr, auid);
734 ADD_U_INT32(dptr, euid);
735 ADD_U_INT32(dptr, egid);
736 ADD_U_INT32(dptr, ruid);
737 ADD_U_INT32(dptr, rgid);
738 ADD_U_INT32(dptr, pid);
739 ADD_U_INT32(dptr, sid);
740 ADD_U_INT32(dptr, tid->at_port);
741 ADD_U_INT32(dptr, tid->at_type);
742 ADD_U_INT32(dptr, tid->at_addr[0]);
743 ADD_U_INT32(dptr, tid->at_addr[1]);
744 ADD_U_INT32(dptr, tid->at_addr[2]);
745 ADD_U_INT32(dptr, tid->at_addr[3]);
746
747 return t;
748}
749
91447636
A		 750token_t *au_to_process64_ex(
751 __unused au_id_t auid,
752 __unused uid_t euid,
753 __unused gid_t egid,
754 __unused uid_t ruid,
755 __unused gid_t rgid,
756 __unused pid_t pid,
757 __unused au_asid_t sid,
758 __unused au_tid_addr_t *tid)
55e303ae 759{
e5568f75 760 return NULL;
55e303ae 761}
91447636 762
55e303ae
A		 763token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
764 uid_t ruid, gid_t rgid, pid_t pid,
765 au_asid_t sid, au_tid_addr_t *tid)
766{
767 return au_to_process32_ex(auid, euid, egid, ruid, rgid,
768 pid, sid, tid);
769}
770
771/*
772 * token ID 1 byte
773 * error status 1 byte
774 * return value 4 bytes/8 bytes (32-bit/64-bit value)
775 */
776token_t *au_to_return32(char status, u_int32_t ret)
777{
778 token_t *t;
779 u_char *dptr;
780
781
782 GET_TOKEN_AREA(t, dptr, 6);
783 if(t == NULL) {
784 return NULL;
785 }
786
787 ADD_U_CHAR(dptr, AU_RETURN_32_TOKEN);
788 ADD_U_CHAR(dptr, status);
789 ADD_U_INT32(dptr, ret);
790
791 return t;
792}
793
794token_t *au_to_return64(char status, u_int64_t ret)
795{
796 token_t *t;
797 u_char *dptr;
798
799
800 GET_TOKEN_AREA(t, dptr, 10);
801 if(t == NULL) {
802 return NULL;
803 }
804
805 ADD_U_CHAR(dptr, AU_RETURN_64_TOKEN);
806 ADD_U_CHAR(dptr, status);
807 ADD_U_INT64(dptr, ret);
808
809 return t;
810}
811
812token_t *au_to_return(char status, u_int32_t ret)
813{
814 return au_to_return32(status, ret);
815}
816
817/*
818 * token ID 1 byte
819 * sequence number 4 bytes
820 */
821token_t *au_to_seq(long audit_count)
822{
823 token_t *t;
824 u_char *dptr;
825
826
827 GET_TOKEN_AREA(t, dptr, 5);
828 if(t == NULL) {
829 return NULL;
830 }
831
832 ADD_U_CHAR(dptr, AU_SEQ_TOKEN);
833 ADD_U_INT32(dptr, audit_count);
834
835 return t;
836}
837
838/*
839 * token ID 1 byte
840 * socket type 2 bytes
e5568f75
A		 841 * local port 2 bytes
842 * local Internet address 4 bytes
55e303ae
A		 843 * remote port 2 bytes
844 * remote Internet address 4 bytes
845 */
91447636 846token_t *au_to_socket(__unused struct socket *so)
55e303ae 847{
e5568f75
A		 848 return NULL;
849}
850
851/*
852 * Kernel-specific version of the above function.
853 */
854token_t *kau_to_socket(struct socket_au_info *soi)
855{
856 token_t *t;
857 u_char *dptr;
858 u_int16_t so_type;
859
860 if(soi == NULL) {
861 return NULL;
862 }
863
864 GET_TOKEN_AREA(t, dptr, 15);
865 if(t == NULL) {
866 return NULL;
867 }
868
869 ADD_U_CHAR(dptr, AU_SOCK_TOKEN);
870 /* Coerce the socket type into a short value */
871 so_type = soi->so_type;
872 ADD_U_INT16(dptr, so_type);
873 ADD_U_INT16(dptr, soi->so_lport);
874 ADD_U_INT32(dptr, soi->so_laddr);
875 ADD_U_INT16(dptr, soi->so_rport);
876 ADD_U_INT32(dptr, soi->so_raddr);
877
878 return t;
55e303ae
A		 879}
880
881/*
882 * token ID 1 byte
883 * socket type 2 bytes
884 * local port 2 bytes
885 * address type/length 4 bytes
886 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
887 * remote port 4 bytes
888 * address type/length 4 bytes
889 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
890 */
91447636
A		 891token_t *au_to_socket_ex_32(
892 __unused u_int16_t lp,
893 __unused u_int16_t rp,
894 __unused struct sockaddr *la,
895 __unused struct sockaddr *ra)
55e303ae
A		 896{
897 return NULL;
898}
e5568f75 899
91447636
A		 900token_t *au_to_socket_ex_128(
901 __unused u_int16_t lp,
902 __unused u_int16_t rp,
903 __unused struct sockaddr *la,
904 __unused struct sockaddr *ra)
55e303ae
A		 905{
906 return NULL;
907}
908
909/*
910 * token ID 1 byte
911 * socket family 2 bytes
912 * local port 2 bytes
913 * socket address 4 bytes
914 */
915token_t *au_to_sock_inet32(struct sockaddr_in *so)
916{
917 token_t *t;
918 u_char *dptr;
919
920 if(so == NULL) {
921 return NULL;
922 }
923
924 GET_TOKEN_AREA(t, dptr, 9);
925 if(t == NULL) {
926 return NULL;
927 }
928
929 ADD_U_CHAR(dptr, AU_SOCK_INET_32_TOKEN);
930 /* In Darwin, sin_family is one octet, but BSM defines the token
931 * to store two. So we copy in a 0 first.
932 */
933 ADD_U_CHAR(dptr, 0);
934 ADD_U_CHAR(dptr, so->sin_family);
935 ADD_U_INT16(dptr, so->sin_port);
936 ADD_U_INT32(dptr, so->sin_addr.s_addr);
937
938 return t;
939
940}
941
942token_t *au_to_sock_inet128(struct sockaddr_in6 *so)
943{
944 token_t *t;
945 u_char *dptr;
946
947 if(so == NULL) {
948 return NULL;
949 }
950
951 GET_TOKEN_AREA(t, dptr, 21);
952 if(t == NULL) {
953 return NULL;
954 }
955
956 ADD_U_CHAR(dptr, AU_SOCK_INET_128_TOKEN);
957 /* In Darwin, sin_family is one octet, but BSM defines the token
958 * to store two. So we copy in a 0 first.
959 */
960 ADD_U_CHAR(dptr, 0);
961 ADD_U_CHAR(dptr, so->sin6_family);
962 ADD_U_INT16(dptr, so->sin6_port);
963 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]);
964 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]);
965 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]);
966 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]);
967
968 return t;
969
970
971
972}
973
974/*
975 * token ID 1 byte
976 * socket family 2 bytes
977 * path 104 bytes
978 */
979token_t *au_to_sock_unix(struct sockaddr_un *so)
980{
981 token_t *t;
982 u_char *dptr;
983
984 if(so == NULL) {
985 return NULL;
986 }
987
988 GET_TOKEN_AREA(t, dptr, 107);
989 if(t == NULL) {
990 return NULL;
991 }
992
993 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN);
994 /* BSM token has two bytes for family */
995 ADD_U_CHAR(dptr, 0);
996 ADD_U_CHAR(dptr, so->sun_family);
997 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path));
998
999 return t;
1000
1001}
1002
1003token_t *au_to_sock_inet(struct sockaddr_in *so)
1004{
1005 return au_to_sock_inet32(so);
1006}
1007
1008/*
1009 * token ID 1 byte
1010 * audit ID 4 bytes
1011 * effective user ID 4 bytes
1012 * effective group ID 4 bytes
1013 * real user ID 4 bytes
1014 * real group ID 4 bytes
1015 * process ID 4 bytes
1016 * session ID 4 bytes
1017 * terminal ID
1018 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1019 * machine address 4 bytes
1020 */
1021token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
1022 uid_t ruid, gid_t rgid, pid_t pid,
1023 au_asid_t sid, au_tid_t *tid)
1024{
1025 token_t *t;
1026 u_char *dptr;
1027
1028 if(tid == NULL) {
1029 return NULL;
1030 }
1031
1032 GET_TOKEN_AREA(t, dptr, 37);
1033 if(t == NULL) {
1034 return NULL;
1035 }
1036
1037 ADD_U_CHAR(dptr, AU_SUBJECT_32_TOKEN);
1038 ADD_U_INT32(dptr, auid);
1039 ADD_U_INT32(dptr, euid);
1040 ADD_U_INT32(dptr, egid);
1041 ADD_U_INT32(dptr, ruid);
1042 ADD_U_INT32(dptr, rgid);
1043 ADD_U_INT32(dptr, pid);
1044 ADD_U_INT32(dptr, sid);
1045 ADD_U_INT32(dptr, tid->port);
1046 ADD_U_INT32(dptr, tid->machine);
1047
1048 return t;
1049}
1050
91447636
A		 1051token_t *au_to_subject64(
1052 __unused au_id_t auid,
1053 __unused uid_t euid,
1054 __unused gid_t egid,
1055 __unused uid_t ruid,
1056 __unused gid_t rgid,
1057 __unused pid_t pid,
1058 __unused au_asid_t sid,
1059 __unused au_tid_t *tid)
55e303ae 1060{
91447636
A		 1061 return NULL;
1062 }
1063
55e303ae
A		 1064token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
1065 uid_t ruid, gid_t rgid, pid_t pid,
1066 au_asid_t sid, au_tid_t *tid)
1067{
1068 return au_to_subject32(auid, euid, egid, ruid, rgid,
1069 pid, sid, tid);
1070
1071}
1072
1073/*
1074 * token ID 1 byte
1075 * audit ID 4 bytes
1076 * effective user ID 4 bytes
1077 * effective group ID 4 bytes
1078 * real user ID 4 bytes
1079 * real group ID 4 bytes
1080 * process ID 4 bytes
1081 * session ID 4 bytes
1082 * terminal ID
1083 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1084 * address type/length 4 bytes
1085 * machine address 16 bytes
1086 */
1087token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
1088 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1089 au_asid_t sid, au_tid_addr_t *tid)
1090{
1091 token_t *t;
1092 u_char *dptr;
1093
1094 if(tid == NULL) {
1095 return NULL;
1096 }
1097
1098 GET_TOKEN_AREA(t, dptr, 53);
1099 if(t == NULL) {
1100 return NULL;
1101 }
1102
1103 ADD_U_CHAR(dptr, AU_SUBJECT_32_EX_TOKEN);
1104 ADD_U_INT32(dptr, auid);
1105 ADD_U_INT32(dptr, euid);
1106 ADD_U_INT32(dptr, egid);
1107 ADD_U_INT32(dptr, ruid);
1108 ADD_U_INT32(dptr, rgid);
1109 ADD_U_INT32(dptr, pid);
1110 ADD_U_INT32(dptr, sid);
1111 ADD_U_INT32(dptr, tid->at_port);
1112 ADD_U_INT32(dptr, tid->at_type);
1113 ADD_U_INT32(dptr, tid->at_addr[0]);
1114 ADD_U_INT32(dptr, tid->at_addr[1]);
1115 ADD_U_INT32(dptr, tid->at_addr[2]);
1116 ADD_U_INT32(dptr, tid->at_addr[3]);
1117
1118 return t;
1119}
1120
91447636
A		 1121token_t *au_to_subject64_ex(
1122 __unused au_id_t auid,
1123 __unused uid_t euid,
1124 __unused gid_t egid,
1125 __unused uid_t ruid,
1126 __unused gid_t rgid,
1127 __unused pid_t pid,
1128 __unused au_asid_t sid,
1129 __unused au_tid_addr_t *tid)
55e303ae 1130{
e5568f75 1131 return NULL;
55e303ae
A		 1132}
1133
1134token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
1135 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1136 au_asid_t sid, au_tid_addr_t *tid)
1137{
1138 return au_to_subject32_ex(auid, euid, egid, ruid, rgid,
1139 pid, sid, tid);
1140
1141}
1142
1143/*
1144 * token ID 1 byte
1145 * count 4 bytes
1146 * text count null-terminated strings
1147 */
1148token_t *au_to_exec_args(const char **args)
1149{
1150 token_t *t;
1151 u_char *dptr;
1152 const char *nextarg;
1153 int i, count = 0;
1154 size_t totlen = 0;
1155
1156 if(args == NULL) {
1157 return NULL;
1158 }
1159
1160 nextarg = *args;
1161
1162 while(nextarg != NULL) {
1163 int nextlen;
1164
1165 nextlen = strlen(nextarg);
1166 if(nextarg[nextlen] != '\0') {
1167 return NULL;
1168 }
1169
1170 totlen += nextlen + 1;
1171 count++;
1172 nextarg = *(args + count);
1173 }
1174
1175
1176 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1177 if(t == NULL) {
1178 return NULL;
1179 }
1180
1181 ADD_U_CHAR(dptr, AU_EXEC_ARG_TOKEN);
1182 ADD_U_INT32(dptr, count);
1183
1184 for(i =0; i< count; i++) {
1185 nextarg = *(args + i);
1186 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
1187 }
1188
1189 return t;
1190}
1191
1192
1193/*
1194 * token ID 1 byte
1195 * count 4 bytes
1196 * text count null-terminated strings
1197 */
1198token_t *au_to_exec_env(const char **env)
1199{
1200 token_t *t;
1201 u_char *dptr;
1202 int i, count = 0;
1203 size_t totlen = 0;
1204 const char *nextenv;
1205
1206 if(env == NULL) {
1207 return NULL;
1208 }
1209
1210 nextenv = *env;
1211
1212 while(nextenv != NULL) {
1213 int nextlen;
1214
1215 nextlen = strlen(nextenv);
1216 if(nextenv[nextlen] != '\0') {
1217 return NULL;
1218 }
1219
1220 totlen += nextlen + 1;
1221 count++;
1222 nextenv = *(env + count);
1223 }
1224
1225
1226 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1227 if(t == NULL) {
1228 return NULL;
1229 }
1230
1231 ADD_U_CHAR(dptr, AU_EXEC_ENV_TOKEN);
1232 ADD_U_INT32(dptr, count);
1233
1234 for(i =0; i< count; i++) {
1235 nextenv = *(env + i);
1236 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
1237 }
1238
1239 return t;
1240}
1241
1242
55e303ae
A		 1243/*
1244 * Kernel version of the BSM header token functions. These versions take
1245 * a timespec struct as an additional parameter in order to obtain the
1246 * create time value for the BSM audit record.
1247 * token ID 1 byte
1248 * record byte count 4 bytes
1249 * version # 1 byte [2]
1250 * event type 2 bytes
1251 * event modifier 2 bytes
1252 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1253 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1254 */
91447636 1255token_t *kau_to_header32(const struct timespec *ctime, int rec_size,
55e303ae
A		 1256 au_event_t e_type, au_emod_t e_mod)
1257{
1258 token_t *t;
1259 u_char *dptr;
1260 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
1261
1262 GET_TOKEN_AREA(t, dptr, 18);
1263 if(t == NULL) {
1264 return NULL;
1265 }
1266
1267 ADD_U_CHAR(dptr, AU_HEADER_32_TOKEN);
1268 ADD_U_INT32(dptr, rec_size);
1269 ADD_U_CHAR(dptr, HEADER_VERSION);
1270 ADD_U_INT16(dptr, e_type);
1271 ADD_U_INT16(dptr, e_mod);
1272
1273 /* Add the timestamp */
1274 ADD_U_INT32(dptr, ctime->tv_sec);
1275 ADD_U_INT32(dptr, timems);
1276
1277 return t;
1278}
1279
91447636
A		 1280token_t *kau_to_header64(
1281 __unused const struct timespec *ctime,
1282 __unused int rec_size,
1283 __unused au_event_t e_type,
1284 __unused au_emod_t e_mod)
55e303ae 1285{
e5568f75 1286 return NULL;
55e303ae 1287}
91447636
A		 1288
1289token_t *kau_to_header(const struct timespec *ctime, int rec_size,
55e303ae
A		 1290 au_event_t e_type, au_emod_t e_mod)
1291{
1292 return kau_to_header32(ctime, rec_size, e_type, e_mod);
1293}
1294
55e303ae
A		 1295/*
1296 * token ID 1 byte
1297 * trailer magic number 2 bytes
1298 * record byte count 4 bytes
1299 */
1300token_t *au_to_trailer(int rec_size)
1301{
1302 token_t *t;
1303 u_char *dptr;
1304 u_int16_t magic = TRAILER_PAD_MAGIC;
1305
1306
1307 GET_TOKEN_AREA(t, dptr, 7);
1308 if(t == NULL) {
1309 return NULL;
1310 }
1311
1312 ADD_U_CHAR(dptr, AU_TRAILER_TOKEN);
1313 ADD_U_INT16(dptr, magic);
1314 ADD_U_INT32(dptr, rec_size);
1315
1316 return t;
1317
1318}
1319
mirror of XNU