[apple/xnu.git] / tools / cred_dump_creds.c

/* quick and dirty hack to grab all credentials in the cred hash table
 * from kernel via sysctl.
 * sysctl is only defined if xnu is built with DEBUG_CRED defined.
 */

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <limits.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/sysctl.h>
#include <bsm/audit.h>

/* bad!  this is replicated in kern_credential.c.  make sure they stay in sync!
 * Or better yet have commone header file?
 */
struct debug_ucred {
	uint32_t        credp;
	uint32_t        cr_ref;                         /* reference count */
	uid_t           cr_uid;                         /* effective user id */
	uid_t           cr_ruid;                        /* real user id */
	uid_t           cr_svuid;                       /* saved user id */
	short           cr_ngroups;                     /* number of groups in advisory list */
	gid_t           cr_groups[NGROUPS];     /* advisory group list */
	gid_t           cr_rgid;                        /* real group id */
	gid_t           cr_svgid;                       /* saved group id */
	uid_t           cr_gmuid;                       /* UID for group membership purposes */
	struct auditinfo_addr cr_audit;                 /* user auditing data */
	uint32_t        cr_label;                       /* MACF label */
	int                     cr_flags;                       /* flags on credential */
};
typedef struct debug_ucred debug_ucred;

void dump_cred_hash_table( debug_ucred * credp, size_t buf_size );
void dump_cred( debug_ucred * credp );


main( int argc, char *argv[] )
{
	int                             err;
	size_t                  len;
	char                        *my_bufferp = NULL;

	/* get size of buffer we will need */
	len = 0;
	err = sysctlbyname( "kern.dump_creds", NULL, &len, NULL, 0 );
	if (err != 0) {
		printf( "sysctl failed  \n" );
		printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ));
		return;
	}

	/* get a buffer for our credentials.  need some spare room since table could have grown */
	my_bufferp = malloc( len );
	if (my_bufferp == NULL) {
		printf( "malloc error %d - \"%s\" \n", errno, strerror( errno ));
		return;
	}
	err = sysctlbyname( "kern.dump_creds", my_bufferp, &len, NULL, 0 );
	if (err != 0) {
		printf( "sysctl 2 failed  \n" );
		printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ));
		return;
	}
	dump_cred_hash_table((debug_ucred *)my_bufferp, len );

	return;
}

void
dump_cred_hash_table( debug_ucred * credp, size_t buf_size )
{
	int             i, my_count = (buf_size / sizeof(debug_ucred));

	printf("\n\t dumping credential hash table - total creds %d \n",
	    my_count);
	for (i = 0; i < my_count; i++) {
		printf("[%02d] ", i);
		dump_cred( credp );
		credp++;
	}
	return;
}

void
dump_cred( debug_ucred * credp )
{
	int             i;
	printf("%p ", credp->credp);
	printf("%lu ", credp->cr_ref);
	printf("%d ", credp->cr_uid);
	printf("%d ", credp->cr_ruid);
	printf("%d ", credp->cr_svuid);
	printf("%d g[", credp->cr_ngroups);
	for (i = 0; i < credp->cr_ngroups; i++) {
		printf("%d", credp->cr_groups[i]);
		if ((i + 1) < credp->cr_ngroups) {
			printf(" ");
		}
	}
	printf("] %d ", credp->cr_rgid);
	printf("%d ", credp->cr_svgid);
	printf("%d ", credp->cr_gmuid);
	printf("a[%d ", credp->cr_audit.ai_auid);
	printf("%d ", credp->cr_audit.ai_mask.am_success);
	printf("%d ", credp->cr_audit.ai_mask.am_failure);
	printf("%d ", credp->cr_audit.ai_termid.at_port);
	printf("%d ", credp->cr_audit.ai_termid.at_addr[0]);
	printf("%d ", credp->cr_audit.ai_asid);
	printf("] ");
	printf("%p ", credp->cr_label);
	printf("0x%08x \n", credp->cr_flags);
	printf("\n");
	return;
}
Commit	Line	Data
2d21ac55 A	1	/* quick and dirty hack to grab all credentials in the cred hash table
	2	* from kernel via sysctl.
	3	* sysctl is only defined if xnu is built with DEBUG_CRED defined.
	4	*/
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include <fcntl.h>
	9	#include <limits.h>
	10	#include <string.h>
	11	#include <errno.h>
	12	#include <unistd.h>
	13	#include <sys/stat.h>
	14	#include <sys/types.h>
	15	#include <sys/sysctl.h>
	16	#include <bsm/audit.h>
	17
	18	/* bad! this is replicated in kern_credential.c. make sure they stay in sync!
0a7de745	19	* Or better yet have commone header file?
2d21ac55 A	20	*/
2d21ac55 A	21	struct debug_ucred {
0a7de745 A	22	uint32_t credp;
	23	uint32_t cr_ref; /* reference count */
	24	uid_t cr_uid; /* effective user id */
	25	uid_t cr_ruid; /* real user id */
	26	uid_t cr_svuid; /* saved user id */
	27	short cr_ngroups; /* number of groups in advisory list */
	28	gid_t cr_groups[NGROUPS]; /* advisory group list */
	29	gid_t cr_rgid; /* real group id */
	30	gid_t cr_svgid; /* saved group id */
	31	uid_t cr_gmuid; /* UID for group membership purposes */
	32	struct auditinfo_addr cr_audit; /* user auditing data */
	33	uint32_t cr_label; /* MACF label */
	34	int cr_flags; /* flags on credential */
2d21ac55 A	35	};
	36	typedef struct debug_ucred debug_ucred;
	37
0a7de745	38	void dump_cred_hash_table( debug_ucred * credp, size_t buf_size );
2d21ac55 A	39	void dump_cred( debug_ucred * credp );
	40
	41
	42	main( int argc, char *argv[] )
	43	{
0a7de745 A	44	int err;
	45	size_t len;
	46	char *my_bufferp = NULL;
2d21ac55 A	47
	48	/* get size of buffer we will need */
	49	len = 0;
0a7de745 A	50	err = sysctlbyname( "kern.dump_creds", NULL, &len, NULL, 0 );
0a7de745 A	51	if (err != 0) {
2d21ac55	52	printf( "sysctl failed \n" );
0a7de745	53	printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ));
2d21ac55 A	54	return;
2d21ac55 A	55	}
0a7de745	56
2d21ac55 A	57	/* get a buffer for our credentials. need some spare room since table could have grown */
2d21ac55 A	58	my_bufferp = malloc( len );
0a7de745 A	59	if (my_bufferp == NULL) {
0a7de745 A	60	printf( "malloc error %d - \"%s\" \n", errno, strerror( errno ));
2d21ac55 A	61	return;
2d21ac55 A	62	}
0a7de745 A	63	err = sysctlbyname( "kern.dump_creds", my_bufferp, &len, NULL, 0 );
0a7de745 A	64	if (err != 0) {
2d21ac55	65	printf( "sysctl 2 failed \n" );
0a7de745	66	printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ));
2d21ac55 A	67	return;
2d21ac55 A	68	}
0a7de745	69	dump_cred_hash_table((debug_ucred *)my_bufferp, len );
2d21ac55 A	70
	71	return;
	72	}
	73
0a7de745 A	74	void
0a7de745 A	75	dump_cred_hash_table( debug_ucred * credp, size_t buf_size )
2d21ac55	76	{
0a7de745 A	77	int i, my_count = (buf_size / sizeof(debug_ucred));
	78
	79	printf("\n\t dumping credential hash table - total creds %d \n",
	80	my_count);
2d21ac55 A	81	for (i = 0; i < my_count; i++) {
	82	printf("[%02d] ", i);
	83	dump_cred( credp );
	84	credp++;
	85	}
	86	return;
	87	}
	88
0a7de745 A	89	void
0a7de745 A	90	dump_cred( debug_ucred * credp )
2d21ac55	91	{
0a7de745	92	int i;
2d21ac55 A	93	printf("%p ", credp->credp);
	94	printf("%lu ", credp->cr_ref);
	95	printf("%d ", credp->cr_uid);
	96	printf("%d ", credp->cr_ruid);
	97	printf("%d ", credp->cr_svuid);
	98	printf("%d g[", credp->cr_ngroups);
	99	for (i = 0; i < credp->cr_ngroups; i++) {
	100	printf("%d", credp->cr_groups[i]);
0a7de745	101	if ((i + 1) < credp->cr_ngroups) {
2d21ac55 A	102	printf(" ");
	103	}
	104	}
	105	printf("] %d ", credp->cr_rgid);
	106	printf("%d ", credp->cr_svgid);
	107	printf("%d ", credp->cr_gmuid);
b0d623f7 A	108	printf("a[%d ", credp->cr_audit.ai_auid);
	109	printf("%d ", credp->cr_audit.ai_mask.am_success);
	110	printf("%d ", credp->cr_audit.ai_mask.am_failure);
	111	printf("%d ", credp->cr_audit.ai_termid.at_port);
	112	printf("%d ", credp->cr_audit.ai_termid.at_addr[0]);
	113	printf("%d ", credp->cr_audit.ai_asid);
2d21ac55 A	114	printf("] ");
	115	printf("%p ", credp->cr_label);
	116	printf("0x%08x \n", credp->cr_flags);
	117	printf("\n");
	118	return;
	119	}