]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/kern_bsm_token.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-1228.5.18.tar.gz
[apple/xnu.git] / bsd / kern / kern_bsm_token.c
CommitLineData
55e303ae 1/*
91447636 2 * Copyright (c) 2003-2004 Apple Computer, Inc. All rights reserved.
55e303ae 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
55e303ae 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
55e303ae 27 */
e5568f75 28
55e303ae 29#include <sys/types.h>
55e303ae 30#include <sys/un.h>
e5568f75 31#include <sys/event.h>
91447636 32#include <sys/ucred.h>
e5568f75 33
91447636 34#include <sys/ipc.h>
e5568f75
A		 35#include <bsm/audit.h>
36#include <bsm/audit_record.h>
37#include <bsm/audit_klib.h>
38#include <bsm/audit_kernel.h>
39
55e303ae 40#include <kern/clock.h>
91447636
A		 41#include <kern/kalloc.h>
42
43#include <string.h>
55e303ae
A		 44
45#define GET_TOKEN_AREA(tok, dptr, length) \
46 do {\
e5568f75 47 tok = (token_t *)kalloc(sizeof(*tok) + length); \
55e303ae
A		 48 if(tok != NULL)\
49 {\
50 tok->len = length;\
e5568f75 51 dptr = tok->t_data = (u_char *)&tok[1];\
91447636
A		 52 memset(dptr, 0, length);\
53 }\
55e303ae
A		 54 }while(0)
55
56
57
58/*
59 * token ID 1 byte
60 * argument # 1 byte
61 * argument value 4 bytes/8 bytes (32-bit/64-bit value)
62 * text length 2 bytes
63 * text N bytes + 1 terminating NULL byte
64 */
2d21ac55
A		 65token_t *
66au_to_arg32(char n, const char *text, u_int32_t v)
55e303ae
A		 67{
68 token_t *t;
69 u_char *dptr;
70 u_int16_t textlen;
71
72 if(text == NULL) {
73 return NULL;
74 }
75
55e303ae 76 textlen = strlen(text);
55e303ae
A		 77
78 GET_TOKEN_AREA(t, dptr, 9 + textlen);
79 if(t == NULL) {
80 return NULL;
81 }
82
83 textlen += 1;
84
85 ADD_U_CHAR(dptr, AU_ARG32_TOKEN);
86 ADD_U_CHAR(dptr, n);
87 ADD_U_INT32(dptr, v);
88 ADD_U_INT16(dptr, textlen);
89 ADD_STRING(dptr, text, textlen);
90
91 return t;
92
93}
94
2d21ac55
A		 95token_t *
96au_to_arg64(char n, const char *text, u_int64_t v)
55e303ae
A		 97{
98 token_t *t;
99 u_char *dptr;
100 u_int16_t textlen;
101
102 if(text == NULL) {
103 return NULL;
104 }
105
55e303ae 106 textlen = strlen(text);
55e303ae
A		 107
108 GET_TOKEN_AREA(t, dptr, 13 + textlen);
109 if(t == NULL) {
110 return NULL;
111 }
112
113 textlen += 1;
114
115 ADD_U_CHAR(dptr, AU_ARG64_TOKEN);
116 ADD_U_CHAR(dptr, n);
117 ADD_U_INT64(dptr, v);
118 ADD_U_INT16(dptr, textlen);
119 ADD_STRING(dptr, text, textlen);
120
121 return t;
122
123}
124
2d21ac55
A		 125token_t *
126au_to_arg(char n, char *text, u_int32_t v)
55e303ae
A		 127{
128 return au_to_arg32(n, text, v);
129}
130
131/*
132 * token ID 1 byte
133 * file access mode 4 bytes
134 * owner user ID 4 bytes
135 * owner group ID 4 bytes
136 * file system ID 4 bytes
137 * node ID 8 bytes
138 * device 4 bytes/8 bytes (32-bit/64-bit)
139 */
91447636 140token_t *au_to_attr32(__unused struct vnode_attr *attr)
e5568f75
A		 141{
142 return NULL;
143}
144
145/* Kernel-specific version of the above function */
146token_t *kau_to_attr32(struct vnode_au_info *vni)
55e303ae
A		 147{
148 token_t *t;
149 u_char *dptr;
e5568f75
A		 150 u_int64_t fileid;
151 u_int16_t pad0_16 = 0;
152 u_int32_t pad0_32 = 0;
55e303ae 153
e5568f75 154 if(vni == NULL) {
55e303ae
A		 155 return NULL;
156 }
157
55e303ae
A		 158 GET_TOKEN_AREA(t, dptr, 29);
159 if(t == NULL) {
160 return NULL;
161 }
162
163 ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
e5568f75
A		 164
165 /*
166 * Darwin defines the size for the file mode as 2 bytes;
167 * BSM defines 4. So we copy in a 0 first.
168 */
169 ADD_U_INT16(dptr, pad0_16);
170 ADD_U_INT16(dptr, vni->vn_mode);
171
172 ADD_U_INT32(dptr, vni->vn_uid);
173 ADD_U_INT32(dptr, vni->vn_gid);
174 ADD_U_INT32(dptr, vni->vn_fsid);
175
176 /*
177 * Darwin defines the size for fileid as 4 bytes;
178 * BSM defines 8. So we copy in a 0 first.
179 */
180 fileid = vni->vn_fileid;
181 ADD_U_INT32(dptr, pad0_32);
182 ADD_U_INT32(dptr, fileid);
183
184 ADD_U_INT32(dptr, vni->vn_dev);
55e303ae
A		 185
186 return t;
187}
188
91447636 189token_t *au_to_attr64(__unused struct vnode_attr *attr)
55e303ae 190{
91447636 191 return NULL;
e5568f75 192}
91447636
A		 193
194token_t *kau_to_attr64(__unused struct vnode_au_info *vni)
e5568f75
A		 195{
196 return NULL;
55e303ae
A		 197}
198
91447636 199token_t *au_to_attr(struct vnode_attr *attr)
55e303ae
A		 200{
201 return au_to_attr32(attr);
202
203}
204
205
206/*
207 * token ID 1 byte
208 * how to print 1 byte
209 * basic unit 1 byte
210 * unit count 1 byte
211 * data items (depends on basic unit)
212 */
213token_t *au_to_data(char unit_print, char unit_type,
2d21ac55 214 char unit_count, unsigned char *p)
55e303ae
A		 215{
216 token_t *t;
217 u_char *dptr;
218 size_t datasize, totdata;
219
220 if(p == NULL) {
221 return NULL;
222 }
223
224 /* Determine the size of the basic unit */
225 switch(unit_type) {
226 case AUR_BYTE: datasize = AUR_BYTE_SIZE;
227 break;
228
229 case AUR_SHORT: datasize = AUR_SHORT_SIZE;
230 break;
231
232 case AUR_LONG: datasize = AUR_LONG_SIZE;
233 break;
234
235 default: return NULL;
236 }
237
238 totdata = datasize * unit_count;
239
240 GET_TOKEN_AREA(t, dptr, totdata + 4);
241 if(t == NULL) {
242 return NULL;
243 }
244
245 ADD_U_CHAR(dptr, AU_ARB_TOKEN);
246 ADD_U_CHAR(dptr, unit_print);
247 ADD_U_CHAR(dptr, unit_type);
248 ADD_U_CHAR(dptr, unit_count);
249 ADD_MEM(dptr, p, totdata);
250
251 return t;
252}
253
55e303ae
A		 254/*
255 * token ID 1 byte
256 * status 4 bytes
257 * return value 4 bytes
258 */
259token_t *au_to_exit(int retval, int err)
260{
261 token_t *t;
262 u_char *dptr;
263
264 GET_TOKEN_AREA(t, dptr, 9);
265 if(t == NULL) {
266 return NULL;
267 }
268
269 ADD_U_CHAR(dptr, AU_EXIT_TOKEN);
270 ADD_U_INT32(dptr, err);
271 ADD_U_INT32(dptr, retval);
272
273 return t;
274}
275
276/*
277 */
2d21ac55
A		 278token_t *
279au_to_groups(gid_t *groups)
55e303ae
A		 280{
281 return au_to_newgroups(MAX_GROUPS, groups);
282}
283
284/*
285 * token ID 1 byte
286 * number groups 2 bytes
287 * group list count * 4 bytes
288 */
289token_t *au_to_newgroups(u_int16_t n, gid_t *groups)
290{
291 token_t *t;
292 u_char *dptr;
293 int i;
294
295 if(groups == NULL) {
296 return NULL;
297 }
298
299 GET_TOKEN_AREA(t, dptr, n * 4 + 3);
300 if(t == NULL) {
301 return NULL;
302 }
303
304 ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN);
305 ADD_U_INT16(dptr, n);
306 for(i = 0; i < n; i++) {
307 ADD_U_INT32(dptr, groups[i]);
308 }
309
310 return t;
311}
312
313
314
315
316/*
317 * token ID 1 byte
318 * internet address 4 bytes
319 */
320token_t *au_to_in_addr(struct in_addr *internet_addr)
321{
322 token_t *t;
323 u_char *dptr;
324
325 if(internet_addr == NULL) {
326 return NULL;
327 }
328
329 GET_TOKEN_AREA(t, dptr, 5);
330 if(t == NULL) {
331 return NULL;
332 }
333
334 ADD_U_CHAR(dptr, AU_IN_ADDR_TOKEN);
335 ADD_U_INT32(dptr, internet_addr->s_addr);
336
337 return t;
338}
339
340/*
341 * token ID 1 byte
342 * address type/length 4 bytes
343 * Address 16 bytes
344 */
345token_t *au_to_in_addr_ex(struct in6_addr *internet_addr)
346{
347 token_t *t;
348 u_char *dptr;
e5568f75 349 u_int32_t type = AF_INET6;
55e303ae
A		 350
351 if(internet_addr == NULL) {
352 return NULL;
353 }
354
355 GET_TOKEN_AREA(t, dptr, 21);
356 if(t == NULL) {
357 return NULL;
358 }
359
360 ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN);
e5568f75 361 ADD_U_INT32(dptr, type);
55e303ae
A		 362 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
363 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
364 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
365 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]);
366
367 return t;
368}
369
370/*
371 * token ID 1 byte
372 * ip header 20 bytes
373 */
374token_t *au_to_ip(struct ip *ip)
375{
376 token_t *t;
377 u_char *dptr;
378
379 if(ip == NULL) {
380 return NULL;
381 }
382
383 GET_TOKEN_AREA(t, dptr, 21);
384 if(t == NULL) {
385 return NULL;
386 }
387
388 ADD_U_CHAR(dptr, AU_IP_TOKEN);
389 ADD_MEM(dptr, ip, sizeof(struct ip));
390
391 return t;
392}
393
394/*
395 * token ID 1 byte
396 * object ID type 1 byte
397 * object ID 4 bytes
398 */
399token_t *au_to_ipc(char type, int id)
400{
401 token_t *t;
402 u_char *dptr;
403
404
405 GET_TOKEN_AREA(t, dptr, 6);
406 if(t == NULL) {
407 return NULL;
408 }
409
410 ADD_U_CHAR(dptr, AU_IPC_TOKEN);
411 ADD_U_CHAR(dptr, type);
412 ADD_U_INT32(dptr, id);
413
414 return t;
415}
416
417/*
418 * token ID 1 byte
419 * owner user ID 4 bytes
420 * owner group ID 4 bytes
421 * creator user ID 4 bytes
422 * creator group ID 4 bytes
423 * access mode 4 bytes
424 * slot sequence # 4 bytes
425 * key 4 bytes
426 */
427token_t *au_to_ipc_perm(struct ipc_perm *perm)
428{
429 token_t *t;
430 u_char *dptr;
e5568f75 431 u_int16_t pad0 = 0;
55e303ae
A		 432
433 if(perm == NULL) {
434 return NULL;
435 }
436
437 GET_TOKEN_AREA(t, dptr, 29);
438 if(t == NULL) {
439 return NULL;
440 }
441
e5568f75
A		 442 /*
443 * Darwin defines the sizes for ipc_perm members
444 * as 2 bytes; BSM defines 4. So we copy in a 0 first.
445 */
55e303ae 446 ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
e5568f75 447
2d21ac55
A		 448 ADD_U_INT32(dptr, perm->uid);
449 ADD_U_INT32(dptr, perm->gid);
450 ADD_U_INT32(dptr, perm->cuid);
451 ADD_U_INT32(dptr, perm->cgid);
e5568f75
A		 452
453 ADD_U_INT16(dptr, pad0);
454 ADD_U_INT16(dptr, perm->mode);
455
456 ADD_U_INT16(dptr, pad0);
2d21ac55 457 ADD_U_INT16(dptr, perm->_seq);
e5568f75
A		 458
459 ADD_U_INT16(dptr, pad0);
2d21ac55 460 ADD_U_INT16(dptr, perm->_key);
55e303ae
A		 461
462 return t;
463}
464
465
466/*
467 * token ID 1 byte
468 * port IP address 2 bytes
469 */
470token_t *au_to_iport(u_int16_t iport)
471{
472 token_t *t;
473 u_char *dptr;
474
475
476 GET_TOKEN_AREA(t, dptr, 3);
477 if(t == NULL) {
478 return NULL;
479 }
480
481 ADD_U_CHAR(dptr, AU_IPORT_TOKEN);
482 ADD_U_INT16(dptr, iport);
483
484 return t;
485}
486
487
488/*
489 * token ID 1 byte
490 * size 2 bytes
491 * data size bytes
492 */
493token_t *au_to_opaque(char *data, u_int16_t bytes)
494{
495 token_t *t;
496 u_char *dptr;
497
498 if((data == NULL) || (bytes <= 0)) {
499 return NULL;
500 }
501
502 GET_TOKEN_AREA(t, dptr, bytes + 3);
503 if(t == NULL) {
504 return NULL;
505 }
506
507 ADD_U_CHAR(dptr, AU_OPAQUE_TOKEN);
508 ADD_U_INT16(dptr, bytes);
509 ADD_MEM(dptr, data, bytes);
510
511 return t;
512}
513
55e303ae
A		 514/*
515 * Kernel version of the add file token function, where the time value
516 * is passed in as an additional parameter.
517 * token ID 1 byte
518 * seconds of time 4 bytes
519 * milliseconds of time 4 bytes
520 * file name len 2 bytes
521 * file pathname N bytes + 1 terminating NULL byte
522 */
91447636 523token_t *kau_to_file(const char *file, const struct timeval *tv)
55e303ae
A		 524{
525 token_t *t;
526 u_char *dptr;
527 u_int16_t filelen;
528 u_int32_t timems = tv->tv_usec/1000; /* We need time in ms */
529
530 if(file == NULL) {
531 return NULL;
532 }
55e303ae 533 filelen = strlen(file);
55e303ae
A		 534
535 GET_TOKEN_AREA(t, dptr, filelen + 12);
536 if(t == NULL) {
537 return NULL;
538 }
539
540 filelen += 1;
541
542 ADD_U_CHAR(dptr, AU_FILE_TOKEN);
543
544 /* Add the timestamp */
545 ADD_U_INT32(dptr, tv->tv_sec);
546 ADD_U_INT32(dptr, timems);
547
548 ADD_U_INT16(dptr, filelen);
549 ADD_STRING(dptr, file, filelen);
550
551 return t;
552
553}
55e303ae
A		 554
555/*
556 * token ID 1 byte
557 * text length 2 bytes
558 * text N bytes + 1 terminating NULL byte
559 */
2d21ac55 560token_t *au_to_text(const char *text)
55e303ae
A		 561{
562 token_t *t;
563 u_char *dptr;
564 u_int16_t textlen;
565
566 if(text == NULL) {
567 return NULL;
568 }
55e303ae 569 textlen = strlen(text);
55e303ae
A		 570
571 GET_TOKEN_AREA(t, dptr, textlen + 4);
572 if(t == NULL) {
573 return NULL;
574 }
575
576 textlen += 1;
577
578 ADD_U_CHAR(dptr, AU_TEXT_TOKEN);
579 ADD_U_INT16(dptr, textlen);
580 ADD_STRING(dptr, text, textlen);
581
582 return t;
583}
584
585/*
586 * token ID 1 byte
587 * path length 2 bytes
588 * path N bytes + 1 terminating NULL byte
589 */
590token_t *au_to_path(char *text)
591{
592 token_t *t;
593 u_char *dptr;
594 u_int16_t textlen;
595
596 if(text == NULL) {
597 return NULL;
598 }
55e303ae 599 textlen = strlen(text);
55e303ae
A		 600
601 GET_TOKEN_AREA(t, dptr, textlen + 4);
602 if(t == NULL) {
603 return NULL;
604 }
605
606 textlen += 1;
607
608 ADD_U_CHAR(dptr, AU_PATH_TOKEN);
609 ADD_U_INT16(dptr, textlen);
610 ADD_STRING(dptr, text, textlen);
611
612 return t;
613}
614
615/*
616 * token ID 1 byte
617 * audit ID 4 bytes
618 * effective user ID 4 bytes
619 * effective group ID 4 bytes
620 * real user ID 4 bytes
621 * real group ID 4 bytes
622 * process ID 4 bytes
623 * session ID 4 bytes
624 * terminal ID
625 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
626 * machine address 4 bytes
627 */
628token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
629 uid_t ruid, gid_t rgid, pid_t pid,
630 au_asid_t sid, au_tid_t *tid)
631{
632 token_t *t;
633 u_char *dptr;
634
635 if(tid == NULL) {
636 return NULL;
637 }
638
639 GET_TOKEN_AREA(t, dptr, 37);
640 if(t == NULL) {
641 return NULL;
642 }
643
644 ADD_U_CHAR(dptr, AU_PROCESS_32_TOKEN);
645 ADD_U_INT32(dptr, auid);
646 ADD_U_INT32(dptr, euid);
647 ADD_U_INT32(dptr, egid);
648 ADD_U_INT32(dptr, ruid);
649 ADD_U_INT32(dptr, rgid);
650 ADD_U_INT32(dptr, pid);
651 ADD_U_INT32(dptr, sid);
652 ADD_U_INT32(dptr, tid->port);
653 ADD_U_INT32(dptr, tid->machine);
654
655 return t;
656}
657
91447636
A		 658token_t *au_to_process64(__unused au_id_t auid,
659 __unused uid_t euid,
660 __unused gid_t egid,
661 __unused uid_t ruid,
662 __unused gid_t rgid,
663 __unused pid_t pid,
664 __unused au_asid_t sid,
665 __unused au_tid_t *tid)
55e303ae 666{
91447636
A		 667 return NULL;
668 }
55e303ae
A		 669
670token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
671 uid_t ruid, gid_t rgid, pid_t pid,
672 au_asid_t sid, au_tid_t *tid)
673{
674 return au_to_process32(auid, euid, egid, ruid, rgid, pid,
675 sid, tid);
676}
677
678
679/*
680 * token ID 1 byte
681 * audit ID 4 bytes
682 * effective user ID 4 bytes
683 * effective group ID 4 bytes
684 * real user ID 4 bytes
685 * real group ID 4 bytes
686 * process ID 4 bytes
687 * session ID 4 bytes
688 * terminal ID
689 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
690 * address type-len 4 bytes
691 * machine address 16 bytes
692 */
693token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
694 uid_t ruid, gid_t rgid, pid_t pid,
695 au_asid_t sid, au_tid_addr_t *tid)
696{
697 token_t *t;
698 u_char *dptr;
699
700 if(tid == NULL) {
701 return NULL;
702 }
703
704 GET_TOKEN_AREA(t, dptr, 53);
705 if(t == NULL) {
706 return NULL;
707 }
708
709 ADD_U_CHAR(dptr, AU_PROCESS_32_EX_TOKEN);
710 ADD_U_INT32(dptr, auid);
711 ADD_U_INT32(dptr, euid);
712 ADD_U_INT32(dptr, egid);
713 ADD_U_INT32(dptr, ruid);
714 ADD_U_INT32(dptr, rgid);
715 ADD_U_INT32(dptr, pid);
716 ADD_U_INT32(dptr, sid);
717 ADD_U_INT32(dptr, tid->at_port);
718 ADD_U_INT32(dptr, tid->at_type);
719 ADD_U_INT32(dptr, tid->at_addr[0]);
720 ADD_U_INT32(dptr, tid->at_addr[1]);
721 ADD_U_INT32(dptr, tid->at_addr[2]);
722 ADD_U_INT32(dptr, tid->at_addr[3]);
723
724 return t;
725}
726
91447636
A		 727token_t *au_to_process64_ex(
728 __unused au_id_t auid,
729 __unused uid_t euid,
730 __unused gid_t egid,
731 __unused uid_t ruid,
732 __unused gid_t rgid,
733 __unused pid_t pid,
734 __unused au_asid_t sid,
735 __unused au_tid_addr_t *tid)
55e303ae 736{
e5568f75 737 return NULL;
55e303ae 738}
91447636 739
55e303ae
A		 740token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
741 uid_t ruid, gid_t rgid, pid_t pid,
742 au_asid_t sid, au_tid_addr_t *tid)
743{
744 return au_to_process32_ex(auid, euid, egid, ruid, rgid,
745 pid, sid, tid);
746}
747
748/*
749 * token ID 1 byte
750 * error status 1 byte
751 * return value 4 bytes/8 bytes (32-bit/64-bit value)
752 */
753token_t *au_to_return32(char status, u_int32_t ret)
754{
755 token_t *t;
756 u_char *dptr;
757
758
759 GET_TOKEN_AREA(t, dptr, 6);
760 if(t == NULL) {
761 return NULL;
762 }
763
764 ADD_U_CHAR(dptr, AU_RETURN_32_TOKEN);
765 ADD_U_CHAR(dptr, status);
766 ADD_U_INT32(dptr, ret);
767
768 return t;
769}
770
771token_t *au_to_return64(char status, u_int64_t ret)
772{
773 token_t *t;
774 u_char *dptr;
775
776
777 GET_TOKEN_AREA(t, dptr, 10);
778 if(t == NULL) {
779 return NULL;
780 }
781
782 ADD_U_CHAR(dptr, AU_RETURN_64_TOKEN);
783 ADD_U_CHAR(dptr, status);
784 ADD_U_INT64(dptr, ret);
785
786 return t;
787}
788
789token_t *au_to_return(char status, u_int32_t ret)
790{
791 return au_to_return32(status, ret);
792}
793
794/*
795 * token ID 1 byte
796 * sequence number 4 bytes
797 */
2d21ac55 798token_t *au_to_seq(u_int32_t audit_count)
55e303ae
A		 799{
800 token_t *t;
801 u_char *dptr;
802
803
804 GET_TOKEN_AREA(t, dptr, 5);
805 if(t == NULL) {
806 return NULL;
807 }
808
809 ADD_U_CHAR(dptr, AU_SEQ_TOKEN);
810 ADD_U_INT32(dptr, audit_count);
811
812 return t;
813}
814
815/*
816 * token ID 1 byte
817 * socket type 2 bytes
e5568f75
A		 818 * local port 2 bytes
819 * local Internet address 4 bytes
55e303ae
A		 820 * remote port 2 bytes
821 * remote Internet address 4 bytes
822 */
91447636 823token_t *au_to_socket(__unused struct socket *so)
55e303ae 824{
e5568f75
A		 825 return NULL;
826}
827
828/*
829 * Kernel-specific version of the above function.
830 */
831token_t *kau_to_socket(struct socket_au_info *soi)
832{
833 token_t *t;
834 u_char *dptr;
835 u_int16_t so_type;
836
837 if(soi == NULL) {
838 return NULL;
839 }
840
841 GET_TOKEN_AREA(t, dptr, 15);
842 if(t == NULL) {
843 return NULL;
844 }
845
846 ADD_U_CHAR(dptr, AU_SOCK_TOKEN);
847 /* Coerce the socket type into a short value */
848 so_type = soi->so_type;
849 ADD_U_INT16(dptr, so_type);
850 ADD_U_INT16(dptr, soi->so_lport);
851 ADD_U_INT32(dptr, soi->so_laddr);
852 ADD_U_INT16(dptr, soi->so_rport);
853 ADD_U_INT32(dptr, soi->so_raddr);
854
855 return t;
55e303ae
A		 856}
857
858/*
859 * token ID 1 byte
860 * socket type 2 bytes
861 * local port 2 bytes
862 * address type/length 4 bytes
863 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
864 * remote port 4 bytes
865 * address type/length 4 bytes
866 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
867 */
91447636
A		 868token_t *au_to_socket_ex_32(
869 __unused u_int16_t lp,
870 __unused u_int16_t rp,
871 __unused struct sockaddr *la,
872 __unused struct sockaddr *ra)
55e303ae
A		 873{
874 return NULL;
875}
e5568f75 876
91447636
A		 877token_t *au_to_socket_ex_128(
878 __unused u_int16_t lp,
879 __unused u_int16_t rp,
880 __unused struct sockaddr *la,
881 __unused struct sockaddr *ra)
55e303ae
A		 882{
883 return NULL;
884}
885
886/*
887 * token ID 1 byte
888 * socket family 2 bytes
889 * local port 2 bytes
890 * socket address 4 bytes
891 */
892token_t *au_to_sock_inet32(struct sockaddr_in *so)
893{
894 token_t *t;
895 u_char *dptr;
896
897 if(so == NULL) {
898 return NULL;
899 }
900
901 GET_TOKEN_AREA(t, dptr, 9);
902 if(t == NULL) {
903 return NULL;
904 }
905
906 ADD_U_CHAR(dptr, AU_SOCK_INET_32_TOKEN);
907 /* In Darwin, sin_family is one octet, but BSM defines the token
908 * to store two. So we copy in a 0 first.
909 */
910 ADD_U_CHAR(dptr, 0);
911 ADD_U_CHAR(dptr, so->sin_family);
912 ADD_U_INT16(dptr, so->sin_port);
913 ADD_U_INT32(dptr, so->sin_addr.s_addr);
914
915 return t;
916
917}
918
919token_t *au_to_sock_inet128(struct sockaddr_in6 *so)
920{
921 token_t *t;
922 u_char *dptr;
923
924 if(so == NULL) {
925 return NULL;
926 }
927
928 GET_TOKEN_AREA(t, dptr, 21);
929 if(t == NULL) {
930 return NULL;
931 }
932
933 ADD_U_CHAR(dptr, AU_SOCK_INET_128_TOKEN);
934 /* In Darwin, sin_family is one octet, but BSM defines the token
935 * to store two. So we copy in a 0 first.
936 */
937 ADD_U_CHAR(dptr, 0);
938 ADD_U_CHAR(dptr, so->sin6_family);
939 ADD_U_INT16(dptr, so->sin6_port);
940 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]);
941 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]);
942 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]);
943 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]);
944
945 return t;
946
947
948
949}
950
951/*
952 * token ID 1 byte
953 * socket family 2 bytes
954 * path 104 bytes
955 */
956token_t *au_to_sock_unix(struct sockaddr_un *so)
957{
958 token_t *t;
959 u_char *dptr;
960
961 if(so == NULL) {
962 return NULL;
963 }
964
965 GET_TOKEN_AREA(t, dptr, 107);
966 if(t == NULL) {
967 return NULL;
968 }
969
970 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN);
971 /* BSM token has two bytes for family */
972 ADD_U_CHAR(dptr, 0);
973 ADD_U_CHAR(dptr, so->sun_family);
974 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path));
975
976 return t;
977
978}
979
980token_t *au_to_sock_inet(struct sockaddr_in *so)
981{
982 return au_to_sock_inet32(so);
983}
984
985/*
986 * token ID 1 byte
987 * audit ID 4 bytes
988 * effective user ID 4 bytes
989 * effective group ID 4 bytes
990 * real user ID 4 bytes
991 * real group ID 4 bytes
992 * process ID 4 bytes
993 * session ID 4 bytes
994 * terminal ID
995 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
996 * machine address 4 bytes
997 */
998token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
999 uid_t ruid, gid_t rgid, pid_t pid,
1000 au_asid_t sid, au_tid_t *tid)
1001{
1002 token_t *t;
1003 u_char *dptr;
1004
1005 if(tid == NULL) {
1006 return NULL;
1007 }
1008
1009 GET_TOKEN_AREA(t, dptr, 37);
1010 if(t == NULL) {
1011 return NULL;
1012 }
1013
1014 ADD_U_CHAR(dptr, AU_SUBJECT_32_TOKEN);
1015 ADD_U_INT32(dptr, auid);
1016 ADD_U_INT32(dptr, euid);
1017 ADD_U_INT32(dptr, egid);
1018 ADD_U_INT32(dptr, ruid);
1019 ADD_U_INT32(dptr, rgid);
1020 ADD_U_INT32(dptr, pid);
1021 ADD_U_INT32(dptr, sid);
1022 ADD_U_INT32(dptr, tid->port);
1023 ADD_U_INT32(dptr, tid->machine);
1024
1025 return t;
1026}
1027
91447636
A		 1028token_t *au_to_subject64(
1029 __unused au_id_t auid,
1030 __unused uid_t euid,
1031 __unused gid_t egid,
1032 __unused uid_t ruid,
1033 __unused gid_t rgid,
1034 __unused pid_t pid,
1035 __unused au_asid_t sid,
1036 __unused au_tid_t *tid)
55e303ae 1037{
91447636
A		 1038 return NULL;
1039 }
1040
55e303ae
A		 1041token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
1042 uid_t ruid, gid_t rgid, pid_t pid,
1043 au_asid_t sid, au_tid_t *tid)
1044{
1045 return au_to_subject32(auid, euid, egid, ruid, rgid,
1046 pid, sid, tid);
1047
1048}
1049
1050/*
1051 * token ID 1 byte
1052 * audit ID 4 bytes
1053 * effective user ID 4 bytes
1054 * effective group ID 4 bytes
1055 * real user ID 4 bytes
1056 * real group ID 4 bytes
1057 * process ID 4 bytes
1058 * session ID 4 bytes
1059 * terminal ID
1060 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1061 * address type/length 4 bytes
1062 * machine address 16 bytes
1063 */
1064token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
1065 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1066 au_asid_t sid, au_tid_addr_t *tid)
1067{
1068 token_t *t;
1069 u_char *dptr;
1070
1071 if(tid == NULL) {
1072 return NULL;
1073 }
1074
1075 GET_TOKEN_AREA(t, dptr, 53);
1076 if(t == NULL) {
1077 return NULL;
1078 }
1079
1080 ADD_U_CHAR(dptr, AU_SUBJECT_32_EX_TOKEN);
1081 ADD_U_INT32(dptr, auid);
1082 ADD_U_INT32(dptr, euid);
1083 ADD_U_INT32(dptr, egid);
1084 ADD_U_INT32(dptr, ruid);
1085 ADD_U_INT32(dptr, rgid);
1086 ADD_U_INT32(dptr, pid);
1087 ADD_U_INT32(dptr, sid);
1088 ADD_U_INT32(dptr, tid->at_port);
1089 ADD_U_INT32(dptr, tid->at_type);
1090 ADD_U_INT32(dptr, tid->at_addr[0]);
1091 ADD_U_INT32(dptr, tid->at_addr[1]);
1092 ADD_U_INT32(dptr, tid->at_addr[2]);
1093 ADD_U_INT32(dptr, tid->at_addr[3]);
1094
1095 return t;
1096}
1097
91447636
A		 1098token_t *au_to_subject64_ex(
1099 __unused au_id_t auid,
1100 __unused uid_t euid,
1101 __unused gid_t egid,
1102 __unused uid_t ruid,
1103 __unused gid_t rgid,
1104 __unused pid_t pid,
1105 __unused au_asid_t sid,
1106 __unused au_tid_addr_t *tid)
55e303ae 1107{
e5568f75 1108 return NULL;
55e303ae
A		 1109}
1110
1111token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
1112 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1113 au_asid_t sid, au_tid_addr_t *tid)
1114{
1115 return au_to_subject32_ex(auid, euid, egid, ruid, rgid,
1116 pid, sid, tid);
1117
1118}
1119
1120/*
1121 * token ID 1 byte
1122 * count 4 bytes
1123 * text count null-terminated strings
1124 */
1125token_t *au_to_exec_args(const char **args)
1126{
1127 token_t *t;
1128 u_char *dptr;
1129 const char *nextarg;
1130 int i, count = 0;
1131 size_t totlen = 0;
1132
1133 if(args == NULL) {
1134 return NULL;
1135 }
1136
1137 nextarg = *args;
1138
1139 while(nextarg != NULL) {
1140 int nextlen;
1141
1142 nextlen = strlen(nextarg);
55e303ae
A		 1143 totlen += nextlen + 1;
1144 count++;
1145 nextarg = *(args + count);
1146 }
1147
1148
1149 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1150 if(t == NULL) {
1151 return NULL;
1152 }
1153
1154 ADD_U_CHAR(dptr, AU_EXEC_ARG_TOKEN);
1155 ADD_U_INT32(dptr, count);
1156
1157 for(i =0; i< count; i++) {
1158 nextarg = *(args + i);
1159 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
1160 }
1161
1162 return t;
1163}
1164
1165
1166/*
1167 * token ID 1 byte
1168 * count 4 bytes
1169 * text count null-terminated strings
1170 */
1171token_t *au_to_exec_env(const char **env)
1172{
1173 token_t *t;
1174 u_char *dptr;
1175 int i, count = 0;
1176 size_t totlen = 0;
1177 const char *nextenv;
1178
1179 if(env == NULL) {
1180 return NULL;
1181 }
1182
1183 nextenv = *env;
1184
1185 while(nextenv != NULL) {
1186 int nextlen;
1187
1188 nextlen = strlen(nextenv);
55e303ae
A		 1189 totlen += nextlen + 1;
1190 count++;
1191 nextenv = *(env + count);
1192 }
1193
1194
1195 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1196 if(t == NULL) {
1197 return NULL;
1198 }
1199
1200 ADD_U_CHAR(dptr, AU_EXEC_ENV_TOKEN);
1201 ADD_U_INT32(dptr, count);
1202
1203 for(i =0; i< count; i++) {
1204 nextenv = *(env + i);
1205 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
1206 }
1207
1208 return t;
1209}
1210
1211
55e303ae
A		 1212/*
1213 * Kernel version of the BSM header token functions. These versions take
1214 * a timespec struct as an additional parameter in order to obtain the
1215 * create time value for the BSM audit record.
1216 * token ID 1 byte
1217 * record byte count 4 bytes
1218 * version # 1 byte [2]
1219 * event type 2 bytes
1220 * event modifier 2 bytes
1221 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1222 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1223 */
91447636 1224token_t *kau_to_header32(const struct timespec *ctime, int rec_size,
55e303ae
A		 1225 au_event_t e_type, au_emod_t e_mod)
1226{
1227 token_t *t;
1228 u_char *dptr;
1229 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
1230
1231 GET_TOKEN_AREA(t, dptr, 18);
1232 if(t == NULL) {
1233 return NULL;
1234 }
1235
1236 ADD_U_CHAR(dptr, AU_HEADER_32_TOKEN);
1237 ADD_U_INT32(dptr, rec_size);
1238 ADD_U_CHAR(dptr, HEADER_VERSION);
1239 ADD_U_INT16(dptr, e_type);
1240 ADD_U_INT16(dptr, e_mod);
1241
1242 /* Add the timestamp */
1243 ADD_U_INT32(dptr, ctime->tv_sec);
1244 ADD_U_INT32(dptr, timems);
1245
1246 return t;
1247}
1248
91447636
A		 1249token_t *kau_to_header64(
1250 __unused const struct timespec *ctime,
1251 __unused int rec_size,
1252 __unused au_event_t e_type,
1253 __unused au_emod_t e_mod)
55e303ae 1254{
e5568f75 1255 return NULL;
55e303ae 1256}
91447636
A		 1257
1258token_t *kau_to_header(const struct timespec *ctime, int rec_size,
55e303ae
A		 1259 au_event_t e_type, au_emod_t e_mod)
1260{
1261 return kau_to_header32(ctime, rec_size, e_type, e_mod);
1262}
1263
55e303ae
A		 1264/*
1265 * token ID 1 byte
1266 * trailer magic number 2 bytes
1267 * record byte count 4 bytes
1268 */
1269token_t *au_to_trailer(int rec_size)
1270{
1271 token_t *t;
1272 u_char *dptr;
1273 u_int16_t magic = TRAILER_PAD_MAGIC;
1274
1275
1276 GET_TOKEN_AREA(t, dptr, 7);
1277 if(t == NULL) {
1278 return NULL;
1279 }
1280
1281 ADD_U_CHAR(dptr, AU_TRAILER_TOKEN);
1282 ADD_U_INT16(dptr, magic);
1283 ADD_U_INT32(dptr, rec_size);
1284
1285 return t;
1286
1287}
1288
mirror of XNU