]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/kern_bsm_token.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-517.tar.gz
[apple/xnu.git] / bsd / kern / kern_bsm_token.c
1 /*
2 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25 #include <sys/types.h>
26 #include <sys/bsm_token.h>
27 #include <sys/audit.h>
28 #include <sys/un.h>
29 #include <kern/clock.h>
30
31 #define GET_TOKEN_AREA(tok, dptr, length) \
32 do {\
33 kmem_alloc(kernel_map, &tok, sizeof(*tok)); \
34 if(tok != NULL)\
35 {\
36 tok->len = length;\
37 kmem_alloc(kernel_map, &tok->t_data, \
38 length * sizeof(u_char));\
39 if((dptr = tok->t_data) == NULL)\
40 {\
41 kmem_free(kernel_map, tok, sizeof(*tok));\
42 tok = NULL;\
43 }\
44 else\
45 {\
46 memset(dptr, 0, length);\
47 }\
48 }\
49 }while(0)
50
51
52
53 /*
54 * token ID 1 byte
55 * argument # 1 byte
56 * argument value 4 bytes/8 bytes (32-bit/64-bit value)
57 * text length 2 bytes
58 * text N bytes + 1 terminating NULL byte
59 */
60 token_t *au_to_arg32(char n, char *text, u_int32_t v)
61 {
62 token_t *t;
63 u_char *dptr;
64 u_int16_t textlen;
65
66 if(text == NULL) {
67 return NULL;
68 }
69
70 /* Make sure that text is null terminated */
71 textlen = strlen(text);
72 if(text[textlen] != '\0') {
73 return NULL;
74 }
75
76 GET_TOKEN_AREA(t, dptr, 9 + textlen);
77 if(t == NULL) {
78 return NULL;
79 }
80
81 textlen += 1;
82
83 ADD_U_CHAR(dptr, AU_ARG32_TOKEN);
84 ADD_U_CHAR(dptr, n);
85 ADD_U_INT32(dptr, v);
86 ADD_U_INT16(dptr, textlen);
87 ADD_STRING(dptr, text, textlen);
88
89 return t;
90
91 }
92
93 token_t *au_to_arg64(char n, char *text, u_int64_t v)
94 {
95 token_t *t;
96 u_char *dptr;
97 u_int16_t textlen;
98
99 if(text == NULL) {
100 return NULL;
101 }
102
103 /* Make sure that text is null terminated */
104 textlen = strlen(text);
105 if(text[textlen] != '\0') {
106 return NULL;
107 }
108
109 GET_TOKEN_AREA(t, dptr, 13 + textlen);
110 if(t == NULL) {
111 return NULL;
112 }
113
114 textlen += 1;
115
116 ADD_U_CHAR(dptr, AU_ARG64_TOKEN);
117 ADD_U_CHAR(dptr, n);
118 ADD_U_INT64(dptr, v);
119 ADD_U_INT16(dptr, textlen);
120 ADD_STRING(dptr, text, textlen);
121
122 return t;
123
124 }
125
126 token_t *au_to_arg(char n, char *text, u_int32_t v)
127 {
128 return au_to_arg32(n, text, v);
129 }
130
131 /*
132 * token ID 1 byte
133 * file access mode 4 bytes
134 * owner user ID 4 bytes
135 * owner group ID 4 bytes
136 * file system ID 4 bytes
137 * node ID 8 bytes
138 * device 4 bytes/8 bytes (32-bit/64-bit)
139 */
140 token_t *au_to_attr32(struct vattr *attr)
141 {
142 token_t *t;
143 u_char *dptr;
144
145 if(attr == NULL) {
146 return NULL;
147 }
148
149
150 GET_TOKEN_AREA(t, dptr, 29);
151 if(t == NULL) {
152 return NULL;
153 }
154
155 ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
156 ADD_U_INT32(dptr, attr->va_mode);
157 ADD_U_INT32(dptr, attr->va_uid);
158 ADD_U_INT32(dptr, attr->va_gid);
159 ADD_U_INT32(dptr, attr->va_fsid);
160 ADD_U_INT64(dptr, attr->va_fileid);
161 ADD_U_INT32(dptr, attr->va_rdev);
162
163 return t;
164 }
165
166 token_t *au_to_attr64(struct vattr *attr)
167 {
168 token_t *t;
169 u_char *dptr;
170
171 if(attr == NULL) {
172 return NULL;
173 }
174
175
176 GET_TOKEN_AREA(t, dptr, 33);
177 if(t == NULL) {
178 return NULL;
179 }
180
181 ADD_U_CHAR(dptr, AU_ATTR64_TOKEN);
182 ADD_U_INT32(dptr, attr->va_mode);
183 ADD_U_INT32(dptr, attr->va_uid);
184 ADD_U_INT32(dptr, attr->va_gid);
185 ADD_U_INT32(dptr, attr->va_fsid);
186 ADD_U_INT64(dptr, attr->va_fileid);
187 ADD_U_INT64(dptr, attr->va_rdev);
188
189 return t;
190 }
191
192 token_t *au_to_attr(struct vattr *attr)
193 {
194 return au_to_attr32(attr);
195
196 }
197
198
199 /*
200 * token ID 1 byte
201 * how to print 1 byte
202 * basic unit 1 byte
203 * unit count 1 byte
204 * data items (depends on basic unit)
205 */
206 token_t *au_to_data(char unit_print, char unit_type,
207 char unit_count, char *p)
208 {
209 token_t *t;
210 u_char *dptr;
211 size_t datasize, totdata;
212
213 if(p == NULL) {
214 return NULL;
215 }
216
217 /* Determine the size of the basic unit */
218 switch(unit_type) {
219 case AUR_BYTE: datasize = AUR_BYTE_SIZE;
220 break;
221
222 case AUR_SHORT: datasize = AUR_SHORT_SIZE;
223 break;
224
225 case AUR_LONG: datasize = AUR_LONG_SIZE;
226 break;
227
228 default: return NULL;
229 }
230
231 totdata = datasize * unit_count;
232
233 GET_TOKEN_AREA(t, dptr, totdata + 4);
234 if(t == NULL) {
235 return NULL;
236 }
237
238 ADD_U_CHAR(dptr, AU_ARB_TOKEN);
239 ADD_U_CHAR(dptr, unit_print);
240 ADD_U_CHAR(dptr, unit_type);
241 ADD_U_CHAR(dptr, unit_count);
242 ADD_MEM(dptr, p, totdata);
243
244 return t;
245 }
246
247
248 /*
249 * token ID 1 byte
250 * status 4 bytes
251 * return value 4 bytes
252 */
253 token_t *au_to_exit(int retval, int err)
254 {
255 token_t *t;
256 u_char *dptr;
257
258 GET_TOKEN_AREA(t, dptr, 9);
259 if(t == NULL) {
260 return NULL;
261 }
262
263 ADD_U_CHAR(dptr, AU_EXIT_TOKEN);
264 ADD_U_INT32(dptr, err);
265 ADD_U_INT32(dptr, retval);
266
267 return t;
268 }
269
270 /*
271 */
272 token_t *au_to_groups(int *groups)
273 {
274 return au_to_newgroups(MAX_GROUPS, groups);
275 }
276
277 /*
278 * token ID 1 byte
279 * number groups 2 bytes
280 * group list count * 4 bytes
281 */
282 token_t *au_to_newgroups(u_int16_t n, gid_t *groups)
283 {
284 token_t *t;
285 u_char *dptr;
286 int i;
287
288 if(groups == NULL) {
289 return NULL;
290 }
291
292 GET_TOKEN_AREA(t, dptr, n * 4 + 3);
293 if(t == NULL) {
294 return NULL;
295 }
296
297 ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN);
298 ADD_U_INT16(dptr, n);
299 for(i = 0; i < n; i++) {
300 ADD_U_INT32(dptr, groups[i]);
301 }
302
303 return t;
304 }
305
306
307
308
309 /*
310 * token ID 1 byte
311 * internet address 4 bytes
312 */
313 token_t *au_to_in_addr(struct in_addr *internet_addr)
314 {
315 token_t *t;
316 u_char *dptr;
317
318 if(internet_addr == NULL) {
319 return NULL;
320 }
321
322 GET_TOKEN_AREA(t, dptr, 5);
323 if(t == NULL) {
324 return NULL;
325 }
326
327 ADD_U_CHAR(dptr, AU_IN_ADDR_TOKEN);
328 ADD_U_INT32(dptr, internet_addr->s_addr);
329
330 return t;
331 }
332
333 /*
334 * token ID 1 byte
335 * address type/length 4 bytes
336 * Address 16 bytes
337 */
338 token_t *au_to_in_addr_ex(struct in6_addr *internet_addr)
339 {
340 token_t *t;
341 u_char *dptr;
342
343 if(internet_addr == NULL) {
344 return NULL;
345 }
346
347 GET_TOKEN_AREA(t, dptr, 21);
348 if(t == NULL) {
349 return NULL;
350 }
351
352 ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN);
353 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
354 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
355 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
356 ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]);
357
358 return t;
359 }
360
361 /*
362 * token ID 1 byte
363 * ip header 20 bytes
364 */
365 token_t *au_to_ip(struct ip *ip)
366 {
367 token_t *t;
368 u_char *dptr;
369
370 if(ip == NULL) {
371 return NULL;
372 }
373
374 GET_TOKEN_AREA(t, dptr, 21);
375 if(t == NULL) {
376 return NULL;
377 }
378
379 ADD_U_CHAR(dptr, AU_IP_TOKEN);
380 ADD_MEM(dptr, ip, sizeof(struct ip));
381
382 return t;
383 }
384
385 /*
386 * token ID 1 byte
387 * object ID type 1 byte
388 * object ID 4 bytes
389 */
390 token_t *au_to_ipc(char type, int id)
391 {
392 token_t *t;
393 u_char *dptr;
394
395
396 GET_TOKEN_AREA(t, dptr, 6);
397 if(t == NULL) {
398 return NULL;
399 }
400
401 ADD_U_CHAR(dptr, AU_IPC_TOKEN);
402 ADD_U_CHAR(dptr, type);
403 ADD_U_INT32(dptr, id);
404
405 return t;
406 }
407
408 /*
409 * token ID 1 byte
410 * owner user ID 4 bytes
411 * owner group ID 4 bytes
412 * creator user ID 4 bytes
413 * creator group ID 4 bytes
414 * access mode 4 bytes
415 * slot sequence # 4 bytes
416 * key 4 bytes
417 */
418 token_t *au_to_ipc_perm(struct ipc_perm *perm)
419 {
420 token_t *t;
421 u_char *dptr;
422
423 if(perm == NULL) {
424 return NULL;
425 }
426
427 GET_TOKEN_AREA(t, dptr, 29);
428 if(t == NULL) {
429 return NULL;
430 }
431
432 ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
433 ADD_U_INT32(dptr, perm->uid);
434 ADD_U_INT32(dptr, perm->gid);
435 ADD_U_INT32(dptr, perm->cuid);
436 ADD_U_INT32(dptr, perm->cgid);
437 ADD_U_INT32(dptr, perm->mode);
438 ADD_U_INT32(dptr, perm->seq);
439 ADD_U_INT32(dptr, perm->key);
440
441 return t;
442 }
443
444
445 /*
446 * token ID 1 byte
447 * port IP address 2 bytes
448 */
449 token_t *au_to_iport(u_int16_t iport)
450 {
451 token_t *t;
452 u_char *dptr;
453
454
455 GET_TOKEN_AREA(t, dptr, 3);
456 if(t == NULL) {
457 return NULL;
458 }
459
460 ADD_U_CHAR(dptr, AU_IPORT_TOKEN);
461 ADD_U_INT16(dptr, iport);
462
463 return t;
464 }
465
466
467 /*
468 * token ID 1 byte
469 * size 2 bytes
470 * data size bytes
471 */
472 token_t *au_to_opaque(char *data, u_int16_t bytes)
473 {
474 token_t *t;
475 u_char *dptr;
476
477 if((data == NULL) || (bytes <= 0)) {
478 return NULL;
479 }
480
481 GET_TOKEN_AREA(t, dptr, bytes + 3);
482 if(t == NULL) {
483 return NULL;
484 }
485
486 ADD_U_CHAR(dptr, AU_OPAQUE_TOKEN);
487 ADD_U_INT16(dptr, bytes);
488 ADD_MEM(dptr, data, bytes);
489
490 return t;
491 }
492
493 #ifdef KERNEL
494 /*
495 * Kernel version of the add file token function, where the time value
496 * is passed in as an additional parameter.
497 * token ID 1 byte
498 * seconds of time 4 bytes
499 * milliseconds of time 4 bytes
500 * file name len 2 bytes
501 * file pathname N bytes + 1 terminating NULL byte
502 */
503 token_t *kau_to_file(char *file, struct timeval *tv)
504 {
505 token_t *t;
506 u_char *dptr;
507 u_int16_t filelen;
508 u_int32_t timems = tv->tv_usec/1000; /* We need time in ms */
509
510 if(file == NULL) {
511 return NULL;
512 }
513 /* Make sure that text is null terminated */
514 filelen = strlen(file);
515 if(file[filelen] != '\0') {
516 return NULL;
517 }
518
519 GET_TOKEN_AREA(t, dptr, filelen + 12);
520 if(t == NULL) {
521 return NULL;
522 }
523
524 filelen += 1;
525
526 ADD_U_CHAR(dptr, AU_FILE_TOKEN);
527
528 /* Add the timestamp */
529 ADD_U_INT32(dptr, tv->tv_sec);
530 ADD_U_INT32(dptr, timems);
531
532 ADD_U_INT16(dptr, filelen);
533 ADD_STRING(dptr, file, filelen);
534
535 return t;
536
537 }
538 #endif
539
540 /*
541 * token ID 1 byte
542 * text length 2 bytes
543 * text N bytes + 1 terminating NULL byte
544 */
545 token_t *au_to_text(char *text)
546 {
547 token_t *t;
548 u_char *dptr;
549 u_int16_t textlen;
550
551 if(text == NULL) {
552 return NULL;
553 }
554 /* Make sure that text is null terminated */
555 textlen = strlen(text);
556 if(text[textlen] != '\0') {
557 return NULL;
558 }
559
560 GET_TOKEN_AREA(t, dptr, textlen + 4);
561 if(t == NULL) {
562 return NULL;
563 }
564
565 textlen += 1;
566
567 ADD_U_CHAR(dptr, AU_TEXT_TOKEN);
568 ADD_U_INT16(dptr, textlen);
569 ADD_STRING(dptr, text, textlen);
570
571 return t;
572 }
573
574 /*
575 * token ID 1 byte
576 * path length 2 bytes
577 * path N bytes + 1 terminating NULL byte
578 */
579 token_t *au_to_path(char *text)
580 {
581 token_t *t;
582 u_char *dptr;
583 u_int16_t textlen;
584
585 if(text == NULL) {
586 return NULL;
587 }
588 /* Make sure that text is null terminated */
589 textlen = strlen(text);
590 if(text[textlen] != '\0') {
591 return NULL;
592 }
593
594 GET_TOKEN_AREA(t, dptr, textlen + 4);
595 if(t == NULL) {
596 return NULL;
597 }
598
599 textlen += 1;
600
601 ADD_U_CHAR(dptr, AU_PATH_TOKEN);
602 ADD_U_INT16(dptr, textlen);
603 ADD_STRING(dptr, text, textlen);
604
605 return t;
606 }
607
608 /*
609 * token ID 1 byte
610 * audit ID 4 bytes
611 * effective user ID 4 bytes
612 * effective group ID 4 bytes
613 * real user ID 4 bytes
614 * real group ID 4 bytes
615 * process ID 4 bytes
616 * session ID 4 bytes
617 * terminal ID
618 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
619 * machine address 4 bytes
620 */
621 token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
622 uid_t ruid, gid_t rgid, pid_t pid,
623 au_asid_t sid, au_tid_t *tid)
624 {
625 token_t *t;
626 u_char *dptr;
627
628 if(tid == NULL) {
629 return NULL;
630 }
631
632 GET_TOKEN_AREA(t, dptr, 37);
633 if(t == NULL) {
634 return NULL;
635 }
636
637 ADD_U_CHAR(dptr, AU_PROCESS_32_TOKEN);
638 ADD_U_INT32(dptr, auid);
639 ADD_U_INT32(dptr, euid);
640 ADD_U_INT32(dptr, egid);
641 ADD_U_INT32(dptr, ruid);
642 ADD_U_INT32(dptr, rgid);
643 ADD_U_INT32(dptr, pid);
644 ADD_U_INT32(dptr, sid);
645 ADD_U_INT32(dptr, tid->port);
646 ADD_U_INT32(dptr, tid->machine);
647
648 return t;
649 }
650
651 token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
652 uid_t ruid, gid_t rgid, pid_t pid,
653 au_asid_t sid, au_tid_t *tid)
654 {
655 token_t *t;
656 u_char *dptr;
657
658 if(tid == NULL) {
659 return NULL;
660 }
661
662 GET_TOKEN_AREA(t, dptr, 41);
663 if(t == NULL) {
664 return NULL;
665 }
666
667 ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN);
668 ADD_U_INT32(dptr, auid);
669 ADD_U_INT32(dptr, euid);
670 ADD_U_INT32(dptr, egid);
671 ADD_U_INT32(dptr, ruid);
672 ADD_U_INT32(dptr, rgid);
673 ADD_U_INT32(dptr, pid);
674 ADD_U_INT32(dptr, sid);
675 ADD_U_INT64(dptr, tid->port);
676 ADD_U_INT32(dptr, tid->machine);
677
678 return t;
679 }
680
681 token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
682 uid_t ruid, gid_t rgid, pid_t pid,
683 au_asid_t sid, au_tid_t *tid)
684 {
685 return au_to_process32(auid, euid, egid, ruid, rgid, pid,
686 sid, tid);
687 }
688
689
690 /*
691 * token ID 1 byte
692 * audit ID 4 bytes
693 * effective user ID 4 bytes
694 * effective group ID 4 bytes
695 * real user ID 4 bytes
696 * real group ID 4 bytes
697 * process ID 4 bytes
698 * session ID 4 bytes
699 * terminal ID
700 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
701 * address type-len 4 bytes
702 * machine address 16 bytes
703 */
704 token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
705 uid_t ruid, gid_t rgid, pid_t pid,
706 au_asid_t sid, au_tid_addr_t *tid)
707 {
708 token_t *t;
709 u_char *dptr;
710
711 if(tid == NULL) {
712 return NULL;
713 }
714
715 GET_TOKEN_AREA(t, dptr, 53);
716 if(t == NULL) {
717 return NULL;
718 }
719
720 ADD_U_CHAR(dptr, AU_PROCESS_32_EX_TOKEN);
721 ADD_U_INT32(dptr, auid);
722 ADD_U_INT32(dptr, euid);
723 ADD_U_INT32(dptr, egid);
724 ADD_U_INT32(dptr, ruid);
725 ADD_U_INT32(dptr, rgid);
726 ADD_U_INT32(dptr, pid);
727 ADD_U_INT32(dptr, sid);
728 ADD_U_INT32(dptr, tid->at_port);
729 ADD_U_INT32(dptr, tid->at_type);
730 ADD_U_INT32(dptr, tid->at_addr[0]);
731 ADD_U_INT32(dptr, tid->at_addr[1]);
732 ADD_U_INT32(dptr, tid->at_addr[2]);
733 ADD_U_INT32(dptr, tid->at_addr[3]);
734
735 return t;
736 }
737
738 token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid,
739 uid_t ruid, gid_t rgid, pid_t pid,
740 au_asid_t sid, au_tid_addr_t *tid)
741 {
742 token_t *t;
743 u_char *dptr;
744
745 if(tid == NULL) {
746 return NULL;
747 }
748
749 GET_TOKEN_AREA(t, dptr, 57);
750 if(t == NULL) {
751 return NULL;
752 }
753
754 ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN);
755 ADD_U_INT32(dptr, auid);
756 ADD_U_INT32(dptr, euid);
757 ADD_U_INT32(dptr, egid);
758 ADD_U_INT32(dptr, ruid);
759 ADD_U_INT32(dptr, rgid);
760 ADD_U_INT32(dptr, pid);
761 ADD_U_INT32(dptr, sid);
762 ADD_U_INT64(dptr, tid->at_port);
763 ADD_U_INT32(dptr, tid->at_type);
764 ADD_U_INT32(dptr, tid->at_addr[0]);
765 ADD_U_INT32(dptr, tid->at_addr[1]);
766 ADD_U_INT32(dptr, tid->at_addr[2]);
767 ADD_U_INT32(dptr, tid->at_addr[3]);
768
769 return t;
770 }
771
772 token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
773 uid_t ruid, gid_t rgid, pid_t pid,
774 au_asid_t sid, au_tid_addr_t *tid)
775 {
776 return au_to_process32_ex(auid, euid, egid, ruid, rgid,
777 pid, sid, tid);
778 }
779
780 /*
781 * token ID 1 byte
782 * error status 1 byte
783 * return value 4 bytes/8 bytes (32-bit/64-bit value)
784 */
785 token_t *au_to_return32(char status, u_int32_t ret)
786 {
787 token_t *t;
788 u_char *dptr;
789
790
791 GET_TOKEN_AREA(t, dptr, 6);
792 if(t == NULL) {
793 return NULL;
794 }
795
796 ADD_U_CHAR(dptr, AU_RETURN_32_TOKEN);
797 ADD_U_CHAR(dptr, status);
798 ADD_U_INT32(dptr, ret);
799
800 return t;
801 }
802
803 token_t *au_to_return64(char status, u_int64_t ret)
804 {
805 token_t *t;
806 u_char *dptr;
807
808
809 GET_TOKEN_AREA(t, dptr, 10);
810 if(t == NULL) {
811 return NULL;
812 }
813
814 ADD_U_CHAR(dptr, AU_RETURN_64_TOKEN);
815 ADD_U_CHAR(dptr, status);
816 ADD_U_INT64(dptr, ret);
817
818 return t;
819 }
820
821 token_t *au_to_return(char status, u_int32_t ret)
822 {
823 return au_to_return32(status, ret);
824 }
825
826 /*
827 * token ID 1 byte
828 * sequence number 4 bytes
829 */
830 token_t *au_to_seq(long audit_count)
831 {
832 token_t *t;
833 u_char *dptr;
834
835
836 GET_TOKEN_AREA(t, dptr, 5);
837 if(t == NULL) {
838 return NULL;
839 }
840
841 ADD_U_CHAR(dptr, AU_SEQ_TOKEN);
842 ADD_U_INT32(dptr, audit_count);
843
844 return t;
845 }
846
847 /*
848 * token ID 1 byte
849 * socket type 2 bytes
850 * remote port 2 bytes
851 * remote Internet address 4 bytes
852 */
853 token_t *au_to_socket(struct socket *so)
854 {
855 return au_to_socket_ex_32(so);
856 }
857
858 /*
859 * token ID 1 byte
860 * socket type 2 bytes
861 * local port 2 bytes
862 * address type/length 4 bytes
863 * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
864 * remote port 4 bytes
865 * address type/length 4 bytes
866 * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
867 */
868 token_t *au_to_socket_ex_32(struct socket *so)
869 {
870 return NULL;
871 }
872 token_t *au_to_socket_ex_128(struct socket *so)
873 {
874 return NULL;
875 }
876
877 /*
878 * token ID 1 byte
879 * socket family 2 bytes
880 * local port 2 bytes
881 * socket address 4 bytes
882 */
883 token_t *au_to_sock_inet32(struct sockaddr_in *so)
884 {
885 token_t *t;
886 u_char *dptr;
887
888 if(so == NULL) {
889 return NULL;
890 }
891
892 GET_TOKEN_AREA(t, dptr, 9);
893 if(t == NULL) {
894 return NULL;
895 }
896
897 ADD_U_CHAR(dptr, AU_SOCK_INET_32_TOKEN);
898 /* In Darwin, sin_family is one octet, but BSM defines the token
899 * to store two. So we copy in a 0 first.
900 */
901 ADD_U_CHAR(dptr, 0);
902 ADD_U_CHAR(dptr, so->sin_family);
903 ADD_U_INT16(dptr, so->sin_port);
904 ADD_U_INT32(dptr, so->sin_addr.s_addr);
905
906 return t;
907
908 }
909
910 token_t *au_to_sock_inet128(struct sockaddr_in6 *so)
911 {
912 token_t *t;
913 u_char *dptr;
914
915 if(so == NULL) {
916 return NULL;
917 }
918
919 GET_TOKEN_AREA(t, dptr, 21);
920 if(t == NULL) {
921 return NULL;
922 }
923
924 ADD_U_CHAR(dptr, AU_SOCK_INET_128_TOKEN);
925 /* In Darwin, sin_family is one octet, but BSM defines the token
926 * to store two. So we copy in a 0 first.
927 */
928 ADD_U_CHAR(dptr, 0);
929 ADD_U_CHAR(dptr, so->sin6_family);
930 ADD_U_INT16(dptr, so->sin6_port);
931 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]);
932 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]);
933 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]);
934 ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]);
935
936 return t;
937
938
939
940 }
941
942 /*
943 * token ID 1 byte
944 * socket family 2 bytes
945 * path 104 bytes
946 */
947 token_t *au_to_sock_unix(struct sockaddr_un *so)
948 {
949 token_t *t;
950 u_char *dptr;
951
952 if(so == NULL) {
953 return NULL;
954 }
955
956 GET_TOKEN_AREA(t, dptr, 107);
957 if(t == NULL) {
958 return NULL;
959 }
960
961 ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN);
962 /* BSM token has two bytes for family */
963 ADD_U_CHAR(dptr, 0);
964 ADD_U_CHAR(dptr, so->sun_family);
965 ADD_STRING(dptr, so->sun_path, strlen(so->sun_path));
966
967 return t;
968
969 }
970
971 token_t *au_to_sock_inet(struct sockaddr_in *so)
972 {
973 return au_to_sock_inet32(so);
974 }
975
976 /*
977 * token ID 1 byte
978 * audit ID 4 bytes
979 * effective user ID 4 bytes
980 * effective group ID 4 bytes
981 * real user ID 4 bytes
982 * real group ID 4 bytes
983 * process ID 4 bytes
984 * session ID 4 bytes
985 * terminal ID
986 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
987 * machine address 4 bytes
988 */
989 token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
990 uid_t ruid, gid_t rgid, pid_t pid,
991 au_asid_t sid, au_tid_t *tid)
992 {
993 token_t *t;
994 u_char *dptr;
995
996 if(tid == NULL) {
997 return NULL;
998 }
999
1000 GET_TOKEN_AREA(t, dptr, 37);
1001 if(t == NULL) {
1002 return NULL;
1003 }
1004
1005 ADD_U_CHAR(dptr, AU_SUBJECT_32_TOKEN);
1006 ADD_U_INT32(dptr, auid);
1007 ADD_U_INT32(dptr, euid);
1008 ADD_U_INT32(dptr, egid);
1009 ADD_U_INT32(dptr, ruid);
1010 ADD_U_INT32(dptr, rgid);
1011 ADD_U_INT32(dptr, pid);
1012 ADD_U_INT32(dptr, sid);
1013 ADD_U_INT32(dptr, tid->port);
1014 ADD_U_INT32(dptr, tid->machine);
1015
1016 return t;
1017 }
1018
1019 token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
1020 uid_t ruid, gid_t rgid, pid_t pid,
1021 au_asid_t sid, au_tid_t *tid)
1022 {
1023 token_t *t;
1024 u_char *dptr;
1025
1026 if(tid == NULL) {
1027 return NULL;
1028 }
1029
1030 GET_TOKEN_AREA(t, dptr, 41);
1031 if(t == NULL) {
1032 return NULL;
1033 }
1034
1035 ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN);
1036 ADD_U_INT32(dptr, auid);
1037 ADD_U_INT32(dptr, euid);
1038 ADD_U_INT32(dptr, egid);
1039 ADD_U_INT32(dptr, ruid);
1040 ADD_U_INT32(dptr, rgid);
1041 ADD_U_INT32(dptr, pid);
1042 ADD_U_INT32(dptr, sid);
1043 ADD_U_INT64(dptr, tid->port);
1044 ADD_U_INT32(dptr, tid->machine);
1045
1046 return t;
1047 }
1048
1049 token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
1050 uid_t ruid, gid_t rgid, pid_t pid,
1051 au_asid_t sid, au_tid_t *tid)
1052 {
1053 return au_to_subject32(auid, euid, egid, ruid, rgid,
1054 pid, sid, tid);
1055
1056 }
1057
1058 /*
1059 * token ID 1 byte
1060 * audit ID 4 bytes
1061 * effective user ID 4 bytes
1062 * effective group ID 4 bytes
1063 * real user ID 4 bytes
1064 * real group ID 4 bytes
1065 * process ID 4 bytes
1066 * session ID 4 bytes
1067 * terminal ID
1068 * port ID 4 bytes/8 bytes (32-bit/64-bit value)
1069 * address type/length 4 bytes
1070 * machine address 16 bytes
1071 */
1072 token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
1073 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1074 au_asid_t sid, au_tid_addr_t *tid)
1075 {
1076 token_t *t;
1077 u_char *dptr;
1078
1079 if(tid == NULL) {
1080 return NULL;
1081 }
1082
1083 GET_TOKEN_AREA(t, dptr, 53);
1084 if(t == NULL) {
1085 return NULL;
1086 }
1087
1088 ADD_U_CHAR(dptr, AU_SUBJECT_32_EX_TOKEN);
1089 ADD_U_INT32(dptr, auid);
1090 ADD_U_INT32(dptr, euid);
1091 ADD_U_INT32(dptr, egid);
1092 ADD_U_INT32(dptr, ruid);
1093 ADD_U_INT32(dptr, rgid);
1094 ADD_U_INT32(dptr, pid);
1095 ADD_U_INT32(dptr, sid);
1096 ADD_U_INT32(dptr, tid->at_port);
1097 ADD_U_INT32(dptr, tid->at_type);
1098 ADD_U_INT32(dptr, tid->at_addr[0]);
1099 ADD_U_INT32(dptr, tid->at_addr[1]);
1100 ADD_U_INT32(dptr, tid->at_addr[2]);
1101 ADD_U_INT32(dptr, tid->at_addr[3]);
1102
1103 return t;
1104 }
1105
1106 token_t *au_to_subject64_ex(au_id_t auid, uid_t euid,
1107 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1108 au_asid_t sid, au_tid_addr_t *tid)
1109 {
1110 token_t *t;
1111 u_char *dptr;
1112
1113 if(tid == NULL) {
1114 return NULL;
1115 }
1116
1117 GET_TOKEN_AREA(t, dptr, 57);
1118 if(t == NULL) {
1119 return NULL;
1120 }
1121
1122 ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN);
1123 ADD_U_INT32(dptr, auid);
1124 ADD_U_INT32(dptr, euid);
1125 ADD_U_INT32(dptr, egid);
1126 ADD_U_INT32(dptr, ruid);
1127 ADD_U_INT32(dptr, rgid);
1128 ADD_U_INT32(dptr, pid);
1129 ADD_U_INT32(dptr, sid);
1130 ADD_U_INT64(dptr, tid->at_port);
1131 ADD_U_INT32(dptr, tid->at_type);
1132 ADD_U_INT32(dptr, tid->at_addr[0]);
1133 ADD_U_INT32(dptr, tid->at_addr[1]);
1134 ADD_U_INT32(dptr, tid->at_addr[2]);
1135 ADD_U_INT32(dptr, tid->at_addr[3]);
1136
1137 return t;
1138 }
1139
1140 token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
1141 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
1142 au_asid_t sid, au_tid_addr_t *tid)
1143 {
1144 return au_to_subject32_ex(auid, euid, egid, ruid, rgid,
1145 pid, sid, tid);
1146
1147 }
1148
1149 /*
1150 * token ID 1 byte
1151 * count 4 bytes
1152 * text count null-terminated strings
1153 */
1154 token_t *au_to_exec_args(const char **args)
1155 {
1156 token_t *t;
1157 u_char *dptr;
1158 const char *nextarg;
1159 int i, count = 0;
1160 size_t totlen = 0;
1161
1162 if(args == NULL) {
1163 return NULL;
1164 }
1165
1166 nextarg = *args;
1167
1168 while(nextarg != NULL) {
1169 int nextlen;
1170
1171 nextlen = strlen(nextarg);
1172 if(nextarg[nextlen] != '\0') {
1173 return NULL;
1174 }
1175
1176 totlen += nextlen + 1;
1177 count++;
1178 nextarg = *(args + count);
1179 }
1180
1181
1182 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1183 if(t == NULL) {
1184 return NULL;
1185 }
1186
1187 ADD_U_CHAR(dptr, AU_EXEC_ARG_TOKEN);
1188 ADD_U_INT32(dptr, count);
1189
1190 for(i =0; i< count; i++) {
1191 nextarg = *(args + i);
1192 ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
1193 }
1194
1195 return t;
1196 }
1197
1198
1199 /*
1200 * token ID 1 byte
1201 * count 4 bytes
1202 * text count null-terminated strings
1203 */
1204 token_t *au_to_exec_env(const char **env)
1205 {
1206 token_t *t;
1207 u_char *dptr;
1208 int i, count = 0;
1209 size_t totlen = 0;
1210 const char *nextenv;
1211
1212 if(env == NULL) {
1213 return NULL;
1214 }
1215
1216 nextenv = *env;
1217
1218 while(nextenv != NULL) {
1219 int nextlen;
1220
1221 nextlen = strlen(nextenv);
1222 if(nextenv[nextlen] != '\0') {
1223 return NULL;
1224 }
1225
1226 totlen += nextlen + 1;
1227 count++;
1228 nextenv = *(env + count);
1229 }
1230
1231
1232 GET_TOKEN_AREA(t, dptr, 5 + totlen);
1233 if(t == NULL) {
1234 return NULL;
1235 }
1236
1237 ADD_U_CHAR(dptr, AU_EXEC_ENV_TOKEN);
1238 ADD_U_INT32(dptr, count);
1239
1240 for(i =0; i< count; i++) {
1241 nextenv = *(env + i);
1242 ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
1243 }
1244
1245 return t;
1246 }
1247
1248
1249 #ifdef KERNEL
1250 /*
1251 * Kernel version of the BSM header token functions. These versions take
1252 * a timespec struct as an additional parameter in order to obtain the
1253 * create time value for the BSM audit record.
1254 * token ID 1 byte
1255 * record byte count 4 bytes
1256 * version # 1 byte [2]
1257 * event type 2 bytes
1258 * event modifier 2 bytes
1259 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1260 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
1261 */
1262 token_t *kau_to_header32(struct timespec *ctime, int rec_size,
1263 au_event_t e_type, au_emod_t e_mod)
1264 {
1265 token_t *t;
1266 u_char *dptr;
1267 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
1268
1269 GET_TOKEN_AREA(t, dptr, 18);
1270 if(t == NULL) {
1271 return NULL;
1272 }
1273
1274 ADD_U_CHAR(dptr, AU_HEADER_32_TOKEN);
1275 ADD_U_INT32(dptr, rec_size);
1276 ADD_U_CHAR(dptr, HEADER_VERSION);
1277 ADD_U_INT16(dptr, e_type);
1278 ADD_U_INT16(dptr, e_mod);
1279
1280 /* Add the timestamp */
1281 ADD_U_INT32(dptr, ctime->tv_sec);
1282 ADD_U_INT32(dptr, timems);
1283
1284 return t;
1285 }
1286
1287 token_t *kau_to_header64(struct timespec *ctime, int rec_size,
1288 au_event_t e_type, au_emod_t e_mod)
1289 {
1290 token_t *t;
1291 u_char *dptr;
1292 u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
1293
1294 GET_TOKEN_AREA(t, dptr, 26);
1295 if(t == NULL) {
1296 return NULL;
1297 }
1298
1299 ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN);
1300 ADD_U_INT32(dptr, rec_size);
1301 ADD_U_CHAR(dptr, HEADER_VERSION);
1302 ADD_U_INT16(dptr, e_type);
1303 ADD_U_INT16(dptr, e_mod);
1304
1305 /* Add the timestamp */
1306 ADD_U_INT32(dptr, ctime->tv_sec);
1307 ADD_U_INT32(dptr, timems);
1308
1309 return t;
1310 }
1311
1312 token_t *kau_to_header(struct timespec *ctime, int rec_size,
1313 au_event_t e_type, au_emod_t e_mod)
1314 {
1315 return kau_to_header32(ctime, rec_size, e_type, e_mod);
1316 }
1317
1318 #endif
1319
1320 /*
1321 * token ID 1 byte
1322 * trailer magic number 2 bytes
1323 * record byte count 4 bytes
1324 */
1325 token_t *au_to_trailer(int rec_size)
1326 {
1327 token_t *t;
1328 u_char *dptr;
1329 u_int16_t magic = TRAILER_PAD_MAGIC;
1330
1331
1332 GET_TOKEN_AREA(t, dptr, 7);
1333 if(t == NULL) {
1334 return NULL;
1335 }
1336
1337 ADD_U_CHAR(dptr, AU_TRAILER_TOKEN);
1338 ADD_U_INT16(dptr, magic);
1339 ADD_U_INT32(dptr, rec_size);
1340
1341 return t;
1342
1343 }
1344
mirror of XNU