/*
- * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2003-2004 Apple Computer, Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* Please see the License for the specific language governing rights and
* limitations under the License.
*
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
+
#include <sys/types.h>
-#include <sys/bsm_token.h>
-#include <sys/audit.h>
#include <sys/un.h>
+#include <sys/event.h>
+#include <sys/ucred.h>
+
+#include <sys/ipc.h>
+#include <bsm/audit.h>
+#include <bsm/audit_record.h>
+#include <bsm/audit_klib.h>
+#include <bsm/audit_kernel.h>
+
#include <kern/clock.h>
+#include <kern/kalloc.h>
+
+#include <string.h>
#define GET_TOKEN_AREA(tok, dptr, length) \
do {\
- kmem_alloc(kernel_map, &tok, sizeof(*tok)); \
+ tok = (token_t *)kalloc(sizeof(*tok) + length); \
if(tok != NULL)\
{\
tok->len = length;\
- kmem_alloc(kernel_map, &tok->t_data, \
- length * sizeof(u_char));\
- if((dptr = tok->t_data) == NULL)\
- {\
- kmem_free(kernel_map, tok, sizeof(*tok));\
- tok = NULL;\
- }\
- else\
- {\
+ dptr = tok->t_data = (u_char *)&tok[1];\
memset(dptr, 0, length);\
}\
- }\
}while(0)
* text length 2 bytes
* text N bytes + 1 terminating NULL byte
*/
-token_t *au_to_arg32(char n, char *text, u_int32_t v)
+token_t *
+au_to_arg32(char n, const char *text, u_int32_t v)
{
token_t *t;
u_char *dptr;
return NULL;
}
- /* Make sure that text is null terminated */
textlen = strlen(text);
- if(text[textlen] != '\0') {
- return NULL;
- }
GET_TOKEN_AREA(t, dptr, 9 + textlen);
if(t == NULL) {
}
-token_t *au_to_arg64(char n, char *text, u_int64_t v)
+token_t *
+au_to_arg64(char n, const char *text, u_int64_t v)
{
token_t *t;
u_char *dptr;
return NULL;
}
- /* Make sure that text is null terminated */
textlen = strlen(text);
- if(text[textlen] != '\0') {
- return NULL;
- }
GET_TOKEN_AREA(t, dptr, 13 + textlen);
if(t == NULL) {
}
-token_t *au_to_arg(char n, char *text, u_int32_t v)
+token_t *
+au_to_arg(char n, char *text, u_int32_t v)
{
return au_to_arg32(n, text, v);
}
* node ID 8 bytes
* device 4 bytes/8 bytes (32-bit/64-bit)
*/
-token_t *au_to_attr32(struct vattr *attr)
+token_t *au_to_attr32(__unused struct vnode_attr *attr)
+{
+ return NULL;
+}
+
+/* Kernel-specific version of the above function */
+token_t *kau_to_attr32(struct vnode_au_info *vni)
{
token_t *t;
u_char *dptr;
+ u_int64_t fileid;
+ u_int16_t pad0_16 = 0;
+ u_int32_t pad0_32 = 0;
- if(attr == NULL) {
+ if(vni == NULL) {
return NULL;
}
-
GET_TOKEN_AREA(t, dptr, 29);
if(t == NULL) {
return NULL;
}
ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
- ADD_U_INT32(dptr, attr->va_mode);
- ADD_U_INT32(dptr, attr->va_uid);
- ADD_U_INT32(dptr, attr->va_gid);
- ADD_U_INT32(dptr, attr->va_fsid);
- ADD_U_INT64(dptr, attr->va_fileid);
- ADD_U_INT32(dptr, attr->va_rdev);
+
+ /*
+ * Darwin defines the size for the file mode as 2 bytes;
+ * BSM defines 4. So we copy in a 0 first.
+ */
+ ADD_U_INT16(dptr, pad0_16);
+ ADD_U_INT16(dptr, vni->vn_mode);
+
+ ADD_U_INT32(dptr, vni->vn_uid);
+ ADD_U_INT32(dptr, vni->vn_gid);
+ ADD_U_INT32(dptr, vni->vn_fsid);
+
+ /*
+ * Darwin defines the size for fileid as 4 bytes;
+ * BSM defines 8. So we copy in a 0 first.
+ */
+ fileid = vni->vn_fileid;
+ ADD_U_INT32(dptr, pad0_32);
+ ADD_U_INT32(dptr, fileid);
+
+ ADD_U_INT32(dptr, vni->vn_dev);
return t;
}
-token_t *au_to_attr64(struct vattr *attr)
+token_t *au_to_attr64(__unused struct vnode_attr *attr)
{
- token_t *t;
- u_char *dptr;
-
- if(attr == NULL) {
- return NULL;
- }
-
-
- GET_TOKEN_AREA(t, dptr, 33);
- if(t == NULL) {
- return NULL;
- }
-
- ADD_U_CHAR(dptr, AU_ATTR64_TOKEN);
- ADD_U_INT32(dptr, attr->va_mode);
- ADD_U_INT32(dptr, attr->va_uid);
- ADD_U_INT32(dptr, attr->va_gid);
- ADD_U_INT32(dptr, attr->va_fsid);
- ADD_U_INT64(dptr, attr->va_fileid);
- ADD_U_INT64(dptr, attr->va_rdev);
+ return NULL;
+}
- return t;
+token_t *kau_to_attr64(__unused struct vnode_au_info *vni)
+{
+ return NULL;
}
-token_t *au_to_attr(struct vattr *attr)
+token_t *au_to_attr(struct vnode_attr *attr)
{
return au_to_attr32(attr);
* data items (depends on basic unit)
*/
token_t *au_to_data(char unit_print, char unit_type,
- char unit_count, char *p)
+ char unit_count, unsigned char *p)
{
token_t *t;
u_char *dptr;
return t;
}
-
/*
* token ID 1 byte
* status 4 bytes
/*
*/
-token_t *au_to_groups(int *groups)
+token_t *
+au_to_groups(gid_t *groups)
{
return au_to_newgroups(MAX_GROUPS, groups);
}
{
token_t *t;
u_char *dptr;
+ u_int32_t type = AF_INET6;
if(internet_addr == NULL) {
return NULL;
}
ADD_U_CHAR(dptr, AU_IN_ADDR_EX_TOKEN);
+ ADD_U_INT32(dptr, type);
ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
{
token_t *t;
u_char *dptr;
+ u_int16_t pad0 = 0;
if(perm == NULL) {
return NULL;
return NULL;
}
+ /*
+ * Darwin defines the sizes for ipc_perm members
+ * as 2 bytes; BSM defines 4. So we copy in a 0 first.
+ */
ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
+
ADD_U_INT32(dptr, perm->uid);
ADD_U_INT32(dptr, perm->gid);
ADD_U_INT32(dptr, perm->cuid);
ADD_U_INT32(dptr, perm->cgid);
- ADD_U_INT32(dptr, perm->mode);
- ADD_U_INT32(dptr, perm->seq);
- ADD_U_INT32(dptr, perm->key);
+
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->mode);
+
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->_seq);
+
+ ADD_U_INT16(dptr, pad0);
+ ADD_U_INT16(dptr, perm->_key);
return t;
}
return t;
}
-#ifdef KERNEL
/*
* Kernel version of the add file token function, where the time value
* is passed in as an additional parameter.
* file name len 2 bytes
* file pathname N bytes + 1 terminating NULL byte
*/
-token_t *kau_to_file(char *file, struct timeval *tv)
+token_t *kau_to_file(const char *file, const struct timeval *tv)
{
token_t *t;
u_char *dptr;
if(file == NULL) {
return NULL;
}
- /* Make sure that text is null terminated */
filelen = strlen(file);
- if(file[filelen] != '\0') {
- return NULL;
- }
GET_TOKEN_AREA(t, dptr, filelen + 12);
if(t == NULL) {
return t;
}
-#endif
/*
* token ID 1 byte
* text length 2 bytes
* text N bytes + 1 terminating NULL byte
*/
-token_t *au_to_text(char *text)
+token_t *au_to_text(const char *text)
{
token_t *t;
u_char *dptr;
if(text == NULL) {
return NULL;
}
- /* Make sure that text is null terminated */
textlen = strlen(text);
- if(text[textlen] != '\0') {
- return NULL;
- }
GET_TOKEN_AREA(t, dptr, textlen + 4);
if(t == NULL) {
if(text == NULL) {
return NULL;
}
- /* Make sure that text is null terminated */
textlen = strlen(text);
- if(text[textlen] != '\0') {
- return NULL;
- }
GET_TOKEN_AREA(t, dptr, textlen + 4);
if(t == NULL) {
return t;
}
-token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid)
+token_t *au_to_process64(__unused au_id_t auid,
+ __unused uid_t euid,
+ __unused gid_t egid,
+ __unused uid_t ruid,
+ __unused gid_t rgid,
+ __unused pid_t pid,
+ __unused au_asid_t sid,
+ __unused au_tid_t *tid)
{
- token_t *t;
- u_char *dptr;
-
- if(tid == NULL) {
return NULL;
}
- GET_TOKEN_AREA(t, dptr, 41);
- if(t == NULL) {
- return NULL;
- }
-
- ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN);
- ADD_U_INT32(dptr, auid);
- ADD_U_INT32(dptr, euid);
- ADD_U_INT32(dptr, egid);
- ADD_U_INT32(dptr, ruid);
- ADD_U_INT32(dptr, rgid);
- ADD_U_INT32(dptr, pid);
- ADD_U_INT32(dptr, sid);
- ADD_U_INT64(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
-
- return t;
-}
-
token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_t *tid)
return t;
}
-token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid)
+token_t *au_to_process64_ex(
+ __unused au_id_t auid,
+ __unused uid_t euid,
+ __unused gid_t egid,
+ __unused uid_t ruid,
+ __unused gid_t rgid,
+ __unused pid_t pid,
+ __unused au_asid_t sid,
+ __unused au_tid_addr_t *tid)
{
- token_t *t;
- u_char *dptr;
-
- if(tid == NULL) {
- return NULL;
- }
-
- GET_TOKEN_AREA(t, dptr, 57);
- if(t == NULL) {
- return NULL;
- }
-
- ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN);
- ADD_U_INT32(dptr, auid);
- ADD_U_INT32(dptr, euid);
- ADD_U_INT32(dptr, egid);
- ADD_U_INT32(dptr, ruid);
- ADD_U_INT32(dptr, rgid);
- ADD_U_INT32(dptr, pid);
- ADD_U_INT32(dptr, sid);
- ADD_U_INT64(dptr, tid->at_port);
- ADD_U_INT32(dptr, tid->at_type);
- ADD_U_INT32(dptr, tid->at_addr[0]);
- ADD_U_INT32(dptr, tid->at_addr[1]);
- ADD_U_INT32(dptr, tid->at_addr[2]);
- ADD_U_INT32(dptr, tid->at_addr[3]);
-
- return t;
+ return NULL;
}
-
+
token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_addr_t *tid)
* token ID 1 byte
* sequence number 4 bytes
*/
-token_t *au_to_seq(long audit_count)
+token_t *au_to_seq(u_int32_t audit_count)
{
token_t *t;
u_char *dptr;
/*
* token ID 1 byte
* socket type 2 bytes
+ * local port 2 bytes
+ * local Internet address 4 bytes
* remote port 2 bytes
* remote Internet address 4 bytes
*/
-token_t *au_to_socket(struct socket *so)
+token_t *au_to_socket(__unused struct socket *so)
{
- return au_to_socket_ex_32(so);
+ return NULL;
+}
+
+/*
+ * Kernel-specific version of the above function.
+ */
+token_t *kau_to_socket(struct socket_au_info *soi)
+{
+ token_t *t;
+ u_char *dptr;
+ u_int16_t so_type;
+
+ if(soi == NULL) {
+ return NULL;
+ }
+
+ GET_TOKEN_AREA(t, dptr, 15);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_SOCK_TOKEN);
+ /* Coerce the socket type into a short value */
+ so_type = soi->so_type;
+ ADD_U_INT16(dptr, so_type);
+ ADD_U_INT16(dptr, soi->so_lport);
+ ADD_U_INT32(dptr, soi->so_laddr);
+ ADD_U_INT16(dptr, soi->so_rport);
+ ADD_U_INT32(dptr, soi->so_raddr);
+
+ return t;
}
/*
* address type/length 4 bytes
* remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
*/
-token_t *au_to_socket_ex_32(struct socket *so)
+token_t *au_to_socket_ex_32(
+ __unused u_int16_t lp,
+ __unused u_int16_t rp,
+ __unused struct sockaddr *la,
+ __unused struct sockaddr *ra)
{
return NULL;
}
-token_t *au_to_socket_ex_128(struct socket *so)
+
+token_t *au_to_socket_ex_128(
+ __unused u_int16_t lp,
+ __unused u_int16_t rp,
+ __unused struct sockaddr *la,
+ __unused struct sockaddr *ra)
{
return NULL;
}
return t;
}
-token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid)
+token_t *au_to_subject64(
+ __unused au_id_t auid,
+ __unused uid_t euid,
+ __unused gid_t egid,
+ __unused uid_t ruid,
+ __unused gid_t rgid,
+ __unused pid_t pid,
+ __unused au_asid_t sid,
+ __unused au_tid_t *tid)
{
- token_t *t;
- u_char *dptr;
-
- if(tid == NULL) {
- return NULL;
- }
-
- GET_TOKEN_AREA(t, dptr, 41);
- if(t == NULL) {
return NULL;
}
- ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN);
- ADD_U_INT32(dptr, auid);
- ADD_U_INT32(dptr, euid);
- ADD_U_INT32(dptr, egid);
- ADD_U_INT32(dptr, ruid);
- ADD_U_INT32(dptr, rgid);
- ADD_U_INT32(dptr, pid);
- ADD_U_INT32(dptr, sid);
- ADD_U_INT64(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
-
- return t;
-}
-
token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_t *tid)
return t;
}
-token_t *au_to_subject64_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid)
+token_t *au_to_subject64_ex(
+ __unused au_id_t auid,
+ __unused uid_t euid,
+ __unused gid_t egid,
+ __unused uid_t ruid,
+ __unused gid_t rgid,
+ __unused pid_t pid,
+ __unused au_asid_t sid,
+ __unused au_tid_addr_t *tid)
{
- token_t *t;
- u_char *dptr;
-
- if(tid == NULL) {
- return NULL;
- }
-
- GET_TOKEN_AREA(t, dptr, 57);
- if(t == NULL) {
- return NULL;
- }
-
- ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN);
- ADD_U_INT32(dptr, auid);
- ADD_U_INT32(dptr, euid);
- ADD_U_INT32(dptr, egid);
- ADD_U_INT32(dptr, ruid);
- ADD_U_INT32(dptr, rgid);
- ADD_U_INT32(dptr, pid);
- ADD_U_INT32(dptr, sid);
- ADD_U_INT64(dptr, tid->at_port);
- ADD_U_INT32(dptr, tid->at_type);
- ADD_U_INT32(dptr, tid->at_addr[0]);
- ADD_U_INT32(dptr, tid->at_addr[1]);
- ADD_U_INT32(dptr, tid->at_addr[2]);
- ADD_U_INT32(dptr, tid->at_addr[3]);
-
- return t;
+ return NULL;
}
token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
int nextlen;
nextlen = strlen(nextarg);
- if(nextarg[nextlen] != '\0') {
- return NULL;
- }
-
totlen += nextlen + 1;
count++;
nextarg = *(args + count);
int nextlen;
nextlen = strlen(nextenv);
- if(nextenv[nextlen] != '\0') {
- return NULL;
- }
-
totlen += nextlen + 1;
count++;
nextenv = *(env + count);
}
-#ifdef KERNEL
/*
* Kernel version of the BSM header token functions. These versions take
* a timespec struct as an additional parameter in order to obtain the
* seconds of time 4 bytes/8 bytes (32-bit/64-bit value)
* milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
*/
-token_t *kau_to_header32(struct timespec *ctime, int rec_size,
+token_t *kau_to_header32(const struct timespec *ctime, int rec_size,
au_event_t e_type, au_emod_t e_mod)
{
token_t *t;
return t;
}
-token_t *kau_to_header64(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod)
+token_t *kau_to_header64(
+ __unused const struct timespec *ctime,
+ __unused int rec_size,
+ __unused au_event_t e_type,
+ __unused au_emod_t e_mod)
{
- token_t *t;
- u_char *dptr;
- u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
-
- GET_TOKEN_AREA(t, dptr, 26);
- if(t == NULL) {
- return NULL;
- }
-
- ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN);
- ADD_U_INT32(dptr, rec_size);
- ADD_U_CHAR(dptr, HEADER_VERSION);
- ADD_U_INT16(dptr, e_type);
- ADD_U_INT16(dptr, e_mod);
-
- /* Add the timestamp */
- ADD_U_INT32(dptr, ctime->tv_sec);
- ADD_U_INT32(dptr, timems);
-
- return t;
+ return NULL;
}
-
-token_t *kau_to_header(struct timespec *ctime, int rec_size,
+
+token_t *kau_to_header(const struct timespec *ctime, int rec_size,
au_event_t e_type, au_emod_t e_mod)
{
return kau_to_header32(ctime, rec_size, e_type, e_mod);
}
-#endif
-
/*
* token ID 1 byte
* trailer magic number 2 bytes
projects / apple / xnu.git / blobdiff