1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Token processing for auditreduce. 30 */ 31 32 #include <locale.h> 33 #include <sys/zone.h> 34 #include "auditr.h" 35 #include "toktable.h" 36 37 extern int re_exec2(char *); 38 39 static void anchor_path(char *path); 40 static char *collapse_path(char *s); 41 static void get_string(adr_t *adr, char **p); 42 static int ipc_type_match(int flag, char type); 43 static void skip_string(adr_t *adr); 44 static int xgeneric(adr_t *adr); 45 46 #if AUDIT_REC 47 void 48 print_id(int id) 49 { 50 char *suffix; 51 52 if ((id < 0) || (id > MAXTOKEN) || 53 (tokentable[id].func == NOFUNC)) { 54 (void) fprintf(stderr, 55 "token_processing: token %d not found\n", id); 56 return; 57 } 58 59 switch (id) { 60 case AUT_NEWGROUPS: 61 suffix = "_new"; 62 break; 63 case AUT_ATTR32: 64 suffix = "32"; 65 break; 66 case AUT_ARG64: 67 case AUT_RETURN64: 68 case AUT_ATTR64: 69 case AUT_HEADER64: 70 case AUT_SUBJECT64: 71 case AUT_PROCESS64: 72 case AUT_OTHER_FILE64: 73 suffix = "64"; 74 break; 75 case AUT_SOCKET_EX: 76 case AUT_IN_ADDR_EX: 77 suffix = "_ex"; 78 break; 79 case AUT_HEADER32_EX: 80 case AUT_SUBJECT32_EX: 81 case AUT_PROCESS32_EX: 82 suffix = "32_ex"; 83 break; 84 case AUT_HEADER64_EX: 85 case AUT_SUBJECT64_EX: 86 case AUT_PROCESS64_EX: 87 suffix = "64_ex"; 88 break; 89 default: 90 suffix = ""; 91 break; 92 } 93 (void) fprintf(stderr, "token_processing: %s%s\n", 94 tokentable[id].t_name, suffix); 95 } 96 #endif /* AUDIT_REC */ 97 98 /* 99 * Process a token in a record to determine whether the record is interesting. 100 */ 101 102 int 103 token_processing(adr_t *adr, int tokenid) 104 { 105 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 106 (tokentable[tokenid].func != NOFUNC)) { 107 #if AUDIT_REC 108 print_id(tokenid); 109 #endif /* AUDIT_REC */ 110 return ((*tokentable[tokenid].func)(adr)); 111 } 112 113 /* here if token id is not in table */ 114 return (-2); 115 } 116 117 118 /* There should not be any file or header tokens in the middle of a record */ 119 120 /* ARGSUSED */ 121 int 122 file_token(adr_t *adr) 123 { 124 return (-2); 125 } 126 127 /* ARGSUSED */ 128 int 129 file64_token(adr_t *adr) 130 { 131 return (-2); 132 } 133 134 /* ARGSUSED */ 135 int 136 header_token(adr_t *adr) 137 { 138 return (-2); 139 } 140 141 /* ARGSUSED */ 142 int 143 header32_ex_token(adr_t *adr) 144 { 145 return (-2); 146 } 147 148 /* ARGSUSED */ 149 int 150 header64_ex_token(adr_t *adr) 151 { 152 return (-2); 153 } 154 155 /* ARGSUSED */ 156 int 157 header64_token(adr_t *adr) 158 { 159 return (-2); 160 } 161 162 163 /* 164 * ====================================================== 165 * The following token processing routines return 166 * -1: if the record is not interesting 167 * -2: if an error is found 168 * ====================================================== 169 */ 170 171 int 172 trailer_token(adr_t *adr) 173 { 174 short magic_number; 175 uint32_t bytes; 176 177 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 178 if (magic_number != AUT_TRAILER_MAGIC) { 179 (void) fprintf(stderr, "%s\n", 180 gettext("auditreduce: Bad trailer token")); 181 return (-2); 182 } 183 adrm_u_int32(adr, &bytes, 1); 184 185 return (-1); 186 } 187 188 189 /* 190 * Format of arbitrary data token: 191 * arbitrary data token id adr char 192 * how to print adr_char 193 * basic unit adr_char 194 * unit count adr_char, specifying number of units of 195 * data items depends on basic unit 196 * 197 */ 198 int 199 arbitrary_data_token(adr_t *adr) 200 { 201 int i; 202 char c1; 203 short c2; 204 int32_t c3; 205 int64_t c4; 206 char how_to_print, basic_unit, unit_count; 207 208 /* get how_to_print, basic_unit, and unit_count */ 209 adrm_char(adr, &how_to_print, 1); 210 adrm_char(adr, &basic_unit, 1); 211 adrm_char(adr, &unit_count, 1); 212 for (i = 0; i < unit_count; i++) { 213 switch (basic_unit) { 214 /* case AUR_BYTE: has same value as AUR_CHAR */ 215 case AUR_CHAR: 216 adrm_char(adr, &c1, 1); 217 break; 218 case AUR_SHORT: 219 adrm_short(adr, &c2, 1); 220 break; 221 case AUR_INT32: 222 adrm_int32(adr, (int32_t *)&c3, 1); 223 break; 224 case AUR_INT64: 225 adrm_int64(adr, (int64_t *)&c4, 1); 226 break; 227 default: 228 return (-2); 229 break; 230 } 231 } 232 return (-1); 233 } 234 235 236 /* 237 * Format of opaque token: 238 * opaque token id adr_char 239 * size adr_short 240 * data adr_char, size times 241 * 242 */ 243 int 244 opaque_token(adr_t *adr) 245 { 246 skip_string(adr); 247 return (-1); 248 } 249 250 251 252 /* 253 * Format of return32 value token: 254 * return value token id adr_char 255 * error number adr_char 256 * return value adr_u_int32 257 * 258 */ 259 int 260 return_value32_token(adr_t *adr) 261 { 262 char errnum; 263 uint32_t value; 264 265 adrm_char(adr, &errnum, 1); 266 adrm_u_int32(adr, &value, 1); 267 if ((flags & M_SORF) && 268 ((global_class & mask.am_success) && (errnum == 0)) || 269 ((global_class & mask.am_failure) && (errnum != 0))) { 270 checkflags |= M_SORF; 271 } 272 return (-1); 273 } 274 275 /* 276 * Format of return64 value token: 277 * return value token id adr_char 278 * error number adr_char 279 * return value adr_u_int64 280 * 281 */ 282 int 283 return_value64_token(adr_t *adr) 284 { 285 char errnum; 286 uint64_t value; 287 288 adrm_char(adr, &errnum, 1); 289 adrm_u_int64(adr, &value, 1); 290 if ((flags & M_SORF) && 291 ((global_class & mask.am_success) && (errnum == 0)) || 292 ((global_class & mask.am_failure) && (errnum != 0))) { 293 checkflags |= M_SORF; 294 } 295 return (-1); 296 } 297 298 299 /* 300 * Format of sequence token: 301 * sequence token id adr_char 302 * audit_count int32_t 303 * 304 */ 305 int 306 sequence_token(adr_t *adr) 307 { 308 int32_t audit_count; 309 310 adrm_int32(adr, &audit_count, 1); 311 return (-1); 312 } 313 314 315 /* 316 * Format of text token: 317 * text token id adr_char 318 * text adr_string 319 * 320 */ 321 int 322 text_token(adr_t *adr) 323 { 324 skip_string(adr); 325 return (-1); 326 } 327 328 329 /* 330 * Format of ip_addr token: 331 * ip token id adr_char 332 * address adr_int32 333 * 334 */ 335 int 336 ip_addr_token(adr_t *adr) 337 { 338 int32_t address; 339 340 adrm_char(adr, (char *)&address, 4); 341 342 return (-1); 343 } 344 345 /* 346 * Format of ip_addr_ex token: 347 * ip token id adr_char 348 * ip type adr_int32 349 * address 4*adr_int32 350 * 351 */ 352 int 353 ip_addr_ex_token(adr_t *adr) 354 { 355 int32_t address[4]; 356 int32_t type; 357 358 adrm_int32(adr, (int32_t *)&type, 1); 359 adrm_int32(adr, (int32_t *)&address, 4); 360 361 return (-1); 362 } 363 364 /* 365 * Format of ip token: 366 * ip header token id adr_char 367 * version adr_char 368 * type of service adr_char 369 * length adr_short 370 * id adr_u_short 371 * offset adr_u_short 372 * ttl adr_char 373 * protocol adr_char 374 * checksum adr_u_short 375 * source address adr_int32 376 * destination address adr_int32 377 * 378 */ 379 int 380 ip_token(adr_t *adr) 381 { 382 char version; 383 char type; 384 short len; 385 unsigned short id, offset, checksum; 386 char ttl, protocol; 387 int32_t src, dest; 388 389 adrm_char(adr, &version, 1); 390 adrm_char(adr, &type, 1); 391 adrm_short(adr, &len, 1); 392 adrm_u_short(adr, &id, 1); 393 adrm_u_short(adr, &offset, 1); 394 adrm_char(adr, &ttl, 1); 395 adrm_char(adr, &protocol, 1); 396 adrm_u_short(adr, &checksum, 1); 397 adrm_char(adr, (char *)&src, 4); 398 adrm_char(adr, (char *)&dest, 4); 399 400 return (-1); 401 } 402 403 404 /* 405 * Format of iport token: 406 * ip port address token id adr_char 407 * port address adr_short 408 * 409 */ 410 int 411 iport_token(adr_t *adr) 412 { 413 short address; 414 415 adrm_short(adr, &address, 1); 416 417 return (-1); 418 } 419 420 421 /* 422 * Format of groups token: 423 * group token id adr_char 424 * group list adr_int32, 16 times 425 * 426 */ 427 int 428 group_token(adr_t *adr) 429 { 430 int gid[16]; 431 int i; 432 int flag = 0; 433 434 for (i = 0; i < 16; i++) { 435 adrm_int32(adr, (int32_t *)&gid[i], 1); 436 if (flags & M_GROUPR) { 437 if ((unsigned short)m_groupr == gid[i]) 438 flag = 1; 439 } 440 } 441 442 if (flags & M_GROUPR) { 443 if (flag) 444 checkflags |= M_GROUPR; 445 } 446 return (-1); 447 } 448 449 /* 450 * Format of newgroups token: 451 * group token id adr_char 452 * number of groups adr_short 453 * group list adr_int32, "number" times 454 * 455 */ 456 int 457 newgroup_token(adr_t *adr) 458 { 459 gid_t gid; 460 int i; 461 short int number; 462 463 adrm_short(adr, &number, 1); 464 465 for (i = 0; i < number; i++) { 466 adrm_int32(adr, (int32_t *)&gid, 1); 467 if (flags & M_GROUPR) { 468 if (m_groupr == gid) 469 checkflags |= M_GROUPR; 470 } 471 } 472 473 return (-1); 474 } 475 476 /* 477 * Format of argument32 token: 478 * argument token id adr_char 479 * argument number adr_char 480 * argument value adr_int32 481 * argument description adr_string 482 * 483 */ 484 int 485 argument32_token(adr_t *adr) 486 { 487 char arg_num; 488 int32_t arg_val; 489 490 adrm_char(adr, &arg_num, 1); 491 adrm_int32(adr, &arg_val, 1); 492 skip_string(adr); 493 494 return (-1); 495 } 496 497 /* 498 * Format of argument64 token: 499 * argument token id adr_char 500 * argument number adr_char 501 * argument value adr_int64 502 * argument description adr_string 503 * 504 */ 505 int 506 argument64_token(adr_t *adr) 507 { 508 char arg_num; 509 int64_t arg_val; 510 511 adrm_char(adr, &arg_num, 1); 512 adrm_int64(adr, &arg_val, 1); 513 skip_string(adr); 514 515 return (-1); 516 } 517 518 /* 519 * Format of acl token: 520 * acl token id adr_char 521 * acl type adr_u_int32 522 * acl value adr_u_int32 (depends on type) 523 * file mode adr_u_int (in octal) 524 */ 525 int 526 acl_token(adr_t *adr) 527 { 528 529 int32_t id; 530 int32_t mode; 531 int32_t type; 532 533 adrm_int32(adr, &type, 1); 534 adrm_int32(adr, &id, 1); 535 adrm_int32(adr, &mode, 1); 536 537 return (-1); 538 } 539 540 /* 541 * Format of ace token: 542 * ace token id adr_char 543 * ace who adr_u_int32 (uid/gid) 544 * access mask adr_u_int32 545 * ace flags adr_u_int16 546 * ace type adr_u_int16 547 */ 548 int 549 ace_token(adr_t *adr) 550 { 551 uid_t who; 552 uint32_t access_mask; 553 uint16_t flags, type; 554 555 adrm_uid(adr, &who, 1); 556 adrm_u_int32(adr, &access_mask, 1); 557 adrm_u_short(adr, &flags, 1); 558 adrm_u_short(adr, &type, 1); 559 560 return (-1); 561 } 562 563 /* 564 * Format of attribute token: (old pre SunOS 5.7 format) 565 * attribute token id adr_char 566 * mode adr_int32 (printed in octal) 567 * uid adr_int32 568 * gid adr_int32 569 * file system id adr_int32 570 * node id adr_int32 571 * device adr_int32 572 * 573 */ 574 int 575 attribute_token(adr_t *adr) 576 { 577 int32_t dev; 578 int32_t file_sysid; 579 int32_t gid; 580 int32_t mode; 581 int32_t nodeid; 582 int32_t uid; 583 584 adrm_int32(adr, &mode, 1); 585 adrm_int32(adr, &uid, 1); 586 adrm_int32(adr, &gid, 1); 587 adrm_int32(adr, &file_sysid, 1); 588 adrm_int32(adr, &nodeid, 1); 589 adrm_int32(adr, &dev, 1); 590 591 if (!new_mode && (flags & M_USERE)) { 592 if (m_usere == uid) 593 checkflags |= M_USERE; 594 } 595 if (!new_mode && (flags & M_GROUPE)) { 596 if (m_groupe == gid) 597 checkflags |= M_GROUPE; 598 } 599 600 if (flags & M_OBJECT) { 601 if ((obj_flag & OBJ_FGROUP) && 602 (obj_group == gid)) 603 checkflags |= M_OBJECT; 604 else if ((obj_flag & OBJ_FOWNER) && 605 (obj_owner == uid)) 606 checkflags |= M_OBJECT; 607 } 608 return (-1); 609 } 610 611 /* 612 * Format of attribute32 token: 613 * attribute token id adr_char 614 * mode adr_int32 (printed in octal) 615 * uid adr_int32 616 * gid adr_int32 617 * file system id adr_int32 618 * node id adr_int64 619 * device adr_int32 620 * 621 */ 622 int 623 attribute32_token(adr_t *adr) 624 { 625 int32_t dev; 626 int32_t file_sysid; 627 int32_t gid; 628 int32_t mode; 629 int64_t nodeid; 630 int32_t uid; 631 632 adrm_int32(adr, &mode, 1); 633 adrm_int32(adr, &uid, 1); 634 adrm_int32(adr, &gid, 1); 635 adrm_int32(adr, &file_sysid, 1); 636 adrm_int64(adr, &nodeid, 1); 637 adrm_int32(adr, &dev, 1); 638 639 if (!new_mode && (flags & M_USERE)) { 640 if (m_usere == uid) 641 checkflags |= M_USERE; 642 } 643 if (!new_mode && (flags & M_GROUPE)) { 644 if (m_groupe == gid) 645 checkflags |= M_GROUPE; 646 } 647 648 if (flags & M_OBJECT) { 649 if ((obj_flag & OBJ_FGROUP) && 650 (obj_group == gid)) 651 checkflags |= M_OBJECT; 652 else if ((obj_flag & OBJ_FOWNER) && 653 (obj_owner == uid)) 654 checkflags |= M_OBJECT; 655 } 656 return (-1); 657 } 658 659 /* 660 * Format of attribute64 token: 661 * attribute token id adr_char 662 * mode adr_int32 (printed in octal) 663 * uid adr_int32 664 * gid adr_int32 665 * file system id adr_int32 666 * node id adr_int64 667 * device adr_int64 668 * 669 */ 670 int 671 attribute64_token(adr_t *adr) 672 { 673 int64_t dev; 674 int32_t file_sysid; 675 int32_t gid; 676 int32_t mode; 677 int64_t nodeid; 678 int32_t uid; 679 680 adrm_int32(adr, &mode, 1); 681 adrm_int32(adr, &uid, 1); 682 adrm_int32(adr, &gid, 1); 683 adrm_int32(adr, &file_sysid, 1); 684 adrm_int64(adr, &nodeid, 1); 685 adrm_int64(adr, &dev, 1); 686 687 if (!new_mode && (flags & M_USERE)) { 688 if (m_usere == uid) 689 checkflags |= M_USERE; 690 } 691 if (!new_mode && (flags & M_GROUPE)) { 692 if (m_groupe == gid) 693 checkflags |= M_GROUPE; 694 } 695 696 if (flags & M_OBJECT) { 697 if ((obj_flag & OBJ_FGROUP) && 698 (obj_group == gid)) 699 checkflags |= M_OBJECT; 700 else if ((obj_flag & OBJ_FOWNER) && 701 (obj_owner == uid)) 702 checkflags |= M_OBJECT; 703 } 704 return (-1); 705 } 706 707 708 /* 709 * Format of command token: 710 * attribute token id adr_char 711 * argc adr_short 712 * argv len adr_short variable amount of argv len 713 * argv text argv len and text 714 * . 715 * . 716 * . 717 * envp count adr_short variable amount of envp len 718 * envp len adr_short and text 719 * envp text envp len 720 * . 721 * . 722 * . 723 * 724 */ 725 int 726 cmd_token(adr_t *adr) 727 { 728 short cnt; 729 short i; 730 731 adrm_short(adr, &cnt, 1); 732 733 for (i = 0; i < cnt; i++) 734 skip_string(adr); 735 736 adrm_short(adr, &cnt, 1); 737 738 for (i = 0; i < cnt; i++) 739 skip_string(adr); 740 741 return (-1); 742 } 743 744 745 /* 746 * Format of exit token: 747 * attribute token id adr_char 748 * return value adr_int32 749 * errno adr_int32 750 * 751 */ 752 int 753 exit_token(adr_t *adr) 754 { 755 int32_t retval; 756 int32_t errno; 757 758 adrm_int32(adr, &retval, 1); 759 adrm_int32(adr, &errno, 1); 760 return (-1); 761 } 762 763 /* 764 * Format of strings array token: 765 * token id adr_char 766 * count value adr_int32 767 * strings null terminated strings 768 */ 769 static int 770 strings_common_token(adr_t *adr) 771 { 772 int count, i; 773 char c; 774 775 adrm_int32(adr, (int32_t *)&count, 1); 776 for (i = 1; i <= count; i++) { 777 adrm_char(adr, &c, 1); 778 while (c != (char)0) 779 adrm_char(adr, &c, 1); 780 } 781 /* no dump option here, since we will have variable length fields */ 782 return (-1); 783 } 784 785 int 786 path_attr_token(adr_t *adr) 787 { 788 return (strings_common_token(adr)); 789 } 790 791 int 792 exec_args_token(adr_t *adr) 793 { 794 return (strings_common_token(adr)); 795 } 796 797 int 798 exec_env_token(adr_t *adr) 799 { 800 return (strings_common_token(adr)); 801 } 802 803 /* 804 * Format of liaison token: 805 */ 806 int 807 liaison_token(adr_t *adr) 808 { 809 int32_t li; 810 811 adrm_int32(adr, &li, 1); 812 return (-1); 813 } 814 815 816 /* 817 * Format of path token: 818 * path adr_string 819 */ 820 int 821 path_token(adr_t *adr) 822 { 823 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 824 char *path; 825 826 get_string(adr, &path); 827 if (path[0] != '/') 828 /* 829 * anchor the path. user apps may not do it. 830 */ 831 anchor_path(path); 832 /* 833 * match against the collapsed path. that is what user sees. 834 */ 835 if (re_exec2(collapse_path(path)) == 1) 836 checkflags |= M_OBJECT; 837 free(path); 838 } else { 839 skip_string(adr); 840 } 841 return (-1); 842 } 843 844 845 /* 846 * Format of System V IPC permission token: 847 * System V IPC permission token id adr_char 848 * uid adr_int32 849 * gid adr_int32 850 * cuid adr_int32 851 * cgid adr_int32 852 * mode adr_int32 853 * seq adr_int32 854 * key adr_int32 855 */ 856 int 857 s5_IPC_perm_token(adr_t *adr) 858 { 859 int32_t uid, gid, cuid, cgid, mode, seq; 860 int32_t key; 861 862 adrm_int32(adr, &uid, 1); 863 adrm_int32(adr, &gid, 1); 864 adrm_int32(adr, &cuid, 1); 865 adrm_int32(adr, &cgid, 1); 866 adrm_int32(adr, &mode, 1); 867 adrm_int32(adr, &seq, 1); 868 adrm_int32(adr, &key, 1); 869 870 if (!new_mode && (flags & M_USERE)) { 871 if (m_usere == uid) 872 checkflags |= M_USERE; 873 } 874 875 if (!new_mode && (flags & M_USERE)) { 876 if (m_usere == cuid) 877 checkflags |= M_USERE; 878 } 879 880 if (!new_mode && (flags & M_GROUPR)) { 881 if (m_groupr == gid) 882 checkflags |= M_GROUPR; 883 } 884 885 if (!new_mode && (flags & M_GROUPR)) { 886 if (m_groupr == cgid) 887 checkflags |= M_GROUPR; 888 } 889 890 if ((flags & M_OBJECT) && 891 ((obj_owner == uid) || 892 (obj_owner == cuid) || 893 (obj_group == gid) || 894 (obj_group == cgid))) { 895 896 switch (obj_flag) { 897 case OBJ_MSGGROUP: 898 case OBJ_MSGOWNER: 899 if (ipc_type_match(OBJ_MSG, ipc_type)) 900 checkflags |= M_OBJECT; 901 break; 902 case OBJ_SEMGROUP: 903 case OBJ_SEMOWNER: 904 if (ipc_type_match(OBJ_SEM, ipc_type)) 905 checkflags |= M_OBJECT; 906 break; 907 case OBJ_SHMGROUP: 908 case OBJ_SHMOWNER: 909 if (ipc_type_match(OBJ_SHM, ipc_type)) 910 checkflags |= M_OBJECT; 911 break; 912 } 913 } 914 return (-1); 915 } 916 917 918 /* 919 * Format of process32 token: 920 * process token id adr_char 921 * auid adr_int32 922 * euid adr_int32 923 * egid adr_int32 924 * ruid adr_int32 925 * rgid adr_int32 926 * pid adr_int32 927 * sid adr_int32 928 * termid adr_int32*2 929 * 930 */ 931 int 932 process32_token(adr_t *adr) 933 { 934 int32_t auid, euid, egid, ruid, rgid, pid; 935 int32_t sid; 936 int32_t port, machine; 937 938 adrm_int32(adr, &auid, 1); 939 adrm_int32(adr, &euid, 1); 940 adrm_int32(adr, &egid, 1); 941 adrm_int32(adr, &ruid, 1); 942 adrm_int32(adr, &rgid, 1); 943 adrm_int32(adr, &pid, 1); 944 adrm_int32(adr, &sid, 1); 945 adrm_int32(adr, &port, 1); 946 adrm_int32(adr, &machine, 1); 947 948 if (!new_mode && (flags & M_USERA)) { 949 if (m_usera == auid) 950 checkflags |= M_USERA; 951 } 952 if (!new_mode && (flags & M_USERE)) { 953 if (m_usere == euid) 954 checkflags |= M_USERE; 955 } 956 if (!new_mode && (flags & M_USERR)) { 957 if (m_userr == ruid) 958 checkflags |= M_USERR; 959 } 960 if (!new_mode && (flags & M_GROUPR)) { 961 if (m_groupr == rgid) 962 checkflags |= M_GROUPR; 963 } 964 if (!new_mode && (flags & M_GROUPE)) { 965 if (m_groupe == egid) 966 checkflags |= M_GROUPE; 967 } 968 969 if (flags & M_OBJECT) { 970 if ((obj_flag & OBJ_PROC) && 971 (obj_id == pid)) { 972 checkflags |= M_OBJECT; 973 } else if ((obj_flag & OBJ_PGROUP) && 974 ((obj_group == egid) || 975 (obj_group == rgid))) { 976 checkflags |= M_OBJECT; 977 } else if ((obj_flag & OBJ_POWNER) && 978 ((obj_owner == euid) || 979 (obj_group == ruid))) { 980 checkflags |= M_OBJECT; 981 } 982 } 983 return (-1); 984 } 985 986 /* 987 * Format of process32 token: 988 * process token id adr_char 989 * auid adr_int32 990 * euid adr_int32 991 * egid adr_int32 992 * ruid adr_int32 993 * rgid adr_int32 994 * pid adr_int32 995 * sid adr_int32 996 * termid adr_int32*6 997 * 998 */ 999 int 1000 process32_ex_token(adr_t *adr) 1001 { 1002 int32_t auid, euid, egid, ruid, rgid, pid; 1003 int32_t sid; 1004 int32_t port, type, addr[4]; 1005 1006 adrm_int32(adr, &auid, 1); 1007 adrm_int32(adr, &euid, 1); 1008 adrm_int32(adr, &egid, 1); 1009 adrm_int32(adr, &ruid, 1); 1010 adrm_int32(adr, &rgid, 1); 1011 adrm_int32(adr, &pid, 1); 1012 adrm_int32(adr, &sid, 1); 1013 adrm_int32(adr, &port, 1); 1014 adrm_int32(adr, &type, 1); 1015 adrm_int32(adr, &addr[0], 4); 1016 1017 if (!new_mode && (flags & M_USERA)) { 1018 if (m_usera == auid) 1019 checkflags = checkflags | M_USERA; 1020 } 1021 if (!new_mode && (flags & M_USERE)) { 1022 if (m_usere == euid) 1023 checkflags = checkflags | M_USERE; 1024 } 1025 if (!new_mode && (flags & M_USERR)) { 1026 if (m_userr == ruid) 1027 checkflags = checkflags | M_USERR; 1028 } 1029 if (!new_mode && (flags & M_GROUPR)) { 1030 if (m_groupr == egid) 1031 checkflags = checkflags | M_GROUPR; 1032 } 1033 if (!new_mode && (flags & M_GROUPE)) { 1034 if (m_groupe == egid) 1035 checkflags = checkflags | M_GROUPE; 1036 } 1037 1038 if (flags & M_OBJECT) { 1039 if ((obj_flag & OBJ_PROC) && 1040 (obj_id == pid)) { 1041 checkflags = checkflags | M_OBJECT; 1042 } else if ((obj_flag & OBJ_PGROUP) && 1043 ((obj_group == egid) || 1044 (obj_group == rgid))) { 1045 checkflags = checkflags | M_OBJECT; 1046 } else if ((obj_flag & OBJ_POWNER) && 1047 ((obj_owner == euid) || 1048 (obj_group == ruid))) { 1049 checkflags = checkflags | M_OBJECT; 1050 } 1051 } 1052 return (-1); 1053 } 1054 1055 /* 1056 * Format of process64 token: 1057 * process token id adr_char 1058 * auid adr_int32 1059 * euid adr_int32 1060 * egid adr_int32 1061 * ruid adr_int32 1062 * rgid adr_int32 1063 * pid adr_int32 1064 * sid adr_int32 1065 * termid adr_int64+adr_int32 1066 * 1067 */ 1068 int 1069 process64_token(adr_t *adr) 1070 { 1071 int32_t auid, euid, egid, ruid, rgid, pid; 1072 int32_t sid; 1073 int64_t port; 1074 int32_t machine; 1075 1076 adrm_int32(adr, &auid, 1); 1077 adrm_int32(adr, &euid, 1); 1078 adrm_int32(adr, &egid, 1); 1079 adrm_int32(adr, &ruid, 1); 1080 adrm_int32(adr, &rgid, 1); 1081 adrm_int32(adr, &pid, 1); 1082 adrm_int32(adr, &sid, 1); 1083 adrm_int64(adr, &port, 1); 1084 adrm_int32(adr, &machine, 1); 1085 1086 if (!new_mode && (flags & M_USERA)) { 1087 if (m_usera == auid) 1088 checkflags |= M_USERA; 1089 } 1090 if (!new_mode && (flags & M_USERE)) { 1091 if (m_usere == euid) 1092 checkflags |= M_USERE; 1093 } 1094 if (!new_mode && (flags & M_USERR)) { 1095 if (m_userr == ruid) 1096 checkflags |= M_USERR; 1097 } 1098 if (!new_mode && (flags & M_GROUPR)) { 1099 if (m_groupr == rgid) 1100 checkflags |= M_GROUPR; 1101 } 1102 if (!new_mode && (flags & M_GROUPE)) { 1103 if (m_groupe == egid) 1104 checkflags |= M_GROUPE; 1105 } 1106 1107 if (flags & M_OBJECT) { 1108 if ((obj_flag & OBJ_PROC) && 1109 (obj_id == pid)) { 1110 checkflags |= M_OBJECT; 1111 } else if ((obj_flag & OBJ_PGROUP) && 1112 ((obj_group == egid) || 1113 (obj_group == rgid))) { 1114 checkflags |= M_OBJECT; 1115 } else if ((obj_flag & OBJ_POWNER) && 1116 ((obj_owner == euid) || 1117 (obj_group == ruid))) { 1118 checkflags |= M_OBJECT; 1119 } 1120 } 1121 return (-1); 1122 } 1123 1124 /* 1125 * Format of process64 token: 1126 * process token id adr_char 1127 * auid adr_int32 1128 * euid adr_int32 1129 * egid adr_int32 1130 * ruid adr_int32 1131 * rgid adr_int32 1132 * pid adr_int32 1133 * sid adr_int32 1134 * termid adr_int64+5*adr_int32 1135 * 1136 */ 1137 int 1138 process64_ex_token(adr_t *adr) 1139 { 1140 int32_t auid, euid, egid, ruid, rgid, pid; 1141 int32_t sid; 1142 int64_t port; 1143 int32_t type, addr[4]; 1144 1145 adrm_int32(adr, &auid, 1); 1146 adrm_int32(adr, &euid, 1); 1147 adrm_int32(adr, &egid, 1); 1148 adrm_int32(adr, &ruid, 1); 1149 adrm_int32(adr, &rgid, 1); 1150 adrm_int32(adr, &pid, 1); 1151 adrm_int32(adr, &sid, 1); 1152 adrm_int64(adr, &port, 1); 1153 adrm_int32(adr, &type, 1); 1154 adrm_int32(adr, &addr[0], 4); 1155 1156 if (!new_mode && (flags & M_USERA)) { 1157 if (m_usera == auid) 1158 checkflags = checkflags | M_USERA; 1159 } 1160 if (!new_mode && (flags & M_USERE)) { 1161 if (m_usere == euid) 1162 checkflags = checkflags | M_USERE; 1163 } 1164 if (!new_mode && (flags & M_USERR)) { 1165 if (m_userr == ruid) 1166 checkflags = checkflags | M_USERR; 1167 } 1168 if (!new_mode && (flags & M_GROUPR)) { 1169 if (m_groupr == egid) 1170 checkflags = checkflags | M_GROUPR; 1171 } 1172 if (!new_mode && (flags & M_GROUPE)) { 1173 if (m_groupe == egid) 1174 checkflags = checkflags | M_GROUPE; 1175 } 1176 1177 if (flags & M_OBJECT) { 1178 if ((obj_flag & OBJ_PROC) && 1179 (obj_id == pid)) { 1180 checkflags = checkflags | M_OBJECT; 1181 } else if ((obj_flag & OBJ_PGROUP) && 1182 ((obj_group == egid) || 1183 (obj_group == rgid))) { 1184 checkflags = checkflags | M_OBJECT; 1185 } else if ((obj_flag & OBJ_POWNER) && 1186 ((obj_owner == euid) || 1187 (obj_group == ruid))) { 1188 checkflags = checkflags | M_OBJECT; 1189 } 1190 } 1191 return (-1); 1192 } 1193 1194 /* 1195 * Format of System V IPC token: 1196 * System V IPC token id adr_char 1197 * object id adr_int32 1198 * 1199 */ 1200 int 1201 s5_IPC_token(adr_t *adr) 1202 { 1203 int32_t ipc_id; 1204 1205 adrm_char(adr, &ipc_type, 1); /* Global */ 1206 adrm_int32(adr, &ipc_id, 1); 1207 1208 if ((flags & M_OBJECT) && 1209 ipc_type_match(obj_flag, ipc_type) && 1210 (obj_id == ipc_id)) 1211 checkflags |= M_OBJECT; 1212 1213 return (-1); 1214 } 1215 1216 1217 /* 1218 * Format of socket token: 1219 * socket_type adrm_short 1220 * remote_port adrm_short 1221 * remote_inaddr adrm_int32 1222 * 1223 */ 1224 int 1225 socket_token(adr_t *adr) 1226 { 1227 short socket_type; 1228 short remote_port; 1229 int32_t remote_inaddr; 1230 1231 adrm_short(adr, &socket_type, 1); 1232 adrm_short(adr, &remote_port, 1); 1233 adrm_char(adr, (char *)&remote_inaddr, 4); 1234 1235 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1236 if (socket_flag == SOCKFLG_MACHINE) { 1237 if (