generate.c revision 293161
1/*- 2 * Copyright (c) 2006-2007 Robert N. M. Watson 3 * Copyright (c) 2008 Apple Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28/* 29 * Generate a series of BSM token samples in the requested directory. 30 */ 31 32#include <sys/types.h> 33#include <sys/socket.h> 34#include <sys/stat.h> 35 36#include <netinet/in.h> 37#include <netinet/in_systm.h> 38#include <netinet/ip.h> 39 40#include <arpa/inet.h> 41 42#include <bsm/audit_kevents.h> 43#include <bsm/libbsm.h> 44 45#include <err.h> 46#include <errno.h> 47#include <fcntl.h> 48#include <limits.h> 49#include <stdio.h> 50#include <stdlib.h> 51#include <string.h> 52#include <sysexits.h> 53#include <unistd.h> 54 55static int do_records, do_tokens; 56 57static void 58usage(void) 59{ 60 61 fprintf(stderr, "generate [-rt] path\n"); 62 exit(EX_USAGE); 63} 64 65static int 66open_file(const char *directory, const char *name) 67{ 68 char pathname[PATH_MAX]; 69 int fd; 70 71 snprintf(pathname, PATH_MAX, "%s/%s", directory, name); 72 (void)unlink(pathname); 73 fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600); 74 if (fd < 0) 75 err(EX_CANTCREAT, "open: %s", name); 76 return (fd); 77} 78 79static void 80write_file(int fd, void *buffer, size_t buflen, const char *filename) 81{ 82 ssize_t len; 83 84 len = write(fd, buffer, buflen); 85 if (len < 0) 86 err(EX_OSERR, "write_file: %s", filename); 87 if (len < buflen) 88 err(EX_OSERR, "write_file: short write: %s", filename); 89} 90 91/* 92 * Write a single token to a file. 93 */ 94static void 95write_token(const char *directory, const char *filename, token_t *tok) 96{ 97 u_char buffer[MAX_AUDIT_RECORD_SIZE]; 98 size_t buflen; 99 int fd; 100 101 buflen = MAX_AUDIT_RECORD_SIZE; 102 if (au_close_token(tok, buffer, &buflen) < 0) 103 err(EX_UNAVAILABLE, "au_close_token"); 104 fd = open_file(directory, filename); 105 write_file(fd, buffer, buflen, filename); 106 close(fd); 107} 108 109/* 110 * Write a token to a file, wrapped in audit record header and trailer. 111 */ 112static void 113write_record(const char *directory, const char *filename, token_t *tok, 114 short event) 115{ 116 u_char buffer[MAX_AUDIT_RECORD_SIZE]; 117 size_t buflen; 118 int au, fd; 119 120 au = au_open(); 121 if (au < 0) 122 err(EX_UNAVAILABLE, "au_open"); 123 if (au_write(au, tok) < 0) 124 err(EX_UNAVAILABLE, "au_write"); 125 buflen = MAX_AUDIT_RECORD_SIZE; 126 if (au_close_buffer(au, event, buffer, &buflen) < 0) 127 err(EX_UNAVAILABLE, "au_close_buffer"); 128 fd = open_file(directory, filename); 129 write_file(fd, buffer, buflen, filename); 130 close(fd); 131} 132 133static struct timeval file_token_timeval = { 0x12345, 0x67890} ; 134 135static void 136generate_file_token(const char *directory, const char *token_filename) 137{ 138 token_t *file_token; 139 140 file_token = au_to_file("test", file_token_timeval); 141 if (file_token == NULL) 142 err(EX_UNAVAILABLE, "au_to_file"); 143 write_token(directory, token_filename, file_token); 144} 145 146static void 147generate_file_record(const char *directory, const char *record_filename) 148{ 149 token_t *file_token; 150 151 file_token = au_to_file("test", file_token_timeval); 152 if (file_token == NULL) 153 err(EX_UNAVAILABLE, "au_to_file"); 154 write_record(directory, record_filename, file_token, AUE_NULL); 155} 156 157/* 158 * AUT_OHEADER 159 */ 160 161static int trailer_token_len = 0x12345678; 162 163static void 164generate_trailer_token(const char *directory, const char *token_filename) 165{ 166 token_t *trailer_token; 167 168 trailer_token = au_to_trailer(trailer_token_len); 169 if (trailer_token == NULL) 170 err(EX_UNAVAILABLE, "au_to_trailer"); 171 write_token(directory, token_filename, trailer_token); 172} 173 174static int header32_token_len = 0x12345678; 175static au_event_t header32_e_type = AUE_OPEN; 176static au_emod_t header32_e_mod = 0x4567; 177static struct timeval header32_tm = { 0x12345, 0x67890 }; 178 179static void 180generate_header32_token(const char *directory, const char *token_filename) 181{ 182 token_t *header32_token; 183 184 header32_token = au_to_header32_tm(header32_token_len, 185 header32_e_type, header32_e_mod, header32_tm); 186 if (header32_token == NULL) 187 err(EX_UNAVAILABLE, "au_to_header32"); 188 write_token(directory, token_filename, header32_token); 189} 190 191/* 192 * AUT_HEADER32_EX 193 */ 194 195static char data_token_unit_print = AUP_STRING; 196static char data_token_unit_type = AUR_CHAR; 197static char *data_token_data = "SomeData"; 198static char data_token_unit_count = sizeof("SomeData") + 1; 199 200static void 201generate_data_token(const char *directory, const char *token_filename) 202{ 203 token_t *data_token; 204 205 data_token = au_to_data(data_token_unit_print, data_token_unit_type, 206 data_token_unit_count, data_token_data); 207 if (data_token == NULL) 208 err(EX_UNAVAILABLE, "au_to_data"); 209 write_token(directory, token_filename, data_token); 210} 211 212static void 213generate_data_record(const char *directory, const char *record_filename) 214{ 215 token_t *data_token; 216 217 data_token = au_to_data(data_token_unit_print, data_token_unit_type, 218 data_token_unit_count, data_token_data); 219 if (data_token == NULL) 220 err(EX_UNAVAILABLE, "au_to_data"); 221 write_record(directory, record_filename, data_token, AUE_NULL); 222} 223 224static char ipc_type = AT_IPC_MSG; 225static int ipc_id = 0x12345678; 226 227static void 228generate_ipc_token(const char *directory, const char *token_filename) 229{ 230 token_t *ipc_token; 231 232 ipc_token = au_to_ipc(ipc_type, ipc_id); 233 if (ipc_token == NULL) 234 err(EX_UNAVAILABLE, "au_to_ipc"); 235 write_token(directory, token_filename, ipc_token); 236} 237 238static void 239generate_ipc_record(const char *directory, const char *record_filename) 240{ 241 token_t *ipc_token; 242 243 ipc_token = au_to_ipc(ipc_type, ipc_id); 244 if (ipc_token == NULL) 245 err(EX_UNAVAILABLE, "au_to_ipc"); 246 write_record(directory, record_filename, ipc_token, AUE_NULL); 247} 248 249static char *path_token_path = "/test/this/is/a/test"; 250 251static void 252generate_path_token(const char *directory, const char *token_filename) 253{ 254 token_t *path_token; 255 256 path_token = au_to_path(path_token_path); 257 if (path_token == NULL) 258 err(EX_UNAVAILABLE, "au_to_path"); 259 write_token(directory, token_filename, path_token); 260} 261 262static void 263generate_path_record(const char *directory, const char *record_filename) 264{ 265 token_t *path_token; 266 267 path_token = au_to_path(path_token_path); 268 if (path_token == NULL) 269 err(EX_UNAVAILABLE, "au_to_path"); 270 write_record(directory, record_filename, path_token, AUE_NULL); 271} 272 273static au_id_t subject32_auid = 0x12345678; 274static uid_t subject32_euid = 0x01234567; 275static gid_t subject32_egid = 0x23456789; 276static uid_t subject32_ruid = 0x98765432; 277static gid_t subject32_rgid = 0x09876543; 278static pid_t subject32_pid = 0x13243546; 279static au_asid_t subject32_sid = 0x97867564; 280static au_tid_t subject32_tid = { 0x16593746 }; 281static au_tid_addr_t subject32_tid_addr = { 0x16593746 }; 282 283static void 284generate_subject32_token(const char *directory, const char *token_filename) 285{ 286 token_t *subject32_token; 287 288 subject32_tid.machine = inet_addr("127.0.0.1"); 289 290 subject32_token = au_to_subject32(subject32_auid, subject32_euid, 291 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, 292 subject32_sid, &subject32_tid); 293 if (subject32_token == NULL) 294 err(EX_UNAVAILABLE, "au_to_subject32"); 295 write_token(directory, token_filename, subject32_token); 296} 297 298static void 299generate_subject32_record(const char *directory, const char *record_filename) 300{ 301 token_t *subject32_token; 302 303 subject32_tid.machine = inet_addr("127.0.0.1"); 304 305 subject32_token = au_to_subject32(subject32_auid, subject32_euid, 306 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, 307 subject32_sid, &subject32_tid); 308 if (subject32_token == NULL) 309 err(EX_UNAVAILABLE, "au_to_subject32"); 310 write_record(directory, record_filename, subject32_token, AUE_NULL); 311} 312 313static void 314generate_subject32ex_token(const char *directory, const char *token_filename, 315 u_int32_t type) 316{ 317 token_t *subject32ex_token; 318 char *buf; 319 320 buf = (char *)malloc(strlen(token_filename) + 6); 321 if (type == AU_IPv6) { 322 inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr); 323 subject32_tid_addr.at_type = AU_IPv6; 324 sprintf(buf, "%s%s", token_filename, "-IPv6"); 325 } else { 326 subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 327 subject32_tid_addr.at_type = AU_IPv4; 328 sprintf(buf, "%s%s", token_filename, "-IPv4"); 329 } 330 331 subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid, 332 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, 333 subject32_sid, &subject32_tid_addr); 334 if (subject32ex_token == NULL) 335 err(EX_UNAVAILABLE, "au_to_subject32_ex"); 336 write_token(directory, buf, subject32ex_token); 337 free(buf); 338} 339 340static void 341generate_subject32ex_record(const char *directory, const char *record_filename, 342 u_int32_t type) 343{ 344 token_t *subject32ex_token; 345 char *buf; 346 347 buf = (char *)malloc(strlen(record_filename) + 6); 348 if (type == AU_IPv6) { 349 inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr); 350 subject32_tid_addr.at_type = AU_IPv6; 351 sprintf(buf, "%s%s", record_filename, "-IPv6"); 352 } else { 353 subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 354 subject32_tid_addr.at_type = AU_IPv4; 355 sprintf(buf, "%s%s", record_filename, "-IPv4"); 356 } 357 358 subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid, 359 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, 360 subject32_sid, &subject32_tid_addr); 361 if (subject32ex_token == NULL) 362 err(EX_UNAVAILABLE, "au_to_subject32_ex"); 363 write_record(directory, record_filename, subject32ex_token, AUE_NULL); 364 free(buf); 365} 366 367static au_id_t process32_auid = 0x12345678; 368static uid_t process32_euid = 0x01234567; 369static gid_t process32_egid = 0x23456789; 370static uid_t process32_ruid = 0x98765432; 371static gid_t process32_rgid = 0x09876543; 372static pid_t process32_pid = 0x13243546; 373static au_asid_t process32_sid = 0x97867564; 374static au_tid_t process32_tid = { 0x16593746 }; 375static au_tid_addr_t process32_tid_addr = { 0x16593746 }; 376 377static void 378generate_process32_token(const char *directory, const char *token_filename) 379{ 380 token_t *process32_token; 381 382 process32_tid.machine = inet_addr("127.0.0.1"); 383 384 process32_token = au_to_process32(process32_auid, process32_euid, 385 process32_egid, process32_ruid, process32_rgid, process32_pid, 386 process32_sid, &process32_tid); 387 if (process32_token == NULL) 388 err(EX_UNAVAILABLE, "au_to_process32"); 389 write_token(directory, token_filename, process32_token); 390} 391 392static void 393generate_process32_record(const char *directory, const char *record_filename) 394{ 395 token_t *process32_token; 396 397 process32_tid.machine = inet_addr("127.0.0.1"); 398 399 process32_token = au_to_process32(process32_auid, process32_euid, 400 process32_egid, process32_ruid, process32_rgid, process32_pid, 401 process32_sid, &process32_tid); 402 if (process32_token == NULL) 403 err(EX_UNAVAILABLE, "au_ti_process32"); 404 write_record(directory, record_filename, process32_token, AUE_NULL); 405} 406 407static void 408generate_process32ex_token(const char *directory, const char *token_filename, 409 u_int32_t type) 410{ 411 token_t *process32ex_token; 412 char *buf; 413 414 buf = (char *)malloc(strlen(token_filename) + 6); 415 if (type == AU_IPv6) { 416 inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr); 417 process32_tid_addr.at_type = AU_IPv6; 418 sprintf(buf, "%s%s", token_filename, "-IPv6"); 419 } else { 420 process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 421 process32_tid_addr.at_type = AU_IPv4; 422 sprintf(buf, "%s%s", token_filename, "-IPv4"); 423 } 424 425 process32ex_token = au_to_process32_ex(process32_auid, process32_euid, 426 process32_egid, process32_ruid, process32_rgid, process32_pid, 427 process32_sid, &process32_tid_addr); 428 if (process32ex_token == NULL) 429 err(EX_UNAVAILABLE, "au_to_process32_ex"); 430 write_token(directory, buf, process32ex_token); 431 free(buf); 432} 433 434static void 435generate_process32ex_record(const char *directory, const char *record_filename, 436 u_int32_t type) 437{ 438 token_t *process32ex_token; 439 char *buf; 440 441 buf = (char *)malloc(strlen(record_filename) + 6); 442 if (type == AU_IPv6) { 443 inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr); 444 process32_tid_addr.at_type = AU_IPv6; 445 sprintf(buf, "%s%s", record_filename, "-IPv6"); 446 } else { 447 process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 448 process32_tid_addr.at_type = AU_IPv4; 449 sprintf(buf, "%s%s", record_filename, "-IPv4"); 450 } 451 452 process32ex_token = au_to_process32_ex(process32_auid, process32_euid, 453 process32_egid, process32_ruid, process32_rgid, process32_pid, 454 process32_sid, &process32_tid_addr); 455 if (process32ex_token == NULL) 456 err(EX_UNAVAILABLE, "au_to_process32_ex"); 457 write_record(directory, buf, process32ex_token, AUE_NULL); 458 free(buf); 459} 460 461static au_id_t process64_auid = 0x12345678; 462static uid_t process64_euid = 0x01234567; 463static gid_t process64_egid = 0x23456789; 464static uid_t process64_ruid = 0x98765432; 465static gid_t process64_rgid = 0x09876543; 466static pid_t process64_pid = 0x13243546; 467static au_asid_t process64_sid = 0x97867564; 468static au_tid_t process64_tid = { 0x16593746 }; 469static au_tid_addr_t process64_tid_addr = { 0x16593746 }; 470 471static void 472generate_process64_token(const char *directory, const char *token_filename) 473{ 474 token_t *process64_token; 475 476 process64_tid.machine = inet_addr("127.0.0.1"); 477 478 process64_token = au_to_process64(process64_auid, process64_euid, 479 process64_egid, process64_ruid, process64_rgid, process64_pid, 480 process64_sid, &process64_tid); 481 if (process64_token == NULL) 482 err(EX_UNAVAILABLE, "au_to_process64"); 483 write_token(directory, token_filename, process64_token); 484} 485 486static void 487generate_process64_record(const char *directory, const char *record_filename) 488{ 489 token_t *process64_token; 490 491 process64_tid.machine = inet_addr("127.0.0.1"); 492 493 process64_token = au_to_process64(process64_auid, process64_euid, 494 process64_egid, process64_ruid, process64_rgid, process64_pid, 495 process64_sid, &process64_tid); 496 if (process64_token == NULL) 497 err(EX_UNAVAILABLE, "au_ti_process64"); 498 write_record(directory, record_filename, process64_token, AUE_NULL); 499} 500 501static void 502generate_process64ex_token(const char *directory, const char *token_filename, 503 u_int32_t type) 504{ 505 token_t *process64ex_token; 506 char *buf; 507 508 buf = (char *)malloc(strlen(token_filename) + 6); 509 if (type == AU_IPv6) { 510 inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr); 511 process64_tid_addr.at_type = AU_IPv6; 512 sprintf(buf, "%s%s", token_filename, "-IPv6"); 513 } else { 514 process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 515 process64_tid_addr.at_type = AU_IPv4; 516 sprintf(buf, "%s%s", token_filename, "-IPv4"); 517 } 518 519 process64ex_token = au_to_process64_ex(process64_auid, process64_euid, 520 process64_egid, process64_ruid, process64_rgid, process64_pid, 521 process64_sid, &process64_tid_addr); 522 if (process64ex_token == NULL) 523 err(EX_UNAVAILABLE, "au_to_process64_ex"); 524 write_token(directory, buf, process64ex_token); 525 free(buf); 526} 527 528static void 529generate_process64ex_record(const char *directory, const char *record_filename, 530 u_int32_t type) 531{ 532 token_t *process64ex_token; 533 char *buf; 534 535 buf = (char *)malloc(strlen(record_filename) + 6); 536 if (type == AU_IPv6) { 537 inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr); 538 process64_tid_addr.at_type = AU_IPv6; 539 sprintf(buf, "%s%s", record_filename, "-IPv6"); 540 } else { 541 process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); 542 process64_tid_addr.at_type = AU_IPv4; 543 sprintf(buf, "%s%s", record_filename, "-IPv4"); 544 } 545 546 process64ex_token = au_to_process64_ex(process64_auid, process64_euid, 547 process64_egid, process64_ruid, process64_rgid, process64_pid, 548 process64_sid, &process64_tid_addr); 549 if (process64ex_token == NULL) 550 err(EX_UNAVAILABLE, "au_to_process64_ex"); 551 write_record(directory, buf, process64ex_token, AUE_NULL); 552 free(buf); 553} 554 555static char return32_status = EINVAL; 556static uint32_t return32_ret = 0x12345678; 557 558static void 559generate_return32_token(const char *directory, const char *token_filename) 560{ 561 token_t *return32_token; 562 563 return32_token = au_to_return32(au_errno_to_bsm(return32_status), 564 return32_ret); 565 if (return32_token == NULL) 566 err(EX_UNAVAILABLE, "au_to_return32"); 567 write_token(directory, token_filename, return32_token); 568} 569 570static void 571generate_return32_record(const char *directory, const char *record_filename) 572{ 573 token_t *return32_token; 574 575 return32_token = au_to_return32(au_errno_to_bsm(return32_status), 576 return32_ret); 577 if (return32_token == NULL) 578 err(EX_UNAVAILABLE, "au_to_return32"); 579 write_record(directory, record_filename, return32_token, AUE_NULL); 580} 581 582static char *text_token_text = "This is a test."; 583 584static void 585generate_text_token(const char *directory, const char *token_filename) 586{ 587 token_t *text_token; 588 589 text_token = au_to_text(text_token_text); 590 if (text_token == NULL) 591 err(EX_UNAVAILABLE, "au_to_text"); 592 write_token(directory, token_filename, text_token); 593} 594 595static void 596generate_text_record(const char *directory, const char *record_filename) 597{ 598 token_t *text_token; 599 600 text_token = au_to_text(text_token_text); 601 if (text_token == NULL) 602 err(EX_UNAVAILABLE, "au_to_text"); 603 write_record(directory, record_filename, text_token, AUE_NULL); 604} 605 606static char opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd}; 607static int opaque_token_bytes = sizeof(opaque_token_data); 608 609static void 610generate_opaque_token(const char *directory, const char *token_filename) 611{ 612 token_t *opaque_token; 613 614 opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes); 615 if (opaque_token == NULL) 616 err(EX_UNAVAILABLE, "au_to_opaque"); 617 write_token(directory, token_filename, opaque_token); 618} 619 620static void 621generate_opaque_record(const char *directory, const char *record_filename) 622{ 623 token_t *opaque_token; 624 625 opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes); 626 if (opaque_token == NULL) 627 err(EX_UNAVAILABLE, "au_to_opaque"); 628 write_record(directory, record_filename, opaque_token, AUE_NULL); 629} 630 631static struct in_addr in_addr_token_addr; 632 633static void 634generate_in_addr_token(const char *directory, const char *token_filename) 635{ 636 token_t *in_addr_token; 637 638 in_addr_token_addr.s_addr = inet_addr("192.168.100.15"); 639 640 in_addr_token = au_to_in_addr(&in_addr_token_addr); 641 if (in_addr_token == NULL) 642 err(EX_UNAVAILABLE, "au_to_in_addr"); 643 write_token(directory, token_filename, in_addr_token); 644} 645 646static void 647generate_in_addr_record(const char *directory, const char *record_filename) 648{ 649 token_t *in_addr_token; 650 651 in_addr_token_addr.s_addr = inet_addr("192.168.100.15"); 652 653 in_addr_token = au_to_in_addr(&in_addr_token_addr); 654 if (in_addr_token == NULL) 655 err(EX_UNAVAILABLE, "au_to_in_addr"); 656 write_record(directory, record_filename, in_addr_token, AUE_NULL); 657} 658 659static struct ip ip_token_ip; 660static u_char ip_token_ip_v = 4; 661static uint16_t ip_token_ip_id = 0x5478; 662static u_char ip_token_ip_ttl = 64; 663static u_char ip_token_ip_p = IPPROTO_ICMP; 664static struct in_addr ip_token_ip_src; 665static struct in_addr ip_token_ip_dst; 666 667static void 668generate_ip_token(const char *directory, const char *token_filename) 669{ 670 token_t *ip_token; 671 672 ip_token_ip_src.s_addr = inet_addr("192.168.100.155"); 673 ip_token_ip_dst.s_addr = inet_addr("192.168.110.48"); 674 675 memset(&ip_token_ip, 0, sizeof(ip_token_ip)); 676 ip_token_ip.ip_v = ip_token_ip_v; 677 ip_token_ip.ip_len = htons(sizeof(ip_token_ip)); 678 ip_token_ip.ip_id = htons(ip_token_ip_id); 679 ip_token_ip.ip_ttl = ip_token_ip_ttl; 680 ip_token_ip.ip_p = ip_token_ip_p; 681 ip_token_ip.ip_src = ip_token_ip_src; 682 ip_token_ip.ip_dst = ip_token_ip_dst; 683 684 ip_token = au_to_ip(&ip_token_ip); 685 if (ip_token == NULL) 686 err(EX_UNAVAILABLE, "au_to_ip"); 687 write_token(directory, token_filename, ip_token); 688} 689 690static void 691generate_ip_record(const char *directory, const char *record_filename) 692{ 693 token_t *ip_token; 694 695 ip_token_ip_src.s_addr = inet_addr("192.168.100.155"); 696 ip_token_ip_dst.s_addr = inet_addr("192.168.110.48"); 697 698 memset(&ip_token_ip, 0, sizeof(ip_token_ip)); 699 ip_token_ip.ip_v = ip_token_ip_v; 700 ip_token_ip.ip_len = htons(sizeof(ip_token_ip)); 701 ip_token_ip.ip_id = htons(ip_token_ip_id); 702 ip_token_ip.ip_ttl = ip_token_ip_ttl; 703 ip_token_ip.ip_p = ip_token_ip_p; 704 ip_token_ip.ip_src = ip_token_ip_src; 705 ip_token_ip.ip_dst = ip_token_ip_dst; 706 707 ip_token = au_to_ip(&ip_token_ip); 708 if (ip_token == NULL) 709 err(EX_UNAVAILABLE, "au_to_ip"); 710 write_record(directory, record_filename, ip_token, AUE_NULL); 711} 712 713static u_int16_t iport_token_iport; 714 715static void 716generate_iport_token(const char *directory, const char *token_filename) 717{ 718 token_t *iport_token; 719 720 iport_token_iport = htons(80); 721 722 iport_token = au_to_iport(iport_token_iport); 723 if (iport_token == NULL) 724 err(EX_UNAVAILABLE, "au_to_iport"); 725 write_token(directory, token_filename, iport_token); 726} 727 728static void 729generate_iport_record(const char *directory, const char *record_filename) 730{ 731 token_t *iport_token; 732 733 iport_token_iport = htons(80); 734 735 iport_token = au_to_iport(iport_token_iport); 736 if (iport_token == NULL) 737 err(EX_UNAVAILABLE, "au_to_iport"); 738 write_record(directory, record_filename, iport_token, AUE_NULL); 739} 740 741static char arg32_token_n = 3; 742static char *arg32_token_text = "test_arg32_token"; 743static uint32_t arg32_token_v = 0xabcdef00; 744 745static void 746generate_arg32_token(const char *directory, const char *token_filename) 747{ 748 token_t *arg32_token; 749 750 arg32_token = au_to_arg32(arg32_token_n, arg32_token_text, 751 arg32_token_v); 752 if (arg32_token == NULL) 753 err(EX_UNAVAILABLE, "au_to_arg32"); 754 write_token(directory, token_filename, arg32_token); 755} 756 757static void 758generate_arg32_record(const char *directory, const char *record_filename) 759{ 760 token_t *arg32_token; 761 762 arg32_token = au_to_arg32(arg32_token_n, arg32_token_text, 763 arg32_token_v); 764 if (arg32_token == NULL) 765 err(EX_UNAVAILABLE, "au_to_arg32"); 766 write_record(directory, record_filename, arg32_token, AUE_NULL); 767} 768 769static long seq_audit_count = 0x12345678; 770 771static void 772generate_seq_token(const char *directory, const char *token_filename) 773{ 774 token_t *seq_token; 775 776 seq_token = au_to_seq(seq_audit_count); 777 if (seq_token == NULL) 778 err(EX_UNAVAILABLE, "au_to_seq"); 779 write_token(directory, token_filename, seq_token); 780} 781 782static void 783generate_seq_record(const char *directory, const char *record_filename) 784{ 785 token_t *seq_token; 786 787 seq_token = au_to_seq(seq_audit_count); 788 if (seq_token == NULL) 789 err(EX_UNAVAILABLE, "au_to_seq"); 790 write_record(directory, record_filename, seq_token, AUE_NULL); 791} 792 793#if 0 794/* 795 * AUT_ACL 796 */ 797 798static void 799generate_attr_token(const char *directory, const char *token_filename) 800{ 801 token_t *attr_token; 802 803} 804 805static void 806generate_attr_record(const char *directory, const char *record_filename) 807{ 808 token_t *attr_token; 809 810} 811 812static void 813generate_ipc_perm_token(const char *directory, const char *token_filename) 814{ 815 token_t *ipc_perm_token; 816 817} 818 819static void 820generate_ipc_perm_record(const char *directory, const char *record_filename) 821{ 822 token_t *ipc_perm_token; 823 824} 825#endif 826 827#if 0 828/* 829 * AUT_LABEL 830 */ 831 832static void 833generate_groups_token(const char *directory, const char *token_filename) 834{ 835 token_t *groups_token; 836 837} 838 839static void 840generate_groups_record(const char *directory, const char *record_filename) 841{ 842 token_t *groups_token; 843 844} 845#endif 846 847/* 848 * AUT_ILABEL 849 */ 850 851/* 852 * AUT_SLABEL 853 */ 854 855/* 856 * AUT_CLEAR 857 */ 858 859/* 860 * AUT_PRIV 861 */ 862 863/* 864 * AUT_UPRIV 865 */ 866 867/* 868 * AUT_LIAISON 869 */ 870 871/* 872 * AUT_NEWGROUPS 873 */ 874 875/* 876 * AUT_EXEC_ARGS 877 */ 878 879/* 880 * AUT_EXEC_ENV 881 */ 882 883#if 0 884static void 885generate_attr32_token(const char *directory, const char *token_filename) 886{ 887 token_t *attr32_token; 888 889} 890 891static void 892generate_attr32_record(const char *directory, const char *record_filename) 893{ 894 token_t *attr32_token; 895 896} 897#endif 898 899static char *zonename_sample = "testzone"; 900 901static void 902generate_zonename_token(const char *directory, const char *token_filename) 903{ 904 token_t *zonename_token; 905 906 zonename_token = au_to_zonename(zonename_sample); 907 if (zonename_token == NULL) 908 err(EX_UNAVAILABLE, "au_to_zonename"); 909 write_token(directory, token_filename, zonename_token); 910} 911 912static void 913generate_zonename_record(const char *directory, const char *record_filename) 914{ 915 token_t *zonename_token; 916 917 zonename_token = au_to_zonename(zonename_sample); 918 if (zonename_token == NULL) 919 err(EX_UNAVAILABLE, "au_to_zonename"); 920 write_record(directory, record_filename, zonename_token, AUE_NULL); 921} 922 923static u_short socketex_domain = PF_INET; 924static u_short socketex_type = SOCK_STREAM; 925static struct sockaddr_in socketex_laddr, socketex_raddr; 926 927static void 928generate_socketex_token(const char *directory, const char *token_filename) 929{ 930 token_t *socketex_token; 931 932 bzero(&socketex_laddr, sizeof(socketex_laddr)); 933 socketex_laddr.sin_family = AF_INET; 934 socketex_laddr.sin_len = sizeof(socketex_laddr); 935 socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 936 937 bzero(&socketex_raddr, sizeof(socketex_raddr)); 938 socketex_raddr.sin_family = AF_INET; 939 socketex_raddr.sin_len = sizeof(socketex_raddr); 940 socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 941 942 socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), 943 au_socket_type_to_bsm(socketex_type), 944 (struct sockaddr *)&socketex_laddr, 945 (struct sockaddr *)&socketex_raddr); 946 if (socketex_token == NULL) 947 err(EX_UNAVAILABLE, "au_to_socket_ex"); 948 write_token(directory, token_filename, socketex_token); 949} 950 951static void 952generate_socketex_record(const char *directory, const char *record_filename) 953{ 954 token_t *socketex_token; 955 956 bzero(&socketex_laddr, sizeof(socketex_laddr)); 957 socketex_laddr.sin_family = AF_INET; 958 socketex_laddr.sin_len = sizeof(socketex_laddr); 959 socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 960 961 bzero(&socketex_raddr, sizeof(socketex_raddr)); 962 socketex_raddr.sin_family = AF_INET; 963 socketex_raddr.sin_len = sizeof(socketex_raddr); 964 socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 965 966 socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), 967 au_socket_type_to_bsm(socketex_type), 968 (struct sockaddr *)&socketex_laddr, 969 (struct sockaddr *)&socketex_raddr); 970 if (socketex_token == NULL) 971 err(EX_UNAVAILABLE, "au_to_socket_ex"); 972 write_record(directory, record_filename, socketex_token, AUE_NULL); 973} 974 975/* 976 * Generate a series of error-number specific return tokens in records. 977 */ 978static void 979generate_error_record(const char *directory, const char *filename, int error) 980{ 981 char pathname[PATH_MAX]; 982 token_t *return32_token; 983 984 return32_token = au_to_return32(au_errno_to_bsm(error), -1); 985 if (return32_token == NULL) 986 err(EX_UNAVAILABLE, "au_to_return32"); 987 (void)snprintf(pathname, PATH_MAX, "%s_record", filename); 988 write_record(directory, pathname, return32_token, AUE_NULL); 989} 990 991/* 992 * Not all the error numbers, just a few present on all platforms for now. 993 */ 994const struct { 995 int error_number; 996 const char *error_name; 997} error_list[] = { 998 { EPERM, "EPERM" }, 999 { ENOENT, "ENOENT" }, 1000 { ESRCH, "ESRCH" }, 1001 { EINTR, "EINTR" }, 1002 { EIO, "EIO" }, 1003 { ENXIO, "ENXIO" }, 1004 { E2BIG, "E2BIG" }, 1005 { ENOEXEC, "ENOEXEC" }, 1006 { EBADF, "EBADF" }, 1007 { ECHILD, "ECHILD" }, 1008 { EDEADLK, "EDEADLK" }, 1009 { ENOMEM, "ENOMEM" }, 1010 { EACCES, "EACCES" }, 1011 { EFAULT, "EFAULT" }, 1012 { ENOTBLK, "ENOTBLK" }, 1013 { EBUSY, "EBUSY" }, 1014 { EEXIST, "EEXIST" }, 1015 { EXDEV, "EXDEV" }, 1016 { ENODEV, "ENODEV" }, 1017 { ENOTDIR, "ENOTDIR" }, 1018 { EISDIR, "EISDIR" }, 1019 { EINVAL, "EINVAL" }, 1020 { ENFILE, "ENFILE" }, 1021 { EMFILE, "EMFILE" }, 1022 { ENOTTY, "ENOTTY" }, 1023 { ETXTBSY, "ETXTBSY" }, 1024 { EFBIG, "EFBIG" }, 1025 { ENOSPC, "ENOSPC" }, 1026 { ESPIPE, "ESPIPE" }, 1027 { EROFS, "EROFS" }, 1028 { EMLINK, "EMLINK" }, 1029 { EPIPE, "EPIPE" } 1030}; 1031const int error_list_count = sizeof(error_list)/sizeof(error_list[0]); 1032 1033static void 1034do_error_records(const char *directory) 1035{ 1036 int i; 1037 1038 for (i = 0; i < error_list_count; i++) 1039 generate_error_record(directory, error_list[i].error_name, 1040 error_list[i].error_number); 1041} 1042 1043int 1044main(int argc, char *argv[]) 1045{ 1046 const char *directory; 1047 int ch; 1048 1049 while ((ch = getopt(argc, argv, "rt")) != -1) { 1050 switch (ch) { 1051 case 'r': 1052 do_records++; 1053 break; 1054 1055 case 't': 1056 do_tokens++; 1057 break; 1058 1059 default: 1060 usage(); 1061 } 1062 } 1063 1064 argc -= optind; 1065 argv += optind; 1066 1067 if (argc != 1) 1068 usage(); 1069 1070 directory = argv[0]; 1071 1072 if (mkdir(directory, 0755) < 0 && errno != EEXIST) 1073 err(EX_OSERR, "mkdir: %s", directory); 1074 1075 if (do_tokens) { 1076 generate_file_token(directory, "file_token"); 1077 generate_trailer_token(directory, "trailer_token"); 1078 generate_header32_token(directory, "header32_token"); 1079 generate_data_token(directory, "data_token"); 1080 generate_ipc_token(directory, "ipc_token"); 1081 generate_path_token(directory, "path_token"); 1082 generate_subject32_token(directory, "subject32_token"); 1083 generate_subject32ex_token(directory, "subject32ex_token", 1084 AU_IPv4); 1085 generate_subject32ex_token(directory, "subject32ex_token", 1086 AU_IPv6); 1087 generate_process32_token(directory, "process32_token"); 1088 generate_process32ex_token(directory, "process32ex_token", 1089 AU_IPv4); 1090 generate_process32ex_token(directory, "process32ex_token", 1091 AU_IPv6); 1092 generate_process64_token(directory, "process64_token"); 1093 generate_process64ex_token(directory, "process64ex_token", 1094 AU_IPv4); 1095 generate_process64ex_token(directory, "process64ex_token", 1096 AU_IPv6); 1097 generate_return32_token(directory, "return32_token"); 1098 generate_text_token(directory, "text_token"); 1099 generate_opaque_token(directory, "opaque_token"); 1100 generate_in_addr_token(directory, "in_addr_token"); 1101 generate_ip_token(directory, "ip_token"); 1102 generate_iport_token(directory, "iport_token"); 1103 generate_arg32_token(directory, "arg32_token"); 1104 generate_seq_token(directory, "seq_token"); 1105#if 0 1106 generate_attr_token(directory, "attr_token"); 1107 generate_ipc_perm_token(directory, "ipc_perm_token"); 1108 generate_groups_token(directory, "groups_token"); 1109 generate_attr32_token(directory, "attr32_token"); 1110#endif 1111 generate_zonename_token(directory, "zonename_token"); 1112 generate_socketex_token(directory, "socketex_token"); 1113 } 1114 1115 if (do_records) { 1116 generate_file_record(directory, "file_record"); 1117 generate_data_record(directory, "data_record"); 1118 generate_ipc_record(directory, "ipc_record"); 1119 generate_path_record(directory, "path_record"); 1120 generate_subject32_record(directory, "subject32_record"); 1121 generate_subject32ex_record(directory, "subject32ex_record", 1122 AU_IPv4); 1123 generate_subject32ex_record(directory, "subject32ex_record", 1124 AU_IPv6); 1125 generate_process32_record(directory, "process32_record"); 1126 generate_process32ex_record(directory, "process32ex_record", 1127 AU_IPv4); 1128 generate_process32ex_record(directory, "process32ex_record", 1129 AU_IPv6); 1130 generate_process64_record(directory, "process64_record"); 1131 generate_process64ex_record(directory, "process64ex_record", 1132 AU_IPv4); 1133 generate_process64ex_record(directory, "process64ex_record", 1134 AU_IPv6); 1135 generate_return32_record(directory, "return32_record"); 1136 generate_text_record(directory, "text_record"); 1137 generate_opaque_record(directory, "opaque_record"); 1138 generate_in_addr_record(directory, "in_addr_record"); 1139 generate_ip_record(directory, "ip_record"); 1140 generate_iport_record(directory, "iport_record"); 1141 generate_arg32_record(directory, "arg32_record"); 1142 generate_seq_record(directory, "seq_record"); 1143#if 0 1144 generate_attr_record(directory, "attr_record"); 1145 generate_ipc_perm_record(directory, "ipc_perm_record"); 1146 generate_groups_record(directory, "groups_record"); 1147 generate_attr32_record(directory, "attr32_record"); 1148#endif 1149 generate_zonename_record(directory, "zonename_record"); 1150 generate_socketex_record(directory, "socketex_record"); 1151 do_error_records(directory); 1152 } 1153 1154 return (0); 1155} 1156