static int
udp_getcred(SYSCTL_HANDLER_ARGS)
{
struct xucred xuc;
struct sockaddr_in addrs[2];
struct inpcb *inp;
int error;
error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
if (error)
return (error);
inp = in_pcblookup(&V_udbinfo, addrs[1].sin_addr, addrs[1].sin_port,
addrs[0].sin_addr, addrs[0].sin_port,
INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
if (inp != NULL) {
INP_RLOCK_ASSERT(inp);
if (inp->inp_socket == NULL)
error = ENOENT;
if (error == 0)
error = cr_canseeinpcb(req->td->td_ucred, inp);
if (error == 0)
cru2x(inp->inp_cred, &xuc);
INP_RUNLOCK(inp);
} else
error = ENOENT;
if (error == 0)
error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
return (error);
}
/*
* Construct an audit record for the passed thread.
*/
static void
audit_record_ctor(proc_t p, struct kaudit_record *ar)
{
kauth_cred_t cred;
bzero(ar, sizeof(*ar));
ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;
nanotime(&ar->k_ar.ar_starttime);
if (PROC_NULL != p) {
cred = kauth_cred_proc_ref(p);
/*
* Export the subject credential.
*/
cru2x(cred, &ar->k_ar.ar_subj_cred);
ar->k_ar.ar_subj_ruid = kauth_cred_getruid(cred);
ar->k_ar.ar_subj_rgid = kauth_cred_getrgid(cred);
ar->k_ar.ar_subj_egid = kauth_cred_getgid(cred);
ar->k_ar.ar_subj_pid = p->p_pid;
ar->k_ar.ar_subj_auid = cred->cr_audit.as_aia_p->ai_auid;
ar->k_ar.ar_subj_asid = cred->cr_audit.as_aia_p->ai_asid;
bcopy(&cred->cr_audit.as_mask, &ar->k_ar.ar_subj_amask,
sizeof(struct au_mask));
bcopy(&cred->cr_audit.as_aia_p->ai_termid,
&ar->k_ar.ar_subj_term_addr, sizeof(struct au_tid_addr));
kauth_cred_unref(&cred);
}
}
/*
* Construct an audit record for the passed thread.
*/
static int
audit_record_ctor(void *mem, int size, void *arg, int flags)
{
struct kaudit_record *ar;
struct thread *td;
struct ucred *cred;
KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));
td = arg;
ar = mem;
bzero(ar, sizeof(*ar));
ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;
nanotime(&ar->k_ar.ar_starttime);
/*
* Export the subject credential.
*/
cred = td->td_ucred;
cru2x(cred, &ar->k_ar.ar_subj_cred);
ar->k_ar.ar_subj_ruid = cred->cr_ruid;
ar->k_ar.ar_subj_rgid = cred->cr_rgid;
ar->k_ar.ar_subj_egid = cred->cr_groups[0];
ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
return (0);
}
/*
* Construct an audit record for the passed thread.
*/
static int
audit_record_ctor(void *mem, int size, void *arg, int flags)
{
struct kaudit_record *ar;
struct thread *td;
struct ucred *cred;
struct prison *pr;
KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));
td = arg;
ar = mem;
bzero(ar, sizeof(*ar));
ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;
nanotime(&ar->k_ar.ar_starttime);
/*
* Export the subject credential.
*/
cred = td->td_ucred;
cru2x(cred, &ar->k_ar.ar_subj_cred);
ar->k_ar.ar_subj_ruid = cred->cr_ruid;
ar->k_ar.ar_subj_rgid = cred->cr_rgid;
ar->k_ar.ar_subj_egid = cred->cr_groups[0];
ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
/*
* If this process is jailed, make sure we capture the name of the
* jail so we can use it to generate a zonename token when we covert
* this record to BSM.
*/
if (jailed(cred)) {
pr = cred->cr_prison;
(void) strlcpy(ar->k_ar.ar_jailname, pr->pr_name,
sizeof(ar->k_ar.ar_jailname));
} else
ar->k_ar.ar_jailname[0] = '\0';
return (0);
}
static int
udp6_getcred(SYSCTL_HANDLER_ARGS)
{
struct xucred xuc;
struct sockaddr_in6 addrs[2];
struct inpcb *inp;
int error;
error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
if (req->newlen != sizeof(addrs))
return (EINVAL);
if (req->oldlen != sizeof(struct xucred))
return (EINVAL);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
if (error)
return (error);
if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 ||
(error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) {
return (error);
}
inp = in6_pcblookup(&V_udbinfo, &addrs[1].sin6_addr,
addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port,
INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
if (inp != NULL) {
INP_RLOCK_ASSERT(inp);
if (inp->inp_socket == NULL)
error = ENOENT;
if (error == 0)
error = cr_canseesocket(req->td->td_ucred,
inp->inp_socket);
if (error == 0)
cru2x(inp->inp_cred, &xuc);
INP_RUNLOCK(inp);
} else
error = ENOENT;
if (error == 0)
error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
return (error);
}