int
get_peer_label(int fd, char **slabel)
{
if (is_system_labeled()) {
ucred_t *uc = NULL;
m_label_t *sl;
char *pslabel = NULL; /* peer's slabel */
if ((fd < 0) || (slabel == NULL)) {
errno = EINVAL;
return (-1);
}
if (getpeerucred(fd, &uc) == -1)
return (-1);
sl = ucred_getlabel(uc);
if (label_to_str(sl, &pslabel, M_INTERNAL, DEF_NAMES) != 0)
syslog(LOG_WARNING, "label_to_str(): %m");
ucred_free(uc);
if (pslabel != NULL) {
syslog(LOG_DEBUG, "get_peer_label(%d, %s): becomes %s",
fd, (*slabel ? *slabel : "NULL"), pslabel);
if (*slabel != NULL)
free(*slabel);
*slabel = strdup(pslabel);
}
}
return (0);
}
static int
print_rhtp(const char *rhtp_name)
{
tsol_tpent_t tp;
char *str, *str2;
const m_label_t *l1, *l2;
int i;
(void) strlcpy(tp.name, rhtp_name, sizeof (tp.name));
if (tnrhtp(TNDB_GET, &tp) != 0) {
if (errno == ENOENT)
(void) fprintf(stderr, gettext("tninfo: tnrhtp entry "
"%1$s does not exist\n"), tp.name);
else
(void) fprintf(stderr,
gettext("tninfo: tnrhtp TNDB_GET(%1$s) failed: "
"%2$s\n"), tp.name, strerror(errno));
return (1);
}
(void) printf("=====================================\n");
(void) printf(gettext("Remote Host Template Table Entries:\n"));
(void) printf("__________________________\n");
(void) printf(gettext("template: %s\n"), tp.name);
switch (tp.host_type) {
case UNLABELED:
(void) printf(gettext("host_type: UNLABELED\n"));
(void) printf(gettext("doi: %d\n"), tp.tp_doi);
if (tp.tp_mask_unl & TSOL_MSK_DEF_LABEL) {
l_to_str(&tp.tp_def_label, &str, M_LABEL);
l_to_str(&tp.tp_def_label, &str2, M_INTERNAL);
(void) printf(gettext("def_label: %s\nhex: %s\n"),
str, str2);
free(str);
free(str2);
}
if (tp.tp_mask_unl & TSOL_MSK_SL_RANGE_TSOL) {
(void) printf(gettext("For routing only:\n"));
l_to_str(&tp.tp_gw_sl_range.lower_bound,
&str, M_LABEL);
l_to_str(&tp.tp_gw_sl_range.lower_bound,
&str2, M_INTERNAL);
(void) printf(gettext("min_sl: %s\nhex: %s\n"),
str, str2);
free(str);
free(str2);
l_to_str(&tp.tp_gw_sl_range.upper_bound,
&str, M_LABEL);
l_to_str(&tp.tp_gw_sl_range.upper_bound,
&str2, M_INTERNAL);
(void) printf(gettext("max_sl: %s\nhex: %s\n"),
str, str2);
free(str);
free(str2);
l1 = (const m_label_t *)&tp.tp_gw_sl_set[0];
l2 = (const m_label_t *)&tp.tp_gw_sl_set[NSLS_MAX];
for (i = 0; l1 < l2; l1++, i++) {
if (label_to_str(l1, &str2, M_INTERNAL,
DEF_NAMES) != 0)
break;
l_to_str(l1, &str, M_LABEL);
(void) printf(gettext("sl_set[%1$d]: %2$s\n"
"hex: %3$s\n"), i, str, str2);
free(str);
free(str2);
}
}
break;
case SUN_CIPSO:
(void) printf(gettext("host_type: CIPSO\n"));
(void) printf(gettext("doi: %d\n"), tp.tp_doi);
if (tp.tp_mask_cipso & TSOL_MSK_SL_RANGE_TSOL) {
l_to_str(&tp.tp_sl_range_cipso.lower_bound,
&str, M_LABEL);
l_to_str(&tp.tp_sl_range_cipso.lower_bound,
&str2, M_INTERNAL);
(void) printf(gettext("min_sl: %s\nhex: %s\n"),
str, str2);
free(str);
free(str2);
l_to_str(&tp.tp_sl_range_cipso.upper_bound,
&str, M_LABEL);
l_to_str(&tp.tp_sl_range_cipso.upper_bound,
&str2, M_INTERNAL);
(void) printf(gettext("max_sl: %s\nhex: %s\n"),
str, str2);
free(str);
free(str2);
l1 = (const m_label_t *)&tp.tp_sl_set_cipso[0];
l2 = (const m_label_t *)&tp.tp_sl_set_cipso[NSLS_MAX];
for (i = 0; l1 < l2; l1++, i++) {
if (label_to_str(l1, &str2, M_INTERNAL,
DEF_NAMES) != 0)
break;
l_to_str(l1, &str, M_LABEL);
(void) printf(gettext("sl_set[%1$d]: %2$s\n"
"hex: %3$s\n"), i, str, str2);
free(str);
free(str2);
}
}
break;
default:
(void) printf(gettext("unsupported host type: %ld\n"),
tp.host_type);
}
return (0);
}
int
putsecure(char *file, SECURE *secbufp)
{
char *path;
int fd;
int fld;
if (*file == '/')
path = Strdup(file);
else
path = makepath(Lp_Requests, file, (char *)0);
if (!path)
return (-1);
if ((fd = open_locked(path, "w", MODE_NOREAD)) < 0) {
Free (path);
return (-1);
}
Free (path);
if (
!secbufp->req_id ||
!secbufp->user
)
return (-1);
for (fld = 0; fld < SC_MAX; fld++)
switch (fld) {
case SC_REQID:
(void)fdprintf(fd, "%s\n", secbufp->req_id);
break;
case SC_UID:
(void)fdprintf(fd, "%u\n", secbufp->uid);
break;
case SC_USER:
(void)fdprintf(fd, "%s\n", secbufp->user);
break;
case SC_GID:
(void)fdprintf(fd, "%u\n", secbufp->gid);
break;
case SC_SIZE:
(void)fdprintf(fd, "%lu\n", secbufp->size);
break;
case SC_DATE:
(void)fdprintf(fd, "%ld\n", secbufp->date);
break;
case SC_SLABEL:
if (secbufp->slabel == NULL) {
if (is_system_labeled()) {
m_label_t *sl;
sl = m_label_alloc(MAC_LABEL);
(void) getplabel(sl);
if (label_to_str(sl, &(secbufp->slabel),
M_INTERNAL, DEF_NAMES) != 0) {
perror("label_to_str");
secbufp->slabel =
strdup("bad_label");
}
m_label_free(sl);
(void) fdprintf(fd, "%s\n",
secbufp->slabel);
} else {
(void) fdprintf(fd, "none\n");
}
} else {
(void) fdprintf(fd, "%s\n", secbufp->slabel);
}
break;
}
close(fd);
return (0);
}
static void
l_to_str(const m_label_t *l, char **str, int ltype)
{
if (label_to_str(l, str, ltype, DEF_NAMES) != 0)
*str = strdup(gettext("translation failed"));
}