17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
545916cdjpk * Common Development and Distribution License (the "License").
645916cdjpk * You may not use this file except in compliance with the License.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bdstevel@tonic-gate * See the License for the specific language governing permissions
117c478bdstevel@tonic-gate * and limitations under the License.
127c478bdstevel@tonic-gate *
137c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bdstevel@tonic-gate *
197c478bdstevel@tonic-gate * CDDL HEADER END
207c478bdstevel@tonic-gate */
217c478bdstevel@tonic-gate/*
22f899407Jan Friedel * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
237c478bdstevel@tonic-gate */
247c478bdstevel@tonic-gate
257c478bdstevel@tonic-gate/*
26bc54f85John Levon * Copyright (c) 2019, Joyent, Inc.
27bc54f85John Levon */
28bc54f85John Levon
29bc54f85John Levon/*
307c478bdstevel@tonic-gate * auditconfig - set and display audit parameters
317c478bdstevel@tonic-gate */
327c478bdstevel@tonic-gate
337c478bdstevel@tonic-gate#include <locale.h>
347c478bdstevel@tonic-gate#include <sys/types.h>
357c478bdstevel@tonic-gate#include <ctype.h>
367c478bdstevel@tonic-gate#include <stdlib.h>
377c478bdstevel@tonic-gate#include <stdarg.h>
387c478bdstevel@tonic-gate#include <unistd.h>
397c478bdstevel@tonic-gate#include <errno.h>
407c478bdstevel@tonic-gate#include <sys/param.h>
417c478bdstevel@tonic-gate#include <stdio.h>
427c478bdstevel@tonic-gate#include <string.h>
437c478bdstevel@tonic-gate#include <strings.h>
447c478bdstevel@tonic-gate#include <nlist.h>
457c478bdstevel@tonic-gate#include <fcntl.h>
467c478bdstevel@tonic-gate#include <sys/socket.h>
477c478bdstevel@tonic-gate#include <netdb.h>
487c478bdstevel@tonic-gate#include <netinet/in.h>
497c478bdstevel@tonic-gate#include <arpa/inet.h>
507c478bdstevel@tonic-gate#include <sys/mkdev.h>
517c478bdstevel@tonic-gate#include <sys/param.h>
527c478bdstevel@tonic-gate#include <pwd.h>
537c478bdstevel@tonic-gate#include <libintl.h>
547c478bdstevel@tonic-gate#include <zone.h>
558523fdaJan Friedel#include <libscf_priv.h>
569e3700dgww#include <tsol/label.h>
577c478bdstevel@tonic-gate#include <bsm/libbsm.h>
58f899407Jan Friedel#include <audit_policy.h>
59f899407Jan Friedel#include <audit_scf.h>
607c478bdstevel@tonic-gate
619e3700dgwwenum	commands {
629e3700dgww	AC_ARG_ACONF,
638523fdaJan Friedel	AC_ARG_AUDIT,
649e3700dgww	AC_ARG_CHKACONF,
658523fdaJan Friedel	AC_ARG_CHKCONF,
669e3700dgww	AC_ARG_CONF,
679e3700dgww	AC_ARG_GETASID,
689e3700dgww	AC_ARG_GETAUDIT,
699e3700dgww	AC_ARG_GETAUID,
709e3700dgww	AC_ARG_GETCAR,
719e3700dgww	AC_ARG_GETCLASS,
729e3700dgww	AC_ARG_GETCOND,
739e3700dgww	AC_ARG_GETCWD,
749e3700dgww	AC_ARG_GETESTATE,
75f899407Jan Friedel	AC_ARG_GETFLAGS,
769e3700dgww	AC_ARG_GETKAUDIT,
779e3700dgww	AC_ARG_GETKMASK,
78f899407Jan Friedel	AC_ARG_GETNAFLAGS,
799e3700dgww	AC_ARG_GETPINFO,
80f899407Jan Friedel	AC_ARG_GETPLUGIN,
819e3700dgww	AC_ARG_GETPOLICY,
829e3700dgww	AC_ARG_GETQBUFSZ,
839e3700dgww	AC_ARG_GETQCTRL,
849e3700dgww	AC_ARG_GETQDELAY,
859e3700dgww	AC_ARG_GETQHIWATER,
869e3700dgww	AC_ARG_GETQLOWATER,
879e3700dgww	AC_ARG_GETSTAT,
889e3700dgww	AC_ARG_GETTERMID,
899e3700dgww	AC_ARG_LSEVENT,
909e3700dgww	AC_ARG_LSPOLICY,
919e3700dgww	AC_ARG_SETASID,
929e3700dgww	AC_ARG_SETAUDIT,
939e3700dgww	AC_ARG_SETAUID,
949e3700dgww	AC_ARG_SETCLASS,
95f899407Jan Friedel	AC_ARG_SETFLAGS,
969e3700dgww	AC_ARG_SETKAUDIT,
979e3700dgww	AC_ARG_SETKMASK,
98f899407Jan Friedel	AC_ARG_SETNAFLAGS,
99f899407Jan Friedel	AC_ARG_SETPLUGIN,
1009e3700dgww	AC_ARG_SETPMASK,
1019e3700dgww	AC_ARG_SETPOLICY,
1029e3700dgww	AC_ARG_SETQBUFSZ,
1039e3700dgww	AC_ARG_SETQCTRL,
1049e3700dgww	AC_ARG_SETQDELAY,
1059e3700dgww	AC_ARG_SETQHIWATER,
1069e3700dgww	AC_ARG_SETQLOWATER,
1078523fdaJan Friedel	AC_ARG_SETSMASK,
1088523fdaJan Friedel	AC_ARG_SETSTAT,
1098523fdaJan Friedel	AC_ARG_SETUMASK,
1108523fdaJan Friedel	AC_ARG_SET_TEMPORARY
1119e3700dgww};
1127c478bdstevel@tonic-gate
113de4cec4Toomas Soome#define	AC_KERN_EVENT		0
114de4cec4Toomas Soome#define	AC_USER_EVENT		1
1157c478bdstevel@tonic-gate
1167c478bdstevel@tonic-gate#define	NONE(s) (!strlen(s) ? gettext("none") : s)
1177c478bdstevel@tonic-gate
1187c478bdstevel@tonic-gate#define	ONEK 1024
1197c478bdstevel@tonic-gate
1207c478bdstevel@tonic-gate/*
1217c478bdstevel@tonic-gate * remove this after the audit.h is fixed
1227c478bdstevel@tonic-gate */
1237c478bdstevel@tonic-gatestruct arg_entry {
1249e3700dgww	char		*arg_str;
1259e3700dgww	char		*arg_opts;
1269e3700dgww	enum commands	auditconfig_cmd;
1278523fdaJan Friedel	boolean_t	temporary_allowed;	/* -t allowed for the option */
1287c478bdstevel@tonic-gate};
1298523fdaJan Friedeltypedef struct arg_entry arg_entry_t;
1308523fdaJan Friedel
1318523fdaJan Friedel/* arg_table - command option and usage message table */
1328523fdaJan Friedelstatic arg_entry_t arg_table[] = {
1338523fdaJan Friedel	{ "-aconf",	"",			AC_ARG_ACONF,	B_FALSE},
1348523fdaJan Friedel	{ "-audit",	" event sorf retval string", AC_ARG_AUDIT, B_FALSE},
1358523fdaJan Friedel	{ "-chkaconf",	"",			AC_ARG_CHKACONF, B_FALSE},
1368523fdaJan Friedel	{ "-chkconf",	"",			AC_ARG_CHKCONF,	B_FALSE},
1378523fdaJan Friedel	{ "-conf",	"",			AC_ARG_CONF,	B_FALSE},
1388523fdaJan Friedel	{ "-getasid",	"",			AC_ARG_GETASID,	B_FALSE},
1398523fdaJan Friedel	{ "-getaudit",	"",			AC_ARG_GETAUDIT, B_FALSE},
1408523fdaJan Friedel	{ "-getauid",	"",			AC_ARG_GETAUID, B_FALSE},
1418523fdaJan Friedel	{ "-getcar",	"",			AC_ARG_GETCAR,	B_FALSE},
1428523fdaJan Friedel	{ "-getclass",	" event",		AC_ARG_GETCLASS, B_FALSE},
1438523fdaJan Friedel	{ "-getcond",	"",			AC_ARG_GETCOND,	B_FALSE},
1448523fdaJan Friedel	{ "-getcwd",	"",			AC_ARG_GETCWD,	B_FALSE},
1458523fdaJan Friedel	{ "-getestate",	" event",		AC_ARG_GETESTATE, B_FALSE},
146f899407Jan Friedel	{ "-getflags",	"",			AC_ARG_GETFLAGS, B_FALSE},
1478523fdaJan Friedel	{ "-getkaudit",	"",			AC_ARG_GETKAUDIT, B_FALSE},
1488523fdaJan Friedel	{ "-getkmask",	"",			AC_ARG_GETKMASK, B_FALSE},
149f899407Jan Friedel	{ "-getnaflags", "",			AC_ARG_GETNAFLAGS, B_FALSE},
1508523fdaJan Friedel	{ "-getpinfo",	" pid",			AC_ARG_GETPINFO, B_FALSE},
151f899407Jan Friedel	{ "-getplugin",	" [plugin]",		AC_ARG_GETPLUGIN, B_FALSE},
1528523fdaJan Friedel	{ "-getpolicy",	"",			AC_ARG_GETPOLICY, B_TRUE},
1538523fdaJan Friedel	{ "-getqbufsz",	"",			AC_ARG_GETQBUFSZ, B_TRUE},
1548523fdaJan Friedel	{ "-getqctrl",	"",			AC_ARG_GETQCTRL, B_TRUE},
1558523fdaJan Friedel	{ "-getqdelay",	"",			AC_ARG_GETQDELAY, B_TRUE},
1568523fdaJan Friedel	{ "-getqhiwater", "",			AC_ARG_GETQHIWATER, B_TRUE},
1578523fdaJan Friedel	{ "-getqlowater", "",			AC_ARG_GETQLOWATER, B_TRUE},
1588523fdaJan Friedel	{ "-getstat",	"",			AC_ARG_GETSTAT,	B_FALSE},
1598523fdaJan Friedel	{ "-gettid",	"",			AC_ARG_GETTERMID, B_FALSE},
1608523fdaJan Friedel	{ "-lsevent",	"",			AC_ARG_LSEVENT,	B_FALSE},
1618523fdaJan Friedel	{ "-lspolicy",	"",			AC_ARG_LSPOLICY, B_FALSE},
1628523fdaJan Friedel	{ "-setasid",	" asid [cmd]",		AC_ARG_SETASID,	B_FALSE},
1638523fdaJan Friedel	{ "-setaudit",	" auid audit_flags termid asid [cmd]",
1648523fdaJan Friedel						AC_ARG_SETAUDIT, B_FALSE},
1658523fdaJan Friedel	{ "-setauid",	" auid [cmd]",		AC_ARG_SETAUID,	B_FALSE},
1668523fdaJan Friedel	{ "-setclass",	" event audit_flags",	AC_ARG_SETCLASS, B_FALSE},
167f899407Jan Friedel	{ "-setflags",	" audit_flags",		AC_ARG_SETFLAGS, B_FALSE},
1688523fdaJan Friedel	{ "-setkaudit",	" type IP_address",	AC_ARG_SETKAUDIT, B_FALSE},
1698523fdaJan Friedel	{ "-setkmask",	" audit_flags",		AC_ARG_SETKMASK, B_FALSE},
170f899407Jan Friedel	{ "-setnaflags", " audit_naflags",	AC_ARG_SETNAFLAGS, B_FALSE},
171f899407Jan Friedel	{ "-setplugin",	" name active|inactive [attributes [qsize]]",
172f899407Jan Friedel						AC_ARG_SETPLUGIN, B_FALSE},
1738523fdaJan Friedel	{ "-setpmask",	" pid audit_flags",	AC_ARG_SETPMASK, B_FALSE},
1748523fdaJan Friedel	{ "-setpolicy",	" [+|-]policy_flags",	AC_ARG_SETPOLICY, B_TRUE},
1758523fdaJan Friedel	{ "-setqbufsz",	" bufsz",		AC_ARG_SETQBUFSZ, B_TRUE},
1768523fdaJan Friedel	{ "-setqctrl",	" hiwater lowater bufsz delay",
1778523fdaJan Friedel						AC_ARG_SETQCTRL, B_TRUE},
1788523fdaJan Friedel	{ "-setqdelay",	" delay",		AC_ARG_SETQDELAY, B_TRUE},
1798523fdaJan Friedel	{ "-setqhiwater", " hiwater",		AC_ARG_SETQHIWATER, B_TRUE},
1808523fdaJan Friedel	{ "-setqlowater", " lowater",		AC_ARG_SETQLOWATER, B_TRUE},
1818523fdaJan Friedel	{ "-setsmask",	" asid audit_flags",	AC_ARG_SETSMASK, B_FALSE},
1828523fdaJan Friedel	{ "-setstat",	"",			AC_ARG_SETSTAT, B_FALSE},
1838523fdaJan Friedel	{ "-setumask",	" user audit_flags",	AC_ARG_SETUMASK, B_FALSE},
1848523fdaJan Friedel	{ "-t",		"",			AC_ARG_SET_TEMPORARY, B_FALSE},
1857c478bdstevel@tonic-gate};
1867c478bdstevel@tonic-gate
1878523fdaJan Friedel#define	ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t))
1887c478bdstevel@tonic-gate
1898523fdaJan Friedelchar	*progname = "auditconfig";
1907c478bdstevel@tonic-gate
1918523fdaJan Friedel/*
1928523fdaJan Friedel * temporary_set true to get/set only kernel settings,
1938523fdaJan Friedel *		 false to get/set kernel settings and service properties
1948523fdaJan Friedel */
1958523fdaJan Friedelstatic boolean_t temporary_set = B_FALSE;
1969e3700dgww
1979e3700dgwwstatic au_event_ent_t *egetauevnam(char *event_name);
1989e3700dgwwstatic au_event_ent_t *egetauevnum(au_event_t event_number);
1999e3700dgwwstatic int arg_ent_compare(const void *aep1, const void *aep2);
2009e3700dgwwstatic char *cond2str(void);
2018523fdaJan Friedelstatic int policy2str(uint32_t policy, char *policy_str, size_t len);
2029e3700dgwwstatic int str2type(char *s, uint_t *type);
2038523fdaJan Friedelstatic int str2policy(char *policy_str, uint32_t *policy_mask);
2049e3700dgwwstatic int str2ipaddr(char *s, uint32_t *addr, uint32_t type);
2059e3700dgwwstatic int strisipaddr(char *s);
2069e3700dgwwstatic int strisnum(char *s);
2078523fdaJan Friedelstatic arg_entry_t *get_arg_ent(char *arg_str);
2089e3700dgwwstatic uid_t get_user_id(char *user);
209f899407Jan Friedelstatic void chk_arg_len(char *argv, uint_t len);
2109e3700dgwwstatic void chk_event_num(int etype, au_event_t event);
2119e3700dgwwstatic void chk_event_str(int etype, char *event_str);
212f899407Jan Friedelstatic void chk_known_plugin(char *plugin_str);
2139e3700dgwwstatic void chk_retval(char *retval_str);
2149e3700dgwwstatic void chk_sorf(char *sorf_str);
2159e3700dgwwstatic void do_aconf(void);
216f899407Jan Friedelstatic void do_args(char **argv, au_mask_t *mask);
2179e3700dgwwstatic void do_audit(char *, char, int, char *);
2189e3700dgwwstatic void do_chkaconf(void);
2199e3700dgwwstatic void do_chkconf(void);
2209e3700dgwwstatic void do_conf(void);
2219e3700dgwwstatic void do_getasid(void);
2229e3700dgwwstatic void do_getaudit(void);
2239e3700dgwwstatic void do_getkaudit(void);
2249e3700dgwwstatic void do_setkaudit(char *t, char *s);
2259e3700dgwwstatic void do_getauid(void);
2269e3700dgwwstatic void do_getcar(void);
2279e3700dgwwstatic void do_getclass(char *event_str);
2289e3700dgwwstatic void do_getcond(void);
2299e3700dgwwstatic void do_getcwd(void);
230f899407Jan Friedelstatic void do_getflags(void);
2319e3700dgwwstatic void do_getkmask(void);
232f899407Jan Friedelstatic void do_getnaflags(void);
2339e3700dgwwstatic void do_getpinfo(char *pid_str);
234f899407Jan Friedelstatic void do_getplugin(char *plugin_str);
2359e3700dgwwstatic void do_getpolicy(void);
2369e3700dgwwstatic void do_getqbufsz(void);
2379e3700dgwwstatic void do_getqctrl(void);
2389e3700dgwwstatic void do_getqdelay(void);
2399e3700dgwwstatic void do_getqhiwater(void);
2409e3700dgwwstatic void do_getqlowater(void);
2419e3700dgwwstatic void do_getstat(void);
2429e3700dgwwstatic void do_gettermid(void);
2439e3700dgwwstatic void do_lsevent(void);
2449e3700dgwwstatic void do_lspolicy(void);
2459e3700dgwwstatic void do_setasid(char *sid_str, char **argv);
2469e3700dgwwstatic void do_setaudit(char *user_str, char *mask_str, char *tid_str,
2479e3700dgww    char *sid_str, char **argv);
2489e3700dgwwstatic void do_setauid(char *user, char **argv);
249f899407Jan Friedelstatic void do_setclass(char *event_str, au_mask_t *mask);
250f899407Jan Friedelstatic void do_setflags(char *audit_flags, au_mask_t *amask);
251f899407Jan Friedelstatic void do_setkmask(au_mask_t *pmask);
252f899407Jan Friedelstatic void do_setnaflags(char *audit_naflags, au_mask_t *namask);
253f899407Jan Friedelstatic void do_setpmask(char *pid_str, au_mask_t *mask);
254f899407Jan Friedelstatic void do_setsmask(char *asid_str, au_mask_t *mask);
255f899407Jan Friedelstatic void do_setumask(char *auid_str, au_mask_t *mask);
256f899407Jan Friedelstatic void do_setplugin(char *plugin_str, boolean_t plugin_state,
257f899407Jan Friedel    char *plugin_attr, int plugin_qsize);
2589e3700dgwwstatic void do_setpolicy(char *policy_str);
2599e3700dgwwstatic void do_setqbufsz(char *bufsz);
2609e3700dgwwstatic void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay);
2619e3700dgwwstatic void do_setqdelay(char *delay);
2629e3700dgwwstatic void do_setqhiwater(char *hiwater);
2639e3700dgwwstatic void do_setqlowater(char *lowater);
2649e3700dgwwstatic void do_setstat(void);
2659e3700dgwwstatic void str2tid(char *tid_str, au_tid_addr_t *tp);
2669e3700dgww
2679e3700dgwwstatic void eauditon(int cmd, caddr_t data, int length);
268f899407Jan Friedelstatic void echkflags(char *auditflags, au_mask_t *mask);
2699e3700dgwwstatic void egetaudit(auditinfo_addr_t *ai, int size);
2709e3700dgwwstatic void egetauditflagsbin(char *auditflags, au_mask_t *pmask);
2719e3700dgwwstatic void egetauid(au_id_t *auid);
272f899407Jan Friedelstatic void egetkaudit(auditinfo_addr_t *ai, int size);
2739e3700dgwwstatic void esetaudit(auditinfo_addr_t *ai, int size);
2749e3700dgwwstatic void esetauid(au_id_t *auid);
275f899407Jan Friedelstatic void esetkaudit(auditinfo_addr_t *ai, int size);
2769e3700dgwwstatic void execit(char **argv);
2779e3700dgwwstatic void exit_error(char *fmt, ...);
2789e3700dgwwstatic void exit_usage(int status);
279f899407Jan Friedelstatic void parse_args(int argc, char **argv, au_mask_t *mask);
2809e3700dgwwstatic void print_asid(au_asid_t asid);
2819e3700dgwwstatic void print_auid(au_id_t auid);
2829e3700dgwwstatic void print_mask(char *desc, au_mask_t *pmp);
283f899407Jan Friedelstatic void print_plugin(char *plugin_name, kva_t *plugin_kva);
2849e3700dgwwstatic void print_tid_ex(au_tid_addr_t *tidp);
2857c478bdstevel@tonic-gate
2868523fdaJan Friedel#if !defined(TEXT_DOMAIN)
2878523fdaJan Friedel#define	TEXT_DOMAIN	"SUNW_OST_OSCMD"
2888523fdaJan Friedel#endif
2898523fdaJan Friedel
2907c478bdstevel@tonic-gateint
2919e3700dgwwmain(int argc, char **argv)
2927c478bdstevel@tonic-gate{
293f899407Jan Friedel	au_mask_t mask;			/* for options manipulating flags */
294f899407Jan Friedel
2957c478bdstevel@tonic-gate	(void) setlocale(LC_ALL, "");
2967c478bdstevel@tonic-gate	(void) textdomain(TEXT_DOMAIN);
2977c478bdstevel@tonic-gate
2987c478bdstevel@tonic-gate	if (argc == 1) {
2997c478bdstevel@tonic-gate		exit_usage(0);
3007c478bdstevel@tonic-gate	}
3017c478bdstevel@tonic-gate
3027c478bdstevel@tonic-gate	if (argc == 2 &&
3038523fdaJan Friedel	    (argv[1][0] == '?' ||
3048523fdaJan Friedel	    strcmp(argv[1], "-h") == 0 ||
3058523fdaJan Friedel	    strcmp(argv[1], "-?") == 0)) {
3067c478bdstevel@tonic-gate		exit_usage(0);
3078523fdaJan Friedel	}
3087c478bdstevel@tonic-gate
309f899407Jan Friedel	parse_args(argc, argv, &mask);
310f899407Jan Friedel	do_args(argv, &mask);
3117c478bdstevel@tonic-gate
3127c478bdstevel@tonic-gate	return (0);
3137c478bdstevel@tonic-gate}
3147c478bdstevel@tonic-gate
3157c478bdstevel@tonic-gate/*
3167c478bdstevel@tonic-gate * parse_args()
3177c478bdstevel@tonic-gate *     Desc: Checks command line argument syntax.
3187c478bdstevel@tonic-gate *     Inputs: Command line argv;
3197c478bdstevel@tonic-gate *     Returns: If a syntax error is detected, a usage message is printed
3207c478bdstevel@tonic-gate *              and exit() is called. If a syntax error is not detected,
3217c478bdstevel@tonic-gate *              parse_args() returns without a value.
3227c478bdstevel@tonic-gate */
3237c478bdstevel@tonic-gatestatic void
324f899407Jan Friedelparse_args(int argc, char **argv, au_mask_t *mask)
3257c478bdstevel@tonic-gate{
3268523fdaJan Friedel	arg_entry_t *ae;
3277c478bdstevel@tonic-gate
3287c478bdstevel@tonic-gate	uint_t type;
3297c478bdstevel@tonic-gate	uint_t addr[4];
3307c478bdstevel@tonic-gate
3317c478bdstevel@tonic-gate	for (++argv; *argv; argv++) {
3329e3700dgww		if ((ae = get_arg_ent(*argv)) == NULL) {
3337c478bdstevel@tonic-gate			exit_usage(1);
3347c478bdstevel@tonic-gate		}
3357c478bdstevel@tonic-gate
3367c478bdstevel@tonic-gate		switch (ae->auditconfig_cmd) {
3377c478bdstevel@tonic-gate
3387c478bdstevel@tonic-gate		case AC_ARG_AUDIT:
3397c478bdstevel@tonic-gate			++argv;
3407c478bdstevel@tonic-gate			if (!*argv)
3417c478bdstevel@tonic-gate				exit_usage(1);
3427c478bdstevel@tonic-gate			if (strisnum(*argv)) {
3437c478bdstevel@tonic-gate				chk_event_num(AC_USER_EVENT,
3448523fdaJan Friedel				    (au_event_t)atol(*argv));
3459e3700dgww			} else {
3467c478bdstevel@tonic-gate				chk_event_str(AC_USER_EVENT, *argv);
3479e3700dgww			}
3487c478bdstevel@tonic-gate			++argv;
3497c478bdstevel@tonic-gate			if (!*argv)
3507c478bdstevel@tonic-gate				exit_usage(1);
3517c478bdstevel@tonic-gate			chk_sorf(*argv);
3527c478bdstevel@tonic-gate			++argv;
3537c478bdstevel@tonic-gate			if (!*argv)
3547c478bdstevel@tonic-gate				exit_usage(1);
3557c478bdstevel@tonic-gate			chk_retval(*argv);
3567c478bdstevel@tonic-gate			++argv;
3577c478bdstevel@tonic-gate			if (!*argv)
3587c478bdstevel@tonic-gate				exit_usage(1);
3597c478bdstevel@tonic-gate			break;
3607c478bdstevel@tonic-gate
3617c478bdstevel@tonic-gate		case AC_ARG_CHKCONF:
3627c478bdstevel@tonic-gate		case AC_ARG_CONF:
3637c478bdstevel@tonic-gate		case AC_ARG_ACONF:
3647c478bdstevel@tonic-gate		case AC_ARG_CHKACONF:
3657c478bdstevel@tonic-gate		case AC_ARG_GETASID:
3667c478bdstevel@tonic-gate		case AC_ARG_GETAUID:
3677c478bdstevel@tonic-gate		case AC_ARG_GETAUDIT:
3687c478bdstevel@tonic-gate		case AC_ARG_GETKAUDIT:
3697c478bdstevel@tonic-gate			break;
3707c478bdstevel@tonic-gate
3717c478bdstevel@tonic-gate		case AC_ARG_GETCLASS:
3727c478bdstevel@tonic-gate		case AC_ARG_GETESTATE:
3737c478bdstevel@tonic-gate			++argv;
3747c478bdstevel@tonic-gate			if (!*argv)
3757c478bdstevel@tonic-gate				exit_usage(1);
3769e3700dgww			if (strisnum(*argv)) {
3777c478bdstevel@tonic-gate				chk_event_num(AC_KERN_EVENT,
3789e3700dgww				    (au_event_t)atol(*argv));
3799e3700dgww			} else {
3807c478bdstevel@tonic-gate				chk_event_str(AC_KERN_EVENT, *argv);
3819e3700dgww			}
3827c478bdstevel@tonic-gate			break;
3837c478bdstevel@tonic-gate
3847c478bdstevel@tonic-gate		case AC_ARG_GETCAR:
3857c478bdstevel@tonic-gate		case AC_ARG_GETCOND:
3867c478bdstevel@tonic-gate		case AC_ARG_GETCWD:
387f899407Jan Friedel		case AC_ARG_GETFLAGS:
3887c478bdstevel@tonic-gate		case AC_ARG_GETKMASK:
389f899407Jan Friedel		case AC_ARG_GETNAFLAGS:
390f899407Jan Friedel			break;
391f899407Jan Friedel
392f899407Jan Friedel		case AC_ARG_GETPLUGIN:
393f899407Jan Friedel			if (*++argv == NULL) {
394f899407Jan Friedel				--argv;
395f899407Jan Friedel				break;
396f899407Jan Friedel			}
397f899407Jan Friedel			if (get_arg_ent(*argv) != NULL) {
398f899407Jan Friedel				--argv;
399f899407Jan Friedel			} else {
400f899407Jan Friedel				chk_arg_len(*argv, PLUGIN_MAXBUF);
401f899407Jan Friedel				chk_known_plugin(*argv);
402f899407Jan Friedel			}
403f899407Jan Friedel			break;
404f899407Jan Friedel
4057c478bdstevel@tonic-gate		case AC_ARG_GETPOLICY:
4067c478bdstevel@tonic-gate		case AC_ARG_GETQBUFSZ:
4077c478bdstevel@tonic-gate		case AC_ARG_GETQCTRL:
4087c478bdstevel@tonic-gate		case AC_ARG_GETQDELAY:
4097c478bdstevel@tonic-gate		case AC_ARG_GETQHIWATER:
4107c478bdstevel@tonic-gate		case AC_ARG_GETQLOWATER:
4117c478bdstevel@tonic-gate		case AC_ARG_GETSTAT:
4127c478bdstevel@tonic-gate		case AC_ARG_GETTERMID:
4137c478bdstevel@tonic-gate		case AC_ARG_LSEVENT:
4147c478bdstevel@tonic-gate		case AC_ARG_LSPOLICY:
4157c478bdstevel@tonic-gate			break;
4167c478bdstevel@tonic-gate
4177c478bdstevel@tonic-gate		case AC_ARG_SETASID:
4187c478bdstevel@tonic-gate		case AC_ARG_SETAUID:
4197c478bdstevel@tonic-gate		case AC_ARG_SETAUDIT:
4207c478bdstevel@tonic-gate			++argv;
4217c478bdstevel@tonic-gate			if (!*argv)
4227c478bdstevel@tonic-gate				exit_usage(1);
4237c478bdstevel@tonic-gate
4247c478bdstevel@tonic-gate			while (*argv)
4257c478bdstevel@tonic-gate				++argv;
4267c478bdstevel@tonic-gate			--argv;
4277c478bdstevel@tonic-gate
4287c478bdstevel@tonic-gate			break;
4297c478bdstevel@tonic-gate
4307c478bdstevel@tonic-gate		case AC_ARG_SETKAUDIT:
4317c478bdstevel@tonic-gate			++argv;
4327c478bdstevel@tonic-gate			if (!*argv)
4337c478bdstevel@tonic-gate				exit_usage(1);
4347c478bdstevel@tonic-gate			if (str2type (*argv, &type))
4357c478bdstevel@tonic-gate				exit_error(gettext(
4368523fdaJan Friedel				    "Invalid IP address type specified."));
4377c478bdstevel@tonic-gate			++argv;
4387c478bdstevel@tonic-gate			if (!*argv)
4397c478bdstevel@tonic-gate				exit_usage(1);
4407c478bdstevel@tonic-gate
4417c478bdstevel@tonic-gate			if (str2ipaddr(*argv, addr, type))
4428523fdaJan Friedel				exit_error(
4438523fdaJan Friedel				    gettext("Invalid IP address specified."));
4447c478bdstevel@tonic-gate			break;
4457c478bdstevel@tonic-gate
4467c478bdstevel@tonic-gate		case AC_ARG_SETCLASS:
4477c478bdstevel@tonic-gate			++argv;
4487c478bdstevel@tonic-gate			if (!*argv)
4497c478bdstevel@tonic-gate				exit_usage(1);
4507c478bdstevel@tonic-gate			if (strisnum(*argv))
4517c478bdstevel@tonic-gate				chk_event_num(AC_KERN_EVENT,
4528523fdaJan Friedel				    (au_event_t)atol(*argv));
4537c478bdstevel@tonic-gate			else
4547c478bdstevel@tonic-gate				chk_event_str(AC_KERN_EVENT, *argv);
4557c478bdstevel@tonic-gate			++argv;
4567c478bdstevel@tonic-gate			if (!*argv)
4577c478bdstevel@tonic-gate				exit_usage(1);
458f899407Jan Friedel			echkflags(*argv, mask);
459f899407Jan Friedel			break;
460f899407Jan Friedel
461f899407Jan Friedel		case AC_ARG_SETFLAGS:
462f899407Jan Friedel			++argv;
463f899407Jan Friedel			if (!*argv)
464f899407Jan Friedel				exit_usage(1);
465f899407Jan Friedel			chk_arg_len(*argv, PRESELECTION_MAXBUF);
466f899407Jan Friedel			echkflags(*argv, mask);
4677c478bdstevel@tonic-gate			break;
4687c478bdstevel@tonic-gate
4697c478bdstevel@tonic-gate		case AC_ARG_SETKMASK:
4707c478bdstevel@tonic-gate			++argv;
4717c478bdstevel@tonic-gate			if (!*argv)
4727c478bdstevel@tonic-gate				exit_usage(1);
473f899407Jan Friedel			echkflags(*argv, mask);
474f899407Jan Friedel			break;
475f899407Jan Friedel
476f899407Jan Friedel		case AC_ARG_SETNAFLAGS:
477f899407Jan Friedel			++argv;
478f899407Jan Friedel			if (!*argv)
479f899407Jan Friedel				exit_usage(1);
480f899407Jan Friedel			chk_arg_len(*argv, PRESELECTION_MAXBUF);
481f899407Jan Friedel			echkflags(*argv, mask);
482f899407Jan Friedel			break;
483f899407Jan Friedel
484f899407Jan Friedel		case AC_ARG_SETPLUGIN:
485f899407Jan Friedel			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
486f899407Jan Friedel				exit_usage(1);
487f899407Jan Friedel			}
488f899407Jan Friedel			chk_known_plugin(*argv);
489f899407Jan Friedel			chk_arg_len(*argv, PLUGIN_MAXBUF);
490f899407Jan Friedel			if (*++argv == NULL || strcmp(*argv, "active") != 0 &&
491f899407Jan Friedel			    strcmp(*argv, "inactive") != 0) {
492f899407Jan Friedel				exit_usage(1);
493f899407Jan Friedel			}
494f899407Jan Friedel			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
495f899407Jan Friedel				--argv;
496f899407Jan Friedel				break;
497f899407Jan Friedel			}
498f899407Jan Friedel			chk_arg_len(*argv, PLUGIN_MAXATT);
499f899407Jan Friedel			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
500f899407Jan Friedel				--argv;
501f899407Jan Friedel				break;
502f899407Jan Friedel			}
503f899407Jan Friedel			if (atoi(*argv) < 0) {
504f899407Jan Friedel				exit_error(gettext("Incorrect qsize specified "
505f899407Jan Friedel				    "(%s)."), *argv);
506f899407Jan Friedel			}
5077c478bdstevel@tonic-gate			break;
5087c478bdstevel@tonic-gate
5097c478bdstevel@tonic-gate		case AC_ARG_SETPOLICY:
5107c478bdstevel@tonic-gate			++argv;
5117c478bdstevel@tonic-gate			if (!*argv)
5127c478bdstevel@tonic-gate				exit_usage(1);
5137c478bdstevel@tonic-gate			break;
5147c478bdstevel@tonic-gate
5157c478bdstevel@tonic-gate		case AC_ARG_SETSTAT:
5167c478bdstevel@tonic-gate			break;
5177c478bdstevel@tonic-gate
5187c478bdstevel@tonic-gate		case AC_ARG_GETPINFO:
5197c478bdstevel@tonic-gate			++argv;
5207c478bdstevel@tonic-gate			if (!*argv)
5217c478bdstevel@tonic-gate				exit_usage(1);
5227c478bdstevel@tonic-gate			break;
5237c478bdstevel@tonic-gate
5247c478bdstevel@tonic-gate		case AC_ARG_SETPMASK:
5257c478bdstevel@tonic-gate			++argv;
5267c478bdstevel@tonic-gate			if (!*argv)
5277c478bdstevel@tonic-gate				exit_usage(1);
5287c478bdstevel@tonic-gate			++argv;
5297c478bdstevel@tonic-gate			if (!*argv)
5307c478bdstevel@tonic-gate				exit_usage(1);
531f899407Jan Friedel			echkflags(*argv, mask);
5327c478bdstevel@tonic-gate			break;
5337c478bdstevel@tonic-gate
5347c478bdstevel@tonic-gate		case AC_ARG_SETQBUFSZ:
5357c478bdstevel@tonic-gate			++argv;
5367c478bdstevel@tonic-gate			if (!*argv)
5377c478bdstevel@tonic-gate				exit_usage(1);
5387c478bdstevel@tonic-gate			if (!strisnum(*argv))
5397c478bdstevel@tonic-gate				exit_error(gettext("Invalid bufsz specified."));
5407c478bdstevel@tonic-gate			break;
5417c478bdstevel@tonic-gate
5427c478bdstevel@tonic-gate		case AC_ARG_SETQCTRL:
5437c478bdstevel@tonic-gate			++argv;
5447c478bdstevel@tonic-gate			if (!*argv)
5457c478bdstevel@tonic-gate				exit_usage(1);
5467c478bdstevel@tonic-gate			if (!strisnum(*argv))
5478523fdaJan Friedel				exit_error(
5488523fdaJan Friedel				    gettext("Invalid hiwater specified."));
5497c478bdstevel@tonic-gate			++argv;
5507c478bdstevel@tonic-gate			if (!*argv)
5517c478bdstevel@tonic-gate				exit_usage(1);
5527c478bdstevel@tonic-gate			if (!strisnum(*argv))
5538523fdaJan Friedel				exit_error(
5548523fdaJan Friedel				    gettext("Invalid lowater specified."));
5557c478bdstevel@tonic-gate			++argv;
5567c478bdstevel@tonic-gate			if (!*argv)
5577c478bdstevel@tonic-gate				exit_usage(1);
5587c478bdstevel@tonic-gate			if (!strisnum(*argv))
5597c478bdstevel@tonic-gate				exit_error(gettext("Invalid bufsz specified."));
5607c478bdstevel@tonic-gate			++argv;
5617c478bdstevel@tonic-gate			if (!*argv)
5627c478bdstevel@tonic-gate				exit_usage(1);
5637c478bdstevel@tonic-gate			if (!strisnum(*argv))
5647c478bdstevel@tonic-gate				exit_error(gettext("Invalid delay specified."));
5657c478bdstevel@tonic-gate			break;
5667c478bdstevel@tonic-gate
5677c478bdstevel@tonic-gate		case AC_ARG_SETQDELAY:
5687c478bdstevel@tonic-gate			++argv;
5697c478bdstevel@tonic-gate			if (!*argv)
5707c478bdstevel@tonic-gate				exit_usage(1);
5717c478bdstevel@tonic-gate			if (!strisnum(*argv))
5727c478bdstevel@tonic-gate				exit_error(gettext("Invalid delay specified."));
5737c478bdstevel@tonic-gate			break;
5747c478bdstevel@tonic-gate
5757c478bdstevel@tonic-gate		case AC_ARG_SETQHIWATER:
5767c478bdstevel@tonic-gate			++argv;
5777c478bdstevel@tonic-gate			if (!*argv)
5787c478bdstevel@tonic-gate				exit_usage(1);
5799e3700dgww			if (!strisnum(*argv)) {
5808523fdaJan Friedel				exit_error(
5818523fdaJan Friedel				    gettext("Invalid hiwater specified."));
5829e3700dgww			}
5837c478bdstevel@tonic-gate			break;
5847c478bdstevel@tonic-gate
5857c478bdstevel@tonic-gate		case AC_ARG_SETQLOWATER:
5867c478bdstevel@tonic-gate			++argv;
5877c478bdstevel@tonic-gate			if (!*argv)
5887c478bdstevel@tonic-gate				exit_usage(1);
5899e3700dgww			if (!strisnum(*argv)) {
5908523fdaJan Friedel				exit_error(
5918523fdaJan Friedel				    gettext("Invalid lowater specified."));
5929e3700dgww			}
5937c478bdstevel@tonic-gate			break;
5947c478bdstevel@tonic-gate
5957c478bdstevel@tonic-gate		case AC_ARG_SETSMASK:
5967c478bdstevel@tonic-gate		case AC_ARG_SETUMASK:
5977c478bdstevel@tonic-gate			++argv;
5987c478bdstevel@tonic-gate			if (!*argv)
5997c478bdstevel@tonic-gate				exit_usage(1);
6007c478bdstevel@tonic-gate			++argv;
6017c478bdstevel@tonic-gate			if (!*argv)
6027c478bdstevel@tonic-gate				exit_usage(1);
603f899407Jan Friedel			echkflags(*argv, mask);
6047c478bdstevel@tonic-gate			break;
6057c478bdstevel@tonic-gate
6068523fdaJan Friedel		case AC_ARG_SET_TEMPORARY:
6078523fdaJan Friedel			/* Do not accept single -t option. */
6088523fdaJan Friedel			if (argc == 2) {
6098523fdaJan Friedel				exit_error(
6108523fdaJan Friedel				    gettext("Only the -t option specified "
6118523fdaJan Friedel				    "(it is not a standalone option)."));
6128523fdaJan Friedel			}
6138523fdaJan Friedel			temporary_set = B_TRUE;
6148523fdaJan Friedel			break;
6158523fdaJan Friedel
6167c478bdstevel@tonic-gate		default:
6177c478bdstevel@tonic-gate			exit_error(gettext("Internal error #1."));
6187c478bdstevel@tonic-gate			break;
6197c478bdstevel@tonic-gate		}
6207c478bdstevel@tonic-gate	}
6217c478bdstevel@tonic-gate}
6227c478bdstevel@tonic-gate
6237c478bdstevel@tonic-gate
6247c478bdstevel@tonic-gate/*
6258523fdaJan Friedel * do_args() - do command line arguments in the order in which they appear.
6268523fdaJan Friedel * Function return values returned by the underlying functions; the semantics
6278523fdaJan Friedel * they should follow is to return B_TRUE on successful execution, B_FALSE
6288523fdaJan Friedel * otherwise.
6297c478bdstevel@tonic-gate */
6307c478bdstevel@tonic-gatestatic void
631f899407Jan Friedeldo_args(char **argv, au_mask_t *mask)
6327c478bdstevel@tonic-gate{
6338523fdaJan Friedel	arg_entry_t	*ae;
6347c478bdstevel@tonic-gate
6357c478bdstevel@tonic-gate	for (++argv; *argv; argv++) {
6367c478bdstevel@tonic-gate		ae = get_arg_ent(*argv);
6377c478bdstevel@tonic-gate
6387c478bdstevel@tonic-gate		switch (ae->auditconfig_cmd) {
6397c478bdstevel@tonic-gate
6407c478bdstevel@tonic-gate		case AC_ARG_AUDIT:
6417c478bdstevel@tonic-gate			{
6427c478bdstevel@tonic-gate				char sorf;
6437c478bdstevel@tonic-gate				int  retval;
6447c478bdstevel@tonic-gate				char *event_name;
6457c478bdstevel@tonic-gate				char *audit_str;
6467c478bdstevel@tonic-gate
6477c478bdstevel@tonic-gate				++argv;
6487c478bdstevel@tonic-gate				event_name = *argv;
6497c478bdstevel@tonic-gate				++argv;
6507c478bdstevel@tonic-gate				sorf = (char)atoi(*argv);
6517c478bdstevel@tonic-gate				++argv;
6527c478bdstevel@tonic-gate				retval = atoi(*argv);
6537c478bdstevel@tonic-gate				++argv;
6547c478bdstevel@tonic-gate				audit_str = *argv;
6557c478bdstevel@tonic-gate				do_audit(event_name, sorf, retval, audit_str);
6567c478bdstevel@tonic-gate			}
6577c478bdstevel@tonic-gate			break;
6587c478bdstevel@tonic-gate
6597c478bdstevel@tonic-gate		case AC_ARG_CHKCONF:
6607c478bdstevel@tonic-gate			do_chkconf();
6617c478bdstevel@tonic-gate			break;
6627c478bdstevel@tonic-gate
6637c478bdstevel@tonic-gate		case AC_ARG_CONF:
6647c478bdstevel@tonic-gate			do_conf();
6657c478bdstevel@tonic-gate			break;
6667c478bdstevel@tonic-gate
6677c478bdstevel@tonic-gate		case AC_ARG_CHKACONF:
6687c478bdstevel@tonic-gate			do_chkaconf();
6697c478bdstevel@tonic-gate			break;
6707c478bdstevel@tonic-gate
6717c478bdstevel@tonic-gate		case AC_ARG_ACONF:
6727c478bdstevel@tonic-gate			do_aconf();
6737c478bdstevel@tonic-gate			break;
6747c478bdstevel@tonic-gate
6757c478bdstevel@tonic-gate		case AC_ARG_GETASID:
6767c478bdstevel@tonic-gate			do_getasid();
6777c478bdstevel@tonic-gate			break;
6787c478bdstevel@tonic-gate
6797c478bdstevel@tonic-gate		case AC_ARG_GETAUID:
6807c478bdstevel@tonic-gate			do_getauid();
6817c478bdstevel@tonic-gate			break;
6827c478bdstevel@tonic-gate
6837c478bdstevel@tonic-gate		case AC_ARG_GETAUDIT:
6847c478bdstevel@tonic-gate			do_getaudit();
6857c478bdstevel@tonic-gate			break;
6867c478bdstevel@tonic-gate
6877c478bdstevel@tonic-gate		case AC_ARG_GETKAUDIT:
6887c478bdstevel@tonic-gate			do_getkaudit();
6897c478bdstevel@tonic-gate			break;
6907c478bdstevel@tonic-gate
6917c478bdstevel@tonic-gate		case AC_ARG_GETCLASS:
6927c478bdstevel@tonic-gate		case AC_ARG_GETESTATE:
6937c478bdstevel@tonic-gate			++argv;
6947c478bdstevel@tonic-gate			do_getclass(*argv);
6957c478bdstevel@tonic-gate			break;
6967c478bdstevel@tonic-gate
6977c478bdstevel@tonic-gate		case AC_ARG_GETCAR:
6987c478bdstevel@tonic-gate			do_getcar();
6997c478bdstevel@tonic-gate			break;
7007c478bdstevel@tonic-gate
7017c478bdstevel@tonic-gate		case AC_ARG_GETCOND:
7027c478bdstevel@tonic-gate			do_getcond();
7037c478bdstevel@tonic-gate			break;
7047c478bdstevel@tonic-gate
7057c478bdstevel@tonic-gate		case AC_ARG_GETCWD:
7067c478bdstevel@tonic-gate			do_getcwd();
7077c478bdstevel@tonic-gate			break;
7087c478bdstevel@tonic-gate
709f899407Jan Friedel		case AC_ARG_GETFLAGS:
710f899407Jan Friedel			do_getflags();
711f899407Jan Friedel			break;
712f899407Jan Friedel
7137c478bdstevel@tonic-gate		case AC_ARG_GETKMASK:
7147c478bdstevel@tonic-gate			do_getkmask();
7157c478bdstevel@tonic-gate			break;
7167c478bdstevel@tonic-gate
717f899407Jan Friedel		case AC_ARG_GETNAFLAGS:
718f899407Jan Friedel			do_getnaflags();
719f899407Jan Friedel			break;
720f899407Jan Friedel
721f899407Jan Friedel		case AC_ARG_GETPLUGIN:
722f899407Jan Friedel			{
723f899407Jan Friedel				char	*plugin_str = NULL;
724f899407Jan Friedel
725f899407Jan Friedel				++argv;
726f899407Jan Friedel				if (*argv != NULL) {
727f899407Jan Friedel					if (get_arg_ent(*argv) != NULL) {
728f899407Jan Friedel						--argv;
729f899407Jan Friedel					} else {
730f899407Jan Friedel						plugin_str = *argv;
731f899407Jan Friedel					}
732f899407Jan Friedel				} else {
733f899407Jan Friedel					--argv;
734f899407Jan Friedel				}
735f899407Jan Friedel
736f899407Jan Friedel				do_getplugin(plugin_str);
737f899407Jan Friedel			}
738f899407Jan Friedel			break;
739f899407Jan Friedel
7407c478bdstevel@tonic-gate		case AC_ARG_GETPOLICY:
7417c478bdstevel@tonic-gate			do_getpolicy();
7427c478bdstevel@tonic-gate			break;
7437c478bdstevel@tonic-gate
7447c478bdstevel@tonic-gate		case AC_ARG_GETQBUFSZ:
7457c478bdstevel@tonic-gate			do_getqbufsz();
7467c478bdstevel@tonic-gate			break;
7477c478bdstevel@tonic-gate
7487c478bdstevel@tonic-gate		case AC_ARG_GETQCTRL:
7497c478bdstevel@tonic-gate			do_getqctrl();
7507c478bdstevel@tonic-gate			break;
7517c478bdstevel@tonic-gate
7527c478bdstevel@tonic-gate		case AC_ARG_GETQDELAY:
7537c478bdstevel@tonic-gate			do_getqdelay();
7547c478bdstevel@tonic-gate			break;
7557c478bdstevel@tonic-gate
7567c478bdstevel@tonic-gate		case AC_ARG_GETQHIWATER:
7577c478bdstevel@tonic-gate			do_getqhiwater();
7587c478bdstevel@tonic-gate			break;
7597c478bdstevel@tonic-gate
7607c478bdstevel@tonic-gate		case AC_ARG_GETQLOWATER:
7617c478bdstevel@tonic-gate			do_getqlowater();
7627c478bdstevel@tonic-gate			break;
7637c478bdstevel@tonic-gate
7647c478bdstevel@tonic-gate		case AC_ARG_GETSTAT:
7657c478bdstevel@tonic-gate			do_getstat();
7667c478bdstevel@tonic-gate			break;
7677c478bdstevel@tonic-gate
7687c478bdstevel@tonic-gate		case AC_ARG_GETTERMID:
7697c478bdstevel@tonic-gate			do_gettermid();
7707c478bdstevel@tonic-gate			break;
7717c478bdstevel@tonic-gate
7727c478bdstevel@tonic-gate		case AC_ARG_LSEVENT:
7737c478bdstevel@tonic-gate			do_lsevent();
7747c478bdstevel@tonic-gate			break;
7757c478bdstevel@tonic-gate
7767c478bdstevel@tonic-gate		case AC_ARG_LSPOLICY:
7777c478bdstevel@tonic-gate			do_lspolicy();
7787c478bdstevel@tonic-gate			break;
7797c478bdstevel@tonic-gate
7807c478bdstevel@tonic-gate		case AC_ARG_SETASID:
7817c478bdstevel@tonic-gate			{
7827c478bdstevel@tonic-gate				char *sid_str;
7837c478bdstevel@tonic-gate
7847c478bdstevel@tonic-gate				++argv;
7857c478bdstevel@tonic-gate				sid_str = *argv;
7867c478bdstevel@tonic-gate				++argv;
7877c478bdstevel@tonic-gate				do_setasid(sid_str, argv);
7887c478bdstevel@tonic-gate			}
7897c478bdstevel@tonic-gate			break;
7907c478bdstevel@tonic-gate
7917c478bdstevel@tonic-gate		case AC_ARG_SETAUID:
7927c478bdstevel@tonic-gate			{
7937c478bdstevel@tonic-gate				char *user;
7947c478bdstevel@tonic-gate
7957c478bdstevel@tonic-gate				++argv;
7967c478bdstevel@tonic-gate				user = *argv;
7977c478bdstevel@tonic-gate				++argv;
7987c478bdstevel@tonic-gate				do_setauid(user, argv);
7997c478bdstevel@tonic-gate			}
8007c478bdstevel@tonic-gate			break;
8017c478bdstevel@tonic-gate
8027c478bdstevel@tonic-gate		case AC_ARG_SETAUDIT:
8037c478bdstevel@tonic-gate			{
8047c478bdstevel@tonic-gate				char *user_str;
8057c478bdstevel@tonic-gate				char *mask_str;
8067c478bdstevel@tonic-gate				char *tid_str;
8077c478bdstevel@tonic-gate				char *sid_str;
8087c478bdstevel@tonic-gate
8097c478bdstevel@tonic-gate				++argv;
8107c478bdstevel@tonic-gate				user_str = *argv;
8117c478bdstevel@tonic-gate				++argv;
8127c478bdstevel@tonic-gate				mask_str = *argv;
8137c478bdstevel@tonic-gate				++argv;
8147c478bdstevel@tonic-gate				tid_str = *argv;
8157c478bdstevel@tonic-gate				++argv;
8167c478bdstevel@tonic-gate				sid_str = *argv;
8177c478bdstevel@tonic-gate				++argv;
8188523fdaJan Friedel				do_setaudit(user_str, mask_str, tid_str,
8198523fdaJan Friedel				    sid_str, argv);
8207c478bdstevel@tonic-gate			}
8217c478bdstevel@tonic-gate			break;
8227c478bdstevel@tonic-gate
8237c478bdstevel@tonic-gate		case AC_ARG_SETKAUDIT:
8247c478bdstevel@tonic-gate			{
8257c478bdstevel@tonic-gate				char *address_type, *address;
8267c478bdstevel@tonic-gate
8277c478bdstevel@tonic-gate				++argv; address_type = *argv;
8287c478bdstevel@tonic-gate				++argv; address = *argv;
8297c478bdstevel@tonic-gate				do_setkaudit(address_type, address);
8307c478bdstevel@tonic-gate			}
8317c478bdstevel@tonic-gate			break;
8327c478bdstevel@tonic-gate
8337c478bdstevel@tonic-gate		case AC_ARG_SETCLASS:
8347c478bdstevel@tonic-gate			{
835f899407Jan Friedel				char *event_str;
8367c478bdstevel@tonic-gate
837f899407Jan Friedel				++argv;
838f899407Jan Friedel				event_str = *argv;
839f899407Jan Friedel				do_setclass(event_str, mask);
840f899407Jan Friedel
841f899407Jan Friedel				++argv;
8427c478bdstevel@tonic-gate			}
8437c478bdstevel@tonic-gate			break;
8447c478bdstevel@tonic-gate
845f899407Jan Friedel		case AC_ARG_SETFLAGS:
846f899407Jan Friedel			++argv;
847f899407Jan Friedel			do_setflags(*argv, mask);
848f899407Jan Friedel			break;
849f899407Jan Friedel
8507c478bdstevel@tonic-gate		case AC_ARG_SETKMASK:
8517c478bdstevel@tonic-gate			++argv;
852f899407Jan Friedel			do_setkmask(mask);
853f899407Jan Friedel			break;
854f899407Jan Friedel
855f899407Jan Friedel		case AC_ARG_SETNAFLAGS:
856f899407Jan Friedel			++argv;
857f899407Jan Friedel			do_setnaflags(*argv, mask);
858f899407Jan Friedel			break;
859f899407Jan Friedel
860f899407Jan Friedel		case AC_ARG_SETPLUGIN:
861f899407Jan Friedel			{
862f899407Jan Friedel				char		*plugin_str = NULL;
863f899407Jan Friedel				boolean_t	plugin_state = B_FALSE;
864de4cec4Toomas Soome				char		*plugin_att = NULL;
865de4cec4Toomas Soome				int		plugin_qsize = -1;
866f899407Jan Friedel
867f899407Jan Friedel				plugin_str = *++argv;
868f899407Jan Friedel				if (strcmp(*++argv, "active") == 0) {
869f899407Jan Friedel					plugin_state = B_TRUE;
870f899407Jan Friedel				}
871f899407Jan Friedel				if (*++argv != NULL &&
872f899407Jan Friedel				    get_arg_ent(*argv) == NULL) {
873f899407Jan Friedel					plugin_att = *argv;
874f899407Jan Friedel					if (*++argv != NULL &&
875f899407Jan Friedel					    get_arg_ent(*argv) == NULL) {
876f899407Jan Friedel						plugin_qsize = atoi(*argv);
877f899407Jan Friedel					} else {
878f899407Jan Friedel						--argv;
879f899407Jan Friedel					}
880f899407Jan Friedel				} else {
881f899407Jan Friedel					--argv;
882f899407Jan Friedel				}
883f899407Jan Friedel
884f899407Jan Friedel				do_setplugin(plugin_str, plugin_state,
885f899407Jan Friedel				    plugin_att, plugin_qsize);
886f899407Jan Friedel			}
8877c478bdstevel@tonic-gate			break;
8887c478bdstevel@tonic-gate
8897c478bdstevel@tonic-gate		case AC_ARG_SETPOLICY:
8907c478bdstevel@tonic-gate			++argv;
8917c478bdstevel@tonic-gate			do_setpolicy(*argv);
8927c478bdstevel@tonic-gate			break;
8937c478bdstevel@tonic-gate
8947c478bdstevel@tonic-gate		case AC_ARG_GETPINFO:
8957c478bdstevel@tonic-gate			{
8967c478bdstevel@tonic-gate				char *pid_str;
8977c478bdstevel@tonic-gate
8987c478bdstevel@tonic-gate				++argv;
8997c478bdstevel@tonic-gate				pid_str = *argv;
9007c478bdstevel@tonic-gate				do_getpinfo(pid_str);
9017c478bdstevel@tonic-gate			}
9027c478bdstevel@tonic-gate			break;
9037c478bdstevel@tonic-gate
9047c478bdstevel@tonic-gate		case AC_ARG_SETPMASK:
9057c478bdstevel@tonic-gate			{
9067c478bdstevel@tonic-gate				char *pid_str;
9077c478bdstevel@tonic-gate
9087c478bdstevel@tonic-gate				++argv;
9097c478bdstevel@tonic-gate				pid_str = *argv;
910f899407Jan Friedel				do_setpmask(pid_str, mask);
911f899407Jan Friedel
9127c478bdstevel@tonic-gate				++argv;
9137c478bdstevel@tonic-gate			}
9147c478bdstevel@tonic-gate			break;
9157c478bdstevel@tonic-gate
9167c478bdstevel@tonic-gate		case AC_ARG_SETSTAT:
9177c478bdstevel@tonic-gate			do_setstat();
9187c478bdstevel@tonic-gate			break;
9197c478bdstevel@tonic-gate
9207c478bdstevel@tonic-gate		case AC_ARG_SETQBUFSZ:
9217c478bdstevel@tonic-gate			++argv;
9227c478bdstevel@tonic-gate			do_setqbufsz(*argv);
9237c478bdstevel@tonic-gate			break;
9247c478bdstevel@tonic-gate
9257c478bdstevel@tonic-gate		case AC_ARG_SETQCTRL:
9267c478bdstevel@tonic-gate			{
9277c478bdstevel@tonic-gate				char *hiwater, *lowater, *bufsz, *delay;
9287c478bdstevel@tonic-gate
9297c478bdstevel@tonic-gate				++argv; hiwater = *argv;
9307c478bdstevel@tonic-gate				++argv; lowater = *argv;
9317c478bdstevel@tonic-gate				++argv; bufsz = *argv;
9327c478bdstevel@tonic-gate				++argv; delay = *argv;
9337c478bdstevel@tonic-gate				do_setqctrl(hiwater, lowater, bufsz, delay);
9347c478bdstevel@tonic-gate			}
9357c478bdstevel@tonic-gate			break;
9367c478bdstevel@tonic-gate		case AC_ARG_SETQDELAY:
9377c478bdstevel@tonic-gate			++argv;
9387c478bdstevel@tonic-gate			do_setqdelay(*argv);
9397c478bdstevel@tonic-gate			break;
9407c478bdstevel@tonic-gate
9417c478bdstevel@tonic-gate		case AC_ARG_SETQHIWATER:
9427c478bdstevel@tonic-gate			++argv;
9437c478bdstevel@tonic-gate			do_setqhiwater(*argv);
9447c478bdstevel@tonic-gate			break;
9457c478bdstevel@tonic-gate
9467c478bdstevel@tonic-gate		case AC_ARG_SETQLOWATER:
9477c478bdstevel@tonic-gate			++argv;
9487c478bdstevel@tonic-gate			do_setqlowater(*argv);
9497c478bdstevel@tonic-gate			break;
9507c478bdstevel@tonic-gate
9517c478bdstevel@tonic-gate		case AC_ARG_SETSMASK:
9527c478bdstevel@tonic-gate			{
9537c478bdstevel@tonic-gate				char *asid_str;
9547c478bdstevel@tonic-gate
9557c478bdstevel@tonic-gate				++argv;
9567c478bdstevel@tonic-gate				asid_str = *argv;
957f899407Jan Friedel				do_setsmask(asid_str, mask);
958f899407Jan Friedel
9597c478bdstevel@tonic-gate				++argv;
9607c478bdstevel@tonic-gate			}
9617c478bdstevel@tonic-gate			break;
9627c478bdstevel@tonic-gate		case AC_ARG_SETUMASK:
9637c478bdstevel@tonic-gate			{
9647c478bdstevel@tonic-gate				char *auid_str;
9657c478bdstevel@tonic-gate
9667c478bdstevel@tonic-gate				++argv;
9677c478bdstevel@tonic-gate				auid_str = *argv;
968f899407Jan Friedel				do_setumask(auid_str, mask);
969f899407Jan Friedel
9707c478bdstevel@tonic-gate				++argv;
9717c478bdstevel@tonic-gate			}
9727c478bdstevel@tonic-gate			break;
9738523fdaJan Friedel		case AC_ARG_SET_TEMPORARY:
9748523fdaJan Friedel			break;
9757c478bdstevel@tonic-gate
9767c478bdstevel@tonic-gate		default:
9777c478bdstevel@tonic-gate			exit_error(gettext("Internal error #2."));
9787c478bdstevel@tonic-gate			break;
9797c478bdstevel@tonic-gate		}
9807c478bdstevel@tonic-gate	}
9817c478bdstevel@tonic-gate}
9827c478bdstevel@tonic-gate
9837c478bdstevel@tonic-gate/*
9848523fdaJan Friedel * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE
9858523fdaJan Friedel * is set.
9867c478bdstevel@tonic-gate */
9877c478bdstevel@tonic-gatestatic void
9889e3700dgwwdo_chkconf(void)
9897c478bdstevel@tonic-gate{
9907c478bdstevel@tonic-gate	register au_event_ent_t *evp;
9917c478bdstevel@tonic-gate	au_mask_t pmask;
9927c478bdstevel@tonic-gate	char conf_aflags[256];
9937c478bdstevel@tonic-gate	char run_aflags[256];
9947c478bdstevel@tonic-gate	au_stat_t as;
9957c478bdstevel@tonic-gate	int class;
9967c478bdstevel@tonic-gate	int			len;
9977c478bdstevel@tonic-gate	struct au_evclass_map	cmap;
9987c478bdstevel@tonic-gate
9997c478bdstevel@tonic-gate	pmask.am_success = pmask.am_failure = 0;
10007c478bdstevel@tonic-gate	eauditon(A_GETSTAT, (caddr_t)&as, 0);
10017c478bdstevel@tonic-gate
10027c478bdstevel@tonic-gate	setauevent();
10039e3700dgww	if (getauevent() == NULL) {
10048523fdaJan Friedel		exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."),
10058523fdaJan Friedel		    AUDITEVENTFILE);
10067c478bdstevel@tonic-gate	}
10077c478bdstevel@tonic-gate
10087c478bdstevel@tonic-gate	setauevent();
10099e3700dgww	while ((evp = getauevent()) != NULL) {
10107c478bdstevel@tonic-gate		cmap.ec_number = evp->ae_number;
10117c478bdstevel@tonic-gate		len = sizeof (struct au_evclass_map);
10129e3700dgww		if (evp->ae_number <= as.as_numevent) {
10137c478bdstevel@tonic-gate			if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) {
1014d0fa49bTony Nguyen				(void) printf("%s(%hu):%s",
10159e3700dgww				    evp->ae_name, evp->ae_number,
10169e3700dgww				    gettext("UNKNOWN EVENT: Could not get "
10179e3700dgww				    "class for event. Configuration may "
10189e3700dgww				    "be bad.\n"));
10197c478bdstevel@tonic-gate			} else {
10207c478bdstevel@tonic-gate				class = cmap.ec_class;
10217c478bdstevel@tonic-gate				if (class != evp->ae_class) {
10227c478bdstevel@tonic-gate					conf_aflags[0] = run_aflags[0] = '\0';
10237c478bdstevel@tonic-gate					pmask.am_success = class;
10247c478bdstevel@tonic-gate					pmask.am_failure = class;
10257c478bdstevel@tonic-gate					(void) getauditflagschar(run_aflags,
10268523fdaJan Friedel					    &pmask, 0);
10277c478bdstevel@tonic-gate					pmask.am_success = evp->ae_class;
10287c478bdstevel@tonic-gate					pmask.am_failure = evp->ae_class;
10297c478bdstevel@tonic-gate					(void) getauditflagschar(conf_aflags,
10308523fdaJan Friedel					    &pmask, 0);
10317c478bdstevel@tonic-gate
10327c478bdstevel@tonic-gate					(void) printf(gettext(
1033d0fa49bTony Nguyen					    "%s(%hu): CLASS MISMATCH: "
10349e3700dgww					    "runtime class (%s) != "
10359e3700dgww					    "configured class (%s)\n"),
10369e3700dgww					    evp->ae_name, evp->ae_number,
10379e3700dgww					    NONE(run_aflags),
10389e3700dgww					    NONE(conf_aflags));
10397c478bdstevel@tonic-gate				}
10407c478bdstevel@tonic-gate			}
10419e3700dgww		}
10427c478bdstevel@tonic-gate	}
10437c478bdstevel@tonic-gate	endauevent();
10447c478bdstevel@tonic-gate}
10457c478bdstevel@tonic-gate
10467c478bdstevel@tonic-gate/*
10478523fdaJan Friedel * do_conf() - configure the kernel events. The value returned to the user is
10488523fdaJan Friedel * for the global zone unless AUDIT_PERZONE is set.
10497c478bdstevel@tonic-gate */
10507c478bdstevel@tonic-gatestatic void
10519e3700dgwwdo_conf(void)
10527c478bdstevel@tonic-gate{
10537c478bdstevel@tonic-gate	register au_event_ent_t *evp;
10547c478bdstevel@tonic-gate	register int i;
10557c478bdstevel@tonic-gate	au_evclass_map_t ec;
10567c478bdstevel@tonic-gate	au_stat_t as;
10577c478bdstevel@tonic-gate
10587c478bdstevel@tonic-gate	eauditon(A_GETSTAT, (caddr_t)&as, 0);
10597c478bdstevel@tonic-gate
10607c478bdstevel@tonic-gate	i = 0;
10617c478bdstevel@tonic-gate	setauevent();
10629e3700dgww	while ((evp = getauevent()) != NULL) {
10637c478bdstevel@tonic-gate		if (evp->ae_number <= as.as_numevent) {
10647c478bdstevel@tonic-gate			++i;
10657c478bdstevel@tonic-gate			ec.ec_number = evp->ae_number;
10667c478bdstevel@tonic-gate			ec.ec_class = evp->ae_class;
1067f899407Jan Friedel			eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec));
10687c478bdstevel@tonic-gate		}
10697c478bdstevel@tonic-gate	}
10707c478bdstevel@tonic-gate	endauevent();
10717c478bdstevel@tonic-gate	(void) printf(gettext("Configured %d kernel events.\n"), i);
10727c478bdstevel@tonic-gate
10737c478bdstevel@tonic-gate}
10747c478bdstevel@tonic-gate
10757c478bdstevel@tonic-gate/*
10768523fdaJan Friedel * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit
10778523fdaJan Friedel * event does not match the configured class mask. The value returned to the
10788523fdaJan Friedel * user is for the global zone unless AUDIT_PERZONE is set.
10797c478bdstevel@tonic-gate */
10807c478bdstevel@tonic-gatestatic void
10819e3700dgwwdo_chkaconf(void)
10827c478bdstevel@tonic-gate{
1083f899407Jan Friedel	char		*namask_cfg;
1084de4cec4Toomas Soome	au_mask_t	pmask, kmask;
10857c478bdstevel@tonic-gate
1086f899407Jan Friedel	if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1087f899407Jan Friedel		exit_error(gettext("Could not get configured value."));
10887c478bdstevel@tonic-gate	}
1089f899407Jan Friedel	egetauditflagsbin(namask_cfg, &pmask);
10907c478bdstevel@tonic-gate
1091f899407Jan Friedel	eauditon(A_GETKMASK, (caddr_t)&kmask, sizeof (kmask));
10927c478bdstevel@tonic-gate
10937c478bdstevel@tonic-gate	if ((pmask.am_success != kmask.am_success) ||
10947c478bdstevel@tonic-gate	    (pmask.am_failure != kmask.am_failure)) {
10957c478bdstevel@tonic-gate		char kbuf[2048];
10967c478bdstevel@tonic-gate		if (getauditflagschar(kbuf, &kmask, 0) < 0) {
1097f899407Jan Friedel			free(namask_cfg);
10987c478bdstevel@tonic-gate			(void) fprintf(stderr,
10997c478bdstevel@tonic-gate			    gettext("bad kernel non-attributable mask\n"));
11007c478bdstevel@tonic-gate			exit(1);
11017c478bdstevel@tonic-gate		}
1102f899407Jan Friedel		(void) printf(
1103f899407Jan Friedel		    gettext("non-attributable event flags mismatch:\n"));
1104f899407Jan Friedel		(void) printf(gettext("active non-attributable audit flags "
1105f899407Jan Friedel		    "= %s\n"), kbuf);
1106f899407Jan Friedel		(void) printf(gettext("configured non-attributable audit flags "
1107f899407Jan Friedel		    "= %s\n"), namask_cfg);
11087c478bdstevel@tonic-gate	}
1109f899407Jan Friedel	free(namask_cfg);
11107c478bdstevel@tonic-gate}
11117c478bdstevel@tonic-gate
11127c478bdstevel@tonic-gate/*
11138523fdaJan Friedel * do_aconf - configures the non-attributable events. The value returned to the
11148523fdaJan Friedel * user is for the global zone unless AUDIT_PERZONE is set.
11157c478bdstevel@tonic-gate */
11167c478bdstevel@tonic-gatestatic void
11179e3700dgwwdo_aconf(void)
11187c478bdstevel@tonic-gate{
1119de4cec4Toomas Soome	au_mask_t	namask;
1120f899407Jan Friedel	char		*namask_cfg;
11217c478bdstevel@tonic-gate
1122f899407Jan Friedel	if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1123f899407Jan Friedel		exit_error(gettext("Could not get configured value."));
11247c478bdstevel@tonic-gate	}
1125f899407Jan Friedel	egetauditflagsbin(namask_cfg, &namask);
1126f899407Jan Friedel	free(namask_cfg);
11277c478bdstevel@tonic-gate
1128f899407Jan Friedel	eauditon(A_SETKMASK, (caddr_t)&namask, sizeof (namask));
1129f899407Jan Friedel	(void) printf(gettext("Configured non-attributable event mask.\n"));
11307c478bdstevel@tonic-gate}
11317c478bdstevel@tonic-gate
11328523fdaJan Friedel/*
11338523fdaJan Friedel * do_audit() - construct an audit record for audit event event using the
11348523fdaJan Friedel * process's audit characteristics containing a text token string audit_str. The
11358523fdaJan Friedel * return token is constructed from the success/failure flag sort. Returned
11368523fdaJan Friedel * value retval is an errno value.
11378523fdaJan Friedel */
11387c478bdstevel@tonic-gatestatic void
11399e3700dgwwdo_audit(char *event, char sorf, int retval, char *audit_str)
11407c478bdstevel@tonic-gate{
11417c478bdstevel@tonic-gate	int rtn;
11427c478bdstevel@tonic-gate	int rd;
11437c478bdstevel@tonic-gate	au_event_t event_num;
11447c478bdstevel@tonic-gate	au_event_ent_t *evp;
11457c478bdstevel@tonic-gate	auditinfo_addr_t ai;
11467c478bdstevel@tonic-gate	token_t *tokp;
11477c478bdstevel@tonic-gate
11487c478bdstevel@tonic-gate	egetaudit(&ai, sizeof (ai));
11497c478bdstevel@tonic-gate
11507c478bdstevel@tonic-gate	if (strisnum(event)) {
11517c478bdstevel@tonic-gate		event_num = (au_event_t)atoi(event);
11527c478bdstevel@tonic-gate		evp = egetauevnum(event_num);
11539e3700dgww	} else {
11547c478bdstevel@tonic-gate		evp = egetauevnam(event);
11559e3700dgww	}
11567c478bdstevel@tonic-gate
11577c478bdstevel@tonic-gate	rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf,
11589e3700dgww	    AU_PRS_USECACHE);
11597c478bdstevel@tonic-gate
11609e3700dgww	if (rtn == -1) {
1161d0fa49bTony Nguyen		exit_error("%s\n%s %hu\n",
11629e3700dgww		    gettext("Check audit event configuration."),
11639e3700dgww		    gettext("Could not get audit class for event number"),
11649e3700dgww		    evp->ae_number);
11659e3700dgww	}
11667c478bdstevel@tonic-gate
11677c478bdstevel@tonic-gate	/* record is preselected */
11687c478bdstevel@tonic-gate	if (rtn == 1) {
11699e3700dgww		if ((rd = au_open()) == -1) {
11708523fdaJan Friedel			exit_error(gettext(
11718523fdaJan Friedel			    "Could not get and audit record descriptor\n"));
11729e3700dgww		}
11739e3700dgww		if ((tokp = au_to_me()) == NULL) {
11748523fdaJan Friedel			exit_error(
11758523fdaJan Friedel			    gettext("Could not allocate subject token\n"));
11769e3700dgww		}
11779e3700dgww		if (au_write(rd, tokp) == -1) {
11788523fdaJan Friedel			exit_error(gettext("Could not construct subject token "
11798523fdaJan Friedel			    "of audit record\n"));
11809e3700dgww		}
11819e3700dgww		if (is_system_labeled()) {
11829e3700dgww			if ((tokp = au_to_mylabel()) == NULL) {
11838523fdaJan Friedel				exit_error(gettext(
11848523fdaJan Friedel				    "Could not allocate label token\n"));
11859e3700dgww			}
11869e3700dgww			if (au_write(rd, tokp) == -1) {
11878523fdaJan Friedel				exit_error(gettext("Could not "
11888523fdaJan Friedel				    "construct label token of audit record\n"));
11899e3700dgww			}
119045916cdjpk		}
119145916cdjpk
11929e3700dgww		if ((tokp = au_to_text(audit_str)) == NULL)
11937c478bdstevel@tonic-gate			exit_error(gettext("Could not allocate text token\n"));
11947c478bdstevel@tonic-gate		if (au_write(rd, tokp) == -1)
11959e3700dgww			exit_error(gettext("Could not construct text token of "
11969e3700dgww			    "audit record\n"));
11977c478bdstevel@tonic-gate#ifdef _LP64
11989e3700dgww		if ((tokp = au_to_return64(sorf, retval)) == NULL)
11997c478bdstevel@tonic-gate#else
12009e3700dgww		if ((tokp = au_to_return32(sorf, retval)) == NULL)
12017c478bdstevel@tonic-gate#endif
12028523fdaJan Friedel			exit_error(
12038523fdaJan Friedel			    gettext("Could not allocate return token\n"));
12049e3700dgww		if (au_write(rd, tokp) == -1) {
12059e3700dgww			exit_error(gettext("Could not construct return token "
12069e3700dgww			    "of audit record\n"));
12079e3700dgww		}
12089e3700dgww		if (au_close(rd, 1, evp->ae_number) == -1) {
12098523fdaJan Friedel			exit_error(
12108523fdaJan Friedel			    gettext("Could not write audit record: %s\n"),
12118523fdaJan Friedel			    strerror(errno));
12129e3700dgww		}
12137c478bdstevel@tonic-gate	}
12147c478bdstevel@tonic-gate}
12157c478bdstevel@tonic-gate
12168523fdaJan Friedel/*
12178523fdaJan Friedel * do_getauid() - print the audit id of the current process.
12188523fdaJan Friedel */
12197c478bdstevel@tonic-gatestatic void
12209e3700dgwwdo_getauid(void)
12217c478bdstevel@tonic-gate{
12227c478bdstevel@tonic-gate	au_id_t auid;
12237c478bdstevel@tonic-gate
12247c478bdstevel@tonic-gate	egetauid(&auid);
12257c478bdstevel@tonic-gate	print_auid(auid);
12267c478bdstevel@tonic-gate}
12277c478bdstevel@tonic-gate
12288523fdaJan Friedel/*
12298523fdaJan Friedel * do_getaudit() - print the audit characteristics of the current process.
12308523fdaJan Friedel */
12317c478bdstevel@tonic-gatestatic void
1232