17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22f8994074SJan Friedel * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 237c478bd9Sstevel@tonic-gate */ 247c478bd9Sstevel@tonic-gate 25*bc54f855SJohn Levon /* 26*bc54f855SJohn Levon * Copyright (c) 2019, Joyent, Inc. 27*bc54f855SJohn Levon */ 28*bc54f855SJohn Levon 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * auditconfig - set and display audit parameters 317c478bd9Sstevel@tonic-gate */ 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #include <locale.h> 347c478bd9Sstevel@tonic-gate #include <sys/types.h> 357c478bd9Sstevel@tonic-gate #include <ctype.h> 367c478bd9Sstevel@tonic-gate #include <stdlib.h> 377c478bd9Sstevel@tonic-gate #include <stdarg.h> 387c478bd9Sstevel@tonic-gate #include <unistd.h> 397c478bd9Sstevel@tonic-gate #include <errno.h> 407c478bd9Sstevel@tonic-gate #include <sys/param.h> 417c478bd9Sstevel@tonic-gate #include <stdio.h> 427c478bd9Sstevel@tonic-gate #include <string.h> 437c478bd9Sstevel@tonic-gate #include <strings.h> 447c478bd9Sstevel@tonic-gate #include <nlist.h> 457c478bd9Sstevel@tonic-gate #include <fcntl.h> 467c478bd9Sstevel@tonic-gate #include <sys/socket.h> 477c478bd9Sstevel@tonic-gate #include <netdb.h> 487c478bd9Sstevel@tonic-gate #include <netinet/in.h> 497c478bd9Sstevel@tonic-gate #include <arpa/inet.h> 507c478bd9Sstevel@tonic-gate #include <sys/mkdev.h> 517c478bd9Sstevel@tonic-gate #include <sys/param.h> 527c478bd9Sstevel@tonic-gate #include <pwd.h> 537c478bd9Sstevel@tonic-gate #include <libintl.h> 547c478bd9Sstevel@tonic-gate #include <zone.h> 558523fda3SJan Friedel #include <libscf_priv.h> 569e3700dfSgww #include <tsol/label.h> 577c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h> 58f8994074SJan Friedel #include <audit_policy.h> 59f8994074SJan Friedel #include <audit_scf.h> 607c478bd9Sstevel@tonic-gate 619e3700dfSgww enum commands { 629e3700dfSgww AC_ARG_ACONF, 638523fda3SJan Friedel AC_ARG_AUDIT, 649e3700dfSgww AC_ARG_CHKACONF, 658523fda3SJan Friedel AC_ARG_CHKCONF, 669e3700dfSgww AC_ARG_CONF, 679e3700dfSgww AC_ARG_GETASID, 689e3700dfSgww AC_ARG_GETAUDIT, 699e3700dfSgww AC_ARG_GETAUID, 709e3700dfSgww AC_ARG_GETCAR, 719e3700dfSgww AC_ARG_GETCLASS, 729e3700dfSgww AC_ARG_GETCOND, 739e3700dfSgww AC_ARG_GETCWD, 749e3700dfSgww AC_ARG_GETESTATE, 75f8994074SJan Friedel AC_ARG_GETFLAGS, 769e3700dfSgww AC_ARG_GETKAUDIT, 779e3700dfSgww AC_ARG_GETKMASK, 78f8994074SJan Friedel AC_ARG_GETNAFLAGS, 799e3700dfSgww AC_ARG_GETPINFO, 80f8994074SJan Friedel AC_ARG_GETPLUGIN, 819e3700dfSgww AC_ARG_GETPOLICY, 829e3700dfSgww AC_ARG_GETQBUFSZ, 839e3700dfSgww AC_ARG_GETQCTRL, 849e3700dfSgww AC_ARG_GETQDELAY, 859e3700dfSgww AC_ARG_GETQHIWATER, 869e3700dfSgww AC_ARG_GETQLOWATER, 879e3700dfSgww AC_ARG_GETSTAT, 889e3700dfSgww AC_ARG_GETTERMID, 899e3700dfSgww AC_ARG_LSEVENT, 909e3700dfSgww AC_ARG_LSPOLICY, 919e3700dfSgww AC_ARG_SETASID, 929e3700dfSgww AC_ARG_SETAUDIT, 939e3700dfSgww AC_ARG_SETAUID, 949e3700dfSgww AC_ARG_SETCLASS, 95f8994074SJan Friedel AC_ARG_SETFLAGS, 969e3700dfSgww AC_ARG_SETKAUDIT, 979e3700dfSgww AC_ARG_SETKMASK, 98f8994074SJan Friedel AC_ARG_SETNAFLAGS, 99f8994074SJan Friedel AC_ARG_SETPLUGIN, 1009e3700dfSgww AC_ARG_SETPMASK, 1019e3700dfSgww AC_ARG_SETPOLICY, 1029e3700dfSgww AC_ARG_SETQBUFSZ, 1039e3700dfSgww AC_ARG_SETQCTRL, 1049e3700dfSgww AC_ARG_SETQDELAY, 1059e3700dfSgww AC_ARG_SETQHIWATER, 1069e3700dfSgww AC_ARG_SETQLOWATER, 1078523fda3SJan Friedel AC_ARG_SETSMASK, 1088523fda3SJan Friedel AC_ARG_SETSTAT, 1098523fda3SJan Friedel AC_ARG_SETUMASK, 1108523fda3SJan Friedel AC_ARG_SET_TEMPORARY 1119e3700dfSgww }; 1127c478bd9Sstevel@tonic-gate 113de4cec48SToomas Soome #define AC_KERN_EVENT 0 114de4cec48SToomas Soome #define AC_USER_EVENT 1 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate #define NONE(s) (!strlen(s) ? gettext("none") : s) 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate #define ONEK 1024 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* 1217c478bd9Sstevel@tonic-gate * remove this after the audit.h is fixed 1227c478bd9Sstevel@tonic-gate */ 1237c478bd9Sstevel@tonic-gate struct arg_entry { 1249e3700dfSgww char *arg_str; 1259e3700dfSgww char *arg_opts; 1269e3700dfSgww enum commands auditconfig_cmd; 1278523fda3SJan Friedel boolean_t temporary_allowed; /* -t allowed for the option */ 1287c478bd9Sstevel@tonic-gate }; 1298523fda3SJan Friedel typedef struct arg_entry arg_entry_t; 1308523fda3SJan Friedel 1318523fda3SJan Friedel /* arg_table - command option and usage message table */ 1328523fda3SJan Friedel static arg_entry_t arg_table[] = { 1338523fda3SJan Friedel { "-aconf", "", AC_ARG_ACONF, B_FALSE}, 1348523fda3SJan Friedel { "-audit", " event sorf retval string", AC_ARG_AUDIT, B_FALSE}, 1358523fda3SJan Friedel { "-chkaconf", "", AC_ARG_CHKACONF, B_FALSE}, 1368523fda3SJan Friedel { "-chkconf", "", AC_ARG_CHKCONF, B_FALSE}, 1378523fda3SJan Friedel { "-conf", "", AC_ARG_CONF, B_FALSE}, 1388523fda3SJan Friedel { "-getasid", "", AC_ARG_GETASID, B_FALSE}, 1398523fda3SJan Friedel { "-getaudit", "", AC_ARG_GETAUDIT, B_FALSE}, 1408523fda3SJan Friedel { "-getauid", "", AC_ARG_GETAUID, B_FALSE}, 1418523fda3SJan Friedel { "-getcar", "", AC_ARG_GETCAR, B_FALSE}, 1428523fda3SJan Friedel { "-getclass", " event", AC_ARG_GETCLASS, B_FALSE}, 1438523fda3SJan Friedel { "-getcond", "", AC_ARG_GETCOND, B_FALSE}, 1448523fda3SJan Friedel { "-getcwd", "", AC_ARG_GETCWD, B_FALSE}, 1458523fda3SJan Friedel { "-getestate", " event", AC_ARG_GETESTATE, B_FALSE}, 146f8994074SJan Friedel { "-getflags", "", AC_ARG_GETFLAGS, B_FALSE}, 1478523fda3SJan Friedel { "-getkaudit", "", AC_ARG_GETKAUDIT, B_FALSE}, 1488523fda3SJan Friedel { "-getkmask", "", AC_ARG_GETKMASK, B_FALSE}, 149f8994074SJan Friedel { "-getnaflags", "", AC_ARG_GETNAFLAGS, B_FALSE}, 1508523fda3SJan Friedel { "-getpinfo", " pid", AC_ARG_GETPINFO, B_FALSE}, 151f8994074SJan Friedel { "-getplugin", " [plugin]", AC_ARG_GETPLUGIN, B_FALSE}, 1528523fda3SJan Friedel { "-getpolicy", "", AC_ARG_GETPOLICY, B_TRUE}, 1538523fda3SJan Friedel { "-getqbufsz", "", AC_ARG_GETQBUFSZ, B_TRUE}, 1548523fda3SJan Friedel { "-getqctrl", "", AC_ARG_GETQCTRL, B_TRUE}, 1558523fda3SJan Friedel { "-getqdelay", "", AC_ARG_GETQDELAY, B_TRUE}, 1568523fda3SJan Friedel { "-getqhiwater", "", AC_ARG_GETQHIWATER, B_TRUE}, 1578523fda3SJan Friedel { "-getqlowater", "", AC_ARG_GETQLOWATER, B_TRUE}, 1588523fda3SJan Friedel { "-getstat", "", AC_ARG_GETSTAT, B_FALSE}, 1598523fda3SJan Friedel { "-gettid", "", AC_ARG_GETTERMID, B_FALSE}, 1608523fda3SJan Friedel { "-lsevent", "", AC_ARG_LSEVENT, B_FALSE}, 1618523fda3SJan Friedel { "-lspolicy", "", AC_ARG_LSPOLICY, B_FALSE}, 1628523fda3SJan Friedel { "-setasid", " asid [cmd]", AC_ARG_SETASID, B_FALSE}, 1638523fda3SJan Friedel { "-setaudit", " auid audit_flags termid asid [cmd]", 1648523fda3SJan Friedel AC_ARG_SETAUDIT, B_FALSE}, 1658523fda3SJan Friedel { "-setauid", " auid [cmd]", AC_ARG_SETAUID, B_FALSE}, 1668523fda3SJan Friedel { "-setclass", " event audit_flags", AC_ARG_SETCLASS, B_FALSE}, 167f8994074SJan Friedel { "-setflags", " audit_flags", AC_ARG_SETFLAGS, B_FALSE}, 1688523fda3SJan Friedel { "-setkaudit", " type IP_address", AC_ARG_SETKAUDIT, B_FALSE}, 1698523fda3SJan Friedel { "-setkmask", " audit_flags", AC_ARG_SETKMASK, B_FALSE}, 170f8994074SJan Friedel { "-setnaflags", " audit_naflags", AC_ARG_SETNAFLAGS, B_FALSE}, 171f8994074SJan Friedel { "-setplugin", " name active|inactive [attributes [qsize]]", 172f8994074SJan Friedel AC_ARG_SETPLUGIN, B_FALSE}, 1738523fda3SJan Friedel { "-setpmask", " pid audit_flags", AC_ARG_SETPMASK, B_FALSE}, 1748523fda3SJan Friedel { "-setpolicy", " [+|-]policy_flags", AC_ARG_SETPOLICY, B_TRUE}, 1758523fda3SJan Friedel { "-setqbufsz", " bufsz", AC_ARG_SETQBUFSZ, B_TRUE}, 1768523fda3SJan Friedel { "-setqctrl", " hiwater lowater bufsz delay", 1778523fda3SJan Friedel AC_ARG_SETQCTRL, B_TRUE}, 1788523fda3SJan Friedel { "-setqdelay", " delay", AC_ARG_SETQDELAY, B_TRUE}, 1798523fda3SJan Friedel { "-setqhiwater", " hiwater", AC_ARG_SETQHIWATER, B_TRUE}, 1808523fda3SJan Friedel { "-setqlowater", " lowater", AC_ARG_SETQLOWATER, B_TRUE}, 1818523fda3SJan Friedel { "-setsmask", " asid audit_flags", AC_ARG_SETSMASK, B_FALSE}, 1828523fda3SJan Friedel { "-setstat", "", AC_ARG_SETSTAT, B_FALSE}, 1838523fda3SJan Friedel { "-setumask", " user audit_flags", AC_ARG_SETUMASK, B_FALSE}, 1848523fda3SJan Friedel { "-t", "", AC_ARG_SET_TEMPORARY, B_FALSE}, 1857c478bd9Sstevel@tonic-gate }; 1867c478bd9Sstevel@tonic-gate 1878523fda3SJan Friedel #define ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t)) 1887c478bd9Sstevel@tonic-gate 1898523fda3SJan Friedel char *progname = "auditconfig"; 1907c478bd9Sstevel@tonic-gate 1918523fda3SJan Friedel /* 1928523fda3SJan Friedel * temporary_set true to get/set only kernel settings, 1938523fda3SJan Friedel * false to get/set kernel settings and service properties 1948523fda3SJan Friedel */ 1958523fda3SJan Friedel static boolean_t temporary_set = B_FALSE; 1969e3700dfSgww 1979e3700dfSgww static au_event_ent_t *egetauevnam(char *event_name); 1989e3700dfSgww static au_event_ent_t *egetauevnum(au_event_t event_number); 1999e3700dfSgww static int arg_ent_compare(const void *aep1, const void *aep2); 2009e3700dfSgww static char *cond2str(void); 2018523fda3SJan Friedel static int policy2str(uint32_t policy, char *policy_str, size_t len); 2029e3700dfSgww static int str2type(char *s, uint_t *type); 2038523fda3SJan Friedel static int str2policy(char *policy_str, uint32_t *policy_mask); 2049e3700dfSgww static int str2ipaddr(char *s, uint32_t *addr, uint32_t type); 2059e3700dfSgww static int strisipaddr(char *s); 2069e3700dfSgww static int strisnum(char *s); 2078523fda3SJan Friedel static arg_entry_t *get_arg_ent(char *arg_str); 2089e3700dfSgww static uid_t get_user_id(char *user); 209f8994074SJan Friedel static void chk_arg_len(char *argv, uint_t len); 2109e3700dfSgww static void chk_event_num(int etype, au_event_t event); 2119e3700dfSgww static void chk_event_str(int etype, char *event_str); 212f8994074SJan Friedel static void chk_known_plugin(char *plugin_str); 2139e3700dfSgww static void chk_retval(char *retval_str); 2149e3700dfSgww static void chk_sorf(char *sorf_str); 2159e3700dfSgww static void do_aconf(void); 216f8994074SJan Friedel static void do_args(char **argv, au_mask_t *mask); 2179e3700dfSgww static void do_audit(char *, char, int, char *); 2189e3700dfSgww static void do_chkaconf(void); 2199e3700dfSgww static void do_chkconf(void); 2209e3700dfSgww static void do_conf(void); 2219e3700dfSgww static void do_getasid(void); 2229e3700dfSgww static void do_getaudit(void); 2239e3700dfSgww static void do_getkaudit(void); 2249e3700dfSgww static void do_setkaudit(char *t, char *s); 2259e3700dfSgww static void do_getauid(void); 2269e3700dfSgww static void do_getcar(void); 2279e3700dfSgww static void do_getclass(char *event_str); 2289e3700dfSgww static void do_getcond(void); 2299e3700dfSgww static void do_getcwd(void); 230f8994074SJan Friedel static void do_getflags(void); 2319e3700dfSgww static void do_getkmask(void); 232f8994074SJan Friedel static void do_getnaflags(void); 2339e3700dfSgww static void do_getpinfo(char *pid_str); 234f8994074SJan Friedel static void do_getplugin(char *plugin_str); 2359e3700dfSgww static void do_getpolicy(void); 2369e3700dfSgww static void do_getqbufsz(void); 2379e3700dfSgww static void do_getqctrl(void); 2389e3700dfSgww static void do_getqdelay(void); 2399e3700dfSgww static void do_getqhiwater(void); 2409e3700dfSgww static void do_getqlowater(void); 2419e3700dfSgww static void do_getstat(void); 2429e3700dfSgww static void do_gettermid(void); 2439e3700dfSgww static void do_lsevent(void); 2449e3700dfSgww static void do_lspolicy(void); 2459e3700dfSgww static void do_setasid(char *sid_str, char **argv); 2469e3700dfSgww static void do_setaudit(char *user_str, char *mask_str, char *tid_str, 2479e3700dfSgww char *sid_str, char **argv); 2489e3700dfSgww static void do_setauid(char *user, char **argv); 249f8994074SJan Friedel static void do_setclass(char *event_str, au_mask_t *mask); 250f8994074SJan Friedel static void do_setflags(char *audit_flags, au_mask_t *amask); 251f8994074SJan Friedel static void do_setkmask(au_mask_t *pmask); 252f8994074SJan Friedel static void do_setnaflags(char *audit_naflags, au_mask_t *namask); 253f8994074SJan Friedel static void do_setpmask(char *pid_str, au_mask_t *mask); 254f8994074SJan Friedel static void do_setsmask(char *asid_str, au_mask_t *mask); 255f8994074SJan Friedel static void do_setumask(char *auid_str, au_mask_t *mask); 256f8994074SJan Friedel static void do_setplugin(char *plugin_str, boolean_t plugin_state, 257f8994074SJan Friedel char *plugin_attr, int plugin_qsize); 2589e3700dfSgww static void do_setpolicy(char *policy_str); 2599e3700dfSgww static void do_setqbufsz(char *bufsz); 2609e3700dfSgww static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay); 2619e3700dfSgww static void do_setqdelay(char *delay); 2629e3700dfSgww static void do_setqhiwater(char *hiwater); 2639e3700dfSgww static void do_setqlowater(char *lowater); 2649e3700dfSgww static void do_setstat(void); 2659e3700dfSgww static void str2tid(char *tid_str, au_tid_addr_t *tp); 2669e3700dfSgww 2679e3700dfSgww static void eauditon(int cmd, caddr_t data, int length); 268f8994074SJan Friedel static void echkflags(char *auditflags, au_mask_t *mask); 2699e3700dfSgww static void egetaudit(auditinfo_addr_t *ai, int size); 2709e3700dfSgww static void egetauditflagsbin(char *auditflags, au_mask_t *pmask); 2719e3700dfSgww static void egetauid(au_id_t *auid); 272f8994074SJan Friedel static void egetkaudit(auditinfo_addr_t *ai, int size); 2739e3700dfSgww static void esetaudit(auditinfo_addr_t *ai, int size); 2749e3700dfSgww static void esetauid(au_id_t *auid); 275f8994074SJan Friedel static void esetkaudit(auditinfo_addr_t *ai, int size); 2769e3700dfSgww static void execit(char **argv); 2779e3700dfSgww static void exit_error(char *fmt, ...); 2789e3700dfSgww static void exit_usage(int status); 279f8994074SJan Friedel static void parse_args(int argc, char **argv, au_mask_t *mask); 2809e3700dfSgww static void print_asid(au_asid_t asid); 2819e3700dfSgww static void print_auid(au_id_t auid); 2829e3700dfSgww static void print_mask(char *desc, au_mask_t *pmp); 283f8994074SJan Friedel static void print_plugin(char *plugin_name, kva_t *plugin_kva); 2849e3700dfSgww static void print_tid_ex(au_tid_addr_t *tidp); 2857c478bd9Sstevel@tonic-gate 2868523fda3SJan Friedel #if !defined(TEXT_DOMAIN) 2878523fda3SJan Friedel #define TEXT_DOMAIN "SUNW_OST_OSCMD" 2888523fda3SJan Friedel #endif 2898523fda3SJan Friedel 2907c478bd9Sstevel@tonic-gate int 2919e3700dfSgww main(int argc, char **argv) 2927c478bd9Sstevel@tonic-gate { 293f8994074SJan Friedel au_mask_t mask; /* for options manipulating flags */ 294f8994074SJan Friedel 2957c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 2967c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate if (argc == 1) { 2997c478bd9Sstevel@tonic-gate exit_usage(0); 3007c478bd9Sstevel@tonic-gate } 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate if (argc == 2 && 3038523fda3SJan Friedel (argv[1][0] == '?' || 3048523fda3SJan Friedel strcmp(argv[1], "-h") == 0 || 3058523fda3SJan Friedel strcmp(argv[1], "-?") == 0)) { 3067c478bd9Sstevel@tonic-gate exit_usage(0); 3078523fda3SJan Friedel } 3087c478bd9Sstevel@tonic-gate 309f8994074SJan Friedel parse_args(argc, argv, &mask); 310f8994074SJan Friedel do_args(argv, &mask); 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate return (0); 3137c478bd9Sstevel@tonic-gate } 3147c478bd9Sstevel@tonic-gate 3157c478bd9Sstevel@tonic-gate /* 3167c478bd9Sstevel@tonic-gate * parse_args() 3177c478bd9Sstevel@tonic-gate * Desc: Checks command line argument syntax. 3187c478bd9Sstevel@tonic-gate * Inputs: Command line argv; 3197c478bd9Sstevel@tonic-gate * Returns: If a syntax error is detected, a usage message is printed 3207c478bd9Sstevel@tonic-gate * and exit() is called. If a syntax error is not detected, 3217c478bd9Sstevel@tonic-gate * parse_args() returns without a value. 3227c478bd9Sstevel@tonic-gate */ 3237c478bd9Sstevel@tonic-gate static void 324f8994074SJan Friedel parse_args(int argc, char **argv, au_mask_t *mask) 3257c478bd9Sstevel@tonic-gate { 3268523fda3SJan Friedel arg_entry_t *ae; 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate uint_t type; 3297c478bd9Sstevel@tonic-gate uint_t addr[4]; 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate for (++argv; *argv; argv++) { 3329e3700dfSgww if ((ae = get_arg_ent(*argv)) == NULL) { 3337c478bd9Sstevel@tonic-gate exit_usage(1); 3347c478bd9Sstevel@tonic-gate } 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate switch (ae->auditconfig_cmd) { 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate case AC_ARG_AUDIT: 3397c478bd9Sstevel@tonic-gate ++argv; 3407c478bd9Sstevel@tonic-gate if (!*argv) 3417c478bd9Sstevel@tonic-gate exit_usage(1); 3427c478bd9Sstevel@tonic-gate if (strisnum(*argv)) { 3437c478bd9Sstevel@tonic-gate chk_event_num(AC_USER_EVENT, 3448523fda3SJan Friedel (au_event_t)atol(*argv)); 3459e3700dfSgww } else { 3467c478bd9Sstevel@tonic-gate chk_event_str(AC_USER_EVENT, *argv); 3479e3700dfSgww } 3487c478bd9Sstevel@tonic-gate ++argv; 3497c478bd9Sstevel@tonic-gate if (!*argv) 3507c478bd9Sstevel@tonic-gate exit_usage(1); 3517c478bd9Sstevel@tonic-gate chk_sorf(*argv); 3527c478bd9Sstevel@tonic-gate ++argv; 3537c478bd9Sstevel@tonic-gate if (!*argv) 3547c478bd9Sstevel@tonic-gate exit_usage(1); 3557c478bd9Sstevel@tonic-gate chk_retval(*argv); 3567c478bd9Sstevel@tonic-gate ++argv; 3577c478bd9Sstevel@tonic-gate if (!*argv) 3587c478bd9Sstevel@tonic-gate exit_usage(1); 3597c478bd9Sstevel@tonic-gate break; 3607c478bd9Sstevel@tonic-gate 3617c478bd9Sstevel@tonic-gate case AC_ARG_CHKCONF: 3627c478bd9Sstevel@tonic-gate case AC_ARG_CONF: 3637c478bd9Sstevel@tonic-gate case AC_ARG_ACONF: 3647c478bd9Sstevel@tonic-gate case AC_ARG_CHKACONF: 3657c478bd9Sstevel@tonic-gate case AC_ARG_GETASID: 3667c478bd9Sstevel@tonic-gate case AC_ARG_GETAUID: 3677c478bd9Sstevel@tonic-gate case AC_ARG_GETAUDIT: 3687c478bd9Sstevel@tonic-gate case AC_ARG_GETKAUDIT: 3697c478bd9Sstevel@tonic-gate break; 3707c478bd9Sstevel@tonic-gate 3717c478bd9Sstevel@tonic-gate case AC_ARG_GETCLASS: 3727c478bd9Sstevel@tonic-gate case AC_ARG_GETESTATE: 3737c478bd9Sstevel@tonic-gate ++argv; 3747c478bd9Sstevel@tonic-gate if (!*argv) 3757c478bd9Sstevel@tonic-gate exit_usage(1); 3769e3700dfSgww if (strisnum(*argv)) { 3777c478bd9Sstevel@tonic-gate chk_event_num(AC_KERN_EVENT, 3789e3700dfSgww (au_event_t)atol(*argv)); 3799e3700dfSgww } else { 3807c478bd9Sstevel@tonic-gate chk_event_str(AC_KERN_EVENT, *argv); 3819e3700dfSgww } 3827c478bd9Sstevel@tonic-gate break; 3837c478bd9Sstevel@tonic-gate 3847c478bd9Sstevel@tonic-gate case AC_ARG_GETCAR: 3857c478bd9Sstevel@tonic-gate case AC_ARG_GETCOND: 3867c478bd9Sstevel@tonic-gate case AC_ARG_GETCWD: 387f8994074SJan Friedel case AC_ARG_GETFLAGS: 3887c478bd9Sstevel@tonic-gate case AC_ARG_GETKMASK: 389f8994074SJan Friedel case AC_ARG_GETNAFLAGS: 390f8994074SJan Friedel break; 391f8994074SJan Friedel 392f8994074SJan Friedel case AC_ARG_GETPLUGIN: 393f8994074SJan Friedel if (*++argv == NULL) { 394f8994074SJan Friedel --argv; 395f8994074SJan Friedel break; 396f8994074SJan Friedel } 397f8994074SJan Friedel if (get_arg_ent(*argv) != NULL) { 398f8994074SJan Friedel --argv; 399f8994074SJan Friedel } else { 400f8994074SJan Friedel chk_arg_len(*argv, PLUGIN_MAXBUF); 401f8994074SJan Friedel chk_known_plugin(*argv); 402f8994074SJan Friedel } 403f8994074SJan Friedel break; 404f8994074SJan Friedel 4057c478bd9Sstevel@tonic-gate case AC_ARG_GETPOLICY: 4067c478bd9Sstevel@tonic-gate case AC_ARG_GETQBUFSZ: 4077c478bd9Sstevel@tonic-gate case AC_ARG_GETQCTRL: 4087c478bd9Sstevel@tonic-gate case AC_ARG_GETQDELAY: 4097c478bd9Sstevel@tonic-gate case AC_ARG_GETQHIWATER: 4107c478bd9Sstevel@tonic-gate case AC_ARG_GETQLOWATER: 4117c478bd9Sstevel@tonic-gate case AC_ARG_GETSTAT: 4127c478bd9Sstevel@tonic-gate case AC_ARG_GETTERMID: 4137c478bd9Sstevel@tonic-gate case AC_ARG_LSEVENT: 4147c478bd9Sstevel@tonic-gate case AC_ARG_LSPOLICY: 4157c478bd9Sstevel@tonic-gate break; 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate case AC_ARG_SETASID: 4187c478bd9Sstevel@tonic-gate case AC_ARG_SETAUID: 4197c478bd9Sstevel@tonic-gate case AC_ARG_SETAUDIT: 4207c478bd9Sstevel@tonic-gate ++argv; 4217c478bd9Sstevel@tonic-gate if (!*argv) 4227c478bd9Sstevel@tonic-gate exit_usage(1); 4237c478bd9Sstevel@tonic-gate 4247c478bd9Sstevel@tonic-gate while (*argv) 4257c478bd9Sstevel@tonic-gate ++argv; 4267c478bd9Sstevel@tonic-gate --argv; 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate break; 4297c478bd9Sstevel@tonic-gate 4307c478bd9Sstevel@tonic-gate case AC_ARG_SETKAUDIT: 4317c478bd9Sstevel@tonic-gate ++argv; 4327c478bd9Sstevel@tonic-gate if (!*argv) 4337c478bd9Sstevel@tonic-gate exit_usage(1); 4347c478bd9Sstevel@tonic-gate if (str2type (*argv, &type)) 4357c478bd9Sstevel@tonic-gate exit_error(gettext( 4368523fda3SJan Friedel "Invalid IP address type specified.")); 4377c478bd9Sstevel@tonic-gate ++argv; 4387c478bd9Sstevel@tonic-gate if (!*argv) 4397c478bd9Sstevel@tonic-gate exit_usage(1); 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate if (str2ipaddr(*argv, addr, type)) 4428523fda3SJan Friedel exit_error( 4438523fda3SJan Friedel gettext("Invalid IP address specified.")); 4447c478bd9Sstevel@tonic-gate break; 4457c478bd9Sstevel@tonic-gate 4467c478bd9Sstevel@tonic-gate case AC_ARG_SETCLASS: 4477c478bd9Sstevel@tonic-gate ++argv; 4487c478bd9Sstevel@tonic-gate if (!*argv) 4497c478bd9Sstevel@tonic-gate exit_usage(1); 4507c478bd9Sstevel@tonic-gate if (strisnum(*argv)) 4517c478bd9Sstevel@tonic-gate chk_event_num(AC_KERN_EVENT, 4528523fda3SJan Friedel (au_event_t)atol(*argv)); 4537c478bd9Sstevel@tonic-gate else 4547c478bd9Sstevel@tonic-gate chk_event_str(AC_KERN_EVENT, *argv); 4557c478bd9Sstevel@tonic-gate ++argv; 4567c478bd9Sstevel@tonic-gate if (!*argv) 4577c478bd9Sstevel@tonic-gate exit_usage(1); 458f8994074SJan Friedel echkflags(*argv, mask); 459f8994074SJan Friedel break; 460f8994074SJan Friedel 461f8994074SJan Friedel case AC_ARG_SETFLAGS: 462f8994074SJan Friedel ++argv; 463f8994074SJan Friedel if (!*argv) 464f8994074SJan Friedel exit_usage(1); 465f8994074SJan Friedel chk_arg_len(*argv, PRESELECTION_MAXBUF); 466f8994074SJan Friedel echkflags(*argv, mask); 4677c478bd9Sstevel@tonic-gate break; 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate case AC_ARG_SETKMASK: 4707c478bd9Sstevel@tonic-gate ++argv; 4717c478bd9Sstevel@tonic-gate if (!*argv) 4727c478bd9Sstevel@tonic-gate exit_usage(1); 473f8994074SJan Friedel echkflags(*argv, mask); 474f8994074SJan Friedel break; 475f8994074SJan Friedel 476f8994074SJan Friedel case AC_ARG_SETNAFLAGS: 477f8994074SJan Friedel ++argv; 478f8994074SJan Friedel if (!*argv) 479f8994074SJan Friedel exit_usage(1); 480f8994074SJan Friedel chk_arg_len(*argv, PRESELECTION_MAXBUF); 481f8994074SJan Friedel echkflags(*argv, mask); 482f8994074SJan Friedel break; 483f8994074SJan Friedel 484f8994074SJan Friedel case AC_ARG_SETPLUGIN: 485f8994074SJan Friedel if (*++argv == NULL || get_arg_ent(*argv) != NULL) { 486f8994074SJan Friedel exit_usage(1); 487f8994074SJan Friedel } 488f8994074SJan Friedel chk_known_plugin(*argv); 489f8994074SJan Friedel chk_arg_len(*argv, PLUGIN_MAXBUF); 490f8994074SJan Friedel if (*++argv == NULL || strcmp(*argv, "active") != 0 && 491f8994074SJan Friedel strcmp(*argv, "inactive") != 0) { 492f8994074SJan Friedel exit_usage(1); 493f8994074SJan Friedel } 494f8994074SJan Friedel if (*++argv == NULL || get_arg_ent(*argv) != NULL) { 495f8994074SJan Friedel --argv; 496f8994074SJan Friedel break; 497f8994074SJan Friedel } 498f8994074SJan Friedel chk_arg_len(*argv, PLUGIN_MAXATT); 499f8994074SJan Friedel if (*++argv == NULL || get_arg_ent(*argv) != NULL) { 500f8994074SJan Friedel --argv; 501f8994074SJan Friedel break; 502f8994074SJan Friedel } 503f8994074SJan Friedel if (atoi(*argv) < 0) { 504f8994074SJan Friedel exit_error(gettext("Incorrect qsize specified " 505f8994074SJan Friedel "(%s)."), *argv); 506f8994074SJan Friedel } 5077c478bd9Sstevel@tonic-gate break; 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate case AC_ARG_SETPOLICY: 5107c478bd9Sstevel@tonic-gate ++argv; 5117c478bd9Sstevel@tonic-gate if (!*argv) 5127c478bd9Sstevel@tonic-gate exit_usage(1); 5137c478bd9Sstevel@tonic-gate break; 5147c478bd9Sstevel@tonic-gate 5157c478bd9Sstevel@tonic-gate case AC_ARG_SETSTAT: 5167c478bd9Sstevel@tonic-gate break; 5177c478bd9Sstevel@tonic-gate 5187c478bd9Sstevel@tonic-gate case AC_ARG_GETPINFO: 5197c478bd9Sstevel@tonic-gate ++argv; 5207c478bd9Sstevel@tonic-gate if (!*argv) 5217c478bd9Sstevel@tonic-gate exit_usage(1); 5227c478bd9Sstevel@tonic-gate break; 5237c478bd9Sstevel@tonic-gate 5247c478bd9Sstevel@tonic-gate case AC_ARG_SETPMASK: 5257c478bd9Sstevel@tonic-gate ++argv; 5267c478bd9Sstevel@tonic-gate if (!*argv) 5277c478bd9Sstevel@tonic-gate exit_usage(1); 5287c478bd9Sstevel@tonic-gate ++argv; 5297c478bd9Sstevel@tonic-gate if (!*argv) 5307c478bd9Sstevel@tonic-gate exit_usage(1); 531f8994074SJan Friedel echkflags(*argv, mask); 5327c478bd9Sstevel@tonic-gate break; 5337c478bd9Sstevel@tonic-gate 5347c478bd9Sstevel@tonic-gate case AC_ARG_SETQBUFSZ: 5357c478bd9Sstevel@tonic-gate ++argv; 5367c478bd9Sstevel@tonic-gate if (!*argv) 5377c478bd9Sstevel@tonic-gate exit_usage(1); 5387c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5397c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid bufsz specified.")); 5407c478bd9Sstevel@tonic-gate break; 5417c478bd9Sstevel@tonic-gate 5427c478bd9Sstevel@tonic-gate case AC_ARG_SETQCTRL: 5437c478bd9Sstevel@tonic-gate ++argv; 5447c478bd9Sstevel@tonic-gate if (!*argv) 5457c478bd9Sstevel@tonic-gate exit_usage(1); 5467c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5478523fda3SJan Friedel exit_error( 5488523fda3SJan Friedel gettext("Invalid hiwater specified.")); 5497c478bd9Sstevel@tonic-gate ++argv; 5507c478bd9Sstevel@tonic-gate if (!*argv) 5517c478bd9Sstevel@tonic-gate exit_usage(1); 5527c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5538523fda3SJan Friedel exit_error( 5548523fda3SJan Friedel gettext("Invalid lowater specified.")); 5557c478bd9Sstevel@tonic-gate ++argv; 5567c478bd9Sstevel@tonic-gate if (!*argv) 5577c478bd9Sstevel@tonic-gate exit_usage(1); 5587c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5597c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid bufsz specified.")); 5607c478bd9Sstevel@tonic-gate ++argv; 5617c478bd9Sstevel@tonic-gate if (!*argv) 5627c478bd9Sstevel@tonic-gate exit_usage(1); 5637c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5647c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid delay specified.")); 5657c478bd9Sstevel@tonic-gate break; 5667c478bd9Sstevel@tonic-gate 5677c478bd9Sstevel@tonic-gate case AC_ARG_SETQDELAY: 5687c478bd9Sstevel@tonic-gate ++argv; 5697c478bd9Sstevel@tonic-gate if (!*argv) 5707c478bd9Sstevel@tonic-gate exit_usage(1); 5717c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5727c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid delay specified.")); 5737c478bd9Sstevel@tonic-gate break; 5747c478bd9Sstevel@tonic-gate 5757c478bd9Sstevel@tonic-gate case AC_ARG_SETQHIWATER: 5767c478bd9Sstevel@tonic-gate ++argv; 5777c478bd9Sstevel@tonic-gate if (!*argv) 5787c478bd9Sstevel@tonic-gate exit_usage(1); 5799e3700dfSgww if (!strisnum(*argv)) { 5808523fda3SJan Friedel exit_error( 5818523fda3SJan Friedel gettext("Invalid hiwater specified.")); 5829e3700dfSgww } 5837c478bd9Sstevel@tonic-gate break; 5847c478bd9Sstevel@tonic-gate 5857c478bd9Sstevel@tonic-gate case AC_ARG_SETQLOWATER: 5867c478bd9Sstevel@tonic-gate ++argv; 5877c478bd9Sstevel@tonic-gate if (!*argv) 5887c478bd9Sstevel@tonic-gate exit_usage(1); 5899e3700dfSgww if (!strisnum(*argv)) { 5908523fda3SJan Friedel exit_error( 5918523fda3SJan Friedel gettext("Invalid lowater specified.")); 5929e3700dfSgww } 5937c478bd9Sstevel@tonic-gate break; 5947c478bd9Sstevel@tonic-gate 5957c478bd9Sstevel@tonic-gate case AC_ARG_SETSMASK: 5967c478bd9Sstevel@tonic-gate case AC_ARG_SETUMASK: 5977c478bd9Sstevel@tonic-gate ++argv; 5987c478bd9Sstevel@tonic-gate if (!*argv) 5997c478bd9Sstevel@tonic-gate exit_usage(1); 6007c478bd9Sstevel@tonic-gate ++argv; 6017c478bd9Sstevel@tonic-gate if (!*argv) 6027c478bd9Sstevel@tonic-gate exit_usage(1); 603f8994074SJan Friedel echkflags(*argv, mask); 6047c478bd9Sstevel@tonic-gate break; 6057c478bd9Sstevel@tonic-gate 6068523fda3SJan Friedel case AC_ARG_SET_TEMPORARY: 6078523fda3SJan Friedel /* Do not accept single -t option. */ 6088523fda3SJan Friedel if (argc == 2) { 6098523fda3SJan Friedel exit_error( 6108523fda3SJan Friedel gettext("Only the -t option specified " 6118523fda3SJan Friedel "(it is not a standalone option).")); 6128523fda3SJan Friedel } 6138523fda3SJan Friedel temporary_set = B_TRUE; 6148523fda3SJan Friedel break; 6158523fda3SJan Friedel 6167c478bd9Sstevel@tonic-gate default: 6177c478bd9Sstevel@tonic-gate exit_error(gettext("Internal error #1.")); 6187c478bd9Sstevel@tonic-gate break; 6197c478bd9Sstevel@tonic-gate } 6207c478bd9Sstevel@tonic-gate } 6217c478bd9Sstevel@tonic-gate } 6227c478bd9Sstevel@tonic-gate 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate /* 6258523fda3SJan Friedel * do_args() - do command line arguments in the order in which they appear. 6268523fda3SJan Friedel * Function return values returned by the underlying functions; the semantics 6278523fda3SJan Friedel * they should follow is to return B_TRUE on successful execution, B_FALSE 6288523fda3SJan Friedel * otherwise. 6297c478bd9Sstevel@tonic-gate */ 6307c478bd9Sstevel@tonic-gate static void 631f8994074SJan Friedel do_args(char **argv, au_mask_t *mask) 6327c478bd9Sstevel@tonic-gate { 6338523fda3SJan Friedel arg_entry_t *ae; 6347c478bd9Sstevel@tonic-gate 6357c478bd9Sstevel@tonic-gate for (++argv; *argv; argv++) { 6367c478bd9Sstevel@tonic-gate ae = get_arg_ent(*argv); 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate switch (ae->auditconfig_cmd) { 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate case AC_ARG_AUDIT: 6417c478bd9Sstevel@tonic-gate { 6427c478bd9Sstevel@tonic-gate char sorf; 6437c478bd9Sstevel@tonic-gate int retval; 6447c478bd9Sstevel@tonic-gate char *event_name; 6457c478bd9Sstevel@tonic-gate char *audit_str; 6467c478bd9Sstevel@tonic-gate 6477c478bd9Sstevel@tonic-gate ++argv; 6487c478bd9Sstevel@tonic-gate event_name = *argv; 6497c478bd9Sstevel@tonic-gate ++argv; 6507c478bd9Sstevel@tonic-gate sorf = (char)atoi(*argv); 6517c478bd9Sstevel@tonic-gate ++argv; 6527c478bd9Sstevel@tonic-gate retval = atoi(*argv); 6537c478bd9Sstevel@tonic-gate ++argv; 6547c478bd9Sstevel@tonic-gate audit_str = *argv; 6557c478bd9Sstevel@tonic-gate do_audit(event_name, sorf, retval, audit_str); 6567c478bd9Sstevel@tonic-gate } 6577c478bd9Sstevel@tonic-gate break; 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate case AC_ARG_CHKCONF: 6607c478bd9Sstevel@tonic-gate do_chkconf(); 6617c478bd9Sstevel@tonic-gate break; 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate case AC_ARG_CONF: 6647c478bd9Sstevel@tonic-gate do_conf(); 6657c478bd9Sstevel@tonic-gate break; 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate case AC_ARG_CHKACONF: 6687c478bd9Sstevel@tonic-gate do_chkaconf(); 6697c478bd9Sstevel@tonic-gate break; 6707c478bd9Sstevel@tonic-gate 6717c478bd9Sstevel@tonic-gate case AC_ARG_ACONF: 6727c478bd9Sstevel@tonic-gate do_aconf(); 6737c478bd9Sstevel@tonic-gate break; 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate case AC_ARG_GETASID: 6767c478bd9Sstevel@tonic-gate do_getasid(); 6777c478bd9Sstevel@tonic-gate break; 6787c478bd9Sstevel@tonic-gate 6797c478bd9Sstevel@tonic-gate case AC_ARG_GETAUID: 6807c478bd9Sstevel@tonic-gate do_getauid(); 6817c478bd9Sstevel@tonic-gate break; 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate case AC_ARG_GETAUDIT: 6847c478bd9Sstevel@tonic-gate do_getaudit(); 6857c478bd9Sstevel@tonic-gate break; 6867c478bd9Sstevel@tonic-gate 6877c478bd9Sstevel@tonic-gate case AC_ARG_GETKAUDIT: 6887c478bd9Sstevel@tonic-gate do_getkaudit(); 6897c478bd9Sstevel@tonic-gate break; 6907c478bd9Sstevel@tonic-gate 6917c478bd9Sstevel@tonic-gate case AC_ARG_GETCLASS: 6927c478bd9Sstevel@tonic-gate case AC_ARG_GETESTATE: 6937c478bd9Sstevel@tonic-gate ++argv; 6947c478bd9Sstevel@tonic-gate do_getclass(*argv); 6957c478bd9Sstevel@tonic-gate break; 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate case AC_ARG_GETCAR: 6987c478bd9Sstevel@tonic-gate do_getcar(); 6997c478bd9Sstevel@tonic-gate break; 7007c478bd9Sstevel@tonic-gate 7017c478bd9Sstevel@tonic-gate case AC_ARG_GETCOND: 7027c478bd9Sstevel@tonic-gate do_getcond(); 7037c478bd9Sstevel@tonic-gate break; 7047c478bd9Sstevel@tonic-gate 7057c478bd9Sstevel@tonic-gate case AC_ARG_GETCWD: 7067c478bd9Sstevel@tonic-gate do_getcwd(); 7077c478bd9Sstevel@tonic-gate break; 7087c478bd9Sstevel@tonic-gate 709f8994074SJan Friedel case AC_ARG_GETFLAGS: 710f8994074SJan Friedel do_getflags(); 711f8994074SJan Friedel break; 712f8994074SJan Friedel 7137c478bd9Sstevel@tonic-gate case AC_ARG_GETKMASK: 7147c478bd9Sstevel@tonic-gate do_getkmask(); 7157c478bd9Sstevel@tonic-gate break; 7167c478bd9Sstevel@tonic-gate 717f8994074SJan Friedel case AC_ARG_GETNAFLAGS: 718f8994074SJan Friedel do_getnaflags(); 719f8994074SJan Friedel break; 720f8994074SJan Friedel 721f8994074SJan Friedel case AC_ARG_GETPLUGIN: 722f8994074SJan Friedel { 723f8994074SJan Friedel char *plugin_str = NULL; 724f8994074SJan Friedel 725f8994074SJan Friedel ++argv; 726f8994074SJan Friedel if (*argv != NULL) { 727f8994074SJan Friedel if (get_arg_ent(*argv) != NULL) { 728f8994074SJan Friedel --argv; 729f8994074SJan Friedel } else { 730f8994074SJan Friedel plugin_str = *argv; 731f8994074SJan Friedel } 732f8994074SJan Friedel } else { 733f8994074SJan Friedel --argv; 734f8994074SJan Friedel } 735f8994074SJan Friedel 736f8994074SJan Friedel do_getplugin(plugin_str); 737f8994074SJan Friedel } 738f8994074SJan Friedel break; 739f8994074SJan Friedel 7407c478bd9Sstevel@tonic-gate case AC_ARG_GETPOLICY: 7417c478bd9Sstevel@tonic-gate do_getpolicy(); 7427c478bd9Sstevel@tonic-gate break; 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate case AC_ARG_GETQBUFSZ: 7457c478bd9Sstevel@tonic-gate do_getqbufsz(); 7467c478bd9Sstevel@tonic-gate break; 7477c478bd9Sstevel@tonic-gate 7487c478bd9Sstevel@tonic-gate case AC_ARG_GETQCTRL: 7497c478bd9Sstevel@tonic-gate do_getqctrl(); 7507c478bd9Sstevel@tonic-gate break; 7517c478bd9Sstevel@tonic-gate 7527c478bd9Sstevel@tonic-gate case AC_ARG_GETQDELAY: 7537c478bd9Sstevel@tonic-gate do_getqdelay(); 7547c478bd9Sstevel@tonic-gate break; 7557c478bd9Sstevel@tonic-gate 7567c478bd9Sstevel@tonic-gate case AC_ARG_GETQHIWATER: 7577c478bd9Sstevel@tonic-gate do_getqhiwater(); 7587c478bd9Sstevel@tonic-gate break; 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate case AC_ARG_GETQLOWATER: 7617c478bd9Sstevel@tonic-gate do_getqlowater(); 7627c478bd9Sstevel@tonic-gate break; 7637c478bd9Sstevel@tonic-gate 7647c478bd9Sstevel@tonic-gate case AC_ARG_GETSTAT: 7657c478bd9Sstevel@tonic-gate do_getstat(); 7667c478bd9Sstevel@tonic-gate break; 7677c478bd9Sstevel@tonic-gate 7687c478bd9Sstevel@tonic-gate case AC_ARG_GETTERMID: 7697c478bd9Sstevel@tonic-gate do_gettermid(); 7707c478bd9Sstevel@tonic-gate break; 7717c478bd9Sstevel@tonic-gate 7727c478bd9Sstevel@tonic-gate case AC_ARG_LSEVENT: 7737c478bd9Sstevel@tonic-gate do_lsevent(); 7747c478bd9Sstevel@tonic-gate break; 7757c478bd9Sstevel@tonic-gate 7767c478bd9Sstevel@tonic-gate case AC_ARG_LSPOLICY: 7777c478bd9Sstevel@tonic-gate do_lspolicy(); 7787c478bd9Sstevel@tonic-gate break; 7797c478bd9Sstevel@tonic-gate 7807c478bd9Sstevel@tonic-gate case AC_ARG_SETASID: 7817c478bd9Sstevel@tonic-gate { 7827c478bd9Sstevel@tonic-gate char *sid_str; 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate ++argv; 7857c478bd9Sstevel@tonic-gate sid_str = *argv; 7867c478bd9Sstevel@tonic-gate ++argv; 7877c478bd9Sstevel@tonic-gate do_setasid(sid_str, argv); 7887c478bd9Sstevel@tonic-gate } 7897c478bd9Sstevel@tonic-gate break; 7907c478bd9Sstevel@tonic-gate 7917c478bd9Sstevel@tonic-gate case AC_ARG_SETAUID: 7927c478bd9Sstevel@tonic-gate { 7937c478bd9Sstevel@tonic-gate char *user; 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate ++argv; 7967c478bd9Sstevel@tonic-gate user = *argv; 7977c478bd9Sstevel@tonic-gate ++argv; 7987c478bd9Sstevel@tonic-gate do_setauid(user, argv); 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate break; 8017c478bd9Sstevel@tonic-gate 8027c478bd9Sstevel@tonic-gate case AC_ARG_SETAUDIT: 8037c478bd9Sstevel@tonic-gate { 8047c478bd9Sstevel@tonic-gate char *user_str; 8057c478bd9Sstevel@tonic-gate char *mask_str; 8067c478bd9Sstevel@tonic-gate char *tid_str; 8077c478bd9Sstevel@tonic-gate char *sid_str; 8087c478bd9Sstevel@tonic-gate 8097c478bd9Sstevel@tonic-gate ++argv; 8107c478bd9Sstevel@tonic-gate user_str = *argv; 8117c478bd9Sstevel@tonic-gate ++argv; 8127c478bd9Sstevel@tonic-gate mask_str = *argv; 8137c478bd9Sstevel@tonic-gate ++argv; 8147c478bd9Sstevel@tonic-gate tid_str = *argv; 8157c478bd9Sstevel@tonic-gate ++argv; 8167c478bd9Sstevel@tonic-gate sid_str = *argv; 8177c478bd9Sstevel@tonic-gate ++argv; 8188523fda3SJan Friedel do_setaudit(user_str, mask_str, tid_str, 8198523fda3SJan Friedel sid_str, argv); 8207c478bd9Sstevel@tonic-gate } 8217c478bd9Sstevel@tonic-gate break; 8227c478bd9Sstevel@tonic-gate 8237c478bd9Sstevel@tonic-gate case AC_ARG_SETKAUDIT: 8247c478bd9Sstevel@tonic-gate { 8257c478bd9Sstevel@tonic-gate char *address_type, *address; 8267c478bd9Sstevel@tonic-gate 8277c478bd9Sstevel@tonic-gate ++argv; address_type = *argv; 8287c478bd9Sstevel@tonic-gate ++argv; address = *argv; 8297c478bd9Sstevel@tonic-gate do_setkaudit(address_type, address); 8307c478bd9Sstevel@tonic-gate } 8317c478bd9Sstevel@tonic-gate break; 8327c478bd9Sstevel@tonic-gate 8337c478bd9Sstevel@tonic-gate case AC_ARG_SETCLASS: 8347c478bd9Sstevel@tonic-gate { 835f8994074SJan Friedel char *event_str; 8367c478bd9Sstevel@tonic-gate 837f8994074SJan Friedel ++argv; 838f8994074SJan Friedel event_str = *argv; 839f8994074SJan Friedel do_setclass(event_str, mask); 840f8994074SJan Friedel 841f8994074SJan Friedel ++argv; 8427c478bd9Sstevel@tonic-gate } 8437c478bd9Sstevel@tonic-gate break; 8447c478bd9Sstevel@tonic-gate 845f8994074SJan Friedel case AC_ARG_SETFLAGS: 846f8994074SJan Friedel ++argv; 847f8994074SJan Friedel do_setflags(*argv, mask); 848f8994074SJan Friedel break; 849f8994074SJan Friedel 8507c478bd9Sstevel@tonic-gate case AC_ARG_SETKMASK: 8517c478bd9Sstevel@tonic-gate ++argv; 852f8994074SJan Friedel do_setkmask(mask); 853f8994074SJan Friedel break; 854f8994074SJan Friedel 855f8994074SJan Friedel case AC_ARG_SETNAFLAGS: 856f8994074SJan Friedel ++argv; 857f8994074SJan Friedel do_setnaflags(*argv, mask); 858f8994074SJan Friedel break; 859f8994074SJan Friedel 860f8994074SJan Friedel case AC_ARG_SETPLUGIN: 861f8994074SJan Friedel { 862f8994074SJan Friedel char *plugin_str = NULL; 863f8994074SJan Friedel boolean_t plugin_state = B_FALSE; 864de4cec48SToomas Soome char *plugin_att = NULL; 865de4cec48SToomas Soome int plugin_qsize = -1; 866f8994074SJan Friedel 867f8994074SJan Friedel plugin_str = *++argv; 868f8994074SJan Friedel if (strcmp(*++argv, "active") == 0) { 869f8994074SJan Friedel plugin_state = B_TRUE; 870f8994074SJan Friedel } 871f8994074SJan Friedel if (*++argv != NULL && 872f8994074SJan Friedel get_arg_ent(*argv) == NULL) { 873f8994074SJan Friedel plugin_att = *argv; 874f8994074SJan Friedel if (*++argv != NULL && 875f8994074SJan Friedel get_arg_ent(*argv) == NULL) { 876f8994074SJan Friedel plugin_qsize = atoi(*argv); 877f8994074SJan Friedel } else { 878f8994074SJan Friedel --argv; 879f8994074SJan Friedel } 880f8994074SJan Friedel } else { 881f8994074SJan Friedel --argv; 882f8994074SJan Friedel } 883f8994074SJan Friedel 884f8994074SJan Friedel do_setplugin(plugin_str, plugin_state, 885f8994074SJan Friedel plugin_att, plugin_qsize); 886f8994074SJan Friedel } 8877c478bd9Sstevel@tonic-gate break; 8887c478bd9Sstevel@tonic-gate 8897c478bd9Sstevel@tonic-gate case AC_ARG_SETPOLICY: 8907c478bd9Sstevel@tonic-gate ++argv; 8917c478bd9Sstevel@tonic-gate do_setpolicy(*argv); 8927c478bd9Sstevel@tonic-gate break; 8937c478bd9Sstevel@tonic-gate 8947c478bd9Sstevel@tonic-gate case AC_ARG_GETPINFO: 8957c478bd9Sstevel@tonic-gate { 8967c478bd9Sstevel@tonic-gate char *pid_str; 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate ++argv; 8997c478bd9Sstevel@tonic-gate pid_str = *argv; 9007c478bd9Sstevel@tonic-gate do_getpinfo(pid_str); 9017c478bd9Sstevel@tonic-gate } 9027c478bd9Sstevel@tonic-gate break; 9037c478bd9Sstevel@tonic-gate 9047c478bd9Sstevel@tonic-gate case AC_ARG_SETPMASK: 9057c478bd9Sstevel@tonic-gate { 9067c478bd9Sstevel@tonic-gate char *pid_str; 9077c478bd9Sstevel@tonic-gate 9087c478bd9Sstevel@tonic-gate ++argv; 9097c478bd9Sstevel@tonic-gate pid_str = *argv; 910f8994074SJan Friedel do_setpmask(pid_str, mask); 911f8994074SJan Friedel 9127c478bd9Sstevel@tonic-gate ++argv; 9137c478bd9Sstevel@tonic-gate } 9147c478bd9Sstevel@tonic-gate break; 9157c478bd9Sstevel@tonic-gate 9167c478bd9Sstevel@tonic-gate case AC_ARG_SETSTAT: 9177c478bd9Sstevel@tonic-gate do_setstat(); 9187c478bd9Sstevel@tonic-gate break; 9197c478bd9Sstevel@tonic-gate 9207c478bd9Sstevel@tonic-gate case AC_ARG_SETQBUFSZ: 9217c478bd9Sstevel@tonic-gate ++argv; 9227c478bd9Sstevel@tonic-gate do_setqbufsz(*argv); 9237c478bd9Sstevel@tonic-gate break; 9247c478bd9Sstevel@tonic-gate 9257c478bd9Sstevel@tonic-gate case AC_ARG_SETQCTRL: 9267c478bd9Sstevel@tonic-gate { 9277c478bd9Sstevel@tonic-gate char *hiwater, *lowater, *bufsz, *delay; 9287c478bd9Sstevel@tonic-gate 9297c478bd9Sstevel@tonic-gate ++argv; hiwater = *argv; 9307c478bd9Sstevel@tonic-gate ++argv; lowater = *argv; 9317c478bd9Sstevel@tonic-gate ++argv; bufsz = *argv; 9327c478bd9Sstevel@tonic-gate ++argv; delay = *argv; 9337c478bd9Sstevel@tonic-gate do_setqctrl(hiwater, lowater, bufsz, delay); 9347c478bd9Sstevel@tonic-gate } 9357c478bd9Sstevel@tonic-gate break; 9367c478bd9Sstevel@tonic-gate case AC_ARG_SETQDELAY: 9377c478bd9Sstevel@tonic-gate ++argv; 9387c478bd9Sstevel@tonic-gate do_setqdelay(*argv); 9397c478bd9Sstevel@tonic-gate break; 9407c478bd9Sstevel@tonic-gate 9417c478bd9Sstevel@tonic-gate case AC_ARG_SETQHIWATER: 9427c478bd9Sstevel@tonic-gate ++argv; 9437c478bd9Sstevel@tonic-gate do_setqhiwater(*argv); 9447c478bd9Sstevel@tonic-gate break; 9457c478bd9Sstevel@tonic-gate 9467c478bd9Sstevel@tonic-gate case AC_ARG_SETQLOWATER: 9477c478bd9Sstevel@tonic-gate ++argv; 9487c478bd9Sstevel@tonic-gate do_setqlowater(*argv); 9497c478bd9Sstevel@tonic-gate break; 9507c478bd9Sstevel@tonic-gate 9517c478bd9Sstevel@tonic-gate case AC_ARG_SETSMASK: 9527c478bd9Sstevel@tonic-gate { 9537c478bd9Sstevel@tonic-gate char *asid_str; 9547c478bd9Sstevel@tonic-gate 9557c478bd9Sstevel@tonic-gate ++argv; 9567c478bd9Sstevel@tonic-gate asid_str = *argv; 957f8994074SJan Friedel do_setsmask(asid_str, mask); 958f8994074SJan Friedel 9597c478bd9Sstevel@tonic-gate ++argv; 9607c478bd9Sstevel@tonic-gate } 9617c478bd9Sstevel@tonic-gate break; 9627c478bd9Sstevel@tonic-gate case AC_ARG_SETUMASK: 9637c478bd9Sstevel@tonic-gate { 9647c478bd9Sstevel@tonic-gate char *auid_str; 9657c478bd9Sstevel@tonic-gate 9667c478bd9Sstevel@tonic-gate ++argv; 9677c478bd9Sstevel@tonic-gate auid_str = *argv; 968f8994074SJan Friedel do_setumask(auid_str, mask); 969f8994074SJan Friedel 9707c478bd9Sstevel@tonic-gate ++argv; 9717c478bd9Sstevel@tonic-gate } 9727c478bd9Sstevel@tonic-gate break; 9738523fda3SJan Friedel case AC_ARG_SET_TEMPORARY: 9748523fda3SJan Friedel break; 9757c478bd9Sstevel@tonic-gate 9767c478bd9Sstevel@tonic-gate default: 9777c478bd9Sstevel@tonic-gate exit_error(gettext("Internal error #2.")); 9787c478bd9Sstevel@tonic-gate break; 9797c478bd9Sstevel@tonic-gate } 9807c478bd9Sstevel@tonic-gate } 9817c478bd9Sstevel@tonic-gate } 9827c478bd9Sstevel@tonic-gate 9837c478bd9Sstevel@tonic-gate /* 9848523fda3SJan Friedel * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE 9858523fda3SJan Friedel * is set. 9867c478bd9Sstevel@tonic-gate */ 9877c478bd9Sstevel@tonic-gate static void 9889e3700dfSgww do_chkconf(void) 9897c478bd9Sstevel@tonic-gate { 9907c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 9917c478bd9Sstevel@tonic-gate au_mask_t pmask; 9927c478bd9Sstevel@tonic-gate char conf_aflags[256]; 9937c478bd9Sstevel@tonic-gate char run_aflags[256]; 9947c478bd9Sstevel@tonic-gate au_stat_t as; 9957c478bd9Sstevel@tonic-gate int class; 9967c478bd9Sstevel@tonic-gate int len; 9977c478bd9Sstevel@tonic-gate struct au_evclass_map cmap; 9987c478bd9Sstevel@tonic-gate 9997c478bd9Sstevel@tonic-gate pmask.am_success = pmask.am_failure = 0; 10007c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 10017c478bd9Sstevel@tonic-gate 10027c478bd9Sstevel@tonic-gate setauevent(); 10039e3700dfSgww if (getauevent() == NULL) { 10048523fda3SJan Friedel exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 10058523fda3SJan Friedel AUDITEVENTFILE); 10067c478bd9Sstevel@tonic-gate } 10077c478bd9Sstevel@tonic-gate 10087c478bd9Sstevel@tonic-gate setauevent(); 10099e3700dfSgww while ((evp = getauevent()) != NULL) { 10107c478bd9Sstevel@tonic-gate cmap.ec_number = evp->ae_number; 10117c478bd9Sstevel@tonic-gate len = sizeof (struct au_evclass_map); 10129e3700dfSgww if (evp->ae_number <= as.as_numevent) { 10137c478bd9Sstevel@tonic-gate if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { 1014d0fa49b7STony Nguyen (void) printf("%s(%hu):%s", 10159e3700dfSgww evp->ae_name, evp->ae_number, 10169e3700dfSgww gettext("UNKNOWN EVENT: Could not get " 10179e3700dfSgww "class for event. Configuration may " 10189e3700dfSgww "be bad.\n")); 10197c478bd9Sstevel@tonic-gate } else { 10207c478bd9Sstevel@tonic-gate class = cmap.ec_class; 10217c478bd9Sstevel@tonic-gate if (class != evp->ae_class) { 10227c478bd9Sstevel@tonic-gate conf_aflags[0] = run_aflags[0] = '\0'; 10237c478bd9Sstevel@tonic-gate pmask.am_success = class; 10247c478bd9Sstevel@tonic-gate pmask.am_failure = class; 10257c478bd9Sstevel@tonic-gate (void) getauditflagschar(run_aflags, 10268523fda3SJan Friedel &pmask, 0); 10277c478bd9Sstevel@tonic-gate pmask.am_success = evp->ae_class; 10287c478bd9Sstevel@tonic-gate pmask.am_failure = evp->ae_class; 10297c478bd9Sstevel@tonic-gate (void) getauditflagschar(conf_aflags, 10308523fda3SJan Friedel &pmask, 0); 10317c478bd9Sstevel@tonic-gate 10327c478bd9Sstevel@tonic-gate (void) printf(gettext( 1033d0fa49b7STony Nguyen "%s(%hu): CLASS MISMATCH: " 10349e3700dfSgww "runtime class (%s) != " 10359e3700dfSgww "configured class (%s)\n"), 10369e3700dfSgww evp->ae_name, evp->ae_number, 10379e3700dfSgww NONE(run_aflags), 10389e3700dfSgww NONE(conf_aflags)); 10397c478bd9Sstevel@tonic-gate } 10407c478bd9Sstevel@tonic-gate } 10419e3700dfSgww } 10427c478bd9Sstevel@tonic-gate } 10437c478bd9Sstevel@tonic-gate endauevent(); 10447c478bd9Sstevel@tonic-gate } 10457c478bd9Sstevel@tonic-gate 10467c478bd9Sstevel@tonic-gate /* 10478523fda3SJan Friedel * do_conf() - configure the kernel events. The value returned to the user is 10488523fda3SJan Friedel * for the global zone unless AUDIT_PERZONE is set. 10497c478bd9Sstevel@tonic-gate */ 10507c478bd9Sstevel@tonic-gate static void 10519e3700dfSgww do_conf(void) 10527c478bd9Sstevel@tonic-gate { 10537c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 10547c478bd9Sstevel@tonic-gate register int i; 10557c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 10567c478bd9Sstevel@tonic-gate au_stat_t as; 10577c478bd9Sstevel@tonic-gate 10587c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 10597c478bd9Sstevel@tonic-gate 10607c478bd9Sstevel@tonic-gate i = 0; 10617c478bd9Sstevel@tonic-gate setauevent(); 10629e3700dfSgww while ((evp = getauevent()) != NULL) { 10637c478bd9Sstevel@tonic-gate if (evp->ae_number <= as.as_numevent) { 10647c478bd9Sstevel@tonic-gate ++i; 10657c478bd9Sstevel@tonic-gate ec.ec_number = evp->ae_number; 10667c478bd9Sstevel@tonic-gate ec.ec_class = evp->ae_class; 1067f8994074SJan Friedel eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec)); 10687c478bd9Sstevel@tonic-gate } 10697c478bd9Sstevel@tonic-gate } 10707c478bd9Sstevel@tonic-gate endauevent(); 10717c478bd9Sstevel@tonic-gate (void) printf(gettext("Configured %d kernel events.\n"), i); 10727c478bd9Sstevel@tonic-gate 10737c478bd9Sstevel@tonic-gate } 10747c478bd9Sstevel@tonic-gate 10757c478bd9Sstevel@tonic-gate /* 10768523fda3SJan Friedel * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit 10778523fda3SJan Friedel * event does not match the configured class mask. The value returned to the 10788523fda3SJan Friedel * user is for the global zone unless AUDIT_PERZONE is set. 10797c478bd9Sstevel@tonic-gate */ 10807c478bd9Sstevel@tonic-gate static void 10819e3700dfSgww do_chkaconf(void) 10827c478bd9Sstevel@tonic-gate { 1083f8994074SJan Friedel char *namask_cfg; 1084de4cec48SToomas Soome au_mask_t pmask, kmask; 10857c478bd9Sstevel@tonic-gate 1086f8994074SJan Friedel if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) { 1087f8994074SJan Friedel exit_error(gettext("Could not get configured value.")); 10887c478bd9Sstevel@tonic-gate } 1089f8994074SJan Friedel egetauditflagsbin(namask_cfg, &pmask); 10907c478bd9Sstevel@tonic-gate 1091f8994074SJan Friedel eauditon(A_GETKMASK, (caddr_t)&kmask, sizeof (kmask)); 10927c478bd9Sstevel@tonic-gate 10937c478bd9Sstevel@tonic-gate if ((pmask.am_success != kmask.am_success) || 10947c478bd9Sstevel@tonic-gate (pmask.am_failure != kmask.am_failure)) { 10957c478bd9Sstevel@tonic-gate char kbuf[2048]; 10967c478bd9Sstevel@tonic-gate if (getauditflagschar(kbuf, &kmask, 0) < 0) { 1097f8994074SJan Friedel free(namask_cfg); 10987c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 10997c478bd9Sstevel@tonic-gate gettext("bad kernel non-attributable mask\n")); 11007c478bd9Sstevel@tonic-gate exit(1); 11017c478bd9Sstevel@tonic-gate } 1102f8994074SJan Friedel (void) printf( 1103f8994074SJan Friedel gettext("non-attributable event flags mismatch:\n")); 1104f8994074SJan Friedel (void) printf(gettext("active non-attributable audit flags " 1105f8994074SJan Friedel "= %s\n"), kbuf); 1106f8994074SJan Friedel (void) printf(gettext("configured non-attributable audit flags " 1107f8994074SJan Friedel "= %s\n"), namask_cfg); 11087c478bd9Sstevel@tonic-gate } 1109f8994074SJan Friedel free(namask_cfg); 11107c478bd9Sstevel@tonic-gate } 11117c478bd9Sstevel@tonic-gate 11127c478bd9Sstevel@tonic-gate /* 11138523fda3SJan Friedel * do_aconf - configures the non-attributable events. The value returned to the 11148523fda3SJan Friedel * user is for the global zone unless AUDIT_PERZONE is set. 11157c478bd9Sstevel@tonic-gate */ 11167c478bd9Sstevel@tonic-gate static void 11179e3700dfSgww do_aconf(void) 11187c478bd9Sstevel@tonic-gate { 1119de4cec48SToomas Soome au_mask_t namask; 1120f8994074SJan Friedel char *namask_cfg; 11217c478bd9Sstevel@tonic-gate 1122f8994074SJan Friedel if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) { 1123f8994074SJan Friedel exit_error(gettext("Could not get configured value.")); 11247c478bd9Sstevel@tonic-gate } 1125f8994074SJan Friedel egetauditflagsbin(namask_cfg, &namask); 1126f8994074SJan Friedel free(namask_cfg); 11277c478bd9Sstevel@tonic-gate 1128f8994074SJan Friedel eauditon(A_SETKMASK, (caddr_t)&namask, sizeof (namask)); 1129f8994074SJan Friedel (void) printf(gettext("Configured non-attributable event mask.\n")); 11307c478bd9Sstevel@tonic-gate } 11317c478bd9Sstevel@tonic-gate 11328523fda3SJan Friedel /* 11338523fda3SJan Friedel * do_audit() - construct an audit record for audit event event using the 11348523fda3SJan Friedel * process's audit characteristics containing a text token string audit_str. The 11358523fda3SJan Friedel * return token is constructed from the success/failure flag sort. Returned 11368523fda3SJan Friedel * value retval is an errno value. 11378523fda3SJan Friedel */ 11387c478bd9Sstevel@tonic-gate static void 11399e3700dfSgww do_audit(char *event, char sorf, int retval, char *audit_str) 11407c478bd9Sstevel@tonic-gate { 11417c478bd9Sstevel@tonic-gate int rtn; 11427c478bd9Sstevel@tonic-gate int rd; 11437c478bd9Sstevel@tonic-gate au_event_t event_num; 11447c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 11457c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 11467c478bd9Sstevel@tonic-gate token_t *tokp; 11477c478bd9Sstevel@tonic-gate 11487c478bd9Sstevel@tonic-gate egetaudit(&ai, sizeof (ai)); 11497c478bd9Sstevel@tonic-gate 11507c478bd9Sstevel@tonic-gate if (strisnum(event)) { 11517c478bd9Sstevel@tonic-gate event_num = (au_event_t)atoi(event); 11527c478bd9Sstevel@tonic-gate evp = egetauevnum(event_num); 11539e3700dfSgww } else { 11547c478bd9Sstevel@tonic-gate evp = egetauevnam(event); 11559e3700dfSgww } 11567c478bd9Sstevel@tonic-gate 11577c478bd9Sstevel@tonic-gate rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf, 11589e3700dfSgww AU_PRS_USECACHE); 11597c478bd9Sstevel@tonic-gate 11609e3700dfSgww if (rtn == -1) { 1161d0fa49b7STony Nguyen exit_error("%s\n%s %hu\n", 11629e3700dfSgww gettext("Check audit event configuration."), 11639e3700dfSgww gettext("Could not get audit class for event number"), 11649e3700dfSgww evp->ae_number); 11659e3700dfSgww } 11667c478bd9Sstevel@tonic-gate 11677c478bd9Sstevel@tonic-gate /* record is preselected */ 11687c478bd9Sstevel@tonic-gate if (rtn == 1) { 11699e3700dfSgww if ((rd = au_open()) == -1) { 11708523fda3SJan Friedel exit_error(gettext( 11718523fda3SJan Friedel "Could not get and audit record descriptor\n")); 11729e3700dfSgww } 11739e3700dfSgww if ((tokp = au_to_me()) == NULL) { 11748523fda3SJan Friedel exit_error( 11758523fda3SJan Friedel gettext("Could not allocate subject token\n")); 11769e3700dfSgww } 11779e3700dfSgww if (au_write(rd, tokp) == -1) { 11788523fda3SJan Friedel exit_error(gettext("Could not construct subject token " 11798523fda3SJan Friedel "of audit record\n")); 11809e3700dfSgww } 11819e3700dfSgww if (is_system_labeled()) { 11829e3700dfSgww if ((tokp = au_to_mylabel()) == NULL) { 11838523fda3SJan Friedel exit_error(gettext( 11848523fda3SJan Friedel "Could not allocate label token\n")); 11859e3700dfSgww } 11869e3700dfSgww if (au_write(rd, tokp) == -1) { 11878523fda3SJan Friedel exit_error(gettext("Could not " 11888523fda3SJan Friedel "construct label token of audit record\n")); 11899e3700dfSgww } 119045916cd2Sjpk } 119145916cd2Sjpk 11929e3700dfSgww if ((tokp = au_to_text(audit_str)) == NULL) 11937c478bd9Sstevel@tonic-gate exit_error(gettext("Could not allocate text token\n")); 11947c478bd9Sstevel@tonic-gate if (au_write(rd, tokp) == -1) 11959e3700dfSgww exit_error(gettext("Could not construct text token of " 11969e3700dfSgww "audit record\n")); 11977c478bd9Sstevel@tonic-gate #ifdef _LP64 11989e3700dfSgww if ((tokp = au_to_return64(sorf, retval)) == NULL) 11997c478bd9Sstevel@tonic-gate #else 12009e3700dfSgww if ((tokp = au_to_return32(sorf, retval)) == NULL) 12017c478bd9Sstevel@tonic-gate #endif 12028523fda3SJan Friedel exit_error( 12038523fda3SJan Friedel gettext("Could not allocate return token\n")); 12049e3700dfSgww if (au_write(rd, tokp) == -1) { 12059e3700dfSgww exit_error(gettext("Could not construct return token " 12069e3700dfSgww "of audit record\n")); 12079e3700dfSgww } 12089e3700dfSgww if (au_close(rd, 1, evp->ae_number) == -1) { 12098523fda3SJan Friedel exit_error( 12108523fda3SJan Friedel gettext("Could not write audit record: %s\n"), 12118523fda3SJan Friedel strerror(errno)); 12129e3700dfSgww } 12137c478bd9Sstevel@tonic-gate } 12147c478bd9Sstevel@tonic-gate } 12157c478bd9Sstevel@tonic-gate 12168523fda3SJan Friedel /* 12178523fda3SJan Friedel * do_getauid() - print the audit id of the current process. 12188523fda3SJan Friedel */ 12197c478bd9Sstevel@tonic-gate static void 12209e3700dfSgww do_getauid(void) 12217c478bd9Sstevel@tonic-gate { 12227c478bd9Sstevel@tonic-gate au_id_t auid; 12237c478bd9Sstevel@tonic-gate 12247c478bd9Sstevel@tonic-gate egetauid(&auid); 12257c478bd9Sstevel@tonic-gate print_auid(auid); 12267c478bd9Sstevel@tonic-gate } 12277c478bd9Sstevel@tonic-gate 12288523fda3SJan Friedel /* 12298523fda3SJan Friedel * do_getaudit() - print the audit characteristics of the current process. 12308523fda3SJan Friedel */ 12317c478bd9Sstevel@tonic-gate static void 12329e3700dfSgww do_getaudit(void) 12337c478bd9Sstevel@tonic-gate { 12347c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 12357c478bd9Sstevel@tonic-gate 12367c478bd9Sstevel@tonic-gate egetaudit(&ai, sizeof (ai)); 12377c478bd9Sstevel@tonic-gate print_auid(ai.ai_auid); 12387c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &ai.ai_mask); 12397c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 12407c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 12417c478bd9Sstevel@tonic-gate } 12427c478bd9Sstevel@tonic-gate 12438523fda3SJan Friedel /* 12448523fda3SJan Friedel * do_getkaudit() - print the audit characteristics of the current zone. 12458523fda3SJan Friedel */ 12467c478bd9Sstevel@tonic-gate static void 12479e3700dfSgww do_getkaudit(void) 12487c478bd9Sstevel@tonic-gate { 12497c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 12507c478bd9Sstevel@tonic-gate 12517c478bd9Sstevel@tonic-gate egetkaudit(&ai, sizeof (ai)); 12527c478bd9Sstevel@tonic-gate print_auid(ai.ai_auid); 12537c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &ai.ai_mask); 12547c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 12557c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 12567c478bd9Sstevel@tonic-gate } 12577c478bd9Sstevel@tonic-gate 12587c478bd9Sstevel@tonic-gate /* 12598523fda3SJan Friedel * do_setkaudit() - set IP address_type/address of machine to specified values; 12608523fda3SJan Friedel * valid per zone if AUDIT_PERZONE is set, else only in global zone. 12617c478bd9Sstevel@tonic-gate */ 12627c478bd9Sstevel@tonic-gate static void 12639e3700dfSgww do_setkaudit(char *t, char *s) 12647c478bd9Sstevel@tonic-gate { 12657c478bd9Sstevel@tonic-gate uint_t type; 12667c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 12677c478bd9Sstevel@tonic-gate 12687c478bd9Sstevel@tonic-gate egetkaudit(&ai, sizeof (ai)); 12697c478bd9Sstevel@tonic-gate (void) str2type(t, &type); 12707c478bd9Sstevel@tonic-gate (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 12717c478bd9Sstevel@tonic-gate ai.ai_termid.at_type = type; 12727c478bd9Sstevel@tonic-gate esetkaudit(&ai, sizeof (ai)); 12737c478bd9Sstevel@tonic-gate } 12747c478bd9Sstevel@tonic-gate 12757c478bd9Sstevel@tonic-gate /* 12768523fda3SJan Friedel * do_getcar() - print the zone-relative root 12777c478bd9Sstevel@tonic-gate */ 12787c478bd9Sstevel@tonic-gate static void 12799e3700dfSgww do_getcar(void) 12807c478bd9Sstevel@tonic-gate { 12817c478bd9Sstevel@tonic-gate char path[MAXPATHLEN]; 12827c478bd9Sstevel@tonic-gate 1283f8994074SJan Friedel eauditon(A_GETCAR, (caddr_t)path, sizeof (path)); 12847c478bd9Sstevel@tonic-gate (void) printf(gettext("current active root = %s\n"), path); 12857c478bd9Sstevel@tonic-gate } 12867c478bd9Sstevel@tonic-gate 12877c478bd9Sstevel@tonic-gate /* 12888523fda3SJan Friedel * do_getclass() - print the preselection mask associated with the specified 12898523fda3SJan Friedel * kernel audit event. The displayed value is for the global zone unless 12908523fda3SJan Friedel * AUDIT_PERZONE is set. 12917c478bd9Sstevel@tonic-gate */ 12927c478bd9Sstevel@tonic-gate static void 12939e3700dfSgww do_getclass(char *event_str) 12947c478bd9Sstevel@tonic-gate { 12957c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 12967c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 12977c478bd9Sstevel@tonic-gate au_event_t event_number; 12987c478bd9Sstevel@tonic-gate char *event_name; 12997c478bd9Sstevel@tonic-gate 13007c478bd9Sstevel@tonic-gate if (strisnum(event_str)) { 13017c478bd9Sstevel@tonic-gate event_number = atol(event_str); 13029e3700dfSgww if ((evp = egetauevnum(event_number)) != NULL) { 13037c478bd9Sstevel@tonic-gate event_number = evp->ae_number; 13047c478bd9Sstevel@tonic-gate event_name = evp->ae_name; 13059e3700dfSgww } else { 13067c478bd9Sstevel@tonic-gate event_name = gettext("unknown"); 13079e3700dfSgww } 13087c478bd9Sstevel@tonic-gate } else { 13097c478bd9Sstevel@tonic-gate event_name = event_str; 13109e3700dfSgww if ((evp = egetauevnam(event_str)) != NULL) { 13117c478bd9Sstevel@tonic-gate event_number = evp->ae_number; 13129e3700dfSgww } 13137c478bd9Sstevel@tonic-gate } 13147c478bd9Sstevel@tonic-gate 13157c478bd9Sstevel@tonic-gate ec.ec_number = event_number; 13167c478bd9Sstevel@tonic-gate eauditon(A_GETCLASS, (caddr_t)&ec, 0); 13177c478bd9Sstevel@tonic-gate 1318d0fa49b7STony Nguyen (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"), 13199e3700dfSgww event_name, event_number, ec.ec_class); 13207c478bd9Sstevel@tonic-gate } 13217c478bd9Sstevel@tonic-gate 13227c478bd9Sstevel@tonic-gate /* 13238523fda3SJan Friedel * do_getcond() - the printed value is for the global zone unless 13248523fda3SJan Friedel * AUDIT_PERZONE is set. (AUC_DISABLED is always global, the other states are 13258523fda3SJan Friedel * per zone if AUDIT_PERZONE is set) 13267c478bd9Sstevel@tonic-gate */ 13277c478bd9Sstevel@tonic-gate static void 13289e3700dfSgww do_getcond(void) 13297c478bd9Sstevel@tonic-gate { 13309e3700dfSgww (void) printf(gettext("audit condition = %s\n"), cond2str()); 13317c478bd9Sstevel@tonic-gate } 13327c478bd9Sstevel@tonic-gate 13337c478bd9Sstevel@tonic-gate /* 13348523fda3SJan Friedel * do_getcwd() - the printed path is relative to the current zone root 13357c478bd9Sstevel@tonic-gate */ 13367c478bd9Sstevel@tonic-gate static void 13379e3700dfSgww do_getcwd(void) 13387c478bd9Sstevel@tonic-gate { 13397c478bd9Sstevel@tonic-gate char path[MAXPATHLEN]; 13407c478bd9Sstevel@tonic-gate 1341f8994074SJan Friedel eauditon(A_GETCWD, (caddr_t)path, sizeof (path)); 13427c478bd9Sstevel@tonic-gate (void) printf(gettext("current working directory = %s\n"), path); 13437c478bd9Sstevel@tonic-gate } 13447c478bd9Sstevel@tonic-gate 1345f8994074SJan Friedel /* 1346f8994074SJan Friedel * do_getflags() - the printed value is for the global zone unless AUDIT_PERZONE 1347f8994074SJan Friedel * is set. 1348f8994074SJan Friedel */ 1349f8994074SJan Friedel static void 1350f8994074SJan Friedel do_getflags(void) 1351f8994074SJan Friedel { 1352f8994074SJan Friedel au_mask_t amask; 1353f8994074SJan Friedel char *amask_cfg; 1354f8994074SJan Friedel 1355f8994074SJan Friedel eauditon(A_GETAMASK, (caddr_t)&amask, sizeof (amask)); 1356f8994074SJan Friedel print_mask(gettext("active user default audit flags"), &amask); 1357f8994074SJan Friedel 1358f8994074SJan Friedel if (!do_getflags_scf(&amask_cfg) || amask_cfg == NULL) { 1359f8994074SJan Friedel exit_error(gettext("Could not get configured value.")); 1360f8994074SJan Friedel } 1361f8994074SJan Friedel egetauditflagsbin(amask_cfg, &amask); 1362f8994074SJan Friedel print_mask(gettext("configured user default audit flags"), &amask); 1363f8994074SJan Friedel free(amask_cfg); 1364f8994074SJan Friedel } 1365f8994074SJan Friedel 13667c478bd9Sstevel@tonic-gate /* 13678523fda3SJan Friedel * do_getkmask() - the printed value is for the global zone unless AUDIT_PERZONE 13688523fda3SJan Friedel * is set. 13697c478bd9Sstevel@tonic-gate */ 13707c478bd9Sstevel@tonic-gate static void 13719e3700dfSgww do_getkmask(void) 13727c478bd9Sstevel@tonic-gate { 13737c478bd9Sstevel@tonic-gate au_mask_t pmask; 13747c478bd9Sstevel@tonic-gate 1375f8994074SJan Friedel eauditon(A_GETKMASK, (caddr_t)&pmask, sizeof (pmask)); 1376f8994074SJan Friedel print_mask(gettext("active non-attributable audit flags"), &pmask); 1377f8994074SJan Friedel } 1378f8994074SJan Friedel 1379f8994074SJan Friedel /* 1380f8994074SJan Friedel * do_getnaflags() - the printed value is for the global zone unless 1381f8994074SJan Friedel * AUDIT_PERZONE is set. 1382f8994074SJan Friedel */ 1383f8994074SJan Friedel static void 1384f8994074SJan Friedel do_getnaflags(void) 1385f8994074SJan Friedel { 1386f8994074SJan Friedel au_mask_t namask; 1387f8994074SJan Friedel char *namask_cfg; 1388f8994074SJan Friedel 1389f8994074SJan Friedel eauditon(A_GETKMASK, (caddr_t)&namask, sizeof (namask)); 1390f8994074SJan Friedel print_mask(gettext("active non-attributable audit flags"), &namask); 1391f8994074SJan Friedel 1392f8994074SJan Friedel if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) { 1393f8994074SJan Friedel exit_error(gettext("Could not get configured value.")); 1394f8994074SJan Friedel } 1395f8994074SJan Friedel egetauditflagsbin(namask_cfg, &namask); 1396f8994074SJan Friedel print_mask(gettext("configured non-attributable audit flags"), &namask); 1397f8994074SJan Friedel free(namask_cfg); 13987c478bd9Sstevel@tonic-gate } 13997c478bd9Sstevel@tonic-gate 14007c478bd9Sstevel@tonic-gate /* 14018523fda3SJan Friedel * do_getpolicy() - print active and configured kernel audit policy relative to 14028523fda3SJan Friedel * the current zone. 14037c478bd9Sstevel@tonic-gate */ 14047c478bd9Sstevel@tonic-gate static void 14059e3700dfSgww do_getpolicy(void) 14067c478bd9Sstevel@tonic-gate { 1407de4cec48SToomas Soome char policy_str[1024]; 14088523fda3SJan Friedel uint32_t policy; 14098523fda3SJan Friedel 14108523fda3SJan Friedel if (!temporary_set) { 14118523fda3SJan Friedel if (!do_getpolicy_scf(&policy)) { 14128523fda3SJan Friedel exit_error(gettext("Could not get configured values.")); 14138523fda3SJan Friedel } 14148523fda3SJan Friedel (void) policy2str(policy, policy_str, sizeof (policy_str)); 14158523fda3SJan Friedel (void) printf(gettext("configured audit policies = %s\n"), 14168523fda3SJan Friedel policy_str); 14178523fda3SJan Friedel } 14187c478bd9Sstevel@tonic-gate 14197c478bd9Sstevel@tonic-gate eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 14207c478bd9Sstevel@tonic-gate (void) policy2str(policy, policy_str, sizeof (policy_str)); 14218523fda3SJan Friedel (void) printf(gettext("active audit policies = %s\n"), policy_str); 14227c478bd9Sstevel@tonic-gate } 14237c478bd9Sstevel@tonic-gate 14248523fda3SJan Friedel 14258523fda3SJan Friedel /* 14268523fda3SJan Friedel * do_getpinfo() - print the audit ID, preselection mask, terminal ID, and 14278523fda3SJan Friedel * audit session ID for the specified process. 14288523fda3SJan Friedel */ 14297c478bd9Sstevel@tonic-gate static void 14309e3700dfSgww do_getpinfo(char *pid_str) 14317c478bd9Sstevel@tonic-gate { 14327c478bd9Sstevel@tonic-gate struct auditpinfo_addr ap; 14337c478bd9Sstevel@tonic-gate 14347c478bd9Sstevel@tonic-gate if (strisnum(pid_str)) 14357c478bd9Sstevel@tonic-gate ap.ap_pid = (pid_t)atoi(pid_str); 14367c478bd9Sstevel@tonic-gate else 14377c478bd9Sstevel@tonic-gate exit_usage(1); 14387c478bd9Sstevel@tonic-gate 14397c478bd9Sstevel@tonic-gate eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 14407c478bd9Sstevel@tonic-gate 14417c478bd9Sstevel@tonic-gate print_auid(ap.ap_auid); 14427c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 14437c478bd9Sstevel@tonic-gate print_tid_ex(&(ap.ap_termid)); 14447c478bd9Sstevel@tonic-gate print_asid(ap.ap_asid); 14457c478bd9Sstevel@tonic-gate } 14467c478bd9Sstevel@tonic-gate 1447f8994074SJan Friedel /* 1448f8994074SJan Friedel * do_getplugin() - print plugin configuration. 1449f8994074SJan Friedel */ 1450f8994074SJan Friedel static void 1451f8994074SJan Friedel do_getplugin(char *plugin_str) 1452f8994074SJan Friedel { 1453f8994074SJan Friedel scf_plugin_kva_node_t *plugin_kva_ll; 1454f8994074SJan Friedel scf_plugin_kva_node_t *plugin_kva_ll_head; 1455f8994074SJan Friedel 1456f8994074SJan Friedel if (!do_getpluginconfig_scf(plugin_str, &plugin_kva_ll)) { 1457f8994074SJan Friedel exit_error(gettext("Could not get plugin configuration.")); 1458f8994074SJan Friedel } 1459f8994074SJan Friedel 1460f8994074SJan Friedel plugin_kva_ll_head = plugin_kva_ll; 1461f8994074SJan Friedel 1462f8994074SJan Friedel while (plugin_kva_ll != NULL) { 1463f8994074SJan Friedel print_plugin(plugin_kva_ll->plugin_name, 1464f8994074SJan Friedel plugin_kva_ll->plugin_kva); 1465f8994074SJan Friedel plugin_kva_ll = plugin_kva_ll->next; 1466f8994074SJan Friedel if (plugin_kva_ll != NULL) { 1467f8994074SJan Friedel (void) printf("\n"); 1468f8994074SJan Friedel } 1469f8994074SJan Friedel } 1470f8994074SJan Friedel plugin_kva_ll_free(plugin_kva_ll_head); 1471f8994074SJan Friedel } 1472f8994074SJan Friedel 14737c478bd9Sstevel@tonic-gate /* 14748523fda3SJan Friedel * do_getqbufsz() - print the active and configured audit queue write buffer 14758523fda3SJan Friedel * size relative to the current zone. 14767c478bd9Sstevel@tonic-gate */ 14777c478bd9Sstevel@tonic-gate static void 14789e3700dfSgww do_getqbufsz(void) 14797c478bd9Sstevel@tonic-gate { 14807c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 14817c478bd9Sstevel@tonic-gate 14828523fda3SJan Friedel if (!temporary_set) { 14838523fda3SJan Friedel if (!do_getqbufsz_scf(&qctrl.aq_bufsz)) { 14848523fda3SJan Friedel exit_error(gettext("Could not get configured value.")); 14858523fda3SJan Friedel } 14868523fda3SJan Friedel 14878523fda3SJan Friedel if (qctrl.aq_bufsz == 0) { 14888523fda3SJan Friedel (void) printf(gettext( 14898523fda3SJan Friedel "no configured audit queue buffer size\n")); 14908523fda3SJan Friedel } else { 14918523fda3SJan Friedel (void) printf(gettext("configured audit queue " 14928523fda3SJan Friedel "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 14938523fda3SJan Friedel } 14948523fda3SJan Friedel } 14958523fda3SJan Friedel 14967c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 14978523fda3SJan Friedel (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"), 14988523fda3SJan Friedel qctrl.aq_bufsz); 14997c478bd9Sstevel@tonic-gate } 15007c478bd9Sstevel@tonic-gate 15017c478bd9Sstevel@tonic-gate /* 15028523fda3SJan Friedel * do_getqctrl() - print the configured and active audit queue write buffer 15038523fda3SJan Friedel * size, audit queue hiwater mark, audit queue lowater mark, audit queue prod 15048523fda3SJan Friedel * interval (ticks) relative to the current zone. 15057c478bd9Sstevel@tonic-gate */ 15067c478bd9Sstevel@tonic-gate static void 15079e3700dfSgww do_getqctrl(void) 15087c478bd9Sstevel@tonic-gate { 15098523fda3SJan Friedel struct au_qctrl qctrl; 15108523fda3SJan Friedel 15118523fda3SJan Friedel if (!temporary_set) { 15128523fda3SJan Friedel if (!do_getqctrl_scf(&qctrl)) { 15138523fda3SJan Friedel exit_error(gettext("Could not get configured values.")); 15148523fda3SJan Friedel } 15158523fda3SJan Friedel 15168523fda3SJan Friedel if (qctrl.aq_hiwater == 0) { 15178523fda3SJan Friedel (void) printf(gettext( 15188523fda3SJan Friedel "no configured audit queue hiwater mark\n")); 15198523fda3SJan Friedel } else { 15208523fda3SJan Friedel (void) printf(gettext("configured audit queue " 15218523fda3SJan Friedel "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 15228523fda3SJan Friedel } 15238523fda3SJan Friedel if (qctrl.aq_lowater == 0) { 15248523fda3SJan Friedel (void) printf(gettext( 15258523fda3SJan Friedel "no configured audit queue lowater mark\n")); 15268523fda3SJan Friedel } else { 15278523fda3SJan Friedel (void) printf(gettext("configured audit queue " 15288523fda3SJan Friedel "lowater mark (records) = %d\n"), qctrl.aq_lowater); 15298523fda3SJan Friedel } 15308523fda3SJan Friedel if (qctrl.aq_bufsz == 0) { 15318523fda3SJan Friedel (void) printf(gettext( 15328523fda3SJan Friedel "no configured audit queue buffer size\n")); 15338523fda3SJan Friedel } else { 15348523fda3SJan Friedel (void) printf(gettext("configured audit queue " 15358523fda3SJan Friedel "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 15368523fda3SJan Friedel } 15378523fda3SJan Friedel if (qctrl.aq_delay == 0) { 15388523fda3SJan Friedel (void) printf(gettext( 15398523fda3SJan Friedel "no configured audit queue delay\n")); 15408523fda3SJan Friedel } else { 15418523fda3SJan Friedel (void) printf(gettext("configured audit queue " 15428523fda3SJan Friedel "delay (ticks) = %ld\n"), qctrl.aq_delay); 15438523fda3SJan Friedel } 15448523fda3SJan Friedel } 15457c478bd9Sstevel@tonic-gate 15467c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 15478523fda3SJan Friedel (void) printf(gettext("active audit queue hiwater mark " 15488523fda3SJan Friedel "(records) = %d\n"), qctrl.aq_hiwater); 15498523fda3SJan Friedel (void) printf(gettext("active audit queue lowater mark " 15508523fda3SJan Friedel "(records) = %d\n"), qctrl.aq_lowater); 15518523fda3SJan Friedel (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"), 15529e3700dfSgww qctrl.aq_bufsz); 15538523fda3SJan Friedel (void) printf(gettext("active audit queue delay (ticks) = %ld\n"), 15549e3700dfSgww qctrl.aq_delay); 15557c478bd9Sstevel@tonic-gate } 15567c478bd9Sstevel@tonic-gate 15577c478bd9Sstevel@tonic-gate /* 15588523fda3SJan Friedel * do_getqdelay() - print, relative to the current zone, the configured and 15598523fda3SJan Friedel * active interval at which audit queue is prodded to start output. 15607c478bd9Sstevel@tonic-gate */ 15617c478bd9Sstevel@tonic-gate static void 15629e3700dfSgww do_getqdelay(void) 15637c478bd9Sstevel@tonic-gate { 15647c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 15657c478bd9Sstevel@tonic-gate 15668523fda3SJan Friedel if (!temporary_set) { 15678523fda3SJan Friedel if (!do_getqdelay_scf(&qctrl.aq_delay)) { 15688523fda3SJan Friedel exit_error(gettext("Could not get configured value.")); 15698523fda3SJan Friedel } 15708523fda3SJan Friedel 15718523fda3SJan Friedel if (qctrl.aq_delay == 0) { 15728523fda3SJan Friedel (void) printf(gettext( 15738523fda3SJan Friedel "no configured audit queue delay\n")); 15748523fda3SJan Friedel } else { 15758523fda3SJan Friedel (void) printf(gettext("configured audit queue " 15768523fda3SJan Friedel "delay (ticks) = %ld\n"), qctrl.aq_delay); 15778523fda3SJan Friedel } 15788523fda3SJan Friedel } 15798523fda3SJan Friedel 15807c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 15818523fda3SJan Friedel (void) printf(gettext("active audit queue delay (ticks) = %ld\n"), 15829e3700dfSgww qctrl.aq_delay); 15837c478bd9Sstevel@tonic-gate } 15847c478bd9Sstevel@tonic-gate 15857c478bd9Sstevel@tonic-gate /* 15868523fda3SJan Friedel * do_getqhiwater() - print, relative to the current zone, the high water 15878523fda3SJan Friedel * point in undelivered audit records when audit generation will block. 15887c478bd9Sstevel@tonic-gate */ 15897c478bd9Sstevel@tonic-gate static void 15909e3700dfSgww do_getqhiwater(void) 15917c478bd9Sstevel@tonic-gate { 15927c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 15937c478bd9Sstevel@tonic-gate 15948523fda3SJan Friedel if (!temporary_set) { 15958523fda3SJan Friedel if (!do_getqhiwater_scf(&qctrl.aq_hiwater)) { 15968523fda3SJan Friedel exit_error(gettext("Could not get configured value.")); 15978523fda3SJan Friedel } 15988523fda3SJan Friedel 15998523fda3SJan Friedel if (qctrl.aq_hiwater == 0) { 16008523fda3SJan Friedel (void) printf(gettext( 16018523fda3SJan Friedel "no configured audit queue hiwater mark\n")); 16028523fda3SJan Friedel } else { 16038523fda3SJan Friedel (void) printf(gettext("configured audit queue " 16048523fda3SJan Friedel "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 16058523fda3SJan Friedel } 16068523fda3SJan Friedel } 16078523fda3SJan Friedel 16087c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 16098523fda3SJan Friedel (void) printf(gettext("active audit queue hiwater mark " 16108523fda3SJan Friedel "(records) = %d\n"), qctrl.aq_hiwater); 16117c478bd9Sstevel@tonic-gate } 16127c478bd9Sstevel@tonic-gate 16137c478bd9Sstevel@tonic-gate /* 16148523fda3SJan Friedel * do_getqlowater() - print, relative to the current zone, the low water point 16158523fda3SJan Friedel * in undelivered audit records where blocked processes will resume. 16167c478bd9Sstevel@tonic-gate */ 16177c478bd9Sstevel@tonic-gate static void 16189e3700dfSgww do_getqlowater(void) 16197c478bd9Sstevel@tonic-gate { 16207c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 16217c478bd9Sstevel@tonic-gate 16228523fda3SJan Friedel if (!temporary_set) { 16238523fda3SJan Friedel if (!do_getqlowater_scf(&qctrl.aq_lowater)) { 16248523fda3SJan Friedel exit_error(gettext("Could not get configured value.")); 16258523fda3SJan Friedel } 16268523fda3SJan Friedel 16278523fda3SJan Friedel if (qctrl.aq_lowater == 0) { 16288523fda3SJan Friedel (void) printf(gettext( 16298523fda3SJan Friedel "no configured audit queue lowater mark\n")); 16308523fda3SJan Friedel } else { 16318523fda3SJan Friedel (void) printf(gettext("configured audit queue " 16328523fda3SJan Friedel "lowater mark (records) = %d\n"), qctrl.aq_lowater); 16338523fda3SJan Friedel } 16348523fda3SJan Friedel } 16358523fda3SJan Friedel 16367c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 16378523fda3SJan Friedel (void) printf(gettext("active audit queue lowater mark " 16388523fda3SJan Friedel "(records) = %d\n"), qctrl.aq_lowater); 16397c478bd9Sstevel@tonic-gate } 16407c478bd9Sstevel@tonic-gate 16418523fda3SJan Friedel /* 16428523fda3SJan Friedel * do_getasid() - print out the audit session-ID. 16438523fda3SJan Friedel */ 16447c478bd9Sstevel@tonic-gate static void 16459e3700dfSgww do_getasid(void) 16467c478bd9Sstevel@tonic-gate { 16477c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 16487c478bd9Sstevel@tonic-gate 16497c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 16507c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 16517c478bd9Sstevel@tonic-gate } 16527c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 16537c478bd9Sstevel@tonic-gate } 16547c478bd9Sstevel@tonic-gate 16557c478bd9Sstevel@tonic-gate /* 16568523fda3SJan Friedel * do_getstat() - the printed statistics are for the entire system unless 16578523fda3SJan Friedel * AUDIT_PERZONE is set. 16587c478bd9Sstevel@tonic-gate */ 16597c478bd9Sstevel@tonic-gate static void 16609e3700dfSgww do_getstat(void) 16617c478bd9Sstevel@tonic-gate { 16627c478bd9Sstevel@tonic-gate au_stat_t as; 16639e3700dfSgww int offset[12]; /* used to line the header up correctly */ 16649e3700dfSgww char buf[512]; 16657c478bd9Sstevel@tonic-gate 16667c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 16679e3700dfSgww (void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu " 16689e3700dfSgww "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n", 16699e3700dfSgww (ulong_t)as.as_generated, &(offset[0]), 16709e3700dfSgww (ulong_t)as.as_nonattrib, &(offset[1]), 16719e3700dfSgww (ulong_t)as.as_kernel, &(offset[2]), 16729e3700dfSgww (ulong_t)as.as_audit, &(offset[3]), 16739e3700dfSgww (ulong_t)as.as_auditctl, &(offset[4]), 16749e3700dfSgww (ulong_t)as.as_enqueue, &(offset[5]), 16759e3700dfSgww (ulong_t)as.as_written, &(offset[6]), 16769e3700dfSgww (ulong_t)as.as_wblocked, &(offset[7]), 16779e3700dfSgww (ulong_t)as.as_rblocked, &(offset[8]), 16789e3700dfSgww (ulong_t)as.as_dropped, &(offset[9]), 16799e3700dfSgww (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 16809e3700dfSgww (ulong_t)as.as_memused / ONEK, &(offset[11])); 16819e3700dfSgww 16829e3700dfSgww /* 16839e3700dfSgww * TRANSLATION_NOTE 16849e3700dfSgww * Print a properly aligned header. 16859e3700dfSgww */ 16869e3700dfSgww (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n", 16878523fda3SJan Friedel offset[0] - 1, gettext("gen"), 16888523fda3SJan Friedel offset[1] - offset[0] -1, gettext("nona"), 16898523fda3SJan Friedel offset[2] - offset[1] -1, gettext("kern"), 16908523fda3SJan Friedel offset[3] - offset[2] -1, gettext("aud"), 16918523fda3SJan Friedel offset[4] - offset[3] -1, gettext("ctl"), 16928523fda3SJan Friedel offset[5] - offset[4] -1, gettext("enq"), 16938523fda3SJan Friedel offset[6] - offset[5] -1, gettext("wrtn"), 16948523fda3SJan Friedel offset[7] - offset[6] -1, gettext("wblk"), 16958523fda3SJan Friedel offset[8] - offset[7] -1, gettext("rblk"), 16968523fda3SJan Friedel offset[9] - offset[8] -1, gettext("drop"), 16978523fda3SJan Friedel offset[10] - offset[9] -1, gettext("tot"), 16988523fda3SJan Friedel offset[11] - offset[10], gettext("mem")); 16999e3700dfSgww 17009e3700dfSgww (void) printf("%s\n", buf); 17017c478bd9Sstevel@tonic-gate } 17027c478bd9Sstevel@tonic-gate 17038523fda3SJan Friedel /* 17048523fda3SJan Friedel * do_gettermid() - print audit terminal ID for current process. 17058523fda3SJan Friedel */ 17067c478bd9Sstevel@tonic-gate static void 17079e3700dfSgww do_gettermid(void) 17087c478bd9Sstevel@tonic-gate { 17097c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 17107c478bd9Sstevel@tonic-gate 17117c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 17127c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 17137c478bd9Sstevel@tonic-gate } 17147c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 17157c478bd9Sstevel@tonic-gate } 17167c478bd9Sstevel@tonic-gate 17177c478bd9Sstevel@tonic-gate /* 17188523fda3SJan Friedel * do_lsevent() - display the active kernel and user level audit event 17198523fda3SJan Friedel * information. The printed events are for the global zone unless AUDIT_PERZONE 17208523fda3SJan Friedel * is set. 17217c478bd9Sstevel@tonic-gate */ 17227c478bd9Sstevel@tonic-gate static void 17239e3700dfSgww do_lsevent(void) 17247c478bd9Sstevel@tonic-gate { 17257c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 17267c478bd9Sstevel@tonic-gate au_mask_t pmask; 17277c478bd9Sstevel@tonic-gate char auflags[256]; 17287c478bd9Sstevel@tonic-gate 17297c478bd9Sstevel@tonic-gate setauevent(); 17309e3700dfSgww if (getauevent() == NULL) { 17318523fda3SJan Friedel exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 17328523fda3SJan Friedel AUDITEVENTFILE); 17337c478bd9Sstevel@tonic-gate } 17347c478bd9Sstevel@tonic-gate 17357c478bd9Sstevel@tonic-gate setauevent(); 17369e3700dfSgww while ((evp = getauevent()) != NULL) { 17377c478bd9Sstevel@tonic-gate pmask.am_success = pmask.am_failure = evp->ae_class; 17387c478bd9Sstevel@tonic-gate if (getauditflagschar(auflags, &pmask, 0) == -1) 17397c478bd9Sstevel@tonic-gate (void) strcpy(auflags, "unknown"); 1740d0fa49b7STony Nguyen (void) printf("%-30s %5hu %s %s\n", 17419e3700dfSgww evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 17427c478bd9Sstevel@tonic-gate } 17437c478bd9Sstevel@tonic-gate endauevent(); 17447c478bd9Sstevel@tonic-gate } 17457c478bd9Sstevel@tonic-gate 17467c478bd9Sstevel@tonic-gate /* 17478523fda3SJan Friedel * do_lspolicy() - display the kernel audit policies with a description of each 17488523fda3SJan Friedel * policy. The printed value is for the global zone unless AUDIT_PERZONE is set. 17497c478bd9Sstevel@tonic-gate */ 17507c478bd9Sstevel@tonic-gate static void 17519e3700dfSgww do_lspolicy(void) 17527c478bd9Sstevel@tonic-gate { 17537c478bd9Sstevel@tonic-gate int i; 17547c478bd9Sstevel@tonic-gate 17557c478bd9Sstevel@tonic-gate /* 17567c478bd9Sstevel@tonic-gate * TRANSLATION_NOTE 17577c478bd9Sstevel@tonic-gate * Print a properly aligned header. 17587c478bd9Sstevel@tonic-gate */ 17597c478bd9Sstevel@tonic-gate (void) printf(gettext("policy string description:\n")); 176045916cd2Sjpk for (i = 0; i < POLICY_TBL_SZ; i++) { 176145916cd2Sjpk (void) printf("%-17s%s\n", policy_table[i].policy_str, 176245916cd2Sjpk gettext(policy_table[i].policy_desc)); 176345916cd2Sjpk } 17647c478bd9Sstevel@tonic-gate } 17657c478bd9Sstevel@tonic-gate 17668523fda3SJan Friedel /* 17678523fda3SJan Friedel * do_setasid() - execute shell or cmd with specified session-ID. 17688523fda3SJan Friedel */ 17697c478bd9Sstevel@tonic-gate static void 17709e3700dfSgww do_setasid(char *sid_str, char **argv) 17717c478bd9Sstevel@tonic-gate { 17727c478bd9Sstevel@tonic-gate struct auditinfo_addr ai; 17737c478bd9Sstevel@tonic-gate 17747c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 17757c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 17767c478bd9Sstevel@tonic-gate } 17777c478bd9Sstevel@tonic-gate ai.ai_asid = (au_asid_t)atol(sid_str); 17787c478bd9Sstevel@tonic-gate if (setaudit_addr(&ai, sizeof (ai))) { 17797c478bd9Sstevel@tonic-gate exit_error(gettext("setaudit_addr(2) failed")); 17807c478bd9Sstevel@tonic-gate } 17817c478bd9Sstevel@tonic-gate execit(argv); 17827c478bd9Sstevel@tonic-gate } 17837c478bd9Sstevel@tonic-gate 17848523fda3SJan Friedel /* 17858523fda3SJan Friedel * do_setaudit() - execute shell or cmd with specified audit characteristics. 17868523fda3SJan Friedel */ 17877c478bd9Sstevel@tonic-gate static void 17889e3700dfSgww do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str, 17899e3700dfSgww char **argv) 17907c478bd9Sstevel@tonic-gate { 17917c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 17927c478bd9Sstevel@tonic-gate 17937c478bd9Sstevel@tonic-gate ai.ai_auid = (au_id_t)get_user_id(user_str); 1794f8994074SJan Friedel egetauditflagsbin(mask_str, &ai.ai_mask), 17958523fda3SJan Friedel str2tid(tid_str, &ai.ai_termid); 17967c478bd9Sstevel@tonic-gate ai.ai_asid = (au_asid_t)atol(sid_str); 17977c478bd9Sstevel@tonic-gate 17987c478bd9Sstevel@tonic-gate esetaudit(&ai, sizeof (ai)); 17997c478bd9Sstevel@tonic-gate execit(argv); 18007c478bd9Sstevel@tonic-gate } 18017c478bd9Sstevel@tonic-gate 18028523fda3SJan Friedel /* 18038523fda3SJan Friedel * do_setauid() - execute shell or cmd with specified audit-ID. 18048523fda3SJan Friedel */ 18057c478bd9Sstevel@tonic-gate static void 18069e3700dfSgww do_setauid(char *user, char **argv) 18077c478bd9Sstevel@tonic-gate { 18087c478bd9Sstevel@tonic-gate au_id_t auid; 18097c478bd9Sstevel@tonic-gate 18107c478bd9Sstevel@tonic-gate auid = get_user_id(user); 18117c478bd9Sstevel@tonic-gate esetauid(&auid); 18127c478bd9Sstevel@tonic-gate execit(argv); 18137c478bd9Sstevel@tonic-gate } 18147c478bd9Sstevel@tonic-gate 18158523fda3SJan Friedel /* 18168523fda3SJan Friedel * do_setpmask() - set the preselection mask of the specified process; valid 18178523fda3SJan Friedel * per zone if AUDIT_PERZONE is set, else only in global zone. 18188523fda3SJan Friedel */ 18197c478bd9Sstevel@tonic-gate static void 1820f8994074SJan Friedel do_setpmask(char *pid_str, au_mask_t *mask) 18217c478bd9Sstevel@tonic-gate { 18227c478bd9Sstevel@tonic-gate struct auditpinfo ap; 18237c478bd9Sstevel@tonic-gate 1824f8994074SJan Friedel if (strisnum(pid_str)) { 18257c478bd9Sstevel@tonic-gate ap.ap_pid = (pid_t)atoi(pid_str); 1826f8994074SJan Friedel } else { 18277c478bd9Sstevel@tonic-gate exit_usage(1); 1828f8994074SJan Friedel } 18297c478bd9Sstevel@tonic-gate 1830f8994074SJan Friedel ap.ap_mask.am_success = mask->am_success; 1831f8994074SJan Friedel ap.ap_mask.am_failure = mask->am_failure; 18327c478bd9Sstevel@tonic-gate 1833f8994074SJan Friedel eauditon(A_SETPMASK, (caddr_t)&ap, sizeof (ap)); 18347c478bd9Sstevel@tonic-gate } 18357c478bd9Sstevel@tonic-gate 18368523fda3SJan Friedel /* 18378523fda3SJan Friedel * do_setsmask() - set the preselection mask of all processes with the specified 18388523fda3SJan Friedel * audit session-ID; valid per zone if AUDIT_PERZONE is set, else only in global 18398523fda3SJan Friedel * zone. 18408523fda3SJan Friedel */ 18417c478bd9Sstevel@tonic-gate static void 1842f8994074SJan Friedel do_setsmask(char *asid_str, au_mask_t *mask) 18437c478bd9Sstevel@tonic-gate { 18447c478bd9Sstevel@tonic-gate struct auditinfo ainfo; 18457c478bd9Sstevel@tonic-gate 1846f8994074SJan Friedel if (strisnum(asid_str)) { 1847d0fa49b7STony Nguyen ainfo.ai_asid = (au_asid_t)atoi(asid_str); 1848f8994074SJan Friedel } else { 18497c478bd9Sstevel@tonic-gate exit_usage(1); 1850f8994074SJan Friedel } 18517c478bd9Sstevel@tonic-gate 1852f8994074SJan Friedel ainfo.ai_mask.am_success = mask->am_success; 1853f8994074SJan Friedel ainfo.ai_mask.am_failure = mask->am_failure; 18547c478bd9Sstevel@tonic-gate 1855f8994074SJan Friedel eauditon(A_SETSMASK, (caddr_t)&ainfo, sizeof (ainfo)); 18567c478bd9Sstevel@tonic-gate } 18577c478bd9Sstevel@tonic-gate 18588523fda3SJan Friedel /* 18598523fda3SJan Friedel * do_setumask() - set the preselection mask of all processes with the 18608523fda3SJan Friedel * specified audit-ID; valid per zone if AUDIT_PERZONE is set, else only in 18618523fda3SJan Friedel * global zone. 18628523fda3SJan Friedel */ 18637c478bd9Sstevel@tonic-gate static void 1864f8994074SJan Friedel do_setumask(char *auid_str, au_mask_t *mask) 18657c478bd9Sstevel@tonic-gate { 18667c478bd9Sstevel@tonic-gate struct auditinfo ainfo; 18677c478bd9Sstevel@tonic-gate 1868f8994074SJan Friedel if (strisnum(auid_str)) { 1869d0fa49b7STony Nguyen ainfo.ai_auid = (au_id_t)atoi(auid_str); 1870f8994074SJan Friedel } else { 18717c478bd9Sstevel@tonic-gate exit_usage(1); 1872f8994074SJan Friedel } 18737c478bd9Sstevel@tonic-gate 1874f8994074SJan Friedel ainfo.ai_mask.am_success = mask->am_success; 1875f8994074SJan Friedel ainfo.ai_mask.am_failure = mask->am_failure; 18767c478bd9Sstevel@tonic-gate 1877f8994074SJan Friedel eauditon(A_SETUMASK, (caddr_t)&ainfo, sizeof (ainfo)); 18787c478bd9Sstevel@tonic-gate } 18797c478bd9Sstevel@tonic-gate 18807c478bd9Sstevel@tonic-gate /* 18818523fda3SJan Friedel * do_setstat() - reset audit statistics counters; local zone use is valid if 18828523fda3SJan Friedel * AUDIT_PERZONE is set, otherwise the syscall returns EPERM. 18837c478bd9Sstevel@tonic-gate */ 18847c478bd9Sstevel@tonic-gate static void 18859e3700dfSgww do_setstat(void) 18867c478bd9Sstevel@tonic-gate { 18877c478bd9Sstevel@tonic-gate au_stat_t as; 18887c478bd9Sstevel@tonic-gate 18897c478bd9Sstevel@tonic-gate as.as_audit = (uint_t)-1; 18907c478bd9Sstevel@tonic-gate as.as_auditctl = (uint_t)-1; 18917c478bd9Sstevel@tonic-gate as.as_dropped = (uint_t)-1; 18927c478bd9Sstevel@tonic-gate as.as_enqueue = (uint_t)-1; 18937c478bd9Sstevel@tonic-gate as.as_generated = (uint_t)-1; 18947c478bd9Sstevel@tonic-gate as.as_kernel = (uint_t)-1; 18957c478bd9Sstevel@tonic-gate as.as_nonattrib = (uint_t)-1; 18967c478bd9Sstevel@tonic-gate as.as_rblocked = (uint_t)-1; 18977c478bd9Sstevel@tonic-gate as.as_totalsize = (uint_t)-1; 18987c478bd9Sstevel@tonic-gate as.as_wblocked = (uint_t)-1; 18997c478bd9Sstevel@tonic-gate as.as_written = (uint_t)-1; 19007c478bd9Sstevel@tonic-gate 1901f8994074SJan Friedel eauditon(A_SETSTAT, (caddr_t)&as, sizeof (as)); 19029e3700dfSgww (void) printf("%s\n", gettext("audit stats reset")); 19037c478bd9Sstevel@tonic-gate } 19047c478bd9Sstevel@tonic-gate 19057c478bd9Sstevel@tonic-gate /* 19068523fda3SJan Friedel * do_setclass() - map the kernel event event_str to the classes specified by 1907f8994074SJan Friedel * audit flags (mask); valid per zone if AUDIT_PERZONE is set, else only in 19088523fda3SJan Friedel * global zone. 19097c478bd9Sstevel@tonic-gate */ 19107c478bd9Sstevel@tonic-gate static void 1911f8994074SJan Friedel do_setclass(char *event_str, au_mask_t *mask) 19127c478bd9Sstevel@tonic-gate { 19137c478bd9Sstevel@tonic-gate au_event_t event; 19147c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 19157c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 19167c478bd9Sstevel@tonic-gate 1917f8994074SJan Friedel if (strisnum(event_str)) { 19187c478bd9Sstevel@tonic-gate event = (uint_t)atol(event_str); 1919f8994074SJan Friedel } else { 1920f8994074SJan Friedel if ((evp = egetauevnam(event_str)) != NULL) { 19217c478bd9Sstevel@tonic-gate event = evp->ae_number; 1922f8994074SJan Friedel } 19237c478bd9Sstevel@tonic-gate } 19247c478bd9Sstevel@tonic-gate 19257c478bd9Sstevel@tonic-gate ec.ec_number = event; 1926f8994074SJan Friedel ec.ec_class = (mask->am_success | mask->am_failure); 1927f8994074SJan Friedel 1928f8994074SJan Friedel eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec)); 19297c478bd9Sstevel@tonic-gate } 19307c478bd9Sstevel@tonic-gate 19317c478bd9Sstevel@tonic-gate /* 1932f8994074SJan Friedel * do_setflags() - set configured and active default user preselection masks; 1933f8994074SJan Friedel * valid per zone if AUDIT_PERZONE is set, else only in global zone. 1934f8994074SJan Friedel */ 1935f8994074SJan Friedel static void 1936f8994074SJan Friedel do_setflags(char *audit_flags, au_mask_t *amask) 1937f8994074SJan Friedel { 1938f8994074SJan Friedel eauditon(A_SETAMASK, (caddr_t)amask, sizeof (*amask)); 1939f8994074SJan Friedel 1940f8994074SJan Friedel if (!do_setflags_scf(audit_flags)) { 1941f8994074SJan Friedel print_mask(gettext("active user default audit flags"), amask); 1942f8994074SJan Friedel exit_error(gettext("Could not store configuration value.")); 1943f8994074SJan Friedel } 1944f8994074SJan Friedel print_mask(gettext("user default audit flags"), amask); 1945f8994074SJan Friedel } 1946f8994074SJan Friedel 1947f8994074SJan Friedel /* 1948f8994074SJan Friedel * do_setkmask() - set non-attributable audit flags of machine; valid per zone 19498523fda3SJan Friedel * if AUDIT_PERZONE is set, else only in global zone. 19507c478bd9Sstevel@tonic-gate */ 19517c478bd9Sstevel@tonic-gate static void 1952f8994074SJan Friedel do_setkmask(au_mask_t *pmask) 19537c478bd9Sstevel@tonic-gate { 1954f8994074SJan Friedel eauditon(A_SETKMASK, (caddr_t)pmask, sizeof (*pmask)); 1955f8994074SJan Friedel print_mask(gettext("active non-attributable audit flags"), pmask); 1956f8994074SJan Friedel } 19577c478bd9Sstevel@tonic-gate 1958f8994074SJan Friedel /* 1959f8994074SJan Friedel * do_setnaflags() - set configured and active non-attributable selection flags 1960f8994074SJan Friedel * of machine; valid per zone if AUDIT_PERZONE is set, else only in global zone. 1961f8994074SJan Friedel */ 1962f8994074SJan Friedel static void 1963f8994074SJan Friedel do_setnaflags(char *audit_naflags, au_mask_t *namask) 1964f8994074SJan Friedel { 1965f8994074SJan Friedel eauditon(A_SETKMASK, (caddr_t)namask, sizeof (*namask)); 1966f8994074SJan Friedel 1967f8994074SJan Friedel if (!do_setnaflags_scf(audit_naflags)) { 1968f8994074SJan Friedel print_mask( 1969f8994074SJan Friedel gettext("active non-attributable audit flags"), namask); 1970f8994074SJan Friedel exit_error(gettext("Could not store configuration value.")); 1971f8994074SJan Friedel } 1972f8994074SJan Friedel print_mask(gettext("non-attributable audit flags"), namask); 1973f8994074SJan Friedel } 1974f8994074SJan Friedel 1975f8994074SJan Friedel /* 1976f8994074SJan Friedel * do_setplugin() - set the given plugin plugin_str configuration values. 1977f8994074SJan Friedel */ 1978f8994074SJan Friedel static void 1979f8994074SJan Friedel do_setplugin(char *plugin_str, boolean_t plugin_state, char *plugin_attr, 1980f8994074SJan Friedel int plugin_qsize) 1981f8994074SJan Friedel { 1982f8994074SJan Friedel if (!do_setpluginconfig_scf(plugin_str, plugin_state, plugin_attr, 1983f8994074SJan Friedel plugin_qsize)) { 1984f8994074SJan Friedel exit_error(gettext("Could not set plugin configuration.")); 1985f8994074SJan Friedel } 19867c478bd9Sstevel@tonic-gate } 19877c478bd9Sstevel@tonic-gate 19887c478bd9Sstevel@tonic-gate /* 19898523fda3SJan Friedel * do_setpolicy() - set the active and configured kernel audit policy; active 19908523fda3SJan Friedel * values can be changed per zone if AUDIT_PERZONE is set, else only in global 19918523fda3SJan Friedel * zone. 19928523fda3SJan Friedel * 19938523fda3SJan Friedel * ahlt and perzone are global zone only. The kernel ensures that a local zone 19948523fda3SJan Friedel * can't change ahlt and perzone (EINVAL). 19957c478bd9Sstevel@tonic-gate */ 19967c478bd9Sstevel@tonic-gate static void 19979e3700dfSgww do_setpolicy(char *policy_str) 19987c478bd9Sstevel@tonic-gate { 19998523fda3SJan Friedel uint32_t policy = 0; 20007c478bd9Sstevel@tonic-gate 20017c478bd9Sstevel@tonic-gate switch (str2policy(policy_str, &policy)) { 20028523fda3SJan Friedel case 0: 20038523fda3SJan Friedel if (!temporary_set) { 20048523fda3SJan Friedel if (!do_getpolicy_scf(&policy)) { 20058523fda3SJan Friedel exit_error(gettext("Unable to get current " 20068523fda3SJan Friedel "policy values from the SMF repository")); 20078523fda3SJan Friedel } 20088523fda3SJan Friedel (void) str2policy(policy_str, &policy); 20098523fda3SJan Friedel 20108523fda3SJan Friedel if (!do_setpolicy_scf(policy)) { 20118523fda3SJan Friedel exit_error(gettext("Could not store " 20128523fda3SJan Friedel "configuration values.")); 20138523fda3SJan Friedel } 20148523fda3SJan Friedel } 20158523fda3SJan Friedel eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 20168523fda3SJan Friedel break; 20177c478bd9Sstevel@tonic-gate case 2: 20188523fda3SJan Friedel exit_error(gettext("policy (%s) invalid in a local zone."), 20198523fda3SJan Friedel policy_str); 20207c478bd9Sstevel@tonic-gate break; 20217c478bd9Sstevel@tonic-gate default: 20228523fda3SJan Friedel exit_error(gettext("Invalid policy (%s) specified."), 20237c478bd9Sstevel@tonic-gate policy_str); 20247c478bd9Sstevel@tonic-gate break; 20257c478bd9Sstevel@tonic-gate } 20267c478bd9Sstevel@tonic-gate } 20277c478bd9Sstevel@tonic-gate 20287c478bd9Sstevel@tonic-gate /* 20298523fda3SJan Friedel * do_setqbufsz() - set the active and configured audit queue write buffer size 20308523fda3SJan Friedel * (bytes); active values can be changed per zone if AUDIT_PERZONE is set, else 20318523fda3SJan Friedel * only in global zone. 20327c478bd9Sstevel@tonic-gate */ 20337c478bd9Sstevel@tonic-gate static void 20349e3700dfSgww do_setqbufsz(char *bufsz) 20357c478bd9Sstevel@tonic-gate { 20367c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 20377c478bd9Sstevel@tonic-gate 20388523fda3SJan Friedel if (!temporary_set) { 20398523fda3SJan Friedel qctrl.aq_bufsz = (size_t)atol(bufsz); 20408523fda3SJan Friedel if (!do_setqbufsz_scf(&qctrl.aq_bufsz)) { 20418523fda3SJan Friedel exit_error(gettext( 20428523fda3SJan Friedel "Could not store configuration value.")); 20438523fda3SJan Friedel } 2044be61b9faSJan Friedel if (qctrl.aq_bufsz == 0) { 2045be61b9faSJan Friedel return; 2046be61b9faSJan Friedel } 20478523fda3SJan Friedel } 20488523fda3SJan Friedel 20497c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 20508523fda3SJan Friedel qctrl.aq_bufsz = (size_t)atol(bufsz); 20517c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 20527c478bd9Sstevel@tonic-gate } 20537c478bd9Sstevel@tonic-gate 20547c478bd9Sstevel@tonic-gate /* 20558523fda3SJan Friedel * do_setqctrl() - set the active and configured audit queue write buffer size 20568523fda3SJan Friedel * (bytes), hiwater audit record count, lowater audit record count, and wakeup 20578523fda3SJan Friedel * interval (ticks); active values can be changed per zone if AUDIT_PERZONE is 20588523fda3SJan Friedel * set, else only in global zone. 20597c478bd9Sstevel@tonic-gate */ 20607c478bd9Sstevel@tonic-gate static void 20619e3700dfSgww do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay) 20627c478bd9Sstevel@tonic-gate { 20638523fda3SJan Friedel struct au_qctrl qctrl; 20648523fda3SJan Friedel 20658523fda3SJan Friedel qctrl.aq_hiwater = (size_t)atol(hiwater); 20668523fda3SJan Friedel qctrl.aq_lowater = (size_t)atol(lowater); 20678523fda3SJan Friedel qctrl.aq_bufsz = (size_t)atol(bufsz); 20688523fda3SJan Friedel qctrl.aq_delay = (clock_t)atol(delay); 20698523fda3SJan Friedel 20708523fda3SJan Friedel if (!temporary_set) { 2071be61b9faSJan Friedel struct au_qctrl qctrl_act; 2072be61b9faSJan Friedel 20738523fda3SJan Friedel if (!do_setqctrl_scf(&qctrl)) { 20748523fda3SJan Friedel exit_error(gettext( 20758523fda3SJan Friedel "Could not store configuration values.")); 20768523fda3SJan Friedel } 2077be61b9faSJan Friedel 2078be61b9faSJan Friedel eauditon(A_GETQCTRL, (caddr_t)&qctrl_act, 0); 2079be61b9faSJan Friedel if (qctrl.aq_hiwater == 0) { 2080be61b9faSJan Friedel qctrl.aq_hiwater = qctrl_act.aq_hiwater; 2081be61b9faSJan Friedel } 2082be61b9faSJan Friedel if (qctrl.aq_lowater == 0) { 2083be61b9faSJan Friedel qctrl.aq_lowater = qctrl_act.aq_lowater; 2084be61b9faSJan Friedel } 2085be61b9faSJan Friedel if (qctrl.aq_bufsz == 0) { 2086be61b9faSJan Friedel qctrl.aq_bufsz = qctrl_act.aq_bufsz; 2087be61b9faSJan Friedel } 2088be61b9faSJan Friedel if (qctrl.aq_delay == 0) { 2089be61b9faSJan Friedel qctrl.aq_delay = qctrl_act.aq_delay; 2090be61b9faSJan Friedel } 20918523fda3SJan Friedel } 20927c478bd9Sstevel@tonic-gate 20937c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 20947c478bd9Sstevel@tonic-gate } 20957c478bd9Sstevel@tonic-gate 20967c478bd9Sstevel@tonic-gate /* 20978523fda3SJan Friedel * do_setqdelay() - set the active and configured audit queue wakeup interval 20988523fda3SJan Friedel * (ticks); active values can be changed per zone if AUDIT_PERZONE is set, else 20998523fda3SJan Friedel * only in global zone. 21007c478bd9Sstevel@tonic-gate */ 21017c478bd9Sstevel@tonic-gate static void 21029e3700dfSgww do_setqdelay(char *delay) 21037c478bd9Sstevel@tonic-gate { 21047c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 21057c478bd9Sstevel@tonic-gate 21068523fda3SJan Friedel if (!temporary_set) { 21078523fda3SJan Friedel qctrl.aq_delay = (clock_t)atol(delay); 21088523fda3SJan Friedel if (!do_setqdelay_scf(&qctrl.aq_delay)) { 21098523fda3SJan Friedel exit_error(gettext( 21108523fda3SJan Friedel "Could not store configuration value.")); 21118523fda3SJan Friedel } 2112be61b9faSJan Friedel if (qctrl.aq_delay == 0) { 2113be61b9faSJan Friedel return; 2114be61b9faSJan Friedel } 21158523fda3SJan Friedel } 21168523fda3SJan Friedel 21177c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 21188523fda3SJan Friedel qctrl.aq_delay = (clock_t)atol(delay); 21197c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 21207c478bd9Sstevel@tonic-gate } 21217c478bd9Sstevel@tonic-gate 21227c478bd9Sstevel@tonic-gate /* 21238523fda3SJan Friedel * do_setqhiwater() - sets the active and configured number of undelivered audit 21248523fda3SJan Friedel * records in the audit queue at which audit record generation blocks; active 21258523fda3SJan Friedel * values can be changed per zone if AUDIT_PERZONE is set, else only in global 21268523fda3SJan Friedel * zone. 21277c478bd9Sstevel@tonic-gate */ 21287c478bd9Sstevel@tonic-gate static void 21299e3700dfSgww do_setqhiwater(char *hiwater) 21307c478bd9Sstevel@tonic-gate { 21317c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 21327c478bd9Sstevel@tonic-gate 21338523fda3SJan Friedel if (!temporary_set) { 21348523fda3SJan Friedel qctrl.aq_hiwater = (size_t)atol(hiwater); 21358523fda3SJan Friedel if (!do_setqhiwater_scf(&qctrl.aq_hiwater)) { 21368523fda3SJan Friedel exit_error(gettext( 21378523fda3SJan Friedel "Could not store configuration value.")); 21388523fda3SJan Friedel } 2139be61b9faSJan Friedel if (qctrl.aq_hiwater == 0) { 2140be61b9faSJan Friedel return; 2141be61b9faSJan Friedel } 21428523fda3SJan Friedel } 21438523fda3SJan Friedel 21447c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 21458523fda3SJan Friedel qctrl.aq_hiwater = (size_t)atol(hiwater); 21467c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 21477c478bd9Sstevel@tonic-gate } 21487c478bd9Sstevel@tonic-gate 21497c478bd9Sstevel@tonic-gate /* 21508523fda3SJan Friedel * do_setqlowater() - set the active and configured number of undelivered audit 21518523fda3SJan Friedel * records in the audit queue at which blocked auditing processes unblock; 21528523fda3SJan Friedel * active values can be changed per zone if AUDIT_PERZONE is set, else only in 21538523fda3SJan Friedel * global zone. 21547c478bd9Sstevel@tonic-gate */ 21557c478bd9Sstevel@tonic-gate static void 21569e3700dfSgww do_setqlowater(char *lowater) 21577c478bd9Sstevel@tonic-gate { 21587c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 21597c478bd9Sstevel@tonic-gate 21608523fda3SJan Friedel if (!temporary_set) { 21618523fda3SJan Friedel qctrl.aq_lowater = (size_t)atol(lowater); 21628523fda3SJan Friedel if (!do_setqlowater_scf(&qctrl.aq_lowater)) { 21638523fda3SJan Friedel exit_error(gettext( 21648523fda3SJan Friedel "Could not store configuration value.")); 21658523fda3SJan Friedel } 2166be61b9faSJan Friedel if (qctrl.aq_lowater == 0) { 2167be61b9faSJan Friedel return; 2168be61b9faSJan Friedel } 21698523fda3SJan Friedel } 21708523fda3SJan Friedel 21717c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 21728523fda3SJan Friedel qctrl.aq_lowater = (size_t)atol(lowater); 21737c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 21747c478bd9Sstevel@tonic-gate } 21757c478bd9Sstevel@tonic-gate 21767c478bd9Sstevel@tonic-gate static void 21779e3700dfSgww eauditon(int cmd, caddr_t data, int length) 21787c478bd9Sstevel@tonic-gate { 21797c478bd9Sstevel@tonic-gate if (auditon(cmd, data, length) == -1) 21807c478bd9Sstevel@tonic-gate exit_error(gettext("auditon(2) failed.")); 21817c478bd9Sstevel@tonic-gate } 21827c478bd9Sstevel@tonic-gate 21837c478bd9Sstevel@tonic-gate static void 21849e3700dfSgww egetauid(au_id_t *auid) 21857c478bd9Sstevel@tonic-gate { 21867c478bd9Sstevel@tonic-gate if (getauid(auid) == -1) 21877c478bd9Sstevel@tonic-gate exit_error(gettext("getauid(2) failed.")); 21887c478bd9Sstevel@tonic-gate } 21897c478bd9Sstevel@tonic-gate 21907c478bd9Sstevel@tonic-gate static void 21919e3700dfSgww egetaudit(auditinfo_addr_t *ai, int size) 21927c478bd9Sstevel@tonic-gate { 21937c478bd9Sstevel@tonic-gate if (getaudit_addr(ai, size) == -1) 21947c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed.")); 21957c478bd9Sstevel@tonic-gate } 21967c478bd9Sstevel@tonic-gate 21977c478bd9Sstevel@tonic-gate static void 21989e3700dfSgww egetkaudit(auditinfo_addr_t *ai, int size) 21997c478bd9Sstevel@tonic-gate { 22007c478bd9Sstevel@tonic-gate if (auditon(A_GETKAUDIT, (char *)ai, size) < 0) 22017c478bd9Sstevel@tonic-gate exit_error(gettext("auditon: A_GETKAUDIT failed.")); 22027c478bd9Sstevel@tonic-gate } 22037c478bd9Sstevel@tonic-gate 22047c478bd9Sstevel@tonic-gate static void 22059e3700dfSgww esetkaudit(auditinfo_addr_t *ai, int size) 22067c478bd9Sstevel@tonic-gate { 22077c478bd9Sstevel@tonic-gate if (auditon(A_SETKAUDIT, (char *)ai, size) < 0) 22087c478bd9Sstevel@tonic-gate exit_error(gettext("auditon: A_SETKAUDIT failed.")); 22097c478bd9Sstevel@tonic-gate } 22107c478bd9Sstevel@tonic-gate 22117c478bd9Sstevel@tonic-gate static void 22129e3700dfSgww egetauditflagsbin(char *auditflags, au_mask_t *pmask) 22137c478bd9Sstevel@tonic-gate { 2214f8994074SJan Friedel if (strcmp(auditflags, "none") == 0) { 2215f8994074SJan Friedel pmask->am_success = pmask->am_failure = 0; 22167c478bd9Sstevel@tonic-gate return; 2217f8994074SJan Friedel } 22187c478bd9Sstevel@tonic-gate 22197c478bd9Sstevel@tonic-gate if (getauditflagsbin(auditflags, pmask) < 0) { 22207c478bd9Sstevel@tonic-gate exit_error(gettext("Could not get audit flags (%s)"), 22219e3700dfSgww auditflags); 22227c478bd9Sstevel@tonic-gate } 22237c478bd9Sstevel@tonic-gate } 22247c478bd9Sstevel@tonic-gate 2225f8994074SJan Friedel static void 2226f8994074SJan Friedel echkflags(char *auditflags, au_mask_t *mask) 2227f8994074SJan Friedel { 2228f8994074SJan Friedel char *err = ""; 2229f8994074SJan Friedel char *err_ptr; 2230f8994074SJan Friedel 2231f8994074SJan Friedel if (!__chkflags(auditflags, mask, B_FALSE, &err)) { 2232f8994074SJan Friedel err_ptr = err; 2233f8994074SJan Friedel while (*err_ptr != ',' && *err_ptr != '\0') { 2234f8994074SJan Friedel err_ptr++; 2235f8994074SJan Friedel } 2236f8994074SJan Friedel *err_ptr = '\0'; 2237f8994074SJan Friedel exit_error(gettext("Unknown audit flags and/or prefixes " 2238f8994074SJan Friedel "encountered: %s"), err); 2239f8994074SJan Friedel } 2240f8994074SJan Friedel } 2241f8994074SJan Friedel 22427c478bd9Sstevel@tonic-gate static au_event_ent_t * 22439e3700dfSgww egetauevnum(au_event_t event_number) 22447c478bd9Sstevel@tonic-gate { 22457c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 22467c478bd9Sstevel@tonic-gate 22479e3700dfSgww if ((evp = getauevnum(event_number)) == NULL) { 2248d0fa49b7STony Nguyen exit_error(gettext("Could not get audit event %hu"), 22499e3700dfSgww event_number); 22509e3700dfSgww } 22517c478bd9Sstevel@tonic-gate 22527c478bd9Sstevel@tonic-gate return (evp); 22537c478bd9Sstevel@tonic-gate } 22547c478bd9Sstevel@tonic-gate 22557c478bd9Sstevel@tonic-gate static au_event_ent_t * 22569e3700dfSgww egetauevnam(char *event_name) 22577c478bd9Sstevel@tonic-gate { 22587c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 22597c478bd9Sstevel@tonic-gate 22609e3700dfSgww if ((evp = getauevnam(event_name)) == NULL) 22617c478bd9Sstevel@tonic-gate exit_error(gettext("Could not get audit event %s"), event_name); 22627c478bd9Sstevel@tonic-gate 22637c478bd9Sstevel@tonic-gate return (evp); 22647c478bd9Sstevel@tonic-gate } 22657c478bd9Sstevel@tonic-gate 22667c478bd9Sstevel@tonic-gate static void 22679e3700dfSgww esetauid(au_id_t *auid) 22687c478bd9Sstevel@tonic-gate { 22697c478bd9Sstevel@tonic-gate if (setauid(auid) == -1) 22707c478bd9Sstevel@tonic-gate exit_error(gettext("setauid(2) failed.")); 22717c478bd9Sstevel@tonic-gate } 22727c478bd9Sstevel@tonic-gate 22737c478bd9Sstevel@tonic-gate static void 22749e3700dfSgww esetaudit(auditinfo_addr_t *ai, int size) 22757c478bd9Sstevel@tonic-gate { 22767c478bd9Sstevel@tonic-gate if (setaudit_addr(ai, size) == -1) 22777c478bd9Sstevel@tonic-gate exit_error(gettext("setaudit_addr(2) failed.")); 22787c478bd9Sstevel@tonic-gate } 22797c478bd9Sstevel@tonic-gate 22807c478bd9Sstevel@tonic-gate static uid_t 22819e3700dfSgww get_user_id(char *user) 22827c478bd9Sstevel@tonic-gate { 22837c478bd9Sstevel@tonic-gate struct passwd *pwd; 22847c478bd9Sstevel@tonic-gate uid_t uid; 22857c478bd9Sstevel@tonic-gate 22867c478bd9Sstevel@tonic-gate if (isdigit(*user)) { 22877c478bd9Sstevel@tonic-gate uid = atoi(user); 22889e3700dfSgww if ((pwd = getpwuid(uid)) == NULL) { 22897c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid user: %s"), user); 22907c478bd9Sstevel@tonic-gate } 22917c478bd9Sstevel@tonic-gate } else { 22929e3700dfSgww if ((pwd = getpwnam(user)) == NULL) { 22937c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid user: %s"), user); 22947c478bd9Sstevel@tonic-gate } 22957c478bd9Sstevel@tonic-gate } 22967c478bd9Sstevel@tonic-gate 22977c478bd9Sstevel@tonic-gate return (pwd->pw_uid); 22987c478bd9Sstevel@tonic-gate } 22997c478bd9Sstevel@tonic-gate 23007c478bd9Sstevel@tonic-gate /* 23017c478bd9Sstevel@tonic-gate * get_arg_ent() 23027c478bd9Sstevel@tonic-gate * Inputs: command line argument string 23038523fda3SJan Friedel * Returns ptr to struct arg_entry if found; null, if not found 23047c478bd9Sstevel@tonic-gate */ 23058523fda3SJan Friedel static arg_entry_t * 23069e3700dfSgww get_arg_ent(char *arg_str) 23077c478bd9Sstevel@tonic-gate { 23088523fda3SJan Friedel arg_entry_t key; 23097c478bd9Sstevel@tonic-gate 23107c478bd9Sstevel@tonic-gate key.arg_str = arg_str; 23117c478bd9Sstevel@tonic-gate 23128523fda3SJan Friedel return ((arg_entry_t *)bsearch((char *)&key, (char *)arg_table, 23138523fda3SJan Friedel ARG_TBL_SZ, sizeof (arg_entry_t), arg_ent_compare)); 23147c478bd9Sstevel@tonic-gate } 23157c478bd9Sstevel@tonic-gate 23167c478bd9Sstevel@tonic-gate /* 23177c478bd9Sstevel@tonic-gate * arg_ent_compare() 23187c478bd9Sstevel@tonic-gate * Compares two command line arguments to determine which is 23197c478bd9Sstevel@tonic-gate * lexicographically greater. 23207c478bd9Sstevel@tonic-gate * Inputs: two argument map table entry pointers 23217c478bd9Sstevel@tonic-gate * Returns: > 1: aep1->arg_str > aep2->arg_str 23227c478bd9Sstevel@tonic-gate * < 1: aep1->arg_str < aep2->arg_str 23237c478bd9Sstevel@tonic-gate * 0: aep1->arg_str = aep->arg_str2 23247c478bd9Sstevel@tonic-gate */ 23257c478bd9Sstevel@tonic-gate static int 23269e3700dfSgww arg_ent_compare(const void *aep1, const void *aep2) 23277c478bd9Sstevel@tonic-gate { 23288523fda3SJan Friedel return (strcmp(((arg_entry_t *)aep1)->arg_str, 23298523fda3SJan Friedel ((arg_entry_t *)aep2)->arg_str)); 23307c478bd9Sstevel@tonic-gate } 23317c478bd9Sstevel@tonic-gate 23327c478bd9Sstevel@tonic-gate /* 23337c478bd9Sstevel@tonic-gate * tid_str is major,minor,host -- host is a name or an ip address 23347c478bd9Sstevel@tonic-gate */ 23357c478bd9Sstevel@tonic-gate static void 23367c478bd9Sstevel@tonic-gate str2tid(char *tid_str, au_tid_addr_t *tp) 23377c478bd9Sstevel@tonic-gate { 23389e3700dfSgww char *major_str; 23399e3700dfSgww char *minor_str; 23409e3700dfSgww char *host_str = NULL; 23417c478bd9Sstevel@tonic-gate major_t major = 0; 23427c478bd9Sstevel@tonic-gate major_t minor = 0; 23437c478bd9Sstevel@tonic-gate dev_t dev = 0; 23447c478bd9Sstevel@tonic-gate struct hostent *phe; 23457c478bd9Sstevel@tonic-gate int err; 23467c478bd9Sstevel@tonic-gate uint32_t ibuf; 23477c478bd9Sstevel@tonic-gate uint32_t ibuf6[4]; 23487c478bd9Sstevel@tonic-gate 23497c478bd9Sstevel@tonic-gate tp->at_port = 0; 23507c478bd9Sstevel@tonic-gate tp->at_type = 0; 23517c478bd9Sstevel@tonic-gate bzero(tp->at_addr, 16); 23527c478bd9Sstevel@tonic-gate 23537c478bd9Sstevel@tonic-gate major_str = tid_str; 23547c478bd9Sstevel@tonic-gate if ((minor_str = strchr(tid_str, ',')) != NULL) { 23557c478bd9Sstevel@tonic-gate *minor_str = '\0'; 23567c478bd9Sstevel@tonic-gate minor_str++; 23577c478bd9Sstevel@tonic-gate } 23587c478bd9Sstevel@tonic-gate 23599e3700dfSgww if (minor_str) { 23607c478bd9Sstevel@tonic-gate if ((host_str = strchr(minor_str, ',')) != NULL) { 23617c478bd9Sstevel@tonic-gate *host_str = '\0'; 23627c478bd9Sstevel@tonic-gate host_str++; 23637c478bd9Sstevel@tonic-gate } 23649e3700dfSgww } 23657c478bd9Sstevel@tonic-gate 23667c478bd9Sstevel@tonic-gate if (major_str) 23677c478bd9Sstevel@tonic-gate major = (major_t)atoi(major_str); 23687c478bd9Sstevel@tonic-gate 23697c478bd9Sstevel@tonic-gate if (minor_str) 23707c478bd9Sstevel@tonic-gate minor = (minor_t)atoi(minor_str); 23717c478bd9Sstevel@tonic-gate 23727c478bd9Sstevel@tonic-gate if ((dev = makedev(major, minor)) != NODEV) 23737c478bd9Sstevel@tonic-gate tp->at_port = dev; 23747c478bd9Sstevel@tonic-gate 23757c478bd9Sstevel@tonic-gate if (host_str) { 23767c478bd9Sstevel@tonic-gate if (strisipaddr(host_str)) { 23779e3700dfSgww if (inet_pton(AF_INET, host_str, &ibuf)) { 23789e3700dfSgww tp->at_addr[0] = ibuf; 23799e3700dfSgww tp->at_type = AU_IPv4; 23809e3700dfSgww } else if (inet_pton(AF_INET6, host_str, ibuf6)) { 23819e3700dfSgww tp->at_addr[0] = ibuf6[0]; 23829e3700dfSgww tp->at_addr[1] = ibuf6[1]; 23839e3700dfSgww tp->at_addr[2] = ibuf6[2]; 23849e3700dfSgww tp->at_addr[3] = ibuf6[3]; 23859e3700dfSgww tp->at_type = AU_IPv6; 23869e3700dfSgww } 23877c478bd9Sstevel@tonic-gate } else { 23887c478bd9Sstevel@tonic-gate phe = getipnodebyname((const void *)host_str, 23899e3700dfSgww AF_INET, 0, &err); 23907c478bd9Sstevel@tonic-gate if (phe == 0) { 23917c478bd9Sstevel@tonic-gate phe = getipnodebyname((const void *)host_str, 23929e3700dfSgww AF_INET6, 0, &err); 23937c478bd9Sstevel@tonic-gate } 23947c478bd9Sstevel@tonic-gate 23957c478bd9Sstevel@tonic-gate if (phe != NULL) { 23967c478bd9Sstevel@tonic-gate if (phe->h_addrtype == AF_INET6) { 23977c478bd9Sstevel@tonic-gate /* address is IPv6 (128 bits) */ 23987c478bd9Sstevel@tonic-gate (void) memcpy(&tp->at_addr[0], 23999e3700dfSgww phe->h_addr_list[0], 16); 24007c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv6; 24017c478bd9Sstevel@tonic-gate } else { 24027c478bd9Sstevel@tonic-gate /* address is IPv4 (32 bits) */ 24037c478bd9Sstevel@tonic-gate (void) memcpy(&tp->at_addr[0], 24049e3700dfSgww phe->h_addr_list[0], 4); 24057c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv4; 24067c478bd9Sstevel@tonic-gate } 24077c478bd9Sstevel@tonic-gate freehostent(phe); 24087c478bd9Sstevel@tonic-gate } 24097c478bd9Sstevel@tonic-gate } 24107c478bd9Sstevel@tonic-gate } 24117c478bd9Sstevel@tonic-gate } 24127c478bd9Sstevel@tonic-gate 24139e3700dfSgww static char * 24149e3700dfSgww cond2str(void) 24157c478bd9Sstevel@tonic-gate { 24169e3700dfSgww uint_t cond; 24177c478bd9Sstevel@tonic-gate 2418f8994074SJan Friedel eauditon(A_GETCOND, (caddr_t)&cond, sizeof (cond)); 24197c478bd9Sstevel@tonic-gate 24209e3700dfSgww switch (cond) { 24217c478bd9Sstevel@tonic-gate 24229e3700dfSgww case AUC_AUDITING: 24239e3700dfSgww return ("auditing"); 24247c478bd9Sstevel@tonic-gate 24259e3700dfSgww case AUC_NOAUDIT: 24269e3700dfSgww case AUC_INIT_AUDIT: 24279e3700dfSgww return ("noaudit"); 24287c478bd9Sstevel@tonic-gate 24299e3700dfSgww case AUC_UNSET: 24309e3700dfSgww return ("unset"); 24319e3700dfSgww 24329e3700dfSgww case AUC_NOSPACE: 24339e3700dfSgww return ("nospace"); 24349e3700dfSgww 24359e3700dfSgww default: 24369e3700dfSgww return (""); 24379e3700dfSgww } 24387c478bd9Sstevel@tonic-gate } 24397c478bd9Sstevel@tonic-gate 24409e3700dfSgww /* 2441de4cec48SToomas Soome * exit = 0, success 24429e3700dfSgww * 1, error 24439e3700dfSgww * 2, bad zone 24449e3700dfSgww */ 24457c478bd9Sstevel@tonic-gate static int 24468523fda3SJan Friedel str2policy(char *policy_str, uint32_t *policy_mask) 24477c478bd9Sstevel@tonic-gate { 24487c478bd9Sstevel@tonic-gate char *buf; 24497c478bd9Sstevel@tonic-gate char *tok; 24507c478bd9Sstevel@tonic-gate char pfix; 24518523fda3SJan Friedel boolean_t is_all = B_FALSE; 24528523fda3SJan Friedel uint32_t pm = 0; 24538523fda3SJan Friedel uint32_t curp; 24547c478bd9Sstevel@tonic-gate 24557c478bd9Sstevel@tonic-gate pfix = *policy_str; 24567c478bd9Sstevel@tonic-gate 24577c478bd9Sstevel@tonic-gate if (pfix == '-' || pfix == '+' || pfix == '=') 24587c478bd9Sstevel@tonic-gate ++policy_str; 24597c478bd9Sstevel@tonic-gate 24607c478bd9Sstevel@tonic-gate if ((buf = strdup(policy_str)) == NULL) 24617c478bd9Sstevel@tonic-gate return (1); 24627c478bd9Sstevel@tonic-gate 24639e3700dfSgww for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) { 24648523fda3SJan Friedel uint32_t tok_pm; 24658523fda3SJan Friedel if (((tok_pm = get_policy(tok)) == 0) && 24668523fda3SJan Friedel ((strcasecmp(tok, "none") != 0))) { 24678523fda3SJan Friedel free(buf); 24687c478bd9Sstevel@tonic-gate return (1); 24697c478bd9Sstevel@tonic-gate } else { 24708523fda3SJan Friedel pm |= tok_pm; 24718523fda3SJan Friedel if (tok_pm == ALL_POLICIES) { 24728523fda3SJan Friedel is_all = B_TRUE; 24739e3700dfSgww } 24747c478bd9Sstevel@tonic-gate } 24757c478bd9Sstevel@tonic-gate } 24767c478bd9Sstevel@tonic-gate free(buf); 24777c478bd9Sstevel@tonic-gate 24788523fda3SJan Friedel /* reuse policy mask if already set to some value */ 24798523fda3SJan Friedel if (*policy_mask != 0) { 24808523fda3SJan Friedel curp = *policy_mask; 24818523fda3SJan Friedel } else { 24828523fda3SJan Friedel (void) auditon(A_GETPOLICY, (caddr_t)&curp, 0); 24838523fda3SJan Friedel } 24848523fda3SJan Friedel 24857c478bd9Sstevel@tonic-gate if (pfix == '-') { 24869e3700dfSgww if (!is_all && 24879e3700dfSgww (getzoneid() != GLOBAL_ZONEID) && 24889e3700dfSgww (pm & ~AUDIT_LOCAL)) { 24897c478bd9Sstevel@tonic-gate return (2); 24909e3700dfSgww } 24918523fda3SJan Friedel 24927c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) 24937c478bd9Sstevel@tonic-gate curp &= AUDIT_LOCAL; 24947c478bd9Sstevel@tonic-gate *policy_mask = curp & ~pm; 24958523fda3SJan Friedel 24967c478bd9Sstevel@tonic-gate } else if (pfix == '+') { 24977c478bd9Sstevel@tonic-gate /* 24989e3700dfSgww * In a local zone, accept specifying "all", but not 24999e3700dfSgww * individually specifying global-zone only policies. 25009e3700dfSgww * Limit to all locally allowed, so system call doesn't 25019e3700dfSgww * fail. 25027c478bd9Sstevel@tonic-gate */ 25039e3700dfSgww if (!is_all && 25049e3700dfSgww (getzoneid() != GLOBAL_ZONEID) && 25059e3700dfSgww (pm & ~AUDIT_LOCAL)) { 25067c478bd9Sstevel@tonic-gate return (2); 25079e3700dfSgww } 25088523fda3SJan Friedel 25097c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) { 25107c478bd9Sstevel@tonic-gate curp &= AUDIT_LOCAL; 25119e3700dfSgww if (is_all) { 25127c478bd9Sstevel@tonic-gate pm &= AUDIT_LOCAL; 25139e3700dfSgww } 25147c478bd9Sstevel@tonic-gate } 25157c478bd9Sstevel@tonic-gate *policy_mask = curp | pm; 25168523fda3SJan Friedel 25177c478bd9Sstevel@tonic-gate } else { 25188523fda3SJan Friedel /* 25198523fda3SJan Friedel * In a local zone, accept specifying "all", but not 25208523fda3SJan Friedel * individually specifying global-zone only policies. 25218523fda3SJan Friedel * Limit to all locally allowed, so system call doesn't 25228523fda3SJan Friedel * fail. 25238523fda3SJan Friedel */ 25248523fda3SJan Friedel if (!is_all && 25258523fda3SJan Friedel (getzoneid() != GLOBAL_ZONEID) && 25268523fda3SJan Friedel (pm & ~AUDIT_LOCAL)) { 25278523fda3SJan Friedel return (2); 25288523fda3SJan Friedel } 25298523fda3SJan Friedel 25309e3700dfSgww if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 25317c478bd9Sstevel@tonic-gate pm &= AUDIT_LOCAL; 25329e3700dfSgww } 25337c478bd9Sstevel@tonic-gate *policy_mask = pm; 25347c478bd9Sstevel@tonic-gate } 25357c478bd9Sstevel@tonic-gate return (0); 25367c478bd9Sstevel@tonic-gate } 25377c478bd9Sstevel@tonic-gate 25387c478bd9Sstevel@tonic-gate static int 25398523fda3SJan Friedel policy2str(uint32_t policy, char *policy_str, size_t len) 25407c478bd9Sstevel@tonic-gate { 25417c478bd9Sstevel@tonic-gate int i, j; 25427c478bd9Sstevel@tonic-gate 25437c478bd9Sstevel@tonic-gate if (policy == ALL_POLICIES) { 25447c478bd9Sstevel@tonic-gate (void) strcpy(policy_str, "all"); 25457c478bd9Sstevel@tonic-gate return (1); 25467c478bd9Sstevel@tonic-gate } 25477c478bd9Sstevel@tonic-gate 25487c478bd9Sstevel@tonic-gate if (policy == NO_POLICIES) { 25497c478bd9Sstevel@tonic-gate (void) strcpy(policy_str, "none"); 25507c478bd9Sstevel@tonic-gate return (1); 25517c478bd9Sstevel@tonic-gate } 25527c478bd9Sstevel@tonic-gate 25537c478bd9Sstevel@tonic-gate *policy_str = '\0'; 25547c478bd9Sstevel@tonic-gate 255545916cd2Sjpk for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) { 25567c478bd9Sstevel@tonic-gate if (policy & policy_table[i].policy_mask && 25577c478bd9Sstevel@tonic-gate policy_table[i].policy_mask != ALL_POLICIES) { 25589e3700dfSgww if (j++) { 25597c478bd9Sstevel@tonic-gate (void) strcat(policy_str, ","); 25609e3700dfSgww } 25619e3700dfSgww (void) strlcat(policy_str, policy_table[i].policy_str, 25629e3700dfSgww len); 25637c478bd9Sstevel@tonic-gate } 256445916cd2Sjpk } 25657c478bd9Sstevel@tonic-gate 25667c478bd9Sstevel@tonic-gate if (*policy_str) 25677c478bd9Sstevel@tonic-gate return (0); 25687c478bd9Sstevel@tonic-gate 25697c478bd9Sstevel@tonic-gate return (1); 25707c478bd9Sstevel@tonic-gate } 25717c478bd9Sstevel@tonic-gate 25727c478bd9Sstevel@tonic-gate 25737c478bd9Sstevel@tonic-gate static int 25749e3700dfSgww strisnum(char *s) 25757c478bd9Sstevel@tonic-gate { 25769e3700dfSgww if (s == NULL || !*s) 25777c478bd9Sstevel@tonic-gate return (0); 25787c478bd9Sstevel@tonic-gate 2579*bc54f855SJohn Levon for (; *s == '-' || *s == '+'; s++) { 2580*bc54f855SJohn Levon if (!*s) 2581*bc54f855SJohn Levon return (0); 2582*bc54f855SJohn Levon } 25837c478bd9Sstevel@tonic-gate 2584*bc54f855SJohn Levon for (; *s; s++) { 25857c478bd9Sstevel@tonic-gate if (!isdigit(*s)) 25867c478bd9Sstevel@tonic-gate return (0); 2587*bc54f855SJohn Levon } 25887c478bd9Sstevel@tonic-gate 25897c478bd9Sstevel@tonic-gate return (1); 25907c478bd9Sstevel@tonic-gate } 25917c478bd9Sstevel@tonic-gate 25927c478bd9Sstevel@tonic-gate static int 25939e3700dfSgww strisipaddr(char *s) 25947c478bd9Sstevel@tonic-gate { 25957c478bd9Sstevel@tonic-gate int dot = 0; 25967c478bd9Sstevel@tonic-gate int colon = 0; 25977c478bd9Sstevel@tonic-gate 25987c478bd9Sstevel@tonic-gate /* no string */ 25999e3700dfSgww if ((s == NULL) || (!*s)) 26007c478bd9Sstevel@tonic-gate return (0); 26017c478bd9Sstevel@tonic-gate 26027c478bd9Sstevel@tonic-gate for (; *s; s++) { 26037c478bd9Sstevel@tonic-gate if (!(isxdigit(*s) || *s != '.' || *s != ':')) 26047c478bd9Sstevel@tonic-gate return (0); 26059e3700dfSgww if (*s == '.') 26069e3700dfSgww dot++; 26079e3700dfSgww if (*s == ':') 26089e3700dfSgww colon++; 26097c478bd9Sstevel@tonic-gate } 26107c478bd9Sstevel@tonic-gate 26117c478bd9Sstevel@tonic-gate if (dot && colon) 26127c478bd9Sstevel@tonic-gate return (0); 26137c478bd9Sstevel@tonic-gate 26147c478bd9Sstevel@tonic-gate if (!dot && !colon) 26157c478bd9Sstevel@tonic-gate return (0); 26167c478bd9Sstevel@tonic-gate 26177c478bd9Sstevel@tonic-gate return (1); 26187c478bd9Sstevel@tonic-gate } 26197c478bd9Sstevel@tonic-gate 26207c478bd9Sstevel@tonic-gate static void 2621f8994074SJan Friedel chk_arg_len(char *argv, uint_t len) 26227c478bd9Sstevel@tonic-gate { 2623f8994074SJan Friedel if ((strlen(argv) + 1) > len) { 2624f8994074SJan Friedel *(argv + len - 1) = '\0'; 2625f8994074SJan Friedel exit_error(gettext("Argument too long (%s..)."), argv); 2626f8994074SJan Friedel } 26277c478bd9Sstevel@tonic-gate } 26287c478bd9Sstevel@tonic-gate 26297c478bd9Sstevel@tonic-gate static void 26309e3700dfSgww chk_event_num(int etype, au_event_t event) 26317c478bd9Sstevel@tonic-gate { 26327c478bd9Sstevel@tonic-gate au_stat_t as; 26337c478bd9Sstevel@tonic-gate 26347c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 26357c478bd9Sstevel@tonic-gate 26367c478bd9Sstevel@tonic-gate if (etype == AC_KERN_EVENT) { 26377c478bd9Sstevel@tonic-gate if (event > as.as_numevent) { 26388523fda3SJan Friedel exit_error(gettext( 26398523fda3SJan Friedel "Invalid kernel audit event number specified.\n" 2640d0fa49b7STony Nguyen "\t%hu is outside allowable range 0-%d."), 26417c478bd9Sstevel@tonic-gate event, as.as_numevent); 26427c478bd9Sstevel@tonic-gate } 26439e3700dfSgww } else { 26449e3700dfSgww /* user event */ 26457c478bd9Sstevel@tonic-gate if (event <= as.as_numevent) { 26469e3700dfSgww exit_error(gettext("Invalid user level audit event " 2647d0fa49b7STony Nguyen "number specified %hu."), event); 26487c478bd9Sstevel@tonic-gate } 26497c478bd9Sstevel@tonic-gate } 26507c478bd9Sstevel@tonic-gate } 26517c478bd9Sstevel@tonic-gate 26527c478bd9Sstevel@tonic-gate static void 26539e3700dfSgww chk_event_str(int etype, char *event_str) 26547c478bd9Sstevel@tonic-gate { 26557c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 26567c478bd9Sstevel@tonic-gate au_stat_t as; 26577c478bd9Sstevel@tonic-gate 26587c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 26597c478bd9Sstevel@tonic-gate 26607c478bd9Sstevel@tonic-gate evp = egetauevnam(event_str); 26617c478bd9Sstevel@tonic-gate if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) { 26628523fda3SJan Friedel exit_error(gettext( 26638523fda3SJan Friedel "Invalid kernel audit event string specified.\n" 26649e3700dfSgww "\t\"%s\" appears to be a user level event. " 26659e3700dfSgww "Check configuration."), event_str); 26667c478bd9Sstevel@tonic-gate } else if (etype == AC_USER_EVENT && 26679e3700dfSgww (evp->ae_number < as.as_numevent)) { 26688523fda3SJan Friedel exit_error(gettext( 26698523fda3SJan Friedel "Invalid user audit event string specified.\n" 26709e3700dfSgww "\t\"%s\" appears to be a kernel event. " 26719e3700dfSgww "Check configuration."), event_str); 26727c478bd9Sstevel@tonic-gate } 26737c478bd9Sstevel@tonic-gate } 26747c478bd9Sstevel@tonic-gate 2675f8994074SJan Friedel static void 2676f8994074SJan Friedel chk_known_plugin(char *plugin_str) 2677f8994074SJan Friedel { 2678f8994074SJan Friedel if ((strlen(plugin_str) + 1) > PLUGIN_MAXBUF) { 2679f8994074SJan Friedel exit_error(gettext("Plugin name too long.\n")); 2680f8994074SJan Friedel } 2681f8994074SJan Friedel 2682f8994074SJan Friedel if (!plugin_avail_scf(plugin_str)) { 2683f8994074SJan Friedel exit_error(gettext("No such plugin configured: %s"), 2684f8994074SJan Friedel plugin_str); 2685f8994074SJan Friedel } 2686f8994074SJan Friedel } 2687f8994074SJan Friedel 26887c478bd9Sstevel@tonic-gate static void 26899e3700dfSgww chk_sorf(char *sorf_str) 26907c478bd9Sstevel@tonic-gate { 26917c478bd9Sstevel@tonic-gate if (!strisnum(sorf_str)) 26927c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid sorf specified: %s"), sorf_str); 26937c478bd9Sstevel@tonic-gate } 26947c478bd9Sstevel@tonic-gate 26957c478bd9Sstevel@tonic-gate static void 26969e3700dfSgww chk_retval(char *retval_str) 26977c478bd9Sstevel@tonic-gate { 26987c478bd9Sstevel@tonic-gate if (!strisnum(retval_str)) 26997c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid retval specified: %s"), retval_str); 27007c478bd9Sstevel@tonic-gate } 27017c478bd9Sstevel@tonic-gate 27027c478bd9Sstevel@tonic-gate static void 27039e3700dfSgww execit(char **argv) 27047c478bd9Sstevel@tonic-gate { 27054e5fbfedStz char *args, *args_pos; 27064e5fbfedStz size_t len = 0; 27074e5fbfedStz size_t n = 0; 27084e5fbfedStz char **argv_pos; 27097c478bd9Sstevel@tonic-gate 27109e3700dfSgww if (*argv) { 27114e5fbfedStz /* concatenate argument array to be passed to sh -c "..." */ 27124e5fbfedStz for (argv_pos = argv; *argv_pos; argv_pos++) 27134e5fbfedStz len += strlen(*argv_pos) + 1; 27144e5fbfedStz 27154e5fbfedStz if ((args = malloc(len + 1)) == NULL) 27164e5fbfedStz exit_error( 27178523fda3SJan Friedel gettext("Allocation for command/arguments failed")); 27184e5fbfedStz 27194e5fbfedStz args_pos = args; 27204e5fbfedStz for (argv_pos = argv; *argv_pos; argv_pos++) { 27214e5fbfedStz n += snprintf(args_pos, len - n, "%s ", *argv_pos); 27224e5fbfedStz args_pos = args + n; 27234e5fbfedStz } 27244e5fbfedStz /* strip the last space */ 27254e5fbfedStz args[strlen(args)] = '\0'; 27267c478bd9Sstevel@tonic-gate 27274e5fbfedStz (void) execl("/bin/sh", "sh", "-c", args, NULL); 27284e5fbfedStz } else { 27294e5fbfedStz (void) execl("/bin/sh", "sh", NULL); 27307c478bd9Sstevel@tonic-gate } 27317c478bd9Sstevel@tonic-gate 27327c478bd9Sstevel@tonic-gate exit_error(gettext("exec(2) failed")); 27337c478bd9Sstevel@tonic-gate } 27347c478bd9Sstevel@tonic-gate 27357c478bd9Sstevel@tonic-gate static void 27369e3700dfSgww exit_usage(int status) 27377c478bd9Sstevel@tonic-gate { 27387c478bd9Sstevel@tonic-gate FILE *fp; 27397c478bd9Sstevel@tonic-gate int i; 27407c478bd9Sstevel@tonic-gate 27417c478bd9Sstevel@tonic-gate fp = (status ? stderr : stdout); 27427c478bd9Sstevel@tonic-gate (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 27437c478bd9Sstevel@tonic-gate 27448523fda3SJan Friedel for (i = 0; i < ARG_TBL_SZ; i++) { 27458523fda3SJan Friedel /* skip the -t option; it's not a standalone option */ 27468523fda3SJan Friedel if (arg_table[i].auditconfig_cmd == AC_ARG_SET_TEMPORARY) { 27478523fda3SJan Friedel continue; 27488523fda3SJan Friedel } 27498523fda3SJan Friedel 27508523fda3SJan Friedel (void) fprintf(fp, " %s%s%s\n", 27518523fda3SJan Friedel arg_table[i].arg_str, arg_table[i].arg_opts, 27528523fda3SJan Friedel (arg_table[i].temporary_allowed ? " [-t]" : "")); 27538523fda3SJan Friedel } 27547c478bd9Sstevel@tonic-gate 27557c478bd9Sstevel@tonic-gate exit(status); 27567c478bd9Sstevel@tonic-gate } 27577c478bd9Sstevel@tonic-gate 27587c478bd9Sstevel@tonic-gate static void 27599e3700dfSgww print_asid(au_asid_t asid) 27607c478bd9Sstevel@tonic-gate { 27617c478bd9Sstevel@tonic-gate (void) printf(gettext("audit session id = %u\n"), asid); 27627c478bd9Sstevel@tonic-gate } 27637c478bd9Sstevel@tonic-gate 27647c478bd9Sstevel@tonic-gate static void 27659e3700dfSgww print_auid(au_id_t auid) 27667c478bd9Sstevel@tonic-gate { 27677c478bd9Sstevel@tonic-gate struct passwd *pwd; 27687c478bd9Sstevel@tonic-gate char *username; 27697c478bd9Sstevel@tonic-gate 27709e3700dfSgww if ((pwd = getpwuid((uid_t)auid)) != NULL) 27717c478bd9Sstevel@tonic-gate username = pwd->pw_name; 27727c478bd9Sstevel@tonic-gate else 27737c478bd9Sstevel@tonic-gate username = gettext("unknown"); 27747c478bd9Sstevel@tonic-gate 27757c478bd9Sstevel@tonic-gate (void) printf(gettext("audit id = %s(%d)\n"), username, auid); 27767c478bd9Sstevel@tonic-gate } 27777c478bd9Sstevel@tonic-gate 27787c478bd9Sstevel@tonic-gate static void 27799e3700dfSgww print_mask(char *desc, au_mask_t *pmp) 27807c478bd9Sstevel@tonic-gate { 27817c478bd9Sstevel@tonic-gate char auflags[512]; 27827c478bd9Sstevel@tonic-gate 2783de4cec48SToomas Soome if (getauditflagschar(auflags, pmp, 0) < 0) 27847c478bd9Sstevel@tonic-gate (void) strlcpy(auflags, gettext("unknown"), sizeof (auflags)); 27857c478bd9Sstevel@tonic-gate 27867c478bd9Sstevel@tonic-gate (void) printf("%s = %s(0x%x,0x%x)\n", 27879e3700dfSgww desc, auflags, pmp->am_success, pmp->am_failure); 27887c478bd9Sstevel@tonic-gate } 27897c478bd9Sstevel@tonic-gate 2790f8994074SJan Friedel static void 2791f8994074SJan Friedel print_plugin(char *plugin_name, kva_t *plugin_kva) 2792f8994074SJan Friedel { 2793f8994074SJan Friedel char att_str[PLUGIN_MAXATT]; 2794f8994074SJan Friedel boolean_t plugin_active; 2795f8994074SJan Friedel char *active_str; 2796f8994074SJan Friedel char *qsize_ptr; 2797f8994074SJan Friedel int qsize; 2798f8994074SJan Friedel 2799f8994074SJan Friedel if ((active_str = kva_match(plugin_kva, "active")) == NULL) { 2800f8994074SJan Friedel (void) printf(gettext("Audit service configuration error: " 2801f8994074SJan Friedel "\"active\" property not found\n")); 2802f8994074SJan Friedel return; 2803f8994074SJan Friedel } 2804f8994074SJan Friedel 2805f8994074SJan Friedel plugin_active = (boolean_t)atoi(active_str); 2806f8994074SJan Friedel qsize_ptr = kva_match(plugin_kva, "qsize"); 2807f8994074SJan Friedel qsize = atoi(qsize_ptr == NULL ? "-1" : qsize_ptr); 2808f8994074SJan Friedel 2809f8994074SJan Friedel (void) printf(gettext("Plugin: %s (%s)\n"), plugin_name, 2810f8994074SJan Friedel plugin_active ? "active" : "inactive"); 2811f8994074SJan Friedel 2812f8994074SJan Friedel free_static_att_kva(plugin_kva); 2813f8994074SJan Friedel 2814f8994074SJan Friedel switch (_kva2str(plugin_kva, att_str, PLUGIN_MAXATT, "=", ";")) { 2815f8994074SJan Friedel case 0: 2816f8994074SJan Friedel (void) printf(gettext("\tAttributes: %s\n"), att_str); 2817f8994074SJan Friedel break; 2818f8994074SJan Friedel case 1: 2819f8994074SJan Friedel exit_error(gettext("Internal error - buffer size too small.")); 2820f8994074SJan Friedel break; 2821f8994074SJan Friedel default: 2822f8994074SJan Friedel exit_error(gettext("Internal error.")); 2823f8994074SJan Friedel break; 2824f8994074SJan Friedel } 2825f8994074SJan Friedel 2826f8994074SJan Friedel if (qsize != 0) { 2827f8994074SJan Friedel (void) printf(gettext("\tQueue size: %d %s\n"), qsize, 2828f8994074SJan Friedel qsize == -1 ? "(internal error: value not available)" : ""); 2829f8994074SJan Friedel } 2830f8994074SJan Friedel } 2831f8994074SJan Friedel 28327c478bd9Sstevel@tonic-gate static void 28339e3700dfSgww print_tid_ex(au_tid_addr_t *tidp) 28347c478bd9Sstevel@tonic-gate { 28357c478bd9Sstevel@tonic-gate struct hostent *phe; 28367c478bd9Sstevel@tonic-gate char *hostname; 28377c478bd9Sstevel@tonic-gate struct in_addr ia; 28387c478bd9Sstevel@tonic-gate uint32_t *addr; 28397c478bd9Sstevel@tonic-gate int err; 28409e3700dfSgww char buf[INET6_ADDRSTRLEN]; 28417c478bd9Sstevel@tonic-gate char *bufp; 28427c478bd9Sstevel@tonic-gate 28437c478bd9Sstevel@tonic-gate 28447c478bd9Sstevel@tonic-gate /* IPV6 or IPV4 address */ 28457c478bd9Sstevel@tonic-gate if (tidp->at_type == AU_IPv4) { 28467c478bd9Sstevel@tonic-gate if ((phe = gethostbyaddr((char *)&tidp->at_addr[0], 28479e3700dfSgww sizeof (tidp->at_addr[0]), AF_INET)) != NULL) { 28487c478bd9Sstevel@tonic-gate hostname = phe->h_name; 28499e3700dfSgww } else { 28507c478bd9Sstevel@tonic-gate hostname = gettext("unknown"); 28519e3700dfSgww } 28527c478bd9Sstevel@tonic-gate 28537c478bd9Sstevel@tonic-gate ia.s_addr = tidp->at_addr[0]; 28547c478bd9Sstevel@tonic-gate 28557c478bd9Sstevel@tonic-gate (void) printf(gettext( 28568523fda3SJan Friedel "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"), 28579e3700dfSgww major(tidp->at_port), minor(tidp->at_port), 28589e3700dfSgww hostname, inet_ntoa(ia)); 28597c478bd9Sstevel@tonic-gate } else { 28607c478bd9Sstevel@tonic-gate addr = &tidp->at_addr[0]; 28617c478bd9Sstevel@tonic-gate phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err); 28627c478bd9Sstevel@tonic-gate 28637c478bd9Sstevel@tonic-gate bzero(buf, sizeof (buf)); 28647c478bd9Sstevel@tonic-gate 28659e3700dfSgww (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf)); 28669e3700dfSgww if (phe == NULL) { 28677c478bd9Sstevel@tonic-gate bufp = gettext("unknown"); 28689e3700dfSgww } else { 28697c478bd9Sstevel@tonic-gate bufp = phe->h_name; 28709e3700dfSgww } 28717c478bd9Sstevel@tonic-gate 28727c478bd9Sstevel@tonic-gate (void) printf(gettext( 28738523fda3SJan Friedel "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"), 28749e3700dfSgww major(tidp->at_port), minor(tidp->at_port), 28759e3700dfSgww bufp, buf); 28769e3700dfSgww if (phe) { 28777c478bd9Sstevel@tonic-gate freehostent(phe); 28789e3700dfSgww } 28797c478bd9Sstevel@tonic-gate } 28807c478bd9Sstevel@tonic-gate } 28817c478bd9Sstevel@tonic-gate 28827c478bd9Sstevel@tonic-gate static int 28839e3700dfSgww str2ipaddr(char *s, uint32_t *addr, uint32_t type) 28847c478bd9Sstevel@tonic-gate { 28857c478bd9Sstevel@tonic-gate int j, sl; 28867c478bd9Sstevel@tonic-gate char *ss; 28877c478bd9Sstevel@tonic-gate unsigned int v; 28887c478bd9Sstevel@tonic-gate 28897c478bd9Sstevel@tonic-gate bzero(addr, 16); 28907c478bd9Sstevel@tonic-gate if (strisipaddr(s)) { 28917c478bd9Sstevel@tonic-gate if (type == AU_IPv4) { 28929e3700dfSgww if (inet_pton(AF_INET, s, addr)) { 28937c478bd9Sstevel@tonic-gate return (0); 28949e3700dfSgww } 28957c478bd9Sstevel@tonic-gate return (1); 28969e3700dfSgww } else if (type == AU_IPv6) { 28977c478bd9Sstevel@tonic-gate if (inet_pton(AF_INET6, s, addr)) 28987c478bd9Sstevel@tonic-gate return (0); 28997c478bd9Sstevel@tonic-gate return (1); 29007c478bd9Sstevel@tonic-gate } 29017c478bd9Sstevel@tonic-gate return (1); 29027c478bd9Sstevel@tonic-gate } else { 29037c478bd9Sstevel@tonic-gate if (type == AU_IPv4) { 29047c478bd9Sstevel@tonic-gate (void) sscanf(s, "%x", &addr[0]); 29057c478bd9Sstevel@tonic-gate return (0); 29069e3700dfSgww } else if (type == AU_IPv6) { 29077c478bd9Sstevel@tonic-gate sl = strlen(s); 29087c478bd9Sstevel@tonic-gate ss = s; 29097c478bd9Sstevel@tonic-gate for (j = 3; j >= 0; j--) { 29107c478bd9Sstevel@tonic-gate if ((sl - 8) <= 0) { 29117c478bd9Sstevel@tonic-gate (void) sscanf(s, "%x", &v); 29127c478bd9Sstevel@tonic-gate addr[j] = v; 29137c478bd9Sstevel@tonic-gate return (0); 29147c478bd9Sstevel@tonic-gate } 29157c478bd9Sstevel@tonic-gate ss = &s[sl-8]; 29167c478bd9Sstevel@tonic-gate (void) sscanf(ss, "%x", &v); 29177c478bd9Sstevel@tonic-gate addr[j] = v; 29187c478bd9Sstevel@tonic-gate sl -= 8; 29197c478bd9Sstevel@tonic-gate *ss = '\0'; 29207c478bd9Sstevel@tonic-gate } 29217c478bd9Sstevel@tonic-gate } 29227c478bd9Sstevel@tonic-gate return (0); 29237c478bd9Sstevel@tonic-gate } 29247c478bd9Sstevel@tonic-gate } 29257c478bd9Sstevel@tonic-gate 29267c478bd9Sstevel@tonic-gate static int 29279e3700dfSgww str2type(char *s, uint_t *type) 29287c478bd9Sstevel@tonic-gate { 29297c478bd9Sstevel@tonic-gate if (strcmp(s, "ipv6") == 0) { 29307c478bd9Sstevel@tonic-gate *type = AU_IPv6; 29317c478bd9Sstevel@tonic-gate return (0); 29327c478bd9Sstevel@tonic-gate } 29337c478bd9Sstevel@tonic-gate if (strcmp(s, "ipv4") == 0) { 29347c478bd9Sstevel@tonic-gate *type = AU_IPv4; 29357c478bd9Sstevel@tonic-gate return (0); 29367c478bd9Sstevel@tonic-gate } 29377c478bd9Sstevel@tonic-gate 29387c478bd9Sstevel@tonic-gate return (1); 29397c478bd9Sstevel@tonic-gate } 29408523fda3SJan Friedel 29418523fda3SJan Friedel /* 29428523fda3SJan Friedel * exit_error() - print an error message along with corresponding system error 29438523fda3SJan Friedel * number and error message, then exit. Inputs - program error format and 29448523fda3SJan Friedel * message. 29458523fda3SJan Friedel */ 29468523fda3SJan Friedel /*PRINTFLIKE1*/ 29478523fda3SJan Friedel static void 29488523fda3SJan Friedel exit_error(char *fmt, ...) 29498523fda3SJan Friedel { 29508523fda3SJan Friedel va_list args; 29518523fda3SJan Friedel 29528523fda3SJan Friedel va_start(args, fmt); 29538523fda3SJan Friedel prt_error_va(fmt, args); 29548523fda3SJan Friedel va_end(args); 29558523fda3SJan Friedel 29568523fda3SJan Friedel exit(1); 29578523fda3SJan Friedel } 2958