16ba597c5SAnurag S. Maskey /*
26ba597c5SAnurag S. Maskey  * CDDL HEADER START
36ba597c5SAnurag S. Maskey  *
46ba597c5SAnurag S. Maskey  * The contents of this file are subject to the terms of the
56ba597c5SAnurag S. Maskey  * Common Development and Distribution License (the "License").
66ba597c5SAnurag S. Maskey  * You may not use this file except in compliance with the License.
76ba597c5SAnurag S. Maskey  *
86ba597c5SAnurag S. Maskey  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
96ba597c5SAnurag S. Maskey  * or http://www.opensolaris.org/os/licensing.
106ba597c5SAnurag S. Maskey  * See the License for the specific language governing permissions
116ba597c5SAnurag S. Maskey  * and limitations under the License.
126ba597c5SAnurag S. Maskey  *
136ba597c5SAnurag S. Maskey  * When distributing Covered Code, include this CDDL HEADER in each
146ba597c5SAnurag S. Maskey  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
156ba597c5SAnurag S. Maskey  * If applicable, add the following below this CDDL HEADER, with the
166ba597c5SAnurag S. Maskey  * fields enclosed by brackets "[]" replaced with your own identifying
176ba597c5SAnurag S. Maskey  * information: Portions Copyright [yyyy] [name of copyright owner]
186ba597c5SAnurag S. Maskey  *
196ba597c5SAnurag S. Maskey  * CDDL HEADER END
206ba597c5SAnurag S. Maskey  */
216ba597c5SAnurag S. Maskey 
226ba597c5SAnurag S. Maskey /*
23f6da83d4SAnurag S. Maskey  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
246ba597c5SAnurag S. Maskey  */
256ba597c5SAnurag S. Maskey 
266ba597c5SAnurag S. Maskey #include <auth_attr.h>
276ba597c5SAnurag S. Maskey #include <auth_list.h>
286ba597c5SAnurag S. Maskey #include <bsm/adt.h>
296ba597c5SAnurag S. Maskey #include <bsm/adt_event.h>
306ba597c5SAnurag S. Maskey #include <door.h>
316ba597c5SAnurag S. Maskey #include <errno.h>
326ba597c5SAnurag S. Maskey #include <fcntl.h>
336ba597c5SAnurag S. Maskey #include <libnwam_priv.h>
346ba597c5SAnurag S. Maskey #include <libuutil.h>
356ba597c5SAnurag S. Maskey #include <pthread.h>
366ba597c5SAnurag S. Maskey #include <pwd.h>
376ba597c5SAnurag S. Maskey #include <stdlib.h>
386ba597c5SAnurag S. Maskey #include <sys/stat.h>
396ba597c5SAnurag S. Maskey 
406ba597c5SAnurag S. Maskey #include <sys/mman.h>
416ba597c5SAnurag S. Maskey #include <syslog.h>
426ba597c5SAnurag S. Maskey #include <unistd.h>
436ba597c5SAnurag S. Maskey 
446ba597c5SAnurag S. Maskey #include "conditions.h"
456ba597c5SAnurag S. Maskey #include "events.h"
466ba597c5SAnurag S. Maskey #include "ncp.h"
476ba597c5SAnurag S. Maskey #include "ncu.h"
486ba597c5SAnurag S. Maskey #include "objects.h"
496ba597c5SAnurag S. Maskey #include "util.h"
506ba597c5SAnurag S. Maskey 
516ba597c5SAnurag S. Maskey /*
526ba597c5SAnurag S. Maskey  * door_if.c
536ba597c5SAnurag S. Maskey  * This file contains functions which implement the command interface to
546ba597c5SAnurag S. Maskey  * nwam via the door NWAM_DOOR.  Doors provide a LPC mechanism that allows
556ba597c5SAnurag S. Maskey  * for threads in one process to cause code to execute in another process.
566ba597c5SAnurag S. Maskey  * Doors also provide the ability to pass data and file descriptors.  See
576ba597c5SAnurag S. Maskey  * libdoor(3LIB) for more information.
586ba597c5SAnurag S. Maskey  *
596ba597c5SAnurag S. Maskey  * This file exports two functions, nwamd_door_initialize() (which sets up
606ba597c5SAnurag S. Maskey  * the door) and nwamd_door_fini(), which removes it.
616ba597c5SAnurag S. Maskey  *
626ba597c5SAnurag S. Maskey  * It sets up the static routine nwamd_door_switch() to be called when a client
636ba597c5SAnurag S. Maskey  * calls the door (via door_call(3C)).  The structure nwam_request_t is
646ba597c5SAnurag S. Maskey  * passed as data and contains data to specify the type of action requested
656ba597c5SAnurag S. Maskey  * and any data need to meet that request.  A table consisting of entries
666ba597c5SAnurag S. Maskey  * for each door request, the associated authorization and the function to
676ba597c5SAnurag S. Maskey  * process that request is used to handle the various requests.
686ba597c5SAnurag S. Maskey  */
696ba597c5SAnurag S. Maskey 
706ba597c5SAnurag S. Maskey struct nwamd_door_req_entry
716ba597c5SAnurag S. Maskey {
726ba597c5SAnurag S. Maskey 	int ndre_type;
736ba597c5SAnurag S. Maskey 	char *ndre_auth;
746ba597c5SAnurag S. Maskey 	nwam_error_t (*ndre_fn)(nwamd_door_arg_t *, ucred_t *, struct passwd *);
756ba597c5SAnurag S. Maskey };
766ba597c5SAnurag S. Maskey 
776ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_event_register(nwamd_door_arg_t *,
786ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
796ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_event_unregister(nwamd_door_arg_t *,
806ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
816ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_wlan_scan(nwamd_door_arg_t *,
826ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
836ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_wlan_scan_results(nwamd_door_arg_t *,
846ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
856ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_wlan_select(nwamd_door_arg_t *,
866ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
876ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_wlan_set_key(nwamd_door_arg_t *,
886ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
896ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_action(nwamd_door_arg_t *,
906ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
916ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_state(nwamd_door_arg_t *,
926ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
936ba597c5SAnurag S. Maskey static nwam_error_t nwamd_door_req_priority_group(nwamd_door_arg_t *,
946ba597c5SAnurag S. Maskey 	ucred_t *, struct passwd *);
956ba597c5SAnurag S. Maskey 
966ba597c5SAnurag S. Maskey /*
976ba597c5SAnurag S. Maskey  * This table defines the set of door commands available, the required
986ba597c5SAnurag S. Maskey  * authorizations for each command, and the function that carries out
996ba597c5SAnurag S. Maskey  * each command.
1006ba597c5SAnurag S. Maskey  */
1016ba597c5SAnurag S. Maskey struct nwamd_door_req_entry door_req_table[] =
1026ba597c5SAnurag S. Maskey {
1036ba597c5SAnurag S. Maskey 
1056ba597c5SAnurag S. Maskey 	nwamd_door_req_event_register },
1076ba597c5SAnurag S. Maskey 	nwamd_door_req_event_unregister },
1096ba597c5SAnurag S. Maskey 	nwamd_door_req_wlan_scan },
1116ba597c5SAnurag S. Maskey 	nwamd_door_req_wlan_scan_results },
1136ba597c5SAnurag S. Maskey 	nwamd_door_req_wlan_select },
1156ba597c5SAnurag S. Maskey 	nwamd_door_req_wlan_set_key },
1166ba597c5SAnurag S. Maskey 	/* Requires WRITE, SELECT or WLAN auth depending on action */
1176ba597c5SAnurag S. Maskey 	{ NWAM_REQUEST_TYPE_ACTION, NULL, nwamd_door_req_action },
1196ba597c5SAnurag S. Maskey 	nwamd_door_req_state },
1216ba597c5SAnurag S. Maskey 	nwamd_door_req_priority_group },
1226ba597c5SAnurag S. Maskey };
1236ba597c5SAnurag S. Maskey 
1246ba597c5SAnurag S. Maskey int doorfd = -1;
1256ba597c5SAnurag S. Maskey 
1266ba597c5SAnurag S. Maskey /* ARGSUSED */
1276ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_event_register(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)1286ba597c5SAnurag S. Maskey nwamd_door_req_event_register(nwamd_door_arg_t *req, ucred_t *ucr,
1296ba597c5SAnurag S. Maskey     struct passwd *pwd)
1306ba597c5SAnurag S. Maskey {
1316ba597c5SAnurag S. Maskey 	nwam_error_t err;
1326ba597c5SAnurag S. Maskey 
1336ba597c5SAnurag S. Maskey 	err = nwam_event_queue_init
1346ba597c5SAnurag S. Maskey 	    (req->nwda_data.nwdad_register_info.nwdad_name);
1356ba597c5SAnurag S. Maskey 	if (err != NWAM_SUCCESS) {
1366ba597c5SAnurag S. Maskey 		nlog(LOG_ERR, "nwamd_door_req_event_register: "
1376ba597c5SAnurag S. Maskey 		    "could not register events for %s",
1386ba597c5SAnurag S. Maskey 		    req->nwda_data.nwdad_register_info.nwdad_name);
1396ba597c5SAnurag S. Maskey 	}
1406ba597c5SAnurag S. Maskey 
1416ba597c5SAnurag S. Maskey 	return (err);
1426ba597c5SAnurag S. Maskey }
1436ba597c5SAnurag S. Maskey 
1446ba597c5SAnurag S. Maskey /* ARGSUSED */
1456ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_event_unregister(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)1466ba597c5SAnurag S. Maskey nwamd_door_req_event_unregister(nwamd_door_arg_t *req, ucred_t *ucr,
1476ba597c5SAnurag S. Maskey     struct passwd *pwd)
1486ba597c5SAnurag S. Maskey {
1496ba597c5SAnurag S. Maskey 	nwam_event_queue_fini(req->nwda_data.nwdad_register_info.nwdad_name);
1506ba597c5SAnurag S. Maskey 
1516ba597c5SAnurag S. Maskey 	return (NWAM_SUCCESS);
1526ba597c5SAnurag S. Maskey }
1536ba597c5SAnurag S. Maskey 
1546ba597c5SAnurag S. Maskey /* ARGSUSED1 */
1556ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_wlan_scan(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)1566ba597c5SAnurag S. Maskey nwamd_door_req_wlan_scan(nwamd_door_arg_t *req, ucred_t *ucr,
1576ba597c5SAnurag S. Maskey     struct passwd *pwd)
1586ba597c5SAnurag S. Maskey {
1596ba597c5SAnurag S. Maskey 	nlog(LOG_DEBUG,
1606ba597c5SAnurag S. Maskey 	    "nwamd_door_req_wlan_scan: processing WLAN scan request: "
1616ba597c5SAnurag S. Maskey 	    "link %s", req->nwda_data.nwdad_wlan_info.nwdad_name);
1626ba597c5SAnurag S. Maskey 
1636ba597c5SAnurag S. Maskey 	return (nwamd_wlan_scan(req->nwda_data.nwdad_wlan_info.nwdad_name));
1646ba597c5SAnurag S. Maskey }
1656ba597c5SAnurag S. Maskey 
1666ba597c5SAnurag S. Maskey /* ARGSUSED */
1676ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_wlan_scan_results(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)1686ba597c5SAnurag S. Maskey nwamd_door_req_wlan_scan_results(nwamd_door_arg_t *req, ucred_t *ucr,
1696ba597c5SAnurag S. Maskey     struct passwd *pwd)
1706ba597c5SAnurag S. Maskey {
1716ba597c5SAnurag S. Maskey 	nwamd_object_t obj;
1726ba597c5SAnurag S. Maskey 	nwamd_ncu_t *ncu;
1736ba597c5SAnurag S. Maskey 	nwamd_link_t *link;
1746ba597c5SAnurag S. Maskey 	uint_t num_wlans;
1756ba597c5SAnurag S. Maskey 
1766ba597c5SAnurag S. Maskey 	nlog(LOG_DEBUG, "nwamd_door_req_wlan_scan_results: processing WLAN "
1776ba597c5SAnurag S. Maskey 	    "scan results request: link %s",
1786ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_name);
1796ba597c5SAnurag S. Maskey 
1806ba597c5SAnurag S. Maskey 	obj = nwamd_ncu_object_find(NWAM_NCU_TYPE_LINK,
1816ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_name);
1826ba597c5SAnurag S. Maskey 	if (obj == NULL) {
1836ba597c5SAnurag S. Maskey 		nlog(LOG_ERR,
1846ba597c5SAnurag S. Maskey 		    "nwamd_door_req_wlan_scan_results: link %s not found",
1856ba597c5SAnurag S. Maskey 		    req->nwda_data.nwdad_wlan_info.nwdad_name);
1866ba597c5SAnurag S. Maskey 		return (NWAM_ENTITY_NOT_FOUND);
1876ba597c5SAnurag S. Maskey 	}
1886ba597c5SAnurag S. Maskey 
1896ba597c5SAnurag S. Maskey 	ncu = obj->nwamd_object_data;
190f6da83d4SAnurag S. Maskey 	link = &ncu->ncu_link;
1916ba597c5SAnurag S. Maskey 	num_wlans = link->nwamd_link_wifi_scan.nwamd_wifi_scan_curr_num;
1926ba597c5SAnurag S. Maskey 
1936ba597c5SAnurag S. Maskey 	if (num_wlans > 0) {
1946ba597c5SAnurag S. Maskey 		(void) memcpy
1956ba597c5SAnurag S. Maskey 		    (req->nwda_data.nwdad_wlan_info.nwdad_wlans,
1966ba597c5SAnurag S. Maskey 		    link->nwamd_link_wifi_scan.nwamd_wifi_scan_curr,
1976ba597c5SAnurag S. Maskey 		    num_wlans * sizeof (nwam_wlan_t));
1986ba597c5SAnurag S. Maskey 	}
1996ba597c5SAnurag S. Maskey 	req->nwda_data.nwdad_wlan_info.nwdad_num_wlans = num_wlans;
2006ba597c5SAnurag S. Maskey 	nlog(LOG_DEBUG,
2016ba597c5SAnurag S. Maskey 	    "nwamd_door_req_wlan_scan_results: returning %d scan results",
2026ba597c5SAnurag S. Maskey 	    num_wlans);
2036ba597c5SAnurag S. Maskey 	nwamd_object_release(obj);
2046ba597c5SAnurag S. Maskey 
2056ba597c5SAnurag S. Maskey 	return (NWAM_SUCCESS);
2066ba597c5SAnurag S. Maskey }
2076ba597c5SAnurag S. Maskey 
2086ba597c5SAnurag S. Maskey /* ARGSUSED */
2096ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_wlan_select(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)2106ba597c5SAnurag S. Maskey nwamd_door_req_wlan_select(nwamd_door_arg_t *req, ucred_t *ucr,
2116ba597c5SAnurag S. Maskey     struct passwd *pwd)
2126ba597c5SAnurag S. Maskey {
2136ba597c5SAnurag S. Maskey 	nlog(LOG_DEBUG,
2146ba597c5SAnurag S. Maskey 	    "nwamd_door_req_wlan_select: processing WLAN selection : "
2156ba597c5SAnurag S. Maskey 	    "link %s ESSID %s , BSSID %s",
2166ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_name,
2176ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_essid,
2186ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_bssid);
2196ba597c5SAnurag S. Maskey 	return (nwamd_wlan_select
2206ba597c5SAnurag S. Maskey 	    (req->nwda_data.nwdad_wlan_info.nwdad_name,
2216ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_essid,
2226ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_bssid,
2236ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_security_mode,
2246ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_add_to_known_wlans));
2256ba597c5SAnurag S. Maskey }
2266ba597c5SAnurag S. Maskey 
2276ba597c5SAnurag S. Maskey /* ARGSUSED */
2286ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_wlan_set_key(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)2296ba597c5SAnurag S. Maskey nwamd_door_req_wlan_set_key(nwamd_door_arg_t *req, ucred_t *ucr,
2306ba597c5SAnurag S. Maskey     struct passwd *pwd)
2316ba597c5SAnurag S. Maskey {
2326ba597c5SAnurag S. Maskey 	nlog(LOG_DEBUG,
2336ba597c5SAnurag S. Maskey 	    "nwamd_door_req_wlan_set_key: processing WLAN key input : "
2346ba597c5SAnurag S. Maskey 	    "link %s ESSID %s BSSID %s",
2356ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_name,
2366ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_essid,
2376ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_bssid);
2386ba597c5SAnurag S. Maskey 	return (nwamd_wlan_set_key
2396ba597c5SAnurag S. Maskey 	    (req->nwda_data.nwdad_wlan_info.nwdad_name,
240*c1976b83Senricop 	    req->nwda_data.nwdad_wlan_info.nwdad_essid,
241*c1976b83Senricop 	    req->nwda_data.nwdad_wlan_info.nwdad_bssid,
2426ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_security_mode,
2436ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_keyslot,
2446ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_wlan_info.nwdad_key));
2456ba597c5SAnurag S. Maskey }
2466ba597c5SAnurag S. Maskey 
2476ba597c5SAnurag S. Maskey static nwam_error_t
nwamd_door_req_action(nwamd_door_arg_t * req,ucred_t * ucr,struct passwd * pwd)2486ba597c5SAnurag S. Maskey nwamd_door_req_action(nwamd_door_arg_t *req, ucred_t *ucr, struct passwd *pwd)
2496ba597c5SAnurag S. Maskey {
2506ba597c5SAnurag S. Maskey 	char name[NWAM_MAX_NAME_LEN];
2516ba597c5SAnurag S. Maskey 	char parent[NWAM_MAX_NAME_LEN];
2526ba597c5SAnurag S. Maskey 	nwam_action_t action = req->nwda_data.nwdad_object_action.nwdad_action;
2536ba597c5SAnurag S. Maskey 	nwam_object_type_t object_type =
2546ba597c5SAnurag S. Maskey 	    req->nwda_data.nwdad_object_action.nwdad_object_type;
2556ba597c5SAnurag S. Maskey 	char *obj_type_str  = (char *)nwam_object_type_to_string(object_type);
2566ba597c5SAnurag S. Maskey 	nwam_error_t err;
2576ba597c5SAnurag S. Maskey 
2586ba597c5SAnurag S. Maskey 	/* Check for name, parent overrun */
2596ba597c5SAnurag S. Maskey 	if (strlcpy(name, req->nwda_data.nwdad_object_action.nwdad_name,
2606ba597c5SAnurag S. Maskey 	    sizeof (name)) == NWAM_MAX_NAME_LEN ||
2616ba597c5SAnurag S. Maskey 	    strlcpy(parent, req->nwda_data.nwdad_object_action.nwdad_parent,
2626ba597c5SAnurag S. Maskey 	    sizeof (parent)) == NWAM_MAX_NAME_LEN)
2636ba597c5SAnurag S. Maskey 		return (NWAM_INVALID_ARG);
2646ba597c5SAnurag S. Maskey 
2656ba597c5SAnurag S. Maskey 	/*
2666ba597c5SAnurag S. Maskey 	 * Check authorizations against actions.
2676ba597c5SAnurag S. Maskey 	 * - ENABLE/DISABLE requires SELECT auth
2686ba597c5SAnurag S. Maskey 	 * - ADD/DESTROY/REFRESH on Known WLANs requires WLAN auth
2696ba597c5SAnurag S. Maskey 	 * - ADD/DESTROY on other objects requires WRITE auth
2706ba597c5SAnurag S. Maskey 	 * - REFRESH on other objects requires either WRITE or SELECT auth
2716ba597c5SAnurag S. Maskey 	 */
2726ba597c5SAnurag S. Maskey 	if (action == NWAM_ACTION_ENABLE || action == NWAM_ACTION_DISABLE) {
2736ba597c5SAnurag S. Maskey 		if (chkauthattr(AUTOCONF_SELECT_AUTH, pwd->pw_name) == 0) {
2746ba597c5SAnurag S. Maskey 			nwam_record_audit_event(ucr,
2756ba597c5SAnurag S. Maskey 			    action == NWAM_ACTION_ENABLE ?
2766ba597c5SAnurag S. Maskey 			    ADT_nwam_enable : ADT_nwam_disable, name,
2776ba597c5SAnurag S. Maskey 			    obj_type_str, ADT_FAILURE, ADT_FAIL_VALUE_AUTH);
2786ba597c5SAnurag S. Maskey 			nlog(LOG_ERR, "nwamd_door_req_action: "
2796ba597c5SAnurag S. Maskey 			    "need %s for %s action", AUTOCONF_SELECT_AUTH,
2806ba597c5SAnurag S. Maskey 			    nwam_action_to_string(action));
2816ba597c5SAnurag S. Maskey 			return (NWAM_PERMISSION_DENIED);
2826ba597c5SAnurag S. Maskey 		}
2836ba597c5SAnurag S. Maskey 	} else if (object_type == NWAM_OBJECT_TYPE_KNOWN_WLAN) {
2846ba597c5SAnurag S. Maskey 		if (chkauthattr(AUTOCONF_WLAN_AUTH, pwd->pw_name) == 0) {
2856ba597c5SAnurag S. Maskey 			nlog(LOG_ERR, "nwamd_door_req_action: "
2866ba597c5SAnurag S. Maskey 			    "need %s for %s action on Known WLAN",
2876ba597c5SAnurag S. Maskey 			    AUTOCONF_WLAN_AUTH, nwam_action_to_string(action));
2886ba597c5SAnurag S. Maskey 			return (NWAM_PERMISSION_DENIED);
2896ba597c5SAnurag S. Maskey 		}
2906ba597c5SAnurag S. Maskey 	} else if (action == NWAM_ACTION_ADD || action == NWAM_ACTION_DESTROY) {
2916ba597c5SAnurag S. Maskey 		if (chkauthattr(AUTOCONF_WRITE_AUTH, pwd->pw_name) == 0) {
2926ba597c5SAnurag S. Maskey 			nlog(LOG_ERR, "nwamd_door_req_action: "
2936ba597c5SAnurag S. Maskey 			    "need %s for %s action", AUTOCONF_WRITE_AUTH,
2946ba597c5SAnurag S. Maskey 			    nwam_action_to_string(action));
2956ba597c5SAnurag S. Maskey 			return (NWAM_PERMISSION_DENIED);
2966ba597c5SAnurag S. Maskey 		}
2976ba597c5SAnurag S. Maskey 	} else if (action == NWAM_ACTION_REFRESH) {
2986ba597c5SAnurag S. Maskey 		if (chkauthattr(AUTOCONF_WRITE_AUTH, pwd->pw_name) == 0 &&
2996ba597c5SAnurag S. Maskey 		    chkauthattr(AUTOCONF_SELECT_AUTH, pwd->pw_name) == 0) {
3006ba597c5SAnurag S. Maskey 			nlog(LOG_ERR, "nwamd_door_req_action: "
3016ba597c5SAnurag S. Maskey 			    "need either %s or %s for %s action",
3026ba597c5SAnurag S. Maskey 			    AUTOCONF_WRITE_AUTH, AUTOCONF_SELECT_AUTH,
3036ba597c5SAnurag S. Maskey 			    nwam_action_to_string(action));
3046ba597c5SAnurag S. Maskey 			return (NWAM_PERMISSION_DENIED);
3056ba597c5SAnurag S. Maskey 		}
3066ba597c5SAnurag S. Maskey 	} else {
3076ba597c5SAnurag S. Maskey 		nlog(LOG_ERR, "nwamd_door_req_action: received unknown "
3086ba597c5SAnurag S. Maskey 		    "action %d (%s)", action, nwam_action_to_string(action));
3096ba597c5SAnurag S. Maskey 		return (NWAM_INVALID_ARG);
3106ba597c5SAnurag S. Maskey 	}
3116ba597c5SAnurag S. Maskey 
3126ba597c5SAnurag S. Maskey 	switch (action) {
3136ba597c5SAnurag S. Maskey 	case NWAM_ACTION_ENABLE:
3146ba597c5SAnurag S. Maskey 	case NWAM_ACTION_DISABLE:
3156ba597c5SAnurag S. Maskey 		nwam_record_audit_event(ucr,
3166ba597c5SAnurag S. Maskey 		    action == NWAM_ACTION_ENABLE ?
3176ba597c5SAnurag S. Maskey 		    ADT_nwam_enable : ADT_nwam_disable, name,
3186ba597c5SAnurag S. Maskey 		    obj_type_str, ADT_SUCCESS, ADT_SUCCESS);
3196ba597c5SAnurag S. Maskey 
3206ba597c5SAnurag S. Maskey 		nlog(LOG_DEBUG, "nwamd_door_req_action: %s %s",