auditconfig.c (8780f632c8794e526157dc18c87834b2cc4f6592) | auditconfig.c (8523fda3525b37e02f4d11efc8cf763bf08204ec) |
---|---|
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 | 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 |
26 | |
27/* 28 * auditconfig - set and display audit parameters 29 */ 30 31#include <locale.h> 32#include <sys/types.h> 33#include <ctype.h> 34#include <stdlib.h> --- 10 unchanged lines hidden (view full) --- 45#include <netdb.h> 46#include <netinet/in.h> 47#include <arpa/inet.h> 48#include <sys/mkdev.h> 49#include <sys/param.h> 50#include <pwd.h> 51#include <libintl.h> 52#include <zone.h> | 26/* 27 * auditconfig - set and display audit parameters 28 */ 29 30#include <locale.h> 31#include <sys/types.h> 32#include <ctype.h> 33#include <stdlib.h> --- 10 unchanged lines hidden (view full) --- 44#include <netdb.h> 45#include <netinet/in.h> 46#include <arpa/inet.h> 47#include <sys/mkdev.h> 48#include <sys/param.h> 49#include <pwd.h> 50#include <libintl.h> 51#include <zone.h> |
53 | 52#include <libscf_priv.h> |
54#include <tsol/label.h> | 53#include <tsol/label.h> |
55#include <bsm/audit.h> 56#include <bsm/audit_record.h> | |
57#include <bsm/libbsm.h> | 54#include <bsm/libbsm.h> |
55#include "auditconfig_impl.h" 56#include "audit_scf.h" |
|
58 | 57 |
59#if !defined(TEXT_DOMAIN) 60#define TEXT_DOMAIN "SUNW_OST_OSCMD" 61#endif 62 | |
63enum commands { | 58enum commands { |
64 AC_ARG_AUDIT, | |
65 AC_ARG_ACONF, | 59 AC_ARG_ACONF, |
66 AC_ARG_CHKCONF, | 60 AC_ARG_AUDIT, |
67 AC_ARG_CHKACONF, | 61 AC_ARG_CHKACONF, |
62 AC_ARG_CHKCONF, |
|
68 AC_ARG_CONF, 69 AC_ARG_GETASID, 70 AC_ARG_GETAUDIT, 71 AC_ARG_GETAUID, 72 AC_ARG_GETCAR, 73 AC_ARG_GETCLASS, 74 AC_ARG_GETCOND, 75 AC_ARG_GETCWD, --- 14 unchanged lines hidden (view full) --- 90 AC_ARG_SETASID, 91 AC_ARG_SETAUDIT, 92 AC_ARG_SETAUID, 93 AC_ARG_SETCLASS, 94 AC_ARG_SETKAUDIT, 95 AC_ARG_SETKMASK, 96 AC_ARG_SETPMASK, 97 AC_ARG_SETPOLICY, | 63 AC_ARG_CONF, 64 AC_ARG_GETASID, 65 AC_ARG_GETAUDIT, 66 AC_ARG_GETAUID, 67 AC_ARG_GETCAR, 68 AC_ARG_GETCLASS, 69 AC_ARG_GETCOND, 70 AC_ARG_GETCWD, --- 14 unchanged lines hidden (view full) --- 85 AC_ARG_SETASID, 86 AC_ARG_SETAUDIT, 87 AC_ARG_SETAUID, 88 AC_ARG_SETCLASS, 89 AC_ARG_SETKAUDIT, 90 AC_ARG_SETKMASK, 91 AC_ARG_SETPMASK, 92 AC_ARG_SETPOLICY, |
98 AC_ARG_SETSMASK, 99 AC_ARG_SETSTAT, | |
100 AC_ARG_SETQBUFSZ, 101 AC_ARG_SETQCTRL, 102 AC_ARG_SETQDELAY, 103 AC_ARG_SETQHIWATER, 104 AC_ARG_SETQLOWATER, | 93 AC_ARG_SETQBUFSZ, 94 AC_ARG_SETQCTRL, 95 AC_ARG_SETQDELAY, 96 AC_ARG_SETQHIWATER, 97 AC_ARG_SETQLOWATER, |
105 AC_ARG_SETUMASK | 98 AC_ARG_SETSMASK, 99 AC_ARG_SETSTAT, 100 AC_ARG_SETUMASK, 101 AC_ARG_SET_TEMPORARY |
106}; 107 108#define AC_KERN_EVENT 0 109#define AC_USER_EVENT 1 110 111#define NONE(s) (!strlen(s) ? gettext("none") : s) 112 | 102}; 103 104#define AC_KERN_EVENT 0 105#define AC_USER_EVENT 1 106 107#define NONE(s) (!strlen(s) ? gettext("none") : s) 108 |
113#define ALL_POLICIES (AUDIT_AHLT|\ 114 AUDIT_ARGE|\ 115 AUDIT_ARGV|\ 116 AUDIT_CNT|\ 117 AUDIT_GROUP|\ 118 AUDIT_WINDATA|\ 119 AUDIT_SEQ|\ 120 AUDIT_TRAIL|\ 121 AUDIT_PATH|\ 122 AUDIT_PUBLIC|\ 123 AUDIT_ZONENAME|\ 124 AUDIT_PERZONE|\ 125 AUDIT_WINDATA_DOWN|\ 126 AUDIT_WINDATA_UP) 127 128#define NO_POLICIES (0) 129 | |
130#define ONEK 1024 131 132/* 133 * remove this after the audit.h is fixed 134 */ | 109#define ONEK 1024 110 111/* 112 * remove this after the audit.h is fixed 113 */ |
135 | |
136struct arg_entry { 137 char *arg_str; 138 char *arg_opts; 139 enum commands auditconfig_cmd; | 114struct arg_entry { 115 char *arg_str; 116 char *arg_opts; 117 enum commands auditconfig_cmd; |
118 boolean_t temporary_allowed; /* -t allowed for the option */ |
|
140}; | 119}; |
120typedef struct arg_entry arg_entry_t; |
|
141 | 121 |
142struct policy_entry { 143 char *policy_str; 144 uint_t policy_mask; 145 char *policy_desc; | 122/* arg_table - command option and usage message table */ 123static arg_entry_t arg_table[] = { 124 { "-aconf", "", AC_ARG_ACONF, B_FALSE}, 125 { "-audit", " event sorf retval string", AC_ARG_AUDIT, B_FALSE}, 126 { "-chkaconf", "", AC_ARG_CHKACONF, B_FALSE}, 127 { "-chkconf", "", AC_ARG_CHKCONF, B_FALSE}, 128 { "-conf", "", AC_ARG_CONF, B_FALSE}, 129 { "-getasid", "", AC_ARG_GETASID, B_FALSE}, 130 { "-getaudit", "", AC_ARG_GETAUDIT, B_FALSE}, 131 { "-getauid", "", AC_ARG_GETAUID, B_FALSE}, 132 { "-getcar", "", AC_ARG_GETCAR, B_FALSE}, 133 { "-getclass", " event", AC_ARG_GETCLASS, B_FALSE}, 134 { "-getcond", "", AC_ARG_GETCOND, B_FALSE}, 135 { "-getcwd", "", AC_ARG_GETCWD, B_FALSE}, 136 { "-getestate", " event", AC_ARG_GETESTATE, B_FALSE}, 137 { "-getkaudit", "", AC_ARG_GETKAUDIT, B_FALSE}, 138 { "-getkmask", "", AC_ARG_GETKMASK, B_FALSE}, 139 { "-getpinfo", " pid", AC_ARG_GETPINFO, B_FALSE}, 140 { "-getpolicy", "", AC_ARG_GETPOLICY, B_TRUE}, 141 { "-getqbufsz", "", AC_ARG_GETQBUFSZ, B_TRUE}, 142 { "-getqctrl", "", AC_ARG_GETQCTRL, B_TRUE}, 143 { "-getqdelay", "", AC_ARG_GETQDELAY, B_TRUE}, 144 { "-getqhiwater", "", AC_ARG_GETQHIWATER, B_TRUE}, 145 { "-getqlowater", "", AC_ARG_GETQLOWATER, B_TRUE}, 146 { "-getstat", "", AC_ARG_GETSTAT, B_FALSE}, 147 { "-gettid", "", AC_ARG_GETTERMID, B_FALSE}, 148 { "-lsevent", "", AC_ARG_LSEVENT, B_FALSE}, 149 { "-lspolicy", "", AC_ARG_LSPOLICY, B_FALSE}, 150 { "-setasid", " asid [cmd]", AC_ARG_SETASID, B_FALSE}, 151 { "-setaudit", " auid audit_flags termid asid [cmd]", 152 AC_ARG_SETAUDIT, B_FALSE}, 153 { "-setauid", " auid [cmd]", AC_ARG_SETAUID, B_FALSE}, 154 { "-setclass", " event audit_flags", AC_ARG_SETCLASS, B_FALSE}, 155 { "-setkaudit", " type IP_address", AC_ARG_SETKAUDIT, B_FALSE}, 156 { "-setkmask", " audit_flags", AC_ARG_SETKMASK, B_FALSE}, 157 { "-setpmask", " pid audit_flags", AC_ARG_SETPMASK, B_FALSE}, 158 { "-setpolicy", " [+|-]policy_flags", AC_ARG_SETPOLICY, B_TRUE}, 159 { "-setqbufsz", " bufsz", AC_ARG_SETQBUFSZ, B_TRUE}, 160 { "-setqctrl", " hiwater lowater bufsz delay", 161 AC_ARG_SETQCTRL, B_TRUE}, 162 { "-setqdelay", " delay", AC_ARG_SETQDELAY, B_TRUE}, 163 { "-setqhiwater", " hiwater", AC_ARG_SETQHIWATER, B_TRUE}, 164 { "-setqlowater", " lowater", AC_ARG_SETQLOWATER, B_TRUE}, 165 { "-setsmask", " asid audit_flags", AC_ARG_SETSMASK, B_FALSE}, 166 { "-setstat", "", AC_ARG_SETSTAT, B_FALSE}, 167 { "-setumask", " user audit_flags", AC_ARG_SETUMASK, B_FALSE}, 168 { "-t", "", AC_ARG_SET_TEMPORARY, B_FALSE}, |
146}; 147 | 169}; 170 |
148static struct arg_entry arg_table[] = { 149 { "-aconf", "", AC_ARG_ACONF}, 150 { "-audit", "event sorf retval string", AC_ARG_AUDIT}, 151 { "-chkaconf", "", AC_ARG_CHKACONF}, 152 { "-chkconf", "", AC_ARG_CHKCONF}, 153 { "-conf", "", AC_ARG_CONF}, 154 { "-getasid", "", AC_ARG_GETASID}, 155 { "-getaudit", "", AC_ARG_GETAUDIT}, 156 { "-getauid", "", AC_ARG_GETAUID}, 157 { "-getcar", "", AC_ARG_GETCAR}, 158 { "-getclass", "event", AC_ARG_GETCLASS}, 159 { "-getcond", "", AC_ARG_GETCOND}, 160 { "-getcwd", "", AC_ARG_GETCWD}, 161 { "-getestate", "event", AC_ARG_GETESTATE}, 162 { "-getkaudit", "", AC_ARG_GETKAUDIT}, 163 { "-getkmask", "", AC_ARG_GETKMASK}, 164 { "-getpinfo", "pid", AC_ARG_GETPINFO}, 165 { "-getpolicy", "", AC_ARG_GETPOLICY}, 166 { "-getqbufsz", "", AC_ARG_GETQBUFSZ}, 167 { "-getqctrl", "", AC_ARG_GETQCTRL}, 168 { "-getqdelay", "", AC_ARG_GETQDELAY}, 169 { "-getqhiwater", "", AC_ARG_GETQHIWATER}, 170 { "-getqlowater", "", AC_ARG_GETQLOWATER}, 171 { "-getstat", "", AC_ARG_GETSTAT}, 172 { "-gettid", "", AC_ARG_GETTERMID}, 173 { "-lsevent", "", AC_ARG_LSEVENT}, 174 { "-lspolicy", "", AC_ARG_LSPOLICY}, 175 { "-setasid", "asid [cmd]", AC_ARG_SETASID}, 176 { "-setaudit", "auid audit_flags termid asid [cmd]", 177 AC_ARG_SETAUDIT}, 178 { "-setauid", "auid [cmd]", AC_ARG_SETAUID}, 179 { "-setclass", "event audit_flags", AC_ARG_SETCLASS}, 180 { "-setkaudit", "type IP_address", AC_ARG_SETKAUDIT}, 181 { "-setkmask", "audit_flags", AC_ARG_SETKMASK}, 182 { "-setpmask", "pid audit_flags", AC_ARG_SETPMASK}, 183 { "-setpolicy", "[+|-]policy_flags", AC_ARG_SETPOLICY}, 184 { "-setqbufsz", "bufsz", AC_ARG_SETQBUFSZ}, 185 { "-setqctrl", "hiwater lowater bufsz delay", AC_ARG_SETQCTRL}, 186 { "-setqdelay", "delay", AC_ARG_SETQDELAY}, 187 { "-setqhiwater", "hiwater", AC_ARG_SETQHIWATER}, 188 { "-setqlowater", "lowater", AC_ARG_SETQLOWATER}, 189 { "-setsmask", "asid audit_flags", AC_ARG_SETSMASK}, 190 { "-setstat", "", AC_ARG_SETSTAT}, 191 { "-setumask", "user audit_flags", AC_ARG_SETUMASK}, 192}; | 171#define ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t)) |
193 | 172 |
194#define ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry)) | 173char *progname = "auditconfig"; |
195 | 174 |
196static struct policy_entry policy_table[] = { 197 {"ahlt", AUDIT_AHLT, "halt machine if it can not record an " 198 "async event"}, 199 {"all", ALL_POLICIES, "all policies"}, 200 {"arge", AUDIT_ARGE, "include exec environment args in audit recs"}, 201 {"argv", AUDIT_ARGV, "include exec command line args in audit recs"}, 202 {"cnt", AUDIT_CNT, "when no more space, drop recs and keep a cnt"}, 203 {"group", AUDIT_GROUP, "include supplementary groups in audit recs"}, 204 {"none", NO_POLICIES, "no policies"}, 205 {"path", AUDIT_PATH, "allow multiple paths per event"}, 206 {"perzone", AUDIT_PERZONE, "use a separate queue and auditd per " 207 "zone"}, 208 {"public", AUDIT_PUBLIC, "audit public files"}, 209 {"seq", AUDIT_SEQ, "include a sequence number in audit recs"}, 210 {"trail", AUDIT_TRAIL, "include trailer token in audit recs"}, 211 {"windata_down", AUDIT_WINDATA_DOWN, "include downgraded window " 212 "information in audit recs"}, 213 {"windata_up", AUDIT_WINDATA_UP, "include upgraded window " 214 "information in audit recs"}, 215 {"zonename", AUDIT_ZONENAME, "generate zonename token"} 216}; | 175/* 176 * temporary_set true to get/set only kernel settings, 177 * false to get/set kernel settings and service properties 178 */ 179static boolean_t temporary_set = B_FALSE; |
217 | 180 |
218#define POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry)) 219 220static char *progname = "auditconfig"; 221 | |
222static au_event_ent_t *egetauevnam(char *event_name); 223static au_event_ent_t *egetauevnum(au_event_t event_number); 224static int arg_ent_compare(const void *aep1, const void *aep2); 225static char *cond2str(void); | 181static au_event_ent_t *egetauevnam(char *event_name); 182static au_event_ent_t *egetauevnum(au_event_t event_number); 183static int arg_ent_compare(const void *aep1, const void *aep2); 184static char *cond2str(void); |
226static int policy2str(uint_t policy, char *policy_str, size_t len); | 185static int policy2str(uint32_t policy, char *policy_str, size_t len); |
227static int str2type(char *s, uint_t *type); | 186static int str2type(char *s, uint_t *type); |
228static int str2policy(char *policy_str, uint_t *policy_mask); | 187static int str2policy(char *policy_str, uint32_t *policy_mask); |
229static int str2ipaddr(char *s, uint32_t *addr, uint32_t type); 230static int strisflags(char *s); 231static int strisipaddr(char *s); 232static int strisnum(char *s); | 188static int str2ipaddr(char *s, uint32_t *addr, uint32_t type); 189static int strisflags(char *s); 190static int strisipaddr(char *s); 191static int strisnum(char *s); |
233static struct arg_entry *get_arg_ent(char *arg_str); 234static struct policy_entry *get_policy_ent(char *policy); | 192static arg_entry_t *get_arg_ent(char *arg_str); |
235static uid_t get_user_id(char *user); 236static void chk_event_num(int etype, au_event_t event); 237static void chk_event_str(int etype, char *event_str); 238static void chk_retval(char *retval_str); 239static void chk_sorf(char *sorf_str); 240static void do_aconf(void); 241static void do_args(char **argv); 242static void do_audit(char *, char, int, char *); --- 47 unchanged lines hidden (view full) --- 290static void esetkaudit(auditinfo_addr_t *ai, int size); 291static void egetauditflagsbin(char *auditflags, au_mask_t *pmask); 292static void egetauid(au_id_t *auid); 293static void esetaudit(auditinfo_addr_t *ai, int size); 294static void esetauid(au_id_t *auid); 295static void execit(char **argv); 296static void exit_error(char *fmt, ...); 297static void exit_usage(int status); | 193static uid_t get_user_id(char *user); 194static void chk_event_num(int etype, au_event_t event); 195static void chk_event_str(int etype, char *event_str); 196static void chk_retval(char *retval_str); 197static void chk_sorf(char *sorf_str); 198static void do_aconf(void); 199static void do_args(char **argv); 200static void do_audit(char *, char, int, char *); --- 47 unchanged lines hidden (view full) --- 248static void esetkaudit(auditinfo_addr_t *ai, int size); 249static void egetauditflagsbin(char *auditflags, au_mask_t *pmask); 250static void egetauid(au_id_t *auid); 251static void esetaudit(auditinfo_addr_t *ai, int size); 252static void esetauid(au_id_t *auid); 253static void execit(char **argv); 254static void exit_error(char *fmt, ...); 255static void exit_usage(int status); |
298static void parse_args(char **argv); | 256static void parse_args(int argc, char **argv); |
299static void print_asid(au_asid_t asid); 300static void print_auid(au_id_t auid); 301static void print_mask(char *desc, au_mask_t *pmp); 302static void print_tid_ex(au_tid_addr_t *tidp); 303 | 257static void print_asid(au_asid_t asid); 258static void print_auid(au_id_t auid); 259static void print_mask(char *desc, au_mask_t *pmp); 260static void print_tid_ex(au_tid_addr_t *tidp); 261 |
262#if !defined(TEXT_DOMAIN) 263#define TEXT_DOMAIN "SUNW_OST_OSCMD" 264#endif 265 |
|
304int 305main(int argc, char **argv) 306{ 307 (void) setlocale(LC_ALL, ""); 308 (void) textdomain(TEXT_DOMAIN); 309 310 if (argc == 1) { 311 exit_usage(0); | 266int 267main(int argc, char **argv) 268{ 269 (void) setlocale(LC_ALL, ""); 270 (void) textdomain(TEXT_DOMAIN); 271 272 if (argc == 1) { 273 exit_usage(0); |
312 exit(0); | |
313 } 314 315 if (argc == 2 && | 274 } 275 276 if (argc == 2 && |
316 (argv[1][0] == '?' || 317 strcmp(argv[1], "-h") == 0 || 318 strcmp(argv[1], "-?") == 0)) | 277 (argv[1][0] == '?' || 278 strcmp(argv[1], "-h") == 0 || 279 strcmp(argv[1], "-?") == 0)) { |
319 exit_usage(0); | 280 exit_usage(0); |
281 } |
|
320 | 282 |
321 parse_args(argv); | 283 parse_args(argc, argv); |
322 do_args(argv); 323 324 return (0); 325} 326 327/* 328 * parse_args() 329 * Desc: Checks command line argument syntax. 330 * Inputs: Command line argv; 331 * Returns: If a syntax error is detected, a usage message is printed 332 * and exit() is called. If a syntax error is not detected, 333 * parse_args() returns without a value. 334 */ 335static void | 284 do_args(argv); 285 286 return (0); 287} 288 289/* 290 * parse_args() 291 * Desc: Checks command line argument syntax. 292 * Inputs: Command line argv; 293 * Returns: If a syntax error is detected, a usage message is printed 294 * and exit() is called. If a syntax error is not detected, 295 * parse_args() returns without a value. 296 */ 297static void |
336parse_args(char **argv) | 298parse_args(int argc, char **argv) |
337{ | 299{ |
338 struct arg_entry *ae; | 300 arg_entry_t *ae; |
339 340 au_mask_t mask; 341 uint_t type; 342 uint_t addr[4]; 343 344 for (++argv; *argv; argv++) { 345 if ((ae = get_arg_ent(*argv)) == NULL) { 346 exit_usage(1); 347 } 348 349 switch (ae->auditconfig_cmd) { 350 351 case AC_ARG_AUDIT: 352 ++argv; 353 if (!*argv) 354 exit_usage(1); 355 if (strisnum(*argv)) { 356 chk_event_num(AC_USER_EVENT, | 301 302 au_mask_t mask; 303 uint_t type; 304 uint_t addr[4]; 305 306 for (++argv; *argv; argv++) { 307 if ((ae = get_arg_ent(*argv)) == NULL) { 308 exit_usage(1); 309 } 310 311 switch (ae->auditconfig_cmd) { 312 313 case AC_ARG_AUDIT: 314 ++argv; 315 if (!*argv) 316 exit_usage(1); 317 if (strisnum(*argv)) { 318 chk_event_num(AC_USER_EVENT, |
357 (au_event_t)atol(*argv)); | 319 (au_event_t)atol(*argv)); |
358 } else { 359 chk_event_str(AC_USER_EVENT, *argv); 360 } 361 ++argv; 362 if (!*argv) 363 exit_usage(1); 364 chk_sorf(*argv); 365 ++argv; --- 58 unchanged lines hidden (view full) --- 424 break; 425 426 case AC_ARG_SETKAUDIT: 427 ++argv; 428 if (!*argv) 429 exit_usage(1); 430 if (str2type (*argv, &type)) 431 exit_error(gettext( | 320 } else { 321 chk_event_str(AC_USER_EVENT, *argv); 322 } 323 ++argv; 324 if (!*argv) 325 exit_usage(1); 326 chk_sorf(*argv); 327 ++argv; --- 58 unchanged lines hidden (view full) --- 386 break; 387 388 case AC_ARG_SETKAUDIT: 389 ++argv; 390 if (!*argv) 391 exit_usage(1); 392 if (str2type (*argv, &type)) 393 exit_error(gettext( |
432 "Invalid IP address type specified.")); | 394 "Invalid IP address type specified.")); |
433 ++argv; 434 if (!*argv) 435 exit_usage(1); 436 437 if (str2ipaddr(*argv, addr, type)) | 395 ++argv; 396 if (!*argv) 397 exit_usage(1); 398 399 if (str2ipaddr(*argv, addr, type)) |
438 exit_error(gettext( 439 "Invalid IP address specified.")); | 400 exit_error( 401 gettext("Invalid IP address specified.")); |
440 break; 441 442 case AC_ARG_SETCLASS: 443 ++argv; 444 if (!*argv) 445 exit_usage(1); 446 if (strisnum(*argv)) 447 chk_event_num(AC_KERN_EVENT, | 402 break; 403 404 case AC_ARG_SETCLASS: 405 ++argv; 406 if (!*argv) 407 exit_usage(1); 408 if (strisnum(*argv)) 409 chk_event_num(AC_KERN_EVENT, |
448 (au_event_t)atol(*argv)); | 410 (au_event_t)atol(*argv)); |
449 else 450 chk_event_str(AC_KERN_EVENT, *argv); 451 ++argv; 452 if (!*argv) 453 exit_usage(1); 454 str2mask(*argv, &mask); 455 break; 456 --- 37 unchanged lines hidden (view full) --- 494 exit_error(gettext("Invalid bufsz specified.")); 495 break; 496 497 case AC_ARG_SETQCTRL: 498 ++argv; 499 if (!*argv) 500 exit_usage(1); 501 if (!strisnum(*argv)) | 411 else 412 chk_event_str(AC_KERN_EVENT, *argv); 413 ++argv; 414 if (!*argv) 415 exit_usage(1); 416 str2mask(*argv, &mask); 417 break; 418 --- 37 unchanged lines hidden (view full) --- 456 exit_error(gettext("Invalid bufsz specified.")); 457 break; 458 459 case AC_ARG_SETQCTRL: 460 ++argv; 461 if (!*argv) 462 exit_usage(1); 463 if (!strisnum(*argv)) |
502 exit_error(gettext( 503 "Invalid hiwater specified.")); | 464 exit_error( 465 gettext("Invalid hiwater specified.")); |
504 ++argv; 505 if (!*argv) 506 exit_usage(1); 507 if (!strisnum(*argv)) | 466 ++argv; 467 if (!*argv) 468 exit_usage(1); 469 if (!strisnum(*argv)) |
508 exit_error(gettext( 509 gettext("Invalid lowater specified."))); | 470 exit_error( 471 gettext("Invalid lowater specified.")); |
510 ++argv; 511 if (!*argv) 512 exit_usage(1); 513 if (!strisnum(*argv)) 514 exit_error(gettext("Invalid bufsz specified.")); 515 ++argv; 516 if (!*argv) 517 exit_usage(1); --- 9 unchanged lines hidden (view full) --- 527 exit_error(gettext("Invalid delay specified.")); 528 break; 529 530 case AC_ARG_SETQHIWATER: 531 ++argv; 532 if (!*argv) 533 exit_usage(1); 534 if (!strisnum(*argv)) { | 472 ++argv; 473 if (!*argv) 474 exit_usage(1); 475 if (!strisnum(*argv)) 476 exit_error(gettext("Invalid bufsz specified.")); 477 ++argv; 478 if (!*argv) 479 exit_usage(1); --- 9 unchanged lines hidden (view full) --- 489 exit_error(gettext("Invalid delay specified.")); 490 break; 491 492 case AC_ARG_SETQHIWATER: 493 ++argv; 494 if (!*argv) 495 exit_usage(1); 496 if (!strisnum(*argv)) { |
535 exit_error(gettext( 536 "Invalid hiwater specified.")); | 497 exit_error( 498 gettext("Invalid hiwater specified.")); |
537 } 538 break; 539 540 case AC_ARG_SETQLOWATER: 541 ++argv; 542 if (!*argv) 543 exit_usage(1); 544 if (!strisnum(*argv)) { | 499 } 500 break; 501 502 case AC_ARG_SETQLOWATER: 503 ++argv; 504 if (!*argv) 505 exit_usage(1); 506 if (!strisnum(*argv)) { |
545 exit_error(gettext( 546 "Invalid lowater specified.")); | 507 exit_error( 508 gettext("Invalid lowater specified.")); |
547 } 548 break; 549 550 case AC_ARG_SETSMASK: 551 case AC_ARG_SETUMASK: 552 ++argv; 553 if (!*argv) 554 exit_usage(1); 555 ++argv; 556 if (!*argv) 557 exit_usage(1); 558 str2mask(*argv, &mask); 559 break; 560 | 509 } 510 break; 511 512 case AC_ARG_SETSMASK: 513 case AC_ARG_SETUMASK: 514 ++argv; 515 if (!*argv) 516 exit_usage(1); 517 ++argv; 518 if (!*argv) 519 exit_usage(1); 520 str2mask(*argv, &mask); 521 break; 522 |
523 case AC_ARG_SET_TEMPORARY: 524 /* Do not accept single -t option. */ 525 if (argc == 2) { 526 exit_error( 527 gettext("Only the -t option specified " 528 "(it is not a standalone option).")); 529 } 530 temporary_set = B_TRUE; 531 break; 532 |
|
561 default: 562 exit_error(gettext("Internal error #1.")); 563 break; 564 } 565 } 566} 567 568 569/* | 533 default: 534 exit_error(gettext("Internal error #1.")); 535 break; 536 } 537 } 538} 539 540 541/* |
570 * do_args() 571 * Desc: Do command line arguments in the order in which they appear. | 542 * do_args() - do command line arguments in the order in which they appear. 543 * Function return values returned by the underlying functions; the semantics 544 * they should follow is to return B_TRUE on successful execution, B_FALSE 545 * otherwise. |
572 */ 573static void 574do_args(char **argv) 575{ | 546 */ 547static void 548do_args(char **argv) 549{ |
576 struct arg_entry *ae; | 550 arg_entry_t *ae; |
577 578 for (++argv; *argv; argv++) { 579 ae = get_arg_ent(*argv); 580 581 switch (ae->auditconfig_cmd) { 582 583 case AC_ARG_AUDIT: 584 { --- 141 unchanged lines hidden (view full) --- 726 user_str = *argv; 727 ++argv; 728 mask_str = *argv; 729 ++argv; 730 tid_str = *argv; 731 ++argv; 732 sid_str = *argv; 733 ++argv; | 551 552 for (++argv; *argv; argv++) { 553 ae = get_arg_ent(*argv); 554 555 switch (ae->auditconfig_cmd) { 556 557 case AC_ARG_AUDIT: 558 { --- 141 unchanged lines hidden (view full) --- 700 user_str = *argv; 701 ++argv; 702 mask_str = *argv; 703 ++argv; 704 tid_str = *argv; 705 ++argv; 706 sid_str = *argv; 707 ++argv; |
734 do_setaudit(user_str, mask_str, 735 tid_str, sid_str, argv); | 708 do_setaudit(user_str, mask_str, tid_str, 709 sid_str, argv); |
736 } 737 break; 738 739 case AC_ARG_SETKAUDIT: 740 { 741 char *address_type, *address; 742 743 ++argv; address_type = *argv; --- 99 unchanged lines hidden (view full) --- 843 844 ++argv; 845 auid_str = *argv; 846 ++argv; 847 audit_flags = *argv; 848 do_setumask(auid_str, audit_flags); 849 } 850 break; | 710 } 711 break; 712 713 case AC_ARG_SETKAUDIT: 714 { 715 char *address_type, *address; 716 717 ++argv; address_type = *argv; --- 99 unchanged lines hidden (view full) --- 817 818 ++argv; 819 auid_str = *argv; 820 ++argv; 821 audit_flags = *argv; 822 do_setumask(auid_str, audit_flags); 823 } 824 break; |
825 case AC_ARG_SET_TEMPORARY: 826 break; |
|
851 852 default: 853 exit_error(gettext("Internal error #2.")); 854 break; 855 } 856 } 857} 858 859/* | 827 828 default: 829 exit_error(gettext("Internal error #2.")); 830 break; 831 } 832 } 833} 834 835/* |
860 * The returned value is for the global zone unless AUDIT_PERZONE is 861 * set. | 836 * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE 837 * is set. |
862 */ | 838 */ |
863 | |
864static void 865do_chkconf(void) 866{ 867 register au_event_ent_t *evp; 868 au_mask_t pmask; 869 char conf_aflags[256]; 870 char run_aflags[256]; 871 au_stat_t as; 872 int class; 873 int len; 874 struct au_evclass_map cmap; 875 876 pmask.am_success = pmask.am_failure = 0; 877 eauditon(A_GETSTAT, (caddr_t)&as, 0); 878 879 setauevent(); 880 if (getauevent() == NULL) { | 839static void 840do_chkconf(void) 841{ 842 register au_event_ent_t *evp; 843 au_mask_t pmask; 844 char conf_aflags[256]; 845 char run_aflags[256]; 846 au_stat_t as; 847 int class; 848 int len; 849 struct au_evclass_map cmap; 850 851 pmask.am_success = pmask.am_failure = 0; 852 eauditon(A_GETSTAT, (caddr_t)&as, 0); 853 854 setauevent(); 855 if (getauevent() == NULL) { |
881 (void) exit_error(gettext( 882 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); | 856 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 857 AUDITEVENTFILE); |
883 } 884 885 setauevent(); 886 while ((evp = getauevent()) != NULL) { 887 cmap.ec_number = evp->ae_number; 888 len = sizeof (struct au_evclass_map); 889 if (evp->ae_number <= as.as_numevent) { 890 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { --- 4 unchanged lines hidden (view full) --- 895 "be bad.\n")); 896 } else { 897 class = cmap.ec_class; 898 if (class != evp->ae_class) { 899 conf_aflags[0] = run_aflags[0] = '\0'; 900 pmask.am_success = class; 901 pmask.am_failure = class; 902 (void) getauditflagschar(run_aflags, | 858 } 859 860 setauevent(); 861 while ((evp = getauevent()) != NULL) { 862 cmap.ec_number = evp->ae_number; 863 len = sizeof (struct au_evclass_map); 864 if (evp->ae_number <= as.as_numevent) { 865 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { --- 4 unchanged lines hidden (view full) --- 870 "be bad.\n")); 871 } else { 872 class = cmap.ec_class; 873 if (class != evp->ae_class) { 874 conf_aflags[0] = run_aflags[0] = '\0'; 875 pmask.am_success = class; 876 pmask.am_failure = class; 877 (void) getauditflagschar(run_aflags, |
903 &pmask, 0); | 878 &pmask, 0); |
904 pmask.am_success = evp->ae_class; 905 pmask.am_failure = evp->ae_class; 906 (void) getauditflagschar(conf_aflags, | 879 pmask.am_success = evp->ae_class; 880 pmask.am_failure = evp->ae_class; 881 (void) getauditflagschar(conf_aflags, |
907 &pmask, 0); | 882 &pmask, 0); |
908 909 (void) printf(gettext( 910 "%s(%hu): CLASS MISMATCH: " 911 "runtime class (%s) != " 912 "configured class (%s)\n"), 913 evp->ae_name, evp->ae_number, 914 NONE(run_aflags), 915 NONE(conf_aflags)); 916 } 917 } 918 } 919 } 920 endauevent(); 921} 922 923/* | 883 884 (void) printf(gettext( 885 "%s(%hu): CLASS MISMATCH: " 886 "runtime class (%s) != " 887 "configured class (%s)\n"), 888 evp->ae_name, evp->ae_number, 889 NONE(run_aflags), 890 NONE(conf_aflags)); 891 } 892 } 893 } 894 } 895 endauevent(); 896} 897 898/* |
924 * The returned value is for the global zone unless AUDIT_PERZONE is 925 * set. | 899 * do_conf() - configure the kernel events. The value returned to the user is 900 * for the global zone unless AUDIT_PERZONE is set. |
926 */ 927static void 928do_conf(void) 929{ 930 register au_event_ent_t *evp; 931 register int i; 932 au_evclass_map_t ec; 933 au_stat_t as; --- 11 unchanged lines hidden (view full) --- 945 } 946 } 947 endauevent(); 948 (void) printf(gettext("Configured %d kernel events.\n"), i); 949 950} 951 952/* | 901 */ 902static void 903do_conf(void) 904{ 905 register au_event_ent_t *evp; 906 register int i; 907 au_evclass_map_t ec; 908 au_stat_t as; --- 11 unchanged lines hidden (view full) --- 920 } 921 } 922 endauevent(); 923 (void) printf(gettext("Configured %d kernel events.\n"), i); 924 925} 926 927/* |
953 * The returned value is for the global zone unless AUDIT_PERZONE is 954 * set. | 928 * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit 929 * event does not match the configured class mask. The value returned to the 930 * user is for the global zone unless AUDIT_PERZONE is set. |
955 */ | 931 */ |
956 | |
957static void 958do_chkaconf(void) 959{ | 932static void 933do_chkaconf(void) 934{ |
960 char buf[1024]; 961 au_mask_t pmask, kmask; | 935 char buf[1024]; 936 au_mask_t pmask, kmask; |
962 963 if (getacna(buf, sizeof (buf)) < 0) { 964 (void) fprintf(stderr, 965 gettext("bad non-attributable flags in audit_control\n")); 966 exit(1); 967 } 968 969 if (getauditflagsbin(buf, &pmask) < 0) { --- 14 unchanged lines hidden (view full) --- 984 } 985 (void) printf(gettext("non-attributable event mismatch ")); 986 (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 987 buf, kbuf); 988 } 989} 990 991/* | 937 938 if (getacna(buf, sizeof (buf)) < 0) { 939 (void) fprintf(stderr, 940 gettext("bad non-attributable flags in audit_control\n")); 941 exit(1); 942 } 943 944 if (getauditflagsbin(buf, &pmask) < 0) { --- 14 unchanged lines hidden (view full) --- 959 } 960 (void) printf(gettext("non-attributable event mismatch ")); 961 (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 962 buf, kbuf); 963 } 964} 965 966/* |
992 * The returned value is for the global zone unless AUDIT_PERZONE is 993 * set. | 967 * do_aconf - configures the non-attributable events. The value returned to the 968 * user is for the global zone unless AUDIT_PERZONE is set. |
994 */ | 969 */ |
995 | |
996static void 997do_aconf(void) 998{ 999 char buf[2048]; 1000 au_mask_t pmask; 1001 1002 if (getacna(buf, sizeof (buf)) < 0) { 1003 (void) fprintf(stderr, --- 6 unchanged lines hidden (view full) --- 1010 gettext("bad audit flag value encountered\n")); 1011 exit(1); 1012 } 1013 1014 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1015 (void) printf(gettext("Configured non-attributable events.\n")); 1016} 1017 | 970static void 971do_aconf(void) 972{ 973 char buf[2048]; 974 au_mask_t pmask; 975 976 if (getacna(buf, sizeof (buf)) < 0) { 977 (void) fprintf(stderr, --- 6 unchanged lines hidden (view full) --- 984 gettext("bad audit flag value encountered\n")); 985 exit(1); 986 } 987 988 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 989 (void) printf(gettext("Configured non-attributable events.\n")); 990} 991 |
992/* 993 * do_audit() - construct an audit record for audit event event using the 994 * process's audit characteristics containing a text token string audit_str. The 995 * return token is constructed from the success/failure flag sort. Returned 996 * value retval is an errno value. 997 */ |
|
1018static void 1019do_audit(char *event, char sorf, int retval, char *audit_str) 1020{ 1021 int rtn; 1022 int rd; 1023 au_event_t event_num; 1024 au_event_ent_t *evp; 1025 auditinfo_addr_t ai; --- 16 unchanged lines hidden (view full) --- 1042 gettext("Check audit event configuration."), 1043 gettext("Could not get audit class for event number"), 1044 evp->ae_number); 1045 } 1046 1047 /* record is preselected */ 1048 if (rtn == 1) { 1049 if ((rd = au_open()) == -1) { | 998static void 999do_audit(char *event, char sorf, int retval, char *audit_str) 1000{ 1001 int rtn; 1002 int rd; 1003 au_event_t event_num; 1004 au_event_ent_t *evp; 1005 auditinfo_addr_t ai; --- 16 unchanged lines hidden (view full) --- 1022 gettext("Check audit event configuration."), 1023 gettext("Could not get audit class for event number"), 1024 evp->ae_number); 1025 } 1026 1027 /* record is preselected */ 1028 if (rtn == 1) { 1029 if ((rd = au_open()) == -1) { |
1050 exit_error(gettext("Could not get and audit record " 1051 "descriptor\n")); | 1030 exit_error(gettext( 1031 "Could not get and audit record descriptor\n")); |
1052 } 1053 if ((tokp = au_to_me()) == NULL) { | 1032 } 1033 if ((tokp = au_to_me()) == NULL) { |
1054 exit_error(gettext("Could not allocate subject " 1055 "token\n")); | 1034 exit_error( 1035 gettext("Could not allocate subject token\n")); |
1056 } 1057 if (au_write(rd, tokp) == -1) { | 1036 } 1037 if (au_write(rd, tokp) == -1) { |
1058 exit_error(gettext("Could not construct subject " 1059 "token of audit record\n")); | 1038 exit_error(gettext("Could not construct subject token " 1039 "of audit record\n")); |
1060 } 1061 if (is_system_labeled()) { 1062 if ((tokp = au_to_mylabel()) == NULL) { | 1040 } 1041 if (is_system_labeled()) { 1042 if ((tokp = au_to_mylabel()) == NULL) { |
1063 exit_error(gettext("Could not allocate " 1064 "label token\n")); | 1043 exit_error(gettext( 1044 "Could not allocate label token\n")); |
1065 } 1066 if (au_write(rd, tokp) == -1) { | 1045 } 1046 if (au_write(rd, tokp) == -1) { |
1067 exit_error(gettext("Could not construct " 1068 "label token of audit record\n")); | 1047 exit_error(gettext("Could not " 1048 "construct label token of audit record\n")); |
1069 } 1070 } 1071 1072 if ((tokp = au_to_text(audit_str)) == NULL) 1073 exit_error(gettext("Could not allocate text token\n")); 1074 if (au_write(rd, tokp) == -1) 1075 exit_error(gettext("Could not construct text token of " 1076 "audit record\n")); 1077#ifdef _LP64 1078 if ((tokp = au_to_return64(sorf, retval)) == NULL) 1079#else 1080 if ((tokp = au_to_return32(sorf, retval)) == NULL) 1081#endif | 1049 } 1050 } 1051 1052 if ((tokp = au_to_text(audit_str)) == NULL) 1053 exit_error(gettext("Could not allocate text token\n")); 1054 if (au_write(rd, tokp) == -1) 1055 exit_error(gettext("Could not construct text token of " 1056 "audit record\n")); 1057#ifdef _LP64 1058 if ((tokp = au_to_return64(sorf, retval)) == NULL) 1059#else 1060 if ((tokp = au_to_return32(sorf, retval)) == NULL) 1061#endif |
1082 exit_error(gettext("Could not allocate return " 1083 "token\n")); | 1062 exit_error( 1063 gettext("Could not allocate return token\n")); |
1084 if (au_write(rd, tokp) == -1) { 1085 exit_error(gettext("Could not construct return token " 1086 "of audit record\n")); 1087 } 1088 if (au_close(rd, 1, evp->ae_number) == -1) { | 1064 if (au_write(rd, tokp) == -1) { 1065 exit_error(gettext("Could not construct return token " 1066 "of audit record\n")); 1067 } 1068 if (au_close(rd, 1, evp->ae_number) == -1) { |
1089 exit_error(gettext("Could not write audit record: " 1090 "%s\n"), strerror(errno)); | 1069 exit_error( 1070 gettext("Could not write audit record: %s\n"), 1071 strerror(errno)); |
1091 } 1092 } 1093} 1094 | 1072 } 1073 } 1074} 1075 |
1076/* 1077 * do_getauid() - print the audit id of the current process. 1078 */ |
|
1095static void 1096do_getauid(void) 1097{ 1098 au_id_t auid; 1099 1100 egetauid(&auid); 1101 print_auid(auid); 1102} 1103 | 1079static void 1080do_getauid(void) 1081{ 1082 au_id_t auid; 1083 1084 egetauid(&auid); 1085 print_auid(auid); 1086} 1087 |
1088/* 1089 * do_getaudit() - print the audit characteristics of the current process. 1090 */ |
|
1104static void 1105do_getaudit(void) 1106{ 1107 auditinfo_addr_t ai; 1108 1109 egetaudit(&ai, sizeof (ai)); 1110 print_auid(ai.ai_auid); 1111 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1112 print_tid_ex(&ai.ai_termid); 1113 print_asid(ai.ai_asid); 1114} 1115 | 1091static void 1092do_getaudit(void) 1093{ 1094 auditinfo_addr_t ai; 1095 1096 egetaudit(&ai, sizeof (ai)); 1097 print_auid(ai.ai_auid); 1098 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1099 print_tid_ex(&ai.ai_termid); 1100 print_asid(ai.ai_asid); 1101} 1102 |
1103/* 1104 * do_getkaudit() - print the audit characteristics of the current zone. 1105 */ |
|
1116static void 1117do_getkaudit(void) 1118{ 1119 auditinfo_addr_t ai; 1120 1121 egetkaudit(&ai, sizeof (ai)); 1122 print_auid(ai.ai_auid); 1123 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1124 print_tid_ex(&ai.ai_termid); 1125 print_asid(ai.ai_asid); 1126} 1127 1128/* | 1106static void 1107do_getkaudit(void) 1108{ 1109 auditinfo_addr_t ai; 1110 1111 egetkaudit(&ai, sizeof (ai)); 1112 print_auid(ai.ai_auid); 1113 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1114 print_tid_ex(&ai.ai_termid); 1115 print_asid(ai.ai_asid); 1116} 1117 1118/* |
1129 * per zone if AUDIT_PERZONE set, else only in global zone. | 1119 * do_setkaudit() - set IP address_type/address of machine to specified values; 1120 * valid per zone if AUDIT_PERZONE is set, else only in global zone. |
1130 */ | 1121 */ |
1131 | |
1132static void 1133do_setkaudit(char *t, char *s) 1134{ 1135 uint_t type; 1136 auditinfo_addr_t ai; 1137 1138 egetkaudit(&ai, sizeof (ai)); 1139 (void) str2type(t, &type); 1140 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 1141 ai.ai_termid.at_type = type; 1142 esetkaudit(&ai, sizeof (ai)); 1143} 1144 1145/* | 1122static void 1123do_setkaudit(char *t, char *s) 1124{ 1125 uint_t type; 1126 auditinfo_addr_t ai; 1127 1128 egetkaudit(&ai, sizeof (ai)); 1129 (void) str2type(t, &type); 1130 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 1131 ai.ai_termid.at_type = type; 1132 esetkaudit(&ai, sizeof (ai)); 1133} 1134 1135/* |
1146 * returns zone-relative root | 1136 * do_getcar() - print the zone-relative root |
1147 */ | 1137 */ |
1148 | |
1149static void 1150do_getcar(void) 1151{ 1152 char path[MAXPATHLEN]; 1153 1154 eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 1155 (void) printf(gettext("current active root = %s\n"), path); 1156} 1157 1158/* | 1138static void 1139do_getcar(void) 1140{ 1141 char path[MAXPATHLEN]; 1142 1143 eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 1144 (void) printf(gettext("current active root = %s\n"), path); 1145} 1146 1147/* |
1159 * The returned value is for the global zone unless AUDIT_PERZONE is 1160 * set. | 1148 * do_getclass() - print the preselection mask associated with the specified 1149 * kernel audit event. The displayed value is for the global zone unless 1150 * AUDIT_PERZONE is set. |
1161 */ | 1151 */ |
1162 | |
1163static void 1164do_getclass(char *event_str) 1165{ 1166 au_evclass_map_t ec; 1167 au_event_ent_t *evp; 1168 au_event_t event_number; 1169 char *event_name; 1170 --- 15 unchanged lines hidden (view full) --- 1186 ec.ec_number = event_number; 1187 eauditon(A_GETCLASS, (caddr_t)&ec, 0); 1188 1189 (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"), 1190 event_name, event_number, ec.ec_class); 1191} 1192 1193/* | 1152static void 1153do_getclass(char *event_str) 1154{ 1155 au_evclass_map_t ec; 1156 au_event_ent_t *evp; 1157 au_event_t event_number; 1158 char *event_name; 1159 --- 15 unchanged lines hidden (view full) --- 1175 ec.ec_number = event_number; 1176 eauditon(A_GETCLASS, (caddr_t)&ec, 0); 1177 1178 (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"), 1179 event_name, event_number, ec.ec_class); 1180} 1181 1182/* |
1194 * The returned value is for the global zone unless AUDIT_PERZONE is 1195 * set. (AUC_DISABLED is always global, the other states are per zone 1196 * if AUDIT_PERZONE is set) | 1183 * do_getcond() - the printed value is for the global zone unless 1184 * AUDIT_PERZONE is set. (AUC_DISABLED is always global, the other states are 1185 * per zone if AUDIT_PERZONE is set) |
1197 */ | 1186 */ |
1198 | |
1199static void 1200do_getcond(void) 1201{ 1202 (void) printf(gettext("audit condition = %s\n"), cond2str()); 1203} 1204 1205/* | 1187static void 1188do_getcond(void) 1189{ 1190 (void) printf(gettext("audit condition = %s\n"), cond2str()); 1191} 1192 1193/* |
1206 * returned path is relative to zone root | 1194 * do_getcwd() - the printed path is relative to the current zone root |
1207 */ | 1195 */ |
1208 | |
1209static void 1210do_getcwd(void) 1211{ 1212 char path[MAXPATHLEN]; 1213 1214 eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 1215 (void) printf(gettext("current working directory = %s\n"), path); 1216} 1217 1218/* | 1196static void 1197do_getcwd(void) 1198{ 1199 char path[MAXPATHLEN]; 1200 1201 eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 1202 (void) printf(gettext("current working directory = %s\n"), path); 1203} 1204 1205/* |
1219 * The returned value is for the global zone unless AUDIT_PERZONE is 1220 * set. | 1206 * do_getkmask() - the printed value is for the global zone unless AUDIT_PERZONE 1207 * is set. |
1221 */ | 1208 */ |
1222 | |
1223static void 1224do_getkmask(void) 1225{ 1226 au_mask_t pmask; 1227 1228 eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1229 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1230} 1231 1232/* | 1209static void 1210do_getkmask(void) 1211{ 1212 au_mask_t pmask; 1213 1214 eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1215 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1216} 1217 1218/* |
1233 * The returned value is for the global zone unless AUDIT_PERZONE is 1234 * set. (some policies can only be set from the global zone, but all 1235 * can be read from anywhere.) | 1219 * do_getpolicy() - print active and configured kernel audit policy relative to 1220 * the current zone. |
1236 */ | 1221 */ |
1237 | |
1238static void 1239do_getpolicy(void) 1240{ | 1222static void 1223do_getpolicy(void) 1224{ |
1241 char policy_str[1024]; 1242 uint_t policy; | 1225 char policy_str[1024]; 1226 uint32_t policy; |
1243 | 1227 |
1228 if (!temporary_set) { 1229 if (!do_getpolicy_scf(&policy)) { 1230 exit_error(gettext("Could not get configured values.")); 1231 } 1232 (void) policy2str(policy, policy_str, sizeof (policy_str)); 1233 (void) printf(gettext("configured audit policies = %s\n"), 1234 policy_str); 1235 } 1236 |
|
1244 eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 1245 (void) policy2str(policy, policy_str, sizeof (policy_str)); | 1237 eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 1238 (void) policy2str(policy, policy_str, sizeof (policy_str)); |
1246 (void) printf(gettext("audit policies = %s\n"), policy_str); | 1239 (void) printf(gettext("active audit policies = %s\n"), policy_str); |
1247} 1248 | 1240} 1241 |
1242 1243/* 1244 * do_getpinfo() - print the audit ID, preselection mask, terminal ID, and 1245 * audit session ID for the specified process. 1246 */ |
|
1249static void 1250do_getpinfo(char *pid_str) 1251{ 1252 struct auditpinfo_addr ap; 1253 1254 if (strisnum(pid_str)) 1255 ap.ap_pid = (pid_t)atoi(pid_str); 1256 else 1257 exit_usage(1); 1258 1259 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 1260 1261 print_auid(ap.ap_auid); 1262 print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 1263 print_tid_ex(&(ap.ap_termid)); 1264 print_asid(ap.ap_asid); 1265} 1266 1267/* | 1247static void 1248do_getpinfo(char *pid_str) 1249{ 1250 struct auditpinfo_addr ap; 1251 1252 if (strisnum(pid_str)) 1253 ap.ap_pid = (pid_t)atoi(pid_str); 1254 else 1255 exit_usage(1); 1256 1257 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 1258 1259 print_auid(ap.ap_auid); 1260 print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 1261 print_tid_ex(&(ap.ap_termid)); 1262 print_asid(ap.ap_asid); 1263} 1264 1265/* |
1268 * The returned value is for the global zone unless AUDIT_PERZONE is 1269 * set. | 1266 * do_getqbufsz() - print the active and configured audit queue write buffer 1267 * size relative to the current zone. |
1270 */ | 1268 */ |
1271 | |
1272static void 1273do_getqbufsz(void) 1274{ 1275 struct au_qctrl qctrl; 1276 | 1269static void 1270do_getqbufsz(void) 1271{ 1272 struct au_qctrl qctrl; 1273 |
1274 if (!temporary_set) { 1275 if (!do_getqbufsz_scf(&qctrl.aq_bufsz)) { 1276 exit_error(gettext("Could not get configured value.")); 1277 } 1278 1279 if (qctrl.aq_bufsz == 0) { 1280 (void) printf(gettext( 1281 "no configured audit queue buffer size\n")); 1282 } else { 1283 (void) printf(gettext("configured audit queue " 1284 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 1285 } 1286 } 1287 |
|
1277 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1288 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1278 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 1279 qctrl.aq_bufsz); | 1289 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"), 1290 qctrl.aq_bufsz); |
1280} 1281 1282/* | 1291} 1292 1293/* |
1283 * The returned value is for the global zone unless AUDIT_PERZONE is 1284 * set. | 1294 * do_getqctrl() - print the configured and active audit queue write buffer 1295 * size, audit queue hiwater mark, audit queue lowater mark, audit queue prod 1296 * interval (ticks) relative to the current zone. |
1285 */ | 1297 */ |
1286 | |
1287static void 1288do_getqctrl(void) 1289{ | 1298static void 1299do_getqctrl(void) 1300{ |
1290 struct au_qctrl qctrl; | 1301 struct au_qctrl qctrl; |
1291 | 1302 |
1303 if (!temporary_set) { 1304 if (!do_getqctrl_scf(&qctrl)) { 1305 exit_error(gettext("Could not get configured values.")); 1306 } 1307 1308 if (qctrl.aq_hiwater == 0) { 1309 (void) printf(gettext( 1310 "no configured audit queue hiwater mark\n")); 1311 } else { 1312 (void) printf(gettext("configured audit queue " 1313 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 1314 } 1315 if (qctrl.aq_lowater == 0) { 1316 (void) printf(gettext( 1317 "no configured audit queue lowater mark\n")); 1318 } else { 1319 (void) printf(gettext("configured audit queue " 1320 "lowater mark (records) = %d\n"), qctrl.aq_lowater); 1321 } 1322 if (qctrl.aq_bufsz == 0) { 1323 (void) printf(gettext( 1324 "no configured audit queue buffer size\n")); 1325 } else { 1326 (void) printf(gettext("configured audit queue " 1327 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 1328 } 1329 if (qctrl.aq_delay == 0) { 1330 (void) printf(gettext( 1331 "no configured audit queue delay\n")); 1332 } else { 1333 (void) printf(gettext("configured audit queue " 1334 "delay (ticks) = %ld\n"), qctrl.aq_delay); 1335 } 1336 } 1337 |
|
1292 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1338 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1293 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1294 qctrl.aq_hiwater); 1295 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1296 qctrl.aq_lowater); 1297 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), | 1339 (void) printf(gettext("active audit queue hiwater mark " 1340 "(records) = %d\n"), qctrl.aq_hiwater); 1341 (void) printf(gettext("active audit queue lowater mark " 1342 "(records) = %d\n"), qctrl.aq_lowater); 1343 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"), |
1298 qctrl.aq_bufsz); | 1344 qctrl.aq_bufsz); |
1299 (void) printf(gettext("audit queue delay (ticks) = %ld\n"), | 1345 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"), |
1300 qctrl.aq_delay); 1301} 1302 1303/* | 1346 qctrl.aq_delay); 1347} 1348 1349/* |
1304 * The returned value is for the global zone unless AUDIT_PERZONE is 1305 * set. | 1350 * do_getqdelay() - print, relative to the current zone, the configured and 1351 * active interval at which audit queue is prodded to start output. |
1306 */ | 1352 */ |
1307 | |
1308static void 1309do_getqdelay(void) 1310{ 1311 struct au_qctrl qctrl; 1312 | 1353static void 1354do_getqdelay(void) 1355{ 1356 struct au_qctrl qctrl; 1357 |
1358 if (!temporary_set) { 1359 if (!do_getqdelay_scf(&qctrl.aq_delay)) { 1360 exit_error(gettext("Could not get configured value.")); 1361 } 1362 1363 if (qctrl.aq_delay == 0) { 1364 (void) printf(gettext( 1365 "no configured audit queue delay\n")); 1366 } else { 1367 (void) printf(gettext("configured audit queue " 1368 "delay (ticks) = %ld\n"), qctrl.aq_delay); 1369 } 1370 } 1371 |
|
1313 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1372 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1314 (void) printf(gettext("audit queue delay (ticks) = %ld\n"), | 1373 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"), |
1315 qctrl.aq_delay); 1316} 1317 1318/* | 1374 qctrl.aq_delay); 1375} 1376 1377/* |
1319 * The returned value is for the global zone unless AUDIT_PERZONE is 1320 * set. | 1378 * do_getqhiwater() - print, relative to the current zone, the high water 1379 * point in undelivered audit records when audit generation will block. |
1321 */ | 1380 */ |
1322 | |
1323static void 1324do_getqhiwater(void) 1325{ 1326 struct au_qctrl qctrl; 1327 | 1381static void 1382do_getqhiwater(void) 1383{ 1384 struct au_qctrl qctrl; 1385 |
1386 if (!temporary_set) { 1387 if (!do_getqhiwater_scf(&qctrl.aq_hiwater)) { 1388 exit_error(gettext("Could not get configured value.")); 1389 } 1390 1391 if (qctrl.aq_hiwater == 0) { 1392 (void) printf(gettext( 1393 "no configured audit queue hiwater mark\n")); 1394 } else { 1395 (void) printf(gettext("configured audit queue " 1396 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 1397 } 1398 } 1399 |
|
1328 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1400 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1329 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1330 qctrl.aq_hiwater); | 1401 (void) printf(gettext("active audit queue hiwater mark " 1402 "(records) = %d\n"), qctrl.aq_hiwater); |
1331} 1332 1333/* | 1403} 1404 1405/* |
1334 * The returned value is for the global zone unless AUDIT_PERZONE is 1335 * set. | 1406 * do_getqlowater() - print, relative to the current zone, the low water point 1407 * in undelivered audit records where blocked processes will resume. |
1336 */ | 1408 */ |
1337 | |
1338static void 1339do_getqlowater(void) 1340{ 1341 struct au_qctrl qctrl; 1342 | 1409static void 1410do_getqlowater(void) 1411{ 1412 struct au_qctrl qctrl; 1413 |
1414 if (!temporary_set) { 1415 if (!do_getqlowater_scf(&qctrl.aq_lowater)) { 1416 exit_error(gettext("Could not get configured value.")); 1417 } 1418 1419 if (qctrl.aq_lowater == 0) { 1420 (void) printf(gettext( 1421 "no configured audit queue lowater mark\n")); 1422 } else { 1423 (void) printf(gettext("configured audit queue " 1424 "lowater mark (records) = %d\n"), qctrl.aq_lowater); 1425 } 1426 } 1427 |
|
1343 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1428 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1344 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1345 qctrl.aq_lowater); | 1429 (void) printf(gettext("active audit queue lowater mark " 1430 "(records) = %d\n"), qctrl.aq_lowater); |
1346} 1347 | 1431} 1432 |
1433/* 1434 * do_getasid() - print out the audit session-ID. 1435 */ |
|
1348static void 1349do_getasid(void) 1350{ 1351 auditinfo_addr_t ai; 1352 1353 if (getaudit_addr(&ai, sizeof (ai))) { 1354 exit_error(gettext("getaudit_addr(2) failed")); 1355 } 1356 print_asid(ai.ai_asid); 1357} 1358 1359/* | 1436static void 1437do_getasid(void) 1438{ 1439 auditinfo_addr_t ai; 1440 1441 if (getaudit_addr(&ai, sizeof (ai))) { 1442 exit_error(gettext("getaudit_addr(2) failed")); 1443 } 1444 print_asid(ai.ai_asid); 1445} 1446 1447/* |
1360 * The stats are for the entire system unless AUDIT_PERZONE is set. | 1448 * do_getstat() - the printed statistics are for the entire system unless 1449 * AUDIT_PERZONE is set. |
1361 */ | 1450 */ |
1362 | |
1363static void 1364do_getstat(void) 1365{ 1366 au_stat_t as; 1367 int offset[12]; /* used to line the header up correctly */ 1368 char buf[512]; 1369 1370 eauditon(A_GETSTAT, (caddr_t)&as, 0); --- 12 unchanged lines hidden (view full) --- 1383 (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1384 (ulong_t)as.as_memused / ONEK, &(offset[11])); 1385 1386 /* 1387 * TRANSLATION_NOTE 1388 * Print a properly aligned header. 1389 */ 1390 (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n", | 1451static void 1452do_getstat(void) 1453{ 1454 au_stat_t as; 1455 int offset[12]; /* used to line the header up correctly */ 1456 char buf[512]; 1457 1458 eauditon(A_GETSTAT, (caddr_t)&as, 0); --- 12 unchanged lines hidden (view full) --- 1471 (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1472 (ulong_t)as.as_memused / ONEK, &(offset[11])); 1473 1474 /* 1475 * TRANSLATION_NOTE 1476 * Print a properly aligned header. 1477 */ 1478 (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n", |
1391 offset[0] - 1, gettext("gen"), 1392 offset[1] - offset[0] -1, gettext("nona"), 1393 offset[2] - offset[1] -1, gettext("kern"), 1394 offset[3] - offset[2] -1, gettext("aud"), 1395 offset[4] - offset[3] -1, gettext("ctl"), 1396 offset[5] - offset[4] -1, gettext("enq"), 1397 offset[6] - offset[5] -1, gettext("wrtn"), 1398 offset[7] - offset[6] -1, gettext("wblk"), 1399 offset[8] - offset[7] -1, gettext("rblk"), 1400 offset[9] - offset[8] -1, gettext("drop"), 1401 offset[10] - offset[9] -1, gettext("tot"), 1402 offset[11] - offset[10], gettext("mem")); | 1479 offset[0] - 1, gettext("gen"), 1480 offset[1] - offset[0] -1, gettext("nona"), 1481 offset[2] - offset[1] -1, gettext("kern"), 1482 offset[3] - offset[2] -1, gettext("aud"), 1483 offset[4] - offset[3] -1, gettext("ctl"), 1484 offset[5] - offset[4] -1, gettext("enq"), 1485 offset[6] - offset[5] -1, gettext("wrtn"), 1486 offset[7] - offset[6] -1, gettext("wblk"), 1487 offset[8] - offset[7] -1, gettext("rblk"), 1488 offset[9] - offset[8] -1, gettext("drop"), 1489 offset[10] - offset[9] -1, gettext("tot"), 1490 offset[11] - offset[10], gettext("mem")); |
1403 1404 (void) printf("%s\n", buf); 1405} 1406 | 1491 1492 (void) printf("%s\n", buf); 1493} 1494 |
1495/* 1496 * do_gettermid() - print audit terminal ID for current process. 1497 */ |
|
1407static void 1408do_gettermid(void) 1409{ 1410 auditinfo_addr_t ai; 1411 1412 if (getaudit_addr(&ai, sizeof (ai))) { 1413 exit_error(gettext("getaudit_addr(2) failed")); 1414 } 1415 print_tid_ex(&ai.ai_termid); 1416} 1417 1418/* | 1498static void 1499do_gettermid(void) 1500{ 1501 auditinfo_addr_t ai; 1502 1503 if (getaudit_addr(&ai, sizeof (ai))) { 1504 exit_error(gettext("getaudit_addr(2) failed")); 1505 } 1506 print_tid_ex(&ai.ai_termid); 1507} 1508 1509/* |
1419 * The returned value is for the global zone unless AUDIT_PERZONE is 1420 * set. | 1510 * do_lsevent() - display the active kernel and user level audit event 1511 * information. The printed events are for the global zone unless AUDIT_PERZONE 1512 * is set. |
1421 */ | 1513 */ |
1422 | |
1423static void 1424do_lsevent(void) 1425{ 1426 register au_event_ent_t *evp; 1427 au_mask_t pmask; 1428 char auflags[256]; 1429 1430 setauevent(); 1431 if (getauevent() == NULL) { | 1514static void 1515do_lsevent(void) 1516{ 1517 register au_event_ent_t *evp; 1518 au_mask_t pmask; 1519 char auflags[256]; 1520 1521 setauevent(); 1522 if (getauevent() == NULL) { |
1432 (void) exit_error(gettext( 1433 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); | 1523 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 1524 AUDITEVENTFILE); |
1434 } 1435 1436 setauevent(); 1437 while ((evp = getauevent()) != NULL) { 1438 pmask.am_success = pmask.am_failure = evp->ae_class; 1439 if (getauditflagschar(auflags, &pmask, 0) == -1) 1440 (void) strcpy(auflags, "unknown"); 1441 (void) printf("%-30s %5hu %s %s\n", 1442 evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 1443 } 1444 endauevent(); 1445} 1446 1447/* | 1525 } 1526 1527 setauevent(); 1528 while ((evp = getauevent()) != NULL) { 1529 pmask.am_success = pmask.am_failure = evp->ae_class; 1530 if (getauditflagschar(auflags, &pmask, 0) == -1) 1531 (void) strcpy(auflags, "unknown"); 1532 (void) printf("%-30s %5hu %s %s\n", 1533 evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 1534 } 1535 endauevent(); 1536} 1537 1538/* |
1448 * The returned value is for the global zone unless AUDIT_PERZONE is 1449 * set. | 1539 * do_lspolicy() - display the kernel audit policies with a description of each 1540 * policy. The printed value is for the global zone unless AUDIT_PERZONE is set. |
1450 */ | 1541 */ |
1451 | |
1452static void 1453do_lspolicy(void) 1454{ 1455 int i; 1456 1457 /* 1458 * TRANSLATION_NOTE 1459 * Print a properly aligned header. 1460 */ 1461 (void) printf(gettext("policy string description:\n")); 1462 for (i = 0; i < POLICY_TBL_SZ; i++) { 1463 (void) printf("%-17s%s\n", policy_table[i].policy_str, 1464 gettext(policy_table[i].policy_desc)); 1465 } 1466} 1467 | 1542static void 1543do_lspolicy(void) 1544{ 1545 int i; 1546 1547 /* 1548 * TRANSLATION_NOTE 1549 * Print a properly aligned header. 1550 */ 1551 (void) printf(gettext("policy string description:\n")); 1552 for (i = 0; i < POLICY_TBL_SZ; i++) { 1553 (void) printf("%-17s%s\n", policy_table[i].policy_str, 1554 gettext(policy_table[i].policy_desc)); 1555 } 1556} 1557 |
1558/* 1559 * do_setasid() - execute shell or cmd with specified session-ID. 1560 */ |
|
1468static void 1469do_setasid(char *sid_str, char **argv) 1470{ 1471 struct auditinfo_addr ai; 1472 1473 if (getaudit_addr(&ai, sizeof (ai))) { 1474 exit_error(gettext("getaudit_addr(2) failed")); 1475 } 1476 ai.ai_asid = (au_asid_t)atol(sid_str); 1477 if (setaudit_addr(&ai, sizeof (ai))) { 1478 exit_error(gettext("setaudit_addr(2) failed")); 1479 } 1480 execit(argv); 1481} 1482 | 1561static void 1562do_setasid(char *sid_str, char **argv) 1563{ 1564 struct auditinfo_addr ai; 1565 1566 if (getaudit_addr(&ai, sizeof (ai))) { 1567 exit_error(gettext("getaudit_addr(2) failed")); 1568 } 1569 ai.ai_asid = (au_asid_t)atol(sid_str); 1570 if (setaudit_addr(&ai, sizeof (ai))) { 1571 exit_error(gettext("setaudit_addr(2) failed")); 1572 } 1573 execit(argv); 1574} 1575 |
1576/* 1577 * do_setaudit() - execute shell or cmd with specified audit characteristics. 1578 */ |
|
1483static void 1484do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str, 1485 char **argv) 1486{ 1487 auditinfo_addr_t ai; 1488 1489 ai.ai_auid = (au_id_t)get_user_id(user_str); 1490 str2mask(mask_str, &ai.ai_mask), | 1579static void 1580do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str, 1581 char **argv) 1582{ 1583 auditinfo_addr_t ai; 1584 1585 ai.ai_auid = (au_id_t)get_user_id(user_str); 1586 str2mask(mask_str, &ai.ai_mask), |
1491 str2tid(tid_str, &ai.ai_termid); | 1587 str2tid(tid_str, &ai.ai_termid); |
1492 ai.ai_asid = (au_asid_t)atol(sid_str); 1493 1494 esetaudit(&ai, sizeof (ai)); 1495 execit(argv); 1496} 1497 | 1588 ai.ai_asid = (au_asid_t)atol(sid_str); 1589 1590 esetaudit(&ai, sizeof (ai)); 1591 execit(argv); 1592} 1593 |
1594/* 1595 * do_setauid() - execute shell or cmd with specified audit-ID. 1596 */ |
|
1498static void 1499do_setauid(char *user, char **argv) 1500{ 1501 au_id_t auid; 1502 1503 auid = get_user_id(user); 1504 esetauid(&auid); 1505 execit(argv); 1506} 1507 | 1597static void 1598do_setauid(char *user, char **argv) 1599{ 1600 au_id_t auid; 1601 1602 auid = get_user_id(user); 1603 esetauid(&auid); 1604 execit(argv); 1605} 1606 |
1607/* 1608 * do_setpmask() - set the preselection mask of the specified process; valid 1609 * per zone if AUDIT_PERZONE is set, else only in global zone. 1610 */ |
|
1508static void 1509do_setpmask(char *pid_str, char *audit_flags) 1510{ 1511 struct auditpinfo ap; 1512 1513 if (strisnum(pid_str)) 1514 ap.ap_pid = (pid_t)atoi(pid_str); 1515 else 1516 exit_usage(1); 1517 1518 str2mask(audit_flags, &ap.ap_mask); 1519 1520 eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 1521} 1522 | 1611static void 1612do_setpmask(char *pid_str, char *audit_flags) 1613{ 1614 struct auditpinfo ap; 1615 1616 if (strisnum(pid_str)) 1617 ap.ap_pid = (pid_t)atoi(pid_str); 1618 else 1619 exit_usage(1); 1620 1621 str2mask(audit_flags, &ap.ap_mask); 1622 1623 eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 1624} 1625 |
1626/* 1627 * do_setsmask() - set the preselection mask of all processes with the specified 1628 * audit session-ID; valid per zone if AUDIT_PERZONE is set, else only in global 1629 * zone. 1630 */ |
|
1523static void 1524do_setsmask(char *asid_str, char *audit_flags) 1525{ 1526 struct auditinfo ainfo; 1527 1528 if (strisnum(asid_str)) 1529 ainfo.ai_asid = (au_asid_t)atoi(asid_str); 1530 else 1531 exit_usage(1); 1532 1533 str2mask(audit_flags, &ainfo.ai_mask); 1534 1535 eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1536} 1537 | 1631static void 1632do_setsmask(char *asid_str, char *audit_flags) 1633{ 1634 struct auditinfo ainfo; 1635 1636 if (strisnum(asid_str)) 1637 ainfo.ai_asid = (au_asid_t)atoi(asid_str); 1638 else 1639 exit_usage(1); 1640 1641 str2mask(audit_flags, &ainfo.ai_mask); 1642 1643 eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1644} 1645 |
1646/* 1647 * do_setumask() - set the preselection mask of all processes with the 1648 * specified audit-ID; valid per zone if AUDIT_PERZONE is set, else only in 1649 * global zone. 1650 */ |
|
1538static void 1539do_setumask(char *auid_str, char *audit_flags) 1540{ 1541 struct auditinfo ainfo; 1542 1543 if (strisnum(auid_str)) 1544 ainfo.ai_auid = (au_id_t)atoi(auid_str); 1545 else 1546 exit_usage(1); 1547 1548 str2mask(audit_flags, &ainfo.ai_mask); 1549 1550 eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1551} 1552 1553/* | 1651static void 1652do_setumask(char *auid_str, char *audit_flags) 1653{ 1654 struct auditinfo ainfo; 1655 1656 if (strisnum(auid_str)) 1657 ainfo.ai_auid = (au_id_t)atoi(auid_str); 1658 else 1659 exit_usage(1); 1660 1661 str2mask(audit_flags, &ainfo.ai_mask); 1662 1663 eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1664} 1665 1666/* |
1554 * local zone use is valid if AUDIT_PERZONE is set, otherwise the 1555 * syscall returns EPERM. | 1667 * do_setstat() - reset audit statistics counters; local zone use is valid if 1668 * AUDIT_PERZONE is set, otherwise the syscall returns EPERM. |
1556 */ | 1669 */ |
1557 | |
1558static void 1559do_setstat(void) 1560{ 1561 au_stat_t as; 1562 1563 as.as_audit = (uint_t)-1; 1564 as.as_auditctl = (uint_t)-1; 1565 as.as_dropped = (uint_t)-1; --- 6 unchanged lines hidden (view full) --- 1572 as.as_wblocked = (uint_t)-1; 1573 as.as_written = (uint_t)-1; 1574 1575 eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1576 (void) printf("%s\n", gettext("audit stats reset")); 1577} 1578 1579/* | 1670static void 1671do_setstat(void) 1672{ 1673 au_stat_t as; 1674 1675 as.as_audit = (uint_t)-1; 1676 as.as_auditctl = (uint_t)-1; 1677 as.as_dropped = (uint_t)-1; --- 6 unchanged lines hidden (view full) --- 1684 as.as_wblocked = (uint_t)-1; 1685 as.as_written = (uint_t)-1; 1686 1687 eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1688 (void) printf("%s\n", gettext("audit stats reset")); 1689} 1690 1691/* |
1580 * AUDIT_PERZONE set: valid in all zones 1581 * AUDIT_PERZONE not set: valid in global zone only | 1692 * do_setclass() - map the kernel event event_str to the classes specified by 1693 * audit flags audit_flags; valid per zone if AUDIT_PERZONE is set, else only in 1694 * global zone. |
1582 */ | 1695 */ |
1583 | |
1584static void 1585do_setclass(char *event_str, char *audit_flags) 1586{ 1587 au_event_t event; 1588 int mask; 1589 au_mask_t pmask; 1590 au_evclass_map_t ec; 1591 au_event_ent_t *evp; --- 13 unchanged lines hidden (view full) --- 1605 } 1606 1607 ec.ec_number = event; 1608 ec.ec_class = mask; 1609 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 1610} 1611 1612/* | 1696static void 1697do_setclass(char *event_str, char *audit_flags) 1698{ 1699 au_event_t event; 1700 int mask; 1701 au_mask_t pmask; 1702 au_evclass_map_t ec; 1703 au_event_ent_t *evp; --- 13 unchanged lines hidden (view full) --- 1717 } 1718 1719 ec.ec_number = event; 1720 ec.ec_class = mask; 1721 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 1722} 1723 1724/* |
1613 * AUDIT_PERZONE set: valid in all zones 1614 * AUDIT_PERZONE not set: valid in global zone only | 1725 * do_setkmask() - set non-attributes selection flags of machine; valid per zone 1726 * if AUDIT_PERZONE is set, else only in global zone. |
1615 */ | 1727 */ |
1616 | |
1617static void 1618do_setkmask(char *audit_flags) 1619{ 1620 au_mask_t pmask; 1621 1622 str2mask(audit_flags, &pmask); 1623 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1624 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1625} 1626 1627/* | 1728static void 1729do_setkmask(char *audit_flags) 1730{ 1731 au_mask_t pmask; 1732 1733 str2mask(audit_flags, &pmask); 1734 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1735 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1736} 1737 1738/* |
1628 * ahlt and perzone are global zone only; the other policies are valid 1629 * in a local zone if AUDIT_PERZONE is set. The kernel insures that 1630 * a local zone can't change ahlt and perzone (EINVAL). | 1739 * do_setpolicy() - set the active and configured kernel audit policy; active 1740 * values can be changed per zone if AUDIT_PERZONE is set, else only in global 1741 * zone. 1742 * 1743 * ahlt and perzone are global zone only. The kernel ensures that a local zone 1744 * can't change ahlt and perzone (EINVAL). |
1631 */ | 1745 */ |
1632 | |
1633static void 1634do_setpolicy(char *policy_str) 1635{ | 1746static void 1747do_setpolicy(char *policy_str) 1748{ |
1636 uint_t policy; | 1749 uint32_t policy = 0; |
1637 1638 switch (str2policy(policy_str, &policy)) { | 1750 1751 switch (str2policy(policy_str, &policy)) { |
1752 case 0: 1753 if (!temporary_set) { 1754 if (!do_getpolicy_scf(&policy)) { 1755 exit_error(gettext("Unable to get current " 1756 "policy values from the SMF repository")); 1757 } 1758 (void) str2policy(policy_str, &policy); 1759 1760 if (!do_setpolicy_scf(policy)) { 1761 exit_error(gettext("Could not store " 1762 "configuration values.")); 1763 } 1764 } 1765 eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 1766 break; |
|
1639 case 2: | 1767 case 2: |
1640 exit_error(gettext( 1641 "policy (%s) invalid in a local zone."), 1642 policy_str); | 1768 exit_error(gettext("policy (%s) invalid in a local zone."), 1769 policy_str); |
1643 break; 1644 default: | 1770 break; 1771 default: |
1645 exit_error(gettext( 1646 "Invalid policy (%s) specified."), | 1772 exit_error(gettext("Invalid policy (%s) specified."), |
1647 policy_str); 1648 break; | 1773 policy_str); 1774 break; |
1649 case 0: 1650 eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 1651 break; | |
1652 } 1653} 1654 1655/* | 1775 } 1776} 1777 1778/* |
1656 * AUDIT_PERZONE set: valid in all zones 1657 * AUDIT_PERZONE not set: valid in global zone only | 1779 * do_setqbufsz() - set the active and configured audit queue write buffer size 1780 * (bytes); active values can be changed per zone if AUDIT_PERZONE is set, else 1781 * only in global zone. |
1658 */ | 1782 */ |
1659 | |
1660static void 1661do_setqbufsz(char *bufsz) 1662{ 1663 struct au_qctrl qctrl; 1664 | 1783static void 1784do_setqbufsz(char *bufsz) 1785{ 1786 struct au_qctrl qctrl; 1787 |
1788 if (!temporary_set) { 1789 qctrl.aq_bufsz = (size_t)atol(bufsz); 1790 if (!do_setqbufsz_scf(&qctrl.aq_bufsz)) { 1791 exit_error(gettext( 1792 "Could not store configuration value.")); 1793 } 1794 } 1795 |
|
1665 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1796 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1666 qctrl.aq_bufsz = atol(bufsz); | 1797 qctrl.aq_bufsz = (size_t)atol(bufsz); |
1667 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1668} 1669 1670/* | 1798 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1799} 1800 1801/* |
1671 * AUDIT_PERZONE set: valid in all zones 1672 * AUDIT_PERZONE not set: valid in global zone only | 1802 * do_setqctrl() - set the active and configured audit queue write buffer size 1803 * (bytes), hiwater audit record count, lowater audit record count, and wakeup 1804 * interval (ticks); active values can be changed per zone if AUDIT_PERZONE is 1805 * set, else only in global zone. |
1673 */ | 1806 */ |
1674 | |
1675static void 1676do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay) 1677{ | 1807static void 1808do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay) 1809{ |
1678 struct au_qctrl qctrl; | 1810 struct au_qctrl qctrl; |
1679 | 1811 |
1680 qctrl.aq_hiwater = atol(hiwater); 1681 qctrl.aq_lowater = atol(lowater); 1682 qctrl.aq_bufsz = atol(bufsz); 1683 qctrl.aq_delay = atol(delay); | 1812 qctrl.aq_hiwater = (size_t)atol(hiwater); 1813 qctrl.aq_lowater = (size_t)atol(lowater); 1814 qctrl.aq_bufsz = (size_t)atol(bufsz); 1815 qctrl.aq_delay = (clock_t)atol(delay); 1816 1817 if (!temporary_set) { 1818 if (!do_setqctrl_scf(&qctrl)) { 1819 exit_error(gettext( 1820 "Could not store configuration values.")); 1821 } 1822 } 1823 |
1684 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1685} 1686 1687/* | 1824 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1825} 1826 1827/* |
1688 * AUDIT_PERZONE set: valid in all zones 1689 * AUDIT_PERZONE not set: valid in global zone only | 1828 * do_setqdelay() - set the active and configured audit queue wakeup interval 1829 * (ticks); active values can be changed per zone if AUDIT_PERZONE is set, else 1830 * only in global zone. |
1690 */ | 1831 */ |
1691 | |
1692static void 1693do_setqdelay(char *delay) 1694{ 1695 struct au_qctrl qctrl; 1696 | 1832static void 1833do_setqdelay(char *delay) 1834{ 1835 struct au_qctrl qctrl; 1836 |
1837 if (!temporary_set) { 1838 qctrl.aq_delay = (clock_t)atol(delay); 1839 if (!do_setqdelay_scf(&qctrl.aq_delay)) { 1840 exit_error(gettext( 1841 "Could not store configuration value.")); 1842 } 1843 } 1844 |
|
1697 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1845 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1698 qctrl.aq_delay = atol(delay); | 1846 qctrl.aq_delay = (clock_t)atol(delay); |
1699 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1700} 1701 1702/* | 1847 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1848} 1849 1850/* |
1703 * AUDIT_PERZONE set: valid in all zones 1704 * AUDIT_PERZONE not set: valid in global zone only | 1851 * do_setqhiwater() - sets the active and configured number of undelivered audit 1852 * records in the audit queue at which audit record generation blocks; active 1853 * values can be changed per zone if AUDIT_PERZONE is set, else only in global 1854 * zone. |
1705 */ | 1855 */ |
1706 | |
1707static void 1708do_setqhiwater(char *hiwater) 1709{ 1710 struct au_qctrl qctrl; 1711 | 1856static void 1857do_setqhiwater(char *hiwater) 1858{ 1859 struct au_qctrl qctrl; 1860 |
1861 if (!temporary_set) { 1862 qctrl.aq_hiwater = (size_t)atol(hiwater); 1863 if (!do_setqhiwater_scf(&qctrl.aq_hiwater)) { 1864 exit_error(gettext( 1865 "Could not store configuration value.")); 1866 } 1867 } 1868 |
|
1712 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1869 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1713 qctrl.aq_hiwater = atol(hiwater); | 1870 qctrl.aq_hiwater = (size_t)atol(hiwater); |
1714 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1715} 1716 1717/* | 1871 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1872} 1873 1874/* |
1718 * AUDIT_PERZONE set: valid in all zones 1719 * AUDIT_PERZONE not set: valid in global zone only | 1875 * do_setqlowater() - set the active and configured number of undelivered audit 1876 * records in the audit queue at which blocked auditing processes unblock; 1877 * active values can be changed per zone if AUDIT_PERZONE is set, else only in 1878 * global zone. |
1720 */ | 1879 */ |
1721 | |
1722static void 1723do_setqlowater(char *lowater) 1724{ 1725 struct au_qctrl qctrl; 1726 | 1880static void 1881do_setqlowater(char *lowater) 1882{ 1883 struct au_qctrl qctrl; 1884 |
1885 if (!temporary_set) { 1886 qctrl.aq_lowater = (size_t)atol(lowater); 1887 if (!do_setqlowater_scf(&qctrl.aq_lowater)) { 1888 exit_error(gettext( 1889 "Could not store configuration value.")); 1890 } 1891 } 1892 |
|
1727 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); | 1893 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); |
1728 qctrl.aq_lowater = atol(lowater); | 1894 qctrl.aq_lowater = (size_t)atol(lowater); |
1729 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1730} 1731 1732static void 1733eauditon(int cmd, caddr_t data, int length) 1734{ 1735 if (auditon(cmd, data, length) == -1) 1736 exit_error(gettext("auditon(2) failed.")); --- 97 unchanged lines hidden (view full) --- 1834 } 1835 1836 return (pwd->pw_uid); 1837} 1838 1839/* 1840 * get_arg_ent() 1841 * Inputs: command line argument string | 1895 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1896} 1897 1898static void 1899eauditon(int cmd, caddr_t data, int length) 1900{ 1901 if (auditon(cmd, data, length) == -1) 1902 exit_error(gettext("auditon(2) failed.")); --- 97 unchanged lines hidden (view full) --- 2000 } 2001 2002 return (pwd->pw_uid); 2003} 2004 2005/* 2006 * get_arg_ent() 2007 * Inputs: command line argument string |
1842 * Returns ptr to policy_entry if found; null, if not found | 2008 * Returns ptr to struct arg_entry if found; null, if not found |
1843 */ | 2009 */ |
1844static struct arg_entry * | 2010static arg_entry_t * |
1845get_arg_ent(char *arg_str) 1846{ | 2011get_arg_ent(char *arg_str) 2012{ |
1847 struct arg_entry key; | 2013 arg_entry_t key; |
1848 1849 key.arg_str = arg_str; 1850 | 2014 2015 key.arg_str = arg_str; 2016 |
1851 return ((struct arg_entry *)bsearch((char *)&key, (char *)arg_table, 1852 ARG_TBL_SZ, sizeof (struct arg_entry), arg_ent_compare)); | 2017 return ((arg_entry_t *)bsearch((char *)&key, (char *)arg_table, 2018 ARG_TBL_SZ, sizeof (arg_entry_t), arg_ent_compare)); |
1853} 1854 1855/* 1856 * arg_ent_compare() 1857 * Compares two command line arguments to determine which is 1858 * lexicographically greater. 1859 * Inputs: two argument map table entry pointers 1860 * Returns: > 1: aep1->arg_str > aep2->arg_str 1861 * < 1: aep1->arg_str < aep2->arg_str 1862 * 0: aep1->arg_str = aep->arg_str2 1863 */ 1864static int 1865arg_ent_compare(const void *aep1, const void *aep2) 1866{ | 2019} 2020 2021/* 2022 * arg_ent_compare() 2023 * Compares two command line arguments to determine which is 2024 * lexicographically greater. 2025 * Inputs: two argument map table entry pointers 2026 * Returns: > 1: aep1->arg_str > aep2->arg_str 2027 * < 1: aep1->arg_str < aep2->arg_str 2028 * 0: aep1->arg_str = aep->arg_str2 2029 */ 2030static int 2031arg_ent_compare(const void *aep1, const void *aep2) 2032{ |
1867 return (strcmp(((struct arg_entry *)aep1)->arg_str, 1868 ((struct arg_entry *)aep2)->arg_str)); | 2033 return (strcmp(((arg_entry_t *)aep1)->arg_str, 2034 ((arg_entry_t *)aep2)->arg_str)); |
1869} 1870 1871/* 1872 * Convert mask of the following forms: 1873 * 1874 * audit_flags (ie. +lo,-ad,pc) 1875 * 0xffffffff,0xffffffff 1876 * ffffffff,ffffffff --- 30 unchanged lines hidden (view full) --- 1907 (void) sscanf(fp, "%u", &mp->am_failure); 1908 } 1909 } 1910} 1911 1912/* 1913 * tid_str is major,minor,host -- host is a name or an ip address 1914 */ | 2035} 2036 2037/* 2038 * Convert mask of the following forms: 2039 * 2040 * audit_flags (ie. +lo,-ad,pc) 2041 * 0xffffffff,0xffffffff 2042 * ffffffff,ffffffff --- 30 unchanged lines hidden (view full) --- 2073 (void) sscanf(fp, "%u", &mp->am_failure); 2074 } 2075 } 2076} 2077 2078/* 2079 * tid_str is major,minor,host -- host is a name or an ip address 2080 */ |
1915 | |
1916static void 1917str2tid(char *tid_str, au_tid_addr_t *tp) 1918{ 1919 char *major_str; 1920 char *minor_str; 1921 char *host_str = NULL; 1922 major_t major = 0; 1923 major_t minor = 0; --- 89 unchanged lines hidden (view full) --- 2013 case AUC_NOSPACE: 2014 return ("nospace"); 2015 2016 default: 2017 return (""); 2018 } 2019} 2020 | 2081static void 2082str2tid(char *tid_str, au_tid_addr_t *tp) 2083{ 2084 char *major_str; 2085 char *minor_str; 2086 char *host_str = NULL; 2087 major_t major = 0; 2088 major_t minor = 0; --- 89 unchanged lines hidden (view full) --- 2178 case AUC_NOSPACE: 2179 return ("nospace"); 2180 2181 default: 2182 return (""); 2183 } 2184} 2185 |
2021static struct policy_entry * 2022get_policy_ent(char *policy) 2023{ 2024 int i; 2025 2026 for (i = 0; i < POLICY_TBL_SZ; i++) { 2027 if (strcasecmp(policy, 2028 policy_table[i].policy_str) == 0) { 2029 return (&policy_table[i]); 2030 } 2031 } 2032 2033 return (NULL); 2034} 2035 | |
2036/* 2037 * exit = 0, success 2038 * 1, error 2039 * 2, bad zone 2040 */ | 2186/* 2187 * exit = 0, success 2188 * 1, error 2189 * 2, bad zone 2190 */ |
2041 | |
2042static int | 2191static int |
2043str2policy(char *policy_str, uint_t *policy_mask) | 2192str2policy(char *policy_str, uint32_t *policy_mask) |
2044{ 2045 char *buf; 2046 char *tok; 2047 char pfix; | 2193{ 2194 char *buf; 2195 char *tok; 2196 char pfix; |
2048 boolean_t is_all = 0; 2049 uint_t pm = 0; 2050 uint_t curp = 0; 2051 struct policy_entry *pep; | 2197 boolean_t is_all = B_FALSE; 2198 uint32_t pm = 0; 2199 uint32_t curp; |
2052 2053 pfix = *policy_str; 2054 2055 if (pfix == '-' || pfix == '+' || pfix == '=') 2056 ++policy_str; 2057 2058 if ((buf = strdup(policy_str)) == NULL) 2059 return (1); 2060 2061 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) { | 2200 2201 pfix = *policy_str; 2202 2203 if (pfix == '-' || pfix == '+' || pfix == '=') 2204 ++policy_str; 2205 2206 if ((buf = strdup(policy_str)) == NULL) 2207 return (1); 2208 2209 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) { |
2062 if ((pep = get_policy_ent(tok)) == NULL) { | 2210 uint32_t tok_pm; 2211 if (((tok_pm = get_policy(tok)) == 0) && 2212 ((strcasecmp(tok, "none") != 0))) { 2213 free(buf); |
2063 return (1); 2064 } else { | 2214 return (1); 2215 } else { |
2065 pm |= pep->policy_mask; 2066 if (pep->policy_mask == ALL_POLICIES) { 2067 is_all = 1; | 2216 pm |= tok_pm; 2217 if (tok_pm == ALL_POLICIES) { 2218 is_all = B_TRUE; |
2068 } 2069 } 2070 } 2071 free(buf); 2072 | 2219 } 2220 } 2221 } 2222 free(buf); 2223 |
2224 /* reuse policy mask if already set to some value */ 2225 if (*policy_mask != 0) { 2226 curp = *policy_mask; 2227 } else { 2228 (void) auditon(A_GETPOLICY, (caddr_t)&curp, 0); 2229 } 2230 |
|
2073 if (pfix == '-') { 2074 if (!is_all && 2075 (getzoneid() != GLOBAL_ZONEID) && 2076 (pm & ~AUDIT_LOCAL)) { 2077 return (2); 2078 } | 2231 if (pfix == '-') { 2232 if (!is_all && 2233 (getzoneid() != GLOBAL_ZONEID) && 2234 (pm & ~AUDIT_LOCAL)) { 2235 return (2); 2236 } |
2079 eauditon(A_GETPOLICY, (caddr_t)&curp, 0); | 2237 |
2080 if (getzoneid() != GLOBAL_ZONEID) 2081 curp &= AUDIT_LOCAL; 2082 *policy_mask = curp & ~pm; | 2238 if (getzoneid() != GLOBAL_ZONEID) 2239 curp &= AUDIT_LOCAL; 2240 *policy_mask = curp & ~pm; |
2241 |
|
2083 } else if (pfix == '+') { 2084 /* 2085 * In a local zone, accept specifying "all", but not 2086 * individually specifying global-zone only policies. 2087 * Limit to all locally allowed, so system call doesn't 2088 * fail. 2089 */ 2090 if (!is_all && 2091 (getzoneid() != GLOBAL_ZONEID) && 2092 (pm & ~AUDIT_LOCAL)) { 2093 return (2); 2094 } | 2242 } else if (pfix == '+') { 2243 /* 2244 * In a local zone, accept specifying "all", but not 2245 * individually specifying global-zone only policies. 2246 * Limit to all locally allowed, so system call doesn't 2247 * fail. 2248 */ 2249 if (!is_all && 2250 (getzoneid() != GLOBAL_ZONEID) && 2251 (pm & ~AUDIT_LOCAL)) { 2252 return (2); 2253 } |
2095 eauditon(A_GETPOLICY, (caddr_t)&curp, 0); | 2254 |
2096 if (getzoneid() != GLOBAL_ZONEID) { 2097 curp &= AUDIT_LOCAL; 2098 if (is_all) { 2099 pm &= AUDIT_LOCAL; 2100 } 2101 } 2102 *policy_mask = curp | pm; | 2255 if (getzoneid() != GLOBAL_ZONEID) { 2256 curp &= AUDIT_LOCAL; 2257 if (is_all) { 2258 pm &= AUDIT_LOCAL; 2259 } 2260 } 2261 *policy_mask = curp | pm; |
2262 |
|
2103 } else { | 2263 } else { |
2264 /* 2265 * In a local zone, accept specifying "all", but not 2266 * individually specifying global-zone only policies. 2267 * Limit to all locally allowed, so system call doesn't 2268 * fail. 2269 */ 2270 if (!is_all && 2271 (getzoneid() != GLOBAL_ZONEID) && 2272 (pm & ~AUDIT_LOCAL)) { 2273 return (2); 2274 } 2275 |
|
2104 if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 2105 pm &= AUDIT_LOCAL; 2106 } 2107 *policy_mask = pm; 2108 } 2109 return (0); 2110} 2111 2112static int | 2276 if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 2277 pm &= AUDIT_LOCAL; 2278 } 2279 *policy_mask = pm; 2280 } 2281 return (0); 2282} 2283 2284static int |
2113policy2str(uint_t policy, char *policy_str, size_t len) | 2285policy2str(uint32_t policy, char *policy_str, size_t len) |
2114{ 2115 int i, j; 2116 2117 if (policy == ALL_POLICIES) { 2118 (void) strcpy(policy_str, "all"); 2119 return (1); 2120 } 2121 --- 102 unchanged lines hidden (view full) --- 2224chk_event_num(int etype, au_event_t event) 2225{ 2226 au_stat_t as; 2227 2228 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2229 2230 if (etype == AC_KERN_EVENT) { 2231 if (event > as.as_numevent) { | 2286{ 2287 int i, j; 2288 2289 if (policy == ALL_POLICIES) { 2290 (void) strcpy(policy_str, "all"); 2291 return (1); 2292 } 2293 --- 102 unchanged lines hidden (view full) --- 2396chk_event_num(int etype, au_event_t event) 2397{ 2398 au_stat_t as; 2399 2400 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2401 2402 if (etype == AC_KERN_EVENT) { 2403 if (event > as.as_numevent) { |
2232 exit_error(gettext("Invalid kernel audit event " 2233 "number specified.\n" | 2404 exit_error(gettext( 2405 "Invalid kernel audit event number specified.\n" |
2234 "\t%hu is outside allowable range 0-%d."), 2235 event, as.as_numevent); 2236 } 2237 } else { 2238 /* user event */ 2239 if (event <= as.as_numevent) { 2240 exit_error(gettext("Invalid user level audit event " 2241 "number specified %hu."), event); --- 6 unchanged lines hidden (view full) --- 2248{ 2249 au_event_ent_t *evp; 2250 au_stat_t as; 2251 2252 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2253 2254 evp = egetauevnam(event_str); 2255 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) { | 2406 "\t%hu is outside allowable range 0-%d."), 2407 event, as.as_numevent); 2408 } 2409 } else { 2410 /* user event */ 2411 if (event <= as.as_numevent) { 2412 exit_error(gettext("Invalid user level audit event " 2413 "number specified %hu."), event); --- 6 unchanged lines hidden (view full) --- 2420{ 2421 au_event_ent_t *evp; 2422 au_stat_t as; 2423 2424 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2425 2426 evp = egetauevnam(event_str); 2427 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) { |
2256 exit_error( 2257 gettext("Invalid kernel audit event string specified.\n" | 2428 exit_error(gettext( 2429 "Invalid kernel audit event string specified.\n" |
2258 "\t\"%s\" appears to be a user level event. " 2259 "Check configuration."), event_str); 2260 } else if (etype == AC_USER_EVENT && 2261 (evp->ae_number < as.as_numevent)) { | 2430 "\t\"%s\" appears to be a user level event. " 2431 "Check configuration."), event_str); 2432 } else if (etype == AC_USER_EVENT && 2433 (evp->ae_number < as.as_numevent)) { |
2262 exit_error( 2263 gettext("Invalid user audit event string specified.\n" | 2434 exit_error(gettext( 2435 "Invalid user audit event string specified.\n" |
2264 "\t\"%s\" appears to be a kernel event. " 2265 "Check configuration."), event_str); 2266 } 2267} 2268 2269static void 2270chk_sorf(char *sorf_str) 2271{ --- 18 unchanged lines hidden (view full) --- 2290 2291 if (*argv) { 2292 /* concatenate argument array to be passed to sh -c "..." */ 2293 for (argv_pos = argv; *argv_pos; argv_pos++) 2294 len += strlen(*argv_pos) + 1; 2295 2296 if ((args = malloc(len + 1)) == NULL) 2297 exit_error( | 2436 "\t\"%s\" appears to be a kernel event. " 2437 "Check configuration."), event_str); 2438 } 2439} 2440 2441static void 2442chk_sorf(char *sorf_str) 2443{ --- 18 unchanged lines hidden (view full) --- 2462 2463 if (*argv) { 2464 /* concatenate argument array to be passed to sh -c "..." */ 2465 for (argv_pos = argv; *argv_pos; argv_pos++) 2466 len += strlen(*argv_pos) + 1; 2467 2468 if ((args = malloc(len + 1)) == NULL) 2469 exit_error( |
2298 gettext("Allocation for command/arguments " 2299 "failed")); | 2470 gettext("Allocation for command/arguments failed")); |
2300 2301 args_pos = args; 2302 for (argv_pos = argv; *argv_pos; argv_pos++) { 2303 n += snprintf(args_pos, len - n, "%s ", *argv_pos); 2304 args_pos = args + n; 2305 } 2306 /* strip the last space */ 2307 args[strlen(args)] = '\0'; 2308 2309 (void) execl("/bin/sh", "sh", "-c", args, NULL); 2310 } else { 2311 (void) execl("/bin/sh", "sh", NULL); 2312 } 2313 2314 exit_error(gettext("exec(2) failed")); 2315} 2316 | 2471 2472 args_pos = args; 2473 for (argv_pos = argv; *argv_pos; argv_pos++) { 2474 n += snprintf(args_pos, len - n, "%s ", *argv_pos); 2475 args_pos = args + n; 2476 } 2477 /* strip the last space */ 2478 args[strlen(args)] = '\0'; 2479 2480 (void) execl("/bin/sh", "sh", "-c", args, NULL); 2481 } else { 2482 (void) execl("/bin/sh", "sh", NULL); 2483 } 2484 2485 exit_error(gettext("exec(2) failed")); 2486} 2487 |
2317/* 2318 * exit_error() 2319 * Desc: Prints an error message along with corresponding system 2320 * error number and error message, then exits. 2321 * Inputs: Program name, program error message. 2322 */ 2323/*PRINTFLIKE1*/ | |
2324static void | 2488static void |
2325exit_error(char *fmt, ...) 2326{ 2327 va_list args; 2328 2329 (void) fprintf(stderr, "%s: ", progname); 2330 2331 va_start(args, fmt); 2332 (void) vfprintf(stderr, fmt, args); 2333 va_end(args); 2334 2335 (void) fputc('\n', stderr); 2336 if (errno) 2337 (void) fprintf(stderr, gettext("%s: error = %s(%d)\n"), 2338 progname, strerror(errno), errno); 2339 (void) fflush(stderr); 2340 2341 exit(1); 2342} 2343 2344static void | |
2345exit_usage(int status) 2346{ 2347 FILE *fp; 2348 int i; 2349 2350 fp = (status ? stderr : stdout); 2351 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 2352 | 2489exit_usage(int status) 2490{ 2491 FILE *fp; 2492 int i; 2493 2494 fp = (status ? stderr : stdout); 2495 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 2496 |
2353 for (i = 0; i < ARG_TBL_SZ; i++) 2354 (void) fprintf(fp, " %s %s\n", 2355 arg_table[i].arg_str, arg_table[i].arg_opts); | 2497 for (i = 0; i < ARG_TBL_SZ; i++) { 2498 /* skip the -t option; it's not a standalone option */ 2499 if (arg_table[i].auditconfig_cmd == AC_ARG_SET_TEMPORARY) { 2500 continue; 2501 } |
2356 | 2502 |
2503 (void) fprintf(fp, " %s%s%s\n", 2504 arg_table[i].arg_str, arg_table[i].arg_opts, 2505 (arg_table[i].temporary_allowed ? " [-t]" : "")); 2506 } 2507 |
|
2357 exit(status); 2358} 2359 2360static void 2361print_asid(au_asid_t asid) 2362{ 2363 (void) printf(gettext("audit session id = %u\n"), asid); 2364} --- 43 unchanged lines hidden (view full) --- 2408 hostname = phe->h_name; 2409 } else { 2410 hostname = gettext("unknown"); 2411 } 2412 2413 ia.s_addr = tidp->at_addr[0]; 2414 2415 (void) printf(gettext( | 2508 exit(status); 2509} 2510 2511static void 2512print_asid(au_asid_t asid) 2513{ 2514 (void) printf(gettext("audit session id = %u\n"), asid); 2515} --- 43 unchanged lines hidden (view full) --- 2559 hostname = phe->h_name; 2560 } else { 2561 hostname = gettext("unknown"); 2562 } 2563 2564 ia.s_addr = tidp->at_addr[0]; 2565 2566 (void) printf(gettext( |
2416 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), | 2567 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"), |
2417 major(tidp->at_port), minor(tidp->at_port), 2418 hostname, inet_ntoa(ia)); 2419 } else { 2420 addr = &tidp->at_addr[0]; 2421 phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err); 2422 2423 bzero(buf, sizeof (buf)); 2424 2425 (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf)); 2426 if (phe == NULL) { 2427 bufp = gettext("unknown"); 2428 } else { 2429 bufp = phe->h_name; 2430 } 2431 2432 (void) printf(gettext( | 2568 major(tidp->at_port), minor(tidp->at_port), 2569 hostname, inet_ntoa(ia)); 2570 } else { 2571 addr = &tidp->at_addr[0]; 2572 phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err); 2573 2574 bzero(buf, sizeof (buf)); 2575 2576 (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf)); 2577 if (phe == NULL) { 2578 bufp = gettext("unknown"); 2579 } else { 2580 bufp = phe->h_name; 2581 } 2582 2583 (void) printf(gettext( |
2433 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), | 2584 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"), |
2434 major(tidp->at_port), minor(tidp->at_port), 2435 bufp, buf); 2436 if (phe) { 2437 freehostent(phe); 2438 } 2439 } 2440} 2441 --- 50 unchanged lines hidden (view full) --- 2492 } 2493 if (strcmp(s, "ipv4") == 0) { 2494 *type = AU_IPv4; 2495 return (0); 2496 } 2497 2498 return (1); 2499} | 2585 major(tidp->at_port), minor(tidp->at_port), 2586 bufp, buf); 2587 if (phe) { 2588 freehostent(phe); 2589 } 2590 } 2591} 2592 --- 50 unchanged lines hidden (view full) --- 2643 } 2644 if (strcmp(s, "ipv4") == 0) { 2645 *type = AU_IPv4; 2646 return (0); 2647 } 2648 2649 return (1); 2650} |
2651 2652/* 2653 * exit_error() - print an error message along with corresponding system error 2654 * number and error message, then exit. Inputs - program error format and 2655 * message. 2656 */ 2657/*PRINTFLIKE1*/ 2658static void 2659exit_error(char *fmt, ...) 2660{ 2661 va_list args; 2662 2663 va_start(args, fmt); 2664 prt_error_va(fmt, args); 2665 va_end(args); 2666 2667 exit(1); 2668} |
|