auditconfig.c - OpenGrok cross reference for /illumos-gate/usr/src/cmd/auditconfig/auditconfig.c

Deleted Added

sdiffudifftextold (8780f632..)new (8523fda3..)

auditconfig.c (8780f632c8794e526157dc18c87834b2cc4f6592)	auditconfig.c (8523fda3525b37e02f4d11efc8cf763bf08204ec)
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 / 21/ 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25	1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 / 21/ 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25
26
27/* 28 * auditconfig - set and display audit parameters 29 / 30 31#include <locale.h> 32#include <sys/types.h> 33#include <ctype.h> 34#include <stdlib.h> --- 10 unchanged lines hidden* (view full) --- 45#include <netdb.h> 46#include <netinet/in.h> 47#include <arpa/inet.h> 48#include <sys/mkdev.h> 49#include <sys/param.h> 50#include <pwd.h> 51#include <libintl.h> 52#include <zone.h>	26/* 27 * auditconfig - set and display audit parameters 28 / 29 30#include <locale.h> 31#include <sys/types.h> 32#include <ctype.h> 33#include <stdlib.h> --- 10 unchanged lines hidden* (view full) --- 44#include <netdb.h> 45#include <netinet/in.h> 46#include <arpa/inet.h> 47#include <sys/mkdev.h> 48#include <sys/param.h> 49#include <pwd.h> 50#include <libintl.h> 51#include <zone.h>
53	52#include <libscf_priv.h>
54#include <tsol/label.h>	53#include <tsol/label.h>
55#include <bsm/audit.h> 56#include <bsm/audit_record.h>
57#include <bsm/libbsm.h>	54#include <bsm/libbsm.h>
	55#include "auditconfig_impl.h" 56#include "audit_scf.h"
58	57
59#if !defined(TEXT_DOMAIN) 60#define TEXT_DOMAIN "SUNW_OST_OSCMD" 61#endif 62
63enum commands {	58enum commands {
64 AC_ARG_AUDIT,
65 AC_ARG_ACONF,	59 AC_ARG_ACONF,
66 AC_ARG_CHKCONF,	60 AC_ARG_AUDIT,
67 AC_ARG_CHKACONF,	61 AC_ARG_CHKACONF,
	62 AC_ARG_CHKCONF,
68 AC_ARG_CONF, 69 AC_ARG_GETASID, 70 AC_ARG_GETAUDIT, 71 AC_ARG_GETAUID, 72 AC_ARG_GETCAR, 73 AC_ARG_GETCLASS, 74 AC_ARG_GETCOND, 75 AC_ARG_GETCWD, --- 14 unchanged lines hidden (view full) --- 90 AC_ARG_SETASID, 91 AC_ARG_SETAUDIT, 92 AC_ARG_SETAUID, 93 AC_ARG_SETCLASS, 94 AC_ARG_SETKAUDIT, 95 AC_ARG_SETKMASK, 96 AC_ARG_SETPMASK, 97 AC_ARG_SETPOLICY,	63 AC_ARG_CONF, 64 AC_ARG_GETASID, 65 AC_ARG_GETAUDIT, 66 AC_ARG_GETAUID, 67 AC_ARG_GETCAR, 68 AC_ARG_GETCLASS, 69 AC_ARG_GETCOND, 70 AC_ARG_GETCWD, --- 14 unchanged lines hidden (view full) --- 85 AC_ARG_SETASID, 86 AC_ARG_SETAUDIT, 87 AC_ARG_SETAUID, 88 AC_ARG_SETCLASS, 89 AC_ARG_SETKAUDIT, 90 AC_ARG_SETKMASK, 91 AC_ARG_SETPMASK, 92 AC_ARG_SETPOLICY,
98 AC_ARG_SETSMASK, 99 AC_ARG_SETSTAT,
100 AC_ARG_SETQBUFSZ, 101 AC_ARG_SETQCTRL, 102 AC_ARG_SETQDELAY, 103 AC_ARG_SETQHIWATER, 104 AC_ARG_SETQLOWATER,	93 AC_ARG_SETQBUFSZ, 94 AC_ARG_SETQCTRL, 95 AC_ARG_SETQDELAY, 96 AC_ARG_SETQHIWATER, 97 AC_ARG_SETQLOWATER,
105 AC_ARG_SETUMASK	98 AC_ARG_SETSMASK, 99 AC_ARG_SETSTAT, 100 AC_ARG_SETUMASK, 101 AC_ARG_SET_TEMPORARY
106}; 107 108#define AC_KERN_EVENT 0 109#define AC_USER_EVENT 1 110 111#define NONE(s) (!strlen(s) ? gettext("none") : s) 112	102}; 103 104#define AC_KERN_EVENT 0 105#define AC_USER_EVENT 1 106 107#define NONE(s) (!strlen(s) ? gettext("none") : s) 108
113#define ALL_POLICIES (AUDIT_AHLT\|\ 114 AUDIT_ARGE\|\ 115 AUDIT_ARGV\|\ 116 AUDIT_CNT\|\ 117 AUDIT_GROUP\|\ 118 AUDIT_WINDATA\|\ 119 AUDIT_SEQ\|\ 120 AUDIT_TRAIL\|\ 121 AUDIT_PATH\|\ 122 AUDIT_PUBLIC\|\ 123 AUDIT_ZONENAME\|\ 124 AUDIT_PERZONE\|\ 125 AUDIT_WINDATA_DOWN\|\ 126 AUDIT_WINDATA_UP) 127 128#define NO_POLICIES (0) 129
130#define ONEK 1024 131 132/* 133 * remove this after the audit.h is fixed 134 */	109#define ONEK 1024 110 111/* 112 * remove this after the audit.h is fixed 113 */
135
136struct arg_entry { 137 char arg_str; 138 char arg_opts; 139 enum commands auditconfig_cmd;	114struct arg_entry { 115 char arg_str; 116 char arg_opts; 117 enum commands auditconfig_cmd;
	118 boolean_t temporary_allowed; /* -t allowed for the option */
140};	119};
	120typedef struct arg_entry arg_entry_t;
141	121
142struct policy_entry { 143 char policy_str; 144 uint_t policy_mask; 145 char policy_desc;	122/* arg_table - command option and usage message table */ 123static arg_entry_t arg_table[] = { 124 { "-aconf", "", AC_ARG_ACONF, B_FALSE}, 125 { "-audit", " event sorf retval string", AC_ARG_AUDIT, B_FALSE}, 126 { "-chkaconf", "", AC_ARG_CHKACONF, B_FALSE}, 127 { "-chkconf", "", AC_ARG_CHKCONF, B_FALSE}, 128 { "-conf", "", AC_ARG_CONF, B_FALSE}, 129 { "-getasid", "", AC_ARG_GETASID, B_FALSE}, 130 { "-getaudit", "", AC_ARG_GETAUDIT, B_FALSE}, 131 { "-getauid", "", AC_ARG_GETAUID, B_FALSE}, 132 { "-getcar", "", AC_ARG_GETCAR, B_FALSE}, 133 { "-getclass", " event", AC_ARG_GETCLASS, B_FALSE}, 134 { "-getcond", "", AC_ARG_GETCOND, B_FALSE}, 135 { "-getcwd", "", AC_ARG_GETCWD, B_FALSE}, 136 { "-getestate", " event", AC_ARG_GETESTATE, B_FALSE}, 137 { "-getkaudit", "", AC_ARG_GETKAUDIT, B_FALSE}, 138 { "-getkmask", "", AC_ARG_GETKMASK, B_FALSE}, 139 { "-getpinfo", " pid", AC_ARG_GETPINFO, B_FALSE}, 140 { "-getpolicy", "", AC_ARG_GETPOLICY, B_TRUE}, 141 { "-getqbufsz", "", AC_ARG_GETQBUFSZ, B_TRUE}, 142 { "-getqctrl", "", AC_ARG_GETQCTRL, B_TRUE}, 143 { "-getqdelay", "", AC_ARG_GETQDELAY, B_TRUE}, 144 { "-getqhiwater", "", AC_ARG_GETQHIWATER, B_TRUE}, 145 { "-getqlowater", "", AC_ARG_GETQLOWATER, B_TRUE}, 146 { "-getstat", "", AC_ARG_GETSTAT, B_FALSE}, 147 { "-gettid", "", AC_ARG_GETTERMID, B_FALSE}, 148 { "-lsevent", "", AC_ARG_LSEVENT, B_FALSE}, 149 { "-lspolicy", "", AC_ARG_LSPOLICY, B_FALSE}, 150 { "-setasid", " asid [cmd]", AC_ARG_SETASID, B_FALSE}, 151 { "-setaudit", " auid audit_flags termid asid [cmd]", 152 AC_ARG_SETAUDIT, B_FALSE}, 153 { "-setauid", " auid [cmd]", AC_ARG_SETAUID, B_FALSE}, 154 { "-setclass", " event audit_flags", AC_ARG_SETCLASS, B_FALSE}, 155 { "-setkaudit", " type IP_address", AC_ARG_SETKAUDIT, B_FALSE}, 156 { "-setkmask", " audit_flags", AC_ARG_SETKMASK, B_FALSE}, 157 { "-setpmask", " pid audit_flags", AC_ARG_SETPMASK, B_FALSE}, 158 { "-setpolicy", " [+\|-]policy_flags", AC_ARG_SETPOLICY, B_TRUE}, 159 { "-setqbufsz", " bufsz", AC_ARG_SETQBUFSZ, B_TRUE}, 160 { "-setqctrl", " hiwater lowater bufsz delay", 161 AC_ARG_SETQCTRL, B_TRUE}, 162 { "-setqdelay", " delay", AC_ARG_SETQDELAY, B_TRUE}, 163 { "-setqhiwater", " hiwater", AC_ARG_SETQHIWATER, B_TRUE}, 164 { "-setqlowater", " lowater", AC_ARG_SETQLOWATER, B_TRUE}, 165 { "-setsmask", " asid audit_flags", AC_ARG_SETSMASK, B_FALSE}, 166 { "-setstat", "", AC_ARG_SETSTAT, B_FALSE}, 167 { "-setumask", " user audit_flags", AC_ARG_SETUMASK, B_FALSE}, 168 { "-t", "", AC_ARG_SET_TEMPORARY, B_FALSE},
146}; 147	169}; 170
148static struct arg_entry arg_table[] = { 149 { "-aconf", "", AC_ARG_ACONF}, 150 { "-audit", "event sorf retval string", AC_ARG_AUDIT}, 151 { "-chkaconf", "", AC_ARG_CHKACONF}, 152 { "-chkconf", "", AC_ARG_CHKCONF}, 153 { "-conf", "", AC_ARG_CONF}, 154 { "-getasid", "", AC_ARG_GETASID}, 155 { "-getaudit", "", AC_ARG_GETAUDIT}, 156 { "-getauid", "", AC_ARG_GETAUID}, 157 { "-getcar", "", AC_ARG_GETCAR}, 158 { "-getclass", "event", AC_ARG_GETCLASS}, 159 { "-getcond", "", AC_ARG_GETCOND}, 160 { "-getcwd", "", AC_ARG_GETCWD}, 161 { "-getestate", "event", AC_ARG_GETESTATE}, 162 { "-getkaudit", "", AC_ARG_GETKAUDIT}, 163 { "-getkmask", "", AC_ARG_GETKMASK}, 164 { "-getpinfo", "pid", AC_ARG_GETPINFO}, 165 { "-getpolicy", "", AC_ARG_GETPOLICY}, 166 { "-getqbufsz", "", AC_ARG_GETQBUFSZ}, 167 { "-getqctrl", "", AC_ARG_GETQCTRL}, 168 { "-getqdelay", "", AC_ARG_GETQDELAY}, 169 { "-getqhiwater", "", AC_ARG_GETQHIWATER}, 170 { "-getqlowater", "", AC_ARG_GETQLOWATER}, 171 { "-getstat", "", AC_ARG_GETSTAT}, 172 { "-gettid", "", AC_ARG_GETTERMID}, 173 { "-lsevent", "", AC_ARG_LSEVENT}, 174 { "-lspolicy", "", AC_ARG_LSPOLICY}, 175 { "-setasid", "asid [cmd]", AC_ARG_SETASID}, 176 { "-setaudit", "auid audit_flags termid asid [cmd]", 177 AC_ARG_SETAUDIT}, 178 { "-setauid", "auid [cmd]", AC_ARG_SETAUID}, 179 { "-setclass", "event audit_flags", AC_ARG_SETCLASS}, 180 { "-setkaudit", "type IP_address", AC_ARG_SETKAUDIT}, 181 { "-setkmask", "audit_flags", AC_ARG_SETKMASK}, 182 { "-setpmask", "pid audit_flags", AC_ARG_SETPMASK}, 183 { "-setpolicy", "[+\|-]policy_flags", AC_ARG_SETPOLICY}, 184 { "-setqbufsz", "bufsz", AC_ARG_SETQBUFSZ}, 185 { "-setqctrl", "hiwater lowater bufsz delay", AC_ARG_SETQCTRL}, 186 { "-setqdelay", "delay", AC_ARG_SETQDELAY}, 187 { "-setqhiwater", "hiwater", AC_ARG_SETQHIWATER}, 188 { "-setqlowater", "lowater", AC_ARG_SETQLOWATER}, 189 { "-setsmask", "asid audit_flags", AC_ARG_SETSMASK}, 190 { "-setstat", "", AC_ARG_SETSTAT}, 191 { "-setumask", "user audit_flags", AC_ARG_SETUMASK}, 192};	171#define ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t))
193	172
194#define ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry))	173char *progname = "auditconfig";
195	174
196static struct policy_entry policy_table[] = { 197 {"ahlt", AUDIT_AHLT, "halt machine if it can not record an " 198 "async event"}, 199 {"all", ALL_POLICIES, "all policies"}, 200 {"arge", AUDIT_ARGE, "include exec environment args in audit recs"}, 201 {"argv", AUDIT_ARGV, "include exec command line args in audit recs"}, 202 {"cnt", AUDIT_CNT, "when no more space, drop recs and keep a cnt"}, 203 {"group", AUDIT_GROUP, "include supplementary groups in audit recs"}, 204 {"none", NO_POLICIES, "no policies"}, 205 {"path", AUDIT_PATH, "allow multiple paths per event"}, 206 {"perzone", AUDIT_PERZONE, "use a separate queue and auditd per " 207 "zone"}, 208 {"public", AUDIT_PUBLIC, "audit public files"}, 209 {"seq", AUDIT_SEQ, "include a sequence number in audit recs"}, 210 {"trail", AUDIT_TRAIL, "include trailer token in audit recs"}, 211 {"windata_down", AUDIT_WINDATA_DOWN, "include downgraded window " 212 "information in audit recs"}, 213 {"windata_up", AUDIT_WINDATA_UP, "include upgraded window " 214 "information in audit recs"}, 215 {"zonename", AUDIT_ZONENAME, "generate zonename token"} 216};	175/* 176 * temporary_set true to get/set only kernel settings, 177 * false to get/set kernel settings and service properties 178 */ 179static boolean_t temporary_set = B_FALSE;
217	180
218#define POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry)) 219 220static char *progname = "auditconfig"; 221
222static au_event_ent_t egetauevnam(char event_name); 223static au_event_ent_t egetauevnum(au_event_t event_number); 224static int arg_ent_compare(const void aep1, const void aep2); 225static char cond2str(void);	181static au_event_ent_t egetauevnam(char event_name); 182static au_event_ent_t egetauevnum(au_event_t event_number); 183static int arg_ent_compare(const void aep1, const void aep2); 184static char cond2str(void);
226static int policy2str(uint_t policy, char *policy_str, size_t len);	185static int policy2str(uint32_t policy, char *policy_str, size_t len);
227static int str2type(char s, uint_t type);	186static int str2type(char s, uint_t type);
228static int str2policy(char policy_str, uint_t policy_mask);	187static int str2policy(char policy_str, uint32_t policy_mask);
229static int str2ipaddr(char s, uint32_t addr, uint32_t type); 230static int strisflags(char s); 231static int strisipaddr(char s); 232static int strisnum(char *s);	188static int str2ipaddr(char s, uint32_t addr, uint32_t type); 189static int strisflags(char s); 190static int strisipaddr(char s); 191static int strisnum(char *s);
233static struct arg_entry get_arg_ent(char arg_str); 234static struct policy_entry get_policy_ent(char policy);	192static arg_entry_t get_arg_ent(char arg_str);
235static uid_t get_user_id(char user); 236static void chk_event_num(int etype, au_event_t event); 237static void chk_event_str(int etype, char event_str); 238static void chk_retval(char retval_str); 239static void chk_sorf(char sorf_str); 240static void do_aconf(void); 241static void do_args(char *argv); 242static void do_audit(char , char, int, char ); --- 47 unchanged lines hidden* (view full) --- 290static void esetkaudit(auditinfo_addr_t ai, int size); 291static void egetauditflagsbin(char auditflags, au_mask_t pmask); 292static void egetauid(au_id_t auid); 293static void esetaudit(auditinfo_addr_t ai, int size); 294static void esetauid(au_id_t auid); 295static void execit(char *argv); 296static void exit_error(char fmt, ...); 297static void exit_usage(int status);	193static uid_t get_user_id(char user); 194static void chk_event_num(int etype, au_event_t event); 195static void chk_event_str(int etype, char event_str); 196static void chk_retval(char retval_str); 197static void chk_sorf(char sorf_str); 198static void do_aconf(void); 199static void do_args(char *argv); 200static void do_audit(char , char, int, char ); --- 47 unchanged lines hidden* (view full) --- 248static void esetkaudit(auditinfo_addr_t ai, int size); 249static void egetauditflagsbin(char auditflags, au_mask_t pmask); 250static void egetauid(au_id_t auid); 251static void esetaudit(auditinfo_addr_t ai, int size); 252static void esetauid(au_id_t auid); 253static void execit(char *argv); 254static void exit_error(char fmt, ...); 255static void exit_usage(int status);
298static void parse_args(char **argv);	256static void parse_args(int argc, char **argv);
299static void print_asid(au_asid_t asid); 300static void print_auid(au_id_t auid); 301static void print_mask(char desc, au_mask_t pmp); 302static void print_tid_ex(au_tid_addr_t *tidp); 303	257static void print_asid(au_asid_t asid); 258static void print_auid(au_id_t auid); 259static void print_mask(char desc, au_mask_t pmp); 260static void print_tid_ex(au_tid_addr_t *tidp); 261
	262#if !defined(TEXT_DOMAIN) 263#define TEXT_DOMAIN "SUNW_OST_OSCMD" 264#endif 265
304int 305main(int argc, char **argv) 306{ 307 (void) setlocale(LC_ALL, ""); 308 (void) textdomain(TEXT_DOMAIN); 309 310 if (argc == 1) { 311 exit_usage(0);	266int 267main(int argc, char **argv) 268{ 269 (void) setlocale(LC_ALL, ""); 270 (void) textdomain(TEXT_DOMAIN); 271 272 if (argc == 1) { 273 exit_usage(0);
312 exit(0);
313 } 314 315 if (argc == 2 &&	274 } 275 276 if (argc == 2 &&
316 (argv[1][0] == '?' \|\| 317 strcmp(argv[1], "-h") == 0 \|\| 318 strcmp(argv[1], "-?") == 0))	277 (argv[1][0] == '?' \|\| 278 strcmp(argv[1], "-h") == 0 \|\| 279 strcmp(argv[1], "-?") == 0)) {
319 exit_usage(0);	280 exit_usage(0);
	281 }
320	282
321 parse_args(argv);	283 parse_args(argc, argv);
322 do_args(argv); 323 324 return (0); 325} 326 327/* 328 * parse_args() 329 * Desc: Checks command line argument syntax. 330 * Inputs: Command line argv; 331 * Returns: If a syntax error is detected, a usage message is printed 332 * and exit() is called. If a syntax error is not detected, 333 * parse_args() returns without a value. 334 */ 335static void	284 do_args(argv); 285 286 return (0); 287} 288 289/* 290 * parse_args() 291 * Desc: Checks command line argument syntax. 292 * Inputs: Command line argv; 293 * Returns: If a syntax error is detected, a usage message is printed 294 * and exit() is called. If a syntax error is not detected, 295 * parse_args() returns without a value. 296 */ 297static void
336parse_args(char **argv)	298parse_args(int argc, char **argv)
337{	299{
338 struct arg_entry *ae;	300 arg_entry_t *ae;
339 340 au_mask_t mask; 341 uint_t type; 342 uint_t addr[4]; 343 344 for (++argv; argv; argv++) { 345 if ((ae = get_arg_ent(argv)) == NULL) { 346 exit_usage(1); 347 } 348 349 switch (ae->auditconfig_cmd) { 350 351 case AC_ARG_AUDIT: 352 ++argv; 353 if (!argv) 354 exit_usage(1); 355 if (strisnum(argv)) { 356 chk_event_num(AC_USER_EVENT,	301 302 au_mask_t mask; 303 uint_t type; 304 uint_t addr[4]; 305 306 for (++argv; argv; argv++) { 307 if ((ae = get_arg_ent(argv)) == NULL) { 308 exit_usage(1); 309 } 310 311 switch (ae->auditconfig_cmd) { 312 313 case AC_ARG_AUDIT: 314 ++argv; 315 if (!argv) 316 exit_usage(1); 317 if (strisnum(argv)) { 318 chk_event_num(AC_USER_EVENT,
357 (au_event_t)atol(*argv));	319 (au_event_t)atol(*argv));
358 } else { 359 chk_event_str(AC_USER_EVENT, argv); 360 } 361 ++argv; 362 if (!argv) 363 exit_usage(1); 364 chk_sorf(argv); 365 ++argv; --- 58 unchanged lines hidden* (view full) --- 424 break; 425 426 case AC_ARG_SETKAUDIT: 427 ++argv; 428 if (!argv) 429 exit_usage(1); 430 if (str2type (argv, &type)) 431 exit_error(gettext(	320 } else { 321 chk_event_str(AC_USER_EVENT, argv); 322 } 323 ++argv; 324 if (!argv) 325 exit_usage(1); 326 chk_sorf(argv); 327 ++argv; --- 58 unchanged lines hidden* (view full) --- 386 break; 387 388 case AC_ARG_SETKAUDIT: 389 ++argv; 390 if (!argv) 391 exit_usage(1); 392 if (str2type (argv, &type)) 393 exit_error(gettext(
432 "Invalid IP address type specified."));	394 "Invalid IP address type specified."));
433 ++argv; 434 if (!argv) 435 exit_usage(1); 436 437 if (str2ipaddr(argv, addr, type))	395 ++argv; 396 if (!argv) 397 exit_usage(1); 398 399 if (str2ipaddr(argv, addr, type))
438 exit_error(gettext( 439 "Invalid IP address specified."));	400 exit_error( 401 gettext("Invalid IP address specified."));
440 break; 441 442 case AC_ARG_SETCLASS: 443 ++argv; 444 if (!argv) 445 exit_usage(1); 446 if (strisnum(argv)) 447 chk_event_num(AC_KERN_EVENT,	402 break; 403 404 case AC_ARG_SETCLASS: 405 ++argv; 406 if (!argv) 407 exit_usage(1); 408 if (strisnum(argv)) 409 chk_event_num(AC_KERN_EVENT,
448 (au_event_t)atol(*argv));	410 (au_event_t)atol(*argv));
449 else 450 chk_event_str(AC_KERN_EVENT, argv); 451 ++argv; 452 if (!argv) 453 exit_usage(1); 454 str2mask(argv, &mask); 455 break; 456 --- 37 unchanged lines hidden* (view full) --- 494 exit_error(gettext("Invalid bufsz specified.")); 495 break; 496 497 case AC_ARG_SETQCTRL: 498 ++argv; 499 if (!argv) 500 exit_usage(1); 501 if (!strisnum(argv))	411 else 412 chk_event_str(AC_KERN_EVENT, argv); 413 ++argv; 414 if (!argv) 415 exit_usage(1); 416 str2mask(argv, &mask); 417 break; 418 --- 37 unchanged lines hidden* (view full) --- 456 exit_error(gettext("Invalid bufsz specified.")); 457 break; 458 459 case AC_ARG_SETQCTRL: 460 ++argv; 461 if (!argv) 462 exit_usage(1); 463 if (!strisnum(argv))
502 exit_error(gettext( 503 "Invalid hiwater specified."));	464 exit_error( 465 gettext("Invalid hiwater specified."));
504 ++argv; 505 if (!argv) 506 exit_usage(1); 507 if (!strisnum(argv))	466 ++argv; 467 if (!argv) 468 exit_usage(1); 469 if (!strisnum(argv))
508 exit_error(gettext( 509 gettext("Invalid lowater specified.")));	470 exit_error( 471 gettext("Invalid lowater specified."));
510 ++argv; 511 if (!argv) 512 exit_usage(1); 513 if (!strisnum(argv)) 514 exit_error(gettext("Invalid bufsz specified.")); 515 ++argv; 516 if (!argv) 517 exit_usage(1); --- 9 unchanged lines hidden* (view full) --- 527 exit_error(gettext("Invalid delay specified.")); 528 break; 529 530 case AC_ARG_SETQHIWATER: 531 ++argv; 532 if (!argv) 533 exit_usage(1); 534 if (!strisnum(argv)) {	472 ++argv; 473 if (!argv) 474 exit_usage(1); 475 if (!strisnum(argv)) 476 exit_error(gettext("Invalid bufsz specified.")); 477 ++argv; 478 if (!argv) 479 exit_usage(1); --- 9 unchanged lines hidden* (view full) --- 489 exit_error(gettext("Invalid delay specified.")); 490 break; 491 492 case AC_ARG_SETQHIWATER: 493 ++argv; 494 if (!argv) 495 exit_usage(1); 496 if (!strisnum(argv)) {
535 exit_error(gettext( 536 "Invalid hiwater specified."));	497 exit_error( 498 gettext("Invalid hiwater specified."));
537 } 538 break; 539 540 case AC_ARG_SETQLOWATER: 541 ++argv; 542 if (!argv) 543 exit_usage(1); 544 if (!strisnum(argv)) {	499 } 500 break; 501 502 case AC_ARG_SETQLOWATER: 503 ++argv; 504 if (!argv) 505 exit_usage(1); 506 if (!strisnum(argv)) {
545 exit_error(gettext( 546 "Invalid lowater specified."));	507 exit_error( 508 gettext("Invalid lowater specified."));
547 } 548 break; 549 550 case AC_ARG_SETSMASK: 551 case AC_ARG_SETUMASK: 552 ++argv; 553 if (!argv) 554 exit_usage(1); 555 ++argv; 556 if (!argv) 557 exit_usage(1); 558 str2mask(*argv, &mask); 559 break; 560	509 } 510 break; 511 512 case AC_ARG_SETSMASK: 513 case AC_ARG_SETUMASK: 514 ++argv; 515 if (!argv) 516 exit_usage(1); 517 ++argv; 518 if (!argv) 519 exit_usage(1); 520 str2mask(*argv, &mask); 521 break; 522
	523 case AC_ARG_SET_TEMPORARY: 524 /* Do not accept single -t option. */ 525 if (argc == 2) { 526 exit_error( 527 gettext("Only the -t option specified " 528 "(it is not a standalone option).")); 529 } 530 temporary_set = B_TRUE; 531 break; 532
561 default: 562 exit_error(gettext("Internal error #1.")); 563 break; 564 } 565 } 566} 567 568 569/*	533 default: 534 exit_error(gettext("Internal error #1.")); 535 break; 536 } 537 } 538} 539 540 541/*
570 * do_args() 571 * Desc: Do command line arguments in the order in which they appear.	542 * do_args() - do command line arguments in the order in which they appear. 543 * Function return values returned by the underlying functions; the semantics 544 * they should follow is to return B_TRUE on successful execution, B_FALSE 545 * otherwise.
572 / 573static void 574do_args(char *argv) 575{	546 / 547static void 548do_args(char *argv) 549{
576 struct arg_entry *ae;	550 arg_entry_t *ae;
577 578 for (++argv; argv; argv++) { 579 ae = get_arg_ent(argv); 580 581 switch (ae->auditconfig_cmd) { 582 583 case AC_ARG_AUDIT: 584 { --- 141 unchanged lines hidden (view full) --- 726 user_str = argv; 727 ++argv; 728 mask_str = argv; 729 ++argv; 730 tid_str = argv; 731 ++argv; 732 sid_str = argv; 733 ++argv;	551 552 for (++argv; argv; argv++) { 553 ae = get_arg_ent(argv); 554 555 switch (ae->auditconfig_cmd) { 556 557 case AC_ARG_AUDIT: 558 { --- 141 unchanged lines hidden (view full) --- 700 user_str = argv; 701 ++argv; 702 mask_str = argv; 703 ++argv; 704 tid_str = argv; 705 ++argv; 706 sid_str = argv; 707 ++argv;
734 do_setaudit(user_str, mask_str, 735 tid_str, sid_str, argv);	708 do_setaudit(user_str, mask_str, tid_str, 709 sid_str, argv);
736 } 737 break; 738 739 case AC_ARG_SETKAUDIT: 740 { 741 char address_type, address; 742 743 ++argv; address_type = argv; --- 99 unchanged lines hidden* (view full) --- 843 844 ++argv; 845 auid_str = argv; 846 ++argv; 847 audit_flags = argv; 848 do_setumask(auid_str, audit_flags); 849 } 850 break;	710 } 711 break; 712 713 case AC_ARG_SETKAUDIT: 714 { 715 char address_type, address; 716 717 ++argv; address_type = argv; --- 99 unchanged lines hidden* (view full) --- 817 818 ++argv; 819 auid_str = argv; 820 ++argv; 821 audit_flags = argv; 822 do_setumask(auid_str, audit_flags); 823 } 824 break;
	825 case AC_ARG_SET_TEMPORARY: 826 break;
851 852 default: 853 exit_error(gettext("Internal error #2.")); 854 break; 855 } 856 } 857} 858 859/*	827 828 default: 829 exit_error(gettext("Internal error #2.")); 830 break; 831 } 832 } 833} 834 835/*
860 * The returned value is for the global zone unless AUDIT_PERZONE is 861 * set.	836 * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE 837 * is set.
862 */	838 */
863
864static void 865do_chkconf(void) 866{ 867 register au_event_ent_t *evp; 868 au_mask_t pmask; 869 char conf_aflags[256]; 870 char run_aflags[256]; 871 au_stat_t as; 872 int class; 873 int len; 874 struct au_evclass_map cmap; 875 876 pmask.am_success = pmask.am_failure = 0; 877 eauditon(A_GETSTAT, (caddr_t)&as, 0); 878 879 setauevent(); 880 if (getauevent() == NULL) {	839static void 840do_chkconf(void) 841{ 842 register au_event_ent_t *evp; 843 au_mask_t pmask; 844 char conf_aflags[256]; 845 char run_aflags[256]; 846 au_stat_t as; 847 int class; 848 int len; 849 struct au_evclass_map cmap; 850 851 pmask.am_success = pmask.am_failure = 0; 852 eauditon(A_GETSTAT, (caddr_t)&as, 0); 853 854 setauevent(); 855 if (getauevent() == NULL) {
881 (void) exit_error(gettext( 882 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE);	856 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 857 AUDITEVENTFILE);
883 } 884 885 setauevent(); 886 while ((evp = getauevent()) != NULL) { 887 cmap.ec_number = evp->ae_number; 888 len = sizeof (struct au_evclass_map); 889 if (evp->ae_number <= as.as_numevent) { 890 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { --- 4 unchanged lines hidden (view full) --- 895 "be bad.\n")); 896 } else { 897 class = cmap.ec_class; 898 if (class != evp->ae_class) { 899 conf_aflags[0] = run_aflags[0] = '\0'; 900 pmask.am_success = class; 901 pmask.am_failure = class; 902 (void) getauditflagschar(run_aflags,	858 } 859 860 setauevent(); 861 while ((evp = getauevent()) != NULL) { 862 cmap.ec_number = evp->ae_number; 863 len = sizeof (struct au_evclass_map); 864 if (evp->ae_number <= as.as_numevent) { 865 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { --- 4 unchanged lines hidden (view full) --- 870 "be bad.\n")); 871 } else { 872 class = cmap.ec_class; 873 if (class != evp->ae_class) { 874 conf_aflags[0] = run_aflags[0] = '\0'; 875 pmask.am_success = class; 876 pmask.am_failure = class; 877 (void) getauditflagschar(run_aflags,
903 &pmask, 0);	878 &pmask, 0);
904 pmask.am_success = evp->ae_class; 905 pmask.am_failure = evp->ae_class; 906 (void) getauditflagschar(conf_aflags,	879 pmask.am_success = evp->ae_class; 880 pmask.am_failure = evp->ae_class; 881 (void) getauditflagschar(conf_aflags,
907 &pmask, 0);	882 &pmask, 0);
908 909 (void) printf(gettext( 910 "%s(%hu): CLASS MISMATCH: " 911 "runtime class (%s) != " 912 "configured class (%s)\n"), 913 evp->ae_name, evp->ae_number, 914 NONE(run_aflags), 915 NONE(conf_aflags)); 916 } 917 } 918 } 919 } 920 endauevent(); 921} 922 923/*	883 884 (void) printf(gettext( 885 "%s(%hu): CLASS MISMATCH: " 886 "runtime class (%s) != " 887 "configured class (%s)\n"), 888 evp->ae_name, evp->ae_number, 889 NONE(run_aflags), 890 NONE(conf_aflags)); 891 } 892 } 893 } 894 } 895 endauevent(); 896} 897 898/*
924 * The returned value is for the global zone unless AUDIT_PERZONE is 925 * set.	899 * do_conf() - configure the kernel events. The value returned to the user is 900 * for the global zone unless AUDIT_PERZONE is set.
926 / 927static void 928do_conf(void) 929{ 930 register au_event_ent_t evp; 931 register int i; 932 au_evclass_map_t ec; 933 au_stat_t as; --- 11 unchanged lines hidden (view full) --- 945 } 946 } 947 endauevent(); 948 (void) printf(gettext("Configured %d kernel events.\n"), i); 949 950} 951 952/*	901 / 902static void 903do_conf(void) 904{ 905 register au_event_ent_t evp; 906 register int i; 907 au_evclass_map_t ec; 908 au_stat_t as; --- 11 unchanged lines hidden (view full) --- 920 } 921 } 922 endauevent(); 923 (void) printf(gettext("Configured %d kernel events.\n"), i); 924 925} 926 927/*
953 * The returned value is for the global zone unless AUDIT_PERZONE is 954 * set.	928 * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit 929 * event does not match the configured class mask. The value returned to the 930 * user is for the global zone unless AUDIT_PERZONE is set.
955 */	931 */
956
957static void 958do_chkaconf(void) 959{	932static void 933do_chkaconf(void) 934{
960 char buf[1024]; 961 au_mask_t pmask, kmask;	935 char buf[1024]; 936 au_mask_t pmask, kmask;
962 963 if (getacna(buf, sizeof (buf)) < 0) { 964 (void) fprintf(stderr, 965 gettext("bad non-attributable flags in audit_control\n")); 966 exit(1); 967 } 968 969 if (getauditflagsbin(buf, &pmask) < 0) { --- 14 unchanged lines hidden (view full) --- 984 } 985 (void) printf(gettext("non-attributable event mismatch ")); 986 (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 987 buf, kbuf); 988 } 989} 990 991/*	937 938 if (getacna(buf, sizeof (buf)) < 0) { 939 (void) fprintf(stderr, 940 gettext("bad non-attributable flags in audit_control\n")); 941 exit(1); 942 } 943 944 if (getauditflagsbin(buf, &pmask) < 0) { --- 14 unchanged lines hidden (view full) --- 959 } 960 (void) printf(gettext("non-attributable event mismatch ")); 961 (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 962 buf, kbuf); 963 } 964} 965 966/*
992 * The returned value is for the global zone unless AUDIT_PERZONE is 993 * set.	967 * do_aconf - configures the non-attributable events. The value returned to the 968 * user is for the global zone unless AUDIT_PERZONE is set.
994 */	969 */
995
996static void 997do_aconf(void) 998{ 999 char buf[2048]; 1000 au_mask_t pmask; 1001 1002 if (getacna(buf, sizeof (buf)) < 0) { 1003 (void) fprintf(stderr, --- 6 unchanged lines hidden (view full) --- 1010 gettext("bad audit flag value encountered\n")); 1011 exit(1); 1012 } 1013 1014 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1015 (void) printf(gettext("Configured non-attributable events.\n")); 1016} 1017	970static void 971do_aconf(void) 972{ 973 char buf[2048]; 974 au_mask_t pmask; 975 976 if (getacna(buf, sizeof (buf)) < 0) { 977 (void) fprintf(stderr, --- 6 unchanged lines hidden (view full) --- 984 gettext("bad audit flag value encountered\n")); 985 exit(1); 986 } 987 988 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 989 (void) printf(gettext("Configured non-attributable events.\n")); 990} 991
	992/* 993 * do_audit() - construct an audit record for audit event event using the 994 * process's audit characteristics containing a text token string audit_str. The 995 * return token is constructed from the success/failure flag sort. Returned 996 * value retval is an errno value. 997 */
1018static void 1019do_audit(char event, char sorf, int retval, char audit_str) 1020{ 1021 int rtn; 1022 int rd; 1023 au_event_t event_num; 1024 au_event_ent_t evp; 1025 auditinfo_addr_t ai; --- 16 unchanged lines hidden* (view full) --- 1042 gettext("Check audit event configuration."), 1043 gettext("Could not get audit class for event number"), 1044 evp->ae_number); 1045 } 1046 1047 /* record is preselected */ 1048 if (rtn == 1) { 1049 if ((rd = au_open()) == -1) {	998static void 999do_audit(char event, char sorf, int retval, char audit_str) 1000{ 1001 int rtn; 1002 int rd; 1003 au_event_t event_num; 1004 au_event_ent_t evp; 1005 auditinfo_addr_t ai; --- 16 unchanged lines hidden* (view full) --- 1022 gettext("Check audit event configuration."), 1023 gettext("Could not get audit class for event number"), 1024 evp->ae_number); 1025 } 1026 1027 /* record is preselected */ 1028 if (rtn == 1) { 1029 if ((rd = au_open()) == -1) {
1050 exit_error(gettext("Could not get and audit record " 1051 "descriptor\n"));	1030 exit_error(gettext( 1031 "Could not get and audit record descriptor\n"));
1052 } 1053 if ((tokp = au_to_me()) == NULL) {	1032 } 1033 if ((tokp = au_to_me()) == NULL) {
1054 exit_error(gettext("Could not allocate subject " 1055 "token\n"));	1034 exit_error( 1035 gettext("Could not allocate subject token\n"));
1056 } 1057 if (au_write(rd, tokp) == -1) {	1036 } 1037 if (au_write(rd, tokp) == -1) {
1058 exit_error(gettext("Could not construct subject " 1059 "token of audit record\n"));	1038 exit_error(gettext("Could not construct subject token " 1039 "of audit record\n"));
1060 } 1061 if (is_system_labeled()) { 1062 if ((tokp = au_to_mylabel()) == NULL) {	1040 } 1041 if (is_system_labeled()) { 1042 if ((tokp = au_to_mylabel()) == NULL) {
1063 exit_error(gettext("Could not allocate " 1064 "label token\n"));	1043 exit_error(gettext( 1044 "Could not allocate label token\n"));
1065 } 1066 if (au_write(rd, tokp) == -1) {	1045 } 1046 if (au_write(rd, tokp) == -1) {
1067 exit_error(gettext("Could not construct " 1068 "label token of audit record\n"));	1047 exit_error(gettext("Could not " 1048 "construct label token of audit record\n"));
1069 } 1070 } 1071 1072 if ((tokp = au_to_text(audit_str)) == NULL) 1073 exit_error(gettext("Could not allocate text token\n")); 1074 if (au_write(rd, tokp) == -1) 1075 exit_error(gettext("Could not construct text token of " 1076 "audit record\n")); 1077#ifdef _LP64 1078 if ((tokp = au_to_return64(sorf, retval)) == NULL) 1079#else 1080 if ((tokp = au_to_return32(sorf, retval)) == NULL) 1081#endif	1049 } 1050 } 1051 1052 if ((tokp = au_to_text(audit_str)) == NULL) 1053 exit_error(gettext("Could not allocate text token\n")); 1054 if (au_write(rd, tokp) == -1) 1055 exit_error(gettext("Could not construct text token of " 1056 "audit record\n")); 1057#ifdef _LP64 1058 if ((tokp = au_to_return64(sorf, retval)) == NULL) 1059#else 1060 if ((tokp = au_to_return32(sorf, retval)) == NULL) 1061#endif
1082 exit_error(gettext("Could not allocate return " 1083 "token\n"));	1062 exit_error( 1063 gettext("Could not allocate return token\n"));
1084 if (au_write(rd, tokp) == -1) { 1085 exit_error(gettext("Could not construct return token " 1086 "of audit record\n")); 1087 } 1088 if (au_close(rd, 1, evp->ae_number) == -1) {	1064 if (au_write(rd, tokp) == -1) { 1065 exit_error(gettext("Could not construct return token " 1066 "of audit record\n")); 1067 } 1068 if (au_close(rd, 1, evp->ae_number) == -1) {
1089 exit_error(gettext("Could not write audit record: " 1090 "%s\n"), strerror(errno));	1069 exit_error( 1070 gettext("Could not write audit record: %s\n"), 1071 strerror(errno));
1091 } 1092 } 1093} 1094	1072 } 1073 } 1074} 1075
	1076/* 1077 * do_getauid() - print the audit id of the current process. 1078 */
1095static void 1096do_getauid(void) 1097{ 1098 au_id_t auid; 1099 1100 egetauid(&auid); 1101 print_auid(auid); 1102} 1103	1079static void 1080do_getauid(void) 1081{ 1082 au_id_t auid; 1083 1084 egetauid(&auid); 1085 print_auid(auid); 1086} 1087
	1088/* 1089 * do_getaudit() - print the audit characteristics of the current process. 1090 */
1104static void 1105do_getaudit(void) 1106{ 1107 auditinfo_addr_t ai; 1108 1109 egetaudit(&ai, sizeof (ai)); 1110 print_auid(ai.ai_auid); 1111 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1112 print_tid_ex(&ai.ai_termid); 1113 print_asid(ai.ai_asid); 1114} 1115	1091static void 1092do_getaudit(void) 1093{ 1094 auditinfo_addr_t ai; 1095 1096 egetaudit(&ai, sizeof (ai)); 1097 print_auid(ai.ai_auid); 1098 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1099 print_tid_ex(&ai.ai_termid); 1100 print_asid(ai.ai_asid); 1101} 1102
	1103/* 1104 * do_getkaudit() - print the audit characteristics of the current zone. 1105 */
1116static void 1117do_getkaudit(void) 1118{ 1119 auditinfo_addr_t ai; 1120 1121 egetkaudit(&ai, sizeof (ai)); 1122 print_auid(ai.ai_auid); 1123 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1124 print_tid_ex(&ai.ai_termid); 1125 print_asid(ai.ai_asid); 1126} 1127 1128/*	1106static void 1107do_getkaudit(void) 1108{ 1109 auditinfo_addr_t ai; 1110 1111 egetkaudit(&ai, sizeof (ai)); 1112 print_auid(ai.ai_auid); 1113 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1114 print_tid_ex(&ai.ai_termid); 1115 print_asid(ai.ai_asid); 1116} 1117 1118/*
1129 * per zone if AUDIT_PERZONE set, else only in global zone.	1119 * do_setkaudit() - set IP address_type/address of machine to specified values; 1120 * valid per zone if AUDIT_PERZONE is set, else only in global zone.
1130 */	1121 */
1131
1132static void 1133do_setkaudit(char t, char s) 1134{ 1135 uint_t type; 1136 auditinfo_addr_t ai; 1137 1138 egetkaudit(&ai, sizeof (ai)); 1139 (void) str2type(t, &type); 1140 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 1141 ai.ai_termid.at_type = type; 1142 esetkaudit(&ai, sizeof (ai)); 1143} 1144 1145/*	1122static void 1123do_setkaudit(char t, char s) 1124{ 1125 uint_t type; 1126 auditinfo_addr_t ai; 1127 1128 egetkaudit(&ai, sizeof (ai)); 1129 (void) str2type(t, &type); 1130 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 1131 ai.ai_termid.at_type = type; 1132 esetkaudit(&ai, sizeof (ai)); 1133} 1134 1135/*
1146 * returns zone-relative root	1136 * do_getcar() - print the zone-relative root
1147 */	1137 */
1148
1149static void 1150do_getcar(void) 1151{ 1152 char path[MAXPATHLEN]; 1153 1154 eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 1155 (void) printf(gettext("current active root = %s\n"), path); 1156} 1157 1158/*	1138static void 1139do_getcar(void) 1140{ 1141 char path[MAXPATHLEN]; 1142 1143 eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 1144 (void) printf(gettext("current active root = %s\n"), path); 1145} 1146 1147/*
1159 * The returned value is for the global zone unless AUDIT_PERZONE is 1160 * set.	1148 * do_getclass() - print the preselection mask associated with the specified 1149 * kernel audit event. The displayed value is for the global zone unless 1150 * AUDIT_PERZONE is set.
1161 */	1151 */
1162
1163static void 1164do_getclass(char event_str) 1165{ 1166 au_evclass_map_t ec; 1167 au_event_ent_t evp; 1168 au_event_t event_number; 1169 char event_name; 1170 --- 15 unchanged lines hidden* (view full) --- 1186 ec.ec_number = event_number; 1187 eauditon(A_GETCLASS, (caddr_t)&ec, 0); 1188 1189 (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"), 1190 event_name, event_number, ec.ec_class); 1191} 1192 1193/*	1152static void 1153do_getclass(char event_str) 1154{ 1155 au_evclass_map_t ec; 1156 au_event_ent_t evp; 1157 au_event_t event_number; 1158 char event_name; 1159 --- 15 unchanged lines hidden* (view full) --- 1175 ec.ec_number = event_number; 1176 eauditon(A_GETCLASS, (caddr_t)&ec, 0); 1177 1178 (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"), 1179 event_name, event_number, ec.ec_class); 1180} 1181 1182/*
1194 * The returned value is for the global zone unless AUDIT_PERZONE is 1195 * set. (AUC_DISABLED is always global, the other states are per zone 1196 * if AUDIT_PERZONE is set)	1183 * do_getcond() - the printed value is for the global zone unless 1184 * AUDIT_PERZONE is set. (AUC_DISABLED is always global, the other states are 1185 * per zone if AUDIT_PERZONE is set)
1197 */	1186 */
1198
1199static void 1200do_getcond(void) 1201{ 1202 (void) printf(gettext("audit condition = %s\n"), cond2str()); 1203} 1204 1205/*	1187static void 1188do_getcond(void) 1189{ 1190 (void) printf(gettext("audit condition = %s\n"), cond2str()); 1191} 1192 1193/*
1206 * returned path is relative to zone root	1194 * do_getcwd() - the printed path is relative to the current zone root
1207 */	1195 */
1208
1209static void 1210do_getcwd(void) 1211{ 1212 char path[MAXPATHLEN]; 1213 1214 eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 1215 (void) printf(gettext("current working directory = %s\n"), path); 1216} 1217 1218/*	1196static void 1197do_getcwd(void) 1198{ 1199 char path[MAXPATHLEN]; 1200 1201 eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 1202 (void) printf(gettext("current working directory = %s\n"), path); 1203} 1204 1205/*
1219 * The returned value is for the global zone unless AUDIT_PERZONE is 1220 * set.	1206 * do_getkmask() - the printed value is for the global zone unless AUDIT_PERZONE 1207 * is set.
1221 */	1208 */
1222
1223static void 1224do_getkmask(void) 1225{ 1226 au_mask_t pmask; 1227 1228 eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1229 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1230} 1231 1232/*	1209static void 1210do_getkmask(void) 1211{ 1212 au_mask_t pmask; 1213 1214 eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1215 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1216} 1217 1218/*
1233 * The returned value is for the global zone unless AUDIT_PERZONE is 1234 * set. (some policies can only be set from the global zone, but all 1235 * can be read from anywhere.)	1219 * do_getpolicy() - print active and configured kernel audit policy relative to 1220 * the current zone.
1236 */	1221 */
1237
1238static void 1239do_getpolicy(void) 1240{	1222static void 1223do_getpolicy(void) 1224{
1241 char policy_str[1024]; 1242 uint_t policy;	1225 char policy_str[1024]; 1226 uint32_t policy;
1243	1227
	1228 if (!temporary_set) { 1229 if (!do_getpolicy_scf(&policy)) { 1230 exit_error(gettext("Could not get configured values.")); 1231 } 1232 (void) policy2str(policy, policy_str, sizeof (policy_str)); 1233 (void) printf(gettext("configured audit policies = %s\n"), 1234 policy_str); 1235 } 1236
1244 eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 1245 (void) policy2str(policy, policy_str, sizeof (policy_str));	1237 eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 1238 (void) policy2str(policy, policy_str, sizeof (policy_str));
1246 (void) printf(gettext("audit policies = %s\n"), policy_str);	1239 (void) printf(gettext("active audit policies = %s\n"), policy_str);
1247} 1248	1240} 1241
	1242 1243/* 1244 * do_getpinfo() - print the audit ID, preselection mask, terminal ID, and 1245 * audit session ID for the specified process. 1246 */
1249static void 1250do_getpinfo(char pid_str) 1251{ 1252 struct auditpinfo_addr ap; 1253 1254 if (strisnum(pid_str)) 1255 ap.ap_pid = (pid_t)atoi(pid_str); 1256 else 1257 exit_usage(1); 1258 1259 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 1260 1261 print_auid(ap.ap_auid); 1262 print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 1263 print_tid_ex(&(ap.ap_termid)); 1264 print_asid(ap.ap_asid); 1265} 1266 1267/	1247static void 1248do_getpinfo(char pid_str) 1249{ 1250 struct auditpinfo_addr ap; 1251 1252 if (strisnum(pid_str)) 1253 ap.ap_pid = (pid_t)atoi(pid_str); 1254 else 1255 exit_usage(1); 1256 1257 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 1258 1259 print_auid(ap.ap_auid); 1260 print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 1261 print_tid_ex(&(ap.ap_termid)); 1262 print_asid(ap.ap_asid); 1263} 1264 1265/
1268 * The returned value is for the global zone unless AUDIT_PERZONE is 1269 * set.	1266 * do_getqbufsz() - print the active and configured audit queue write buffer 1267 * size relative to the current zone.
1270 */	1268 */
1271
1272static void 1273do_getqbufsz(void) 1274{ 1275 struct au_qctrl qctrl; 1276	1269static void 1270do_getqbufsz(void) 1271{ 1272 struct au_qctrl qctrl; 1273
	1274 if (!temporary_set) { 1275 if (!do_getqbufsz_scf(&qctrl.aq_bufsz)) { 1276 exit_error(gettext("Could not get configured value.")); 1277 } 1278 1279 if (qctrl.aq_bufsz == 0) { 1280 (void) printf(gettext( 1281 "no configured audit queue buffer size\n")); 1282 } else { 1283 (void) printf(gettext("configured audit queue " 1284 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 1285 } 1286 } 1287
1277 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1288 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1278 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 1279 qctrl.aq_bufsz);	1289 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"), 1290 qctrl.aq_bufsz);
1280} 1281 1282/*	1291} 1292 1293/*
1283 * The returned value is for the global zone unless AUDIT_PERZONE is 1284 * set.	1294 * do_getqctrl() - print the configured and active audit queue write buffer 1295 * size, audit queue hiwater mark, audit queue lowater mark, audit queue prod 1296 * interval (ticks) relative to the current zone.
1285 */	1297 */
1286
1287static void 1288do_getqctrl(void) 1289{	1298static void 1299do_getqctrl(void) 1300{
1290 struct au_qctrl qctrl;	1301 struct au_qctrl qctrl;
1291	1302
	1303 if (!temporary_set) { 1304 if (!do_getqctrl_scf(&qctrl)) { 1305 exit_error(gettext("Could not get configured values.")); 1306 } 1307 1308 if (qctrl.aq_hiwater == 0) { 1309 (void) printf(gettext( 1310 "no configured audit queue hiwater mark\n")); 1311 } else { 1312 (void) printf(gettext("configured audit queue " 1313 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 1314 } 1315 if (qctrl.aq_lowater == 0) { 1316 (void) printf(gettext( 1317 "no configured audit queue lowater mark\n")); 1318 } else { 1319 (void) printf(gettext("configured audit queue " 1320 "lowater mark (records) = %d\n"), qctrl.aq_lowater); 1321 } 1322 if (qctrl.aq_bufsz == 0) { 1323 (void) printf(gettext( 1324 "no configured audit queue buffer size\n")); 1325 } else { 1326 (void) printf(gettext("configured audit queue " 1327 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz); 1328 } 1329 if (qctrl.aq_delay == 0) { 1330 (void) printf(gettext( 1331 "no configured audit queue delay\n")); 1332 } else { 1333 (void) printf(gettext("configured audit queue " 1334 "delay (ticks) = %ld\n"), qctrl.aq_delay); 1335 } 1336 } 1337
1292 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1338 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1293 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1294 qctrl.aq_hiwater); 1295 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1296 qctrl.aq_lowater); 1297 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"),	1339 (void) printf(gettext("active audit queue hiwater mark " 1340 "(records) = %d\n"), qctrl.aq_hiwater); 1341 (void) printf(gettext("active audit queue lowater mark " 1342 "(records) = %d\n"), qctrl.aq_lowater); 1343 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"),
1298 qctrl.aq_bufsz);	1344 qctrl.aq_bufsz);
1299 (void) printf(gettext("audit queue delay (ticks) = %ld\n"),	1345 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1300 qctrl.aq_delay); 1301} 1302 1303/*	1346 qctrl.aq_delay); 1347} 1348 1349/*
1304 * The returned value is for the global zone unless AUDIT_PERZONE is 1305 * set.	1350 * do_getqdelay() - print, relative to the current zone, the configured and 1351 * active interval at which audit queue is prodded to start output.
1306 */	1352 */
1307
1308static void 1309do_getqdelay(void) 1310{ 1311 struct au_qctrl qctrl; 1312	1353static void 1354do_getqdelay(void) 1355{ 1356 struct au_qctrl qctrl; 1357
	1358 if (!temporary_set) { 1359 if (!do_getqdelay_scf(&qctrl.aq_delay)) { 1360 exit_error(gettext("Could not get configured value.")); 1361 } 1362 1363 if (qctrl.aq_delay == 0) { 1364 (void) printf(gettext( 1365 "no configured audit queue delay\n")); 1366 } else { 1367 (void) printf(gettext("configured audit queue " 1368 "delay (ticks) = %ld\n"), qctrl.aq_delay); 1369 } 1370 } 1371
1313 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1372 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1314 (void) printf(gettext("audit queue delay (ticks) = %ld\n"),	1373 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1315 qctrl.aq_delay); 1316} 1317 1318/*	1374 qctrl.aq_delay); 1375} 1376 1377/*
1319 * The returned value is for the global zone unless AUDIT_PERZONE is 1320 * set.	1378 * do_getqhiwater() - print, relative to the current zone, the high water 1379 * point in undelivered audit records when audit generation will block.
1321 */	1380 */
1322
1323static void 1324do_getqhiwater(void) 1325{ 1326 struct au_qctrl qctrl; 1327	1381static void 1382do_getqhiwater(void) 1383{ 1384 struct au_qctrl qctrl; 1385
	1386 if (!temporary_set) { 1387 if (!do_getqhiwater_scf(&qctrl.aq_hiwater)) { 1388 exit_error(gettext("Could not get configured value.")); 1389 } 1390 1391 if (qctrl.aq_hiwater == 0) { 1392 (void) printf(gettext( 1393 "no configured audit queue hiwater mark\n")); 1394 } else { 1395 (void) printf(gettext("configured audit queue " 1396 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater); 1397 } 1398 } 1399
1328 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1400 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1329 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1330 qctrl.aq_hiwater);	1401 (void) printf(gettext("active audit queue hiwater mark " 1402 "(records) = %d\n"), qctrl.aq_hiwater);
1331} 1332 1333/*	1403} 1404 1405/*
1334 * The returned value is for the global zone unless AUDIT_PERZONE is 1335 * set.	1406 * do_getqlowater() - print, relative to the current zone, the low water point 1407 * in undelivered audit records where blocked processes will resume.
1336 */	1408 */
1337
1338static void 1339do_getqlowater(void) 1340{ 1341 struct au_qctrl qctrl; 1342	1409static void 1410do_getqlowater(void) 1411{ 1412 struct au_qctrl qctrl; 1413
	1414 if (!temporary_set) { 1415 if (!do_getqlowater_scf(&qctrl.aq_lowater)) { 1416 exit_error(gettext("Could not get configured value.")); 1417 } 1418 1419 if (qctrl.aq_lowater == 0) { 1420 (void) printf(gettext( 1421 "no configured audit queue lowater mark\n")); 1422 } else { 1423 (void) printf(gettext("configured audit queue " 1424 "lowater mark (records) = %d\n"), qctrl.aq_lowater); 1425 } 1426 } 1427
1343 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1428 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1344 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1345 qctrl.aq_lowater);	1429 (void) printf(gettext("active audit queue lowater mark " 1430 "(records) = %d\n"), qctrl.aq_lowater);
1346} 1347	1431} 1432
	1433/* 1434 * do_getasid() - print out the audit session-ID. 1435 */
1348static void 1349do_getasid(void) 1350{ 1351 auditinfo_addr_t ai; 1352 1353 if (getaudit_addr(&ai, sizeof (ai))) { 1354 exit_error(gettext("getaudit_addr(2) failed")); 1355 } 1356 print_asid(ai.ai_asid); 1357} 1358 1359/*	1436static void 1437do_getasid(void) 1438{ 1439 auditinfo_addr_t ai; 1440 1441 if (getaudit_addr(&ai, sizeof (ai))) { 1442 exit_error(gettext("getaudit_addr(2) failed")); 1443 } 1444 print_asid(ai.ai_asid); 1445} 1446 1447/*
1360 * The stats are for the entire system unless AUDIT_PERZONE is set.	1448 * do_getstat() - the printed statistics are for the entire system unless 1449 * AUDIT_PERZONE is set.
1361 */	1450 */
1362
1363static void 1364do_getstat(void) 1365{ 1366 au_stat_t as; 1367 int offset[12]; /* used to line the header up correctly / 1368 char buf[512]; 1369 1370 eauditon(A_GETSTAT, (caddr_t)&as, 0); --- 12 unchanged lines hidden* (view full) --- 1383 (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1384 (ulong_t)as.as_memused / ONEK, &(offset[11])); 1385 1386 /* 1387 * TRANSLATION_NOTE 1388 * Print a properly aligned header. 1389 / 1390 (void) printf("%s %s %s %s %s %s %s %s %s %s %s %*s\n",	1451static void 1452do_getstat(void) 1453{ 1454 au_stat_t as; 1455 int offset[12]; /* used to line the header up correctly / 1456 char buf[512]; 1457 1458 eauditon(A_GETSTAT, (caddr_t)&as, 0); --- 12 unchanged lines hidden* (view full) --- 1471 (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1472 (ulong_t)as.as_memused / ONEK, &(offset[11])); 1473 1474 /* 1475 * TRANSLATION_NOTE 1476 * Print a properly aligned header. 1477 / 1478 (void) printf("%s %s %s %s %s %s %s %s %s %s %s %*s\n",
1391 offset[0] - 1, gettext("gen"), 1392 offset[1] - offset[0] -1, gettext("nona"), 1393 offset[2] - offset[1] -1, gettext("kern"), 1394 offset[3] - offset[2] -1, gettext("aud"), 1395 offset[4] - offset[3] -1, gettext("ctl"), 1396 offset[5] - offset[4] -1, gettext("enq"), 1397 offset[6] - offset[5] -1, gettext("wrtn"), 1398 offset[7] - offset[6] -1, gettext("wblk"), 1399 offset[8] - offset[7] -1, gettext("rblk"), 1400 offset[9] - offset[8] -1, gettext("drop"), 1401 offset[10] - offset[9] -1, gettext("tot"), 1402 offset[11] - offset[10], gettext("mem"));	1479 offset[0] - 1, gettext("gen"), 1480 offset[1] - offset[0] -1, gettext("nona"), 1481 offset[2] - offset[1] -1, gettext("kern"), 1482 offset[3] - offset[2] -1, gettext("aud"), 1483 offset[4] - offset[3] -1, gettext("ctl"), 1484 offset[5] - offset[4] -1, gettext("enq"), 1485 offset[6] - offset[5] -1, gettext("wrtn"), 1486 offset[7] - offset[6] -1, gettext("wblk"), 1487 offset[8] - offset[7] -1, gettext("rblk"), 1488 offset[9] - offset[8] -1, gettext("drop"), 1489 offset[10] - offset[9] -1, gettext("tot"), 1490 offset[11] - offset[10], gettext("mem"));
1403 1404 (void) printf("%s\n", buf); 1405} 1406	1491 1492 (void) printf("%s\n", buf); 1493} 1494
	1495/* 1496 * do_gettermid() - print audit terminal ID for current process. 1497 */
1407static void 1408do_gettermid(void) 1409{ 1410 auditinfo_addr_t ai; 1411 1412 if (getaudit_addr(&ai, sizeof (ai))) { 1413 exit_error(gettext("getaudit_addr(2) failed")); 1414 } 1415 print_tid_ex(&ai.ai_termid); 1416} 1417 1418/*	1498static void 1499do_gettermid(void) 1500{ 1501 auditinfo_addr_t ai; 1502 1503 if (getaudit_addr(&ai, sizeof (ai))) { 1504 exit_error(gettext("getaudit_addr(2) failed")); 1505 } 1506 print_tid_ex(&ai.ai_termid); 1507} 1508 1509/*
1419 * The returned value is for the global zone unless AUDIT_PERZONE is 1420 * set.	1510 * do_lsevent() - display the active kernel and user level audit event 1511 * information. The printed events are for the global zone unless AUDIT_PERZONE 1512 * is set.
1421 */	1513 */
1422
1423static void 1424do_lsevent(void) 1425{ 1426 register au_event_ent_t *evp; 1427 au_mask_t pmask; 1428 char auflags[256]; 1429 1430 setauevent(); 1431 if (getauevent() == NULL) {	1514static void 1515do_lsevent(void) 1516{ 1517 register au_event_ent_t *evp; 1518 au_mask_t pmask; 1519 char auflags[256]; 1520 1521 setauevent(); 1522 if (getauevent() == NULL) {
1432 (void) exit_error(gettext( 1433 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE);	1523 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."), 1524 AUDITEVENTFILE);
1434 } 1435 1436 setauevent(); 1437 while ((evp = getauevent()) != NULL) { 1438 pmask.am_success = pmask.am_failure = evp->ae_class; 1439 if (getauditflagschar(auflags, &pmask, 0) == -1) 1440 (void) strcpy(auflags, "unknown"); 1441 (void) printf("%-30s %5hu %s %s\n", 1442 evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 1443 } 1444 endauevent(); 1445} 1446 1447/*	1525 } 1526 1527 setauevent(); 1528 while ((evp = getauevent()) != NULL) { 1529 pmask.am_success = pmask.am_failure = evp->ae_class; 1530 if (getauditflagschar(auflags, &pmask, 0) == -1) 1531 (void) strcpy(auflags, "unknown"); 1532 (void) printf("%-30s %5hu %s %s\n", 1533 evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 1534 } 1535 endauevent(); 1536} 1537 1538/*
1448 * The returned value is for the global zone unless AUDIT_PERZONE is 1449 * set.	1539 * do_lspolicy() - display the kernel audit policies with a description of each 1540 * policy. The printed value is for the global zone unless AUDIT_PERZONE is set.
1450 */	1541 */
1451
1452static void 1453do_lspolicy(void) 1454{ 1455 int i; 1456 1457 /* 1458 * TRANSLATION_NOTE 1459 * Print a properly aligned header. 1460 */ 1461 (void) printf(gettext("policy string description:\n")); 1462 for (i = 0; i < POLICY_TBL_SZ; i++) { 1463 (void) printf("%-17s%s\n", policy_table[i].policy_str, 1464 gettext(policy_table[i].policy_desc)); 1465 } 1466} 1467	1542static void 1543do_lspolicy(void) 1544{ 1545 int i; 1546 1547 /* 1548 * TRANSLATION_NOTE 1549 * Print a properly aligned header. 1550 */ 1551 (void) printf(gettext("policy string description:\n")); 1552 for (i = 0; i < POLICY_TBL_SZ; i++) { 1553 (void) printf("%-17s%s\n", policy_table[i].policy_str, 1554 gettext(policy_table[i].policy_desc)); 1555 } 1556} 1557
	1558/* 1559 * do_setasid() - execute shell or cmd with specified session-ID. 1560 */
1468static void 1469do_setasid(char sid_str, char *argv) 1470{ 1471 struct auditinfo_addr ai; 1472 1473 if (getaudit_addr(&ai, sizeof (ai))) { 1474 exit_error(gettext("getaudit_addr(2) failed")); 1475 } 1476 ai.ai_asid = (au_asid_t)atol(sid_str); 1477 if (setaudit_addr(&ai, sizeof (ai))) { 1478 exit_error(gettext("setaudit_addr(2) failed")); 1479 } 1480 execit(argv); 1481} 1482	1561static void 1562do_setasid(char sid_str, char *argv) 1563{ 1564 struct auditinfo_addr ai; 1565 1566 if (getaudit_addr(&ai, sizeof (ai))) { 1567 exit_error(gettext("getaudit_addr(2) failed")); 1568 } 1569 ai.ai_asid = (au_asid_t)atol(sid_str); 1570 if (setaudit_addr(&ai, sizeof (ai))) { 1571 exit_error(gettext("setaudit_addr(2) failed")); 1572 } 1573 execit(argv); 1574} 1575
	1576/* 1577 * do_setaudit() - execute shell or cmd with specified audit characteristics. 1578 */
1483static void 1484do_setaudit(char user_str, char mask_str, char tid_str, char sid_str, 1485 char **argv) 1486{ 1487 auditinfo_addr_t ai; 1488 1489 ai.ai_auid = (au_id_t)get_user_id(user_str); 1490 str2mask(mask_str, &ai.ai_mask),	1579static void 1580do_setaudit(char user_str, char mask_str, char tid_str, char sid_str, 1581 char **argv) 1582{ 1583 auditinfo_addr_t ai; 1584 1585 ai.ai_auid = (au_id_t)get_user_id(user_str); 1586 str2mask(mask_str, &ai.ai_mask),
1491 str2tid(tid_str, &ai.ai_termid);	1587 str2tid(tid_str, &ai.ai_termid);
1492 ai.ai_asid = (au_asid_t)atol(sid_str); 1493 1494 esetaudit(&ai, sizeof (ai)); 1495 execit(argv); 1496} 1497	1588 ai.ai_asid = (au_asid_t)atol(sid_str); 1589 1590 esetaudit(&ai, sizeof (ai)); 1591 execit(argv); 1592} 1593
	1594/* 1595 * do_setauid() - execute shell or cmd with specified audit-ID. 1596 */
1498static void 1499do_setauid(char user, char *argv) 1500{ 1501 au_id_t auid; 1502 1503 auid = get_user_id(user); 1504 esetauid(&auid); 1505 execit(argv); 1506} 1507	1597static void 1598do_setauid(char user, char *argv) 1599{ 1600 au_id_t auid; 1601 1602 auid = get_user_id(user); 1603 esetauid(&auid); 1604 execit(argv); 1605} 1606
	1607/* 1608 * do_setpmask() - set the preselection mask of the specified process; valid 1609 * per zone if AUDIT_PERZONE is set, else only in global zone. 1610 */
1508static void 1509do_setpmask(char pid_str, char audit_flags) 1510{ 1511 struct auditpinfo ap; 1512 1513 if (strisnum(pid_str)) 1514 ap.ap_pid = (pid_t)atoi(pid_str); 1515 else 1516 exit_usage(1); 1517 1518 str2mask(audit_flags, &ap.ap_mask); 1519 1520 eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 1521} 1522	1611static void 1612do_setpmask(char pid_str, char audit_flags) 1613{ 1614 struct auditpinfo ap; 1615 1616 if (strisnum(pid_str)) 1617 ap.ap_pid = (pid_t)atoi(pid_str); 1618 else 1619 exit_usage(1); 1620 1621 str2mask(audit_flags, &ap.ap_mask); 1622 1623 eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 1624} 1625
	1626/* 1627 * do_setsmask() - set the preselection mask of all processes with the specified 1628 * audit session-ID; valid per zone if AUDIT_PERZONE is set, else only in global 1629 * zone. 1630 */
1523static void 1524do_setsmask(char asid_str, char audit_flags) 1525{ 1526 struct auditinfo ainfo; 1527 1528 if (strisnum(asid_str)) 1529 ainfo.ai_asid = (au_asid_t)atoi(asid_str); 1530 else 1531 exit_usage(1); 1532 1533 str2mask(audit_flags, &ainfo.ai_mask); 1534 1535 eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1536} 1537	1631static void 1632do_setsmask(char asid_str, char audit_flags) 1633{ 1634 struct auditinfo ainfo; 1635 1636 if (strisnum(asid_str)) 1637 ainfo.ai_asid = (au_asid_t)atoi(asid_str); 1638 else 1639 exit_usage(1); 1640 1641 str2mask(audit_flags, &ainfo.ai_mask); 1642 1643 eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1644} 1645
	1646/* 1647 * do_setumask() - set the preselection mask of all processes with the 1648 * specified audit-ID; valid per zone if AUDIT_PERZONE is set, else only in 1649 * global zone. 1650 */
1538static void 1539do_setumask(char auid_str, char audit_flags) 1540{ 1541 struct auditinfo ainfo; 1542 1543 if (strisnum(auid_str)) 1544 ainfo.ai_auid = (au_id_t)atoi(auid_str); 1545 else 1546 exit_usage(1); 1547 1548 str2mask(audit_flags, &ainfo.ai_mask); 1549 1550 eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1551} 1552 1553/*	1651static void 1652do_setumask(char auid_str, char audit_flags) 1653{ 1654 struct auditinfo ainfo; 1655 1656 if (strisnum(auid_str)) 1657 ainfo.ai_auid = (au_id_t)atoi(auid_str); 1658 else 1659 exit_usage(1); 1660 1661 str2mask(audit_flags, &ainfo.ai_mask); 1662 1663 eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1664} 1665 1666/*
1554 * local zone use is valid if AUDIT_PERZONE is set, otherwise the 1555 * syscall returns EPERM.	1667 * do_setstat() - reset audit statistics counters; local zone use is valid if 1668 * AUDIT_PERZONE is set, otherwise the syscall returns EPERM.
1556 */	1669 */
1557
1558static void 1559do_setstat(void) 1560{ 1561 au_stat_t as; 1562 1563 as.as_audit = (uint_t)-1; 1564 as.as_auditctl = (uint_t)-1; 1565 as.as_dropped = (uint_t)-1; --- 6 unchanged lines hidden (view full) --- 1572 as.as_wblocked = (uint_t)-1; 1573 as.as_written = (uint_t)-1; 1574 1575 eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1576 (void) printf("%s\n", gettext("audit stats reset")); 1577} 1578 1579/*	1670static void 1671do_setstat(void) 1672{ 1673 au_stat_t as; 1674 1675 as.as_audit = (uint_t)-1; 1676 as.as_auditctl = (uint_t)-1; 1677 as.as_dropped = (uint_t)-1; --- 6 unchanged lines hidden (view full) --- 1684 as.as_wblocked = (uint_t)-1; 1685 as.as_written = (uint_t)-1; 1686 1687 eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1688 (void) printf("%s\n", gettext("audit stats reset")); 1689} 1690 1691/*
1580 * AUDIT_PERZONE set: valid in all zones 1581 * AUDIT_PERZONE not set: valid in global zone only	1692 * do_setclass() - map the kernel event event_str to the classes specified by 1693 * audit flags audit_flags; valid per zone if AUDIT_PERZONE is set, else only in 1694 * global zone.
1582 */	1695 */
1583
1584static void 1585do_setclass(char event_str, char audit_flags) 1586{ 1587 au_event_t event; 1588 int mask; 1589 au_mask_t pmask; 1590 au_evclass_map_t ec; 1591 au_event_ent_t evp; --- 13 unchanged lines hidden* (view full) --- 1605 } 1606 1607 ec.ec_number = event; 1608 ec.ec_class = mask; 1609 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 1610} 1611 1612/*	1696static void 1697do_setclass(char event_str, char audit_flags) 1698{ 1699 au_event_t event; 1700 int mask; 1701 au_mask_t pmask; 1702 au_evclass_map_t ec; 1703 au_event_ent_t evp; --- 13 unchanged lines hidden* (view full) --- 1717 } 1718 1719 ec.ec_number = event; 1720 ec.ec_class = mask; 1721 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 1722} 1723 1724/*
1613 * AUDIT_PERZONE set: valid in all zones 1614 * AUDIT_PERZONE not set: valid in global zone only	1725 * do_setkmask() - set non-attributes selection flags of machine; valid per zone 1726 * if AUDIT_PERZONE is set, else only in global zone.
1615 */	1727 */
1616
1617static void 1618do_setkmask(char audit_flags) 1619{ 1620 au_mask_t pmask; 1621 1622 str2mask(audit_flags, &pmask); 1623 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1624 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1625} 1626 1627/	1728static void 1729do_setkmask(char audit_flags) 1730{ 1731 au_mask_t pmask; 1732 1733 str2mask(audit_flags, &pmask); 1734 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1735 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1736} 1737 1738/
1628 * ahlt and perzone are global zone only; the other policies are valid 1629 * in a local zone if AUDIT_PERZONE is set. The kernel insures that 1630 * a local zone can't change ahlt and perzone (EINVAL).	1739 * do_setpolicy() - set the active and configured kernel audit policy; active 1740 * values can be changed per zone if AUDIT_PERZONE is set, else only in global 1741 * zone. 1742 * 1743 * ahlt and perzone are global zone only. The kernel ensures that a local zone 1744 * can't change ahlt and perzone (EINVAL).
1631 */	1745 */
1632
1633static void 1634do_setpolicy(char *policy_str) 1635{	1746static void 1747do_setpolicy(char *policy_str) 1748{
1636 uint_t policy;	1749 uint32_t policy = 0;
1637 1638 switch (str2policy(policy_str, &policy)) {	1750 1751 switch (str2policy(policy_str, &policy)) {
	1752 case 0: 1753 if (!temporary_set) { 1754 if (!do_getpolicy_scf(&policy)) { 1755 exit_error(gettext("Unable to get current " 1756 "policy values from the SMF repository")); 1757 } 1758 (void) str2policy(policy_str, &policy); 1759 1760 if (!do_setpolicy_scf(policy)) { 1761 exit_error(gettext("Could not store " 1762 "configuration values.")); 1763 } 1764 } 1765 eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 1766 break;
1639 case 2:	1767 case 2:
1640 exit_error(gettext( 1641 "policy (%s) invalid in a local zone."), 1642 policy_str);	1768 exit_error(gettext("policy (%s) invalid in a local zone."), 1769 policy_str);
1643 break; 1644 default:	1770 break; 1771 default:
1645 exit_error(gettext( 1646 "Invalid policy (%s) specified."),	1772 exit_error(gettext("Invalid policy (%s) specified."),
1647 policy_str); 1648 break;	1773 policy_str); 1774 break;
1649 case 0: 1650 eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 1651 break;
1652 } 1653} 1654 1655/*	1775 } 1776} 1777 1778/*
1656 * AUDIT_PERZONE set: valid in all zones 1657 * AUDIT_PERZONE not set: valid in global zone only	1779 * do_setqbufsz() - set the active and configured audit queue write buffer size 1780 * (bytes); active values can be changed per zone if AUDIT_PERZONE is set, else 1781 * only in global zone.
1658 */	1782 */
1659
1660static void 1661do_setqbufsz(char *bufsz) 1662{ 1663 struct au_qctrl qctrl; 1664	1783static void 1784do_setqbufsz(char *bufsz) 1785{ 1786 struct au_qctrl qctrl; 1787
	1788 if (!temporary_set) { 1789 qctrl.aq_bufsz = (size_t)atol(bufsz); 1790 if (!do_setqbufsz_scf(&qctrl.aq_bufsz)) { 1791 exit_error(gettext( 1792 "Could not store configuration value.")); 1793 } 1794 } 1795
1665 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1796 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1666 qctrl.aq_bufsz = atol(bufsz);	1797 qctrl.aq_bufsz = (size_t)atol(bufsz);
1667 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1668} 1669 1670/*	1798 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1799} 1800 1801/*
1671 * AUDIT_PERZONE set: valid in all zones 1672 * AUDIT_PERZONE not set: valid in global zone only	1802 * do_setqctrl() - set the active and configured audit queue write buffer size 1803 * (bytes), hiwater audit record count, lowater audit record count, and wakeup 1804 * interval (ticks); active values can be changed per zone if AUDIT_PERZONE is 1805 * set, else only in global zone.
1673 */	1806 */
1674
1675static void 1676do_setqctrl(char hiwater, char lowater, char bufsz, char delay) 1677{	1807static void 1808do_setqctrl(char hiwater, char lowater, char bufsz, char delay) 1809{
1678 struct au_qctrl qctrl;	1810 struct au_qctrl qctrl;
1679	1811
1680 qctrl.aq_hiwater = atol(hiwater); 1681 qctrl.aq_lowater = atol(lowater); 1682 qctrl.aq_bufsz = atol(bufsz); 1683 qctrl.aq_delay = atol(delay);	1812 qctrl.aq_hiwater = (size_t)atol(hiwater); 1813 qctrl.aq_lowater = (size_t)atol(lowater); 1814 qctrl.aq_bufsz = (size_t)atol(bufsz); 1815 qctrl.aq_delay = (clock_t)atol(delay); 1816 1817 if (!temporary_set) { 1818 if (!do_setqctrl_scf(&qctrl)) { 1819 exit_error(gettext( 1820 "Could not store configuration values.")); 1821 } 1822 } 1823
1684 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1685} 1686 1687/*	1824 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1825} 1826 1827/*
1688 * AUDIT_PERZONE set: valid in all zones 1689 * AUDIT_PERZONE not set: valid in global zone only	1828 * do_setqdelay() - set the active and configured audit queue wakeup interval 1829 * (ticks); active values can be changed per zone if AUDIT_PERZONE is set, else 1830 * only in global zone.
1690 */	1831 */
1691
1692static void 1693do_setqdelay(char *delay) 1694{ 1695 struct au_qctrl qctrl; 1696	1832static void 1833do_setqdelay(char *delay) 1834{ 1835 struct au_qctrl qctrl; 1836
	1837 if (!temporary_set) { 1838 qctrl.aq_delay = (clock_t)atol(delay); 1839 if (!do_setqdelay_scf(&qctrl.aq_delay)) { 1840 exit_error(gettext( 1841 "Could not store configuration value.")); 1842 } 1843 } 1844
1697 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1845 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1698 qctrl.aq_delay = atol(delay);	1846 qctrl.aq_delay = (clock_t)atol(delay);
1699 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1700} 1701 1702/*	1847 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1848} 1849 1850/*
1703 * AUDIT_PERZONE set: valid in all zones 1704 * AUDIT_PERZONE not set: valid in global zone only	1851 * do_setqhiwater() - sets the active and configured number of undelivered audit 1852 * records in the audit queue at which audit record generation blocks; active 1853 * values can be changed per zone if AUDIT_PERZONE is set, else only in global 1854 * zone.
1705 */	1855 */
1706
1707static void 1708do_setqhiwater(char *hiwater) 1709{ 1710 struct au_qctrl qctrl; 1711	1856static void 1857do_setqhiwater(char *hiwater) 1858{ 1859 struct au_qctrl qctrl; 1860
	1861 if (!temporary_set) { 1862 qctrl.aq_hiwater = (size_t)atol(hiwater); 1863 if (!do_setqhiwater_scf(&qctrl.aq_hiwater)) { 1864 exit_error(gettext( 1865 "Could not store configuration value.")); 1866 } 1867 } 1868
1712 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1869 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1713 qctrl.aq_hiwater = atol(hiwater);	1870 qctrl.aq_hiwater = (size_t)atol(hiwater);
1714 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1715} 1716 1717/*	1871 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1872} 1873 1874/*
1718 * AUDIT_PERZONE set: valid in all zones 1719 * AUDIT_PERZONE not set: valid in global zone only	1875 * do_setqlowater() - set the active and configured number of undelivered audit 1876 * records in the audit queue at which blocked auditing processes unblock; 1877 * active values can be changed per zone if AUDIT_PERZONE is set, else only in 1878 * global zone.
1720 */	1879 */
1721
1722static void 1723do_setqlowater(char *lowater) 1724{ 1725 struct au_qctrl qctrl; 1726	1880static void 1881do_setqlowater(char *lowater) 1882{ 1883 struct au_qctrl qctrl; 1884
	1885 if (!temporary_set) { 1886 qctrl.aq_lowater = (size_t)atol(lowater); 1887 if (!do_setqlowater_scf(&qctrl.aq_lowater)) { 1888 exit_error(gettext( 1889 "Could not store configuration value.")); 1890 } 1891 } 1892
1727 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);	1893 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1728 qctrl.aq_lowater = atol(lowater);	1894 qctrl.aq_lowater = (size_t)atol(lowater);
1729 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1730} 1731 1732static void 1733eauditon(int cmd, caddr_t data, int length) 1734{ 1735 if (auditon(cmd, data, length) == -1) 1736 exit_error(gettext("auditon(2) failed.")); --- 97 unchanged lines hidden (view full) --- 1834 } 1835 1836 return (pwd->pw_uid); 1837} 1838 1839/* 1840 * get_arg_ent() 1841 * Inputs: command line argument string	1895 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1896} 1897 1898static void 1899eauditon(int cmd, caddr_t data, int length) 1900{ 1901 if (auditon(cmd, data, length) == -1) 1902 exit_error(gettext("auditon(2) failed.")); --- 97 unchanged lines hidden (view full) --- 2000 } 2001 2002 return (pwd->pw_uid); 2003} 2004 2005/* 2006 * get_arg_ent() 2007 * Inputs: command line argument string
1842 * Returns ptr to policy_entry if found; null, if not found	2008 * Returns ptr to struct arg_entry if found; null, if not found
1843 */	2009 */
1844static struct arg_entry *	2010static arg_entry_t *
1845get_arg_ent(char *arg_str) 1846{	2011get_arg_ent(char *arg_str) 2012{
1847 struct arg_entry key;	2013 arg_entry_t key;
1848 1849 key.arg_str = arg_str; 1850	2014 2015 key.arg_str = arg_str; 2016
1851 return ((struct arg_entry )bsearch((char )&key, (char *)arg_table, 1852 ARG_TBL_SZ, sizeof (struct arg_entry), arg_ent_compare));	2017 return ((arg_entry_t )bsearch((char )&key, (char *)arg_table, 2018 ARG_TBL_SZ, sizeof (arg_entry_t), arg_ent_compare));
1853} 1854 1855/* 1856 * arg_ent_compare() 1857 * Compares two command line arguments to determine which is 1858 * lexicographically greater. 1859 * Inputs: two argument map table entry pointers 1860 * Returns: > 1: aep1->arg_str > aep2->arg_str 1861 * < 1: aep1->arg_str < aep2->arg_str 1862 * 0: aep1->arg_str = aep->arg_str2 1863 / 1864static int 1865arg_ent_compare(const void aep1, const void *aep2) 1866{	2019} 2020 2021/* 2022 * arg_ent_compare() 2023 * Compares two command line arguments to determine which is 2024 * lexicographically greater. 2025 * Inputs: two argument map table entry pointers 2026 * Returns: > 1: aep1->arg_str > aep2->arg_str 2027 * < 1: aep1->arg_str < aep2->arg_str 2028 * 0: aep1->arg_str = aep->arg_str2 2029 / 2030static int 2031arg_ent_compare(const void aep1, const void *aep2) 2032{
1867 return (strcmp(((struct arg_entry )aep1)->arg_str, 1868 ((struct arg_entry )aep2)->arg_str));	2033 return (strcmp(((arg_entry_t )aep1)->arg_str, 2034 ((arg_entry_t )aep2)->arg_str));
1869} 1870 1871/* 1872 * Convert mask of the following forms: 1873 * 1874 * audit_flags (ie. +lo,-ad,pc) 1875 * 0xffffffff,0xffffffff 1876 * ffffffff,ffffffff --- 30 unchanged lines hidden (view full) --- 1907 (void) sscanf(fp, "%u", &mp->am_failure); 1908 } 1909 } 1910} 1911 1912/* 1913 * tid_str is major,minor,host -- host is a name or an ip address 1914 */	2035} 2036 2037/* 2038 * Convert mask of the following forms: 2039 * 2040 * audit_flags (ie. +lo,-ad,pc) 2041 * 0xffffffff,0xffffffff 2042 * ffffffff,ffffffff --- 30 unchanged lines hidden (view full) --- 2073 (void) sscanf(fp, "%u", &mp->am_failure); 2074 } 2075 } 2076} 2077 2078/* 2079 * tid_str is major,minor,host -- host is a name or an ip address 2080 */
1915
1916static void 1917str2tid(char tid_str, au_tid_addr_t tp) 1918{ 1919 char major_str; 1920 char minor_str; 1921 char host_str = NULL; 1922 major_t major = 0; 1923 major_t minor = 0; --- 89 unchanged lines hidden* (view full) --- 2013 case AUC_NOSPACE: 2014 return ("nospace"); 2015 2016 default: 2017 return (""); 2018 } 2019} 2020	2081static void 2082str2tid(char tid_str, au_tid_addr_t tp) 2083{ 2084 char major_str; 2085 char minor_str; 2086 char host_str = NULL; 2087 major_t major = 0; 2088 major_t minor = 0; --- 89 unchanged lines hidden* (view full) --- 2178 case AUC_NOSPACE: 2179 return ("nospace"); 2180 2181 default: 2182 return (""); 2183 } 2184} 2185
2021static struct policy_entry * 2022get_policy_ent(char *policy) 2023{ 2024 int i; 2025 2026 for (i = 0; i < POLICY_TBL_SZ; i++) { 2027 if (strcasecmp(policy, 2028 policy_table[i].policy_str) == 0) { 2029 return (&policy_table[i]); 2030 } 2031 } 2032 2033 return (NULL); 2034} 2035
2036/* 2037 * exit = 0, success 2038 * 1, error 2039 * 2, bad zone 2040 */	2186/* 2187 * exit = 0, success 2188 * 1, error 2189 * 2, bad zone 2190 */
2041
2042static int	2191static int
2043str2policy(char policy_str, uint_t policy_mask)	2192str2policy(char policy_str, uint32_t policy_mask)
2044{ 2045 char buf; 2046 char tok; 2047 char pfix;	2193{ 2194 char buf; 2195 char tok; 2196 char pfix;
2048 boolean_t is_all = 0; 2049 uint_t pm = 0; 2050 uint_t curp = 0; 2051 struct policy_entry *pep;	2197 boolean_t is_all = B_FALSE; 2198 uint32_t pm = 0; 2199 uint32_t curp;
2052 2053 pfix = *policy_str; 2054 2055 if (pfix == '-' \|\| pfix == '+' \|\| pfix == '=') 2056 ++policy_str; 2057 2058 if ((buf = strdup(policy_str)) == NULL) 2059 return (1); 2060 2061 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) {	2200 2201 pfix = *policy_str; 2202 2203 if (pfix == '-' \|\| pfix == '+' \|\| pfix == '=') 2204 ++policy_str; 2205 2206 if ((buf = strdup(policy_str)) == NULL) 2207 return (1); 2208 2209 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) {
2062 if ((pep = get_policy_ent(tok)) == NULL) {	2210 uint32_t tok_pm; 2211 if (((tok_pm = get_policy(tok)) == 0) && 2212 ((strcasecmp(tok, "none") != 0))) { 2213 free(buf);
2063 return (1); 2064 } else {	2214 return (1); 2215 } else {
2065 pm \|= pep->policy_mask; 2066 if (pep->policy_mask == ALL_POLICIES) { 2067 is_all = 1;	2216 pm \|= tok_pm; 2217 if (tok_pm == ALL_POLICIES) { 2218 is_all = B_TRUE;
2068 } 2069 } 2070 } 2071 free(buf); 2072	2219 } 2220 } 2221 } 2222 free(buf); 2223
	2224 /* reuse policy mask if already set to some value / 2225 if (policy_mask != 0) { 2226 curp = *policy_mask; 2227 } else { 2228 (void) auditon(A_GETPOLICY, (caddr_t)&curp, 0); 2229 } 2230
2073 if (pfix == '-') { 2074 if (!is_all && 2075 (getzoneid() != GLOBAL_ZONEID) && 2076 (pm & ~AUDIT_LOCAL)) { 2077 return (2); 2078 }	2231 if (pfix == '-') { 2232 if (!is_all && 2233 (getzoneid() != GLOBAL_ZONEID) && 2234 (pm & ~AUDIT_LOCAL)) { 2235 return (2); 2236 }
2079 eauditon(A_GETPOLICY, (caddr_t)&curp, 0);	2237
2080 if (getzoneid() != GLOBAL_ZONEID) 2081 curp &= AUDIT_LOCAL; 2082 *policy_mask = curp & ~pm;	2238 if (getzoneid() != GLOBAL_ZONEID) 2239 curp &= AUDIT_LOCAL; 2240 *policy_mask = curp & ~pm;
	2241
2083 } else if (pfix == '+') { 2084 /* 2085 * In a local zone, accept specifying "all", but not 2086 * individually specifying global-zone only policies. 2087 * Limit to all locally allowed, so system call doesn't 2088 * fail. 2089 */ 2090 if (!is_all && 2091 (getzoneid() != GLOBAL_ZONEID) && 2092 (pm & ~AUDIT_LOCAL)) { 2093 return (2); 2094 }	2242 } else if (pfix == '+') { 2243 /* 2244 * In a local zone, accept specifying "all", but not 2245 * individually specifying global-zone only policies. 2246 * Limit to all locally allowed, so system call doesn't 2247 * fail. 2248 */ 2249 if (!is_all && 2250 (getzoneid() != GLOBAL_ZONEID) && 2251 (pm & ~AUDIT_LOCAL)) { 2252 return (2); 2253 }
2095 eauditon(A_GETPOLICY, (caddr_t)&curp, 0);	2254
2096 if (getzoneid() != GLOBAL_ZONEID) { 2097 curp &= AUDIT_LOCAL; 2098 if (is_all) { 2099 pm &= AUDIT_LOCAL; 2100 } 2101 } 2102 *policy_mask = curp \| pm;	2255 if (getzoneid() != GLOBAL_ZONEID) { 2256 curp &= AUDIT_LOCAL; 2257 if (is_all) { 2258 pm &= AUDIT_LOCAL; 2259 } 2260 } 2261 *policy_mask = curp \| pm;
	2262
2103 } else {	2263 } else {
	2264 /* 2265 * In a local zone, accept specifying "all", but not 2266 * individually specifying global-zone only policies. 2267 * Limit to all locally allowed, so system call doesn't 2268 * fail. 2269 */ 2270 if (!is_all && 2271 (getzoneid() != GLOBAL_ZONEID) && 2272 (pm & ~AUDIT_LOCAL)) { 2273 return (2); 2274 } 2275
2104 if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 2105 pm &= AUDIT_LOCAL; 2106 } 2107 *policy_mask = pm; 2108 } 2109 return (0); 2110} 2111 2112static int	2276 if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 2277 pm &= AUDIT_LOCAL; 2278 } 2279 *policy_mask = pm; 2280 } 2281 return (0); 2282} 2283 2284static int
2113policy2str(uint_t policy, char *policy_str, size_t len)	2285policy2str(uint32_t policy, char *policy_str, size_t len)
2114{ 2115 int i, j; 2116 2117 if (policy == ALL_POLICIES) { 2118 (void) strcpy(policy_str, "all"); 2119 return (1); 2120 } 2121 --- 102 unchanged lines hidden (view full) --- 2224chk_event_num(int etype, au_event_t event) 2225{ 2226 au_stat_t as; 2227 2228 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2229 2230 if (etype == AC_KERN_EVENT) { 2231 if (event > as.as_numevent) {	2286{ 2287 int i, j; 2288 2289 if (policy == ALL_POLICIES) { 2290 (void) strcpy(policy_str, "all"); 2291 return (1); 2292 } 2293 --- 102 unchanged lines hidden (view full) --- 2396chk_event_num(int etype, au_event_t event) 2397{ 2398 au_stat_t as; 2399 2400 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2401 2402 if (etype == AC_KERN_EVENT) { 2403 if (event > as.as_numevent) {
2232 exit_error(gettext("Invalid kernel audit event " 2233 "number specified.\n"	2404 exit_error(gettext( 2405 "Invalid kernel audit event number specified.\n"
2234 "\t%hu is outside allowable range 0-%d."), 2235 event, as.as_numevent); 2236 } 2237 } else { 2238 /* user event / 2239 if (event <= as.as_numevent) { 2240 exit_error(gettext("Invalid user level audit event " 2241 "number specified %hu."), event); --- 6 unchanged lines hidden* (view full) --- 2248{ 2249 au_event_ent_t *evp; 2250 au_stat_t as; 2251 2252 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2253 2254 evp = egetauevnam(event_str); 2255 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {	2406 "\t%hu is outside allowable range 0-%d."), 2407 event, as.as_numevent); 2408 } 2409 } else { 2410 /* user event / 2411 if (event <= as.as_numevent) { 2412 exit_error(gettext("Invalid user level audit event " 2413 "number specified %hu."), event); --- 6 unchanged lines hidden* (view full) --- 2420{ 2421 au_event_ent_t *evp; 2422 au_stat_t as; 2423 2424 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2425 2426 evp = egetauevnam(event_str); 2427 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {
2256 exit_error( 2257 gettext("Invalid kernel audit event string specified.\n"	2428 exit_error(gettext( 2429 "Invalid kernel audit event string specified.\n"
2258 "\t\"%s\" appears to be a user level event. " 2259 "Check configuration."), event_str); 2260 } else if (etype == AC_USER_EVENT && 2261 (evp->ae_number < as.as_numevent)) {	2430 "\t\"%s\" appears to be a user level event. " 2431 "Check configuration."), event_str); 2432 } else if (etype == AC_USER_EVENT && 2433 (evp->ae_number < as.as_numevent)) {
2262 exit_error( 2263 gettext("Invalid user audit event string specified.\n"	2434 exit_error(gettext( 2435 "Invalid user audit event string specified.\n"
2264 "\t\"%s\" appears to be a kernel event. " 2265 "Check configuration."), event_str); 2266 } 2267} 2268 2269static void 2270chk_sorf(char sorf_str) 2271{ --- 18 unchanged lines hidden* (view full) --- 2290 2291 if (argv) { 2292 / concatenate argument array to be passed to sh -c "..." / 2293 for (argv_pos = argv; argv_pos; argv_pos++) 2294 len += strlen(*argv_pos) + 1; 2295 2296 if ((args = malloc(len + 1)) == NULL) 2297 exit_error(	2436 "\t\"%s\" appears to be a kernel event. " 2437 "Check configuration."), event_str); 2438 } 2439} 2440 2441static void 2442chk_sorf(char sorf_str) 2443{ --- 18 unchanged lines hidden* (view full) --- 2462 2463 if (argv) { 2464 / concatenate argument array to be passed to sh -c "..." / 2465 for (argv_pos = argv; argv_pos; argv_pos++) 2466 len += strlen(*argv_pos) + 1; 2467 2468 if ((args = malloc(len + 1)) == NULL) 2469 exit_error(
2298 gettext("Allocation for command/arguments " 2299 "failed"));	2470 gettext("Allocation for command/arguments failed"));
2300 2301 args_pos = args; 2302 for (argv_pos = argv; argv_pos; argv_pos++) { 2303 n += snprintf(args_pos, len - n, "%s ", argv_pos); 2304 args_pos = args + n; 2305 } 2306 /* strip the last space */ 2307 args[strlen(args)] = '\0'; 2308 2309 (void) execl("/bin/sh", "sh", "-c", args, NULL); 2310 } else { 2311 (void) execl("/bin/sh", "sh", NULL); 2312 } 2313 2314 exit_error(gettext("exec(2) failed")); 2315} 2316	2471 2472 args_pos = args; 2473 for (argv_pos = argv; argv_pos; argv_pos++) { 2474 n += snprintf(args_pos, len - n, "%s ", argv_pos); 2475 args_pos = args + n; 2476 } 2477 /* strip the last space */ 2478 args[strlen(args)] = '\0'; 2479 2480 (void) execl("/bin/sh", "sh", "-c", args, NULL); 2481 } else { 2482 (void) execl("/bin/sh", "sh", NULL); 2483 } 2484 2485 exit_error(gettext("exec(2) failed")); 2486} 2487
2317/* 2318 * exit_error() 2319 * Desc: Prints an error message along with corresponding system 2320 * error number and error message, then exits. 2321 * Inputs: Program name, program error message. 2322 / 2323/PRINTFLIKE1*/
2324static void	2488static void
2325exit_error(char *fmt, ...) 2326{ 2327 va_list args; 2328 2329 (void) fprintf(stderr, "%s: ", progname); 2330 2331 va_start(args, fmt); 2332 (void) vfprintf(stderr, fmt, args); 2333 va_end(args); 2334 2335 (void) fputc('\n', stderr); 2336 if (errno) 2337 (void) fprintf(stderr, gettext("%s: error = %s(%d)\n"), 2338 progname, strerror(errno), errno); 2339 (void) fflush(stderr); 2340 2341 exit(1); 2342} 2343 2344static void
2345exit_usage(int status) 2346{ 2347 FILE *fp; 2348 int i; 2349 2350 fp = (status ? stderr : stdout); 2351 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 2352	2489exit_usage(int status) 2490{ 2491 FILE *fp; 2492 int i; 2493 2494 fp = (status ? stderr : stdout); 2495 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 2496
2353 for (i = 0; i < ARG_TBL_SZ; i++) 2354 (void) fprintf(fp, " %s %s\n", 2355 arg_table[i].arg_str, arg_table[i].arg_opts);	2497 for (i = 0; i < ARG_TBL_SZ; i++) { 2498 /* skip the -t option; it's not a standalone option */ 2499 if (arg_table[i].auditconfig_cmd == AC_ARG_SET_TEMPORARY) { 2500 continue; 2501 }
2356	2502
	2503 (void) fprintf(fp, " %s%s%s\n", 2504 arg_table[i].arg_str, arg_table[i].arg_opts, 2505 (arg_table[i].temporary_allowed ? " [-t]" : "")); 2506 } 2507
2357 exit(status); 2358} 2359 2360static void 2361print_asid(au_asid_t asid) 2362{ 2363 (void) printf(gettext("audit session id = %u\n"), asid); 2364} --- 43 unchanged lines hidden (view full) --- 2408 hostname = phe->h_name; 2409 } else { 2410 hostname = gettext("unknown"); 2411 } 2412 2413 ia.s_addr = tidp->at_addr[0]; 2414 2415 (void) printf(gettext(	2508 exit(status); 2509} 2510 2511static void 2512print_asid(au_asid_t asid) 2513{ 2514 (void) printf(gettext("audit session id = %u\n"), asid); 2515} --- 43 unchanged lines hidden (view full) --- 2559 hostname = phe->h_name; 2560 } else { 2561 hostname = gettext("unknown"); 2562 } 2563 2564 ia.s_addr = tidp->at_addr[0]; 2565 2566 (void) printf(gettext(
2416 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"),	2567 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2417 major(tidp->at_port), minor(tidp->at_port), 2418 hostname, inet_ntoa(ia)); 2419 } else { 2420 addr = &tidp->at_addr[0]; 2421 phe = getipnodebyaddr((const void )addr, 16, AF_INET6, &err); 2422 2423 bzero(buf, sizeof (buf)); 2424 2425 (void) inet_ntop(AF_INET6, (void )addr, buf, sizeof (buf)); 2426 if (phe == NULL) { 2427 bufp = gettext("unknown"); 2428 } else { 2429 bufp = phe->h_name; 2430 } 2431 2432 (void) printf(gettext(	2568 major(tidp->at_port), minor(tidp->at_port), 2569 hostname, inet_ntoa(ia)); 2570 } else { 2571 addr = &tidp->at_addr[0]; 2572 phe = getipnodebyaddr((const void )addr, 16, AF_INET6, &err); 2573 2574 bzero(buf, sizeof (buf)); 2575 2576 (void) inet_ntop(AF_INET6, (void )addr, buf, sizeof (buf)); 2577 if (phe == NULL) { 2578 bufp = gettext("unknown"); 2579 } else { 2580 bufp = phe->h_name; 2581 } 2582 2583 (void) printf(gettext(
2433 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"),	2584 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2434 major(tidp->at_port), minor(tidp->at_port), 2435 bufp, buf); 2436 if (phe) { 2437 freehostent(phe); 2438 } 2439 } 2440} 2441 --- 50 unchanged lines hidden (view full) --- 2492 } 2493 if (strcmp(s, "ipv4") == 0) { 2494 *type = AU_IPv4; 2495 return (0); 2496 } 2497 2498 return (1); 2499}	2585 major(tidp->at_port), minor(tidp->at_port), 2586 bufp, buf); 2587 if (phe) { 2588 freehostent(phe); 2589 } 2590 } 2591} 2592 --- 50 unchanged lines hidden (view full) --- 2643 } 2644 if (strcmp(s, "ipv4") == 0) { 2645 *type = AU_IPv4; 2646 return (0); 2647 } 2648 2649 return (1); 2650}
	2651 2652/* 2653 * exit_error() - print an error message along with corresponding system error 2654 * number and error message, then exit. Inputs - program error format and 2655 * message. 2656 / 2657/PRINTFLIKE1/ 2658static void 2659exit_error(char fmt, ...) 2660{ 2661 va_list args; 2662 2663 va_start(args, fmt); 2664 prt_error_va(fmt, args); 2665 va_end(args); 2666 2667 exit(1); 2668}