152267f74SRobert Watson /*- 252267f74SRobert Watson * Copyright (c) 2004 Apple Inc. 3bb97b418SRobert Watson * Copyright (c) 2006 Robert N. M. Watson 4ca0716f5SRobert Watson * All rights reserved. 5ca0716f5SRobert Watson * 6ca0716f5SRobert Watson * Redistribution and use in source and binary forms, with or without 7ca0716f5SRobert Watson * modification, are permitted provided that the following conditions 8ca0716f5SRobert Watson * are met: 9ca0716f5SRobert Watson * 1. Redistributions of source code must retain the above copyright 10ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer. 11ca0716f5SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 12ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer in the 13ca0716f5SRobert Watson * documentation and/or other materials provided with the distribution. 1452267f74SRobert Watson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15ca0716f5SRobert Watson * its contributors may be used to endorse or promote products derived 16ca0716f5SRobert Watson * from this software without specific prior written permission. 17ca0716f5SRobert Watson * 18ca0716f5SRobert Watson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 19ca0716f5SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20ca0716f5SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21ca0716f5SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 22ca0716f5SRobert Watson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23ca0716f5SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24ca0716f5SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25ca0716f5SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26ca0716f5SRobert Watson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27ca0716f5SRobert Watson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28ca0716f5SRobert Watson * POSSIBILITY OF SUCH DAMAGE. 29ca0716f5SRobert Watson * 307a0a89d2SRobert Watson * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $ 31ca0716f5SRobert Watson */ 32ca0716f5SRobert Watson 3352267f74SRobert Watson #include <config/config.h> 3452267f74SRobert Watson 35ca0716f5SRobert Watson #include <bsm/libbsm.h> 36ca0716f5SRobert Watson 37ca0716f5SRobert Watson #include <errno.h> 38ca0716f5SRobert Watson #include <string.h> 397a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 40ca0716f5SRobert Watson #include <pthread.h> 417a0a89d2SRobert Watson #endif 42ca0716f5SRobert Watson #include <stdio.h> 43ca0716f5SRobert Watson #include <stdlib.h> 44ca0716f5SRobert Watson 45bb97b418SRobert Watson #ifndef HAVE_STRLCAT 46bb97b418SRobert Watson #include <compat/strlcat.h> 47bb97b418SRobert Watson #endif 4852267f74SRobert Watson #ifndef HAVE_STRLCPY 4952267f74SRobert Watson #include <compat/strlcpy.h> 5052267f74SRobert Watson #endif 51bb97b418SRobert Watson 52ca0716f5SRobert Watson /* 53ca0716f5SRobert Watson * Parse the contents of the audit_control file to return the audit control 54bb97b418SRobert Watson * parameters. These static fields are protected by 'mutex'. 55ca0716f5SRobert Watson */ 56ca0716f5SRobert Watson static FILE *fp = NULL; 57ca0716f5SRobert Watson static char linestr[AU_LINE_MAX]; 58ca0716f5SRobert Watson static char *delim = ":"; 59ca0716f5SRobert Watson 60ca0716f5SRobert Watson static char inacdir = 0; 61ca0716f5SRobert Watson static char ptrmoved = 0; 62ca0716f5SRobert Watson 637a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 64ca0716f5SRobert Watson static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; 657a0a89d2SRobert Watson #endif 66ca0716f5SRobert Watson 67ca0716f5SRobert Watson /* 68ca0716f5SRobert Watson * Returns the string value corresponding to the given label from the 69ca0716f5SRobert Watson * configuration file. 70ca0716f5SRobert Watson * 71ca0716f5SRobert Watson * Must be called with mutex held. 72ca0716f5SRobert Watson */ 73ca0716f5SRobert Watson static int 74ca0716f5SRobert Watson getstrfromtype_locked(char *name, char **str) 75ca0716f5SRobert Watson { 76ca0716f5SRobert Watson char *type, *nl; 77ca0716f5SRobert Watson char *tokptr; 78ca0716f5SRobert Watson char *last; 79ca0716f5SRobert Watson 80ca0716f5SRobert Watson *str = NULL; 81ca0716f5SRobert Watson 82ca0716f5SRobert Watson if ((fp == NULL) && ((fp = fopen(AUDIT_CONTROL_FILE, "r")) == NULL)) 83ca0716f5SRobert Watson return (-1); /* Error */ 84ca0716f5SRobert Watson 85ca0716f5SRobert Watson while (1) { 86ca0716f5SRobert Watson if (fgets(linestr, AU_LINE_MAX, fp) == NULL) { 87ca0716f5SRobert Watson if (ferror(fp)) 88ca0716f5SRobert Watson return (-1); 89ca0716f5SRobert Watson return (0); /* EOF */ 90ca0716f5SRobert Watson } 91ca0716f5SRobert Watson 92ca0716f5SRobert Watson if (linestr[0] == '#') 93ca0716f5SRobert Watson continue; 94ca0716f5SRobert Watson 95ca0716f5SRobert Watson /* Remove trailing new line character. */ 96ca0716f5SRobert Watson if ((nl = strrchr(linestr, '\n')) != NULL) 97ca0716f5SRobert Watson *nl = '\0'; 98ca0716f5SRobert Watson 99ca0716f5SRobert Watson tokptr = linestr; 100ca0716f5SRobert Watson if ((type = strtok_r(tokptr, delim, &last)) != NULL) { 101ca0716f5SRobert Watson if (strcmp(name, type) == 0) { 102ca0716f5SRobert Watson /* Found matching name. */ 103ca0716f5SRobert Watson *str = strtok_r(NULL, delim, &last); 104ca0716f5SRobert Watson if (*str == NULL) { 105ca0716f5SRobert Watson errno = EINVAL; 106ca0716f5SRobert Watson return (-1); /* Parse error in file */ 107ca0716f5SRobert Watson } 108ca0716f5SRobert Watson return (0); /* Success */ 109ca0716f5SRobert Watson } 110ca0716f5SRobert Watson } 111ca0716f5SRobert Watson } 112ca0716f5SRobert Watson } 113ca0716f5SRobert Watson 114ca0716f5SRobert Watson /* 115bb97b418SRobert Watson * Convert a policy to a string. Return -1 on failure, or >= 0 representing 116bb97b418SRobert Watson * the actual size of the string placed in the buffer (excluding terminating 117bb97b418SRobert Watson * nul). 118bb97b418SRobert Watson */ 119bb97b418SRobert Watson ssize_t 120bb97b418SRobert Watson au_poltostr(long policy, size_t maxsize, char *buf) 121bb97b418SRobert Watson { 122bb97b418SRobert Watson int first; 123bb97b418SRobert Watson 124bb97b418SRobert Watson if (maxsize < 1) 125bb97b418SRobert Watson return (-1); 126bb97b418SRobert Watson first = 1; 127bb97b418SRobert Watson buf[0] = '\0'; 128bb97b418SRobert Watson 129bb97b418SRobert Watson if (policy & AUDIT_CNT) { 130bb97b418SRobert Watson if (strlcat(buf, "cnt", maxsize) >= maxsize) 131bb97b418SRobert Watson return (-1); 132bb97b418SRobert Watson first = 0; 133bb97b418SRobert Watson } 134bb97b418SRobert Watson if (policy & AUDIT_AHLT) { 135bb97b418SRobert Watson if (!first) { 136bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 137bb97b418SRobert Watson return (-1); 138bb97b418SRobert Watson } 139bb97b418SRobert Watson if (strlcat(buf, "ahlt", maxsize) >= maxsize) 140bb97b418SRobert Watson return (-1); 141bb97b418SRobert Watson first = 0; 142bb97b418SRobert Watson } 143bb97b418SRobert Watson if (policy & AUDIT_ARGV) { 144bb97b418SRobert Watson if (!first) { 145bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 146bb97b418SRobert Watson return (-1); 147bb97b418SRobert Watson } 148bb97b418SRobert Watson if (strlcat(buf, "argv", maxsize) >= maxsize) 149bb97b418SRobert Watson return (-1); 150bb97b418SRobert Watson first = 0; 151bb97b418SRobert Watson } 152bb97b418SRobert Watson if (policy & AUDIT_ARGE) { 153bb97b418SRobert Watson if (!first) { 154bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 155bb97b418SRobert Watson return (-1); 156bb97b418SRobert Watson } 157bb97b418SRobert Watson if (strlcat(buf, "arge", maxsize) >= maxsize) 158bb97b418SRobert Watson return (-1); 159bb97b418SRobert Watson first = 0; 160bb97b418SRobert Watson } 161bb97b418SRobert Watson if (policy & AUDIT_SEQ) { 162bb97b418SRobert Watson if (!first) { 163bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 164bb97b418SRobert Watson return (-1); 165bb97b418SRobert Watson } 166bb97b418SRobert Watson if (strlcat(buf, "seq", maxsize) >= maxsize) 167bb97b418SRobert Watson return (-1); 168bb97b418SRobert Watson first = 0; 169bb97b418SRobert Watson } 170bb97b418SRobert Watson if (policy & AUDIT_WINDATA) { 171bb97b418SRobert Watson if (!first) { 172bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 173bb97b418SRobert Watson return (-1); 174bb97b418SRobert Watson } 175bb97b418SRobert Watson if (strlcat(buf, "windata", maxsize) >= maxsize) 176bb97b418SRobert Watson return (-1); 177bb97b418SRobert Watson first = 0; 178bb97b418SRobert Watson } 179bb97b418SRobert Watson if (policy & AUDIT_USER) { 180bb97b418SRobert Watson if (!first) { 181bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 182bb97b418SRobert Watson return (-1); 183bb97b418SRobert Watson } 184bb97b418SRobert Watson if (strlcat(buf, "user", maxsize) >= maxsize) 185bb97b418SRobert Watson return (-1); 186bb97b418SRobert Watson first = 0; 187bb97b418SRobert Watson } 188bb97b418SRobert Watson if (policy & AUDIT_GROUP) { 189bb97b418SRobert Watson if (!first) { 190bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 191bb97b418SRobert Watson return (-1); 192bb97b418SRobert Watson } 193bb97b418SRobert Watson if (strlcat(buf, "group", maxsize) >= maxsize) 194bb97b418SRobert Watson return (-1); 195bb97b418SRobert Watson first = 0; 196bb97b418SRobert Watson } 197bb97b418SRobert Watson if (policy & AUDIT_TRAIL) { 198bb97b418SRobert Watson if (!first) { 199bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 200bb97b418SRobert Watson return (-1); 201bb97b418SRobert Watson } 202bb97b418SRobert Watson if (strlcat(buf, "trail", maxsize) >= maxsize) 203bb97b418SRobert Watson return (-1); 204bb97b418SRobert Watson first = 0; 205bb97b418SRobert Watson } 206bb97b418SRobert Watson if (policy & AUDIT_PATH) { 207bb97b418SRobert Watson if (!first) { 208bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 209bb97b418SRobert Watson return (-1); 210bb97b418SRobert Watson } 211bb97b418SRobert Watson if (strlcat(buf, "path", maxsize) >= maxsize) 212bb97b418SRobert Watson return (-1); 213bb97b418SRobert Watson first = 0; 214bb97b418SRobert Watson } 215bb97b418SRobert Watson if (policy & AUDIT_SCNT) { 216bb97b418SRobert Watson if (!first) { 217bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 218bb97b418SRobert Watson return (-1); 219bb97b418SRobert Watson } 220bb97b418SRobert Watson if (strlcat(buf, "scnt", maxsize) >= maxsize) 221bb97b418SRobert Watson return (-1); 222bb97b418SRobert Watson first = 0; 223bb97b418SRobert Watson } 224bb97b418SRobert Watson if (policy & AUDIT_PUBLIC) { 225bb97b418SRobert Watson if (!first) { 226bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 227bb97b418SRobert Watson return (-1); 228bb97b418SRobert Watson } 229bb97b418SRobert Watson if (strlcat(buf, "public", maxsize) >= maxsize) 230bb97b418SRobert Watson return (-1); 231bb97b418SRobert Watson first = 0; 232bb97b418SRobert Watson } 233bb97b418SRobert Watson if (policy & AUDIT_ZONENAME) { 234bb97b418SRobert Watson if (!first) { 235bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 236bb97b418SRobert Watson return (-1); 237bb97b418SRobert Watson } 238bb97b418SRobert Watson if (strlcat(buf, "zonename", maxsize) >= maxsize) 239bb97b418SRobert Watson return (-1); 240bb97b418SRobert Watson first = 0; 241bb97b418SRobert Watson } 242bb97b418SRobert Watson if (policy & AUDIT_PERZONE) { 243bb97b418SRobert Watson if (!first) { 244bb97b418SRobert Watson if (strlcat(buf, ",", maxsize) >= maxsize) 245bb97b418SRobert Watson return (-1); 246bb97b418SRobert Watson } 247bb97b418SRobert Watson if (strlcat(buf, "perzone", maxsize) >= maxsize) 248bb97b418SRobert Watson return (-1); 249bb97b418SRobert Watson first = 0; 250bb97b418SRobert Watson } 251bb97b418SRobert Watson return (strlen(buf)); 252bb97b418SRobert Watson } 253bb97b418SRobert Watson 254bb97b418SRobert Watson /* 255bb97b418SRobert Watson * Convert a string to a policy. Return -1 on failure (with errno EINVAL, 256bb97b418SRobert Watson * ENOMEM) or 0 on success. 257bb97b418SRobert Watson */ 258bb97b418SRobert Watson int 259bb97b418SRobert Watson au_strtopol(const char *polstr, long *policy) 260bb97b418SRobert Watson { 261bb97b418SRobert Watson char *bufp, *string; 262bb97b418SRobert Watson char *buffer; 263bb97b418SRobert Watson 264bb97b418SRobert Watson *policy = 0; 265bb97b418SRobert Watson buffer = strdup(polstr); 266bb97b418SRobert Watson if (buffer == NULL) 267bb97b418SRobert Watson return (-1); 268bb97b418SRobert Watson 269bb97b418SRobert Watson bufp = buffer; 270bb97b418SRobert Watson while ((string = strsep(&bufp, ",")) != NULL) { 271bb97b418SRobert Watson if (strcmp(string, "cnt") == 0) 272bb97b418SRobert Watson *policy |= AUDIT_CNT; 273bb97b418SRobert Watson else if (strcmp(string, "ahlt") == 0) 274bb97b418SRobert Watson *policy |= AUDIT_AHLT; 275bb97b418SRobert Watson else if (strcmp(string, "argv") == 0) 276bb97b418SRobert Watson *policy |= AUDIT_ARGV; 277bb97b418SRobert Watson else if (strcmp(string, "arge") == 0) 278bb97b418SRobert Watson *policy |= AUDIT_ARGE; 279bb97b418SRobert Watson else if (strcmp(string, "seq") == 0) 280bb97b418SRobert Watson *policy |= AUDIT_SEQ; 281bb97b418SRobert Watson else if (strcmp(string, "winau_fstat") == 0) 282bb97b418SRobert Watson *policy |= AUDIT_WINDATA; 283bb97b418SRobert Watson else if (strcmp(string, "user") == 0) 284bb97b418SRobert Watson *policy |= AUDIT_USER; 285bb97b418SRobert Watson else if (strcmp(string, "group") == 0) 286bb97b418SRobert Watson *policy |= AUDIT_GROUP; 287bb97b418SRobert Watson else if (strcmp(string, "trail") == 0) 288bb97b418SRobert Watson *policy |= AUDIT_TRAIL; 289bb97b418SRobert Watson else if (strcmp(string, "path") == 0) 290bb97b418SRobert Watson *policy |= AUDIT_PATH; 291bb97b418SRobert Watson else if (strcmp(string, "scnt") == 0) 292bb97b418SRobert Watson *policy |= AUDIT_SCNT; 293bb97b418SRobert Watson else if (strcmp(string, "public") == 0) 294bb97b418SRobert Watson *policy |= AUDIT_PUBLIC; 295bb97b418SRobert Watson else if (strcmp(string, "zonename") == 0) 296bb97b418SRobert Watson *policy |= AUDIT_ZONENAME; 297bb97b418SRobert Watson else if (strcmp(string, "perzone") == 0) 298bb97b418SRobert Watson *policy |= AUDIT_PERZONE; 299bb97b418SRobert Watson else { 300bb97b418SRobert Watson free(buffer); 301bb97b418SRobert Watson errno = EINVAL; 302bb97b418SRobert Watson return (-1); 303bb97b418SRobert Watson } 304bb97b418SRobert Watson } 305bb97b418SRobert Watson free(buffer); 306bb97b418SRobert Watson return (0); 307bb97b418SRobert Watson } 308bb97b418SRobert Watson 309bb97b418SRobert Watson /* 310ca0716f5SRobert Watson * Rewind the file pointer to beginning. 311ca0716f5SRobert Watson */ 312bb97b418SRobert Watson static void 313bb97b418SRobert Watson setac_locked(void) 314bb97b418SRobert Watson { 315bb97b418SRobert Watson 316bb97b418SRobert Watson ptrmoved = 1; 317bb97b418SRobert Watson if (fp != NULL) 318bb97b418SRobert Watson fseek(fp, 0, SEEK_SET); 319bb97b418SRobert Watson } 320bb97b418SRobert Watson 321ca0716f5SRobert Watson void 322ca0716f5SRobert Watson setac(void) 323ca0716f5SRobert Watson { 324ca0716f5SRobert Watson 3257a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 326ca0716f5SRobert Watson pthread_mutex_lock(&mutex); 3277a0a89d2SRobert Watson #endif 328bb97b418SRobert Watson setac_locked(); 3297a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 330ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 3317a0a89d2SRobert Watson #endif 332ca0716f5SRobert Watson } 333ca0716f5SRobert Watson 334ca0716f5SRobert Watson /* 335bb97b418SRobert Watson * Close the audit_control file. 336ca0716f5SRobert Watson */ 337ca0716f5SRobert Watson void 338ca0716f5SRobert Watson endac(void) 339ca0716f5SRobert Watson { 340ca0716f5SRobert Watson 3417a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 342ca0716f5SRobert Watson pthread_mutex_lock(&mutex); 3437a0a89d2SRobert Watson #endif 344ca0716f5SRobert Watson ptrmoved = 1; 345ca0716f5SRobert Watson if (fp != NULL) { 346ca0716f5SRobert Watson fclose(fp); 347ca0716f5SRobert Watson fp = NULL; 348ca0716f5SRobert Watson } 3497a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 350ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 3517a0a89d2SRobert Watson #endif 352ca0716f5SRobert Watson } 353ca0716f5SRobert Watson 354ca0716f5SRobert Watson /* 355ca0716f5SRobert Watson * Return audit directory information from the audit control file. 356ca0716f5SRobert Watson */ 357ca0716f5SRobert Watson int 358ca0716f5SRobert Watson getacdir(char *name, int len) 359ca0716f5SRobert Watson { 360ca0716f5SRobert Watson char *dir; 361ca0716f5SRobert Watson int ret = 0; 362ca0716f5SRobert Watson 363ca0716f5SRobert Watson /* 364bb97b418SRobert Watson * Check if another function was called between successive calls to 365bb97b418SRobert Watson * getacdir. 366ca0716f5SRobert Watson */ 3677a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 368bb97b418SRobert Watson pthread_mutex_lock(&mutex); 3697a0a89d2SRobert Watson #endif 370ca0716f5SRobert Watson if (inacdir && ptrmoved) { 371ca0716f5SRobert Watson ptrmoved = 0; 372ca0716f5SRobert Watson if (fp != NULL) 373ca0716f5SRobert Watson fseek(fp, 0, SEEK_SET); 374ca0716f5SRobert Watson ret = 2; 375ca0716f5SRobert Watson } 376ca0716f5SRobert Watson if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { 3777a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 378ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 3797a0a89d2SRobert Watson #endif 380ca0716f5SRobert Watson return (-2); 381ca0716f5SRobert Watson } 382bb97b418SRobert Watson if (dir == NULL) { 3837a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 384ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 3857a0a89d2SRobert Watson #endif 386ca0716f5SRobert Watson return (-1); 387bb97b418SRobert Watson } 38852267f74SRobert Watson if (strlen(dir) >= (size_t)len) { 3897a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 390bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 3917a0a89d2SRobert Watson #endif 392ca0716f5SRobert Watson return (-3); 393bb97b418SRobert Watson } 39452267f74SRobert Watson strlcpy(name, dir, len); 3957a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 396bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 3977a0a89d2SRobert Watson #endif 398ca0716f5SRobert Watson return (ret); 399ca0716f5SRobert Watson } 400ca0716f5SRobert Watson 401ca0716f5SRobert Watson /* 402bb97b418SRobert Watson * Return the minimum free diskspace value from the audit control file. 403ca0716f5SRobert Watson */ 404ca0716f5SRobert Watson int 405ca0716f5SRobert Watson getacmin(int *min_val) 406ca0716f5SRobert Watson { 407ca0716f5SRobert Watson char *min; 408ca0716f5SRobert Watson 4097a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 410ca0716f5SRobert Watson pthread_mutex_lock(&mutex); 4117a0a89d2SRobert Watson #endif 412bb97b418SRobert Watson setac_locked(); 413ca0716f5SRobert Watson if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { 4147a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 415ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 4167a0a89d2SRobert Watson #endif 417ca0716f5SRobert Watson return (-2); 418ca0716f5SRobert Watson } 419bb97b418SRobert Watson if (min == NULL) { 4207a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 421ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 4227a0a89d2SRobert Watson #endif 423ca0716f5SRobert Watson return (1); 424bb97b418SRobert Watson } 425ca0716f5SRobert Watson *min_val = atoi(min); 4267a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 427bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 4287a0a89d2SRobert Watson #endif 429ca0716f5SRobert Watson return (0); 430ca0716f5SRobert Watson } 431ca0716f5SRobert Watson 432ca0716f5SRobert Watson /* 4334bd0c025SRobert Watson * Return the desired trail rotation size from the audit control file. 4344bd0c025SRobert Watson */ 4354bd0c025SRobert Watson int 4364bd0c025SRobert Watson getacfilesz(size_t *filesz_val) 4374bd0c025SRobert Watson { 4384bd0c025SRobert Watson char *filesz, *dummy; 4394bd0c025SRobert Watson long long ll; 4404bd0c025SRobert Watson 4417a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4424bd0c025SRobert Watson pthread_mutex_lock(&mutex); 4437a0a89d2SRobert Watson #endif 4444bd0c025SRobert Watson setac_locked(); 4454bd0c025SRobert Watson if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) { 4467a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4474bd0c025SRobert Watson pthread_mutex_unlock(&mutex); 4487a0a89d2SRobert Watson #endif 4494bd0c025SRobert Watson return (-2); 4504bd0c025SRobert Watson } 4514bd0c025SRobert Watson if (filesz == NULL) { 4527a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4534bd0c025SRobert Watson pthread_mutex_unlock(&mutex); 4547a0a89d2SRobert Watson #endif 4554bd0c025SRobert Watson errno = EINVAL; 4564bd0c025SRobert Watson return (1); 4574bd0c025SRobert Watson } 4584bd0c025SRobert Watson ll = strtoll(filesz, &dummy, 10); 4594bd0c025SRobert Watson if (*dummy != '\0') { 4607a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4614bd0c025SRobert Watson pthread_mutex_unlock(&mutex); 4627a0a89d2SRobert Watson #endif 4634bd0c025SRobert Watson errno = EINVAL; 4644bd0c025SRobert Watson return (-1); 4654bd0c025SRobert Watson } 4664bd0c025SRobert Watson /* 4674bd0c025SRobert Watson * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0 4684bd0c025SRobert Watson * indicates no rotation size. 4694bd0c025SRobert Watson */ 4704bd0c025SRobert Watson if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) { 4717a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4724bd0c025SRobert Watson pthread_mutex_unlock(&mutex); 4737a0a89d2SRobert Watson #endif 4744bd0c025SRobert Watson errno = EINVAL; 4754bd0c025SRobert Watson return (-1); 4764bd0c025SRobert Watson } 4774bd0c025SRobert Watson *filesz_val = ll; 4787a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 4794bd0c025SRobert Watson pthread_mutex_unlock(&mutex); 4807a0a89d2SRobert Watson #endif 4814bd0c025SRobert Watson return (0); 4824bd0c025SRobert Watson } 4834bd0c025SRobert Watson 4844bd0c025SRobert Watson /* 485ca0716f5SRobert Watson * Return the system audit value from the audit contol file. 486ca0716f5SRobert Watson */ 487ca0716f5SRobert Watson int 488ca0716f5SRobert Watson getacflg(char *auditstr, int len) 489ca0716f5SRobert Watson { 490ca0716f5SRobert Watson char *str; 491ca0716f5SRobert Watson 4927a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 493ca0716f5SRobert Watson pthread_mutex_lock(&mutex); 4947a0a89d2SRobert Watson #endif 495bb97b418SRobert Watson setac_locked(); 496ca0716f5SRobert Watson if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { 4977a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 498ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 4997a0a89d2SRobert Watson #endif 500ca0716f5SRobert Watson return (-2); 501ca0716f5SRobert Watson } 502bb97b418SRobert Watson if (str == NULL) { 5037a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 504ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 5057a0a89d2SRobert Watson #endif 506ca0716f5SRobert Watson return (1); 507bb97b418SRobert Watson } 50852267f74SRobert Watson if (strlen(str) >= (size_t)len) { 5097a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 510bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5117a0a89d2SRobert Watson #endif 512ca0716f5SRobert Watson return (-3); 513bb97b418SRobert Watson } 51452267f74SRobert Watson strlcpy(auditstr, str, len); 5157a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 516bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5177a0a89d2SRobert Watson #endif 518ca0716f5SRobert Watson return (0); 519ca0716f5SRobert Watson } 520ca0716f5SRobert Watson 521ca0716f5SRobert Watson /* 522ca0716f5SRobert Watson * Return the non attributable flags from the audit contol file. 523ca0716f5SRobert Watson */ 524ca0716f5SRobert Watson int 525ca0716f5SRobert Watson getacna(char *auditstr, int len) 526ca0716f5SRobert Watson { 527ca0716f5SRobert Watson char *str; 528ca0716f5SRobert Watson 5297a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 530ca0716f5SRobert Watson pthread_mutex_lock(&mutex); 5317a0a89d2SRobert Watson #endif 532bb97b418SRobert Watson setac_locked(); 533ca0716f5SRobert Watson if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { 5347a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 535ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 5367a0a89d2SRobert Watson #endif 537ca0716f5SRobert Watson return (-2); 538ca0716f5SRobert Watson } 539bb97b418SRobert Watson if (str == NULL) { 5407a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 541ca0716f5SRobert Watson pthread_mutex_unlock(&mutex); 5427a0a89d2SRobert Watson #endif 543ca0716f5SRobert Watson return (1); 544bb97b418SRobert Watson } 54552267f74SRobert Watson if (strlen(str) >= (size_t)len) { 5467a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 547bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5487a0a89d2SRobert Watson #endif 549ca0716f5SRobert Watson return (-3); 550bb97b418SRobert Watson } 55152267f74SRobert Watson strlcpy(auditstr, str, len); 5527a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 55352267f74SRobert Watson pthread_mutex_unlock(&mutex); 5547a0a89d2SRobert Watson #endif 555bb97b418SRobert Watson return (0); 556bb97b418SRobert Watson } 557ca0716f5SRobert Watson 558bb97b418SRobert Watson /* 559bb97b418SRobert Watson * Return the policy field from the audit control file. 560bb97b418SRobert Watson */ 561bb97b418SRobert Watson int 562bb97b418SRobert Watson getacpol(char *auditstr, size_t len) 563bb97b418SRobert Watson { 564bb97b418SRobert Watson char *str; 565bb97b418SRobert Watson 5667a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 567bb97b418SRobert Watson pthread_mutex_lock(&mutex); 5687a0a89d2SRobert Watson #endif 569bb97b418SRobert Watson setac_locked(); 570bb97b418SRobert Watson if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) { 5717a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 572bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5737a0a89d2SRobert Watson #endif 574bb97b418SRobert Watson return (-2); 575bb97b418SRobert Watson } 576bb97b418SRobert Watson if (str == NULL) { 5777a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 578bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5797a0a89d2SRobert Watson #endif 580bb97b418SRobert Watson return (-1); 581bb97b418SRobert Watson } 582bb97b418SRobert Watson if (strlen(str) >= len) { 5837a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 584bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 5857a0a89d2SRobert Watson #endif 586bb97b418SRobert Watson return (-3); 587bb97b418SRobert Watson } 58852267f74SRobert Watson strlcpy(auditstr, str, len); 5897a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 59052267f74SRobert Watson pthread_mutex_unlock(&mutex); 5917a0a89d2SRobert Watson #endif 59252267f74SRobert Watson return (0); 59352267f74SRobert Watson } 59452267f74SRobert Watson 59552267f74SRobert Watson int 59652267f74SRobert Watson getachost(char *auditstr, size_t len) 59752267f74SRobert Watson { 59852267f74SRobert Watson char *str; 59952267f74SRobert Watson 6007a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 60152267f74SRobert Watson pthread_mutex_lock(&mutex); 6027a0a89d2SRobert Watson #endif 60352267f74SRobert Watson setac_locked(); 60452267f74SRobert Watson if (getstrfromtype_locked(AUDIT_HOST_CONTROL_ENTRY, &str) < 0) { 6057a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 60652267f74SRobert Watson pthread_mutex_unlock(&mutex); 6077a0a89d2SRobert Watson #endif 60852267f74SRobert Watson return (-2); 60952267f74SRobert Watson } 61052267f74SRobert Watson if (str == NULL) { 6117a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 61252267f74SRobert Watson pthread_mutex_unlock(&mutex); 6137a0a89d2SRobert Watson #endif 61452267f74SRobert Watson return (1); 61552267f74SRobert Watson } 61652267f74SRobert Watson if (strlen(str) >= len) { 6177a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 61852267f74SRobert Watson pthread_mutex_unlock(&mutex); 6197a0a89d2SRobert Watson #endif 62052267f74SRobert Watson return (-3); 62152267f74SRobert Watson } 622bb97b418SRobert Watson strcpy(auditstr, str); 6237a0a89d2SRobert Watson #ifdef HAVE_PTHREAD_MUTEX_LOCK 624bb97b418SRobert Watson pthread_mutex_unlock(&mutex); 6257a0a89d2SRobert Watson #endif 626ca0716f5SRobert Watson return (0); 627ca0716f5SRobert Watson } 628