xref: /freebsd/contrib/openbsm/libbsm/bsm_wrappers.c (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1 /*-
2  * Copyright (c) 2004-2009 Apple Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1.  Redistributions of source code must retain the above copyright
9  *     notice, this list of conditions and the following disclaimer.
10  * 2.  Redistributions in binary form must reproduce the above copyright
11  *     notice, this list of conditions and the following disclaimer in the
12  *     documentation and/or other materials provided with the distribution.
13  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
14  *     its contributors may be used to endorse or promote products derived
15  *     from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27  * POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 #ifdef __APPLE__
31 #define	_SYS_AUDIT_H		/* Prevent include of sys/audit.h. */
32 #endif
33 
34 #include <sys/param.h>
35 #include <sys/stat.h>
36 
37 #ifdef __APPLE__
38 #include <sys/queue.h>		/* Our bsm/audit.h doesn't include queue.h. */
39 #endif
40 
41 #include <sys/sysctl.h>
42 
43 #include <bsm/libbsm.h>
44 
45 #include <unistd.h>
46 #include <syslog.h>
47 #include <stdarg.h>
48 #include <string.h>
49 #include <errno.h>
50 
51 /* These are not advertised in libbsm.h */
52 int audit_set_terminal_port(dev_t *p);
53 int audit_set_terminal_host(uint32_t *m);
54 
55 /*
56  * General purpose audit submission mechanism for userspace.
57  */
58 int
59 audit_submit(short au_event, au_id_t auid, char status,
60     int reterr, const char *fmt, ...)
61 {
62 	char text[MAX_AUDITSTRING_LEN];
63 	token_t *token;
64 	int acond;
65 	va_list ap;
66 	pid_t pid;
67 	int error, afd, subj_ex;
68 	struct auditinfo ai;
69 	struct auditinfo_addr aia;
70 	au_tid_t atid;
71 
72 	if (audit_get_cond(&acond) != 0) {
73 		/*
74 		 * If auditon(2) returns ENOSYS, then audit has not been
75 		 * compiled into the kernel, so just return.
76 		 */
77 		if (errno == ENOSYS)
78 			return (0);
79 		error = errno;
80 		syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
81 		    strerror(errno));
82 		errno = error;
83 		return (-1);
84 	}
85 	if (acond == AUC_NOAUDIT)
86 		return (0);
87 	afd = au_open();
88 	if (afd < 0) {
89 		error = errno;
90 		syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
91 		    strerror(errno));
92 		errno = error;
93 		return (-1);
94 	}
95 	/*
96 	 * Try to use getaudit_addr(2) first.  If this kernel does not support
97 	 * it, then fall back on to getaudit(2).
98 	 */
99 	subj_ex = 0;
100 	error = getaudit_addr(&aia, sizeof(aia));
101 	if (error < 0 && errno == ENOSYS) {
102 		error = getaudit(&ai);
103 		if (error < 0) {
104 			error = errno;
105 			syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
106 			    strerror(errno));
107 			errno = error;
108 			return (-1);
109 		}
110 		/*
111 		 * Convert this auditinfo_t to an auditinfo_addr_t to make the
112 		 * following code less complicated wrt to preselection and
113 		 * subject token generation.
114 		 */
115 		aia.ai_auid = ai.ai_auid;
116 		aia.ai_mask = ai.ai_mask;
117 		aia.ai_asid = ai.ai_asid;
118 		aia.ai_termid.at_type = AU_IPv4;
119 		aia.ai_termid.at_addr[0] = ai.ai_termid.machine;
120 		aia.ai_termid.at_port = ai.ai_termid.port;
121 	} else if (error < 0) {
122 		error = errno;
123 		syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s",
124 		    strerror(errno));
125 		errno = error;
126 		return (-1);
127 	}
128 	/*
129 	 * NB: We should be performing pre-selection here now that we have the
130 	 * masks for this process.
131 	 */
132 	if (aia.ai_termid.at_type == AU_IPv6)
133 		subj_ex = 1;
134 	pid = getpid();
135 	if (subj_ex == 0) {
136 		atid.port = aia.ai_termid.at_port;
137 		atid.machine = aia.ai_termid.at_addr[0];
138 		token = au_to_subject32(auid, geteuid(), getegid(),
139 		    getuid(), getgid(), pid, pid, &atid);
140 	} else
141 		token = au_to_subject_ex(auid, geteuid(), getegid(),
142 		    getuid(), getgid(), pid, pid, &aia.ai_termid);
143 	if (token == NULL) {
144 		syslog(LOG_AUTH | LOG_ERR,
145 		    "audit: unable to build subject token");
146 		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
147 		errno = EPERM;
148 		return (-1);
149 	}
150 	if (au_write(afd, token) < 0) {
151 		error = errno;
152 		syslog(LOG_AUTH | LOG_ERR,
153 		    "audit: au_write failed: %s", strerror(errno));
154 		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
155 		errno = error;
156 		return (-1);
157 	}
158 	if (fmt != NULL) {
159 		va_start(ap, fmt);
160 		(void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
161 		va_end(ap);
162 		token = au_to_text(text);
163 		if (token == NULL) {
164 			syslog(LOG_AUTH | LOG_ERR,
165 			    "audit: failed to generate text token");
166 			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
167 			errno = EPERM;
168 			return (-1);
169 		}
170 		if (au_write(afd, token) < 0) {
171 			error = errno;
172 			syslog(LOG_AUTH | LOG_ERR,
173 			    "audit: au_write failed: %s", strerror(errno));
174 			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
175 			errno = error;
176 			return (-1);
177 		}
178 	}
179 	token = au_to_return32(au_errno_to_bsm(status), reterr);
180 	if (token == NULL) {
181 		syslog(LOG_AUTH | LOG_ERR,
182 		    "audit: unable to build return token");
183 		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
184 		errno = EPERM;
185 		return (-1);
186 	}
187 	if (au_write(afd, token) < 0) {
188 		error = errno;
189 		syslog(LOG_AUTH | LOG_ERR,
190 		    "audit: au_write failed: %s", strerror(errno));
191 		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
192 		errno = error;
193 		return (-1);
194 	}
195 	if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
196 		error = errno;
197 		syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
198 		errno = error;
199 		return (-1);
200 	}
201 	return (0);
202 }
203 
204 int
205 audit_set_terminal_port(dev_t *p)
206 {
207 	struct stat st;
208 
209 	if (p == NULL)
210 		return (kAUBadParamErr);
211 
212 #ifdef NODEV
213 	*p = NODEV;
214 #else
215 	*p = -1;
216 #endif
217 
218 	/* for /usr/bin/login, try fstat() first */
219 	if (fstat(STDIN_FILENO, &st) != 0) {
220 		if (errno != EBADF) {
221 			syslog(LOG_ERR, "fstat() failed (%s)",
222 			    strerror(errno));
223 			return (kAUStatErr);
224 		}
225 		if (stat("/dev/console", &st) != 0) {
226 			syslog(LOG_ERR, "stat() failed (%s)",
227 			    strerror(errno));
228 			return (kAUStatErr);
229 		}
230 	}
231 	*p = st.st_rdev;
232 	return (kAUNoErr);
233 }
234 
235 int
236 audit_set_terminal_host(uint32_t *m)
237 {
238 
239 #ifdef KERN_HOSTID
240 	int name[2] = { CTL_KERN, KERN_HOSTID };
241 	size_t len;
242 
243 	if (m == NULL)
244 		return (kAUBadParamErr);
245 	*m = 0;
246 	len = sizeof(*m);
247 	if (sysctl(name, 2, m, &len, NULL, 0) != 0) {
248 		syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno));
249 		return (kAUSysctlErr);
250 	}
251 	return (kAUNoErr);
252 #else
253 	*m = -1;
254 	return (kAUNoErr);
255 #endif
256 }
257 
258 int
259 audit_set_terminal_id(au_tid_t *tid)
260 {
261 	int ret;
262 
263 	if (tid == NULL)
264 		return (kAUBadParamErr);
265 	if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr)
266 		return (ret);
267 	return (audit_set_terminal_host(&tid->machine));
268 }
269 
270 /*
271  * This is OK for those callers who have only one token to write.  If you have
272  * multiple tokens that logically form part of the same audit record, you need
273  * to use the existing au_open()/au_write()/au_close() API:
274  *
275  * aufd = au_open();
276  * tok = au_to_random_token_1(...);
277  * au_write(aufd, tok);
278  * tok = au_to_random_token_2(...);
279  * au_write(aufd, tok);
280  * ...
281  * au_close(aufd, AU_TO_WRITE, AUE_your_event_type);
282  *
283  * Assumes, like all wrapper calls, that the caller has previously checked
284  * that auditing is enabled via the audit_get_state() call.
285  *
286  * XXX: Should be more robust against bad arguments.
287  */
288 int
289 audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
290     int errcode)
291 {
292 	int aufd;
293 	char *func = "audit_write()";
294 	token_t *rettok;
295 
296 	if ((aufd = au_open()) == -1) {
297 		au_free_token(subject);
298 		au_free_token(misctok);
299 		syslog(LOG_ERR, "%s: au_open() failed", func);
300 		return (kAUOpenErr);
301 	}
302 
303 	/* Save subject. */
304 	if (subject && au_write(aufd, subject) == -1) {
305 		au_free_token(subject);
306 		au_free_token(misctok);
307 		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
308 		syslog(LOG_ERR, "%s: write of subject failed", func);
309 		return (kAUWriteSubjectTokErr);
310 	}
311 
312 	/* Save the event-specific token. */
313 	if (misctok && au_write(aufd, misctok) == -1) {
314 		au_free_token(misctok);
315 		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
316 		syslog(LOG_ERR, "%s: write of caller token failed", func);
317 		return (kAUWriteCallerTokErr);
318 	}
319 
320 	/* Tokenize and save the return value. */
321 	if ((rettok = au_to_return32(retval, errcode)) == NULL) {
322 		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
323 		syslog(LOG_ERR, "%s: au_to_return32() failed", func);
324 		return (kAUMakeReturnTokErr);
325 	}
326 
327 	if (au_write(aufd, rettok) == -1) {
328 		au_free_token(rettok);
329 		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
330 		syslog(LOG_ERR, "%s: write of return code failed", func);
331 		return (kAUWriteReturnTokErr);
332 	}
333 
334 	/*
335 	 * We assume the caller wouldn't have bothered with this
336 	 * function if it hadn't already decided to keep the record.
337 	 */
338 	if (au_close(aufd, AU_TO_WRITE, event_code) < 0) {
339 		syslog(LOG_ERR, "%s: au_close() failed", func);
340 		return (kAUCloseErr);
341 	}
342 
343 	return (kAUNoErr);
344 }
345 
346 /*
347  * Same caveats as audit_write().  In addition, this function explicitly
348  * assumes success; use audit_write_failure() on error.
349  */
350 int
351 audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,
352     gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
353     au_tid_t *tid)
354 {
355 	char *func = "audit_write_success()";
356 	token_t *subject = NULL;
357 
358 	/* Tokenize and save subject. */
359 	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,
360 	    tid);
361 	if (subject == NULL) {
362 		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
363 		return kAUMakeSubjectTokErr;
364 	}
365 
366 	return (audit_write(event_code, subject, tok, 0, 0));
367 }
368 
369 /*
370  * Same caveats as audit_write().  In addition, this function explicitly
371  * assumes success; use audit_write_failure_self() on error.
372  */
373 int
374 audit_write_success_self(short event_code, token_t *tok)
375 {
376 	token_t *subject;
377 	char *func = "audit_write_success_self()";
378 
379 	if ((subject = au_to_me()) == NULL) {
380 		syslog(LOG_ERR, "%s: au_to_me() failed", func);
381 		return (kAUMakeSubjectTokErr);
382 	}
383 
384 	return (audit_write(event_code, subject, tok, 0, 0));
385 }
386 
387 /*
388  * Same caveats as audit_write().  In addition, this function explicitly
389  * assumes failure; use audit_write_success() otherwise.
390  *
391  * XXX  This should let the caller pass an error return value rather than
392  * hard-coding -1.
393  */
394 int
395 audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,
396     uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
397     au_tid_t *tid)
398 {
399 	char *func = "audit_write_failure()";
400 	token_t *subject, *errtok;
401 
402 	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid);
403 	if (subject == NULL) {
404 		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
405 		return (kAUMakeSubjectTokErr);
406 	}
407 
408 	/* tokenize and save the error message */
409 	if ((errtok = au_to_text(errmsg)) == NULL) {
410 		au_free_token(subject);
411 		syslog(LOG_ERR, "%s: au_to_text() failed", func);
412 		return (kAUMakeTextTokErr);
413 	}
414 
415 	return (audit_write(event_code, subject, errtok, -1, errcode));
416 }
417 
418 /*
419  * Same caveats as audit_write().  In addition, this function explicitly
420  * assumes failure; use audit_write_success_self() otherwise.
421  *
422  * XXX  This should let the caller pass an error return value rather than
423  * hard-coding -1.
424  */
425 int
426 audit_write_failure_self(short event_code, char *errmsg, int errret)
427 {
428 	char *func = "audit_write_failure_self()";
429 	token_t *subject, *errtok;
430 
431 	if ((subject = au_to_me()) == NULL) {
432 		syslog(LOG_ERR, "%s: au_to_me() failed", func);
433 		return (kAUMakeSubjectTokErr);
434 	}
435 	/* tokenize and save the error message */
436 	if ((errtok = au_to_text(errmsg)) == NULL) {
437 		au_free_token(subject);
438 		syslog(LOG_ERR, "%s: au_to_text() failed", func);
439 		return (kAUMakeTextTokErr);
440 	}
441 	return (audit_write(event_code, subject, errtok, -1, errret));
442 }
443 
444 /*
445  * For auditing errors during login.  Such errors are implicitly
446  * non-attributable (i.e., not ascribable to any user).
447  *
448  * Assumes, like all wrapper calls, that the caller has previously checked
449  * that auditing is enabled via the audit_get_state() call.
450  */
451 int
452 audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,
453     uid_t egid, pid_t pid, au_tid_t *tid)
454 {
455 
456 	return (audit_write_failure(event_code, errmsg, errret, -1, euid,
457 	    egid, -1, -1, pid, -1, tid));
458 }
459 
460 /* END OF au_write() WRAPPERS */
461 
462 #ifdef __APPLE__
463 void
464 audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp,
465     gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp,
466     au_tid_t *tidp)
467 {
468 
469 	if (auidp != NULL)
470 		*auidp = (uid_t)atoken.val[0];
471 	if (euidp != NULL)
472 		*euidp = (uid_t)atoken.val[1];
473 	if (egidp != NULL)
474 		*egidp = (gid_t)atoken.val[2];
475 	if (ruidp != NULL)
476 		*ruidp = (uid_t)atoken.val[3];
477 	if (rgidp != NULL)
478 		*rgidp = (gid_t)atoken.val[4];
479 	if (pidp != NULL)
480 		*pidp = (pid_t)atoken.val[5];
481 	if (asidp != NULL)
482 		*asidp = (au_asid_t)atoken.val[6];
483 	if (tidp != NULL) {
484 		audit_set_terminal_host(&tidp->machine);
485 		tidp->port = (dev_t)atoken.val[7];
486 	}
487 }
488 #endif /* !__APPLE__ */
489 
490 int
491 audit_get_cond(int *cond)
492 {
493 	int ret;
494 
495 	ret = auditon(A_GETCOND, cond, sizeof(*cond));
496 #ifdef A_OLDGETCOND
497 	if ((0 != ret) && EINVAL == errno) {
498 		long lcond = *cond;
499 
500 		ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond));
501 		*cond = (int)lcond;
502 	}
503 #endif
504 	return (ret);
505 }
506 
507 int
508 audit_set_cond(int *cond)
509 {
510 	int ret;
511 
512 	ret = auditon(A_SETCOND, cond, sizeof(*cond));
513 #ifdef A_OLDSETCOND
514 	if ((0 != ret) && (EINVAL == errno)) {
515 		long lcond = (long)*cond;
516 
517 		ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond));
518 		*cond = (int)lcond;
519 	}
520 #endif
521 	return (ret);
522 }
523 
524 int
525 audit_get_policy(int *policy)
526 {
527 	int ret;
528 
529 	ret = auditon(A_GETPOLICY, policy, sizeof(*policy));
530 #ifdef A_OLDGETPOLICY
531 	if ((0 != ret) && (EINVAL == errno)){
532 		long lpolicy = (long)*policy;
533 
534 		ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy));
535 		*policy = (int)lpolicy;
536 	}
537 #endif
538 	return (ret);
539 }
540 
541 int
542 audit_set_policy(int *policy)
543 {
544 	int ret;
545 
546 	ret = auditon(A_SETPOLICY, policy, sizeof(*policy));
547 #ifdef A_OLDSETPOLICY
548 	if ((0 != ret) && (EINVAL == errno)){
549 		long lpolicy = (long)*policy;
550 
551 		ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy));
552 		*policy = (int)lpolicy;
553 	}
554 #endif
555 	return (ret);
556 }
557 
558 int
559 audit_get_qctrl(au_qctrl_t *qctrl, size_t sz)
560 {
561 	int ret;
562 
563 	if (sizeof(*qctrl) != sz) {
564 		errno = EINVAL;
565 		return (-1);
566 	}
567 
568 	ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl));
569 #ifdef A_OLDGETQCTRL
570 	if ((0 != ret) && (EINVAL == errno)){
571 		struct old_qctrl {
572 			size_t   oq_hiwater;
573 			size_t   oq_lowater;
574 			size_t   oq_bufsz;
575 			clock_t  oq_delay;
576 			int	 oq_minfree;
577 		} oq;
578 
579 		oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
580 		oq.oq_lowater = (size_t)qctrl->aq_lowater;
581 		oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
582 		oq.oq_delay = (clock_t)qctrl->aq_delay;
583 		oq.oq_minfree = qctrl->aq_minfree;
584 
585 		ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq));
586 
587 		qctrl->aq_hiwater = (int)oq.oq_hiwater;
588 		qctrl->aq_lowater = (int)oq.oq_lowater;
589 		qctrl->aq_bufsz = (int)oq.oq_bufsz;
590 		qctrl->aq_delay = (int)oq.oq_delay;
591 		qctrl->aq_minfree = oq.oq_minfree;
592 	}
593 #endif /* A_OLDGETQCTRL */
594 	return (ret);
595 }
596 
597 int
598 audit_set_qctrl(au_qctrl_t *qctrl, size_t sz)
599 {
600 	int ret;
601 
602 	if (sizeof(*qctrl) != sz) {
603 		errno = EINVAL;
604 		return (-1);
605 	}
606 
607 	ret = auditon(A_SETQCTRL, qctrl, sz);
608 #ifdef	A_OLDSETQCTRL
609 	if ((0 != ret) && (EINVAL == errno)) {
610 		struct old_qctrl {
611 			size_t   oq_hiwater;
612 			size_t   oq_lowater;
613 			size_t   oq_bufsz;
614 			clock_t  oq_delay;
615 			int	 oq_minfree;
616 		} oq;
617 
618 		oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
619 		oq.oq_lowater = (size_t)qctrl->aq_lowater;
620 		oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
621 		oq.oq_delay = (clock_t)qctrl->aq_delay;
622 		oq.oq_minfree = qctrl->aq_minfree;
623 
624 		ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq));
625 
626 		qctrl->aq_hiwater = (int)oq.oq_hiwater;
627 		qctrl->aq_lowater = (int)oq.oq_lowater;
628 		qctrl->aq_bufsz = (int)oq.oq_bufsz;
629 		qctrl->aq_delay = (int)oq.oq_delay;
630 		qctrl->aq_minfree = oq.oq_minfree;
631 	}
632 #endif /* A_OLDSETQCTRL */
633 	return (ret);
634 }
635 
636 int
637 audit_send_trigger(int *trigger)
638 {
639 
640 	return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger)));
641 }
642 
643 int
644 audit_get_kaudit(auditinfo_addr_t *aia, size_t sz)
645 {
646 
647 	if (sizeof(*aia) != sz) {
648 		errno = EINVAL;
649 		return (-1);
650 	}
651 
652 	return (auditon(A_GETKAUDIT, aia, sz));
653 }
654 
655 int
656 audit_set_kaudit(auditinfo_addr_t *aia, size_t sz)
657 {
658 
659 	if (sizeof(*aia) != sz) {
660 		errno = EINVAL;
661 		return (-1);
662 	}
663 
664 	return (auditon(A_SETKAUDIT, aia, sz));
665 }
666 
667 int
668 audit_get_class(au_evclass_map_t *evc_map, size_t sz)
669 {
670 
671 	if (sizeof(*evc_map) != sz) {
672 		errno = EINVAL;
673 		return (-1);
674 	}
675 
676 	return (auditon(A_GETCLASS, evc_map, sz));
677 }
678 
679 int
680 audit_set_class(au_evclass_map_t *evc_map, size_t sz)
681 {
682 
683 	if (sizeof(*evc_map) != sz) {
684 		errno = EINVAL;
685 		return (-1);
686 	}
687 
688 	return (auditon(A_SETCLASS, evc_map, sz));
689 }
690 
691 int
692 audit_get_kmask(au_mask_t *kmask, size_t sz)
693 {
694 	if (sizeof(*kmask) != sz) {
695 		errno = EINVAL;
696 		return (-1);
697 	}
698 
699 	return (auditon(A_GETKMASK, kmask, sz));
700 }
701 
702 int
703 audit_set_kmask(au_mask_t *kmask, size_t sz)
704 {
705 	if (sizeof(*kmask) != sz) {
706 		errno = EINVAL;
707 		return (-1);
708 	}
709 
710 	return (auditon(A_SETKMASK, kmask, sz));
711 }
712 
713 int
714 audit_get_fsize(au_fstat_t *fstat, size_t sz)
715 {
716 
717 	if (sizeof(*fstat) != sz) {
718 		errno = EINVAL;
719 		return (-1);
720 	}
721 
722 	return (auditon(A_GETFSIZE, fstat, sz));
723 }
724 
725 int
726 audit_set_fsize(au_fstat_t *fstat, size_t sz)
727 {
728 
729 	if (sizeof(*fstat) != sz) {
730 		errno = EINVAL;
731 		return (-1);
732 	}
733 
734 	return (auditon(A_SETFSIZE, fstat, sz));
735 }
736 
737 int
738 audit_set_pmask(auditpinfo_t *api, size_t sz)
739 {
740 
741 	if (sizeof(*api) != sz) {
742 		errno = EINVAL;
743 		return (-1);
744 	}
745 
746 	return (auditon(A_SETPMASK, api, sz));
747 }
748 
749 int
750 audit_get_pinfo(auditpinfo_t *api, size_t sz)
751 {
752 
753 	if (sizeof(*api) != sz) {
754 		errno = EINVAL;
755 		return (-1);
756 	}
757 
758 	return (auditon(A_GETPINFO, api, sz));
759 }
760 
761 int
762 audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz)
763 {
764 
765 	if (sizeof(*apia) != sz) {
766 		errno = EINVAL;
767 		return (-1);
768 	}
769 
770 	return (auditon(A_GETPINFO_ADDR, apia, sz));
771 }
772 
773 int
774 audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz)
775 {
776 
777 	if (sizeof(*aia) != sz) {
778 		errno = EINVAL;
779 		return (-1);
780 	}
781 
782 	return (auditon(A_GETSINFO_ADDR, aia, sz));
783 }
784 
785 int
786 audit_get_stat(au_stat_t *stats, size_t sz)
787 {
788 
789 	if (sizeof(*stats) != sz) {
790 		errno = EINVAL;
791 		return (-1);
792 	}
793 
794 	return (auditon(A_GETSTAT, stats, sz));
795 }
796 
797 int
798 audit_set_stat(au_stat_t *stats, size_t sz)
799 {
800 
801 	if (sizeof(*stats) != sz) {
802 		errno = EINVAL;
803 		return (-1);
804 	}
805 
806 	return (auditon(A_GETSTAT, stats, sz));
807 }
808 
809 int
810 audit_get_cwd(char *path, size_t sz)
811 {
812 
813 	return (auditon(A_GETCWD, path, sz));
814 }
815 
816 int
817 audit_get_car(char *path, size_t sz)
818 {
819 
820 	return (auditon(A_GETCAR, path, sz));
821 }
822