1 /*- 2 * Copyright (c) 2004-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#32 $ 30 */ 31 32 #ifdef __APPLE__ 33 #define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 34 #endif 35 36 #include <sys/param.h> 37 #include <sys/stat.h> 38 39 #ifdef __APPLE__ 40 #include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ 41 #endif 42 43 #include <sys/sysctl.h> 44 45 #include <bsm/libbsm.h> 46 47 #include <unistd.h> 48 #include <syslog.h> 49 #include <stdarg.h> 50 #include <string.h> 51 #include <errno.h> 52 53 /* These are not advertised in libbsm.h */ 54 int audit_set_terminal_port(dev_t *p); 55 int audit_set_terminal_host(uint32_t *m); 56 57 /* 58 * General purpose audit submission mechanism for userspace. 59 */ 60 int 61 audit_submit(short au_event, au_id_t auid, char status, 62 int reterr, const char *fmt, ...) 63 { 64 char text[MAX_AUDITSTRING_LEN]; 65 token_t *token; 66 int acond; 67 va_list ap; 68 pid_t pid; 69 int error, afd, subj_ex; 70 struct auditinfo ai; 71 struct auditinfo_addr aia; 72 au_tid_t atid; 73 74 if (audit_get_cond(&acond) != 0) { 75 /* 76 * If auditon(2) returns ENOSYS, then audit has not been 77 * compiled into the kernel, so just return. 78 */ 79 if (errno == ENOSYS) 80 return (0); 81 error = errno; 82 syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 83 strerror(errno)); 84 errno = error; 85 return (-1); 86 } 87 if (acond == AUC_NOAUDIT) 88 return (0); 89 afd = au_open(); 90 if (afd < 0) { 91 error = errno; 92 syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 93 strerror(errno)); 94 errno = error; 95 return (-1); 96 } 97 /* 98 * Try to use getaudit_addr(2) first. If this kernel does not support 99 * it, then fall back on to getaudit(2). 100 */ 101 subj_ex = 0; 102 error = getaudit_addr(&aia, sizeof(aia)); 103 if (error < 0 && errno == ENOSYS) { 104 error = getaudit(&ai); 105 if (error < 0) { 106 error = errno; 107 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 108 strerror(errno)); 109 errno = error; 110 return (-1); 111 } 112 /* 113 * Convert this auditinfo_t to an auditinfo_addr_t to make the 114 * following code less complicated wrt to preselection and 115 * subject token generation. 116 */ 117 aia.ai_auid = ai.ai_auid; 118 aia.ai_mask = ai.ai_mask; 119 aia.ai_asid = ai.ai_asid; 120 aia.ai_termid.at_type = AU_IPv4; 121 aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 122 aia.ai_termid.at_port = ai.ai_termid.port; 123 } else if (error < 0) { 124 error = errno; 125 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", 126 strerror(errno)); 127 errno = error; 128 return (-1); 129 } 130 /* 131 * NB: We should be performing pre-selection here now that we have the 132 * masks for this process. 133 */ 134 if (aia.ai_termid.at_type == AU_IPv6) 135 subj_ex = 1; 136 pid = getpid(); 137 if (subj_ex == 0) { 138 atid.port = aia.ai_termid.at_port; 139 atid.machine = aia.ai_termid.at_addr[0]; 140 token = au_to_subject32(auid, geteuid(), getegid(), 141 getuid(), getgid(), pid, pid, &atid); 142 } else 143 token = au_to_subject_ex(auid, geteuid(), getegid(), 144 getuid(), getgid(), pid, pid, &aia.ai_termid); 145 if (token == NULL) { 146 syslog(LOG_AUTH | LOG_ERR, 147 "audit: unable to build subject token"); 148 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 149 errno = EPERM; 150 return (-1); 151 } 152 if (au_write(afd, token) < 0) { 153 error = errno; 154 syslog(LOG_AUTH | LOG_ERR, 155 "audit: au_write failed: %s", strerror(errno)); 156 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 157 errno = error; 158 return (-1); 159 } 160 if (fmt != NULL) { 161 va_start(ap, fmt); 162 (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 163 va_end(ap); 164 token = au_to_text(text); 165 if (token == NULL) { 166 syslog(LOG_AUTH | LOG_ERR, 167 "audit: failed to generate text token"); 168 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 169 errno = EPERM; 170 return (-1); 171 } 172 if (au_write(afd, token) < 0) { 173 error = errno; 174 syslog(LOG_AUTH | LOG_ERR, 175 "audit: au_write failed: %s", strerror(errno)); 176 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 177 errno = error; 178 return (-1); 179 } 180 } 181 token = au_to_return32(au_errno_to_bsm(status), reterr); 182 if (token == NULL) { 183 syslog(LOG_AUTH | LOG_ERR, 184 "audit: unable to build return token"); 185 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 186 errno = EPERM; 187 return (-1); 188 } 189 if (au_write(afd, token) < 0) { 190 error = errno; 191 syslog(LOG_AUTH | LOG_ERR, 192 "audit: au_write failed: %s", strerror(errno)); 193 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 194 errno = error; 195 return (-1); 196 } 197 if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 198 error = errno; 199 syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); 200 errno = error; 201 return (-1); 202 } 203 return (0); 204 } 205 206 int 207 audit_set_terminal_port(dev_t *p) 208 { 209 struct stat st; 210 211 if (p == NULL) 212 return (kAUBadParamErr); 213 214 #ifdef NODEV 215 *p = NODEV; 216 #else 217 *p = -1; 218 #endif 219 220 /* for /usr/bin/login, try fstat() first */ 221 if (fstat(STDIN_FILENO, &st) != 0) { 222 if (errno != EBADF) { 223 syslog(LOG_ERR, "fstat() failed (%s)", 224 strerror(errno)); 225 return (kAUStatErr); 226 } 227 if (stat("/dev/console", &st) != 0) { 228 syslog(LOG_ERR, "stat() failed (%s)", 229 strerror(errno)); 230 return (kAUStatErr); 231 } 232 } 233 *p = st.st_rdev; 234 return (kAUNoErr); 235 } 236 237 int 238 audit_set_terminal_host(uint32_t *m) 239 { 240 241 #ifdef KERN_HOSTID 242 int name[2] = { CTL_KERN, KERN_HOSTID }; 243 size_t len; 244 245 if (m == NULL) 246 return (kAUBadParamErr); 247 *m = 0; 248 len = sizeof(*m); 249 if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 250 syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 251 return (kAUSysctlErr); 252 } 253 return (kAUNoErr); 254 #else 255 *m = -1; 256 return (kAUNoErr); 257 #endif 258 } 259 260 int 261 audit_set_terminal_id(au_tid_t *tid) 262 { 263 int ret; 264 265 if (tid == NULL) 266 return (kAUBadParamErr); 267 if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 268 return (ret); 269 return (audit_set_terminal_host(&tid->machine)); 270 } 271 272 /* 273 * This is OK for those callers who have only one token to write. If you have 274 * multiple tokens that logically form part of the same audit record, you need 275 * to use the existing au_open()/au_write()/au_close() API: 276 * 277 * aufd = au_open(); 278 * tok = au_to_random_token_1(...); 279 * au_write(aufd, tok); 280 * tok = au_to_random_token_2(...); 281 * au_write(aufd, tok); 282 * ... 283 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 284 * 285 * Assumes, like all wrapper calls, that the caller has previously checked 286 * that auditing is enabled via the audit_get_state() call. 287 * 288 * XXX: Should be more robust against bad arguments. 289 */ 290 int 291 audit_write(short event_code, token_t *subject, token_t *misctok, char retval, 292 int errcode) 293 { 294 int aufd; 295 char *func = "audit_write()"; 296 token_t *rettok; 297 298 if ((aufd = au_open()) == -1) { 299 au_free_token(subject); 300 au_free_token(misctok); 301 syslog(LOG_ERR, "%s: au_open() failed", func); 302 return (kAUOpenErr); 303 } 304 305 /* Save subject. */ 306 if (subject && au_write(aufd, subject) == -1) { 307 au_free_token(subject); 308 au_free_token(misctok); 309 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 310 syslog(LOG_ERR, "%s: write of subject failed", func); 311 return (kAUWriteSubjectTokErr); 312 } 313 314 /* Save the event-specific token. */ 315 if (misctok && au_write(aufd, misctok) == -1) { 316 au_free_token(misctok); 317 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 318 syslog(LOG_ERR, "%s: write of caller token failed", func); 319 return (kAUWriteCallerTokErr); 320 } 321 322 /* Tokenize and save the return value. */ 323 if ((rettok = au_to_return32(retval, errcode)) == NULL) { 324 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 325 syslog(LOG_ERR, "%s: au_to_return32() failed", func); 326 return (kAUMakeReturnTokErr); 327 } 328 329 if (au_write(aufd, rettok) == -1) { 330 au_free_token(rettok); 331 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 332 syslog(LOG_ERR, "%s: write of return code failed", func); 333 return (kAUWriteReturnTokErr); 334 } 335 336 /* 337 * We assume the caller wouldn't have bothered with this 338 * function if it hadn't already decided to keep the record. 339 */ 340 if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 341 syslog(LOG_ERR, "%s: au_close() failed", func); 342 return (kAUCloseErr); 343 } 344 345 return (kAUNoErr); 346 } 347 348 /* 349 * Same caveats as audit_write(). In addition, this function explicitly 350 * assumes success; use audit_write_failure() on error. 351 */ 352 int 353 audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, 354 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 355 au_tid_t *tid) 356 { 357 char *func = "audit_write_success()"; 358 token_t *subject = NULL; 359 360 /* Tokenize and save subject. */ 361 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 362 tid); 363 if (subject == NULL) { 364 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 365 return kAUMakeSubjectTokErr; 366 } 367 368 return (audit_write(event_code, subject, tok, 0, 0)); 369 } 370 371 /* 372 * Same caveats as audit_write(). In addition, this function explicitly 373 * assumes success; use audit_write_failure_self() on error. 374 */ 375 int 376 audit_write_success_self(short event_code, token_t *tok) 377 { 378 token_t *subject; 379 char *func = "audit_write_success_self()"; 380 381 if ((subject = au_to_me()) == NULL) { 382 syslog(LOG_ERR, "%s: au_to_me() failed", func); 383 return (kAUMakeSubjectTokErr); 384 } 385 386 return (audit_write(event_code, subject, tok, 0, 0)); 387 } 388 389 /* 390 * Same caveats as audit_write(). In addition, this function explicitly 391 * assumes failure; use audit_write_success() otherwise. 392 * 393 * XXX This should let the caller pass an error return value rather than 394 * hard-coding -1. 395 */ 396 int 397 audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, 398 uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 399 au_tid_t *tid) 400 { 401 char *func = "audit_write_failure()"; 402 token_t *subject, *errtok; 403 404 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 405 if (subject == NULL) { 406 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 407 return (kAUMakeSubjectTokErr); 408 } 409 410 /* tokenize and save the error message */ 411 if ((errtok = au_to_text(errmsg)) == NULL) { 412 au_free_token(subject); 413 syslog(LOG_ERR, "%s: au_to_text() failed", func); 414 return (kAUMakeTextTokErr); 415 } 416 417 return (audit_write(event_code, subject, errtok, -1, errcode)); 418 } 419 420 /* 421 * Same caveats as audit_write(). In addition, this function explicitly 422 * assumes failure; use audit_write_success_self() otherwise. 423 * 424 * XXX This should let the caller pass an error return value rather than 425 * hard-coding -1. 426 */ 427 int 428 audit_write_failure_self(short event_code, char *errmsg, int errret) 429 { 430 char *func = "audit_write_failure_self()"; 431 token_t *subject, *errtok; 432 433 if ((subject = au_to_me()) == NULL) { 434 syslog(LOG_ERR, "%s: au_to_me() failed", func); 435 return (kAUMakeSubjectTokErr); 436 } 437 /* tokenize and save the error message */ 438 if ((errtok = au_to_text(errmsg)) == NULL) { 439 au_free_token(subject); 440 syslog(LOG_ERR, "%s: au_to_text() failed", func); 441 return (kAUMakeTextTokErr); 442 } 443 return (audit_write(event_code, subject, errtok, -1, errret)); 444 } 445 446 /* 447 * For auditing errors during login. Such errors are implicitly 448 * non-attributable (i.e., not ascribable to any user). 449 * 450 * Assumes, like all wrapper calls, that the caller has previously checked 451 * that auditing is enabled via the audit_get_state() call. 452 */ 453 int 454 audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, 455 uid_t egid, pid_t pid, au_tid_t *tid) 456 { 457 458 return (audit_write_failure(event_code, errmsg, errret, -1, euid, 459 egid, -1, -1, pid, -1, tid)); 460 } 461 462 /* END OF au_write() WRAPPERS */ 463 464 #ifdef __APPLE__ 465 void 466 audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, 467 gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, 468 au_tid_t *tidp) 469 { 470 471 if (auidp != NULL) 472 *auidp = (uid_t)atoken.val[0]; 473 if (euidp != NULL) 474 *euidp = (uid_t)atoken.val[1]; 475 if (egidp != NULL) 476 *egidp = (gid_t)atoken.val[2]; 477 if (ruidp != NULL) 478 *ruidp = (uid_t)atoken.val[3]; 479 if (rgidp != NULL) 480 *rgidp = (gid_t)atoken.val[4]; 481 if (pidp != NULL) 482 *pidp = (pid_t)atoken.val[5]; 483 if (asidp != NULL) 484 *asidp = (au_asid_t)atoken.val[6]; 485 if (tidp != NULL) { 486 audit_set_terminal_host(&tidp->machine); 487 tidp->port = (dev_t)atoken.val[7]; 488 } 489 } 490 #endif /* !__APPLE__ */ 491 492 int 493 audit_get_cond(int *cond) 494 { 495 int ret; 496 497 ret = auditon(A_GETCOND, cond, sizeof(*cond)); 498 #ifdef A_OLDGETCOND 499 if ((0 != ret) && EINVAL == errno) { 500 long lcond = *cond; 501 502 ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 503 *cond = (int)lcond; 504 } 505 #endif 506 return (ret); 507 } 508 509 int 510 audit_set_cond(int *cond) 511 { 512 int ret; 513 514 ret = auditon(A_SETCOND, cond, sizeof(*cond)); 515 #ifdef A_OLDSETCOND 516 if ((0 != ret) && (EINVAL == errno)) { 517 long lcond = (long)*cond; 518 519 ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 520 *cond = (int)lcond; 521 } 522 #endif 523 return (ret); 524 } 525 526 int 527 audit_get_policy(int *policy) 528 { 529 int ret; 530 531 ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); 532 #ifdef A_OLDGETPOLICY 533 if ((0 != ret) && (EINVAL == errno)){ 534 long lpolicy = (long)*policy; 535 536 ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 537 *policy = (int)lpolicy; 538 } 539 #endif 540 return (ret); 541 } 542 543 int 544 audit_set_policy(int *policy) 545 { 546 int ret; 547 548 ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); 549 #ifdef A_OLDSETPOLICY 550 if ((0 != ret) && (EINVAL == errno)){ 551 long lpolicy = (long)*policy; 552 553 ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 554 *policy = (int)lpolicy; 555 } 556 #endif 557 return (ret); 558 } 559 560 int 561 audit_get_qctrl(au_qctrl_t *qctrl, size_t sz) 562 { 563 int ret; 564 565 if (sizeof(*qctrl) != sz) { 566 errno = EINVAL; 567 return (-1); 568 } 569 570 ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); 571 #ifdef A_OLDGETQCTRL 572 if ((0 != ret) && (EINVAL == errno)){ 573 struct old_qctrl { 574 size_t oq_hiwater; 575 size_t oq_lowater; 576 size_t oq_bufsz; 577 clock_t oq_delay; 578 int oq_minfree; 579 } oq; 580 581 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 582 oq.oq_lowater = (size_t)qctrl->aq_lowater; 583 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 584 oq.oq_delay = (clock_t)qctrl->aq_delay; 585 oq.oq_minfree = qctrl->aq_minfree; 586 587 ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 588 589 qctrl->aq_hiwater = (int)oq.oq_hiwater; 590 qctrl->aq_lowater = (int)oq.oq_lowater; 591 qctrl->aq_bufsz = (int)oq.oq_bufsz; 592 qctrl->aq_delay = (int)oq.oq_delay; 593 qctrl->aq_minfree = oq.oq_minfree; 594 } 595 #endif /* A_OLDGETQCTRL */ 596 return (ret); 597 } 598 599 int 600 audit_set_qctrl(au_qctrl_t *qctrl, size_t sz) 601 { 602 int ret; 603 604 if (sizeof(*qctrl) != sz) { 605 errno = EINVAL; 606 return (-1); 607 } 608 609 ret = auditon(A_SETQCTRL, qctrl, sz); 610 #ifdef A_OLDSETQCTRL 611 if ((0 != ret) && (EINVAL == errno)) { 612 struct old_qctrl { 613 size_t oq_hiwater; 614 size_t oq_lowater; 615 size_t oq_bufsz; 616 clock_t oq_delay; 617 int oq_minfree; 618 } oq; 619 620 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 621 oq.oq_lowater = (size_t)qctrl->aq_lowater; 622 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 623 oq.oq_delay = (clock_t)qctrl->aq_delay; 624 oq.oq_minfree = qctrl->aq_minfree; 625 626 ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 627 628 qctrl->aq_hiwater = (int)oq.oq_hiwater; 629 qctrl->aq_lowater = (int)oq.oq_lowater; 630 qctrl->aq_bufsz = (int)oq.oq_bufsz; 631 qctrl->aq_delay = (int)oq.oq_delay; 632 qctrl->aq_minfree = oq.oq_minfree; 633 } 634 #endif /* A_OLDSETQCTRL */ 635 return (ret); 636 } 637 638 int 639 audit_send_trigger(int *trigger) 640 { 641 642 return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); 643 } 644 645 int 646 audit_get_kaudit(auditinfo_addr_t *aia, size_t sz) 647 { 648 649 if (sizeof(*aia) != sz) { 650 errno = EINVAL; 651 return (-1); 652 } 653 654 return (auditon(A_GETKAUDIT, aia, sz)); 655 } 656 657 int 658 audit_set_kaudit(auditinfo_addr_t *aia, size_t sz) 659 { 660 661 if (sizeof(*aia) != sz) { 662 errno = EINVAL; 663 return (-1); 664 } 665 666 return (auditon(A_SETKAUDIT, aia, sz)); 667 } 668 669 int 670 audit_get_class(au_evclass_map_t *evc_map, size_t sz) 671 { 672 673 if (sizeof(*evc_map) != sz) { 674 errno = EINVAL; 675 return (-1); 676 } 677 678 return (auditon(A_GETCLASS, evc_map, sz)); 679 } 680 681 int 682 audit_set_class(au_evclass_map_t *evc_map, size_t sz) 683 { 684 685 if (sizeof(*evc_map) != sz) { 686 errno = EINVAL; 687 return (-1); 688 } 689 690 return (auditon(A_SETCLASS, evc_map, sz)); 691 } 692 693 int 694 audit_get_kmask(au_mask_t *kmask, size_t sz) 695 { 696 if (sizeof(*kmask) != sz) { 697 errno = EINVAL; 698 return (-1); 699 } 700 701 return (auditon(A_GETKMASK, kmask, sz)); 702 } 703 704 int 705 audit_set_kmask(au_mask_t *kmask, size_t sz) 706 { 707 if (sizeof(*kmask) != sz) { 708 errno = EINVAL; 709 return (-1); 710 } 711 712 return (auditon(A_SETKMASK, kmask, sz)); 713 } 714 715 int 716 audit_get_fsize(au_fstat_t *fstat, size_t sz) 717 { 718 719 if (sizeof(*fstat) != sz) { 720 errno = EINVAL; 721 return (-1); 722 } 723 724 return (auditon(A_GETFSIZE, fstat, sz)); 725 } 726 727 int 728 audit_set_fsize(au_fstat_t *fstat, size_t sz) 729 { 730 731 if (sizeof(*fstat) != sz) { 732 errno = EINVAL; 733 return (-1); 734 } 735 736 return (auditon(A_SETFSIZE, fstat, sz)); 737 } 738 739 int 740 audit_set_pmask(auditpinfo_t *api, size_t sz) 741 { 742 743 if (sizeof(*api) != sz) { 744 errno = EINVAL; 745 return (-1); 746 } 747 748 return (auditon(A_SETPMASK, api, sz)); 749 } 750 751 int 752 audit_get_pinfo(auditpinfo_t *api, size_t sz) 753 { 754 755 if (sizeof(*api) != sz) { 756 errno = EINVAL; 757 return (-1); 758 } 759 760 return (auditon(A_GETPINFO, api, sz)); 761 } 762 763 int 764 audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) 765 { 766 767 if (sizeof(*apia) != sz) { 768 errno = EINVAL; 769 return (-1); 770 } 771 772 return (auditon(A_GETPINFO_ADDR, apia, sz)); 773 } 774 775 int 776 audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) 777 { 778 779 if (sizeof(*aia) != sz) { 780 errno = EINVAL; 781 return (-1); 782 } 783 784 return (auditon(A_GETSINFO_ADDR, aia, sz)); 785 } 786 787 int 788 audit_get_stat(au_stat_t *stats, size_t sz) 789 { 790 791 if (sizeof(*stats) != sz) { 792 errno = EINVAL; 793 return (-1); 794 } 795 796 return (auditon(A_GETSTAT, stats, sz)); 797 } 798 799 int 800 audit_set_stat(au_stat_t *stats, size_t sz) 801 { 802 803 if (sizeof(*stats) != sz) { 804 errno = EINVAL; 805 return (-1); 806 } 807 808 return (auditon(A_GETSTAT, stats, sz)); 809 } 810 811 int 812 audit_get_cwd(char *path, size_t sz) 813 { 814 815 return (auditon(A_GETCWD, path, sz)); 816 } 817 818 int 819 audit_get_car(char *path, size_t sz) 820 { 821 822 return (auditon(A_GETCAR, path, sz)); 823 } 824