1 /*- 2 * Copyright (c) 2004-2009 Apple Inc. 3 * Copyright (c) 2016 Robert N. M. Watson 4 * All rights reserved. 5 * 6 * Portions of this software were developed by BAE Systems, the University of 7 * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL 8 * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent 9 * Computing (TC) research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 20 * its contributors may be used to endorse or promote products derived 21 * from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 27 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 #ifdef __APPLE__ 37 #define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 38 #endif 39 40 #include <sys/param.h> 41 #include <sys/stat.h> 42 43 #ifdef __APPLE__ 44 #include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ 45 #endif 46 47 #include <sys/sysctl.h> 48 49 #include <bsm/libbsm.h> 50 51 #include <unistd.h> 52 #include <syslog.h> 53 #include <stdarg.h> 54 #include <string.h> 55 #include <errno.h> 56 57 /* These are not advertised in libbsm.h */ 58 int audit_set_terminal_port(dev_t *p); 59 int audit_set_terminal_host(uint32_t *m); 60 61 /* 62 * General purpose audit submission mechanism for userspace. 63 */ 64 int 65 audit_submit(short au_event, au_id_t auid, char status, 66 int reterr, const char *fmt, ...) 67 { 68 char text[MAX_AUDITSTRING_LEN]; 69 token_t *token; 70 int acond; 71 va_list ap; 72 pid_t pid; 73 int error, afd, subj_ex; 74 struct auditinfo ai; 75 struct auditinfo_addr aia; 76 au_tid_t atid; 77 78 if (audit_get_cond(&acond) != 0) { 79 /* 80 * If auditon(2) returns ENOSYS, then audit has not been 81 * compiled into the kernel, so just return. 82 */ 83 if (errno == ENOSYS) 84 return (0); 85 error = errno; 86 syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 87 strerror(errno)); 88 errno = error; 89 return (-1); 90 } 91 if (acond == AUC_NOAUDIT) 92 return (0); 93 afd = au_open(); 94 if (afd < 0) { 95 error = errno; 96 syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 97 strerror(errno)); 98 errno = error; 99 return (-1); 100 } 101 /* 102 * Try to use getaudit_addr(2) first. If this kernel does not support 103 * it, then fall back on to getaudit(2). 104 */ 105 subj_ex = 0; 106 error = getaudit_addr(&aia, sizeof(aia)); 107 if (error < 0 && errno == ENOSYS) { 108 error = getaudit(&ai); 109 if (error < 0) { 110 error = errno; 111 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 112 strerror(errno)); 113 errno = error; 114 return (-1); 115 } 116 /* 117 * Convert this auditinfo_t to an auditinfo_addr_t to make the 118 * following code less complicated wrt to preselection and 119 * subject token generation. 120 */ 121 aia.ai_auid = ai.ai_auid; 122 aia.ai_mask = ai.ai_mask; 123 aia.ai_asid = ai.ai_asid; 124 aia.ai_termid.at_type = AU_IPv4; 125 aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 126 aia.ai_termid.at_port = ai.ai_termid.port; 127 } else if (error < 0) { 128 error = errno; 129 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", 130 strerror(errno)); 131 errno = error; 132 return (-1); 133 } 134 /* 135 * NB: We should be performing pre-selection here now that we have the 136 * masks for this process. 137 */ 138 if (aia.ai_termid.at_type == AU_IPv6) 139 subj_ex = 1; 140 pid = getpid(); 141 if (subj_ex == 0) { 142 atid.port = aia.ai_termid.at_port; 143 atid.machine = aia.ai_termid.at_addr[0]; 144 token = au_to_subject32(auid, geteuid(), getegid(), 145 getuid(), getgid(), pid, pid, &atid); 146 } else 147 token = au_to_subject_ex(auid, geteuid(), getegid(), 148 getuid(), getgid(), pid, pid, &aia.ai_termid); 149 if (token == NULL) { 150 syslog(LOG_AUTH | LOG_ERR, 151 "audit: unable to build subject token"); 152 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 153 errno = EPERM; 154 return (-1); 155 } 156 if (au_write(afd, token) < 0) { 157 error = errno; 158 syslog(LOG_AUTH | LOG_ERR, 159 "audit: au_write failed: %s", strerror(errno)); 160 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 161 errno = error; 162 return (-1); 163 } 164 if (fmt != NULL) { 165 va_start(ap, fmt); 166 (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 167 va_end(ap); 168 token = au_to_text(text); 169 if (token == NULL) { 170 syslog(LOG_AUTH | LOG_ERR, 171 "audit: failed to generate text token"); 172 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 173 errno = EPERM; 174 return (-1); 175 } 176 if (au_write(afd, token) < 0) { 177 error = errno; 178 syslog(LOG_AUTH | LOG_ERR, 179 "audit: au_write failed: %s", strerror(errno)); 180 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 181 errno = error; 182 return (-1); 183 } 184 } 185 token = au_to_return32(au_errno_to_bsm(status), reterr); 186 if (token == NULL) { 187 syslog(LOG_AUTH | LOG_ERR, 188 "audit: unable to build return token"); 189 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 190 errno = EPERM; 191 return (-1); 192 } 193 if (au_write(afd, token) < 0) { 194 error = errno; 195 syslog(LOG_AUTH | LOG_ERR, 196 "audit: au_write failed: %s", strerror(errno)); 197 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 198 errno = error; 199 return (-1); 200 } 201 if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 202 error = errno; 203 syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); 204 errno = error; 205 return (-1); 206 } 207 return (0); 208 } 209 210 int 211 audit_set_terminal_port(dev_t *p) 212 { 213 struct stat st; 214 215 if (p == NULL) 216 return (kAUBadParamErr); 217 218 #ifdef NODEV 219 *p = NODEV; 220 #else 221 *p = -1; 222 #endif 223 224 /* for /usr/bin/login, try fstat() first */ 225 if (fstat(STDIN_FILENO, &st) != 0) { 226 if (errno != EBADF) { 227 syslog(LOG_ERR, "fstat() failed (%s)", 228 strerror(errno)); 229 return (kAUStatErr); 230 } 231 if (stat("/dev/console", &st) != 0) { 232 syslog(LOG_ERR, "stat() failed (%s)", 233 strerror(errno)); 234 return (kAUStatErr); 235 } 236 } 237 *p = st.st_rdev; 238 return (kAUNoErr); 239 } 240 241 int 242 audit_set_terminal_host(uint32_t *m) 243 { 244 245 #ifdef KERN_HOSTID 246 int name[2] = { CTL_KERN, KERN_HOSTID }; 247 size_t len; 248 249 if (m == NULL) 250 return (kAUBadParamErr); 251 *m = 0; 252 len = sizeof(*m); 253 if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 254 syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 255 return (kAUSysctlErr); 256 } 257 return (kAUNoErr); 258 #else 259 *m = -1; 260 return (kAUNoErr); 261 #endif 262 } 263 264 int 265 audit_set_terminal_id(au_tid_t *tid) 266 { 267 int ret; 268 269 if (tid == NULL) 270 return (kAUBadParamErr); 271 if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 272 return (ret); 273 return (audit_set_terminal_host(&tid->machine)); 274 } 275 276 /* 277 * This is OK for those callers who have only one token to write. If you have 278 * multiple tokens that logically form part of the same audit record, you need 279 * to use the existing au_open()/au_write()/au_close() API: 280 * 281 * aufd = au_open(); 282 * tok = au_to_random_token_1(...); 283 * au_write(aufd, tok); 284 * tok = au_to_random_token_2(...); 285 * au_write(aufd, tok); 286 * ... 287 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 288 * 289 * Assumes, like all wrapper calls, that the caller has previously checked 290 * that auditing is enabled via the audit_get_state() call. 291 * 292 * XXX: Should be more robust against bad arguments. 293 */ 294 int 295 audit_write(short event_code, token_t *subject, token_t *misctok, char retval, 296 int errcode) 297 { 298 int aufd; 299 char *func = "audit_write()"; 300 token_t *rettok; 301 302 if ((aufd = au_open()) == -1) { 303 au_free_token(subject); 304 au_free_token(misctok); 305 syslog(LOG_ERR, "%s: au_open() failed", func); 306 return (kAUOpenErr); 307 } 308 309 /* Save subject. */ 310 if (subject && au_write(aufd, subject) == -1) { 311 au_free_token(subject); 312 au_free_token(misctok); 313 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 314 syslog(LOG_ERR, "%s: write of subject failed", func); 315 return (kAUWriteSubjectTokErr); 316 } 317 318 /* Save the event-specific token. */ 319 if (misctok && au_write(aufd, misctok) == -1) { 320 au_free_token(misctok); 321 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 322 syslog(LOG_ERR, "%s: write of caller token failed", func); 323 return (kAUWriteCallerTokErr); 324 } 325 326 /* Tokenize and save the return value. */ 327 if ((rettok = au_to_return32(retval, errcode)) == NULL) { 328 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 329 syslog(LOG_ERR, "%s: au_to_return32() failed", func); 330 return (kAUMakeReturnTokErr); 331 } 332 333 if (au_write(aufd, rettok) == -1) { 334 au_free_token(rettok); 335 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 336 syslog(LOG_ERR, "%s: write of return code failed", func); 337 return (kAUWriteReturnTokErr); 338 } 339 340 /* 341 * We assume the caller wouldn't have bothered with this 342 * function if it hadn't already decided to keep the record. 343 */ 344 if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 345 syslog(LOG_ERR, "%s: au_close() failed", func); 346 return (kAUCloseErr); 347 } 348 349 return (kAUNoErr); 350 } 351 352 /* 353 * Same caveats as audit_write(). In addition, this function explicitly 354 * assumes success; use audit_write_failure() on error. 355 */ 356 int 357 audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, 358 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 359 au_tid_t *tid) 360 { 361 char *func = "audit_write_success()"; 362 token_t *subject = NULL; 363 364 /* Tokenize and save subject. */ 365 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 366 tid); 367 if (subject == NULL) { 368 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 369 return kAUMakeSubjectTokErr; 370 } 371 372 return (audit_write(event_code, subject, tok, 0, 0)); 373 } 374 375 /* 376 * Same caveats as audit_write(). In addition, this function explicitly 377 * assumes success; use audit_write_failure_self() on error. 378 */ 379 int 380 audit_write_success_self(short event_code, token_t *tok) 381 { 382 token_t *subject; 383 char *func = "audit_write_success_self()"; 384 385 if ((subject = au_to_me()) == NULL) { 386 syslog(LOG_ERR, "%s: au_to_me() failed", func); 387 return (kAUMakeSubjectTokErr); 388 } 389 390 return (audit_write(event_code, subject, tok, 0, 0)); 391 } 392 393 /* 394 * Same caveats as audit_write(). In addition, this function explicitly 395 * assumes failure; use audit_write_success() otherwise. 396 * 397 * XXX This should let the caller pass an error return value rather than 398 * hard-coding -1. 399 */ 400 int 401 audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, 402 uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 403 au_tid_t *tid) 404 { 405 char *func = "audit_write_failure()"; 406 token_t *subject, *errtok; 407 408 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 409 if (subject == NULL) { 410 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 411 return (kAUMakeSubjectTokErr); 412 } 413 414 /* tokenize and save the error message */ 415 if ((errtok = au_to_text(errmsg)) == NULL) { 416 au_free_token(subject); 417 syslog(LOG_ERR, "%s: au_to_text() failed", func); 418 return (kAUMakeTextTokErr); 419 } 420 421 return (audit_write(event_code, subject, errtok, -1, errcode)); 422 } 423 424 /* 425 * Same caveats as audit_write(). In addition, this function explicitly 426 * assumes failure; use audit_write_success_self() otherwise. 427 * 428 * XXX This should let the caller pass an error return value rather than 429 * hard-coding -1. 430 */ 431 int 432 audit_write_failure_self(short event_code, char *errmsg, int errret) 433 { 434 char *func = "audit_write_failure_self()"; 435 token_t *subject, *errtok; 436 437 if ((subject = au_to_me()) == NULL) { 438 syslog(LOG_ERR, "%s: au_to_me() failed", func); 439 return (kAUMakeSubjectTokErr); 440 } 441 /* tokenize and save the error message */ 442 if ((errtok = au_to_text(errmsg)) == NULL) { 443 au_free_token(subject); 444 syslog(LOG_ERR, "%s: au_to_text() failed", func); 445 return (kAUMakeTextTokErr); 446 } 447 return (audit_write(event_code, subject, errtok, -1, errret)); 448 } 449 450 /* 451 * For auditing errors during login. Such errors are implicitly 452 * non-attributable (i.e., not ascribable to any user). 453 * 454 * Assumes, like all wrapper calls, that the caller has previously checked 455 * that auditing is enabled via the audit_get_state() call. 456 */ 457 int 458 audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, 459 uid_t egid, pid_t pid, au_tid_t *tid) 460 { 461 462 return (audit_write_failure(event_code, errmsg, errret, -1, euid, 463 egid, -1, -1, pid, -1, tid)); 464 } 465 466 /* END OF au_write() WRAPPERS */ 467 468 #ifdef __APPLE__ 469 void 470 audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, 471 gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, 472 au_tid_t *tidp) 473 { 474 475 if (auidp != NULL) 476 *auidp = (uid_t)atoken.val[0]; 477 if (euidp != NULL) 478 *euidp = (uid_t)atoken.val[1]; 479 if (egidp != NULL) 480 *egidp = (gid_t)atoken.val[2]; 481 if (ruidp != NULL) 482 *ruidp = (uid_t)atoken.val[3]; 483 if (rgidp != NULL) 484 *rgidp = (gid_t)atoken.val[4]; 485 if (pidp != NULL) 486 *pidp = (pid_t)atoken.val[5]; 487 if (asidp != NULL) 488 *asidp = (au_asid_t)atoken.val[6]; 489 if (tidp != NULL) { 490 audit_set_terminal_host(&tidp->machine); 491 tidp->port = (dev_t)atoken.val[7]; 492 } 493 } 494 #endif /* !__APPLE__ */ 495 496 int 497 audit_get_cond(int *cond) 498 { 499 int ret; 500 501 ret = auditon(A_GETCOND, cond, sizeof(*cond)); 502 #ifdef A_OLDGETCOND 503 if ((0 != ret) && EINVAL == errno) { 504 long lcond = *cond; 505 506 ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 507 *cond = (int)lcond; 508 } 509 #endif 510 return (ret); 511 } 512 513 int 514 audit_set_cond(int *cond) 515 { 516 int ret; 517 518 ret = auditon(A_SETCOND, cond, sizeof(*cond)); 519 #ifdef A_OLDSETCOND 520 if ((0 != ret) && (EINVAL == errno)) { 521 long lcond = (long)*cond; 522 523 ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 524 *cond = (int)lcond; 525 } 526 #endif 527 return (ret); 528 } 529 530 int 531 audit_get_policy(int *policy) 532 { 533 int ret; 534 535 ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); 536 #ifdef A_OLDGETPOLICY 537 if ((0 != ret) && (EINVAL == errno)){ 538 long lpolicy = (long)*policy; 539 540 ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 541 *policy = (int)lpolicy; 542 } 543 #endif 544 return (ret); 545 } 546 547 int 548 audit_set_policy(int *policy) 549 { 550 int ret; 551 552 ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); 553 #ifdef A_OLDSETPOLICY 554 if ((0 != ret) && (EINVAL == errno)){ 555 long lpolicy = (long)*policy; 556 557 ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 558 *policy = (int)lpolicy; 559 } 560 #endif 561 return (ret); 562 } 563 564 int 565 audit_get_qctrl(au_qctrl_t *qctrl, size_t sz) 566 { 567 int ret; 568 569 if (sizeof(*qctrl) != sz) { 570 errno = EINVAL; 571 return (-1); 572 } 573 574 ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); 575 #ifdef A_OLDGETQCTRL 576 if ((0 != ret) && (EINVAL == errno)){ 577 struct old_qctrl { 578 size_t oq_hiwater; 579 size_t oq_lowater; 580 size_t oq_bufsz; 581 clock_t oq_delay; 582 int oq_minfree; 583 } oq; 584 585 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 586 oq.oq_lowater = (size_t)qctrl->aq_lowater; 587 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 588 oq.oq_delay = (clock_t)qctrl->aq_delay; 589 oq.oq_minfree = qctrl->aq_minfree; 590 591 ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 592 593 qctrl->aq_hiwater = (int)oq.oq_hiwater; 594 qctrl->aq_lowater = (int)oq.oq_lowater; 595 qctrl->aq_bufsz = (int)oq.oq_bufsz; 596 qctrl->aq_delay = (int)oq.oq_delay; 597 qctrl->aq_minfree = oq.oq_minfree; 598 } 599 #endif /* A_OLDGETQCTRL */ 600 return (ret); 601 } 602 603 int 604 audit_set_qctrl(au_qctrl_t *qctrl, size_t sz) 605 { 606 int ret; 607 608 if (sizeof(*qctrl) != sz) { 609 errno = EINVAL; 610 return (-1); 611 } 612 613 ret = auditon(A_SETQCTRL, qctrl, sz); 614 #ifdef A_OLDSETQCTRL 615 if ((0 != ret) && (EINVAL == errno)) { 616 struct old_qctrl { 617 size_t oq_hiwater; 618 size_t oq_lowater; 619 size_t oq_bufsz; 620 clock_t oq_delay; 621 int oq_minfree; 622 } oq; 623 624 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 625 oq.oq_lowater = (size_t)qctrl->aq_lowater; 626 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 627 oq.oq_delay = (clock_t)qctrl->aq_delay; 628 oq.oq_minfree = qctrl->aq_minfree; 629 630 ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 631 632 qctrl->aq_hiwater = (int)oq.oq_hiwater; 633 qctrl->aq_lowater = (int)oq.oq_lowater; 634 qctrl->aq_bufsz = (int)oq.oq_bufsz; 635 qctrl->aq_delay = (int)oq.oq_delay; 636 qctrl->aq_minfree = oq.oq_minfree; 637 } 638 #endif /* A_OLDSETQCTRL */ 639 return (ret); 640 } 641 642 int 643 audit_send_trigger(int *trigger) 644 { 645 646 return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); 647 } 648 649 int 650 audit_get_kaudit(auditinfo_addr_t *aia, size_t sz) 651 { 652 653 if (sizeof(*aia) != sz) { 654 errno = EINVAL; 655 return (-1); 656 } 657 658 return (auditon(A_GETKAUDIT, aia, sz)); 659 } 660 661 int 662 audit_set_kaudit(auditinfo_addr_t *aia, size_t sz) 663 { 664 665 if (sizeof(*aia) != sz) { 666 errno = EINVAL; 667 return (-1); 668 } 669 670 return (auditon(A_SETKAUDIT, aia, sz)); 671 } 672 673 int 674 audit_get_class(au_evclass_map_t *evc_map, size_t sz) 675 { 676 677 if (sizeof(*evc_map) != sz) { 678 errno = EINVAL; 679 return (-1); 680 } 681 682 return (auditon(A_GETCLASS, evc_map, sz)); 683 } 684 685 int 686 audit_set_class(au_evclass_map_t *evc_map, size_t sz) 687 { 688 689 if (sizeof(*evc_map) != sz) { 690 errno = EINVAL; 691 return (-1); 692 } 693 694 return (auditon(A_SETCLASS, evc_map, sz)); 695 } 696 697 int 698 audit_get_event(au_evname_map_t *evn_map, size_t sz) 699 { 700 701 if (sizeof(*evn_map) != sz) { 702 errno = EINVAL; 703 return (-1); 704 } 705 706 return (auditon(A_GETEVENT, evn_map, sz)); 707 } 708 709 int 710 audit_set_event(au_evname_map_t *evn_map, size_t sz) 711 { 712 713 if (sizeof(*evn_map) != sz) { 714 errno = EINVAL; 715 return (-1); 716 } 717 718 return (auditon(A_SETEVENT, evn_map, sz)); 719 } 720 721 int 722 audit_get_kmask(au_mask_t *kmask, size_t sz) 723 { 724 if (sizeof(*kmask) != sz) { 725 errno = EINVAL; 726 return (-1); 727 } 728 729 return (auditon(A_GETKMASK, kmask, sz)); 730 } 731 732 int 733 audit_set_kmask(au_mask_t *kmask, size_t sz) 734 { 735 if (sizeof(*kmask) != sz) { 736 errno = EINVAL; 737 return (-1); 738 } 739 740 return (auditon(A_SETKMASK, kmask, sz)); 741 } 742 743 int 744 audit_get_fsize(au_fstat_t *fstat, size_t sz) 745 { 746 747 if (sizeof(*fstat) != sz) { 748 errno = EINVAL; 749 return (-1); 750 } 751 752 return (auditon(A_GETFSIZE, fstat, sz)); 753 } 754 755 int 756 audit_set_fsize(au_fstat_t *fstat, size_t sz) 757 { 758 759 if (sizeof(*fstat) != sz) { 760 errno = EINVAL; 761 return (-1); 762 } 763 764 return (auditon(A_SETFSIZE, fstat, sz)); 765 } 766 767 int 768 audit_set_pmask(auditpinfo_t *api, size_t sz) 769 { 770 771 if (sizeof(*api) != sz) { 772 errno = EINVAL; 773 return (-1); 774 } 775 776 return (auditon(A_SETPMASK, api, sz)); 777 } 778 779 int 780 audit_get_pinfo(auditpinfo_t *api, size_t sz) 781 { 782 783 if (sizeof(*api) != sz) { 784 errno = EINVAL; 785 return (-1); 786 } 787 788 return (auditon(A_GETPINFO, api, sz)); 789 } 790 791 int 792 audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) 793 { 794 795 if (sizeof(*apia) != sz) { 796 errno = EINVAL; 797 return (-1); 798 } 799 800 return (auditon(A_GETPINFO_ADDR, apia, sz)); 801 } 802 803 int 804 audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) 805 { 806 807 if (sizeof(*aia) != sz) { 808 errno = EINVAL; 809 return (-1); 810 } 811 812 return (auditon(A_GETSINFO_ADDR, aia, sz)); 813 } 814 815 int 816 audit_get_stat(au_stat_t *stats, size_t sz) 817 { 818 819 if (sizeof(*stats) != sz) { 820 errno = EINVAL; 821 return (-1); 822 } 823 824 return (auditon(A_GETSTAT, stats, sz)); 825 } 826 827 int 828 audit_set_stat(au_stat_t *stats, size_t sz) 829 { 830 831 if (sizeof(*stats) != sz) { 832 errno = EINVAL; 833 return (-1); 834 } 835 836 return (auditon(A_GETSTAT, stats, sz)); 837 } 838 839 int 840 audit_get_cwd(char *path, size_t sz) 841 { 842 843 return (auditon(A_GETCWD, path, sz)); 844 } 845 846 int 847 audit_get_car(char *path, size_t sz) 848 { 849 850 return (auditon(A_GETCAR, path, sz)); 851 } 852