xref: /illumos-gate/usr/src/cmd/auditconfig/auditconfig.c (revision 8a2b682e57a046b828f37bcde1776f131ef4629f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * Copyright (c) 2019, Joyent, Inc.
27  */
28 
29 /*
30  * auditconfig - set and display audit parameters
31  */
32 
33 #include <locale.h>
34 #include <sys/types.h>
35 #include <ctype.h>
36 #include <stdlib.h>
37 #include <stdarg.h>
38 #include <unistd.h>
39 #include <errno.h>
40 #include <sys/param.h>
41 #include <stdio.h>
42 #include <string.h>
43 #include <strings.h>
44 #include <nlist.h>
45 #include <fcntl.h>
46 #include <sys/socket.h>
47 #include <netdb.h>
48 #include <netinet/in.h>
49 #include <arpa/inet.h>
50 #include <sys/mkdev.h>
51 #include <sys/param.h>
52 #include <pwd.h>
53 #include <libintl.h>
54 #include <zone.h>
55 #include <libscf_priv.h>
56 #include <tsol/label.h>
57 #include <bsm/libbsm.h>
58 #include <audit_policy.h>
59 #include <audit_scf.h>
60 
61 enum	commands {
62 	AC_ARG_ACONF,
63 	AC_ARG_AUDIT,
64 	AC_ARG_CHKACONF,
65 	AC_ARG_CHKCONF,
66 	AC_ARG_CONF,
67 	AC_ARG_GETASID,
68 	AC_ARG_GETAUDIT,
69 	AC_ARG_GETAUID,
70 	AC_ARG_GETCAR,
71 	AC_ARG_GETCLASS,
72 	AC_ARG_GETCOND,
73 	AC_ARG_GETCWD,
74 	AC_ARG_GETESTATE,
75 	AC_ARG_GETFLAGS,
76 	AC_ARG_GETKAUDIT,
77 	AC_ARG_GETKMASK,
78 	AC_ARG_GETNAFLAGS,
79 	AC_ARG_GETPINFO,
80 	AC_ARG_GETPLUGIN,
81 	AC_ARG_GETPOLICY,
82 	AC_ARG_GETQBUFSZ,
83 	AC_ARG_GETQCTRL,
84 	AC_ARG_GETQDELAY,
85 	AC_ARG_GETQHIWATER,
86 	AC_ARG_GETQLOWATER,
87 	AC_ARG_GETSTAT,
88 	AC_ARG_GETTERMID,
89 	AC_ARG_LSEVENT,
90 	AC_ARG_LSPOLICY,
91 	AC_ARG_SETASID,
92 	AC_ARG_SETAUDIT,
93 	AC_ARG_SETAUID,
94 	AC_ARG_SETCLASS,
95 	AC_ARG_SETFLAGS,
96 	AC_ARG_SETKAUDIT,
97 	AC_ARG_SETKMASK,
98 	AC_ARG_SETNAFLAGS,
99 	AC_ARG_SETPLUGIN,
100 	AC_ARG_SETPMASK,
101 	AC_ARG_SETPOLICY,
102 	AC_ARG_SETQBUFSZ,
103 	AC_ARG_SETQCTRL,
104 	AC_ARG_SETQDELAY,
105 	AC_ARG_SETQHIWATER,
106 	AC_ARG_SETQLOWATER,
107 	AC_ARG_SETSMASK,
108 	AC_ARG_SETSTAT,
109 	AC_ARG_SETUMASK,
110 	AC_ARG_SET_TEMPORARY
111 };
112 
113 #define	AC_KERN_EVENT		0
114 #define	AC_USER_EVENT		1
115 
116 #define	NONE(s) (!strlen(s) ? gettext("none") : s)
117 
118 #define	ONEK 1024
119 
120 /*
121  * remove this after the audit.h is fixed
122  */
123 struct arg_entry {
124 	char		*arg_str;
125 	char		*arg_opts;
126 	enum commands	auditconfig_cmd;
127 	boolean_t	temporary_allowed;	/* -t allowed for the option */
128 };
129 typedef struct arg_entry arg_entry_t;
130 
131 /* arg_table - command option and usage message table */
132 static arg_entry_t arg_table[] = {
133 	{ "-aconf",	"",			AC_ARG_ACONF,	B_FALSE},
134 	{ "-audit",	" event sorf retval string", AC_ARG_AUDIT, B_FALSE},
135 	{ "-chkaconf",	"",			AC_ARG_CHKACONF, B_FALSE},
136 	{ "-chkconf",	"",			AC_ARG_CHKCONF,	B_FALSE},
137 	{ "-conf",	"",			AC_ARG_CONF,	B_FALSE},
138 	{ "-getasid",	"",			AC_ARG_GETASID,	B_FALSE},
139 	{ "-getaudit",	"",			AC_ARG_GETAUDIT, B_FALSE},
140 	{ "-getauid",	"",			AC_ARG_GETAUID, B_FALSE},
141 	{ "-getcar",	"",			AC_ARG_GETCAR,	B_FALSE},
142 	{ "-getclass",	" event",		AC_ARG_GETCLASS, B_FALSE},
143 	{ "-getcond",	"",			AC_ARG_GETCOND,	B_FALSE},
144 	{ "-getcwd",	"",			AC_ARG_GETCWD,	B_FALSE},
145 	{ "-getestate",	" event",		AC_ARG_GETESTATE, B_FALSE},
146 	{ "-getflags",	"",			AC_ARG_GETFLAGS, B_FALSE},
147 	{ "-getkaudit",	"",			AC_ARG_GETKAUDIT, B_FALSE},
148 	{ "-getkmask",	"",			AC_ARG_GETKMASK, B_FALSE},
149 	{ "-getnaflags", "",			AC_ARG_GETNAFLAGS, B_FALSE},
150 	{ "-getpinfo",	" pid",			AC_ARG_GETPINFO, B_FALSE},
151 	{ "-getplugin",	" [plugin]",		AC_ARG_GETPLUGIN, B_FALSE},
152 	{ "-getpolicy",	"",			AC_ARG_GETPOLICY, B_TRUE},
153 	{ "-getqbufsz",	"",			AC_ARG_GETQBUFSZ, B_TRUE},
154 	{ "-getqctrl",	"",			AC_ARG_GETQCTRL, B_TRUE},
155 	{ "-getqdelay",	"",			AC_ARG_GETQDELAY, B_TRUE},
156 	{ "-getqhiwater", "",			AC_ARG_GETQHIWATER, B_TRUE},
157 	{ "-getqlowater", "",			AC_ARG_GETQLOWATER, B_TRUE},
158 	{ "-getstat",	"",			AC_ARG_GETSTAT,	B_FALSE},
159 	{ "-gettid",	"",			AC_ARG_GETTERMID, B_FALSE},
160 	{ "-lsevent",	"",			AC_ARG_LSEVENT,	B_FALSE},
161 	{ "-lspolicy",	"",			AC_ARG_LSPOLICY, B_FALSE},
162 	{ "-setasid",	" asid [cmd]",		AC_ARG_SETASID,	B_FALSE},
163 	{ "-setaudit",	" auid audit_flags termid asid [cmd]",
164 						AC_ARG_SETAUDIT, B_FALSE},
165 	{ "-setauid",	" auid [cmd]",		AC_ARG_SETAUID,	B_FALSE},
166 	{ "-setclass",	" event audit_flags",	AC_ARG_SETCLASS, B_FALSE},
167 	{ "-setflags",	" audit_flags",		AC_ARG_SETFLAGS, B_FALSE},
168 	{ "-setkaudit",	" type IP_address",	AC_ARG_SETKAUDIT, B_FALSE},
169 	{ "-setkmask",	" audit_flags",		AC_ARG_SETKMASK, B_FALSE},
170 	{ "-setnaflags", " audit_naflags",	AC_ARG_SETNAFLAGS, B_FALSE},
171 	{ "-setplugin",	" name active|inactive [attributes [qsize]]",
172 						AC_ARG_SETPLUGIN, B_FALSE},
173 	{ "-setpmask",	" pid audit_flags",	AC_ARG_SETPMASK, B_FALSE},
174 	{ "-setpolicy",	" [+|-]policy_flags",	AC_ARG_SETPOLICY, B_TRUE},
175 	{ "-setqbufsz",	" bufsz",		AC_ARG_SETQBUFSZ, B_TRUE},
176 	{ "-setqctrl",	" hiwater lowater bufsz delay",
177 						AC_ARG_SETQCTRL, B_TRUE},
178 	{ "-setqdelay",	" delay",		AC_ARG_SETQDELAY, B_TRUE},
179 	{ "-setqhiwater", " hiwater",		AC_ARG_SETQHIWATER, B_TRUE},
180 	{ "-setqlowater", " lowater",		AC_ARG_SETQLOWATER, B_TRUE},
181 	{ "-setsmask",	" asid audit_flags",	AC_ARG_SETSMASK, B_FALSE},
182 	{ "-setstat",	"",			AC_ARG_SETSTAT, B_FALSE},
183 	{ "-setumask",	" user audit_flags",	AC_ARG_SETUMASK, B_FALSE},
184 	{ "-t",		"",			AC_ARG_SET_TEMPORARY, B_FALSE},
185 };
186 
187 #define	ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t))
188 
189 char	*progname = "auditconfig";
190 
191 /*
192  * temporary_set true to get/set only kernel settings,
193  *		 false to get/set kernel settings and service properties
194  */
195 static boolean_t temporary_set = B_FALSE;
196 
197 static au_event_ent_t *egetauevnam(char *event_name);
198 static au_event_ent_t *egetauevnum(au_event_t event_number);
199 static int arg_ent_compare(const void *aep1, const void *aep2);
200 static char *cond2str(void);
201 static int policy2str(uint32_t policy, char *policy_str, size_t len);
202 static int str2type(char *s, uint_t *type);
203 static int str2policy(char *policy_str, uint32_t *policy_mask);
204 static int str2ipaddr(char *s, uint32_t *addr, uint32_t type);
205 static int strisipaddr(char *s);
206 static int strisnum(char *s);
207 static arg_entry_t *get_arg_ent(char *arg_str);
208 static uid_t get_user_id(char *user);
209 static void chk_arg_len(char *argv, uint_t len);
210 static void chk_event_num(int etype, au_event_t event);
211 static void chk_event_str(int etype, char *event_str);
212 static void chk_known_plugin(char *plugin_str);
213 static void chk_retval(char *retval_str);
214 static void chk_sorf(char *sorf_str);
215 static void do_aconf(void);
216 static void do_args(char **argv, au_mask_t *mask);
217 static void do_audit(char *, char, int, char *);
218 static void do_chkaconf(void);
219 static void do_chkconf(void);
220 static void do_conf(void);
221 static void do_getasid(void);
222 static void do_getaudit(void);
223 static void do_getkaudit(void);
224 static void do_setkaudit(char *t, char *s);
225 static void do_getauid(void);
226 static void do_getcar(void);
227 static void do_getclass(char *event_str);
228 static void do_getcond(void);
229 static void do_getcwd(void);
230 static void do_getflags(void);
231 static void do_getkmask(void);
232 static void do_getnaflags(void);
233 static void do_getpinfo(char *pid_str);
234 static void do_getplugin(char *plugin_str);
235 static void do_getpolicy(void);
236 static void do_getqbufsz(void);
237 static void do_getqctrl(void);
238 static void do_getqdelay(void);
239 static void do_getqhiwater(void);
240 static void do_getqlowater(void);
241 static void do_getstat(void);
242 static void do_gettermid(void);
243 static void do_lsevent(void);
244 static void do_lspolicy(void);
245 static void do_setasid(char *sid_str, char **argv);
246 static void do_setaudit(char *user_str, char *mask_str, char *tid_str,
247     char *sid_str, char **argv);
248 static void do_setauid(char *user, char **argv);
249 static void do_setclass(char *event_str, au_mask_t *mask);
250 static void do_setflags(char *audit_flags, au_mask_t *amask);
251 static void do_setkmask(au_mask_t *pmask);
252 static void do_setnaflags(char *audit_naflags, au_mask_t *namask);
253 static void do_setpmask(char *pid_str, au_mask_t *mask);
254 static void do_setsmask(char *asid_str, au_mask_t *mask);
255 static void do_setumask(char *auid_str, au_mask_t *mask);
256 static void do_setplugin(char *plugin_str, boolean_t plugin_state,
257     char *plugin_attr, int plugin_qsize);
258 static void do_setpolicy(char *policy_str);
259 static void do_setqbufsz(char *bufsz);
260 static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay);
261 static void do_setqdelay(char *delay);
262 static void do_setqhiwater(char *hiwater);
263 static void do_setqlowater(char *lowater);
264 static void do_setstat(void);
265 static void str2tid(char *tid_str, au_tid_addr_t *tp);
266 
267 static void eauditon(int cmd, caddr_t data, int length);
268 static void echkflags(char *auditflags, au_mask_t *mask);
269 static void egetaudit(auditinfo_addr_t *ai, int size);
270 static void egetauditflagsbin(char *auditflags, au_mask_t *pmask);
271 static void egetauid(au_id_t *auid);
272 static void egetkaudit(auditinfo_addr_t *ai, int size);
273 static void esetaudit(auditinfo_addr_t *ai, int size);
274 static void esetauid(au_id_t *auid);
275 static void esetkaudit(auditinfo_addr_t *ai, int size);
276 static void execit(char **argv);
277 static void exit_error(char *fmt, ...);
278 static void exit_usage(int status);
279 static void parse_args(int argc, char **argv, au_mask_t *mask);
280 static void print_asid(au_asid_t asid);
281 static void print_auid(au_id_t auid);
282 static void print_mask(char *desc, au_mask_t *pmp);
283 static void print_plugin(char *plugin_name, kva_t *plugin_kva);
284 static void print_tid_ex(au_tid_addr_t *tidp);
285 
286 #if !defined(TEXT_DOMAIN)
287 #define	TEXT_DOMAIN	"SUNW_OST_OSCMD"
288 #endif
289 
290 int
291 main(int argc, char **argv)
292 {
293 	au_mask_t mask;			/* for options manipulating flags */
294 
295 	(void) setlocale(LC_ALL, "");
296 	(void) textdomain(TEXT_DOMAIN);
297 
298 	if (argc == 1) {
299 		exit_usage(0);
300 	}
301 
302 	if (argc == 2 &&
303 	    (argv[1][0] == '?' ||
304 	    strcmp(argv[1], "-h") == 0 ||
305 	    strcmp(argv[1], "-?") == 0)) {
306 		exit_usage(0);
307 	}
308 
309 	parse_args(argc, argv, &mask);
310 	do_args(argv, &mask);
311 
312 	return (0);
313 }
314 
315 /*
316  * parse_args()
317  *     Desc: Checks command line argument syntax.
318  *     Inputs: Command line argv;
319  *     Returns: If a syntax error is detected, a usage message is printed
320  *              and exit() is called. If a syntax error is not detected,
321  *              parse_args() returns without a value.
322  */
323 static void
324 parse_args(int argc, char **argv, au_mask_t *mask)
325 {
326 	arg_entry_t *ae;
327 
328 	uint_t type;
329 	uint_t addr[4];
330 
331 	for (++argv; *argv; argv++) {
332 		if ((ae = get_arg_ent(*argv)) == NULL) {
333 			exit_usage(1);
334 		}
335 
336 		switch (ae->auditconfig_cmd) {
337 
338 		case AC_ARG_AUDIT:
339 			++argv;
340 			if (!*argv)
341 				exit_usage(1);
342 			if (strisnum(*argv)) {
343 				chk_event_num(AC_USER_EVENT,
344 				    (au_event_t)atol(*argv));
345 			} else {
346 				chk_event_str(AC_USER_EVENT, *argv);
347 			}
348 			++argv;
349 			if (!*argv)
350 				exit_usage(1);
351 			chk_sorf(*argv);
352 			++argv;
353 			if (!*argv)
354 				exit_usage(1);
355 			chk_retval(*argv);
356 			++argv;
357 			if (!*argv)
358 				exit_usage(1);
359 			break;
360 
361 		case AC_ARG_CHKCONF:
362 		case AC_ARG_CONF:
363 		case AC_ARG_ACONF:
364 		case AC_ARG_CHKACONF:
365 		case AC_ARG_GETASID:
366 		case AC_ARG_GETAUID:
367 		case AC_ARG_GETAUDIT:
368 		case AC_ARG_GETKAUDIT:
369 			break;
370 
371 		case AC_ARG_GETCLASS:
372 		case AC_ARG_GETESTATE:
373 			++argv;
374 			if (!*argv)
375 				exit_usage(1);
376 			if (strisnum(*argv)) {
377 				chk_event_num(AC_KERN_EVENT,
378 				    (au_event_t)atol(*argv));
379 			} else {
380 				chk_event_str(AC_KERN_EVENT, *argv);
381 			}
382 			break;
383 
384 		case AC_ARG_GETCAR:
385 		case AC_ARG_GETCOND:
386 		case AC_ARG_GETCWD:
387 		case AC_ARG_GETFLAGS:
388 		case AC_ARG_GETKMASK:
389 		case AC_ARG_GETNAFLAGS:
390 			break;
391 
392 		case AC_ARG_GETPLUGIN:
393 			if (*++argv == NULL) {
394 				--argv;
395 				break;
396 			}
397 			if (get_arg_ent(*argv) != NULL) {
398 				--argv;
399 			} else {
400 				chk_arg_len(*argv, PLUGIN_MAXBUF);
401 				chk_known_plugin(*argv);
402 			}
403 			break;
404 
405 		case AC_ARG_GETPOLICY:
406 		case AC_ARG_GETQBUFSZ:
407 		case AC_ARG_GETQCTRL:
408 		case AC_ARG_GETQDELAY:
409 		case AC_ARG_GETQHIWATER:
410 		case AC_ARG_GETQLOWATER:
411 		case AC_ARG_GETSTAT:
412 		case AC_ARG_GETTERMID:
413 		case AC_ARG_LSEVENT:
414 		case AC_ARG_LSPOLICY:
415 			break;
416 
417 		case AC_ARG_SETASID:
418 		case AC_ARG_SETAUID:
419 		case AC_ARG_SETAUDIT:
420 			++argv;
421 			if (!*argv)
422 				exit_usage(1);
423 
424 			while (*argv)
425 				++argv;
426 			--argv;
427 
428 			break;
429 
430 		case AC_ARG_SETKAUDIT:
431 			++argv;
432 			if (!*argv)
433 				exit_usage(1);
434 			if (str2type (*argv, &type))
435 				exit_error(gettext(
436 				    "Invalid IP address type specified."));
437 			++argv;
438 			if (!*argv)
439 				exit_usage(1);
440 
441 			if (str2ipaddr(*argv, addr, type))
442 				exit_error(
443 				    gettext("Invalid IP address specified."));
444 			break;
445 
446 		case AC_ARG_SETCLASS:
447 			++argv;
448 			if (!*argv)
449 				exit_usage(1);
450 			if (strisnum(*argv))
451 				chk_event_num(AC_KERN_EVENT,
452 				    (au_event_t)atol(*argv));
453 			else
454 				chk_event_str(AC_KERN_EVENT, *argv);
455 			++argv;
456 			if (!*argv)
457 				exit_usage(1);
458 			echkflags(*argv, mask);
459 			break;
460 
461 		case AC_ARG_SETFLAGS:
462 			++argv;
463 			if (!*argv)
464 				exit_usage(1);
465 			chk_arg_len(*argv, PRESELECTION_MAXBUF);
466 			echkflags(*argv, mask);
467 			break;
468 
469 		case AC_ARG_SETKMASK:
470 			++argv;
471 			if (!*argv)
472 				exit_usage(1);
473 			echkflags(*argv, mask);
474 			break;
475 
476 		case AC_ARG_SETNAFLAGS:
477 			++argv;
478 			if (!*argv)
479 				exit_usage(1);
480 			chk_arg_len(*argv, PRESELECTION_MAXBUF);
481 			echkflags(*argv, mask);
482 			break;
483 
484 		case AC_ARG_SETPLUGIN:
485 			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
486 				exit_usage(1);
487 			}
488 			chk_known_plugin(*argv);
489 			chk_arg_len(*argv, PLUGIN_MAXBUF);
490 			if (*++argv == NULL || strcmp(*argv, "active") != 0 &&
491 			    strcmp(*argv, "inactive") != 0) {
492 				exit_usage(1);
493 			}
494 			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
495 				--argv;
496 				break;
497 			}
498 			chk_arg_len(*argv, PLUGIN_MAXATT);
499 			if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
500 				--argv;
501 				break;
502 			}
503 			if (atoi(*argv) < 0) {
504 				exit_error(gettext("Incorrect qsize specified "
505 				    "(%s)."), *argv);
506 			}
507 			break;
508 
509 		case AC_ARG_SETPOLICY:
510 			++argv;
511 			if (!*argv)
512 				exit_usage(1);
513 			break;
514 
515 		case AC_ARG_SETSTAT:
516 			break;
517 
518 		case AC_ARG_GETPINFO:
519 			++argv;
520 			if (!*argv)
521 				exit_usage(1);
522 			break;
523 
524 		case AC_ARG_SETPMASK:
525 			++argv;
526 			if (!*argv)
527 				exit_usage(1);
528 			++argv;
529 			if (!*argv)
530 				exit_usage(1);
531 			echkflags(*argv, mask);
532 			break;
533 
534 		case AC_ARG_SETQBUFSZ:
535 			++argv;
536 			if (!*argv)
537 				exit_usage(1);
538 			if (!strisnum(*argv))
539 				exit_error(gettext("Invalid bufsz specified."));
540 			break;
541 
542 		case AC_ARG_SETQCTRL:
543 			++argv;
544 			if (!*argv)
545 				exit_usage(1);
546 			if (!strisnum(*argv))
547 				exit_error(
548 				    gettext("Invalid hiwater specified."));
549 			++argv;
550 			if (!*argv)
551 				exit_usage(1);
552 			if (!strisnum(*argv))
553 				exit_error(
554 				    gettext("Invalid lowater specified."));
555 			++argv;
556 			if (!*argv)
557 				exit_usage(1);
558 			if (!strisnum(*argv))
559 				exit_error(gettext("Invalid bufsz specified."));
560 			++argv;
561 			if (!*argv)
562 				exit_usage(1);
563 			if (!strisnum(*argv))
564 				exit_error(gettext("Invalid delay specified."));
565 			break;
566 
567 		case AC_ARG_SETQDELAY:
568 			++argv;
569 			if (!*argv)
570 				exit_usage(1);
571 			if (!strisnum(*argv))
572 				exit_error(gettext("Invalid delay specified."));
573 			break;
574 
575 		case AC_ARG_SETQHIWATER:
576 			++argv;
577 			if (!*argv)
578 				exit_usage(1);
579 			if (!strisnum(*argv)) {
580 				exit_error(
581 				    gettext("Invalid hiwater specified."));
582 			}
583 			break;
584 
585 		case AC_ARG_SETQLOWATER:
586 			++argv;
587 			if (!*argv)
588 				exit_usage(1);
589 			if (!strisnum(*argv)) {
590 				exit_error(
591 				    gettext("Invalid lowater specified."));
592 			}
593 			break;
594 
595 		case AC_ARG_SETSMASK:
596 		case AC_ARG_SETUMASK:
597 			++argv;
598 			if (!*argv)
599 				exit_usage(1);
600 			++argv;
601 			if (!*argv)
602 				exit_usage(1);
603 			echkflags(*argv, mask);
604 			break;
605 
606 		case AC_ARG_SET_TEMPORARY:
607 			/* Do not accept single -t option. */
608 			if (argc == 2) {
609 				exit_error(
610 				    gettext("Only the -t option specified "
611 				    "(it is not a standalone option)."));
612 			}
613 			temporary_set = B_TRUE;
614 			break;
615 
616 		default:
617 			exit_error(gettext("Internal error #1."));
618 			break;
619 		}
620 	}
621 }
622 
623 
624 /*
625  * do_args() - do command line arguments in the order in which they appear.
626  * Function return values returned by the underlying functions; the semantics
627  * they should follow is to return B_TRUE on successful execution, B_FALSE
628  * otherwise.
629  */
630 static void
631 do_args(char **argv, au_mask_t *mask)
632 {
633 	arg_entry_t	*ae;
634 
635 	for (++argv; *argv; argv++) {
636 		ae = get_arg_ent(*argv);
637 
638 		switch (ae->auditconfig_cmd) {
639 
640 		case AC_ARG_AUDIT:
641 			{
642 				char sorf;
643 				int  retval;
644 				char *event_name;
645 				char *audit_str;
646 
647 				++argv;
648 				event_name = *argv;
649 				++argv;
650 				sorf = (char)atoi(*argv);
651 				++argv;
652 				retval = atoi(*argv);
653 				++argv;
654 				audit_str = *argv;
655 				do_audit(event_name, sorf, retval, audit_str);
656 			}
657 			break;
658 
659 		case AC_ARG_CHKCONF:
660 			do_chkconf();
661 			break;
662 
663 		case AC_ARG_CONF:
664 			do_conf();
665 			break;
666 
667 		case AC_ARG_CHKACONF:
668 			do_chkaconf();
669 			break;
670 
671 		case AC_ARG_ACONF:
672 			do_aconf();
673 			break;
674 
675 		case AC_ARG_GETASID:
676 			do_getasid();
677 			break;
678 
679 		case AC_ARG_GETAUID:
680 			do_getauid();
681 			break;
682 
683 		case AC_ARG_GETAUDIT:
684 			do_getaudit();
685 			break;
686 
687 		case AC_ARG_GETKAUDIT:
688 			do_getkaudit();
689 			break;
690 
691 		case AC_ARG_GETCLASS:
692 		case AC_ARG_GETESTATE:
693 			++argv;
694 			do_getclass(*argv);
695 			break;
696 
697 		case AC_ARG_GETCAR:
698 			do_getcar();
699 			break;
700 
701 		case AC_ARG_GETCOND:
702 			do_getcond();
703 			break;
704 
705 		case AC_ARG_GETCWD:
706 			do_getcwd();
707 			break;
708 
709 		case AC_ARG_GETFLAGS:
710 			do_getflags();
711 			break;
712 
713 		case AC_ARG_GETKMASK:
714 			do_getkmask();
715 			break;
716 
717 		case AC_ARG_GETNAFLAGS:
718 			do_getnaflags();
719 			break;
720 
721 		case AC_ARG_GETPLUGIN:
722 			{
723 				char	*plugin_str = NULL;
724 
725 				++argv;
726 				if (*argv != NULL) {
727 					if (get_arg_ent(*argv) != NULL) {
728 						--argv;
729 					} else {
730 						plugin_str = *argv;
731 					}
732 				} else {
733 					--argv;
734 				}
735 
736 				do_getplugin(plugin_str);
737 			}
738 			break;
739 
740 		case AC_ARG_GETPOLICY:
741 			do_getpolicy();
742 			break;
743 
744 		case AC_ARG_GETQBUFSZ:
745 			do_getqbufsz();
746 			break;
747 
748 		case AC_ARG_GETQCTRL:
749 			do_getqctrl();
750 			break;
751 
752 		case AC_ARG_GETQDELAY:
753 			do_getqdelay();
754 			break;
755 
756 		case AC_ARG_GETQHIWATER:
757 			do_getqhiwater();
758 			break;
759 
760 		case AC_ARG_GETQLOWATER:
761 			do_getqlowater();
762 			break;
763 
764 		case AC_ARG_GETSTAT:
765 			do_getstat();
766 			break;
767 
768 		case AC_ARG_GETTERMID:
769 			do_gettermid();
770 			break;
771 
772 		case AC_ARG_LSEVENT:
773 			do_lsevent();
774 			break;
775 
776 		case AC_ARG_LSPOLICY:
777 			do_lspolicy();
778 			break;
779 
780 		case AC_ARG_SETASID:
781 			{
782 				char *sid_str;
783 
784 				++argv;
785 				sid_str = *argv;
786 				++argv;
787 				do_setasid(sid_str, argv);
788 			}
789 			break;
790 
791 		case AC_ARG_SETAUID:
792 			{
793 				char *user;
794 
795 				++argv;
796 				user = *argv;
797 				++argv;
798 				do_setauid(user, argv);
799 			}
800 			break;
801 
802 		case AC_ARG_SETAUDIT:
803 			{
804 				char *user_str;
805 				char *mask_str;
806 				char *tid_str;
807 				char *sid_str;
808 
809 				++argv;
810 				user_str = *argv;
811 				++argv;
812 				mask_str = *argv;
813 				++argv;
814 				tid_str = *argv;
815 				++argv;
816 				sid_str = *argv;
817 				++argv;
818 				do_setaudit(user_str, mask_str, tid_str,
819 				    sid_str, argv);
820 			}
821 			break;
822 
823 		case AC_ARG_SETKAUDIT:
824 			{
825 				char *address_type, *address;
826 
827 				++argv; address_type = *argv;
828 				++argv; address = *argv;
829 				do_setkaudit(address_type, address);
830 			}
831 			break;
832 
833 		case AC_ARG_SETCLASS:
834 			{
835 				char *event_str;
836 
837 				++argv;
838 				event_str = *argv;
839 				do_setclass(event_str, mask);
840 
841 				++argv;
842 			}
843 			break;
844 
845 		case AC_ARG_SETFLAGS:
846 			++argv;
847 			do_setflags(*argv, mask);
848 			break;
849 
850 		case AC_ARG_SETKMASK:
851 			++argv;
852 			do_setkmask(mask);
853 			break;
854 
855 		case AC_ARG_SETNAFLAGS:
856 			++argv;
857 			do_setnaflags(*argv, mask);
858 			break;
859 
860 		case AC_ARG_SETPLUGIN:
861 			{
862 				char		*plugin_str = NULL;
863 				boolean_t	plugin_state = B_FALSE;
864 				char		*plugin_att = NULL;
865 				int		plugin_qsize = -1;
866 
867 				plugin_str = *++argv;
868 				if (strcmp(*++argv, "active") == 0) {
869 					plugin_state = B_TRUE;
870 				}
871 				if (*++argv != NULL &&
872 				    get_arg_ent(*argv) == NULL) {
873 					plugin_att = *argv;
874 					if (*++argv != NULL &&
875 					    get_arg_ent(*argv) == NULL) {
876 						plugin_qsize = atoi(*argv);
877 					} else {
878 						--argv;
879 					}
880 				} else {
881 					--argv;
882 				}
883 
884 				do_setplugin(plugin_str, plugin_state,
885 				    plugin_att, plugin_qsize);
886 			}
887 			break;
888 
889 		case AC_ARG_SETPOLICY:
890 			++argv;
891 			do_setpolicy(*argv);
892 			break;
893 
894 		case AC_ARG_GETPINFO:
895 			{
896 				char *pid_str;
897 
898 				++argv;
899 				pid_str = *argv;
900 				do_getpinfo(pid_str);
901 			}
902 			break;
903 
904 		case AC_ARG_SETPMASK:
905 			{
906 				char *pid_str;
907 
908 				++argv;
909 				pid_str = *argv;
910 				do_setpmask(pid_str, mask);
911 
912 				++argv;
913 			}
914 			break;
915 
916 		case AC_ARG_SETSTAT:
917 			do_setstat();
918 			break;
919 
920 		case AC_ARG_SETQBUFSZ:
921 			++argv;
922 			do_setqbufsz(*argv);
923 			break;
924 
925 		case AC_ARG_SETQCTRL:
926 			{
927 				char *hiwater, *lowater, *bufsz, *delay;
928 
929 				++argv; hiwater = *argv;
930 				++argv; lowater = *argv;
931 				++argv; bufsz = *argv;
932 				++argv; delay = *argv;
933 				do_setqctrl(hiwater, lowater, bufsz, delay);
934 			}
935 			break;
936 		case AC_ARG_SETQDELAY:
937 			++argv;
938 			do_setqdelay(*argv);
939 			break;
940 
941 		case AC_ARG_SETQHIWATER:
942 			++argv;
943 			do_setqhiwater(*argv);
944 			break;
945 
946 		case AC_ARG_SETQLOWATER:
947 			++argv;
948 			do_setqlowater(*argv);
949 			break;
950 
951 		case AC_ARG_SETSMASK:
952 			{
953 				char *asid_str;
954 
955 				++argv;
956 				asid_str = *argv;
957 				do_setsmask(asid_str, mask);
958 
959 				++argv;
960 			}
961 			break;
962 		case AC_ARG_SETUMASK:
963 			{
964 				char *auid_str;
965 
966 				++argv;
967 				auid_str = *argv;
968 				do_setumask(auid_str, mask);
969 
970 				++argv;
971 			}
972 			break;
973 		case AC_ARG_SET_TEMPORARY:
974 			break;
975 
976 		default:
977 			exit_error(gettext("Internal error #2."));
978 			break;
979 		}
980 	}
981 }
982 
983 /*
984  * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE
985  * is set.
986  */
987 static void
988 do_chkconf(void)
989 {
990 	register au_event_ent_t *evp;
991 	au_mask_t pmask;
992 	char conf_aflags[256];
993 	char run_aflags[256];
994 	au_stat_t as;
995 	int class;
996 	int			len;
997 	struct au_evclass_map	cmap;
998 
999 	pmask.am_success = pmask.am_failure = 0;
1000 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1001 
1002 	setauevent();
1003 	if (getauevent() == NULL) {
1004 		exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."),
1005 		    AUDITEVENTFILE);
1006 	}
1007 
1008 	setauevent();
1009 	while ((evp = getauevent()) != NULL) {
1010 		cmap.ec_number = evp->ae_number;
1011 		len = sizeof (struct au_evclass_map);
1012 		if (evp->ae_number <= as.as_numevent) {
1013 			if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) {
1014 				(void) printf("%s(%hu):%s",
1015 				    evp->ae_name, evp->ae_number,
1016 				    gettext("UNKNOWN EVENT: Could not get "
1017 				    "class for event. Configuration may "
1018 				    "be bad.\n"));
1019 			} else {
1020 				class = cmap.ec_class;
1021 				if (class != evp->ae_class) {
1022 					conf_aflags[0] = run_aflags[0] = '\0';
1023 					pmask.am_success = class;
1024 					pmask.am_failure = class;
1025 					(void) getauditflagschar(run_aflags,
1026 					    &pmask, 0);
1027 					pmask.am_success = evp->ae_class;
1028 					pmask.am_failure = evp->ae_class;
1029 					(void) getauditflagschar(conf_aflags,
1030 					    &pmask, 0);
1031 
1032 					(void) printf(gettext(
1033 					    "%s(%hu): CLASS MISMATCH: "
1034 					    "runtime class (%s) != "
1035 					    "configured class (%s)\n"),
1036 					    evp->ae_name, evp->ae_number,
1037 					    NONE(run_aflags),
1038 					    NONE(conf_aflags));
1039 				}
1040 			}
1041 		}
1042 	}
1043 	endauevent();
1044 }
1045 
1046 /*
1047  * do_conf() - configure the kernel events. The value returned to the user is
1048  * for the global zone unless AUDIT_PERZONE is set.
1049  */
1050 static void
1051 do_conf(void)
1052 {
1053 	register au_event_ent_t *evp;
1054 	register int i;
1055 	au_evclass_map_t ec;
1056 	au_stat_t as;
1057 
1058 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1059 
1060 	i = 0;
1061 	setauevent();
1062 	while ((evp = getauevent()) != NULL) {
1063 		if (evp->ae_number <= as.as_numevent) {
1064 			++i;
1065 			ec.ec_number = evp->ae_number;
1066 			ec.ec_class = evp->ae_class;
1067 			eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec));
1068 		}
1069 	}
1070 	endauevent();
1071 	(void) printf(gettext("Configured %d kernel events.\n"), i);
1072 
1073 }
1074 
1075 /*
1076  * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit
1077  * event does not match the configured class mask. The value returned to the
1078  * user is for the global zone unless AUDIT_PERZONE is set.
1079  */
1080 static void
1081 do_chkaconf(void)
1082 {
1083 	char		*namask_cfg;
1084 	au_mask_t	pmask, kmask;
1085 
1086 	if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1087 		exit_error(gettext("Could not get configured value."));
1088 	}
1089 	egetauditflagsbin(namask_cfg, &pmask);
1090 
1091 	eauditon(A_GETKMASK, (caddr_t)&kmask, sizeof (kmask));
1092 
1093 	if ((pmask.am_success != kmask.am_success) ||
1094 	    (pmask.am_failure != kmask.am_failure)) {
1095 		char kbuf[2048];
1096 		if (getauditflagschar(kbuf, &kmask, 0) < 0) {
1097 			free(namask_cfg);
1098 			(void) fprintf(stderr,
1099 			    gettext("bad kernel non-attributable mask\n"));
1100 			exit(1);
1101 		}
1102 		(void) printf(
1103 		    gettext("non-attributable event flags mismatch:\n"));
1104 		(void) printf(gettext("active non-attributable audit flags "
1105 		    "= %s\n"), kbuf);
1106 		(void) printf(gettext("configured non-attributable audit flags "
1107 		    "= %s\n"), namask_cfg);
1108 	}
1109 	free(namask_cfg);
1110 }
1111 
1112 /*
1113  * do_aconf - configures the non-attributable events. The value returned to the
1114  * user is for the global zone unless AUDIT_PERZONE is set.
1115  */
1116 static void
1117 do_aconf(void)
1118 {
1119 	au_mask_t	namask;
1120 	char		*namask_cfg;
1121 
1122 	if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1123 		exit_error(gettext("Could not get configured value."));
1124 	}
1125 	egetauditflagsbin(namask_cfg, &namask);
1126 	free(namask_cfg);
1127 
1128 	eauditon(A_SETKMASK, (caddr_t)&namask, sizeof (namask));
1129 	(void) printf(gettext("Configured non-attributable event mask.\n"));
1130 }
1131 
1132 /*
1133  * do_audit() - construct an audit record for audit event event using the
1134  * process's audit characteristics containing a text token string audit_str. The
1135  * return token is constructed from the success/failure flag sort. Returned
1136  * value retval is an errno value.
1137  */
1138 static void
1139 do_audit(char *event, char sorf, int retval, char *audit_str)
1140 {
1141 	int rtn;
1142 	int rd;
1143 	au_event_t event_num;
1144 	au_event_ent_t *evp;
1145 	auditinfo_addr_t ai;
1146 	token_t *tokp;
1147 
1148 	egetaudit(&ai, sizeof (ai));
1149 
1150 	if (strisnum(event)) {
1151 		event_num = (au_event_t)atoi(event);
1152 		evp = egetauevnum(event_num);
1153 	} else {
1154 		evp = egetauevnam(event);
1155 	}
1156 
1157 	rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf,
1158 	    AU_PRS_USECACHE);
1159 
1160 	if (rtn == -1) {
1161 		exit_error("%s\n%s %hu\n",
1162 		    gettext("Check audit event configuration."),
1163 		    gettext("Could not get audit class for event number"),
1164 		    evp->ae_number);
1165 	}
1166 
1167 	/* record is preselected */
1168 	if (rtn == 1) {
1169 		if ((rd = au_open()) == -1) {
1170 			exit_error(gettext(
1171 			    "Could not get and audit record descriptor\n"));
1172 		}
1173 		if ((tokp = au_to_me()) == NULL) {
1174 			exit_error(
1175 			    gettext("Could not allocate subject token\n"));
1176 		}
1177 		if (au_write(rd, tokp) == -1) {
1178 			exit_error(gettext("Could not construct subject token "
1179 			    "of audit record\n"));
1180 		}
1181 		if (is_system_labeled()) {
1182 			if ((tokp = au_to_mylabel()) == NULL) {
1183 				exit_error(gettext(
1184 				    "Could not allocate label token\n"));
1185 			}
1186 			if (au_write(rd, tokp) == -1) {
1187 				exit_error(gettext("Could not "
1188 				    "construct label token of audit record\n"));
1189 			}
1190 		}
1191 
1192 		if ((tokp = au_to_text(audit_str)) == NULL)
1193 			exit_error(gettext("Could not allocate text token\n"));
1194 		if (au_write(rd, tokp) == -1)
1195 			exit_error(gettext("Could not construct text token of "
1196 			    "audit record\n"));
1197 #ifdef _LP64
1198 		if ((tokp = au_to_return64(sorf, retval)) == NULL)
1199 #else
1200 		if ((tokp = au_to_return32(sorf, retval)) == NULL)
1201 #endif
1202 			exit_error(
1203 			    gettext("Could not allocate return token\n"));
1204 		if (au_write(rd, tokp) == -1) {
1205 			exit_error(gettext("Could not construct return token "
1206 			    "of audit record\n"));
1207 		}
1208 		if (au_close(rd, 1, evp->ae_number) == -1) {
1209 			exit_error(
1210 			    gettext("Could not write audit record: %s\n"),
1211 			    strerror(errno));
1212 		}
1213 	}
1214 }
1215 
1216 /*
1217  * do_getauid() - print the audit id of the current process.
1218  */
1219 static void
1220 do_getauid(void)
1221 {
1222 	au_id_t auid;
1223 
1224 	egetauid(&auid);
1225 	print_auid(auid);
1226 }
1227 
1228 /*
1229  * do_getaudit() - print the audit characteristics of the current process.
1230  */
1231 static void
1232 do_getaudit(void)
1233 {
1234 	auditinfo_addr_t ai;
1235 
1236 	egetaudit(&ai, sizeof (ai));
1237 	print_auid(ai.ai_auid);
1238 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
1239 	print_tid_ex(&ai.ai_termid);
1240 	print_asid(ai.ai_asid);
1241 }
1242 
1243 /*
1244  * do_getkaudit() - print the audit characteristics of the current zone.
1245  */
1246 static void
1247 do_getkaudit(void)
1248 {
1249 	auditinfo_addr_t ai;
1250 
1251 	egetkaudit(&ai, sizeof (ai));
1252 	print_auid(ai.ai_auid);
1253 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
1254 	print_tid_ex(&ai.ai_termid);
1255 	print_asid(ai.ai_asid);
1256 }
1257 
1258 /*
1259  * do_setkaudit() - set IP address_type/address of machine to specified values;
1260  * valid per zone if AUDIT_PERZONE is set, else only in global zone.
1261  */
1262 static void
1263 do_setkaudit(char *t, char *s)
1264 {
1265 	uint_t type;
1266 	auditinfo_addr_t ai;
1267 
1268 	egetkaudit(&ai, sizeof (ai));
1269 	(void) str2type(t, &type);
1270 	(void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type);
1271 	ai.ai_termid.at_type = type;
1272 	esetkaudit(&ai, sizeof (ai));
1273 }
1274 
1275 /*
1276  * do_getcar() - print the zone-relative root
1277  */
1278 static void
1279 do_getcar(void)
1280 {
1281 	char path[MAXPATHLEN];
1282 
1283 	eauditon(A_GETCAR, (caddr_t)path, sizeof (path));
1284 	(void) printf(gettext("current active root = %s\n"), path);
1285 }
1286 
1287 /*
1288  * do_getclass() - print the preselection mask associated with the specified
1289  * kernel audit event. The displayed value is for the global zone unless
1290  * AUDIT_PERZONE is set.
1291  */
1292 static void
1293 do_getclass(char *event_str)
1294 {
1295 	au_evclass_map_t ec;
1296 	au_event_ent_t *evp;
1297 	au_event_t event_number;
1298 	char *event_name;
1299 
1300 	if (strisnum(event_str)) {
1301 		event_number = atol(event_str);
1302 		if ((evp = egetauevnum(event_number)) != NULL) {
1303 			event_number = evp->ae_number;
1304 			event_name = evp->ae_name;
1305 		} else {
1306 			event_name = gettext("unknown");
1307 		}
1308 	} else {
1309 		event_name = event_str;
1310 		if ((evp = egetauevnam(event_str)) != NULL) {
1311 			event_number = evp->ae_number;
1312 		}
1313 	}
1314 
1315 	ec.ec_number = event_number;
1316 	eauditon(A_GETCLASS, (caddr_t)&ec, 0);
1317 
1318 	(void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"),
1319 	    event_name, event_number, ec.ec_class);
1320 }
1321 
1322 /*
1323  * do_getcond() - the printed value is for the global zone unless
1324  * AUDIT_PERZONE is set. (AUC_DISABLED is always global, the other states are
1325  * per zone if AUDIT_PERZONE is set)
1326  */
1327 static void
1328 do_getcond(void)
1329 {
1330 	(void) printf(gettext("audit condition = %s\n"), cond2str());
1331 }
1332 
1333 /*
1334  * do_getcwd() - the printed path is relative to the current zone root
1335  */
1336 static void
1337 do_getcwd(void)
1338 {
1339 	char path[MAXPATHLEN];
1340 
1341 	eauditon(A_GETCWD, (caddr_t)path, sizeof (path));
1342 	(void) printf(gettext("current working directory = %s\n"), path);
1343 }
1344 
1345 /*
1346  * do_getflags() - the printed value is for the global zone unless AUDIT_PERZONE
1347  * is set.
1348  */
1349 static void
1350 do_getflags(void)
1351 {
1352 	au_mask_t	amask;
1353 	char		*amask_cfg;
1354 
1355 	eauditon(A_GETAMASK, (caddr_t)&amask, sizeof (amask));
1356 	print_mask(gettext("active user default audit flags"), &amask);
1357 
1358 	if (!do_getflags_scf(&amask_cfg) || amask_cfg == NULL) {
1359 		exit_error(gettext("Could not get configured value."));
1360 	}
1361 	egetauditflagsbin(amask_cfg, &amask);
1362 	print_mask(gettext("configured user default audit flags"), &amask);
1363 	free(amask_cfg);
1364 }
1365 
1366 /*
1367  * do_getkmask() - the printed value is for the global zone unless AUDIT_PERZONE
1368  * is set.
1369  */
1370 static void
1371 do_getkmask(void)
1372 {
1373 	au_mask_t pmask;
1374 
1375 	eauditon(A_GETKMASK, (caddr_t)&pmask, sizeof (pmask));
1376 	print_mask(gettext("active non-attributable audit flags"), &pmask);
1377 }
1378 
1379 /*
1380  * do_getnaflags() - the printed value is for the global zone unless
1381  * AUDIT_PERZONE is set.
1382  */
1383 static void
1384 do_getnaflags(void)
1385 {
1386 	au_mask_t	namask;
1387 	char		*namask_cfg;
1388 
1389 	eauditon(A_GETKMASK, (caddr_t)&namask, sizeof (namask));
1390 	print_mask(gettext("active non-attributable audit flags"), &namask);
1391 
1392 	if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1393 		exit_error(gettext("Could not get configured value."));
1394 	}
1395 	egetauditflagsbin(namask_cfg, &namask);
1396 	print_mask(gettext("configured non-attributable audit flags"), &namask);
1397 	free(namask_cfg);
1398 }
1399 
1400 /*
1401  * do_getpolicy() - print active and configured kernel audit policy relative to
1402  * the current zone.
1403  */
1404 static void
1405 do_getpolicy(void)
1406 {
1407 	char			policy_str[1024];
1408 	uint32_t		policy;
1409 
1410 	if (!temporary_set) {
1411 		if (!do_getpolicy_scf(&policy)) {
1412 			exit_error(gettext("Could not get configured values."));
1413 		}
1414 		(void) policy2str(policy, policy_str, sizeof (policy_str));
1415 		(void) printf(gettext("configured audit policies = %s\n"),
1416 		    policy_str);
1417 	}
1418 
1419 	eauditon(A_GETPOLICY, (caddr_t)&policy, 0);
1420 	(void) policy2str(policy, policy_str, sizeof (policy_str));
1421 	(void) printf(gettext("active audit policies = %s\n"), policy_str);
1422 }
1423 
1424 
1425 /*
1426  * do_getpinfo() - print the audit ID, preselection mask, terminal ID, and
1427  * audit session ID for the specified process.
1428  */
1429 static void
1430 do_getpinfo(char *pid_str)
1431 {
1432 	struct auditpinfo_addr ap;
1433 
1434 	if (strisnum(pid_str))
1435 		ap.ap_pid = (pid_t)atoi(pid_str);
1436 	else
1437 		exit_usage(1);
1438 
1439 	eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap));
1440 
1441 	print_auid(ap.ap_auid);
1442 	print_mask(gettext("process preselection mask"), &(ap.ap_mask));
1443 	print_tid_ex(&(ap.ap_termid));
1444 	print_asid(ap.ap_asid);
1445 }
1446 
1447 /*
1448  * do_getplugin() - print plugin configuration.
1449  */
1450 static void
1451 do_getplugin(char *plugin_str)
1452 {
1453 	scf_plugin_kva_node_t	*plugin_kva_ll;
1454 	scf_plugin_kva_node_t	*plugin_kva_ll_head;
1455 
1456 	if (!do_getpluginconfig_scf(plugin_str, &plugin_kva_ll)) {
1457 		exit_error(gettext("Could not get plugin configuration."));
1458 	}
1459 
1460 	plugin_kva_ll_head = plugin_kva_ll;
1461 
1462 	while (plugin_kva_ll != NULL) {
1463 		print_plugin(plugin_kva_ll->plugin_name,
1464 		    plugin_kva_ll->plugin_kva);
1465 		plugin_kva_ll = plugin_kva_ll->next;
1466 		if (plugin_kva_ll != NULL) {
1467 			(void) printf("\n");
1468 		}
1469 	}
1470 	plugin_kva_ll_free(plugin_kva_ll_head);
1471 }
1472 
1473 /*
1474  * do_getqbufsz() - print the active and configured audit queue write buffer
1475  * size relative to the current zone.
1476  */
1477 static void
1478 do_getqbufsz(void)
1479 {
1480 	struct au_qctrl qctrl;
1481 
1482 	if (!temporary_set) {
1483 		if (!do_getqbufsz_scf(&qctrl.aq_bufsz)) {
1484 			exit_error(gettext("Could not get configured value."));
1485 		}
1486 
1487 		if (qctrl.aq_bufsz == 0) {
1488 			(void) printf(gettext(
1489 			    "no configured audit queue buffer size\n"));
1490 		} else {
1491 			(void) printf(gettext("configured audit queue "
1492 			    "buffer size (bytes) = %d\n"), qctrl.aq_bufsz);
1493 		}
1494 	}
1495 
1496 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1497 	(void) printf(gettext("active audit queue buffer size (bytes) = %d\n"),
1498 	    qctrl.aq_bufsz);
1499 }
1500 
1501 /*
1502  * do_getqctrl() - print the configured and active audit queue write buffer
1503  * size, audit queue hiwater mark, audit queue lowater mark, audit queue prod
1504  * interval (ticks) relative to the current zone.
1505  */
1506 static void
1507 do_getqctrl(void)
1508 {
1509 	struct au_qctrl	qctrl;
1510 
1511 	if (!temporary_set) {
1512 		if (!do_getqctrl_scf(&qctrl)) {
1513 			exit_error(gettext("Could not get configured values."));
1514 		}
1515 
1516 		if (qctrl.aq_hiwater == 0) {
1517 			(void) printf(gettext(
1518 			    "no configured audit queue hiwater mark\n"));
1519 		} else {
1520 			(void) printf(gettext("configured audit queue "
1521 			    "hiwater mark (records) = %d\n"), qctrl.aq_hiwater);
1522 		}
1523 		if (qctrl.aq_lowater == 0) {
1524 			(void) printf(gettext(
1525 			    "no configured audit queue lowater mark\n"));
1526 		} else {
1527 			(void) printf(gettext("configured audit queue "
1528 			    "lowater mark (records) = %d\n"), qctrl.aq_lowater);
1529 		}
1530 		if (qctrl.aq_bufsz == 0) {
1531 			(void) printf(gettext(
1532 			    "no configured audit queue buffer size\n"));
1533 		} else {
1534 			(void) printf(gettext("configured audit queue "
1535 			    "buffer size (bytes) = %d\n"), qctrl.aq_bufsz);
1536 		}
1537 		if (qctrl.aq_delay == 0) {
1538 			(void) printf(gettext(
1539 			    "no configured audit queue delay\n"));
1540 		} else {
1541 			(void) printf(gettext("configured audit queue "
1542 			    "delay (ticks) = %ld\n"), qctrl.aq_delay);
1543 		}
1544 	}
1545 
1546 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1547 	(void) printf(gettext("active audit queue hiwater mark "
1548 	    "(records) = %d\n"), qctrl.aq_hiwater);
1549 	(void) printf(gettext("active audit queue lowater mark "
1550 	    "(records) = %d\n"), qctrl.aq_lowater);
1551 	(void) printf(gettext("active audit queue buffer size (bytes) = %d\n"),
1552 	    qctrl.aq_bufsz);
1553 	(void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1554 	    qctrl.aq_delay);
1555 }
1556 
1557 /*
1558  * do_getqdelay() - print, relative to the current zone, the configured and
1559  * active interval at which audit queue is prodded to start output.
1560  */
1561 static void
1562 do_getqdelay(void)
1563 {
1564 	struct au_qctrl qctrl;
1565 
1566 	if (!temporary_set) {
1567 		if (!do_getqdelay_scf(&qctrl.aq_delay)) {
1568 			exit_error(gettext("Could not get configured value."));
1569 		}
1570 
1571 		if (qctrl.aq_delay == 0) {
1572 			(void) printf(gettext(
1573 			    "no configured audit queue delay\n"));
1574 		} else {
1575 			(void) printf(gettext("configured audit queue "
1576 			    "delay (ticks) = %ld\n"), qctrl.aq_delay);
1577 		}
1578 	}
1579 
1580 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1581 	(void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1582 	    qctrl.aq_delay);
1583 }
1584 
1585 /*
1586  * do_getqhiwater() - print, relative to the current zone, the high water
1587  * point in undelivered audit records when audit generation will block.
1588  */
1589 static void
1590 do_getqhiwater(void)
1591 {
1592 	struct au_qctrl qctrl;
1593 
1594 	if (!temporary_set) {
1595 		if (!do_getqhiwater_scf(&qctrl.aq_hiwater)) {
1596 			exit_error(gettext("Could not get configured value."));
1597 		}
1598 
1599 		if (qctrl.aq_hiwater == 0) {
1600 			(void) printf(gettext(
1601 			    "no configured audit queue hiwater mark\n"));
1602 		} else {
1603 			(void) printf(gettext("configured audit queue "
1604 			    "hiwater mark (records) = %d\n"), qctrl.aq_hiwater);
1605 		}
1606 	}
1607 
1608 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1609 	(void) printf(gettext("active audit queue hiwater mark "
1610 	    "(records) = %d\n"), qctrl.aq_hiwater);
1611 }
1612 
1613 /*
1614  * do_getqlowater() - print, relative to the current zone, the low water point
1615  * in undelivered audit records where blocked processes will resume.
1616  */
1617 static void
1618 do_getqlowater(void)
1619 {
1620 	struct au_qctrl qctrl;
1621 
1622 	if (!temporary_set) {
1623 		if (!do_getqlowater_scf(&qctrl.aq_lowater)) {
1624 			exit_error(gettext("Could not get configured value."));
1625 		}
1626 
1627 		if (qctrl.aq_lowater == 0) {
1628 			(void) printf(gettext(
1629 			    "no configured audit queue lowater mark\n"));
1630 		} else {
1631 			(void) printf(gettext("configured audit queue "
1632 			    "lowater mark (records) = %d\n"), qctrl.aq_lowater);
1633 		}
1634 	}
1635 
1636 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1637 	(void) printf(gettext("active audit queue lowater mark "
1638 	    "(records) = %d\n"), qctrl.aq_lowater);
1639 }
1640 
1641 /*
1642  * do_getasid() - print out the audit session-ID.
1643  */
1644 static void
1645 do_getasid(void)
1646 {
1647 	auditinfo_addr_t ai;
1648 
1649 	if (getaudit_addr(&ai, sizeof (ai))) {
1650 		exit_error(gettext("getaudit_addr(2) failed"));
1651 	}
1652 	print_asid(ai.ai_asid);
1653 }
1654 
1655 /*
1656  * do_getstat() - the printed statistics are for the entire system unless
1657  * AUDIT_PERZONE is set.
1658  */
1659 static void
1660 do_getstat(void)
1661 {
1662 	au_stat_t as;
1663 	int offset[12];   /* used to line the header up correctly */
1664 	char buf[512];
1665 
1666 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1667 	(void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu "
1668 	    "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n",
1669 	    (ulong_t)as.as_generated,	&(offset[0]),
1670 	    (ulong_t)as.as_nonattrib,	&(offset[1]),
1671 	    (ulong_t)as.as_kernel,	&(offset[2]),
1672 	    (ulong_t)as.as_audit,	&(offset[3]),
1673 	    (ulong_t)as.as_auditctl,	&(offset[4]),
1674 	    (ulong_t)as.as_enqueue,	&(offset[5]),
1675 	    (ulong_t)as.as_written,	&(offset[6]),
1676 	    (ulong_t)as.as_wblocked,	&(offset[7]),
1677 	    (ulong_t)as.as_rblocked,	&(offset[8]),
1678 	    (ulong_t)as.as_dropped,	&(offset[9]),
1679 	    (ulong_t)as.as_totalsize / ONEK, &(offset[10]),
1680 	    (ulong_t)as.as_memused / ONEK, &(offset[11]));
1681 
1682 	/*
1683 	 * TRANSLATION_NOTE
1684 	 *	Print a properly aligned header.
1685 	 */
1686 	(void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n",
1687 	    offset[0] - 1,		gettext("gen"),
1688 	    offset[1] - offset[0] -1,	gettext("nona"),
1689 	    offset[2] - offset[1] -1,	gettext("kern"),
1690 	    offset[3] - offset[2] -1,	gettext("aud"),
1691 	    offset[4] - offset[3] -1,	gettext("ctl"),
1692 	    offset[5] - offset[4] -1,	gettext("enq"),
1693 	    offset[6] - offset[5] -1,	gettext("wrtn"),
1694 	    offset[7] - offset[6] -1,	gettext("wblk"),
1695 	    offset[8] - offset[7] -1,	gettext("rblk"),
1696 	    offset[9] - offset[8] -1,	gettext("drop"),
1697 	    offset[10] - offset[9] -1,	gettext("tot"),
1698 	    offset[11] - offset[10],	gettext("mem"));
1699 
1700 	(void) printf("%s\n", buf);
1701 }
1702 
1703 /*
1704  * do_gettermid() - print audit terminal ID for current process.
1705  */
1706 static void
1707 do_gettermid(void)
1708 {
1709 	auditinfo_addr_t ai;
1710 
1711 	if (getaudit_addr(&ai, sizeof (ai))) {
1712 		exit_error(gettext("getaudit_addr(2) failed"));
1713 	}
1714 	print_tid_ex(&ai.ai_termid);
1715 }
1716 
1717 /*
1718  * do_lsevent() - display the active kernel and user level audit event
1719  * information. The printed events are for the global zone unless AUDIT_PERZONE
1720  * is set.
1721  */
1722 static void
1723 do_lsevent(void)
1724 {
1725 	register au_event_ent_t *evp;
1726 	au_mask_t pmask;
1727 	char auflags[256];
1728 
1729 	setauevent();
1730 	if (getauevent() == NULL) {
1731 		exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."),
1732 		    AUDITEVENTFILE);
1733 	}
1734 
1735 	setauevent();
1736 	while ((evp = getauevent()) != NULL) {
1737 		pmask.am_success = pmask.am_failure = evp->ae_class;
1738 		if (getauditflagschar(auflags, &pmask, 0) == -1)
1739 			(void) strcpy(auflags, "unknown");
1740 		(void) printf("%-30s %5hu %s %s\n",
1741 		    evp->ae_name, evp->ae_number, auflags, evp->ae_desc);
1742 	}
1743 	endauevent();
1744 }
1745 
1746 /*
1747  * do_lspolicy() - display the kernel audit policies with a description  of each
1748  * policy. The printed value is for the global zone unless AUDIT_PERZONE is set.
1749  */
1750 static void
1751 do_lspolicy(void)
1752 {
1753 	int i;
1754 
1755 	/*
1756 	 * TRANSLATION_NOTE
1757 	 *	Print a properly aligned header.
1758 	 */
1759 	(void) printf(gettext("policy string    description:\n"));
1760 	for (i = 0; i < POLICY_TBL_SZ; i++) {
1761 		(void) printf("%-17s%s\n", policy_table[i].policy_str,
1762 		    gettext(policy_table[i].policy_desc));
1763 	}
1764 }
1765 
1766 /*
1767  * do_setasid() - execute shell or cmd with specified session-ID.
1768  */
1769 static void
1770 do_setasid(char *sid_str, char **argv)
1771 {
1772 	struct auditinfo_addr ai;
1773 
1774 	if (getaudit_addr(&ai, sizeof (ai))) {
1775 		exit_error(gettext("getaudit_addr(2) failed"));
1776 	}
1777 	ai.ai_asid = (au_asid_t)atol(sid_str);
1778 	if (setaudit_addr(&ai, sizeof (ai))) {
1779 		exit_error(gettext("setaudit_addr(2) failed"));
1780 	}
1781 	execit(argv);
1782 }
1783 
1784 /*
1785  * do_setaudit() - execute shell or cmd with specified audit characteristics.
1786  */
1787 static void
1788 do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str,
1789     char **argv)
1790 {
1791 	auditinfo_addr_t ai;
1792 
1793 	ai.ai_auid = (au_id_t)get_user_id(user_str);
1794 	egetauditflagsbin(mask_str, &ai.ai_mask),
1795 	    str2tid(tid_str, &ai.ai_termid);
1796 	ai.ai_asid = (au_asid_t)atol(sid_str);
1797 
1798 	esetaudit(&ai, sizeof (ai));
1799 	execit(argv);
1800 }
1801 
1802 /*
1803  * do_setauid() - execute shell or cmd with specified audit-ID.
1804  */
1805 static void
1806 do_setauid(char *user, char **argv)
1807 {
1808 	au_id_t auid;
1809 
1810 	auid = get_user_id(user);
1811 	esetauid(&auid);
1812 	execit(argv);
1813 }
1814 
1815 /*
1816  * do_setpmask() - set the preselection mask of the specified process; valid
1817  * per zone if AUDIT_PERZONE is set, else only in global zone.
1818  */
1819 static void
1820 do_setpmask(char *pid_str, au_mask_t *mask)
1821 {
1822 	struct auditpinfo ap;
1823 
1824 	if (strisnum(pid_str)) {
1825 		ap.ap_pid = (pid_t)atoi(pid_str);
1826 	} else {
1827 		exit_usage(1);
1828 	}
1829 
1830 	ap.ap_mask.am_success = mask->am_success;
1831 	ap.ap_mask.am_failure = mask->am_failure;
1832 
1833 	eauditon(A_SETPMASK, (caddr_t)&ap, sizeof (ap));
1834 }
1835 
1836 /*
1837  * do_setsmask() - set the preselection mask of all processes with the specified
1838  * audit session-ID; valid per zone if AUDIT_PERZONE is set, else only in global
1839  * zone.
1840  */
1841 static void
1842 do_setsmask(char *asid_str, au_mask_t *mask)
1843 {
1844 	struct auditinfo ainfo;
1845 
1846 	if (strisnum(asid_str)) {
1847 		ainfo.ai_asid = (au_asid_t)atoi(asid_str);
1848 	} else {
1849 		exit_usage(1);
1850 	}
1851 
1852 	ainfo.ai_mask.am_success = mask->am_success;
1853 	ainfo.ai_mask.am_failure = mask->am_failure;
1854 
1855 	eauditon(A_SETSMASK, (caddr_t)&ainfo, sizeof (ainfo));
1856 }
1857 
1858 /*
1859  * do_setumask() -  set the preselection mask of all processes with the
1860  * specified audit-ID; valid per zone if AUDIT_PERZONE is set, else only in
1861  * global zone.
1862  */
1863 static void
1864 do_setumask(char *auid_str, au_mask_t *mask)
1865 {
1866 	struct auditinfo ainfo;
1867 
1868 	if (strisnum(auid_str)) {
1869 		ainfo.ai_auid = (au_id_t)atoi(auid_str);
1870 	} else {
1871 		exit_usage(1);
1872 	}
1873 
1874 	ainfo.ai_mask.am_success = mask->am_success;
1875 	ainfo.ai_mask.am_failure = mask->am_failure;
1876 
1877 	eauditon(A_SETUMASK, (caddr_t)&ainfo, sizeof (ainfo));
1878 }
1879 
1880 /*
1881  * do_setstat() - reset audit statistics counters; local zone use is valid if
1882  * AUDIT_PERZONE is set, otherwise the syscall returns EPERM.
1883  */
1884 static void
1885 do_setstat(void)
1886 {
1887 	au_stat_t as;
1888 
1889 	as.as_audit	= (uint_t)-1;
1890 	as.as_auditctl	= (uint_t)-1;
1891 	as.as_dropped	= (uint_t)-1;
1892 	as.as_enqueue	= (uint_t)-1;
1893 	as.as_generated	= (uint_t)-1;
1894 	as.as_kernel	= (uint_t)-1;
1895 	as.as_nonattrib	= (uint_t)-1;
1896 	as.as_rblocked	= (uint_t)-1;
1897 	as.as_totalsize	= (uint_t)-1;
1898 	as.as_wblocked	= (uint_t)-1;
1899 	as.as_written	= (uint_t)-1;
1900 
1901 	eauditon(A_SETSTAT, (caddr_t)&as, sizeof (as));
1902 	(void) printf("%s\n", gettext("audit stats reset"));
1903 }
1904 
1905 /*
1906  * do_setclass() - map the kernel event event_str to the classes specified by
1907  * audit flags (mask); valid per zone if AUDIT_PERZONE is set, else only in
1908  * global zone.
1909  */
1910 static void
1911 do_setclass(char *event_str, au_mask_t *mask)
1912 {
1913 	au_event_t event;
1914 	au_evclass_map_t ec;
1915 	au_event_ent_t *evp;
1916 
1917 	if (strisnum(event_str)) {
1918 		event = (uint_t)atol(event_str);
1919 	} else {
1920 		if ((evp = egetauevnam(event_str)) != NULL) {
1921 			event = evp->ae_number;
1922 		}
1923 	}
1924 
1925 	ec.ec_number = event;
1926 	ec.ec_class = (mask->am_success | mask->am_failure);
1927 
1928 	eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec));
1929 }
1930 
1931 /*
1932  * do_setflags() - set configured and active default user preselection masks;
1933  * valid per zone if AUDIT_PERZONE is set, else only in global zone.
1934  */
1935 static void
1936 do_setflags(char *audit_flags, au_mask_t *amask)
1937 {
1938 	eauditon(A_SETAMASK, (caddr_t)amask, sizeof (*amask));
1939 
1940 	if (!do_setflags_scf(audit_flags)) {
1941 		print_mask(gettext("active user default audit flags"), amask);
1942 		exit_error(gettext("Could not store configuration value."));
1943 	}
1944 	print_mask(gettext("user default audit flags"), amask);
1945 }
1946 
1947 /*
1948  * do_setkmask() - set non-attributable audit flags of machine; valid per zone
1949  * if AUDIT_PERZONE is set, else only in global zone.
1950  */
1951 static void
1952 do_setkmask(au_mask_t *pmask)
1953 {
1954 	eauditon(A_SETKMASK, (caddr_t)pmask, sizeof (*pmask));
1955 	print_mask(gettext("active non-attributable audit flags"), pmask);
1956 }
1957 
1958 /*
1959  * do_setnaflags() - set configured and active non-attributable selection flags
1960  * of machine; valid per zone if AUDIT_PERZONE is set, else only in global zone.
1961  */
1962 static void
1963 do_setnaflags(char *audit_naflags, au_mask_t *namask)
1964 {
1965 	eauditon(A_SETKMASK, (caddr_t)namask, sizeof (*namask));
1966 
1967 	if (!do_setnaflags_scf(audit_naflags)) {
1968 		print_mask(
1969 		    gettext("active non-attributable audit flags"), namask);
1970 		exit_error(gettext("Could not store configuration value."));
1971 	}
1972 	print_mask(gettext("non-attributable audit flags"), namask);
1973 }
1974 
1975 /*
1976  * do_setplugin() - set the given plugin plugin_str configuration values.
1977  */
1978 static void
1979 do_setplugin(char *plugin_str, boolean_t plugin_state, char *plugin_attr,
1980     int plugin_qsize)
1981 {
1982 	if (!do_setpluginconfig_scf(plugin_str, plugin_state, plugin_attr,
1983 	    plugin_qsize)) {
1984 		exit_error(gettext("Could not set plugin configuration."));
1985 	}
1986 }
1987 
1988 /*
1989  * do_setpolicy() - set the active and configured kernel audit policy; active
1990  * values can be changed per zone if AUDIT_PERZONE is set, else only in global
1991  * zone.
1992  *
1993  * ahlt and perzone are global zone only. The kernel ensures that a local zone
1994  * can't change ahlt and perzone (EINVAL).
1995  */
1996 static void
1997 do_setpolicy(char *policy_str)
1998 {
1999 	uint32_t	policy = 0;
2000 
2001 	switch (str2policy(policy_str, &policy)) {
2002 	case 0:
2003 		if (!temporary_set) {
2004 			if (!do_getpolicy_scf(&policy)) {
2005 				exit_error(gettext("Unable to get current "
2006 				    "policy values from the SMF repository"));
2007 			}
2008 			(void) str2policy(policy_str, &policy);
2009 
2010 			if (!do_setpolicy_scf(policy)) {
2011 				exit_error(gettext("Could not store "
2012 				    "configuration values."));
2013 			}
2014 		}
2015 		eauditon(A_SETPOLICY, (caddr_t)&policy, 0);
2016 		break;
2017 	case 2:
2018 		exit_error(gettext("policy (%s) invalid in a local zone."),
2019 		    policy_str);
2020 		break;
2021 	default:
2022 		exit_error(gettext("Invalid policy (%s) specified."),
2023 		    policy_str);
2024 		break;
2025 	}
2026 }
2027 
2028 /*
2029  * do_setqbufsz() - set the active and configured audit queue write buffer size
2030  * (bytes); active values can be changed per zone if AUDIT_PERZONE is set, else
2031  * only in global zone.
2032  */
2033 static void
2034 do_setqbufsz(char *bufsz)
2035 {
2036 	struct au_qctrl qctrl;
2037 
2038 	if (!temporary_set) {
2039 		qctrl.aq_bufsz = (size_t)atol(bufsz);
2040 		if (!do_setqbufsz_scf(&qctrl.aq_bufsz)) {
2041 			exit_error(gettext(
2042 			    "Could not store configuration value."));
2043 		}
2044 		if (qctrl.aq_bufsz == 0) {
2045 			return;
2046 		}
2047 	}
2048 
2049 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2050 	qctrl.aq_bufsz = (size_t)atol(bufsz);
2051 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2052 }
2053 
2054 /*
2055  * do_setqctrl() - set the active and configured audit queue write buffer size
2056  * (bytes), hiwater audit record count, lowater audit record count, and wakeup
2057  * interval (ticks); active values can be changed per zone if AUDIT_PERZONE is
2058  * set, else only in global zone.
2059  */
2060 static void
2061 do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay)
2062 {
2063 	struct au_qctrl	qctrl;
2064 
2065 	qctrl.aq_hiwater = (size_t)atol(hiwater);
2066 	qctrl.aq_lowater = (size_t)atol(lowater);
2067 	qctrl.aq_bufsz = (size_t)atol(bufsz);
2068 	qctrl.aq_delay = (clock_t)atol(delay);
2069 
2070 	if (!temporary_set) {
2071 		struct au_qctrl qctrl_act;
2072 
2073 		if (!do_setqctrl_scf(&qctrl)) {
2074 			exit_error(gettext(
2075 			    "Could not store configuration values."));
2076 		}
2077 
2078 		eauditon(A_GETQCTRL, (caddr_t)&qctrl_act, 0);
2079 		if (qctrl.aq_hiwater == 0) {
2080 			qctrl.aq_hiwater = qctrl_act.aq_hiwater;
2081 		}
2082 		if (qctrl.aq_lowater == 0) {
2083 			qctrl.aq_lowater = qctrl_act.aq_lowater;
2084 		}
2085 		if (qctrl.aq_bufsz == 0) {
2086 			qctrl.aq_bufsz = qctrl_act.aq_bufsz;
2087 		}
2088 		if (qctrl.aq_delay == 0) {
2089 			qctrl.aq_delay = qctrl_act.aq_delay;
2090 		}
2091 	}
2092 
2093 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2094 }
2095 
2096 /*
2097  * do_setqdelay() - set the active and configured audit queue wakeup interval
2098  * (ticks); active values can be changed per zone if AUDIT_PERZONE is set, else
2099  * only in global zone.
2100  */
2101 static void
2102 do_setqdelay(char *delay)
2103 {
2104 	struct au_qctrl qctrl;
2105 
2106 	if (!temporary_set) {
2107 		qctrl.aq_delay = (clock_t)atol(delay);
2108 		if (!do_setqdelay_scf(&qctrl.aq_delay)) {
2109 			exit_error(gettext(
2110 			    "Could not store configuration value."));
2111 		}
2112 		if (qctrl.aq_delay == 0) {
2113 			return;
2114 		}
2115 	}
2116 
2117 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2118 	qctrl.aq_delay = (clock_t)atol(delay);
2119 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2120 }
2121 
2122 /*
2123  * do_setqhiwater() - sets the active and configured number of undelivered audit
2124  * records in the audit queue at which audit record generation blocks; active
2125  * values can be changed per zone if AUDIT_PERZONE is set, else only in global
2126  * zone.
2127  */
2128 static void
2129 do_setqhiwater(char *hiwater)
2130 {
2131 	struct au_qctrl qctrl;
2132 
2133 	if (!temporary_set) {
2134 		qctrl.aq_hiwater = (size_t)atol(hiwater);
2135 		if (!do_setqhiwater_scf(&qctrl.aq_hiwater)) {
2136 			exit_error(gettext(
2137 			    "Could not store configuration value."));
2138 		}
2139 		if (qctrl.aq_hiwater == 0) {
2140 			return;
2141 		}
2142 	}
2143 
2144 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2145 	qctrl.aq_hiwater = (size_t)atol(hiwater);
2146 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2147 }
2148 
2149 /*
2150  * do_setqlowater() - set the active and configured number of undelivered audit
2151  * records in the audit queue at which blocked auditing processes unblock;
2152  * active values can be changed per zone if AUDIT_PERZONE is set, else only in
2153  * global zone.
2154  */
2155 static void
2156 do_setqlowater(char *lowater)
2157 {
2158 	struct au_qctrl qctrl;
2159 
2160 	if (!temporary_set) {
2161 		qctrl.aq_lowater = (size_t)atol(lowater);
2162 		if (!do_setqlowater_scf(&qctrl.aq_lowater)) {
2163 			exit_error(gettext(
2164 			    "Could not store configuration value."));
2165 		}
2166 		if (qctrl.aq_lowater == 0) {
2167 			return;
2168 		}
2169 	}
2170 
2171 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2172 	qctrl.aq_lowater = (size_t)atol(lowater);
2173 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2174 }
2175 
2176 static void
2177 eauditon(int cmd, caddr_t data, int length)
2178 {
2179 	if (auditon(cmd, data, length) == -1)
2180 		exit_error(gettext("auditon(2) failed."));
2181 }
2182 
2183 static void
2184 egetauid(au_id_t *auid)
2185 {
2186 	if (getauid(auid) == -1)
2187 		exit_error(gettext("getauid(2) failed."));
2188 }
2189 
2190 static void
2191 egetaudit(auditinfo_addr_t *ai, int size)
2192 {
2193 	if (getaudit_addr(ai, size) == -1)
2194 		exit_error(gettext("getaudit_addr(2) failed."));
2195 }
2196 
2197 static void
2198 egetkaudit(auditinfo_addr_t *ai, int size)
2199 {
2200 	if (auditon(A_GETKAUDIT, (char *)ai, size) < 0)
2201 		exit_error(gettext("auditon: A_GETKAUDIT failed."));
2202 }
2203 
2204 static void
2205 esetkaudit(auditinfo_addr_t *ai, int size)
2206 {
2207 	if (auditon(A_SETKAUDIT, (char *)ai, size) < 0)
2208 		exit_error(gettext("auditon: A_SETKAUDIT failed."));
2209 }
2210 
2211 static void
2212 egetauditflagsbin(char *auditflags, au_mask_t *pmask)
2213 {
2214 	if (strcmp(auditflags, "none") == 0) {
2215 		pmask->am_success = pmask->am_failure = 0;
2216 		return;
2217 	}
2218 
2219 	if (getauditflagsbin(auditflags, pmask) < 0) {
2220 		exit_error(gettext("Could not get audit flags (%s)"),
2221 		    auditflags);
2222 	}
2223 }
2224 
2225 static void
2226 echkflags(char *auditflags, au_mask_t *mask)
2227 {
2228 	char		*err = "";
2229 	char		*err_ptr;
2230 
2231 	if (!__chkflags(auditflags, mask, B_FALSE, &err)) {
2232 		err_ptr = err;
2233 		while (*err_ptr != ',' && *err_ptr != '\0') {
2234 			err_ptr++;
2235 		}
2236 		*err_ptr = '\0';
2237 		exit_error(gettext("Unknown audit flags and/or prefixes "
2238 		    "encountered: %s"), err);
2239 	}
2240 }
2241 
2242 static au_event_ent_t *
2243 egetauevnum(au_event_t event_number)
2244 {
2245 	au_event_ent_t *evp;
2246 
2247 	if ((evp = getauevnum(event_number)) == NULL) {
2248 		exit_error(gettext("Could not get audit event %hu"),
2249 		    event_number);
2250 	}
2251 
2252 	return (evp);
2253 }
2254 
2255 static au_event_ent_t *
2256 egetauevnam(char *event_name)
2257 {
2258 	register au_event_ent_t *evp;
2259 
2260 	if ((evp = getauevnam(event_name)) == NULL)
2261 		exit_error(gettext("Could not get audit event %s"), event_name);
2262 
2263 	return (evp);
2264 }
2265 
2266 static void
2267 esetauid(au_id_t *auid)
2268 {
2269 	if (setauid(auid) == -1)
2270 		exit_error(gettext("setauid(2) failed."));
2271 }
2272 
2273 static void
2274 esetaudit(auditinfo_addr_t *ai, int size)
2275 {
2276 	if (setaudit_addr(ai, size) == -1)
2277 		exit_error(gettext("setaudit_addr(2) failed."));
2278 }
2279 
2280 static uid_t
2281 get_user_id(char *user)
2282 {
2283 	struct passwd *pwd;
2284 	uid_t uid;
2285 
2286 	if (isdigit(*user)) {
2287 		uid = atoi(user);
2288 		if ((pwd = getpwuid(uid)) == NULL) {
2289 			exit_error(gettext("Invalid user: %s"), user);
2290 		}
2291 	} else {
2292 		if ((pwd = getpwnam(user)) == NULL) {
2293 			exit_error(gettext("Invalid user: %s"), user);
2294 		}
2295 	}
2296 
2297 	return (pwd->pw_uid);
2298 }
2299 
2300 /*
2301  * get_arg_ent()
2302  *     Inputs: command line argument string
2303  *     Returns ptr to struct arg_entry if found; null, if not found
2304  */
2305 static arg_entry_t *
2306 get_arg_ent(char *arg_str)
2307 {
2308 	arg_entry_t key;
2309 
2310 	key.arg_str = arg_str;
2311 
2312 	return ((arg_entry_t *)bsearch((char *)&key, (char *)arg_table,
2313 	    ARG_TBL_SZ, sizeof (arg_entry_t), arg_ent_compare));
2314 }
2315 
2316 /*
2317  * arg_ent_compare()
2318  *     Compares two command line arguments to determine which is
2319  *       lexicographically greater.
2320  *     Inputs: two argument map table entry pointers
2321  *     Returns: > 1: aep1->arg_str > aep2->arg_str
2322  *              < 1: aep1->arg_str < aep2->arg_str
2323  *                0: aep1->arg_str = aep->arg_str2
2324  */
2325 static int
2326 arg_ent_compare(const void *aep1, const void *aep2)
2327 {
2328 	return (strcmp(((arg_entry_t *)aep1)->arg_str,
2329 	    ((arg_entry_t *)aep2)->arg_str));
2330 }
2331 
2332 /*
2333  * tid_str is major,minor,host  -- host is a name or an ip address
2334  */
2335 static void
2336 str2tid(char *tid_str, au_tid_addr_t *tp)
2337 {
2338 	char *major_str;
2339 	char *minor_str;
2340 	char *host_str = NULL;
2341 	major_t major = 0;
2342 	major_t minor = 0;
2343 	dev_t dev = 0;
2344 	struct hostent *phe;
2345 	int err;
2346 	uint32_t ibuf;
2347 	uint32_t ibuf6[4];
2348 
2349 	tp->at_port = 0;
2350 	tp->at_type = 0;
2351 	bzero(tp->at_addr, 16);
2352 
2353 	major_str = tid_str;
2354 	if ((minor_str = strchr(tid_str, ',')) != NULL) {
2355 		*minor_str = '\0';
2356 		minor_str++;
2357 	}
2358 
2359 	if (minor_str) {
2360 		if ((host_str = strchr(minor_str, ',')) != NULL) {
2361 			*host_str = '\0';
2362 			host_str++;
2363 		}
2364 	}
2365 
2366 	if (major_str)
2367 		major = (major_t)atoi(major_str);
2368 
2369 	if (minor_str)
2370 		minor = (minor_t)atoi(minor_str);
2371 
2372 	if ((dev = makedev(major, minor)) != NODEV)
2373 		tp->at_port = dev;
2374 
2375 	if (host_str) {
2376 		if (strisipaddr(host_str)) {
2377 			if (inet_pton(AF_INET, host_str, &ibuf)) {
2378 				tp->at_addr[0] = ibuf;
2379 				tp->at_type = AU_IPv4;
2380 			} else if (inet_pton(AF_INET6, host_str, ibuf6)) {
2381 				tp->at_addr[0] = ibuf6[0];
2382 				tp->at_addr[1] = ibuf6[1];
2383 				tp->at_addr[2] = ibuf6[2];
2384 				tp->at_addr[3] = ibuf6[3];
2385 				tp->at_type = AU_IPv6;
2386 			}
2387 		} else {
2388 			phe = getipnodebyname((const void *)host_str,
2389 			    AF_INET, 0, &err);
2390 			if (phe == 0) {
2391 				phe = getipnodebyname((const void *)host_str,
2392 				    AF_INET6, 0, &err);
2393 			}
2394 
2395 			if (phe != NULL) {
2396 				if (phe->h_addrtype == AF_INET6) {
2397 					/* address is IPv6 (128 bits) */
2398 					(void) memcpy(&tp->at_addr[0],
2399 					    phe->h_addr_list[0], 16);
2400 					tp->at_type = AU_IPv6;
2401 				} else {
2402 					/* address is IPv4 (32 bits) */
2403 					(void) memcpy(&tp->at_addr[0],
2404 					    phe->h_addr_list[0], 4);
2405 					tp->at_type = AU_IPv4;
2406 				}
2407 				freehostent(phe);
2408 			}
2409 		}
2410 	}
2411 }
2412 
2413 static char *
2414 cond2str(void)
2415 {
2416 	uint_t cond;
2417 
2418 	eauditon(A_GETCOND, (caddr_t)&cond, sizeof (cond));
2419 
2420 	switch (cond) {
2421 
2422 	case AUC_AUDITING:
2423 		return ("auditing");
2424 
2425 	case AUC_NOAUDIT:
2426 	case AUC_INIT_AUDIT:
2427 		return ("noaudit");
2428 
2429 	case AUC_UNSET:
2430 		return ("unset");
2431 
2432 	case AUC_NOSPACE:
2433 		return ("nospace");
2434 
2435 	default:
2436 		return ("");
2437 	}
2438 }
2439 
2440 /*
2441  *	exit = 0, success
2442  *	       1, error
2443  *	       2, bad zone
2444  */
2445 static int
2446 str2policy(char *policy_str, uint32_t *policy_mask)
2447 {
2448 	char		*buf;
2449 	char		*tok;
2450 	char		pfix;
2451 	boolean_t	is_all = B_FALSE;
2452 	uint32_t	pm = 0;
2453 	uint32_t	curp;
2454 
2455 	pfix = *policy_str;
2456 
2457 	if (pfix == '-' || pfix == '+' || pfix == '=')
2458 		++policy_str;
2459 
2460 	if ((buf = strdup(policy_str)) == NULL)
2461 		return (1);
2462 
2463 	for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) {
2464 		uint32_t tok_pm;
2465 		if (((tok_pm = get_policy(tok)) == 0) &&
2466 		    ((strcasecmp(tok, "none") != 0))) {
2467 			free(buf);
2468 			return (1);
2469 		} else {
2470 			pm |= tok_pm;
2471 			if (tok_pm == ALL_POLICIES) {
2472 				is_all = B_TRUE;
2473 			}
2474 		}
2475 	}
2476 	free(buf);
2477 
2478 	/* reuse policy mask if already set to some value */
2479 	if (*policy_mask != 0) {
2480 		curp = *policy_mask;
2481 	} else {
2482 		(void) auditon(A_GETPOLICY, (caddr_t)&curp, 0);
2483 	}
2484 
2485 	if (pfix == '-') {
2486 		if (!is_all &&
2487 		    (getzoneid() != GLOBAL_ZONEID) &&
2488 		    (pm & ~AUDIT_LOCAL)) {
2489 			return (2);
2490 		}
2491 
2492 		if (getzoneid() != GLOBAL_ZONEID)
2493 			curp &= AUDIT_LOCAL;
2494 		*policy_mask = curp & ~pm;
2495 
2496 	} else if (pfix == '+') {
2497 		/*
2498 		 * In a local zone, accept specifying "all", but not
2499 		 * individually specifying global-zone only policies.
2500 		 * Limit to all locally allowed, so system call doesn't
2501 		 * fail.
2502 		 */
2503 		if (!is_all &&
2504 		    (getzoneid() != GLOBAL_ZONEID) &&
2505 		    (pm & ~AUDIT_LOCAL)) {
2506 			return (2);
2507 		}
2508 
2509 		if (getzoneid() != GLOBAL_ZONEID) {
2510 			curp &= AUDIT_LOCAL;
2511 			if (is_all) {
2512 				pm &= AUDIT_LOCAL;
2513 			}
2514 		}
2515 		*policy_mask = curp | pm;
2516 
2517 	} else {
2518 		/*
2519 		 * In a local zone, accept specifying "all", but not
2520 		 * individually specifying global-zone only policies.
2521 		 * Limit to all locally allowed, so system call doesn't
2522 		 * fail.
2523 		 */
2524 		if (!is_all &&
2525 		    (getzoneid() != GLOBAL_ZONEID) &&
2526 		    (pm & ~AUDIT_LOCAL)) {
2527 			return (2);
2528 		}
2529 
2530 		if (is_all && (getzoneid() != GLOBAL_ZONEID)) {
2531 			pm &= AUDIT_LOCAL;
2532 		}
2533 		*policy_mask = pm;
2534 	}
2535 	return (0);
2536 }
2537 
2538 static int
2539 policy2str(uint32_t policy, char *policy_str, size_t len)
2540 {
2541 	int i, j;
2542 
2543 	if (policy == ALL_POLICIES) {
2544 		(void) strcpy(policy_str, "all");
2545 		return (1);
2546 	}
2547 
2548 	if (policy == NO_POLICIES) {
2549 		(void) strcpy(policy_str, "none");
2550 		return (1);
2551 	}
2552 
2553 	*policy_str = '\0';
2554 
2555 	for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) {
2556 		if (policy & policy_table[i].policy_mask &&
2557 		    policy_table[i].policy_mask != ALL_POLICIES) {
2558 			if (j++) {
2559 				(void) strcat(policy_str, ",");
2560 			}
2561 			(void) strlcat(policy_str, policy_table[i].policy_str,
2562 			    len);
2563 		}
2564 	}
2565 
2566 	if (*policy_str)
2567 		return (0);
2568 
2569 	return (1);
2570 }
2571 
2572 
2573 static int
2574 strisnum(char *s)
2575 {
2576 	if (s == NULL || !*s)
2577 		return (0);
2578 
2579 	for (; *s == '-' || *s == '+'; s++) {
2580 		if (!*s)
2581 			return (0);
2582 	}
2583 
2584 	for (; *s; s++) {
2585 		if (!isdigit(*s))
2586 			return (0);
2587 	}
2588 
2589 	return (1);
2590 }
2591 
2592 static int
2593 strisipaddr(char *s)
2594 {
2595 	int dot = 0;
2596 	int colon = 0;
2597 
2598 	/* no string */
2599 	if ((s == NULL) || (!*s))
2600 		return (0);
2601 
2602 	for (; *s; s++) {
2603 		if (!(isxdigit(*s) || *s != '.' || *s != ':'))
2604 			return (0);
2605 		if (*s == '.')
2606 			dot++;
2607 		if (*s == ':')
2608 			colon++;
2609 	}
2610 
2611 	if (dot && colon)
2612 		return (0);
2613 
2614 	if (!dot && !colon)
2615 		return (0);
2616 
2617 	return (1);
2618 }
2619 
2620 static void
2621 chk_arg_len(char *argv, uint_t len)
2622 {
2623 	if ((strlen(argv) + 1) > len) {
2624 		*(argv + len - 1) = '\0';
2625 		exit_error(gettext("Argument too long (%s..)."), argv);
2626 	}
2627 }
2628 
2629 static void
2630 chk_event_num(int etype, au_event_t event)
2631 {
2632 	au_stat_t as;
2633 
2634 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
2635 
2636 	if (etype == AC_KERN_EVENT) {
2637 		if (event > as.as_numevent) {
2638 			exit_error(gettext(
2639 			    "Invalid kernel audit event number specified.\n"
2640 			    "\t%hu is outside allowable range 0-%d."),
2641 			    event, as.as_numevent);
2642 		}
2643 	} else  {
2644 		/* user event */
2645 		if (event <= as.as_numevent) {
2646 			exit_error(gettext("Invalid user level audit event "
2647 			    "number specified %hu."), event);
2648 		}
2649 	}
2650 }
2651 
2652 static void
2653 chk_event_str(int etype, char *event_str)
2654 {
2655 	au_event_ent_t *evp;
2656 	au_stat_t as;
2657 
2658 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
2659 
2660 	evp = egetauevnam(event_str);
2661 	if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {
2662 		exit_error(gettext(
2663 		    "Invalid kernel audit event string specified.\n"
2664 		    "\t\"%s\" appears to be a user level event. "
2665 		    "Check configuration."), event_str);
2666 	} else if (etype == AC_USER_EVENT &&
2667 	    (evp->ae_number < as.as_numevent)) {
2668 		exit_error(gettext(
2669 		    "Invalid user audit event string specified.\n"
2670 		    "\t\"%s\" appears to be a kernel event. "
2671 		    "Check configuration."), event_str);
2672 	}
2673 }
2674 
2675 static void
2676 chk_known_plugin(char *plugin_str)
2677 {
2678 	if ((strlen(plugin_str) + 1) > PLUGIN_MAXBUF) {
2679 		exit_error(gettext("Plugin name too long.\n"));
2680 	}
2681 
2682 	if (!plugin_avail_scf(plugin_str)) {
2683 		exit_error(gettext("No such plugin configured: %s"),
2684 		    plugin_str);
2685 	}
2686 }
2687 
2688 static void
2689 chk_sorf(char *sorf_str)
2690 {
2691 	if (!strisnum(sorf_str))
2692 		exit_error(gettext("Invalid sorf specified: %s"), sorf_str);
2693 }
2694 
2695 static void
2696 chk_retval(char *retval_str)
2697 {
2698 	if (!strisnum(retval_str))
2699 		exit_error(gettext("Invalid retval specified: %s"), retval_str);
2700 }
2701 
2702 static void
2703 execit(char **argv)
2704 {
2705 	char *args, *args_pos;
2706 	size_t len = 0;
2707 	size_t n = 0;
2708 	char **argv_pos;
2709 
2710 	if (*argv) {
2711 		/* concatenate argument array to be passed to sh -c "..." */
2712 		for (argv_pos = argv; *argv_pos; argv_pos++)
2713 			len += strlen(*argv_pos) + 1;
2714 
2715 		if ((args = malloc(len + 1)) == NULL)
2716 			exit_error(
2717 			    gettext("Allocation for command/arguments failed"));
2718 
2719 		args_pos = args;
2720 		for (argv_pos = argv; *argv_pos; argv_pos++) {
2721 			n += snprintf(args_pos, len - n, "%s ", *argv_pos);
2722 			args_pos = args + n;
2723 		}
2724 		/* strip the last space */
2725 		args[strlen(args)] = '\0';
2726 
2727 		(void) execl("/bin/sh", "sh", "-c", args, NULL);
2728 	} else {
2729 		(void) execl("/bin/sh", "sh", NULL);
2730 	}
2731 
2732 	exit_error(gettext("exec(2) failed"));
2733 }
2734 
2735 static void
2736 exit_usage(int status)
2737 {
2738 	FILE *fp;
2739 	int i;
2740 
2741 	fp = (status ? stderr : stdout);
2742 	(void) fprintf(fp, gettext("usage: %s option ...\n"), progname);
2743 
2744 	for (i = 0; i < ARG_TBL_SZ; i++) {
2745 		/* skip the -t option; it's not a standalone option */
2746 		if (arg_table[i].auditconfig_cmd == AC_ARG_SET_TEMPORARY) {
2747 			continue;
2748 		}
2749 
2750 		(void) fprintf(fp, " %s%s%s\n",
2751 		    arg_table[i].arg_str, arg_table[i].arg_opts,
2752 		    (arg_table[i].temporary_allowed ? " [-t]" : ""));
2753 	}
2754 
2755 	exit(status);
2756 }
2757 
2758 static void
2759 print_asid(au_asid_t asid)
2760 {
2761 	(void) printf(gettext("audit session id = %u\n"), asid);
2762 }
2763 
2764 static void
2765 print_auid(au_id_t auid)
2766 {
2767 	struct passwd *pwd;
2768 	char *username;
2769 
2770 	if ((pwd = getpwuid((uid_t)auid)) != NULL)
2771 		username = pwd->pw_name;
2772 	else
2773 		username = gettext("unknown");
2774 
2775 	(void) printf(gettext("audit id = %s(%d)\n"), username, auid);
2776 }
2777 
2778 static void
2779 print_mask(char *desc, au_mask_t *pmp)
2780 {
2781 	char auflags[512];
2782 
2783 	if (getauditflagschar(auflags, pmp, 0) < 0)
2784 		(void) strlcpy(auflags, gettext("unknown"), sizeof (auflags));
2785 
2786 	(void) printf("%s = %s(0x%x,0x%x)\n",
2787 	    desc, auflags, pmp->am_success, pmp->am_failure);
2788 }
2789 
2790 static void
2791 print_plugin(char *plugin_name, kva_t *plugin_kva)
2792 {
2793 	char		att_str[PLUGIN_MAXATT];
2794 	boolean_t	plugin_active;
2795 	char		*active_str;
2796 	char		*qsize_ptr;
2797 	int		qsize;
2798 
2799 	if ((active_str = kva_match(plugin_kva, "active")) == NULL) {
2800 		(void) printf(gettext("Audit service configuration error: "
2801 		    "\"active\" property not found\n"));
2802 		return;
2803 	}
2804 
2805 	plugin_active = (boolean_t)atoi(active_str);
2806 	qsize_ptr = kva_match(plugin_kva, "qsize");
2807 	qsize = atoi(qsize_ptr == NULL ? "-1" : qsize_ptr);
2808 
2809 	(void) printf(gettext("Plugin: %s (%s)\n"), plugin_name,
2810 	    plugin_active ? "active" : "inactive");
2811 
2812 	free_static_att_kva(plugin_kva);
2813 
2814 	switch (_kva2str(plugin_kva, att_str, PLUGIN_MAXATT, "=", ";")) {
2815 	case 0:
2816 		(void) printf(gettext("\tAttributes: %s\n"), att_str);
2817 		break;
2818 	case 1:
2819 		exit_error(gettext("Internal error - buffer size too small."));
2820 		break;
2821 	default:
2822 		exit_error(gettext("Internal error."));
2823 		break;
2824 	}
2825 
2826 	if (qsize != 0) {
2827 		(void) printf(gettext("\tQueue size: %d %s\n"), qsize,
2828 		    qsize == -1 ? "(internal error: value not available)" : "");
2829 	}
2830 }
2831 
2832 static void
2833 print_tid_ex(au_tid_addr_t *tidp)
2834 {
2835 	struct hostent *phe;
2836 	char *hostname;
2837 	struct in_addr ia;
2838 	uint32_t *addr;
2839 	int err;
2840 	char buf[INET6_ADDRSTRLEN];
2841 	char *bufp;
2842 
2843 
2844 	/* IPV6 or IPV4 address */
2845 	if (tidp->at_type == AU_IPv4) {
2846 		if ((phe = gethostbyaddr((char *)&tidp->at_addr[0],
2847 		    sizeof (tidp->at_addr[0]), AF_INET)) != NULL) {
2848 			hostname = phe->h_name;
2849 		} else {
2850 			hostname = gettext("unknown");
2851 		}
2852 
2853 		ia.s_addr = tidp->at_addr[0];
2854 
2855 		(void) printf(gettext(
2856 		    "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2857 		    major(tidp->at_port), minor(tidp->at_port),
2858 		    hostname, inet_ntoa(ia));
2859 	} else {
2860 		addr = &tidp->at_addr[0];
2861 		phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err);
2862 
2863 		bzero(buf, sizeof (buf));
2864 
2865 		(void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf));
2866 		if (phe == NULL) {
2867 			bufp = gettext("unknown");
2868 		} else {
2869 			bufp = phe->h_name;
2870 		}
2871 
2872 		(void) printf(gettext(
2873 		    "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2874 		    major(tidp->at_port), minor(tidp->at_port),
2875 		    bufp, buf);
2876 		if (phe) {
2877 			freehostent(phe);
2878 		}
2879 	}
2880 }
2881 
2882 static int
2883 str2ipaddr(char *s, uint32_t *addr, uint32_t type)
2884 {
2885 	int j, sl;
2886 	char *ss;
2887 	unsigned int v;
2888 
2889 	bzero(addr, 16);
2890 	if (strisipaddr(s)) {
2891 		if (type == AU_IPv4) {
2892 			if (inet_pton(AF_INET, s, addr)) {
2893 				return (0);
2894 			}
2895 			return (1);
2896 		} else if (type == AU_IPv6) {
2897 			if (inet_pton(AF_INET6, s, addr))
2898 				return (0);
2899 			return (1);
2900 		}
2901 		return (1);
2902 	} else {
2903 		if (type == AU_IPv4) {
2904 			(void) sscanf(s, "%x", &addr[0]);
2905 			return (0);
2906 		} else if (type == AU_IPv6) {
2907 			sl = strlen(s);
2908 			ss = s;
2909 			for (j = 3; j >= 0; j--) {
2910 				if ((sl - 8) <= 0) {
2911 					(void) sscanf(s, "%x", &v);
2912 					addr[j] = v;
2913 					return (0);
2914 				}
2915 				ss = &s[sl-8];
2916 				(void) sscanf(ss, "%x", &v);
2917 				addr[j] = v;
2918 				sl -= 8;
2919 				*ss = '\0';
2920 			}
2921 		}
2922 		return (0);
2923 	}
2924 }
2925 
2926 static int
2927 str2type(char *s, uint_t *type)
2928 {
2929 	if (strcmp(s, "ipv6") == 0) {
2930 		*type = AU_IPv6;
2931 		return (0);
2932 	}
2933 	if (strcmp(s, "ipv4") == 0) {
2934 		*type = AU_IPv4;
2935 		return (0);
2936 	}
2937 
2938 	return (1);
2939 }
2940 
2941 /*
2942  * exit_error() - print an error message along with corresponding system error
2943  * number and error message, then exit. Inputs - program error format and
2944  * message.
2945  */
2946 /*PRINTFLIKE1*/
2947 static void
2948 exit_error(char *fmt, ...)
2949 {
2950 	va_list	args;
2951 
2952 	va_start(args, fmt);
2953 	prt_error_va(fmt, args);
2954 	va_end(args);
2955 
2956 	exit(1);
2957 }
2958