xref: /titanic_41/usr/src/cmd/auditconfig/auditconfig.c (revision d89fccd8788afe1e920f842edd883fe192a1b8fe)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * auditconfig - set and display audit parameters
30  */
31 
32 #include <locale.h>
33 #include <sys/types.h>
34 #include <ctype.h>
35 #include <stdlib.h>
36 #include <stdarg.h>
37 #include <unistd.h>
38 #include <errno.h>
39 #include <sys/param.h>
40 #include <stdio.h>
41 #include <string.h>
42 #include <strings.h>
43 #include <nlist.h>
44 #include <fcntl.h>
45 #include <sys/socket.h>
46 #include <netdb.h>
47 #include <netinet/in.h>
48 #include <arpa/inet.h>
49 #include <sys/mkdev.h>
50 #include <sys/param.h>
51 #include <pwd.h>
52 #include <libintl.h>
53 #include <zone.h>
54 #include <tsol/label.h>
55 
56 #include <bsm/audit.h>
57 #include <bsm/audit_record.h>
58 #include <bsm/libbsm.h>
59 
60 #if !defined(TEXT_DOMAIN)
61 #define	TEXT_DOMAIN	"SUNW_OST_OSCMD"
62 #endif
63 
64 #define	AC_ARG_AUDIT			0
65 #define	AC_ARG_CHKCONF			1
66 #define	AC_ARG_CONF			2
67 #define	AC_ARG_GETASID			3	/* same as GETSID */
68 #define	AC_ARG_GETAUDIT			4
69 #define	AC_ARG_GETAUID			5
70 #define	AC_ARG_GETCAR			6
71 #define	AC_ARG_GETCLASS			7	/* same as GETESTATE */
72 #define	AC_ARG_GETCOND			8
73 #define	AC_ARG_GETCWD			9
74 #define	AC_ARG_GETESTATE		10
75 #define	AC_ARG_GETKERNSTATE		11
76 #define	AC_ARG_GETKMASK			12	/* same as GETKERNSTATE */
77 #define	AC_ARG_GETPINFO			13
78 #define	AC_ARG_GETPOLICY		14
79 #define	AC_ARG_GETQBUFSZ		15
80 #define	AC_ARG_GETQCTRL			16
81 #define	AC_ARG_GETQDELAY		17
82 #define	AC_ARG_GETQHIWATER		18
83 #define	AC_ARG_GETQLOWATER		19
84 #define	AC_ARG_GETSID			20
85 #define	AC_ARG_GETSTAT			21
86 #define	AC_ARG_GETTERMID		22
87 #define	AC_ARG_GETUSERAUDIT		23	/* only CMW syscall w/out */
88 #define	AC_ARG_LSEVENT			24
89 #define	AC_ARG_LSPOLICY			25
90 #define	AC_ARG_SETASID			26
91 #define	AC_ARG_SETAUDIT			27
92 #define	AC_ARG_SETAUID			28
93 #define	AC_ARG_SETCLASS			29	/* same as SETESTATE */
94 /*	AC_ARG_SETCOND			30 */
95 #define	AC_ARG_SETESTATE		31
96 #define	AC_ARG_SETKERNSTATE		32
97 #define	AC_ARG_SETKMASK			33	/* same as SETKERNSTATE */
98 #define	AC_ARG_SETPMASK			34
99 #define	AC_ARG_SETSMASK			35
100 #define	AC_ARG_SETSTAT			36
101 #define	AC_ARG_SETPOLICY		37
102 #define	AC_ARG_SETQBUFSZ		38
103 #define	AC_ARG_SETQCTRL			39
104 #define	AC_ARG_SETQDELAY		40
105 #define	AC_ARG_SETQHIWATER		41
106 #define	AC_ARG_SETQLOWATER		42
107 #define	AC_ARG_SETTERMID		43
108 #define	AC_ARG_SETUMASK			44
109 #define	AC_ARG_SETUSERAUDIT		45
110 #define	AC_ARG_GETFSIZE			46
111 #define	AC_ARG_SETFSIZE			47
112 #define	AC_ARG_GETKAUDIT		48
113 #define	AC_ARG_SETKAUDIT		49
114 #define	AC_ARG_ACONF			50
115 #define	AC_ARG_CHKACONF			51
116 
117 #define	AC_KERN_EVENT 		0
118 #define	AC_USER_EVENT 		1
119 
120 /* defines for policy entry flags: */
121 
122 #define	AC_TSOL 		1	/* policy is TSOL-only */
123 
124 #define	NONE(s) (!strlen(s) ? gettext("none") : s)
125 
126 #define	ALL_POLICIES   (AUDIT_AHLT|\
127 			AUDIT_ARGE|\
128 			AUDIT_ARGV|\
129 			AUDIT_CNT|\
130 			AUDIT_GROUP|\
131 			AUDIT_PASSWD|\
132 			AUDIT_WINDATA|\
133 			AUDIT_SEQ|\
134 			AUDIT_TRAIL|\
135 			AUDIT_PATH|\
136 			AUDIT_PUBLIC|\
137 			AUDIT_ZONENAME|\
138 			AUDIT_PERZONE|\
139 			AUDIT_WINDATA_DOWN|\
140 			AUDIT_WINDATA_UP)
141 
142 #define	NO_POLICIES  (0)
143 
144 #define	ONEK 1024
145 
146 /* This should be defined in <string.h>, but it is not */
147 extern int strncasecmp();
148 
149 /*
150  * remove this after the audit.h is fixed
151  */
152 
153 struct arg_entry {
154 	char *arg_str;
155 	char *arg_opts;
156 	int auditconfig_cmd;
157 };
158 
159 struct policy_entry {
160 	char *policy_str;
161 	uint_t policy_mask;
162 	uint_t policy_flags;
163 	char *policy_desc;
164 };
165 
166 static struct arg_entry arg_table[] = {
167 	{ "-aconf",		"",			AC_ARG_ACONF},
168 	{ "-audit",	"event sorf retval string",	AC_ARG_AUDIT},
169 	{ "-chkaconf",		"",			AC_ARG_CHKACONF},
170 	{ "-chkconf",		"",			AC_ARG_CHKCONF},
171 	{ "-conf",		"",			AC_ARG_CONF},
172 	{ "-getasid",		"",			AC_ARG_GETASID},
173 	{ "-getaudit",		"",			AC_ARG_GETAUDIT},
174 	{ "-getauid",		"",			AC_ARG_GETAUID},
175 	{ "-getcar",		"",			AC_ARG_GETCAR},
176 	{ "-getclass",		"",			AC_ARG_GETCLASS},
177 	{ "-getcond",		"",			AC_ARG_GETCOND},
178 	{ "-getcwd",		"",			AC_ARG_GETCWD},
179 	{ "-getestate",		"event",		AC_ARG_GETESTATE},
180 	{ "-getfsize",		"",			AC_ARG_GETFSIZE},
181 	{ "-getkaudit",		"",			AC_ARG_GETKAUDIT},
182 	{ "-getkernstate",	"",			AC_ARG_GETKERNSTATE},
183 	{ "-getkmask",		"",			AC_ARG_GETKMASK},
184 	{ "-getpinfo",		"",			AC_ARG_GETPINFO},
185 	{ "-getpolicy",		"",			AC_ARG_GETPOLICY},
186 	{ "-getqbufsz",		"",			AC_ARG_GETQBUFSZ},
187 	{ "-getqctrl",		"",			AC_ARG_GETQCTRL},
188 	{ "-getqdelay",		"",			AC_ARG_GETQDELAY},
189 	{ "-getqhiwater",	"",			AC_ARG_GETQHIWATER},
190 	{ "-getqlowater",	"",			AC_ARG_GETQLOWATER},
191 	{ "-getsid",		"",			AC_ARG_GETSID},
192 	{ "-getstat",		"",			AC_ARG_GETSTAT},
193 	{ "-gettermid",		"",			AC_ARG_GETTERMID},
194 	{ "-gettid",		"",			AC_ARG_GETTERMID},
195 	{ "-getuseraudit",	"user",			AC_ARG_GETUSERAUDIT},
196 	{ "-lsevent",		"",			AC_ARG_LSEVENT},
197 	{ "-lspolicy",		"",			AC_ARG_LSPOLICY},
198 	{ "-setasid",		"asid [cmd]",		AC_ARG_SETASID},
199 	{ "-setaudit",	"auid audit_flags termid sid [cmd]",
200 							AC_ARG_SETAUDIT},
201 	{ "-setauid",		"auid [cmd]",		AC_ARG_SETAUID},
202 	{ "-setclass",		"event audit_flags",	AC_ARG_SETCLASS},
203 	{ "-setestate",		"event audit_flags",	AC_ARG_SETESTATE},
204 	{ "-setfsize",		"filesize",		AC_ARG_SETFSIZE},
205 	{ "-setkaudit",		"type IP_address",	AC_ARG_SETKAUDIT},
206 	{ "-setkernstate",	"audit_flags",		AC_ARG_SETKERNSTATE},
207 	{ "-setkmask",		"audit_flags",		AC_ARG_SETKMASK},
208 	{ "-setpmask",	"pid audit_flags [cmd]",	AC_ARG_SETPMASK},
209 	{ "-setpolicy",		"policy_flags",		AC_ARG_SETPOLICY},
210 	{ "-setqbufsz",		"bufsz",		AC_ARG_SETQBUFSZ},
211 	{ "-setqctrl",	"hiwater lowater bufsz delay",	AC_ARG_SETQCTRL},
212 	{ "-setqdelay",		"delay",		AC_ARG_SETQDELAY},
213 	{ "-setqhiwater",	"hiwater",		AC_ARG_SETQHIWATER},
214 	{ "-setqlowater",	"lowater",		AC_ARG_SETQLOWATER},
215 	{ "-setsmask",		"asid audit_flags",	AC_ARG_SETSMASK},
216 	{ "-setstat",		"",			AC_ARG_SETSTAT},
217 	{ "-settid",		"tid [cmd]",		AC_ARG_SETTERMID},
218 	{ "-setumask",		"user audit_flags",	AC_ARG_SETUMASK},
219 	{ "-setuseraudit",	"user audit_flags",	AC_ARG_SETUSERAUDIT}
220 };
221 
222 #define	ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry))
223 
224 static struct arg_entry arg2_table[] = {
225 	{ "-chkconf",	"",				AC_ARG_CHKCONF},
226 	{ "-conf",	"",				AC_ARG_CONF},
227 	{ "-getcond",	"",				AC_ARG_GETCOND},
228 	{ "-getclass",	"event",			AC_ARG_GETCLASS},
229 	{ "-setclass",	"event audit_flags",		AC_ARG_SETCLASS},
230 	{ "-lsevent",	"",				AC_ARG_LSEVENT},
231 	{ "-lspolicy",	"",				AC_ARG_LSPOLICY},
232 	{ "-getpolicy",	"",				AC_ARG_GETPOLICY},
233 	{ "-setpolicy",	"policy_flags",			AC_ARG_SETPOLICY},
234 	{ "-getstat",	"",				AC_ARG_GETSTAT},
235 	{ "-getpinfo",	"pid",				AC_ARG_GETPINFO},
236 	{ "-setpmask",	"pid audit_flags",		AC_ARG_SETPMASK},
237 	{ "-setsmask",	"asid audit_flags",		AC_ARG_SETSMASK},
238 	{ "-setumask",	"user audit_flags",		AC_ARG_SETUMASK},
239 	{ "-getfsize",	"",				AC_ARG_GETFSIZE},
240 	{ "-setfsize",	"filesize",			AC_ARG_SETFSIZE}
241 	};
242 
243 #define	ARG2_TBL_SZ (sizeof (arg2_table) / sizeof (struct arg_entry))
244 
245 static struct policy_entry policy_table[] = {
246 	{"ahlt",	AUDIT_AHLT,	NULL,
247 	    "halt machine if it can not record an async event"},
248 	{"arge",	AUDIT_ARGE,	NULL,
249 	    "include exec environment args in audit recs"},
250 	{"argv",	AUDIT_ARGV,	NULL,
251 	    "include exec command line args in audit recs"},
252 	{"cnt",		AUDIT_CNT,	NULL,
253 	    "when no more space, drop recs and keep a cnt"},
254 	{"group",	AUDIT_GROUP,	NULL,
255 	    "include supplementary groups in audit recs"},
256 	{"path",	AUDIT_PATH,	NULL,
257 	    "allow multiple paths per event"},
258 	{"public",	AUDIT_PUBLIC,	NULL,	"audit public files"},
259 	{"seq",		AUDIT_SEQ,	NULL,
260 	    "include a sequence number in audit recs"},
261 	{"trail",	AUDIT_TRAIL,	NULL,
262 	    "include trailer token in audit recs"},
263 	{"windata_down",	AUDIT_WINDATA_DOWN,	AC_TSOL,
264 		"include downgraded information in audit recs"},
265 	{"windata_up",		AUDIT_WINDATA_UP,	AC_TSOL,
266 		"include upgraded information in audit recs"},
267 	{"zonename",	AUDIT_ZONENAME,	NULL,	"generate zonename token"},
268 	{"perzone",	AUDIT_PERZONE,	NULL,
269 	    "use a separate queue and auditd per zone"},
270 	{"all",		ALL_POLICIES,	NULL,	"all policies"},
271 	{"none",	NO_POLICIES,	NULL,	"no policies"}
272 	};
273 
274 #define	POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry))
275 
276 static char *progname;
277 
278 int	tsol_on;			/* is TSOL installed? */
279 
280 static au_event_ent_t *egetauevnam();
281 static au_event_ent_t *egetauevnum();
282 static char *strtolower();
283 static int arg_ent_compare();
284 static int cond2str();
285 static int policy2str();
286 static int str2type();
287 static int str2policy();
288 static int str2ipaddr();
289 static int strisflags();
290 static int strisipaddr();
291 static int strisnum();
292 static struct arg_entry *get_arg_ent();
293 static struct policy_entry *get_policy_ent();
294 static uid_t get_user_id();
295 static void chk_event_num();
296 static void chk_event_str();
297 static void chk_retval();
298 static void chk_sorf();
299 static void chk_tid();
300 static void do_aconf();
301 static void do_args();
302 static void do_audit();
303 static void do_chkaconf();
304 static void do_chkconf();
305 static void do_conf();
306 static void do_getasid();
307 static void do_getaudit();
308 static void do_getkaudit();
309 static void do_setkaudit();
310 static void do_getauid();
311 static void do_getcar();
312 static void do_getclass();
313 static void do_getcond();
314 static void do_getcwd();
315 static void do_getkmask();
316 static void do_getpinfo();
317 static void do_getpolicy();
318 static void do_getqbufsz();
319 static void do_getqctrl();
320 static void do_getqdelay();
321 static void do_getqhiwater();
322 static void do_getqlowater();
323 static void do_getstat();
324 static void do_gettermid();
325 static void do_getuseraudit();
326 static void do_lsevent();
327 static void do_lspolicy();
328 static void do_setasid();
329 static void do_setaudit();
330 static void do_setauid();
331 static void do_setclass();
332 static void do_setkmask();
333 static void do_setpmask();
334 static void do_setsmask();
335 static void do_setumask();
336 static void do_setpolicy();
337 static void do_setqbufsz();
338 static void do_setqctrl();
339 static void do_setqdelay();
340 static void do_setqhiwater();
341 static void do_setqlowater();
342 static void do_setstat();
343 static void do_settid();
344 static void do_setuseraudit();
345 static void do_getfsize();
346 static void do_setfsize();
347 static void str2mask();
348 static void str2tid();
349 static void strsplit();
350 
351 static void eauditon();
352 static void egetaudit();
353 static void egetkaudit();
354 static void esetkaudit();
355 static void egetauditflagsbin();
356 static void egetauid();
357 static void esetaudit();
358 static void esetauid();
359 static void execit();
360 static void exit_error(char *, ...);
361 static void exit_usage();
362 static void parse_args();
363 static void print_asid();
364 static void print_auid();
365 static void print_mask();
366 static void print_mask1();
367 static void print_stats();
368 static void print_tid_ex();
369 
370 int
371 main(argc, argv)
372 	int argc;
373 	char **argv;
374 {
375 	progname = "auditconfig";
376 
377 	(void) setlocale(LC_ALL, "");
378 	(void) textdomain(TEXT_DOMAIN);
379 
380 	if (argc == 1) {
381 		exit_usage(0);
382 		exit(0);
383 	}
384 
385 	if (argc == 2 &&
386 		(argv[1][0] == '?' ||
387 		strcmp(argv[1], "-h") == 0 ||
388 		strcmp(argv[1], "-?") == 0))
389 		exit_usage(0);
390 
391 	tsol_on = is_system_labeled();
392 
393 	parse_args(argv);
394 
395 	do_args(argv);
396 
397 	return (0);
398 }
399 
400 /*
401  * parse_args()
402  *     Desc: Checks command line argument syntax.
403  *     Inputs: Command line argv;
404  *     Returns: If a syntax error is detected, a usage message is printed
405  *              and exit() is called. If a syntax error is not detected,
406  *              parse_args() returns without a value.
407  */
408 static void
409 parse_args(char **argv)
410 {
411 	struct arg_entry *ae;
412 
413 	au_mask_t pmask;
414 	au_mask_t smask;
415 	au_mask_t umask;
416 	uint_t type;
417 	uint_t addr[4];
418 
419 	for (++argv; *argv; argv++) {
420 		if ((ae = get_arg_ent(*argv)) == (struct arg_entry *)0) {
421 			exit_usage(1);
422 		}
423 
424 		switch (ae->auditconfig_cmd) {
425 
426 		case AC_ARG_AUDIT:
427 			++argv;
428 			if (!*argv)
429 				exit_usage(1);
430 			if (strisnum(*argv)) {
431 				chk_event_num(AC_USER_EVENT,
432 					(au_event_t)atol(*argv));
433 			} else
434 				chk_event_str(AC_USER_EVENT, *argv);
435 			++argv;
436 			if (!*argv)
437 				exit_usage(1);
438 			chk_sorf(*argv);
439 			++argv;
440 			if (!*argv)
441 				exit_usage(1);
442 			chk_retval(*argv);
443 			++argv;
444 			if (!*argv)
445 				exit_usage(1);
446 			break;
447 
448 		case AC_ARG_CHKCONF:
449 			break;
450 
451 		case AC_ARG_CONF:
452 			break;
453 
454 		case AC_ARG_ACONF:
455 			break;
456 
457 		case AC_ARG_CHKACONF:
458 			break;
459 
460 		case AC_ARG_GETASID:
461 		case AC_ARG_GETSID:
462 			break;
463 
464 		case AC_ARG_GETAUID:
465 			break;
466 
467 		case AC_ARG_GETAUDIT:
468 			break;
469 
470 		case AC_ARG_GETKAUDIT:
471 			break;
472 
473 		case AC_ARG_GETCLASS:
474 		case AC_ARG_GETESTATE:
475 			++argv;
476 			if (!*argv)
477 				exit_usage(1);
478 			if (strisnum(*argv))
479 				chk_event_num(AC_KERN_EVENT,
480 					(au_event_t)atol(*argv));
481 			else
482 				chk_event_str(AC_KERN_EVENT, *argv);
483 			break;
484 
485 		case AC_ARG_GETCAR:
486 			break;
487 
488 		case AC_ARG_GETCOND:
489 			break;
490 
491 		case AC_ARG_GETCWD:
492 			break;
493 
494 		case AC_ARG_GETKERNSTATE:
495 		case AC_ARG_GETKMASK:
496 			break;
497 
498 		case AC_ARG_GETPOLICY:
499 			break;
500 
501 		case AC_ARG_GETQBUFSZ:
502 			break;
503 
504 		case AC_ARG_GETQCTRL:
505 			break;
506 
507 		case AC_ARG_GETQDELAY:
508 			break;
509 
510 		case AC_ARG_GETQHIWATER:
511 			break;
512 
513 		case AC_ARG_GETQLOWATER:
514 			break;
515 
516 		case AC_ARG_GETSTAT:
517 			break;
518 
519 		case AC_ARG_GETTERMID:
520 			break;
521 
522 		case AC_ARG_GETUSERAUDIT:
523 			++argv;
524 			if (!*argv)
525 				exit_usage(1);
526 			break;
527 
528 		case AC_ARG_LSEVENT:
529 			break;
530 
531 		case AC_ARG_LSPOLICY:
532 			break;
533 
534 		case AC_ARG_SETASID:
535 			++argv;
536 			if (!*argv)
537 				exit_usage(1);
538 
539 			while (*argv)
540 				++argv;
541 			--argv;
542 
543 			break;
544 
545 		case AC_ARG_SETAUID:
546 			++argv;
547 			if (!*argv)
548 				exit_usage(1);
549 
550 			while (*argv)
551 				++argv;
552 			--argv;
553 
554 			break;
555 
556 		case AC_ARG_SETAUDIT:
557 			++argv;
558 			if (!*argv)
559 				exit_usage(1);
560 
561 			while (*argv)
562 				++argv;
563 			--argv;
564 
565 			break;
566 
567 		case AC_ARG_SETKAUDIT:
568 			++argv;
569 			if (!*argv)
570 				exit_usage(1);
571 			if (str2type (*argv, &type))
572 				exit_error(gettext(
573 					"Invalid IP address type specified."));
574 			++argv;
575 			if (!*argv)
576 				exit_usage(1);
577 
578 			if (str2ipaddr(*argv, addr, type))
579 				exit_error(gettext(
580 					"Invalid IP address specified."));
581 			break;
582 
583 		case AC_ARG_SETCLASS:
584 		case AC_ARG_SETESTATE:
585 			++argv;
586 			if (!*argv)
587 				exit_usage(1);
588 			if (strisnum(*argv))
589 				chk_event_num(AC_KERN_EVENT,
590 					(au_event_t)atol(*argv));
591 			else
592 				chk_event_str(AC_KERN_EVENT, *argv);
593 			++argv;
594 			if (!*argv)
595 				exit_usage(1);
596 			str2mask(*argv, &pmask);
597 			break;
598 
599 		case AC_ARG_SETKERNSTATE:
600 		case AC_ARG_SETKMASK:
601 			++argv;
602 			if (!*argv)
603 				exit_usage(1);
604 			str2mask(*argv, &pmask);
605 			break;
606 
607 		case AC_ARG_SETPOLICY:
608 			++argv;
609 			if (!*argv)
610 				exit_usage(1);
611 			break;
612 
613 		case AC_ARG_SETSTAT:
614 			break;
615 
616 		case AC_ARG_GETPINFO:
617 			++argv;
618 			if (!*argv)
619 				exit_usage(1);
620 			break;
621 
622 		case AC_ARG_SETPMASK:
623 			++argv;
624 			if (!*argv)
625 				exit_usage(1);
626 			++argv;
627 			if (!*argv)
628 				exit_usage(1);
629 			str2mask(*argv, &pmask);
630 			break;
631 
632 		case AC_ARG_SETQBUFSZ:
633 			++argv;
634 			if (!*argv)
635 				exit_usage(1);
636 			if (!strisnum(*argv))
637 				exit_error(gettext("Invalid bufsz specified."));
638 			break;
639 
640 		case AC_ARG_SETQCTRL:
641 			++argv;
642 			if (!*argv)
643 				exit_usage(1);
644 			if (!strisnum(*argv))
645 				exit_error(gettext(
646 					"Invalid hiwater specified."));
647 			++argv;
648 			if (!*argv)
649 				exit_usage(1);
650 			if (!strisnum(*argv))
651 				exit_error(gettext(
652 					gettext("Invalid lowater specified.")));
653 			++argv;
654 			if (!*argv)
655 				exit_usage(1);
656 			if (!strisnum(*argv))
657 				exit_error(gettext("Invalid bufsz specified."));
658 			++argv;
659 			if (!*argv)
660 				exit_usage(1);
661 			if (!strisnum(*argv))
662 				exit_error(gettext("Invalid delay specified."));
663 			break;
664 
665 		case AC_ARG_SETQDELAY:
666 			++argv;
667 			if (!*argv)
668 				exit_usage(1);
669 			if (!strisnum(*argv))
670 				exit_error(gettext("Invalid delay specified."));
671 			break;
672 
673 		case AC_ARG_SETQHIWATER:
674 			++argv;
675 			if (!*argv)
676 				exit_usage(1);
677 			if (!strisnum(*argv))
678 				exit_error(gettext(
679 					"Invalid hiwater specified."));
680 			break;
681 
682 		case AC_ARG_SETQLOWATER:
683 			++argv;
684 			if (!*argv)
685 				exit_usage(1);
686 			if (!strisnum(*argv))
687 				exit_error(gettext(
688 					"Invalid lowater specified."));
689 			break;
690 
691 		case AC_ARG_SETTERMID:
692 			++argv;
693 			if (!*argv)
694 				exit_usage(1);
695 			chk_tid(*argv);
696 			break;
697 
698 		case AC_ARG_SETUSERAUDIT:
699 			++argv;
700 			if (!*argv)
701 				exit_usage(1);
702 			++argv;
703 			if (!*argv)
704 				exit_usage(1);
705 			break;
706 		case AC_ARG_SETSMASK:
707 			++argv;
708 			if (!*argv)
709 				exit_usage(1);
710 			++argv;
711 			if (!*argv)
712 				exit_usage(1);
713 			str2mask(*argv, &smask);
714 			break;
715 
716 		case AC_ARG_SETUMASK:
717 			++argv;
718 			if (!*argv)
719 				exit_usage(1);
720 			++argv;
721 			if (!*argv)
722 				exit_usage(1);
723 			str2mask(*argv, &umask);
724 			break;
725 
726 		case AC_ARG_GETFSIZE:
727 			break;
728 
729 		case AC_ARG_SETFSIZE:
730 			++argv;
731 			if (!*argv)
732 				exit_usage(1);
733 			if (!strisnum(*argv))
734 				exit_error(gettext(
735 					"Invalid hiwater specified."));
736 			break;
737 
738 		default:
739 			exit_error(gettext("Internal error #1."));
740 			break;
741 
742 
743 		}
744 	}
745 }
746 
747 
748 /*
749  * do_args()
750  *     Desc: Do command line arguments in the order in which they appear.
751  */
752 static void
753 do_args(argv)
754 	char **argv;
755 {
756 	struct arg_entry *ae;
757 
758 	for (++argv; *argv; argv++) {
759 		ae = get_arg_ent(*argv);
760 
761 		switch (ae->auditconfig_cmd) {
762 
763 		case AC_ARG_AUDIT:
764 			{
765 				char sorf;
766 				int  retval;
767 				char *event_name;
768 				char *audit_str;
769 
770 				++argv;
771 				event_name = *argv;
772 				++argv;
773 				sorf = (char)atoi(*argv);
774 				++argv;
775 				retval = atoi(*argv);
776 				++argv;
777 				audit_str = *argv;
778 				do_audit(event_name, sorf, retval, audit_str);
779 			}
780 			break;
781 
782 		case AC_ARG_CHKCONF:
783 			do_chkconf();
784 			break;
785 
786 		case AC_ARG_CONF:
787 			do_conf();
788 			break;
789 
790 		case AC_ARG_CHKACONF:
791 			do_chkaconf();
792 			break;
793 
794 		case AC_ARG_ACONF:
795 			do_aconf();
796 			break;
797 
798 		case AC_ARG_GETASID:
799 		case AC_ARG_GETSID:
800 			do_getasid();
801 			break;
802 
803 		case AC_ARG_GETAUID:
804 			do_getauid();
805 			break;
806 
807 		case AC_ARG_GETAUDIT:
808 			do_getaudit();
809 			break;
810 
811 		case AC_ARG_GETKAUDIT:
812 			do_getkaudit();
813 			break;
814 
815 		case AC_ARG_GETCLASS:
816 		case AC_ARG_GETESTATE:
817 			++argv;
818 			do_getclass(*argv);
819 			break;
820 
821 		case AC_ARG_GETCAR:
822 			do_getcar();
823 			break;
824 
825 		case AC_ARG_GETCOND:
826 			do_getcond();
827 			break;
828 
829 		case AC_ARG_GETCWD:
830 			do_getcwd();
831 			break;
832 
833 		case AC_ARG_GETKERNSTATE:
834 		case AC_ARG_GETKMASK:
835 			do_getkmask();
836 			break;
837 
838 		case AC_ARG_GETPOLICY:
839 			do_getpolicy();
840 			break;
841 
842 		case AC_ARG_GETQBUFSZ:
843 			do_getqbufsz();
844 			break;
845 
846 		case AC_ARG_GETQCTRL:
847 			do_getqctrl();
848 			break;
849 
850 		case AC_ARG_GETQDELAY:
851 			do_getqdelay();
852 			break;
853 
854 		case AC_ARG_GETQHIWATER:
855 			do_getqhiwater();
856 			break;
857 
858 		case AC_ARG_GETQLOWATER:
859 			do_getqlowater();
860 			break;
861 
862 		case AC_ARG_GETSTAT:
863 			do_getstat();
864 			break;
865 
866 		case AC_ARG_GETTERMID:
867 			do_gettermid();
868 			break;
869 
870 		case AC_ARG_GETUSERAUDIT:
871 			++argv;
872 			do_getuseraudit(*argv);
873 			break;
874 
875 		case AC_ARG_LSEVENT:
876 			do_lsevent();
877 			break;
878 
879 		case AC_ARG_LSPOLICY:
880 			do_lspolicy();
881 			break;
882 
883 		case AC_ARG_SETASID:
884 			{
885 				char *sid_str;
886 
887 				++argv;
888 				sid_str = *argv;
889 				++argv;
890 				do_setasid(sid_str, argv);
891 			}
892 			break;
893 
894 		case AC_ARG_SETAUID:
895 			{
896 				char *user;
897 
898 				++argv;
899 				user = *argv;
900 				++argv;
901 				do_setauid(user, argv);
902 			}
903 			break;
904 
905 		case AC_ARG_SETAUDIT:
906 			{
907 				char *user_str;
908 				char *mask_str;
909 				char *tid_str;
910 				char *sid_str;
911 
912 				++argv;
913 				user_str = *argv;
914 				++argv;
915 				mask_str = *argv;
916 				++argv;
917 				tid_str = *argv;
918 				++argv;
919 				sid_str = *argv;
920 				++argv;
921 				do_setaudit(user_str, mask_str,
922 				    tid_str, sid_str, argv);
923 			}
924 			break;
925 
926 		case AC_ARG_SETKAUDIT:
927 			{
928 				char *address_type, *address;
929 
930 				++argv; address_type = *argv;
931 				++argv; address = *argv;
932 				do_setkaudit(address_type, address);
933 			}
934 			break;
935 
936 		case AC_ARG_SETCLASS:
937 		case AC_ARG_SETESTATE:
938 			{
939 				char *event_str, *audit_flags;
940 
941 				++argv; event_str = *argv;
942 				++argv; audit_flags = *argv;
943 				do_setclass(event_str, audit_flags);
944 			}
945 			break;
946 
947 		case AC_ARG_SETKERNSTATE:
948 		case AC_ARG_SETKMASK:
949 			++argv;
950 			do_setkmask(*argv);
951 			break;
952 
953 		case AC_ARG_SETPOLICY:
954 			++argv;
955 			do_setpolicy(*argv);
956 			break;
957 
958 		case AC_ARG_GETPINFO:
959 			{
960 				char *pid_str;
961 
962 				++argv;
963 				pid_str = *argv;
964 				do_getpinfo(pid_str);
965 			}
966 			break;
967 
968 		case AC_ARG_SETPMASK:
969 			{
970 				char *pid_str;
971 				char *audit_flags;
972 
973 				++argv;
974 				pid_str = *argv;
975 				++argv;
976 				audit_flags = *argv;
977 				do_setpmask(pid_str, audit_flags);
978 			}
979 			break;
980 
981 		case AC_ARG_SETSTAT:
982 			do_setstat();
983 			break;
984 
985 		case AC_ARG_SETQBUFSZ:
986 			++argv;
987 			do_setqbufsz(*argv);
988 			break;
989 
990 		case AC_ARG_SETQCTRL:
991 			{
992 				char *hiwater, *lowater, *bufsz, *delay;
993 
994 				++argv; hiwater = *argv;
995 				++argv; lowater = *argv;
996 				++argv; bufsz = *argv;
997 				++argv; delay = *argv;
998 				do_setqctrl(hiwater, lowater, bufsz, delay);
999 			}
1000 			break;
1001 		case AC_ARG_SETQDELAY:
1002 			++argv;
1003 			do_setqdelay(*argv);
1004 			break;
1005 
1006 		case AC_ARG_SETQHIWATER:
1007 			++argv;
1008 			do_setqhiwater(*argv);
1009 			break;
1010 
1011 		case AC_ARG_SETQLOWATER:
1012 			++argv;
1013 			do_setqlowater(*argv);
1014 			break;
1015 
1016 		case AC_ARG_SETTERMID:
1017 			++argv;
1018 			do_settid(*argv);
1019 			break;
1020 
1021 		case AC_ARG_SETUSERAUDIT:
1022 			{
1023 				char *user;
1024 				char *aflags;
1025 
1026 				++argv;
1027 				user = *argv;
1028 				++argv;
1029 				aflags = *argv;
1030 				do_setuseraudit(user, aflags);
1031 			}
1032 			break;
1033 		case AC_ARG_SETSMASK:
1034 			{
1035 				char *asid_str;
1036 				char *audit_flags;
1037 
1038 				++argv;
1039 				asid_str = *argv;
1040 				++argv;
1041 				audit_flags = *argv;
1042 				do_setsmask(asid_str, audit_flags);
1043 			}
1044 			break;
1045 		case AC_ARG_SETUMASK:
1046 			{
1047 				char *auid_str;
1048 				char *audit_flags;
1049 
1050 				++argv;
1051 				auid_str = *argv;
1052 				++argv;
1053 				audit_flags = *argv;
1054 				do_setumask(auid_str, audit_flags);
1055 			}
1056 			break;
1057 		case AC_ARG_GETFSIZE:
1058 			do_getfsize();
1059 			break;
1060 		case AC_ARG_SETFSIZE:
1061 			++argv;
1062 			do_setfsize(*argv);
1063 			break;
1064 
1065 		default:
1066 			exit_error(gettext("Internal error #2."));
1067 			break;
1068 
1069 		}
1070 	}
1071 
1072 }
1073 
1074 /*
1075  * The returned value is for the global zone unless AUDIT_PERZONE is
1076  * set.
1077  */
1078 
1079 static void
1080 do_chkconf()
1081 {
1082 	register au_event_ent_t *evp;
1083 	au_mask_t pmask;
1084 	char conf_aflags[256];
1085 	char run_aflags[256];
1086 	au_stat_t as;
1087 	int class;
1088 	int			len;
1089 	struct au_evclass_map	cmap;
1090 
1091 	pmask.am_success = pmask.am_failure = 0;
1092 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1093 
1094 	setauevent();
1095 	if ((evp = getauevent()) == (au_event_ent_t *)NULL) {
1096 		(void) exit_error(gettext(
1097 			"NO AUDIT EVENTS: Could not read %s\n."),
1098 			AUDITEVENTFILE);
1099 	}
1100 
1101 	setauevent();
1102 	while ((evp = getauevent()) != (au_event_ent_t *)NULL) {
1103 		cmap.ec_number = evp->ae_number;
1104 		len = sizeof (struct au_evclass_map);
1105 		if (evp->ae_number <= as.as_numevent)
1106 			if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) {
1107 				(void) printf("%s(%d):%s",
1108 				evp->ae_name, evp->ae_number, gettext(
1109 "UNKNOWN EVENT: Could not get class for event. Configuration may be bad.\n"));
1110 			} else {
1111 				class = cmap.ec_class;
1112 				if (class != evp->ae_class) {
1113 					conf_aflags[0] = run_aflags[0] = '\0';
1114 					pmask.am_success = class;
1115 					pmask.am_failure = class;
1116 					(void) getauditflagschar(run_aflags,
1117 						&pmask, 0);
1118 					pmask.am_success = evp->ae_class;
1119 					pmask.am_failure = evp->ae_class;
1120 					(void) getauditflagschar(conf_aflags,
1121 						&pmask, 0);
1122 
1123 					(void) printf(gettext(
1124 "%s(%d): CLASS MISMATCH: runtime class (%s) != configured class (%s)\n"),
1125 					evp->ae_name, evp->ae_number,
1126 					NONE(run_aflags), NONE(conf_aflags));
1127 				}
1128 			}
1129 	}
1130 	endauevent();
1131 
1132 }
1133 
1134 /*
1135  * The returned value is for the global zone unless AUDIT_PERZONE is
1136  * set.
1137  */
1138 static void
1139 do_conf()
1140 {
1141 	register au_event_ent_t *evp;
1142 	register int i;
1143 	au_evclass_map_t ec;
1144 	au_stat_t as;
1145 
1146 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1147 
1148 	i = 0;
1149 	setauevent();
1150 	while ((evp = getauevent()) != (au_event_ent_t *)NULL) {
1151 		if (evp->ae_number <= as.as_numevent) {
1152 			++i;
1153 			ec.ec_number = evp->ae_number;
1154 			ec.ec_class = evp->ae_class;
1155 			eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec));
1156 		}
1157 	}
1158 	endauevent();
1159 	(void) printf(gettext("Configured %d kernel events.\n"), i);
1160 
1161 }
1162 
1163 /*
1164  * The returned value is for the global zone unless AUDIT_PERZONE is
1165  * set.
1166  */
1167 
1168 static void
1169 do_chkaconf()
1170 {
1171 	char buf[1024];
1172 	au_mask_t pmask, kmask;
1173 
1174 	if (getacna(buf, sizeof (buf)) < 0) {
1175 		(void) fprintf(stderr,
1176 		    gettext("bad non-attributable flags in audit_control\n"));
1177 		exit(1);
1178 	}
1179 
1180 	if (getauditflagsbin(buf, &pmask) < 0) {
1181 		(void) fprintf(stderr,
1182 		    gettext("bad audit flag value encountered\n"));
1183 		exit(1);
1184 	}
1185 
1186 	eauditon(A_GETKMASK, (caddr_t)&kmask, (int)sizeof (kmask));
1187 
1188 	if ((pmask.am_success != kmask.am_success) ||
1189 	    (pmask.am_failure != kmask.am_failure)) {
1190 		char kbuf[2048];
1191 		if (getauditflagschar(kbuf, &kmask, 0) < 0) {
1192 			(void) fprintf(stderr,
1193 			    gettext("bad kernel non-attributable mask\n"));
1194 			exit(1);
1195 		}
1196 		(void) printf(gettext("non-attributable event mismatch "));
1197 		(void) printf(gettext("audit_control(%s) kernel(%s)\n"),
1198 			buf, kbuf);
1199 	}
1200 }
1201 
1202 /*
1203  * The returned value is for the global zone unless AUDIT_PERZONE is
1204  * set.
1205  */
1206 
1207 static void
1208 do_aconf()
1209 {
1210 	char buf[2048];
1211 	au_mask_t pmask;
1212 
1213 	if (getacna(buf, sizeof (buf)) < 0) {
1214 		(void) fprintf(stderr,
1215 		    gettext("bad non-attributable flags in audit_control\n"));
1216 		exit(1);
1217 	}
1218 
1219 	if (getauditflagsbin(buf, &pmask) < 0) {
1220 		(void) fprintf(stderr,
1221 		    gettext("bad audit flag value encountered\n"));
1222 		exit(1);
1223 	}
1224 
1225 	eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
1226 
1227 	(void) printf(gettext("Configured non-attributable events.\n"));
1228 }
1229 
1230 static void
1231 do_audit(event, sorf, retval, audit_str)
1232 	char *event;
1233 	char sorf;
1234 	int retval;
1235 	char *audit_str;
1236 {
1237 	int rtn;
1238 	int rd;
1239 	au_event_t event_num;
1240 	au_event_ent_t *evp;
1241 	auditinfo_addr_t ai;
1242 	token_t *tokp;
1243 
1244 	egetaudit(&ai, sizeof (ai));
1245 
1246 	if (strisnum(event)) {
1247 		event_num = (au_event_t)atoi(event);
1248 		evp = egetauevnum(event_num);
1249 	} else
1250 		evp = egetauevnam(event);
1251 
1252 	rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf,
1253 		AU_PRS_USECACHE);
1254 
1255 	if (rtn == -1)
1256 		exit_error("%s\n%s %d\n",
1257 			gettext("Check audit event configuration."),
1258 			gettext("Could not get audit class for event number"),
1259 			evp->ae_number);
1260 
1261 	/* record is preselected */
1262 	if (rtn == 1) {
1263 		if ((rd = au_open()) == -1)
1264 			exit_error(gettext(
1265 				"Could not get and audit record descriptor\n"));
1266 		if ((tokp = au_to_me()) == (token_t *)NULL)
1267 			exit_error(gettext(
1268 				"Could not allocate subject token\n"));
1269 		if (au_write(rd, tokp) == -1)
1270 exit_error(gettext("Could not construct subject token of audit record\n"));
1271 
1272 		if (tsol_on) {
1273 			if ((tokp = au_to_mylabel()) == (token_t *)NULL)
1274 				exit_error(gettext(
1275 				    "Could not allocate slabel token\n"));
1276 			if (au_write(rd, tokp) == -1)
1277 exit_error(gettext("Could not construct slabel token of audit record\n"));
1278 		}
1279 
1280 		if ((tokp = au_to_text(audit_str)) == (token_t *)NULL)
1281 			exit_error(gettext("Could not allocate text token\n"));
1282 		if (au_write(rd, tokp) == -1)
1283 exit_error(gettext("Could not construct text token of audit record\n"));
1284 #ifdef _LP64
1285 		if ((tokp = au_to_return64(sorf, retval)) == (token_t *)NULL)
1286 #else
1287 		if ((tokp = au_to_return32(sorf, retval)) == (token_t *)NULL)
1288 #endif
1289 			exit_error(gettext(
1290 				"Could not allocate return token\n"));
1291 		if (au_write(rd, tokp) == -1)
1292 			exit_error(gettext(
1293 			"Could not construct return token of audit record\n"));
1294 		if (au_close(rd, 1, evp->ae_number) == -1)
1295 			exit_error(gettext(
1296 				"Could not write audit record: %s\n"),
1297 					strerror(errno));
1298 	}
1299 }
1300 
1301 static void
1302 do_getauid()
1303 {
1304 	au_id_t auid;
1305 
1306 	egetauid(&auid);
1307 	print_auid(auid);
1308 }
1309 
1310 static void
1311 do_getaudit()
1312 {
1313 	auditinfo_addr_t ai;
1314 
1315 	egetaudit(&ai, sizeof (ai));
1316 	print_auid(ai.ai_auid);
1317 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
1318 	print_tid_ex(&ai.ai_termid);
1319 	print_asid(ai.ai_asid);
1320 }
1321 
1322 static void
1323 do_getkaudit()
1324 {
1325 	auditinfo_addr_t ai;
1326 
1327 	egetkaudit(&ai, sizeof (ai));
1328 	print_auid(ai.ai_auid);
1329 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
1330 	print_tid_ex(&ai.ai_termid);
1331 	print_asid(ai.ai_asid);
1332 }
1333 
1334 /*
1335  * per zone if AUDIT_PERZONE set, else only in global zone.
1336  */
1337 
1338 static void
1339 do_setkaudit(t, s)
1340 	char *t;
1341 	char *s;
1342 {
1343 	uint_t type;
1344 	auditinfo_addr_t ai;
1345 
1346 	egetkaudit(&ai, sizeof (ai));
1347 	(void) str2type(t, &type);
1348 	(void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type);
1349 	ai.ai_termid.at_type = type;
1350 	esetkaudit(&ai, sizeof (ai));
1351 }
1352 
1353 /*
1354  * returns zone-relative root
1355  */
1356 
1357 static void
1358 do_getcar()
1359 {
1360 	char path[MAXPATHLEN];
1361 
1362 	eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path));
1363 	(void) printf(gettext("current active root = %s\n"), path);
1364 }
1365 
1366 /*
1367  * The returned value is for the global zone unless AUDIT_PERZONE is
1368  * set.
1369  */
1370 
1371 static void
1372 do_getclass(event_str)
1373 	char *event_str;
1374 {
1375 	au_evclass_map_t ec;
1376 	au_event_ent_t *evp;
1377 	au_event_t event_number;
1378 	char *event_name;
1379 	char desc[256];
1380 
1381 	if (strisnum(event_str)) {
1382 		event_number = atol(event_str);
1383 		if ((evp = egetauevnum(event_number)) !=
1384 				(au_event_ent_t *)NULL) {
1385 			event_number = evp->ae_number;
1386 			event_name = evp->ae_name;
1387 		} else
1388 			event_name = gettext("unknown");
1389 	} else {
1390 		event_name = event_str;
1391 		if ((evp = egetauevnam(event_str)) != (au_event_ent_t *)NULL)
1392 			event_number = evp->ae_number;
1393 	}
1394 
1395 	ec.ec_number = event_number;
1396 	eauditon(A_GETCLASS, (caddr_t)&ec, 0);
1397 
1398 	(void) sprintf(desc, gettext("audit class mask for event %s(%d)"),
1399 			event_name, event_number);
1400 	print_mask1(desc, ec.ec_class);
1401 }
1402 
1403 /*
1404  * The returned value is for the global zone unless AUDIT_PERZONE is
1405  * set.  (AUC_DISABLED is always global, the other states are per zone
1406  * if AUDIT_PERZONE is set)
1407  */
1408 
1409 static void
1410 do_getcond()
1411 {
1412 	char cond_str[16];
1413 	uint_t cond;
1414 
1415 	eauditon(A_GETCOND, (caddr_t)&cond, (int)sizeof (cond));
1416 
1417 	(void) cond2str(cond, cond_str);
1418 	(void) printf(gettext("audit condition = %s\n"), cond_str);
1419 }
1420 
1421 /*
1422  * returned path is relative to zone root
1423  */
1424 
1425 static void
1426 do_getcwd()
1427 {
1428 	char path[MAXPATHLEN];
1429 
1430 	eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path));
1431 	(void) printf(gettext("current working directory = %s\n"), path);
1432 }
1433 
1434 /*
1435  * The returned value is for the global zone unless AUDIT_PERZONE is
1436  * set.
1437  */
1438 
1439 static void
1440 do_getkmask()
1441 {
1442 	au_mask_t pmask;
1443 
1444 	eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
1445 	print_mask(gettext("audit flags for non-attributable events"), &pmask);
1446 }
1447 
1448 /*
1449  * The returned value is for the global zone unless AUDIT_PERZONE is
1450  * set. (some policies can only be set from the global zone, but all
1451  * can be read from anywhere.)
1452  */
1453 
1454 static void
1455 do_getpolicy()
1456 {
1457 	char policy_str[1024];
1458 	uint_t policy;
1459 
1460 	eauditon(A_GETPOLICY, (caddr_t)&policy, 0);
1461 	(void) policy2str(policy, policy_str, sizeof (policy_str));
1462 	(void) printf(gettext("audit policies = %s\n"), policy_str);
1463 }
1464 
1465 static void
1466 do_getpinfo(pid_str)
1467 	char *pid_str;
1468 {
1469 	struct auditpinfo_addr ap;
1470 
1471 	if (strisnum(pid_str))
1472 		ap.ap_pid = (pid_t)atoi(pid_str);
1473 	else
1474 		exit_usage(1);
1475 
1476 	eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap));
1477 
1478 	print_auid(ap.ap_auid);
1479 	print_mask(gettext("process preselection mask"), &(ap.ap_mask));
1480 	print_tid_ex(&(ap.ap_termid));
1481 	print_asid(ap.ap_asid);
1482 }
1483 
1484 /*
1485  * The returned value is for the global zone unless AUDIT_PERZONE is
1486  * set.
1487  */
1488 
1489 static void
1490 do_getqbufsz()
1491 {
1492 	struct au_qctrl qctrl;
1493 
1494 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1495 	(void) printf(gettext("audit queue buffer size (bytes) = %ld\n"),
1496 		qctrl.aq_bufsz);
1497 }
1498 
1499 /*
1500  * The returned value is for the global zone unless AUDIT_PERZONE is
1501  * set.
1502  */
1503 
1504 static void
1505 do_getqctrl()
1506 {
1507 	struct au_qctrl qctrl;
1508 
1509 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1510 	(void) printf(gettext("audit queue hiwater mark (records) = %ld\n"),
1511 		qctrl.aq_hiwater);
1512 	(void) printf(gettext("audit queue lowater mark (records) = %ld\n"),
1513 		qctrl.aq_lowater);
1514 	(void) printf(gettext("audit queue buffer size (bytes) = %ld\n"),
1515 		qctrl.aq_bufsz);
1516 	(void) printf(gettext("audit queue delay (ticks) = %ld\n"),
1517 		qctrl.aq_delay);
1518 }
1519 
1520 /*
1521  * The returned value is for the global zone unless AUDIT_PERZONE is
1522  * set.
1523  */
1524 
1525 static void
1526 do_getqdelay()
1527 {
1528 	struct au_qctrl qctrl;
1529 
1530 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1531 	(void) printf(gettext("audit queue delay (ticks) = %ld\n"),
1532 		qctrl.aq_delay);
1533 }
1534 
1535 /*
1536  * The returned value is for the global zone unless AUDIT_PERZONE is
1537  * set.
1538  */
1539 
1540 static void
1541 do_getqhiwater()
1542 {
1543 	struct au_qctrl qctrl;
1544 
1545 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1546 	(void) printf(gettext("audit queue hiwater mark (records) = %ld\n"),
1547 		qctrl.aq_hiwater);
1548 }
1549 
1550 /*
1551  * The returned value is for the global zone unless AUDIT_PERZONE is
1552  * set.
1553  */
1554 
1555 static void
1556 do_getqlowater()
1557 {
1558 	struct au_qctrl qctrl;
1559 
1560 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1561 	(void) printf(gettext("audit queue lowater mark (records) = %ld\n"),
1562 		qctrl.aq_lowater);
1563 }
1564 
1565 static void
1566 do_getasid()
1567 {
1568 	auditinfo_addr_t ai;
1569 
1570 	if (getaudit_addr(&ai, sizeof (ai))) {
1571 		exit_error(gettext("getaudit_addr(2) failed"));
1572 	}
1573 	print_asid(ai.ai_asid);
1574 }
1575 
1576 /*
1577  * The stats are for the entire system unless AUDIT_PERZONE is set.
1578  */
1579 
1580 static void
1581 do_getstat()
1582 {
1583 	au_stat_t as;
1584 
1585 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1586 	print_stats(&as);
1587 }
1588 
1589 static void
1590 do_gettermid()
1591 {
1592 	auditinfo_addr_t ai;
1593 
1594 	if (getaudit_addr(&ai, sizeof (ai))) {
1595 		exit_error(gettext("getaudit_addr(2) failed"));
1596 	}
1597 	print_tid_ex(&ai.ai_termid);
1598 }
1599 
1600 /*
1601  * The returned value is for the global zone unless AUDIT_PERZONE is
1602  * set.
1603  */
1604 
1605 static void
1606 do_getfsize()
1607 {
1608 	au_fstat_t fstat;
1609 
1610 	eauditon(A_GETFSIZE, (caddr_t)&fstat, 0);
1611 	(void) printf(gettext("Maximum file size %d, current file size %d\n"),
1612 		fstat.af_filesz, fstat.af_currsz);
1613 }
1614 
1615 /*ARGSUSED*/
1616 static void
1617 do_getuseraudit(user)
1618 char *user;
1619 {
1620 	(void) printf(gettext("-getuseraudit supported on SunOS CMW only.\n"));
1621 }
1622 
1623 /*
1624  * The returned value is for the global zone unless AUDIT_PERZONE is
1625  * set.
1626  */
1627 
1628 static void
1629 do_lsevent()
1630 {
1631 	register au_event_ent_t *evp;
1632 	au_mask_t pmask;
1633 	char auflags[256];
1634 
1635 	setauevent();
1636 	if ((evp = getauevent()) == (au_event_ent_t *)NULL) {
1637 		(void) exit_error(gettext(
1638 			"NO AUDIT EVENTS: Could not read %s\n."),
1639 			AUDITEVENTFILE);
1640 	}
1641 
1642 	setauevent();
1643 	while ((evp = getauevent()) != (au_event_ent_t *)NULL) {
1644 		pmask.am_success = pmask.am_failure = evp->ae_class;
1645 		if (getauditflagschar(auflags, &pmask, 0) == -1)
1646 			(void) strcpy(auflags, "unknown");
1647 		(void) printf("%-30s %5d %s %s\n",
1648 			evp->ae_name, evp->ae_number, auflags, evp->ae_desc);
1649 	}
1650 	endauevent();
1651 }
1652 
1653 /*
1654  * The returned value is for the global zone unless AUDIT_PERZONE is
1655  * set.
1656  */
1657 
1658 static void
1659 do_lspolicy()
1660 {
1661 	int i;
1662 
1663 	/*
1664 	 * TRANSLATION_NOTE
1665 	 *	Print a properly aligned header.
1666 	 */
1667 	(void) printf(gettext("policy string    description:\n"));
1668 	for (i = 0; i < POLICY_TBL_SZ; i++) {
1669 		if ((policy_table[i].policy_flags & AC_TSOL) && !tsol_on)
1670 			continue;	/* skip this entry */
1671 		(void) printf("%-17s%s\n", policy_table[i].policy_str,
1672 		    gettext(policy_table[i].policy_desc));
1673 	}
1674 }
1675 
1676 static void
1677 do_setasid(sid_str, argv)
1678 	char *sid_str;
1679 	char **argv;
1680 {
1681 	struct auditinfo_addr ai;
1682 
1683 	if (getaudit_addr(&ai, sizeof (ai))) {
1684 		exit_error(gettext("getaudit_addr(2) failed"));
1685 	}
1686 	ai.ai_asid = (au_asid_t)atol(sid_str);
1687 	if (setaudit_addr(&ai, sizeof (ai))) {
1688 		exit_error(gettext("setaudit_addr(2) failed"));
1689 	}
1690 	execit(argv);
1691 }
1692 
1693 static void
1694 do_setaudit(user_str, mask_str, tid_str, sid_str, argv)
1695 	char *user_str;
1696 	char *mask_str;
1697 	char *tid_str;
1698 	char *sid_str;
1699 	char **argv;
1700 {
1701 	auditinfo_addr_t ai;
1702 
1703 	ai.ai_auid = (au_id_t)get_user_id(user_str);
1704 	str2mask(mask_str, &ai.ai_mask),
1705 	str2tid(tid_str, &ai.ai_termid);
1706 	ai.ai_asid = (au_asid_t)atol(sid_str);
1707 
1708 	esetaudit(&ai, sizeof (ai));
1709 	execit(argv);
1710 }
1711 
1712 static void
1713 do_setauid(user, argv)
1714 	char *user;
1715 	char **argv;
1716 {
1717 	au_id_t auid;
1718 
1719 	auid = get_user_id(user);
1720 	esetauid(&auid);
1721 	execit(argv);
1722 }
1723 
1724 static void
1725 do_setpmask(pid_str, audit_flags)
1726 	char *pid_str;
1727 	char *audit_flags;
1728 {
1729 	struct auditpinfo ap;
1730 
1731 	if (strisnum(pid_str))
1732 		ap.ap_pid = (pid_t)atoi(pid_str);
1733 	else
1734 		exit_usage(1);
1735 
1736 	str2mask(audit_flags, &ap.ap_mask);
1737 
1738 	eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap));
1739 }
1740 
1741 static void
1742 do_setsmask(asid_str, audit_flags)
1743 	char *asid_str;
1744 	char *audit_flags;
1745 {
1746 	struct auditinfo ainfo;
1747 
1748 	if (strisnum(asid_str))
1749 		ainfo.ai_asid = (pid_t)atoi(asid_str);
1750 	else
1751 		exit_usage(1);
1752 
1753 	str2mask(audit_flags, &ainfo.ai_mask);
1754 
1755 	eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo));
1756 }
1757 
1758 static void
1759 do_setumask(auid_str, audit_flags)
1760 	char *auid_str;
1761 	char *audit_flags;
1762 {
1763 	struct auditinfo ainfo;
1764 
1765 	if (strisnum(auid_str))
1766 		ainfo.ai_auid = (pid_t)atoi(auid_str);
1767 	else
1768 		exit_usage(1);
1769 
1770 	str2mask(audit_flags, &ainfo.ai_mask);
1771 
1772 	eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo));
1773 }
1774 
1775 /*
1776  * local zone use is valid if AUDIT_PERZONE is set, otherwise the
1777  * syscall returns EPERM.
1778  */
1779 
1780 static void
1781 do_setstat()
1782 {
1783 	au_stat_t as;
1784 
1785 	as.as_audit	= (uint_t)-1;
1786 	as.as_auditctl	= (uint_t)-1;
1787 	as.as_dropped	= (uint_t)-1;
1788 	as.as_enqueue	= (uint_t)-1;
1789 	as.as_generated	= (uint_t)-1;
1790 	as.as_kernel	= (uint_t)-1;
1791 	as.as_nonattrib	= (uint_t)-1;
1792 	as.as_rblocked	= (uint_t)-1;
1793 	as.as_totalsize	= (uint_t)-1;
1794 	as.as_wblocked	= (uint_t)-1;
1795 	as.as_written	= (uint_t)-1;
1796 
1797 	eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as));
1798 	(void) puts(gettext("audit stats reset"));
1799 }
1800 
1801 /*ARGSUSED*/
1802 static void
1803 do_setuseraudit(user, auditflags)
1804 	char *user;
1805 	char *auditflags;
1806 {
1807 	(void) printf(gettext("-setuseraudit supported on SunOS CMW only.\n"));
1808 }
1809 
1810 /*
1811  * AUDIT_PERZONE set:  valid in all zones
1812  * AUDIT_PERZONE not set: valid in global zone only
1813  */
1814 
1815 static void
1816 do_setclass(event_str, audit_flags)
1817 	char *event_str;
1818 	char *audit_flags;
1819 {
1820 	au_event_t event;
1821 	int mask;
1822 	au_mask_t pmask;
1823 	au_evclass_map_t ec;
1824 	au_event_ent_t *evp;
1825 
1826 	if (strisnum(event_str))
1827 		event = (uint_t)atol(event_str);
1828 	else {
1829 		if ((evp = egetauevnam(event_str)) != (au_event_ent_t *)NULL)
1830 			event = evp->ae_number;
1831 	}
1832 
1833 	if (strisnum(audit_flags))
1834 		mask = atoi(audit_flags);
1835 	else {
1836 		str2mask(audit_flags, &pmask);
1837 		mask = pmask.am_success | pmask.am_failure;
1838 	}
1839 
1840 	ec.ec_number = event;
1841 	ec.ec_class = mask;
1842 	eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec));
1843 }
1844 
1845 /*
1846  * AUDIT_PERZONE set:  valid in all zones
1847  * AUDIT_PERZONE not set: valid in global zone only
1848  */
1849 
1850 static void
1851 do_setkmask(audit_flags)
1852 char *audit_flags;
1853 {
1854 	au_mask_t pmask;
1855 
1856 	str2mask(audit_flags, &pmask);
1857 	eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
1858 	print_mask(gettext("audit flags for non-attributable events"), &pmask);
1859 }
1860 
1861 /*
1862  * ahlt and perzone are global zone only; the other policies are valid
1863  * in a local zone if AUDIT_PERZONE is set.  The kernel insures that
1864  * a local zone can't change ahlt and perzone (EINVAL).
1865  */
1866 
1867 static void
1868 do_setpolicy(policy_str)
1869 char *policy_str;
1870 {
1871 	uint_t	policy;
1872 
1873 	switch (str2policy(policy_str, &policy)) {
1874 	case 2:
1875 		exit_error(gettext(
1876 			"policy (%s) invalid in a local zone."),
1877 			policy_str);
1878 		break;
1879 	default:
1880 		exit_error(gettext(
1881 		    "Invalid policy (%s) specified."),
1882 		    policy_str);
1883 		break;
1884 	case 0:
1885 		eauditon(A_SETPOLICY, (caddr_t)&policy, 0);
1886 		break;
1887 	}
1888 }
1889 
1890 /*
1891  * AUDIT_PERZONE set:  valid in all zones
1892  * AUDIT_PERZONE not set: valid in global zone only
1893  */
1894 
1895 static void
1896 do_setqbufsz(bufsz)
1897 char *bufsz;
1898 {
1899 	struct au_qctrl qctrl;
1900 
1901 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1902 	qctrl.aq_bufsz = atol(bufsz);
1903 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
1904 }
1905 
1906 /*
1907  * AUDIT_PERZONE set:  valid in all zones
1908  * AUDIT_PERZONE not set: valid in global zone only
1909  */
1910 
1911 static void
1912 do_setqctrl(hiwater, lowater, bufsz, delay)
1913 	char *hiwater;
1914 	char *lowater;
1915 	char *bufsz;
1916 	char *delay;
1917 {
1918 	struct au_qctrl qctrl;
1919 
1920 	qctrl.aq_hiwater = atol(hiwater);
1921 	qctrl.aq_lowater = atol(lowater);
1922 	qctrl.aq_bufsz = atol(bufsz);
1923 	qctrl.aq_delay = atol(delay);
1924 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
1925 }
1926 
1927 /*
1928  * AUDIT_PERZONE set:  valid in all zones
1929  * AUDIT_PERZONE not set: valid in global zone only
1930  */
1931 
1932 static void
1933 do_setqdelay(delay)
1934 char *delay;
1935 {
1936 	struct au_qctrl qctrl;
1937 
1938 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1939 	qctrl.aq_delay = atol(delay);
1940 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
1941 }
1942 
1943 /*
1944  * AUDIT_PERZONE set:  valid in all zones
1945  * AUDIT_PERZONE not set: valid in global zone only
1946  */
1947 
1948 static void
1949 do_setqhiwater(hiwater)
1950 char *hiwater;
1951 {
1952 	struct au_qctrl qctrl;
1953 
1954 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1955 	qctrl.aq_hiwater = atol(hiwater);
1956 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
1957 }
1958 
1959 /*
1960  * AUDIT_PERZONE set:  valid in all zones
1961  * AUDIT_PERZONE not set: valid in global zone only
1962  */
1963 
1964 static void
1965 do_setqlowater(lowater)
1966 	char *lowater;
1967 {
1968 	struct au_qctrl qctrl;
1969 
1970 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1971 	qctrl.aq_lowater = atol(lowater);
1972 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
1973 }
1974 
1975 /*
1976  * AUDIT_PERZONE set:  valid in all zones
1977  * AUDIT_PERZONE not set: valid in global zone only
1978  */
1979 
1980 static void
1981 do_settid(char *tid_str)
1982 {
1983 	struct auditinfo_addr ai;
1984 
1985 	if (getaudit_addr(&ai, sizeof (ai))) {
1986 		exit_error(gettext("getaudit_addr(2) failed"));
1987 	}
1988 
1989 	str2tid(tid_str, &ai.ai_termid);
1990 
1991 	if (setaudit_addr(&ai, sizeof (ai))) {
1992 		exit_error(gettext("setaudit_addr(2) failed"));
1993 	}
1994 }
1995 
1996 /*
1997  * AUDIT_PERZONE set:  valid in all zones
1998  * AUDIT_PERZONE not set: valid in global zone only
1999  */
2000 
2001 static void
2002 do_setfsize(size)
2003 	char *size;
2004 {
2005 	au_fstat_t fstat;
2006 
2007 	fstat.af_filesz = atol(size);
2008 	eauditon(A_SETFSIZE, (caddr_t)&fstat, 0);
2009 }
2010 
2011 static void
2012 eauditon(cmd, data, length)
2013 	int cmd;
2014 	caddr_t data;
2015 	int length;
2016 {
2017 	if (auditon(cmd, data, length) == -1)
2018 		exit_error(gettext("auditon(2) failed."));
2019 }
2020 
2021 static void
2022 egetauid(auid)
2023 	au_id_t *auid;
2024 {
2025 	if (getauid(auid) == -1)
2026 		exit_error(gettext("getauid(2) failed."));
2027 }
2028 
2029 static void
2030 egetaudit(ai, size)
2031 	auditinfo_addr_t *ai;
2032 	int size;
2033 {
2034 	if (getaudit_addr(ai, size) == -1)
2035 		exit_error(gettext("getaudit_addr(2) failed."));
2036 }
2037 
2038 static void
2039 egetkaudit(ai, size)
2040 	auditinfo_addr_t *ai;
2041 	int size;
2042 {
2043 	if (auditon(A_GETKAUDIT, (char *)ai, size) < 0)
2044 		exit_error(gettext("auditon: A_GETKAUDIT failed."));
2045 }
2046 
2047 static void
2048 esetkaudit(ai, size)
2049 	auditinfo_addr_t *ai;
2050 	int size;
2051 {
2052 	if (auditon(A_SETKAUDIT, (char *)ai, size) < 0)
2053 		exit_error(gettext("auditon: A_SETKAUDIT failed."));
2054 }
2055 
2056 static void
2057 egetauditflagsbin(auditflags, pmask)
2058 	char *auditflags;
2059 	au_mask_t *pmask;
2060 {
2061 	pmask->am_success = pmask->am_failure = 0;
2062 
2063 	if (strcmp(auditflags, "none") == 0)
2064 		return;
2065 
2066 	if (getauditflagsbin(auditflags, pmask) < 0) {
2067 		exit_error(gettext("Could not get audit flags (%s)"),
2068 			auditflags);
2069 	}
2070 }
2071 
2072 static au_event_ent_t *
2073 egetauevnum(event_number)
2074 	au_event_t event_number;
2075 {
2076 	au_event_ent_t *evp;
2077 
2078 	if ((evp = getauevnum(event_number)) == (au_event_ent_t *)NULL)
2079 		exit_error(gettext("Could not get audit event %d"),
2080 			event_number);
2081 
2082 	return (evp);
2083 }
2084 
2085 static au_event_ent_t *
2086 egetauevnam(event_name)
2087 	char *event_name;
2088 {
2089 	register au_event_ent_t *evp;
2090 
2091 	if ((evp = getauevnam(event_name)) == (au_event_ent_t *)NULL)
2092 		exit_error(gettext("Could not get audit event %s"), event_name);
2093 
2094 	return (evp);
2095 }
2096 
2097 static void
2098 esetauid(auid)
2099 	au_id_t *auid;
2100 {
2101 	if (setauid(auid) == -1)
2102 		exit_error(gettext("setauid(2) failed."));
2103 }
2104 
2105 static void
2106 esetaudit(ai, size)
2107 	auditinfo_addr_t *ai;
2108 	int size;
2109 {
2110 	if (setaudit_addr(ai, size) == -1)
2111 		exit_error(gettext("setaudit_addr(2) failed."));
2112 }
2113 
2114 static uid_t
2115 get_user_id(user)
2116 	char *user;
2117 {
2118 	struct passwd *pwd;
2119 	uid_t uid;
2120 
2121 	setpwent();
2122 	if (isdigit(*user)) {
2123 		uid = atoi(user);
2124 		if ((pwd = getpwuid(uid)) == (struct passwd *)NULL) {
2125 			exit_error(gettext("Invalid user: %s"), user);
2126 		}
2127 	} else {
2128 		if ((pwd = getpwnam(user)) == (struct passwd *)NULL) {
2129 			exit_error(gettext("Invalid user: %s"), user);
2130 		}
2131 	}
2132 	endpwent();
2133 
2134 	return (pwd->pw_uid);
2135 }
2136 
2137 /*
2138  * get_arg_ent()
2139  *     Inputs: command line argument string
2140  *     Returns ptr to policy_entry if found; null, if not found
2141  */
2142 static struct arg_entry *
2143 get_arg_ent(arg_str)
2144 	char *arg_str;
2145 {
2146 	struct arg_entry key;
2147 
2148 	key.arg_str = arg_str;
2149 
2150 	return ((struct arg_entry *)bsearch((char *)&key,
2151 	    (char *)arg_table, ARG_TBL_SZ, sizeof (struct arg_entry),
2152 	    arg_ent_compare));
2153 }
2154 
2155 /*
2156  * arg_ent_compare()
2157  *     Compares two command line arguments to determine which is
2158  *       lexicographically greater.
2159  *     Inputs: two argument map table entry pointers
2160  *     Returns: > 1: aep1->arg_str > aep2->arg_str
2161  *              < 1: aep1->arg_str < aep2->arg_str
2162  *                0: aep1->arg_str = aep->arg_str2
2163  */
2164 static int
2165 arg_ent_compare(aep1, aep2)
2166 struct arg_entry *aep1, *aep2;
2167 {
2168 	return (strcmp(aep1->arg_str, aep2->arg_str));
2169 }
2170 
2171 /*
2172  * Convert mask of the following forms:
2173  *
2174  *    audit_flags (ie. +lo,-ad,pc)
2175  *    0xffffffff,0xffffffff
2176  *    ffffffff,ffffffff
2177  *    20,20
2178  */
2179 static void
2180 str2mask(mask_str, mp)
2181 	char *mask_str;
2182 	au_mask_t *mp;
2183 {
2184 
2185 	char sp[256];
2186 	char fp[256];
2187 
2188 	mp->am_success = 0;
2189 	mp->am_failure = 0;
2190 
2191 	/*
2192 	 * a mask of the form +aa,bb,cc,-dd
2193 	 */
2194 	if (strisflags(mask_str)) {
2195 		egetauditflagsbin(mask_str, mp);
2196 	/*
2197 	 * a mask of the form 0xffffffff,0xffffffff or 1,1
2198 	 */
2199 	} else {
2200 		strsplit(mask_str, sp, fp, ',');
2201 
2202 		if (strlen(sp) > (size_t)2 && !strncasecmp(sp, "0x", 2))
2203 			(void) sscanf(sp + 2, "%x", &mp->am_success);
2204 		else
2205 			(void) sscanf(sp, "%u", &mp->am_success);
2206 
2207 		if (strlen(fp) > (size_t)2 && !strncasecmp(fp, "0x", 2))
2208 			(void) sscanf(fp + 2, "%x", &mp->am_failure);
2209 		else
2210 			(void) sscanf(fp, "%u", &mp->am_failure);
2211 	}
2212 }
2213 
2214 /*
2215  * tid_str is major,minor,host  -- host is a name or an ip address
2216  */
2217 
2218 static void
2219 str2tid(char *tid_str, au_tid_addr_t *tp)
2220 {
2221 	char *major_str = (char *)NULL;
2222 	char *minor_str = (char *)NULL;
2223 	char *host_str = (char *)NULL;
2224 	major_t major = 0;
2225 	major_t minor = 0;
2226 	dev_t dev = 0;
2227 	struct hostent *phe;
2228 	int err;
2229 	uint32_t ibuf;
2230 	uint32_t ibuf6[4];
2231 
2232 	tp->at_port = 0;
2233 	tp->at_type = 0;
2234 	bzero(tp->at_addr, 16);
2235 
2236 	major_str = tid_str;
2237 	if ((minor_str = strchr(tid_str, ',')) != NULL) {
2238 		*minor_str = '\0';
2239 		minor_str++;
2240 	}
2241 
2242 	if (minor_str)
2243 		if ((host_str = strchr(minor_str, ',')) != NULL) {
2244 			*host_str = '\0';
2245 			host_str++;
2246 		}
2247 
2248 	if (major_str)
2249 		major = (major_t)atoi(major_str);
2250 
2251 	if (minor_str)
2252 		minor = (minor_t)atoi(minor_str);
2253 
2254 	if ((dev = makedev(major, minor)) != NODEV)
2255 		tp->at_port = dev;
2256 
2257 	if (host_str) {
2258 		if (strisipaddr(host_str)) {
2259 		    if (inet_pton(AF_INET, host_str, &ibuf)) {
2260 			tp->at_addr[0] = ibuf;
2261 			tp->at_type = AU_IPv4;
2262 		    } else if (inet_pton(AF_INET6, host_str, ibuf6)) {
2263 			tp->at_addr[0] = ibuf6[0];
2264 			tp->at_addr[1] = ibuf6[1];
2265 			tp->at_addr[2] = ibuf6[2];
2266 			tp->at_addr[3] = ibuf6[3];
2267 			tp->at_type = AU_IPv6;
2268 		    }
2269 		} else {
2270 			phe = getipnodebyname((const void *)host_str,
2271 				AF_INET, 0, &err);
2272 			if (phe == 0) {
2273 				phe = getipnodebyname((const void *)host_str,
2274 					AF_INET6, 0, &err);
2275 			}
2276 
2277 			if (phe != NULL) {
2278 				if (phe->h_addrtype == AF_INET6) {
2279 					/* address is IPv6 (128 bits) */
2280 					(void) memcpy(&tp->at_addr[0],
2281 						phe->h_addr_list[0], 16);
2282 					tp->at_type = AU_IPv6;
2283 				} else {
2284 					/* address is IPv4 (32 bits) */
2285 					(void) memcpy(&tp->at_addr[0],
2286 						phe->h_addr_list[0], 4);
2287 					tp->at_type = AU_IPv4;
2288 				}
2289 				freehostent(phe);
2290 			}
2291 		}
2292 	}
2293 }
2294 
2295 static int
2296 cond2str(cond, cond_str)
2297 	uint_t cond;
2298 	char *cond_str;
2299 {
2300 	*cond_str = '\0';
2301 
2302 	if (cond == AUC_AUDITING) {
2303 		(void) strcpy(cond_str, "auditing");
2304 		return (0);
2305 	}
2306 
2307 	if ((cond == AUC_NOAUDIT) || (cond == AUC_INIT_AUDIT)) {
2308 		(void) strcpy(cond_str, "noaudit");
2309 		return (0);
2310 	}
2311 
2312 	if (cond == AUC_UNSET) {
2313 		(void) strcpy(cond_str, "unset");
2314 		return (0);
2315 	}
2316 
2317 	if (cond == AUC_NOSPACE) {
2318 		(void) strcpy(cond_str, "nospace");
2319 		return (0);
2320 	}
2321 
2322 	return (1);
2323 }
2324 
2325 static struct policy_entry *
2326 get_policy_ent(policy)
2327 	char *policy;
2328 {
2329 	int i;
2330 
2331 	for (i = 0; i < POLICY_TBL_SZ; i++) {
2332 		if ((policy_table[i].policy_flags & AC_TSOL) && !tsol_on)
2333 			continue;	/* skip this entry */
2334 		if (strcmp(strtolower(policy), policy_table[i].policy_str) == 0)
2335 			return (&policy_table[i]);
2336 	}
2337 
2338 	return ((struct policy_entry *)NULL);
2339 }
2340 
2341 static int
2342 str2policy(char *policy_str, uint_t *policy_mask)
2343 {
2344 	char		*buf;
2345 	char		*tok;
2346 	char		pfix;
2347 	boolean_t	is_all = 0;
2348 	uint_t		pm = 0;
2349 	uint_t		curp = 0;
2350 	struct		policy_entry *pep;
2351 
2352 	pfix = *policy_str;
2353 
2354 	if (pfix == '-' || pfix == '+' || pfix == '=')
2355 		++policy_str;
2356 
2357 	if ((buf = strdup(policy_str)) == NULL)
2358 		return (1);
2359 
2360 	for (tok = strtok(buf, ","); tok != NULL;
2361 				tok = strtok(NULL, ",")) {
2362 		if ((pep = get_policy_ent(tok)) == NULL) {
2363 			return (1);
2364 		} else {
2365 			pm |= pep->policy_mask;
2366 			if (pep->policy_mask == ALL_POLICIES)
2367 				is_all = 1;
2368 		}
2369 	}
2370 
2371 	free(buf);
2372 
2373 	if (pfix == '-') {
2374 		if (!is_all && (getzoneid() != GLOBAL_ZONEID) &&
2375 		    (pm & ~AUDIT_LOCAL))
2376 			return (2);
2377 
2378 		eauditon(A_GETPOLICY, (caddr_t)&curp, 0);
2379 		if (getzoneid() != GLOBAL_ZONEID)
2380 			curp &= AUDIT_LOCAL;
2381 		*policy_mask = curp & ~pm;
2382 	} else if (pfix == '+') {
2383 		/*
2384 		 * if the user is in a local zone and tries ahlt or
2385 		 * perzone, that's an error.  But if the user uses "all"
2386 		 * then make it work
2387 		 */
2388 		if (!is_all && (getzoneid() != GLOBAL_ZONEID) &&
2389 		    (pm & ~AUDIT_LOCAL))
2390 			return (2);
2391 		eauditon(A_GETPOLICY, (caddr_t)&curp, 0);
2392 		if (getzoneid() != GLOBAL_ZONEID) {
2393 			curp &= AUDIT_LOCAL;
2394 			if (is_all)
2395 				pm &= AUDIT_LOCAL;
2396 		}
2397 		*policy_mask = curp | pm;
2398 	} else {
2399 		if (is_all && (getzoneid() != GLOBAL_ZONEID))
2400 			pm &= AUDIT_LOCAL;
2401 
2402 		*policy_mask = pm;
2403 	}
2404 	return (0);
2405 }
2406 
2407 static int
2408 policy2str(policy, policy_str, len)
2409 	uint_t policy;
2410 	char *policy_str;
2411 	size_t len;
2412 {
2413 	int i, j;
2414 
2415 	if (policy == ALL_POLICIES) {
2416 		(void) strcpy(policy_str, "all");
2417 		return (1);
2418 	}
2419 
2420 	if (policy == NO_POLICIES) {
2421 		(void) strcpy(policy_str, "none");
2422 		return (1);
2423 	}
2424 
2425 	*policy_str = '\0';
2426 
2427 	for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) {
2428 		if ((policy_table[i].policy_flags & AC_TSOL) && !tsol_on)
2429 			continue;	/* skip this entry */
2430 		if (policy & policy_table[i].policy_mask &&
2431 		    policy_table[i].policy_mask != ALL_POLICIES) {
2432 			if (j++)
2433 				(void) strcat(policy_str, ",");
2434 			(void) strlcat(policy_str,
2435 			    policy_table[i].policy_str, len);
2436 		}
2437 	}
2438 
2439 	if (*policy_str)
2440 		return (0);
2441 
2442 	return (1);
2443 }
2444 
2445 
2446 static int
2447 strisnum(s)
2448 	char *s;
2449 {
2450 	if (s == (char *)NULL || !*s)
2451 		return (0);
2452 
2453 	for (; *s == '-' || *s == '+'; s++)
2454 
2455 	if (!*s)
2456 		return (0);
2457 
2458 	for (; *s; s++)
2459 		if (!isdigit(*s))
2460 			return (0);
2461 
2462 	return (1);
2463 }
2464 
2465 static int
2466 strisflags(s)
2467 	char *s;
2468 {
2469 	if (s == (char *)NULL || !*s)
2470 		return (0);
2471 
2472 	for (; *s; s++) {
2473 		if (!isalpha(*s) &&
2474 			(*s != '+' && *s != '-' && *s != '^' && *s != ','))
2475 			return (0);
2476 	}
2477 
2478 	return (1);
2479 }
2480 
2481 static int
2482 strisipaddr(s)
2483 	char *s;
2484 {
2485 	int dot = 0;
2486 	int colon = 0;
2487 
2488 	/* no string */
2489 	if ((s == (char *)NULL) || (!*s))
2490 		return (0);
2491 
2492 	for (; *s; s++) {
2493 		if (!(isxdigit(*s) || *s != '.' || *s != ':'))
2494 			return (0);
2495 		if (*s == '.') dot++;
2496 		if (*s == ':') colon++;
2497 	}
2498 
2499 	if (dot && colon)
2500 		return (0);
2501 
2502 	if (!dot && !colon)
2503 		return (0);
2504 
2505 	return (1);
2506 }
2507 
2508 static void
2509 strsplit(s, p1, p2, c)
2510 	char *s;
2511 	char *p1;
2512 	char *p2;
2513 	char c;
2514 {
2515 	*p1 = *p2 = '\0';
2516 
2517 	while (*s != '\0' && *s != c)
2518 		*p1++ = *s++;
2519 	*p1 = '\0';
2520 	s++;
2521 
2522 	while (*s != '\0')
2523 		*p2++ = *s++;
2524 	*p2 = '\0';
2525 }
2526 
2527 static char *
2528 strtolower(s)
2529 	char *s;
2530 {
2531 	char *save;
2532 
2533 	for (save = s; *s; s++)
2534 		(void) tolower(*s);
2535 
2536 	return (save);
2537 }
2538 
2539 static void
2540 chk_event_num(etype, event)
2541 	int etype;
2542 	au_event_t event;
2543 {
2544 	au_stat_t as;
2545 
2546 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
2547 
2548 	if (etype == AC_KERN_EVENT) {
2549 		if (event > as.as_numevent) {
2550 			exit_error(gettext("Invalid kernel audit event number "
2551 			"specified.\n\t%d is outside allowable range 0-%d."),
2552 			    event, as.as_numevent);
2553 		}
2554 	} else  { /* user event */
2555 		if (event <= as.as_numevent) {
2556 			exit_error(gettext(
2557 			"Invalid user level audit event number specified %d."),
2558 				event);
2559 		}
2560 	}
2561 }
2562 
2563 static void
2564 chk_event_str(etype, event_str)
2565 	int etype;
2566 	char *event_str;
2567 {
2568 	au_event_ent_t *evp;
2569 	au_stat_t as;
2570 
2571 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
2572 
2573 	evp = egetauevnam(event_str);
2574 	if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {
2575 		exit_error(
2576 		    gettext("Invalid kernel audit event string specified.\n"
2577 			"\t\"%s\" appears to be a user level event. "
2578 			"Check configuration."),
2579 		    event_str);
2580 	} else if (etype == AC_USER_EVENT &&
2581 			(evp->ae_number < as.as_numevent)) {
2582 		exit_error(
2583 		    gettext("Invalid user audit event string specified.\n"
2584 			"\t\"%s\" appears to be a kernel event. "
2585 			"Check configuration."),
2586 		    event_str);
2587 	}
2588 }
2589 
2590 static void
2591 chk_sorf(sorf_str)
2592 	char *sorf_str;
2593 {
2594 	if (!strisnum(sorf_str))
2595 		exit_error(gettext("Invalid sorf specified: %s"), sorf_str);
2596 }
2597 
2598 static void
2599 chk_retval(retval_str)
2600 	char *retval_str;
2601 {
2602 	if (!strisnum(retval_str))
2603 		exit_error(gettext("Invalid retval specified: %s"), retval_str);
2604 }
2605 
2606 static void
2607 chk_tid(tid_str)
2608 	char *tid_str;
2609 {
2610 	int c;
2611 	char *p;
2612 
2613 	/* need two commas (maj,min,hostname) */
2614 
2615 
2616 	for (p = tid_str, c = 0; *p; p++)
2617 		if (*p == ',')
2618 			++c;
2619 	if (c != 2)
2620 		exit_error(gettext("Invalid tid specified: %s"), tid_str);
2621 }
2622 
2623 static void
2624 execit(argv)
2625 	char **argv;
2626 {
2627 	char *shell;
2628 
2629 	if (*argv)
2630 		(void) execvp(*argv, argv);
2631 	else {
2632 		if (((shell = getenv("SHELL")) == (char *)NULL) ||
2633 			*shell != '/')
2634 			shell = "/bin/csh";
2635 
2636 		(void) execlp(shell, shell, (char *)NULL);
2637 	}
2638 
2639 	exit_error(gettext("exec(2) failed"));
2640 }
2641 
2642 /*
2643  * exit_error()
2644  *     Desc: Prints an error message along with corresponding system
2645  *                  error number and error message, then exits.
2646  *     Inputs: Program name, program error message.
2647  */
2648 /*PRINTFLIKE1*/
2649 static void
2650 exit_error(char *fmt, ...)
2651 {
2652 	va_list args;
2653 
2654 	(void) fprintf(stderr, "%s: ", progname);
2655 
2656 	va_start(args, fmt);
2657 	(void) vfprintf(stderr, fmt, args);
2658 	va_end(args);
2659 
2660 	(void) fputc('\n', stderr);
2661 	if (errno)
2662 		(void) fprintf(stderr, gettext("%s: error = %s(%d)\n"),
2663 			progname, strerror(errno), errno);
2664 	(void) fflush(stderr);
2665 
2666 	exit(1);
2667 }
2668 
2669 static void
2670 exit_usage(status)
2671 	int status;
2672 {
2673 	FILE *fp;
2674 	int i;
2675 
2676 	fp = (status ? stderr : stdout);
2677 	(void) fprintf(fp, gettext("usage: %s option ...\n"), progname);
2678 
2679 	for (i = 0; i < ARG2_TBL_SZ; i++)
2680 		(void) fprintf(fp, " %s %s\n",
2681 			arg2_table[i].arg_str, arg2_table[i].arg_opts);
2682 
2683 	exit(status);
2684 }
2685 
2686 static void
2687 print_asid(asid)
2688 	au_asid_t asid;
2689 {
2690 	(void) printf(gettext("audit session id = %u\n"), asid);
2691 }
2692 
2693 static void
2694 print_auid(auid)
2695 	au_id_t auid;
2696 {
2697 	struct passwd *pwd;
2698 	char *username;
2699 
2700 	setpwent();
2701 	if ((pwd = getpwuid((uid_t)auid)) != (struct passwd *)NULL)
2702 		username = pwd->pw_name;
2703 	else
2704 		username = gettext("unknown");
2705 	endpwent();
2706 
2707 	(void) printf(gettext("audit id = %s(%d)\n"), username, auid);
2708 }
2709 
2710 static void
2711 print_mask(desc, pmp)
2712 	char *desc;
2713 	au_mask_t *pmp;
2714 {
2715 	char auflags[512];
2716 
2717 	if (getauditflagschar(auflags, pmp, NULL) < 0)
2718 		(void) strlcpy(auflags, gettext("unknown"), sizeof (auflags));
2719 
2720 	(void) printf("%s = %s(0x%x,0x%x)\n",
2721 		desc, auflags, pmp->am_success, pmp->am_failure);
2722 }
2723 
2724 static void
2725 print_mask1(desc, mask1)
2726 	char *desc;
2727 	au_class_t	mask1;
2728 {
2729 	(void) printf("%s = 0x%x\n", desc, (int)mask1);
2730 }
2731 
2732 static void
2733 print_stats(s)
2734 	au_stat_t *s;
2735 {
2736 	int offset[12];   /* used to line the header up correctly */
2737 	char buf[512];
2738 
2739 	(void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu "
2740 	    "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n",
2741 	    (ulong_t)s->as_generated,	&(offset[0]),
2742 	    (ulong_t)s->as_nonattrib,	&(offset[1]),
2743 	    (ulong_t)s->as_kernel,	&(offset[2]),
2744 	    (ulong_t)s->as_audit,	&(offset[3]),
2745 	    (ulong_t)s->as_auditctl,	&(offset[4]),
2746 	    (ulong_t)s->as_enqueue,	&(offset[5]),
2747 	    (ulong_t)s->as_written,	&(offset[6]),
2748 	    (ulong_t)s->as_wblocked,	&(offset[7]),
2749 	    (ulong_t)s->as_rblocked,	&(offset[8]),
2750 	    (ulong_t)s->as_dropped,	&(offset[9]),
2751 	    (ulong_t)s->as_totalsize / ONEK, &(offset[10]),
2752 	    (ulong_t)s->as_memused / ONEK, &(offset[11]));
2753 
2754 	/*
2755 	 * TRANSLATION_NOTE
2756 	 *	Print a properly aligned header.
2757 	 */
2758 	(void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n",
2759 		offset[0] - 1,			gettext("gen"),
2760 		offset[1] - offset[0] -1,	gettext("nona"),
2761 		offset[2] - offset[1] -1,	gettext("kern"),
2762 		offset[3] - offset[2] -1,	gettext("aud"),
2763 		offset[4] - offset[3] -1,	gettext("ctl"),
2764 		offset[5] - offset[4] -1,	gettext("enq"),
2765 		offset[6] - offset[5] -1,	gettext("wrtn"),
2766 		offset[7] - offset[6] -1,	gettext("wblk"),
2767 		offset[8] - offset[7] -1,	gettext("rblk"),
2768 		offset[9] - offset[8] -1,	gettext("drop"),
2769 		offset[10] - offset[9] -1,	gettext("tot"),
2770 		offset[11] - offset[10],	gettext("mem"));
2771 
2772 	(void) puts(buf);
2773 }
2774 
2775 static void
2776 print_tid_ex(tidp)
2777 	au_tid_addr_t *tidp;
2778 {
2779 	struct hostent *phe;
2780 	char *hostname;
2781 	struct in_addr ia;
2782 	uint32_t *addr;
2783 	int err;
2784 	char buf[256];
2785 	char *bufp;
2786 
2787 
2788 	/* IPV6 or IPV4 address */
2789 	if (tidp->at_type == AU_IPv4) {
2790 		if ((phe = gethostbyaddr((char *)&tidp->at_addr[0],
2791 					sizeof (tidp->at_addr[0]),
2792 					AF_INET)) != (struct hostent *)NULL)
2793 			hostname = phe->h_name;
2794 		else
2795 			hostname = gettext("unknown");
2796 
2797 		ia.s_addr = tidp->at_addr[0];
2798 
2799 		(void) printf(gettext(
2800 			"terminal id (maj,min,host) = %u,%u,%s(%s)\n"),
2801 			major(tidp->at_port), minor(tidp->at_port),
2802 			hostname, inet_ntoa(ia));
2803 	} else {
2804 		addr = &tidp->at_addr[0];
2805 		phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err);
2806 
2807 		bzero(buf, sizeof (buf));
2808 
2809 		(void) inet_ntop(AF_INET6, (void *)addr, buf,
2810 						sizeof (buf));
2811 		if (phe == (struct hostent *)0) {
2812 			bufp = gettext("unknown");
2813 		} else
2814 			bufp = phe->h_name;
2815 
2816 		(void) printf(gettext(
2817 			"terminal id (maj,min,host) = %u,%u,%s(%s)\n"),
2818 			major(tidp->at_port), minor(tidp->at_port),
2819 			bufp, buf);
2820 		if (phe)
2821 			freehostent(phe);
2822 	}
2823 }
2824 
2825 static int
2826 str2ipaddr(s, addr, type)
2827 	char *s;
2828 	uint32_t *addr;
2829 	uint32_t type;
2830 {
2831 	int j, sl;
2832 	char *ss;
2833 	unsigned int v;
2834 
2835 	bzero(addr, 16);
2836 	if (strisipaddr(s)) {
2837 		if (type == AU_IPv4) {
2838 			if (inet_pton(AF_INET, s, addr))
2839 				return (0);
2840 			return (1);
2841 		}
2842 		if (type == AU_IPv6) {
2843 			if (inet_pton(AF_INET6, s, addr))
2844 				return (0);
2845 			return (1);
2846 		}
2847 		return (1);
2848 	} else {
2849 		if (type == AU_IPv4) {
2850 			(void) sscanf(s, "%x", &addr[0]);
2851 			return (0);
2852 		}
2853 		if (type == AU_IPv6) {
2854 			sl = strlen(s);
2855 			ss = s;
2856 			for (j = 3; j >= 0; j--) {
2857 				if ((sl - 8) <= 0) {
2858 					(void) sscanf(s, "%x", &v);
2859 					addr[j] = v;
2860 					return (0);
2861 				}
2862 				ss = &s[sl-8];
2863 				(void) sscanf(ss, "%x", &v);
2864 				addr[j] = v;
2865 				sl -= 8;
2866 				*ss = '\0';
2867 			}
2868 		}
2869 		return (0);
2870 	}
2871 }
2872 
2873 static int
2874 str2type(s, type)
2875 	char *s;
2876 	uint_t *type;
2877 {
2878 	if (strcmp(s, "ipv6") == 0) {
2879 		*type = AU_IPv6;
2880 		return (0);
2881 	}
2882 	if (strcmp(s, "ipv4") == 0) {
2883 		*type = AU_IPv4;
2884 		return (0);
2885 	}
2886 
2887 	return (1);
2888 }
2889