xref: /titanic_41/usr/src/uts/common/c2/audit_syscalls.c (revision 1915be19b7a1f7c113b706bd54d6ca393e8d8107)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * This file contains the auditing system call code.
28  *
29  */
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/user.h>
36 #include <sys/vnode.h>
37 #include <sys/vfs.h>
38 #include <sys/session.h>	/* for session structure (auditctl(2) */
39 #include <sys/kmem.h>		/* for KM_SLEEP */
40 #include <sys/cred_impl.h>
41 #include <sys/types.h>
42 #include <sys/proc.h>
43 #include <sys/uio.h>
44 #include <sys/file.h>
45 #include <sys/stat.h>
46 #include <sys/pathname.h>
47 #include <sys/acct.h>
48 #include <sys/stropts.h>
49 #include <sys/exec.h>
50 #include <sys/thread.h>
51 #include <sys/cmn_err.h>
52 #include <sys/debug.h>
53 #include <sys/disp.h>
54 #include <sys/kobj.h>
55 #include <sys/sysmacros.h>
56 #include <sys/policy.h>
57 #include <sys/taskq.h>
58 #include <sys/zone.h>
59 
60 #include <c2/audit.h>
61 #include <c2/audit_kernel.h>
62 #include <c2/audit_record.h>
63 
64 #define	CLEAR_VAL	-1
65 
66 #define	HEADER_SIZE64	1;
67 #define	HEADER_SIZE32	0;
68 #define	AU_MIN_FILE_SZ	0x80000	/* minumum audit file size */
69 #define	AUDIT_REC_SIZE	0x8000	/* maximum user audit record size */
70 
71 extern kmutex_t pidlock;
72 
73 extern pri_t		minclsyspri;		/* priority for taskq */
74 
75 extern int audit_load;		/* defined in audit_start.c */
76 
77 int		au_auditstate = AUC_UNSET;	/* global audit state */
78 int		audit_policy;	/* global audit policies in force */
79 static clock_t	au_resid = 15;	/* wait .15 sec before droping a rec */
80 
81 static int	getauid(caddr_t);
82 static int	setauid(caddr_t);
83 static int	getaudit(caddr_t);
84 static int	getaudit_addr(caddr_t, int);
85 static int	setaudit(caddr_t);
86 static int	setaudit_addr(caddr_t, int);
87 static int	auditdoor(int);
88 static int	auditsvc(int, int);
89 static int	auditctl(int, caddr_t, int);
90 static int	audit_modsysent(char *, int, int (*)());
91 static void	au_output_thread();
92 /*
93  * This is the loadable module wrapper.
94  */
95 #include <sys/modctl.h>
96 #include "sys/syscall.h"
97 
98 static struct sysent auditsysent = {
99 	6,
100 	0,
101 	_auditsys
102 };
103 
104 /*
105  * Module linkage information for the kernel.
106  */
107 extern struct mod_ops mod_syscallops;
108 
109 static struct modlsys modlsys = {
110 	&mod_syscallops, "C2 system call", &auditsysent
111 };
112 
113 static struct modlinkage modlinkage = {
114 	MODREV_1, (void *)&modlsys, 0
115 };
116 
117 int
118 _init()
119 {
120 	int retval;
121 
122 	if (audit_load == 0)
123 		return (-1);
124 
125 	/*
126 	 * We are going to do an ugly thing here.
127 	 *  Because auditsys is already defined as a regular
128 	 *  syscall we have to change the definition for syscall
129 	 *  auditsys. Basically or in the SE_LOADABLE flag for
130 	 *  auditsys. We no have a static loadable syscall. Also
131 	 *  create an rw_lock.
132 	 */
133 
134 	if ((audit_modsysent("c2audit",
135 		SE_LOADABLE|SE_NOUNLOAD,
136 		_auditsys)) == -1)
137 		return (-1);
138 
139 	if ((retval = mod_install(&modlinkage)) != 0)
140 		return (retval);
141 
142 	return (0);
143 }
144 
145 int
146 _fini()
147 {
148 	return (EBUSY);
149 }
150 
151 int
152 _info(struct modinfo *modinfop)
153 {
154 	return (mod_info(&modlinkage, modinfop));
155 }
156 
157 /*
158  * when auditing is updated to allow enable/disable without
159  * reboot (and when the audit stubs are removed) *most* of these
160  * calls should return an error when auditing is off -- some
161  * for local zones only.
162  */
163 
164 int
165 _auditsys(struct auditcalls *uap, rval_t *rvp)
166 {
167 	int result = 0;
168 
169 	switch (uap->code) {
170 	case BSM_GETAUID:
171 		result = getauid((caddr_t)uap->a1);
172 		break;
173 	case BSM_SETAUID:
174 		result = setauid((caddr_t)uap->a1);
175 		break;
176 	case BSM_GETAUDIT:
177 		result = getaudit((caddr_t)uap->a1);
178 		break;
179 	case BSM_GETAUDIT_ADDR:
180 
181 		result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
182 		break;
183 	case BSM_SETAUDIT:
184 		result = setaudit((caddr_t)uap->a1);
185 		break;
186 	case BSM_SETAUDIT_ADDR:
187 		result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
188 		break;
189 	case BSM_AUDIT:
190 		result = audit((caddr_t)uap->a1, (int)uap->a2);
191 		break;
192 	case BSM_AUDITSVC:
193 		result = auditsvc((int)uap->a1, (int)uap->a2);
194 		break;
195 	case BSM_AUDITDOOR:
196 		result = auditdoor((int)uap->a1);
197 		break;
198 	case BSM_AUDITON:
199 	case BSM_AUDITCTL:
200 		result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
201 		break;
202 	default:
203 		result = EINVAL;
204 	}
205 	rvp->r_vals = result;
206 	return (result);
207 }
208 
209 /*
210  * Return the audit user ID for the current process.  Currently only
211  * the privileged processes may see the audit id.  That may change.
212  * If copyout is unsucessful return EFAULT.
213  */
214 static int
215 getauid(caddr_t auid_p)
216 {
217 	const auditinfo_addr_t	*ainfo;
218 
219 	if (secpolicy_audit_getattr(CRED()) != 0)
220 		return (EPERM);
221 
222 	ainfo = crgetauinfo(CRED());
223 	if (ainfo == NULL)
224 		return (EINVAL);
225 
226 	if (copyout(&ainfo->ai_auid, auid_p, sizeof (au_id_t)))
227 		return (EFAULT);
228 
229 	return (0);
230 }
231 
232 /*
233  * Set the audit userid, for a process.  This can only be changed by
234  * privileged processes.  The audit userid is inherited across forks & execs.
235  * Passed in is a pointer to the au_id_t; if copyin unsuccessful return EFAULT.
236  */
237 static int
238 setauid(caddr_t auid_p)
239 {
240 	proc_t *p;
241 	au_id_t	auid;
242 	cred_t *newcred;
243 	auditinfo_addr_t *auinfo;
244 
245 	if (secpolicy_audit_config(CRED()) != 0)
246 		return (EPERM);
247 
248 	if (copyin(auid_p, &auid, sizeof (au_id_t))) {
249 		return (EFAULT);
250 	}
251 
252 	newcred = cralloc();
253 	if ((auinfo = crgetauinfo_modifiable(newcred)) == NULL) {
254 		crfree(newcred);
255 		return (EINVAL);
256 	}
257 
258 	/* grab p_crlock and switch to new cred */
259 	p = curproc;
260 	mutex_enter(&p->p_crlock);
261 	crcopy_to(p->p_cred, newcred);
262 	p->p_cred = newcred;
263 
264 	auinfo->ai_auid = auid;			/* update the auid */
265 
266 	/* unlock and broadcast the cred changes */
267 	mutex_exit(&p->p_crlock);
268 	crset(p, newcred);
269 
270 	return (0);
271 }
272 
273 /*
274  * Get the audit state information from the current process.
275  * Return EFAULT if copyout fails.
276  */
277 static int
278 getaudit(caddr_t info_p)
279 {
280 	STRUCT_DECL(auditinfo, info);
281 	const auditinfo_addr_t	*ainfo;
282 	model_t	model;
283 
284 	if (secpolicy_audit_getattr(CRED()) != 0)
285 		return (EPERM);
286 
287 	model = get_udatamodel();
288 	STRUCT_INIT(info, model);
289 
290 	ainfo = crgetauinfo(CRED());
291 	if (ainfo == NULL)
292 		return (EINVAL);
293 
294 	/* trying to read a process with an IPv6 address? */
295 	if (ainfo->ai_termid.at_type == AU_IPv6)
296 		return (EOVERFLOW);
297 
298 	STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
299 	STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
300 #ifdef _LP64
301 	if (model == DATAMODEL_ILP32) {
302 		dev32_t dev;
303 		/* convert internal 64 bit form to 32 bit version */
304 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
305 			return (EOVERFLOW);
306 		}
307 		STRUCT_FSET(info, ai_termid.port, dev);
308 	} else
309 		STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
310 #else
311 	STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
312 #endif
313 	STRUCT_FSET(info, ai_termid.machine, ainfo->ai_termid.at_addr[0]);
314 	STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
315 
316 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
317 		return (EFAULT);
318 
319 	return (0);
320 }
321 
322 /*
323  * Get the audit state information from the current process.
324  * Return EFAULT if copyout fails.
325  */
326 static int
327 getaudit_addr(caddr_t info_p, int len)
328 {
329 	STRUCT_DECL(auditinfo_addr, info);
330 	const auditinfo_addr_t	*ainfo;
331 	model_t	model;
332 
333 	if (secpolicy_audit_getattr(CRED()) != 0)
334 		return (EPERM);
335 
336 	model = get_udatamodel();
337 	STRUCT_INIT(info, model);
338 
339 	if (len < STRUCT_SIZE(info))
340 		return (EOVERFLOW);
341 
342 	ainfo = crgetauinfo(CRED());
343 
344 	if (ainfo == NULL)
345 		return (EINVAL);
346 
347 	STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
348 	STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
349 #ifdef _LP64
350 	if (model == DATAMODEL_ILP32) {
351 		dev32_t dev;
352 		/* convert internal 64 bit form to 32 bit version */
353 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
354 			return (EOVERFLOW);
355 		}
356 		STRUCT_FSET(info, ai_termid.at_port, dev);
357 	} else
358 		STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
359 #else
360 	STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
361 #endif
362 	STRUCT_FSET(info, ai_termid.at_type, ainfo->ai_termid.at_type);
363 	STRUCT_FSET(info, ai_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
364 	STRUCT_FSET(info, ai_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
365 	STRUCT_FSET(info, ai_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
366 	STRUCT_FSET(info, ai_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
367 	STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
368 
369 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
370 		return (EFAULT);
371 
372 	return (0);
373 }
374 
375 /*
376  * Set the audit state information for the current process.
377  * Return EFAULT if copyout fails.
378  */
379 static int
380 setaudit(caddr_t info_p)
381 {
382 	STRUCT_DECL(auditinfo, info);
383 	proc_t *p;
384 	cred_t	*newcred;
385 	model_t	model;
386 	auditinfo_addr_t *ainfo;
387 
388 	if (secpolicy_audit_config(CRED()) != 0)
389 		return (EPERM);
390 
391 	model = get_udatamodel();
392 	STRUCT_INIT(info, model);
393 
394 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
395 		return (EFAULT);
396 
397 	newcred = cralloc();
398 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
399 		crfree(newcred);
400 		return (EINVAL);
401 	}
402 
403 	/* grab p_crlock and switch to new cred */
404 	p = curproc;
405 	mutex_enter(&p->p_crlock);
406 	crcopy_to(p->p_cred, newcred);
407 	p->p_cred = newcred;
408 
409 	/* Set audit mask, id, termid and session id as specified */
410 	ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
411 #ifdef _LP64
412 	/* only convert to 64 bit if coming from a 32 bit binary */
413 	if (model == DATAMODEL_ILP32)
414 		ainfo->ai_termid.at_port =
415 			DEVEXPL(STRUCT_FGET(info, ai_termid.port));
416 	else
417 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
418 #else
419 	ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
420 #endif
421 	ainfo->ai_termid.at_type = AU_IPv4;
422 	ainfo->ai_termid.at_addr[0] = STRUCT_FGET(info, ai_termid.machine);
423 	ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
424 	ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
425 
426 	/* unlock and broadcast the cred changes */
427 	mutex_exit(&p->p_crlock);
428 	crset(p, newcred);
429 
430 	return (0);
431 }
432 
433 /*
434  * Set the audit state information for the current process.
435  * Return EFAULT if copyin fails.
436  */
437 static int
438 setaudit_addr(caddr_t info_p, int len)
439 {
440 	STRUCT_DECL(auditinfo_addr, info);
441 	proc_t *p;
442 	cred_t	*newcred;
443 	model_t	model;
444 	int i;
445 	int type;
446 	auditinfo_addr_t *ainfo;
447 
448 	if (secpolicy_audit_config(CRED()) != 0)
449 		return (EPERM);
450 
451 	model = get_udatamodel();
452 	STRUCT_INIT(info, model);
453 
454 	if (len < STRUCT_SIZE(info))
455 		return (EOVERFLOW);
456 
457 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
458 		return (EFAULT);
459 
460 	type = STRUCT_FGET(info, ai_termid.at_type);
461 	if ((type != AU_IPv4) && (type != AU_IPv6))
462 		return (EINVAL);
463 
464 	newcred = cralloc();
465 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
466 		crfree(newcred);
467 		return (EINVAL);
468 	}
469 
470 	/* grab p_crlock and switch to new cred */
471 	p = curproc;
472 	mutex_enter(&p->p_crlock);
473 	crcopy_to(p->p_cred, newcred);
474 	p->p_cred = newcred;
475 
476 	/* Set audit mask, id, termid and session id as specified */
477 	ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
478 	ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
479 #ifdef _LP64
480 	/* only convert to 64 bit if coming from a 32 bit binary */
481 	if (model == DATAMODEL_ILP32)
482 		ainfo->ai_termid.at_port =
483 			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
484 	else
485 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
486 #else
487 	ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
488 #endif
489 	ainfo->ai_termid.at_type = type;
490 	bzero(&ainfo->ai_termid.at_addr[0], sizeof (ainfo->ai_termid.at_addr));
491 	for (i = 0; i < (type/sizeof (int)); i++)
492 		ainfo->ai_termid.at_addr[i] =
493 			STRUCT_FGET(info, ai_termid.at_addr[i]);
494 
495 	if (ainfo->ai_termid.at_type == AU_IPv6 &&
496 	    IN6_IS_ADDR_V4MAPPED(((in6_addr_t *)ainfo->ai_termid.at_addr))) {
497 		ainfo->ai_termid.at_type = AU_IPv4;
498 		ainfo->ai_termid.at_addr[0] = ainfo->ai_termid.at_addr[3];
499 		ainfo->ai_termid.at_addr[1] = 0;
500 		ainfo->ai_termid.at_addr[2] = 0;
501 		ainfo->ai_termid.at_addr[3] = 0;
502 	}
503 
504 	ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
505 
506 	/* unlock and broadcast the cred changes */
507 	mutex_exit(&p->p_crlock);
508 	crset(p, newcred);
509 
510 	return (0);
511 }
512 
513 /*
514  * The audit system call. Trust what the user has sent down and save it
515  * away in the audit file. User passes a complete audit record and its
516  * length.  We will fill in the time stamp, check the header and the length
517  * Put a trailer and a sequence token if policy requires.
518  * In the future length might become size_t instead of an int.
519  *
520  * The call is valid whether or not AUDIT_PERZONE is set (think of
521  * login to a zone).  When the local audit state (auk_auditstate) is
522  * AUC_INIT_AUDIT, records are accepted even though auditd isn't
523  * running.
524  */
525 int
526 audit(caddr_t record, int length)
527 {
528 	char	c;
529 	int	count, l;
530 	token_t	*m, *n, *s, *ad;
531 	int	hdrlen, delta;
532 	adr_t	hadr;
533 	adr_t	sadr;
534 	int	size;	/* 0: 32 bit utility  1: 64 bit utility */
535 	int	host_len;
536 	size_t	zlen;
537 	au_kcontext_t	*kctx = GET_KCTX_PZ;
538 
539 	/* if auditing not enabled, then don't generate an audit record */
540 	if (kctx->auk_auditstate != AUC_AUDITING &&
541 	    kctx->auk_auditstate != AUC_INIT_AUDIT)
542 		return (0);
543 
544 	/* Only privileged processes can audit */
545 	if (secpolicy_audit_modify(CRED()) != 0)
546 		return (EPERM);
547 
548 	/* Max user record size is 32K */
549 	if (length > AUDIT_REC_SIZE)
550 		return (E2BIG);
551 
552 	/*
553 	 * The specified length must be at least as big as the smallest
554 	 * possible header token. Later after beginning to scan the
555 	 * header we'll determine the true minimum length according to
556 	 * the header type and attributes.
557 	 */
558 #define	AU_MIN_HEADER_LEN	(sizeof (char) + sizeof (int32_t) + \
559 	sizeof (char) + sizeof (short) + sizeof (short) + \
560 	(sizeof (int32_t) * 2))
561 
562 	if (length < AU_MIN_HEADER_LEN)
563 		return (EINVAL);
564 
565 	/* Read in user's audit record */
566 	count = length;
567 	m = n = s = ad = NULL;
568 	while (count) {
569 		m = au_getclr();
570 		if (!s)
571 			s = n = m;
572 		else {
573 			n->next_buf = m;
574 			n = m;
575 		}
576 		l = MIN(count, AU_BUFSIZE);
577 		if (copyin(record, memtod(m, caddr_t),
578 			(size_t)l)) {
579 				/* copyin failed release au_membuf */
580 				au_free_rec(s);
581 				return (EFAULT);
582 		}
583 		record += l;
584 		count -= l;
585 		m->len = (uchar_t)l;
586 	}
587 
588 	/* Now attach the entire thing to ad */
589 	au_write((caddr_t *)&(ad), s);
590 
591 	/* validate header token type. trust everything following it */
592 	adr_start(&hadr, memtod(s, char *));
593 	(void) adr_getchar(&hadr, &c);
594 	switch (c) {
595 	case AUT_HEADER32:
596 		/* size vers+event_ID+event_modifier fields */
597 		delta = 1 + 2 + 2;
598 		hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2);
599 		size = HEADER_SIZE32;
600 		break;
601 
602 #ifdef _LP64
603 	case AUT_HEADER64:
604 		/* size vers+event_ID+event_modifier fields */
605 		delta = 1 + 2 + 2;
606 		hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2);
607 		size = HEADER_SIZE64;
608 		break;
609 #endif
610 
611 	case AUT_HEADER32_EX:
612 		/*
613 		 * Skip over the length/version/type/mod fields and
614 		 * grab the host address type (length), then rewind.
615 		 * This is safe per the previous minimum length check.
616 		 */
617 		hadr.adr_now += 9;
618 		(void) adr_getint32(&hadr, &host_len);
619 		hadr.adr_now -= 9 + sizeof (int32_t);
620 
621 		/* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */
622 		delta = 1 + 2 + 2 + 4 + host_len;
623 		hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2);
624 		size = HEADER_SIZE32;
625 		break;
626 
627 #ifdef _LP64
628 	case AUT_HEADER64_EX:
629 		/*
630 		 * Skip over the length/version/type/mod fields and grab
631 		 * the host address type (length), then rewind.
632 		 * This is safe per the previous minimum length check.
633 		 */
634 		hadr.adr_now += 9;
635 		(void) adr_getint32(&hadr, &host_len);
636 		hadr.adr_now -= 9 + sizeof (int32_t);
637 
638 		/* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */
639 		delta = 1 + 2 + 2 + 4 + host_len;
640 		hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2);
641 		size = HEADER_SIZE64;
642 		break;
643 #endif
644 
645 	default:
646 		/* Header is wrong, reject message */
647 		au_free_rec(s);
648 		return (EINVAL);
649 	}
650 
651 	if (length < hdrlen) {
652 		au_free_rec(s);
653 		return (0);
654 	}
655 
656 	/* advance over header token length field */
657 	hadr.adr_now += 4;
658 
659 	/* validate version */
660 	(void) adr_getchar(&hadr, &c);
661 	if (c != TOKEN_VERSION) {
662 		/* version is wrong, reject message */
663 		au_free_rec(s);
664 		return (EINVAL);
665 	}
666 
667 	/* backup to header length field (including version field) */
668 	hadr.adr_now -= 5;
669 
670 	/*
671 	 * add on the zonename token if policy AUDIT_ZONENAME is set
672 	 */
673 	if (kctx->auk_policy & AUDIT_ZONENAME) {
674 		zlen = au_zonename_length(NULL);
675 		if (zlen > 0) {
676 			length += zlen;
677 			m = au_to_zonename(zlen, NULL);
678 			(void) au_append_rec(ad, m, AU_PACK);
679 		}
680 	}
681 	/* Add an (optional) sequence token. NULL offset if none */
682 	if (kctx->auk_policy & AUDIT_SEQ) {
683 		/* get the sequnce token */
684 		m = au_to_seq();
685 
686 		/* sequence token 5 bytes long */
687 		length += 5;
688 
689 		/* link to audit record (i.e. don't pack the data) */
690 		(void) au_append_rec(ad, m, AU_LINK);
691 
692 		/* advance to count field of token */
693 		adr_start(&sadr, memtod(m, char *));
694 		sadr.adr_now += 1;
695 	} else
696 		sadr.adr_now = (char *)NULL;
697 
698 	/* add the (optional) trailer token */
699 	if (kctx->auk_policy & AUDIT_TRAIL) {
700 		/* trailer token is 7 bytes long */
701 		length += 7;
702 
703 		/* append to audit record */
704 		(void) au_append_rec(ad, au_to_trailer(length), AU_PACK);
705 	}
706 
707 	/* audit record completely assembled. set the length */
708 	adr_int32(&hadr, (int32_t *)&length, 1);
709 
710 	/* advance to date/time field of header */
711 	hadr.adr_now += delta;
712 
713 	/* We are done  put it on the queue */
714 	AS_INC(as_generated, 1, kctx);
715 	AS_INC(as_audit, 1, kctx);
716 
717 	au_enqueue(kctx, s, &hadr, &sadr, size, 0);
718 
719 	AS_INC(as_totalsize, length, kctx);
720 
721 	return (0);
722 }
723 
724 static void
725 audit_dont_stop(void *kctx)
726 {
727 
728 	if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) ||
729 	    (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT))
730 		return;
731 
732 	mutex_enter(&(((au_kcontext_t *)kctx)->auk_queue.lock));
733 	cv_broadcast(&(((au_kcontext_t *)kctx)->auk_queue.write_cv));
734 	mutex_exit(&(((au_kcontext_t *)kctx)->auk_queue.lock));
735 }
736 
737 /*
738  * auditdoor starts a kernel thread to generate output from the audit
739  * queue.  The thread terminates when it detects auditing being turned
740  * off, such as when auditd exits with a SIGTERM.  If a subsequent
741  * auditdoor arrives while the thread is running, the door descriptor
742  * of the last auditdoor in will be used for output.  auditd is responsible
743  * for insuring that multiple copies are not running.
744  */
745 
746 static int
747 auditdoor(int fd)
748 {
749 	struct file	*fp;
750 	struct vnode	*vp;
751 	int		error = 0;
752 	int		do_create = 0;
753 	au_kcontext_t	*kctx;
754 
755 	if (secpolicy_audit_config(CRED()) != 0)
756 		return (EPERM);
757 
758 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
759 		return (EINVAL);
760 
761 	kctx = GET_KCTX_NGZ;
762 
763 	/*
764 	 * Prevent a second audit daemon from running this code.
765 	 * auk_svc_busy == 2 until the output thread terminates.
766 	 * Multiple calls to auditdoor() are valid but a call
767 	 * to auditsvc() while au_output_thread() is running
768 	 * or a call to auditdoor() while auditsvc is running
769 	 * is blocked.
770 	 */
771 	mutex_enter(&(kctx->auk_svc_lock));
772 	if (kctx->auk_svc_busy == 1) {		/* active auditsvc? */
773 		mutex_exit(&(kctx->auk_svc_lock));
774 		return (EBUSY);
775 	}
776 	kctx->auk_svc_busy = 2;
777 	mutex_exit(&(kctx->auk_svc_lock));
778 	/*
779 	 * convert file pointer to file descriptor
780 	 *   Note: fd ref count incremented here.
781 	 */
782 	if ((fp = (struct file *)getf(fd)) == NULL) {
783 		error = EBADF;
784 		goto svc_exit;
785 	}
786 	vp = fp->f_vnode;
787 	if (vp->v_type != VDOOR) {
788 		cmn_err(CE_WARN,
789 		    "auditdoor() did not get the expected door descriptor\n");
790 		error = EINVAL;
791 		releasef(fd);
792 		goto svc_exit;
793 	}
794 	/*
795 	 * If the output thread is already running, then replace the
796 	 * door descriptor with the new one and continue; otherwise
797 	 * create the thread too.  Since au_output_thread makes a call
798 	 * to au_doorio() which also does
799 	 * mutex_lock(&(kctx->auk_svc_lock)), the create/dispatch is
800 	 * done after the unlock...
801 	 */
802 	mutex_enter(&(kctx->auk_svc_lock));
803 
804 	if (kctx->auk_current_vp != NULL)
805 		VN_RELE(kctx->auk_current_vp);
806 
807 	kctx->auk_current_vp = vp;
808 	VN_HOLD(kctx->auk_current_vp);
809 	releasef(fd);
810 
811 	if (!kctx->auk_output_active) {
812 		kctx->auk_output_active = 1;
813 		do_create = 1;
814 	}
815 	mutex_exit(&(kctx->auk_svc_lock));
816 	if (do_create) {
817 		kctx->auk_taskq =
818 		    taskq_create("output_master", 1, minclsyspri, 1, 1, 0);
819 		(void) taskq_dispatch(kctx->auk_taskq,
820 		    (task_func_t *)au_output_thread,
821 		    kctx, TQ_SLEEP);
822 	}
823 svc_exit:
824 	if (error) {
825 		mutex_enter(&(kctx->auk_svc_lock));
826 		kctx->auk_svc_busy = 2;
827 		mutex_exit(&(kctx->auk_svc_lock));
828 	}
829 	return (error);
830 }
831 
832 /*
833  * au_queue_kick -- wake up the output queue after delay ticks
834  */
835 static void
836 au_queue_kick(void *kctx)
837 {
838 	/*
839 	 * wakeup reader if its not running and there is something
840 	 * to do.  It also helps that kctx still be valid...
841 	 */
842 
843 	if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) ||
844 	    (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT))
845 		return;
846 
847 	if (((au_kcontext_t *)kctx)->auk_queue.cnt &&
848 	    ((au_kcontext_t *)kctx)->auk_queue.rd_block)
849 		cv_broadcast(&((au_kcontext_t *)kctx)->auk_queue.read_cv);
850 
851 	/* fire off timeout event to kick audit queue awake */
852 	(void) timeout(au_queue_kick, kctx,
853 	    ((au_kcontext_t *)kctx)->auk_queue.delay);
854 }
855 
856 /*
857  * output thread
858  *
859  * this runs "forever" where "forever" means until either auk_auditstate
860  * changes from AUC_AUDITING or if the door descriptor becomes invalid.
861  *
862  * there is one thread per active zone if AUC_PERZONE is set.  Since
863  * there is the possibility that a zone may go down without auditd
864  * terminating properly, a zone shutdown kills its au_output_thread()
865  * via taskq_destroy().
866  */
867 
868 static void
869 au_output_thread(au_kcontext_t *kctx)
870 {
871 	int		error = 0;
872 
873 	(void) timeout(au_queue_kick, kctx, kctx->auk_queue.delay);
874 
875 	/*
876 	 * Wait for work, until a signal arrives,
877 	 * or until auditing is disabled.
878 	 */
879 
880 	while (!error) {
881 	    if (kctx->auk_auditstate == AUC_AUDITING) {
882 		mutex_enter(&(kctx->auk_queue.lock));
883 		while (kctx->auk_queue.head == NULL) {
884 		    /* safety check. kick writer awake */
885 		    if (kctx->auk_queue.wt_block)
886 			cv_broadcast(&(kctx->auk_queue.write_cv));
887 
888 		    kctx->auk_queue.rd_block = 1;
889 		    AS_INC(as_rblocked, 1, kctx);
890 
891 		    cv_wait(&(kctx->auk_queue.read_cv),
892 			&(kctx->auk_queue.lock));
893 
894 		    kctx->auk_queue.rd_block = 0;
895 
896 		    if (kctx->auk_auditstate != AUC_AUDITING) {
897 			mutex_exit(&(kctx->auk_queue.lock));
898 			(void) timeout(audit_dont_stop, kctx, au_resid);
899 			goto output_exit;
900 		    }
901 		    kctx->auk_queue.rd_block = 0;
902 		}
903 		mutex_exit(&(kctx->auk_queue.lock));
904 		/*
905 		 * au_doorio() calls au_door_upcall which holds auk_svc_lock;
906 		 * au_doorio empties the queue before returning.
907 		 */
908 
909 		error = au_doorio(kctx);
910 	    } else	/* auditing turned off while we slept */
911 		break;
912 	}
913 output_exit:
914 	mutex_enter(&(kctx->auk_svc_lock));
915 
916 	VN_RELE(kctx->auk_current_vp);
917 	kctx->auk_current_vp = NULL;
918 
919 	kctx->auk_output_active = 0;
920 	kctx->auk_svc_busy = 0;
921 
922 	mutex_exit(&(kctx->auk_svc_lock));
923 }
924 
925 
926 /*
927  * Get the global policy flag
928  */
929 
930 static int
931 getpolicy(caddr_t data)
932 {
933 	int	policy;
934 	au_kcontext_t	*kctx = GET_KCTX_PZ;
935 
936 	policy = audit_policy | kctx->auk_policy;
937 
938 	if (copyout(&policy, data, sizeof (int)))
939 		return (EFAULT);
940 	return (0);
941 }
942 
943 /*
944  * Set the global and local policy flags
945  *
946  * The global flags only make sense from the global zone;
947  * the local flags depend on the AUDIT_PERZONE policy:
948  * if the perzone policy is set, then policy is set separately
949  * per zone, else held only in the global zone.
950  *
951  * The initial value of a local zone's policy flag is determined
952  * by the value of the global zone's flags at the time the
953  * local zone is created.
954  *
955  * While auditconfig(1M) allows setting and unsetting policies one bit
956  * at a time, the mask passed in from auditconfig() is created by a
957  * syscall to getpolicy and then modified based on the auditconfig()
958  * cmd line, so the input policy value is used to replace the existing
959  * policy.
960  */
961 
962 
963 static int
964 setpolicy(caddr_t data)
965 {
966 	int	policy;
967 	au_kcontext_t	*kctx;
968 
969 	if (copyin(data, &policy, sizeof (int)))
970 		return (EFAULT);
971 
972 	kctx = GET_KCTX_NGZ;
973 
974 	if (INGLOBALZONE(curproc)) {
975 		if (policy & ~(AUDIT_GLOBAL | AUDIT_LOCAL))
976 			return (EINVAL);
977 
978 		audit_policy = policy & AUDIT_GLOBAL;
979 	} else {
980 		if (!(audit_policy & AUDIT_PERZONE))
981 			return (EINVAL);
982 
983 		if (policy & ~AUDIT_LOCAL)	/* global bits are a no-no */
984 			return (EINVAL);
985 	}
986 	kctx->auk_policy = policy & AUDIT_LOCAL;
987 
988 	/*
989 	 * auk_current_vp is NULL before auditd starts (or during early
990 	 * auditd starup) or if auditd is halted; in either case,
991 	 * notification of a policy change is not needed, since auditd
992 	 * reads policy as it comes up.  The error return from au_doormsg()
993 	 * is ignored to avoid a race condition -- for example if auditd
994 	 * segv's, the audit state may be "auditing" but the door may
995 	 * be closed.  Returning an error if the door is open makes it
996 	 * impossible for Greenline to restart auditd.
997 	 */
998 	if (kctx->auk_current_vp != NULL)
999 		(void) au_doormsg(kctx, AU_DBUF_POLICY, &policy);
1000 
1001 	/*
1002 	 * Wake up anyone who might have blocked on full audit
1003 	 * partitions. audit daemons need to set AUDIT_FULL when no
1004 	 * space so we can tell if we should start dropping records.
1005 	 */
1006 	mutex_enter(&(kctx->auk_queue.lock));
1007 
1008 	if ((policy & (AUDIT_CNT | AUDIT_SCNT) &&
1009 	    (kctx->auk_queue.cnt >= kctx->auk_queue.hiwater)))
1010 		cv_broadcast(&(kctx->auk_queue.write_cv));
1011 
1012 	mutex_exit(&(kctx->auk_queue.lock));
1013 
1014 	return (0);
1015 }
1016 
1017 static int
1018 getkmask(caddr_t data)
1019 {
1020 	au_kcontext_t	*kctx;
1021 
1022 	kctx = GET_KCTX_PZ;
1023 
1024 	if (copyout(&kctx->auk_info.ai_mask, data, sizeof (au_mask_t)))
1025 		return (EFAULT);
1026 	return (0);
1027 }
1028 
1029 static int
1030 setkmask(caddr_t data)
1031 {
1032 	au_mask_t	mask;
1033 	au_kcontext_t	*kctx;
1034 
1035 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1036 		return (EINVAL);
1037 
1038 	kctx = GET_KCTX_NGZ;
1039 
1040 	if (copyin(data, &mask, sizeof (au_mask_t)))
1041 		return (EFAULT);
1042 
1043 	kctx->auk_info.ai_mask = mask;
1044 	return (0);
1045 }
1046 
1047 static int
1048 getkaudit(caddr_t info_p, int len)
1049 {
1050 	STRUCT_DECL(auditinfo_addr, info);
1051 	model_t model;
1052 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1053 
1054 	model = get_udatamodel();
1055 	STRUCT_INIT(info, model);
1056 
1057 	if (len < STRUCT_SIZE(info))
1058 		return (EOVERFLOW);
1059 
1060 	STRUCT_FSET(info, ai_auid, kctx->auk_info.ai_auid);
1061 	STRUCT_FSET(info, ai_mask, kctx->auk_info.ai_mask);
1062 #ifdef _LP64
1063 	if (model == DATAMODEL_ILP32) {
1064 		dev32_t dev;
1065 		/* convert internal 64 bit form to 32 bit version */
1066 		if (cmpldev(&dev, kctx->auk_info.ai_termid.at_port) == 0) {
1067 			return (EOVERFLOW);
1068 		}
1069 		STRUCT_FSET(info, ai_termid.at_port, dev);
1070 	} else
1071 		STRUCT_FSET(info, ai_termid.at_port,
1072 			kctx->auk_info.ai_termid.at_port);
1073 #else
1074 	STRUCT_FSET(info, ai_termid.at_port,
1075 		kctx->auk_info.ai_termid.at_port);
1076 #endif
1077 	STRUCT_FSET(info, ai_termid.at_type,
1078 	    kctx->auk_info.ai_termid.at_type);
1079 	STRUCT_FSET(info, ai_termid.at_addr[0],
1080 	    kctx->auk_info.ai_termid.at_addr[0]);
1081 	STRUCT_FSET(info, ai_termid.at_addr[1],
1082 	    kctx->auk_info.ai_termid.at_addr[1]);
1083 	STRUCT_FSET(info, ai_termid.at_addr[2],
1084 	    kctx->auk_info.ai_termid.at_addr[2]);
1085 	STRUCT_FSET(info, ai_termid.at_addr[3],
1086 	    kctx->auk_info.ai_termid.at_addr[3]);
1087 	STRUCT_FSET(info, ai_asid, kctx->auk_info.ai_asid);
1088 
1089 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
1090 		return (EFAULT);
1091 
1092 	return (0);
1093 }
1094 
1095 /*
1096  * the host address for AUDIT_PERZONE == 0 is that of the global
1097  * zone and for local zones it is of the current zone.
1098  */
1099 
1100 static int
1101 setkaudit(caddr_t info_p, int len)
1102 {
1103 	STRUCT_DECL(auditinfo_addr, info);
1104 	model_t model;
1105 	au_kcontext_t	*kctx;
1106 
1107 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1108 		return (EINVAL);
1109 
1110 	kctx = GET_KCTX_NGZ;
1111 
1112 	model = get_udatamodel();
1113 	STRUCT_INIT(info, model);
1114 
1115 	if (len < STRUCT_SIZE(info))
1116 		return (EOVERFLOW);
1117 
1118 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
1119 		return (EFAULT);
1120 
1121 	if ((STRUCT_FGET(info, ai_termid.at_type) != AU_IPv4) &&
1122 	    (STRUCT_FGET(info, ai_termid.at_type) != AU_IPv6))
1123 		return (EINVAL);
1124 
1125 	/* Set audit mask, termid and session id as specified */
1126 	kctx->auk_info.ai_auid = STRUCT_FGET(info, ai_auid);
1127 	kctx->auk_info.ai_mask = STRUCT_FGET(info, ai_mask);
1128 #ifdef _LP64
1129 	/* only convert to 64 bit if coming from a 32 bit binary */
1130 	if (model == DATAMODEL_ILP32)
1131 		kctx->auk_info.ai_termid.at_port =
1132 			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
1133 	else
1134 		kctx->auk_info.ai_termid.at_port =
1135 			STRUCT_FGET(info, ai_termid.at_port);
1136 #else
1137 	kctx->auk_info.ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
1138 #endif
1139 	kctx->auk_info.ai_termid.at_type = STRUCT_FGET(info, ai_termid.at_type);
1140 	bzero(&kctx->auk_info.ai_termid.at_addr[0],
1141 		sizeof (kctx->auk_info.ai_termid.at_addr));
1142 	kctx->auk_info.ai_termid.at_addr[0] =
1143 	    STRUCT_FGET(info, ai_termid.at_addr[0]);
1144 	kctx->auk_info.ai_termid.at_addr[1] =
1145 	    STRUCT_FGET(info, ai_termid.at_addr[1]);
1146 	kctx->auk_info.ai_termid.at_addr[2] =
1147 	    STRUCT_FGET(info, ai_termid.at_addr[2]);
1148 	kctx->auk_info.ai_termid.at_addr[3] =
1149 	    STRUCT_FGET(info, ai_termid.at_addr[3]);
1150 	kctx->auk_info.ai_asid = STRUCT_FGET(info, ai_asid);
1151 
1152 	if (kctx->auk_info.ai_termid.at_type == AU_IPv6 &&
1153 	    IN6_IS_ADDR_V4MAPPED(
1154 	    ((in6_addr_t *)kctx->auk_info.ai_termid.at_addr))) {
1155 		kctx->auk_info.ai_termid.at_type = AU_IPv4;
1156 		kctx->auk_info.ai_termid.at_addr[0] =
1157 		    kctx->auk_info.ai_termid.at_addr[3];
1158 		kctx->auk_info.ai_termid.at_addr[1] = 0;
1159 		kctx->auk_info.ai_termid.at_addr[2] = 0;
1160 		kctx->auk_info.ai_termid.at_addr[3] = 0;
1161 	}
1162 	if (kctx->auk_info.ai_termid.at_type == AU_IPv6)
1163 		kctx->auk_hostaddr_valid = IN6_IS_ADDR_UNSPECIFIED(
1164 		    (in6_addr_t *)kctx->auk_info.ai_termid.at_addr) ? 0 : 1;
1165 	else
1166 		kctx->auk_hostaddr_valid =
1167 		    (kctx->auk_info.ai_termid.at_addr[0] ==
1168 		    htonl(INADDR_ANY)) ? 0 : 1;
1169 
1170 	return (0);
1171 }
1172 
1173 static int
1174 getqctrl(caddr_t data)
1175 {
1176 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1177 	STRUCT_DECL(au_qctrl, qctrl);
1178 	STRUCT_INIT(qctrl, get_udatamodel());
1179 
1180 	mutex_enter(&(kctx->auk_queue.lock));
1181 	STRUCT_FSET(qctrl, aq_hiwater, kctx->auk_queue.hiwater);
1182 	STRUCT_FSET(qctrl, aq_lowater, kctx->auk_queue.lowater);
1183 	STRUCT_FSET(qctrl, aq_bufsz, kctx->auk_queue.bufsz);
1184 	STRUCT_FSET(qctrl, aq_delay, kctx->auk_queue.delay);
1185 	mutex_exit(&(kctx->auk_queue.lock));
1186 
1187 	if (copyout(STRUCT_BUF(qctrl), data, STRUCT_SIZE(qctrl)))
1188 		return (EFAULT);
1189 
1190 	return (0);
1191 }
1192 
1193 static int
1194 setqctrl(caddr_t data)
1195 {
1196 	au_kcontext_t	*kctx;
1197 	struct au_qctrl qctrl_tmp;
1198 	STRUCT_DECL(au_qctrl, qctrl);
1199 	STRUCT_INIT(qctrl, get_udatamodel());
1200 
1201 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1202 		return (EINVAL);
1203 	kctx = GET_KCTX_NGZ;
1204 
1205 	if (copyin(data, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
1206 		return (EFAULT);
1207 
1208 	qctrl_tmp.aq_hiwater = (size_t)STRUCT_FGET(qctrl, aq_hiwater);
1209 	qctrl_tmp.aq_lowater = (size_t)STRUCT_FGET(qctrl, aq_lowater);
1210 	qctrl_tmp.aq_bufsz = (size_t)STRUCT_FGET(qctrl, aq_bufsz);
1211 	qctrl_tmp.aq_delay = (clock_t)STRUCT_FGET(qctrl, aq_delay);
1212 
1213 	/* enforce sane values */
1214 
1215 	if (qctrl_tmp.aq_hiwater <= qctrl_tmp.aq_lowater)
1216 		return (EINVAL);
1217 
1218 	if (qctrl_tmp.aq_hiwater < AQ_LOWATER)
1219 		return (EINVAL);
1220 
1221 	if (qctrl_tmp.aq_hiwater > AQ_MAXHIGH)
1222 		return (EINVAL);
1223 
1224 	if (qctrl_tmp.aq_bufsz < AQ_BUFSZ)
1225 		return (EINVAL);
1226 
1227 	if (qctrl_tmp.aq_bufsz > AQ_MAXBUFSZ)
1228 		return (EINVAL);
1229 
1230 	if (qctrl_tmp.aq_delay == 0)
1231 		return (EINVAL);
1232 
1233 	if (qctrl_tmp.aq_delay > AQ_MAXDELAY)
1234 		return (EINVAL);
1235 
1236 	/* update everything at once so things are consistant */
1237 	mutex_enter(&(kctx->auk_queue.lock));
1238 	kctx->auk_queue.hiwater = qctrl_tmp.aq_hiwater;
1239 	kctx->auk_queue.lowater = qctrl_tmp.aq_lowater;
1240 	kctx->auk_queue.bufsz = qctrl_tmp.aq_bufsz;
1241 	kctx->auk_queue.delay = qctrl_tmp.aq_delay;
1242 
1243 	if (kctx->auk_queue.rd_block &&
1244 	    kctx->auk_queue.cnt > kctx->auk_queue.lowater)
1245 		cv_broadcast(&(kctx->auk_queue.read_cv));
1246 
1247 	if (kctx->auk_queue.wt_block &&
1248 	    kctx->auk_queue.cnt < kctx->auk_queue.hiwater)
1249 		cv_broadcast(&(kctx->auk_queue.write_cv));
1250 
1251 	mutex_exit(&(kctx->auk_queue.lock));
1252 
1253 	return (0);
1254 }
1255 
1256 static int
1257 getcwd(caddr_t data, int length)
1258 {
1259 	struct p_audit_data	*pad;
1260 	struct audit_path	*app;
1261 	int	pathlen;
1262 
1263 	pad = P2A(curproc);
1264 	ASSERT(pad != NULL);
1265 
1266 	mutex_enter(&(pad->pad_lock));
1267 	app = pad->pad_cwd;
1268 	au_pathhold(app);
1269 	mutex_exit(&(pad->pad_lock));
1270 
1271 	pathlen = app->audp_sect[1] - app->audp_sect[0];
1272 	if (pathlen > length) {
1273 		au_pathrele(app);
1274 		return (E2BIG);
1275 	}
1276 
1277 	if (copyout(app->audp_sect[0], data, pathlen)) {
1278 		au_pathrele(app);
1279 		return (EFAULT);
1280 	}
1281 
1282 	au_pathrele(app);
1283 	return (0);
1284 }
1285 
1286 static int
1287 getcar(caddr_t data, int length)
1288 {
1289 	struct p_audit_data	*pad;
1290 	struct audit_path	*app;
1291 	int	pathlen;
1292 
1293 	pad = P2A(curproc);
1294 	ASSERT(pad != NULL);
1295 
1296 	mutex_enter(&(pad->pad_lock));
1297 	app = pad->pad_root;
1298 	au_pathhold(app);
1299 	mutex_exit(&(pad->pad_lock));
1300 
1301 	pathlen = app->audp_sect[1] - app->audp_sect[0];
1302 	if (pathlen > length) {
1303 		au_pathrele(app);
1304 		return (E2BIG);
1305 	}
1306 
1307 	if (copyout(app->audp_sect[0], data, pathlen)) {
1308 		au_pathrele(app);
1309 		return (EFAULT);
1310 	}
1311 
1312 	au_pathrele(app);
1313 	return (0);
1314 }
1315 
1316 static int
1317 getstat(caddr_t data)
1318 {
1319 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1320 
1321 	membar_consumer();
1322 
1323 	if (copyout((caddr_t)&(kctx->auk_statistics), data, sizeof (au_stat_t)))
1324 		return (EFAULT);
1325 	return (0);
1326 }
1327 
1328 
1329 static int
1330 setstat(caddr_t data)
1331 {
1332 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1333 	au_stat_t au_stat;
1334 
1335 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1336 		return (EINVAL);
1337 
1338 	if (copyin(data, &au_stat, sizeof (au_stat_t)))
1339 		return (EFAULT);
1340 
1341 	if (au_stat.as_generated == CLEAR_VAL)
1342 		kctx->auk_statistics.as_generated = 0;
1343 	if (au_stat.as_nonattrib == CLEAR_VAL)
1344 		kctx->auk_statistics.as_nonattrib = 0;
1345 	if (au_stat.as_kernel == CLEAR_VAL)
1346 		kctx->auk_statistics.as_kernel = 0;
1347 	if (au_stat.as_audit == CLEAR_VAL)
1348 		kctx->auk_statistics.as_audit = 0;
1349 	if (au_stat.as_auditctl == CLEAR_VAL)
1350 		kctx->auk_statistics.as_auditctl = 0;
1351 	if (au_stat.as_enqueue == CLEAR_VAL)
1352 		kctx->auk_statistics.as_enqueue = 0;
1353 	if (au_stat.as_written == CLEAR_VAL)
1354 		kctx->auk_statistics.as_written = 0;
1355 	if (au_stat.as_wblocked == CLEAR_VAL)
1356 		kctx->auk_statistics.as_wblocked = 0;
1357 	if (au_stat.as_rblocked == CLEAR_VAL)
1358 		kctx->auk_statistics.as_rblocked = 0;
1359 	if (au_stat.as_dropped == CLEAR_VAL)
1360 		kctx->auk_statistics.as_dropped = 0;
1361 	if (au_stat.as_totalsize == CLEAR_VAL)
1362 		kctx->auk_statistics.as_totalsize = 0;
1363 
1364 	membar_producer();
1365 
1366 	return (0);
1367 
1368 }
1369 
1370 static int
1371 setumask(caddr_t data)
1372 {
1373 	STRUCT_DECL(auditinfo, user_info);
1374 	struct proc *p;
1375 	const auditinfo_addr_t	*ainfo;
1376 	model_t	model;
1377 
1378 	model = get_udatamodel();
1379 	STRUCT_INIT(user_info, model);
1380 
1381 	if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
1382 		return (EFAULT);
1383 
1384 	mutex_enter(&pidlock);	/* lock the process queue against updates */
1385 	for (p = practive; p != NULL; p = p->p_next) {
1386 		cred_t	*cr;
1387 
1388 		mutex_enter(&p->p_lock);	/* so process doesn't go away */
1389 		mutex_enter(&p->p_crlock);
1390 		crhold(cr = p->p_cred);
1391 		mutex_exit(&p->p_crlock);
1392 		ainfo = crgetauinfo(cr);
1393 		if (ainfo == NULL) {
1394 			mutex_exit(&p->p_lock);
1395 			crfree(cr);
1396 			continue;
1397 		}
1398 
1399 		if (ainfo->ai_auid == STRUCT_FGET(user_info, ai_auid)) {
1400 			au_mask_t	mask;
1401 			int		err;
1402 
1403 			/*
1404 			 * Here's a process which matches the specified auid.
1405 			 * If its mask doesn't already match the new mask,
1406 			 * save the new mask in the pad, to be picked up
1407 			 * next syscall.
1408 			 */
1409 			mask = STRUCT_FGET(user_info, ai_mask);
1410 			err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
1411 			crfree(cr);
1412 			if (err != 0) {
1413 				struct p_audit_data *pad = P2A(p);
1414 				ASSERT(pad != NULL);
1415 
1416 				mutex_enter(&(pad->pad_lock));
1417 				pad->pad_flags |= PAD_SETMASK;
1418 				pad->pad_newmask = mask;
1419 				mutex_exit(&(pad->pad_lock));
1420 
1421 				/*
1422 				 * No need to call set_proc_pre_sys(), since
1423 				 * t_pre_sys is ALWAYS on when audit is
1424 				 * enabled...due to syscall auditing.
1425 				 */
1426 			}
1427 		} else {
1428 			crfree(cr);
1429 		}
1430 		mutex_exit(&p->p_lock);
1431 	}
1432 	mutex_exit(&pidlock);
1433 
1434 	return (0);
1435 }
1436 
1437 static int
1438 setsmask(caddr_t data)
1439 {
1440 	STRUCT_DECL(auditinfo, user_info);
1441 	struct proc *p;
1442 	const auditinfo_addr_t	*ainfo;
1443 	model_t	model;
1444 
1445 	model = get_udatamodel();
1446 	STRUCT_INIT(user_info, model);
1447 
1448 	if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
1449 		return (EFAULT);
1450 
1451 	mutex_enter(&pidlock);	/* lock the process queue against updates */
1452 	for (p = practive; p != NULL; p = p->p_next) {
1453 		cred_t	*cr;
1454 
1455 		mutex_enter(&p->p_lock);	/* so process doesn't go away */
1456 		mutex_enter(&p->p_crlock);
1457 		crhold(cr = p->p_cred);
1458 		mutex_exit(&p->p_crlock);
1459 		ainfo = crgetauinfo(cr);
1460 		if (ainfo == NULL) {
1461 			mutex_exit(&p->p_lock);
1462 			crfree(cr);
1463 			continue;
1464 		}
1465 
1466 		if (ainfo->ai_asid == STRUCT_FGET(user_info, ai_asid)) {
1467 			au_mask_t	mask;
1468 			int		err;
1469 
1470 			/*
1471 			 * Here's a process which matches the specified asid.
1472 			 * If its mask doesn't already match the new mask,
1473 			 * save the new mask in the pad, to be picked up
1474 			 * next syscall.
1475 			 */
1476 			mask = STRUCT_FGET(user_info, ai_mask);
1477 			err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
1478 			crfree(cr);
1479 			if (err != 0) {
1480 				struct p_audit_data *pad = P2A(p);
1481 				ASSERT(pad != NULL);
1482 
1483 				mutex_enter(&(pad->pad_lock));
1484 				pad->pad_flags |= PAD_SETMASK;
1485 				pad->pad_newmask = mask;
1486 				mutex_exit(&(pad->pad_lock));
1487 
1488 				/*
1489 				 * No need to call set_proc_pre_sys(), since
1490 				 * t_pre_sys is ALWAYS on when audit is
1491 				 * enabled...due to syscall auditing.
1492 				 */
1493 			}
1494 		} else {
1495 			crfree(cr);
1496 		}
1497 		mutex_exit(&p->p_lock);
1498 	}
1499 	mutex_exit(&pidlock);
1500 
1501 	return (0);
1502 }
1503 
1504 /*
1505  * Get the current audit state of the system
1506  */
1507 static int
1508 getcond(caddr_t data)
1509 {
1510 	au_kcontext_t	*kctx;
1511 
1512 	if (au_auditstate == AUC_DISABLED)
1513 		if (copyout(&au_auditstate, data, sizeof (int)))
1514 			return (EFAULT);
1515 
1516 	kctx = GET_KCTX_PZ;
1517 
1518 	if (copyout(&(kctx->auk_auditstate), data, sizeof (int)))
1519 		return (EFAULT);
1520 
1521 	return (0);
1522 }
1523 
1524 /*
1525  * Set the current audit state of the system to on (AUC_AUDITING) or
1526  * off (AUC_NOAUDIT).
1527  */
1528 /* ARGSUSED */
1529 static int
1530 setcond(caddr_t data)
1531 {
1532 	int	auditstate;
1533 	au_kcontext_t	*kctx;
1534 
1535 	if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc)))
1536 		return (EINVAL);
1537 
1538 	kctx = GET_KCTX_NGZ;
1539 
1540 	if (copyin(data, &auditstate, sizeof (int)))
1541 		return (EFAULT);
1542 
1543 	switch (auditstate) {
1544 	case AUC_AUDITING:		/* Turn auditing on */
1545 		kctx->auk_auditstate = AUC_AUDITING;
1546 		au_auditstate = AUC_ENABLED;
1547 		break;
1548 
1549 	case AUC_NOAUDIT:		/* Turn auditing off */
1550 		if (kctx->auk_auditstate == AUC_NOAUDIT)
1551 			break;
1552 		kctx->auk_auditstate = AUC_NOAUDIT;
1553 
1554 		/* clear out the audit queue */
1555 
1556 		mutex_enter(&(kctx->auk_queue.lock));
1557 		if (kctx->auk_queue.wt_block)
1558 			cv_broadcast(&(kctx->auk_queue.write_cv));
1559 
1560 		/* unblock au_output_thread */
1561 		cv_broadcast(&(kctx->auk_queue.read_cv));
1562 
1563 		mutex_exit(&(kctx->auk_queue.lock));
1564 		break;
1565 
1566 	default:
1567 		return (EINVAL);
1568 	}
1569 
1570 	return (0);
1571 }
1572 
1573 static int
1574 getclass(caddr_t data)
1575 {
1576 	au_evclass_map_t event;
1577 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1578 
1579 	if (copyin(data, &event, sizeof (au_evclass_map_t)))
1580 		return (EFAULT);
1581 
1582 	if (event.ec_number < 0 || event.ec_number > (au_naevent - 1))
1583 		return (EINVAL);
1584 
1585 	event.ec_class = kctx->auk_ets[event.ec_number];
1586 
1587 	if (copyout(&event, data, sizeof (au_evclass_map_t)))
1588 		return (EFAULT);
1589 
1590 	return (0);
1591 }
1592 
1593 static int
1594 setclass(caddr_t data)
1595 {
1596 	au_evclass_map_t event;
1597 	au_kcontext_t	*kctx;
1598 
1599 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1600 		return (EINVAL);
1601 
1602 	kctx = GET_KCTX_NGZ;
1603 
1604 	if (copyin(data, &event, sizeof (au_evclass_map_t)))
1605 		return (EFAULT);
1606 
1607 	if (event.ec_number < 0 || event.ec_number > (au_naevent - 1))
1608 		return (EINVAL);
1609 
1610 	kctx->auk_ets[event.ec_number] = event.ec_class;
1611 
1612 	return (0);
1613 }
1614 
1615 static int
1616 getpinfo(caddr_t data)
1617 {
1618 	STRUCT_DECL(auditpinfo, apinfo);
1619 	proc_t *proc;
1620 	const auditinfo_addr_t	*ainfo;
1621 	model_t	model;
1622 	cred_t	*cr, *newcred;
1623 
1624 	model = get_udatamodel();
1625 	STRUCT_INIT(apinfo, model);
1626 
1627 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1628 		return (EFAULT);
1629 
1630 	newcred = cralloc();
1631 
1632 	mutex_enter(&pidlock);
1633 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1634 		mutex_exit(&pidlock);
1635 		crfree(newcred);
1636 		return (ESRCH);		/* no such process */
1637 	}
1638 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1639 	mutex_exit(&pidlock);
1640 
1641 	audit_update_context(proc, newcred);	/* make sure it's up-to-date */
1642 
1643 	mutex_enter(&proc->p_crlock);
1644 	crhold(cr = proc->p_cred);
1645 	mutex_exit(&proc->p_crlock);
1646 	mutex_exit(&proc->p_lock);
1647 
1648 	ainfo = crgetauinfo(cr);
1649 	if (ainfo == NULL) {
1650 		crfree(cr);
1651 		return (EINVAL);
1652 	}
1653 
1654 	/* designated process has an ipv6 address? */
1655 	if (ainfo->ai_termid.at_type == AU_IPv6) {
1656 		crfree(cr);
1657 		return (EOVERFLOW);
1658 	}
1659 
1660 	STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
1661 	STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
1662 #ifdef _LP64
1663 	if (model == DATAMODEL_ILP32) {
1664 		dev32_t dev;
1665 		/* convert internal 64 bit form to 32 bit version */
1666 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
1667 			crfree(cr);
1668 			return (EOVERFLOW);
1669 		}
1670 		STRUCT_FSET(apinfo, ap_termid.port, dev);
1671 	} else
1672 		STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
1673 #else
1674 	STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
1675 #endif
1676 	STRUCT_FSET(apinfo, ap_termid.machine, ainfo->ai_termid.at_addr[0]);
1677 	STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
1678 
1679 	crfree(cr);
1680 
1681 	if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
1682 		return (EFAULT);
1683 
1684 	return (0);
1685 }
1686 
1687 static int
1688 getpinfo_addr(caddr_t data, int len)
1689 {
1690 	STRUCT_DECL(auditpinfo_addr, apinfo);
1691 	proc_t *proc;
1692 	const auditinfo_addr_t	*ainfo;
1693 	model_t	model;
1694 	cred_t	*cr, *newcred;
1695 
1696 	model = get_udatamodel();
1697 	STRUCT_INIT(apinfo, model);
1698 
1699 	if (len < STRUCT_SIZE(apinfo))
1700 		return (EOVERFLOW);
1701 
1702 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1703 		return (EFAULT);
1704 
1705 	newcred = cralloc();
1706 
1707 	mutex_enter(&pidlock);
1708 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1709 		mutex_exit(&pidlock);
1710 		crfree(newcred);
1711 		return (ESRCH);
1712 	}
1713 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1714 	mutex_exit(&pidlock);
1715 
1716 	audit_update_context(proc, newcred);	/* make sure it's up-to-date */
1717 
1718 	mutex_enter(&proc->p_crlock);
1719 	crhold(cr = proc->p_cred);
1720 	mutex_exit(&proc->p_crlock);
1721 	mutex_exit(&proc->p_lock);
1722 
1723 	ainfo = crgetauinfo(cr);
1724 	if (ainfo == NULL) {
1725 		crfree(cr);
1726 		return (EINVAL);
1727 	}
1728 
1729 	STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
1730 	STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
1731 #ifdef _LP64
1732 	if (model == DATAMODEL_ILP32) {
1733 		dev32_t dev;
1734 		/* convert internal 64 bit form to 32 bit version */
1735 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
1736 			crfree(cr);
1737 			return (EOVERFLOW);
1738 		}
1739 		STRUCT_FSET(apinfo, ap_termid.at_port, dev);
1740 	} else
1741 		STRUCT_FSET(apinfo, ap_termid.at_port,
1742 		    ainfo->ai_termid.at_port);
1743 #else
1744 	STRUCT_FSET(apinfo, ap_termid.at_port, ainfo->ai_termid.at_port);
1745 #endif
1746 	STRUCT_FSET(apinfo, ap_termid.at_type, ainfo->ai_termid.at_type);
1747 	STRUCT_FSET(apinfo, ap_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
1748 	STRUCT_FSET(apinfo, ap_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
1749 	STRUCT_FSET(apinfo, ap_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
1750 	STRUCT_FSET(apinfo, ap_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
1751 	STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
1752 
1753 	crfree(cr);
1754 
1755 	if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
1756 		return (EFAULT);
1757 
1758 	return (0);
1759 }
1760 
1761 static int
1762 setpmask(caddr_t data)
1763 {
1764 	STRUCT_DECL(auditpinfo, apinfo);
1765 	proc_t *proc;
1766 	cred_t	*newcred;
1767 	auditinfo_addr_t	*ainfo;
1768 	struct p_audit_data	*pad;
1769 
1770 	model_t	model;
1771 
1772 	model = get_udatamodel();
1773 	STRUCT_INIT(apinfo, model);
1774 
1775 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1776 		return (EFAULT);
1777 
1778 	mutex_enter(&pidlock);
1779 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1780 		mutex_exit(&pidlock);
1781 		return (ESRCH);
1782 	}
1783 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1784 	mutex_exit(&pidlock);
1785 
1786 	newcred = cralloc();
1787 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
1788 		mutex_exit(&proc->p_lock);
1789 		crfree(newcred);
1790 		return (EINVAL);
1791 	}
1792 
1793 	mutex_enter(&proc->p_crlock);
1794 	crcopy_to(proc->p_cred, newcred);
1795 	proc->p_cred = newcred;
1796 
1797 	ainfo->ai_mask = STRUCT_FGET(apinfo, ap_mask);
1798 
1799 	/*
1800 	 * Unlock. No need to broadcast changes via set_proc_pre_sys(),
1801 	 * since t_pre_sys is ALWAYS on when audit is enabled... due to
1802 	 * syscall auditing.
1803 	 */
1804 	crfree(newcred);
1805 	mutex_exit(&proc->p_crlock);
1806 
1807 	/* Reset flag for any previous pending mask change; this supercedes */
1808 	pad = P2A(proc);
1809 	ASSERT(pad != NULL);
1810 	mutex_enter(&(pad->pad_lock));
1811 	pad->pad_flags &= ~PAD_SETMASK;
1812 	mutex_exit(&(pad->pad_lock));
1813 
1814 	mutex_exit(&proc->p_lock);
1815 
1816 	return (0);
1817 }
1818 
1819 static int
1820 getfsize(caddr_t data)
1821 {
1822 	au_fstat_t fstat;
1823 	au_kcontext_t	*kctx = GET_KCTX_PZ;
1824 
1825 	mutex_enter(&(kctx->auk_fstat_lock));
1826 	fstat.af_filesz = kctx->auk_file_stat.af_filesz;
1827 	fstat.af_currsz = kctx->auk_file_stat.af_currsz;
1828 	mutex_exit(&(kctx->auk_fstat_lock));
1829 
1830 	if (copyout(&fstat, data, sizeof (au_fstat_t)))
1831 		return (EFAULT);
1832 
1833 	return (0);
1834 }
1835 
1836 static int
1837 setfsize(caddr_t data)
1838 {
1839 	au_fstat_t fstat;
1840 	au_kcontext_t	*kctx;
1841 
1842 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1843 		return (EINVAL);
1844 
1845 	kctx = GET_KCTX_NGZ;
1846 
1847 	if (copyin(data, &fstat, sizeof (au_fstat_t)))
1848 		return (EFAULT);
1849 
1850 	if ((fstat.af_filesz != 0) && (fstat.af_filesz < AU_MIN_FILE_SZ))
1851 		return (EINVAL);
1852 
1853 	mutex_enter(&(kctx->auk_fstat_lock));
1854 	kctx->auk_file_stat.af_filesz = fstat.af_filesz;
1855 	mutex_exit(&(kctx->auk_fstat_lock));
1856 
1857 	return (0);
1858 }
1859 /*
1860  * The out of control system call
1861  * This is audit kitchen sink aka auditadm, aka auditon
1862  */
1863 static int
1864 auditctl(
1865 	int	cmd,
1866 	caddr_t data,
1867 	int	length)
1868 {
1869 	int result;
1870 
1871 	if (!audit_active)
1872 		return (EINVAL);
1873 
1874 	switch (cmd) {
1875 	case A_GETCOND:
1876 	case A_GETCAR:
1877 	case A_GETCLASS:
1878 	case A_GETCWD:
1879 	case A_GETFSIZE:
1880 	case A_GETKAUDIT:
1881 	case A_GETKMASK:
1882 	case A_GETPINFO:
1883 	case A_GETPINFO_ADDR:
1884 	case A_GETPOLICY:
1885 	case A_GETQCTRL:
1886 	case A_GETSTAT:
1887 		if (secpolicy_audit_getattr(CRED()) != 0)
1888 			return (EPERM);
1889 		break;
1890 	default:
1891 		if (secpolicy_audit_config(CRED()) != 0)
1892 			return (EPERM);
1893 		break;
1894 	}
1895 
1896 	switch (cmd) {
1897 	case A_GETPOLICY:
1898 		result = getpolicy(data);
1899 		break;
1900 	case A_SETPOLICY:
1901 		result = setpolicy(data);
1902 		break;
1903 	case A_GETKMASK:
1904 		result = getkmask(data);
1905 		break;
1906 	case A_SETKMASK:
1907 		result = setkmask(data);
1908 		break;
1909 	case A_GETKAUDIT:
1910 		result = getkaudit(data, length);
1911 		break;
1912 	case A_SETKAUDIT:
1913 		result = setkaudit(data, length);
1914 		break;
1915 	case A_GETQCTRL:
1916 		result = getqctrl(data);
1917 		break;
1918 	case A_SETQCTRL:
1919 		result = setqctrl(data);
1920 		break;
1921 	case A_GETCWD:
1922 		result = getcwd(data, length);
1923 		break;
1924 	case A_GETCAR:
1925 		result = getcar(data, length);
1926 		break;
1927 	case A_GETSTAT:
1928 		result = getstat(data);
1929 		break;
1930 	case A_SETSTAT:
1931 		result = setstat(data);
1932 		break;
1933 	case A_SETUMASK:
1934 		result = setumask(data);
1935 		break;
1936 	case A_SETSMASK:
1937 		result = setsmask(data);
1938 		break;
1939 	case A_GETCOND:
1940 		result = getcond(data);
1941 		break;
1942 	case A_SETCOND:
1943 		result = setcond(data);
1944 		break;
1945 	case A_GETCLASS:
1946 		result = getclass(data);
1947 		break;
1948 	case A_SETCLASS:
1949 		result = setclass(data);
1950 		break;
1951 	case A_GETPINFO:
1952 		result = getpinfo(data);
1953 		break;
1954 	case A_GETPINFO_ADDR:
1955 		result = getpinfo_addr(data, length);
1956 		break;
1957 	case A_SETPMASK:
1958 		result = setpmask(data);
1959 		break;
1960 	case A_SETFSIZE:
1961 		result = setfsize(data);
1962 		break;
1963 	case A_GETFSIZE:
1964 		result = getfsize(data);
1965 		break;
1966 	default:
1967 		result = EINVAL;
1968 		break;
1969 	}
1970 	return (result);
1971 }
1972 
1973 /*
1974  * auditsvc was EOL'd effective Sol 10
1975  */
1976 static int
1977 auditsvc(int fd, int limit)
1978 {
1979 	struct file *fp;
1980 	struct vnode *vp;
1981 	int error = 0;
1982 	au_kcontext_t	*kctx;
1983 
1984 	if (secpolicy_audit_config(CRED()) != 0)
1985 		return (EPERM);
1986 
1987 	if (!INGLOBALZONE(curproc))
1988 		return (EINVAL);
1989 
1990 	kctx = GET_KCTX_GZ;
1991 
1992 	if (limit < 0 ||
1993 	    (!(kctx->auk_auditstate == AUC_AUDITING ||
1994 	    kctx->auk_auditstate == AUC_NOSPACE)))
1995 		return (EINVAL);
1996 
1997 	/*
1998 	 * Prevent a second audit daemon from running this code
1999 	 */
2000 	mutex_enter(&(kctx->auk_svc_lock));
2001 	if (kctx->auk_svc_busy) {
2002 		mutex_exit(&(kctx->auk_svc_lock));
2003 		return (EBUSY);
2004 	}
2005 	kctx->auk_svc_busy = 1;
2006 	mutex_exit(&(kctx->auk_svc_lock));
2007 
2008 	/*
2009 	 * convert file pointer to file descriptor
2010 	 *   Note: fd ref count incremented here.
2011 	 */
2012 	if ((fp = (struct file *)getf(fd)) == NULL) {
2013 		mutex_enter(&(kctx->auk_svc_lock));
2014 		kctx->auk_svc_busy = 0;
2015 		mutex_exit(&(kctx->auk_svc_lock));
2016 		return (EBADF);
2017 	}
2018 
2019 	vp = fp->f_vnode;
2020 
2021 	kctx->auk_file_stat.af_currsz = 0;
2022 
2023 	/*
2024 	 * Wait for work, until a signal arrives,
2025 	 * or until auditing is disabled.
2026 	 */
2027 	while (!error) {
2028 	    if (kctx->auk_auditstate == AUC_AUDITING) {
2029 		mutex_enter(&(kctx->auk_queue.lock));
2030 		    /* nothing on the audit queue */
2031 		while (kctx->auk_queue.head == NULL) {
2032 			/* safety check. kick writer awake */
2033 		    if (kctx->auk_queue.wt_block)
2034 			cv_broadcast(&(kctx->auk_queue.write_cv));
2035 			/* sleep waiting for things to to */
2036 		    kctx->auk_queue.rd_block = 1;
2037 		    AS_INC(as_rblocked, 1, kctx);
2038 		    if (!cv_wait_sig(&(kctx->auk_queue.read_cv),
2039 			&(kctx->auk_queue.lock))) {
2040 				/* interrupted system call */
2041 			kctx->auk_queue.rd_block = 0;
2042 			mutex_exit(&(kctx->auk_queue.lock));
2043 			error = ((kctx->auk_auditstate == AUC_AUDITING) ||
2044 			    (kctx->auk_auditstate == AUC_NOSPACE)) ?
2045 			    EINTR : EINVAL;
2046 			mutex_enter(&(kctx->auk_svc_lock));
2047 			kctx->auk_svc_busy = 0;
2048 			mutex_exit(&(kctx->auk_svc_lock));
2049 
2050 		/* decrement file descriptor reference count */
2051 			releasef(fd);
2052 			(void) timeout(audit_dont_stop, kctx, au_resid);
2053 			return (error);
2054 		    }
2055 		    kctx->auk_queue.rd_block = 0;
2056 		}
2057 		mutex_exit(&(kctx->auk_queue.lock));
2058 
2059 			/* do as much as we can */
2060 		error = au_doio(vp, limit);
2061 
2062 		/* if we ran out of space, be sure to fire off timeout */
2063 		if (error == ENOSPC)
2064 			(void) timeout(audit_dont_stop, kctx, au_resid);
2065 
2066 	    } else	/* auditing turned off while we slept */
2067 		    break;
2068 	}
2069 
2070 	/*
2071 	 * decrement file descriptor reference count
2072 	 */
2073 	releasef(fd);
2074 
2075 	/*
2076 	 * If auditing has been disabled quit processing
2077 	 */
2078 	if (!(kctx->auk_auditstate == AUC_AUDITING ||
2079 	    kctx->auk_auditstate == AUC_NOSPACE))
2080 		error = EINVAL;
2081 
2082 	mutex_enter(&(kctx->auk_svc_lock));
2083 	kctx->auk_svc_busy = 0;
2084 	mutex_exit(&(kctx->auk_svc_lock));
2085 
2086 	return (error);
2087 }
2088 
2089 static int
2090 audit_modsysent(char *modname, int flags, int (*func)())
2091 {
2092 	struct sysent *sysp;
2093 	int sysnum;
2094 	krwlock_t *kl;
2095 
2096 	if ((sysnum = mod_getsysnum(modname)) == -1) {
2097 		cmn_err(CE_WARN, "system call missing from bind file");
2098 		return (-1);
2099 	}
2100 
2101 	kl = (krwlock_t *)kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
2102 
2103 	sysp = &sysent[sysnum];
2104 	sysp->sy_narg = auditsysent.sy_narg;
2105 #ifdef _LP64
2106 	sysp->sy_flags = (unsigned short)flags;
2107 #else
2108 	sysp->sy_flags = (unsigned char)flags;
2109 #endif
2110 	sysp->sy_call = func;
2111 	sysp->sy_lock = kl;
2112 
2113 #ifdef _SYSCALL32_IMPL
2114 	sysp = &sysent32[sysnum];
2115 	sysp->sy_narg = auditsysent.sy_narg;
2116 	sysp->sy_flags = (unsigned short)flags;
2117 	sysp->sy_call = func;
2118 	sysp->sy_lock = kl;
2119 #endif
2120 
2121 	rw_init(sysp->sy_lock, NULL, RW_DEFAULT, NULL);
2122 
2123 	return (0);
2124 }
2125