xref: /titanic_44/usr/src/cmd/auditconfig/auditconfig.c (revision 9e3700df0ac0106c9153db91edd9fe719345aa3c)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
545916cd2Sjpk  * Common Development and Distribution License (the "License").
645916cd2Sjpk  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
2245916cd2Sjpk  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate  * auditconfig - set and display audit parameters
307c478bd9Sstevel@tonic-gate  */
317c478bd9Sstevel@tonic-gate 
327c478bd9Sstevel@tonic-gate #include <locale.h>
337c478bd9Sstevel@tonic-gate #include <sys/types.h>
347c478bd9Sstevel@tonic-gate #include <ctype.h>
357c478bd9Sstevel@tonic-gate #include <stdlib.h>
367c478bd9Sstevel@tonic-gate #include <stdarg.h>
377c478bd9Sstevel@tonic-gate #include <unistd.h>
387c478bd9Sstevel@tonic-gate #include <errno.h>
397c478bd9Sstevel@tonic-gate #include <sys/param.h>
407c478bd9Sstevel@tonic-gate #include <stdio.h>
417c478bd9Sstevel@tonic-gate #include <string.h>
427c478bd9Sstevel@tonic-gate #include <strings.h>
437c478bd9Sstevel@tonic-gate #include <nlist.h>
447c478bd9Sstevel@tonic-gate #include <fcntl.h>
457c478bd9Sstevel@tonic-gate #include <sys/socket.h>
467c478bd9Sstevel@tonic-gate #include <netdb.h>
477c478bd9Sstevel@tonic-gate #include <netinet/in.h>
487c478bd9Sstevel@tonic-gate #include <arpa/inet.h>
497c478bd9Sstevel@tonic-gate #include <sys/mkdev.h>
507c478bd9Sstevel@tonic-gate #include <sys/param.h>
517c478bd9Sstevel@tonic-gate #include <pwd.h>
527c478bd9Sstevel@tonic-gate #include <libintl.h>
537c478bd9Sstevel@tonic-gate #include <zone.h>
547c478bd9Sstevel@tonic-gate 
55*9e3700dfSgww #include <tsol/label.h>
567c478bd9Sstevel@tonic-gate #include <bsm/audit.h>
577c478bd9Sstevel@tonic-gate #include <bsm/audit_record.h>
587c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h>
597c478bd9Sstevel@tonic-gate 
607c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN)
617c478bd9Sstevel@tonic-gate #define	TEXT_DOMAIN	"SUNW_OST_OSCMD"
627c478bd9Sstevel@tonic-gate #endif
637c478bd9Sstevel@tonic-gate 
64*9e3700dfSgww enum	commands {
65*9e3700dfSgww 	AC_ARG_AUDIT,
66*9e3700dfSgww 	AC_ARG_ACONF,
67*9e3700dfSgww 	AC_ARG_CHKCONF,
68*9e3700dfSgww 	AC_ARG_CHKACONF,
69*9e3700dfSgww 	AC_ARG_CONF,
70*9e3700dfSgww 	AC_ARG_GETASID,
71*9e3700dfSgww 	AC_ARG_GETAUDIT,
72*9e3700dfSgww 	AC_ARG_GETAUID,
73*9e3700dfSgww 	AC_ARG_GETCAR,
74*9e3700dfSgww 	AC_ARG_GETCLASS,
75*9e3700dfSgww 	AC_ARG_GETCOND,
76*9e3700dfSgww 	AC_ARG_GETCWD,
77*9e3700dfSgww 	AC_ARG_GETESTATE,
78*9e3700dfSgww 	AC_ARG_GETFSIZE,
79*9e3700dfSgww 	AC_ARG_GETKAUDIT,
80*9e3700dfSgww 	AC_ARG_GETKMASK,
81*9e3700dfSgww 	AC_ARG_GETPINFO,
82*9e3700dfSgww 	AC_ARG_GETPOLICY,
83*9e3700dfSgww 	AC_ARG_GETQBUFSZ,
84*9e3700dfSgww 	AC_ARG_GETQCTRL,
85*9e3700dfSgww 	AC_ARG_GETQDELAY,
86*9e3700dfSgww 	AC_ARG_GETQHIWATER,
87*9e3700dfSgww 	AC_ARG_GETQLOWATER,
88*9e3700dfSgww 	AC_ARG_GETSTAT,
89*9e3700dfSgww 	AC_ARG_GETTERMID,
90*9e3700dfSgww 	AC_ARG_LSEVENT,
91*9e3700dfSgww 	AC_ARG_LSPOLICY,
92*9e3700dfSgww 	AC_ARG_SETASID,
93*9e3700dfSgww 	AC_ARG_SETAUDIT,
94*9e3700dfSgww 	AC_ARG_SETAUID,
95*9e3700dfSgww 	AC_ARG_SETCLASS,
96*9e3700dfSgww 	AC_ARG_SETFSIZE,
97*9e3700dfSgww 	AC_ARG_SETKAUDIT,
98*9e3700dfSgww 	AC_ARG_SETKMASK,
99*9e3700dfSgww 	AC_ARG_SETPMASK,
100*9e3700dfSgww 	AC_ARG_SETPOLICY,
101*9e3700dfSgww 	AC_ARG_SETSMASK,
102*9e3700dfSgww 	AC_ARG_SETSTAT,
103*9e3700dfSgww 	AC_ARG_SETQBUFSZ,
104*9e3700dfSgww 	AC_ARG_SETQCTRL,
105*9e3700dfSgww 	AC_ARG_SETQDELAY,
106*9e3700dfSgww 	AC_ARG_SETQHIWATER,
107*9e3700dfSgww 	AC_ARG_SETQLOWATER,
108*9e3700dfSgww 	AC_ARG_SETUMASK
109*9e3700dfSgww };
1107c478bd9Sstevel@tonic-gate 
1117c478bd9Sstevel@tonic-gate #define	AC_KERN_EVENT 		0
1127c478bd9Sstevel@tonic-gate #define	AC_USER_EVENT 		1
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate #define	NONE(s) (!strlen(s) ? gettext("none") : s)
1157c478bd9Sstevel@tonic-gate 
1167c478bd9Sstevel@tonic-gate #define	ALL_POLICIES   (AUDIT_AHLT|\
1177c478bd9Sstevel@tonic-gate 			AUDIT_ARGE|\
1187c478bd9Sstevel@tonic-gate 			AUDIT_ARGV|\
1197c478bd9Sstevel@tonic-gate 			AUDIT_CNT|\
1207c478bd9Sstevel@tonic-gate 			AUDIT_GROUP|\
1217c478bd9Sstevel@tonic-gate 			AUDIT_PASSWD|\
1227c478bd9Sstevel@tonic-gate 			AUDIT_WINDATA|\
1237c478bd9Sstevel@tonic-gate 			AUDIT_SEQ|\
1247c478bd9Sstevel@tonic-gate 			AUDIT_TRAIL|\
1257c478bd9Sstevel@tonic-gate 			AUDIT_PATH|\
1267c478bd9Sstevel@tonic-gate 			AUDIT_PUBLIC|\
1277c478bd9Sstevel@tonic-gate 			AUDIT_ZONENAME|\
12845916cd2Sjpk 			AUDIT_PERZONE|\
12945916cd2Sjpk 			AUDIT_WINDATA_DOWN|\
13045916cd2Sjpk 			AUDIT_WINDATA_UP)
1317c478bd9Sstevel@tonic-gate 
1327c478bd9Sstevel@tonic-gate #define	NO_POLICIES  (0)
1337c478bd9Sstevel@tonic-gate 
1347c478bd9Sstevel@tonic-gate #define	ONEK 1024
1357c478bd9Sstevel@tonic-gate 
1367c478bd9Sstevel@tonic-gate /*
1377c478bd9Sstevel@tonic-gate  * remove this after the audit.h is fixed
1387c478bd9Sstevel@tonic-gate  */
1397c478bd9Sstevel@tonic-gate 
1407c478bd9Sstevel@tonic-gate struct arg_entry {
1417c478bd9Sstevel@tonic-gate 	char		*arg_str;
1427c478bd9Sstevel@tonic-gate 	char		*arg_opts;
143*9e3700dfSgww 	enum commands	auditconfig_cmd;
1447c478bd9Sstevel@tonic-gate };
1457c478bd9Sstevel@tonic-gate 
1467c478bd9Sstevel@tonic-gate struct policy_entry {
1477c478bd9Sstevel@tonic-gate 	char *policy_str;
1487c478bd9Sstevel@tonic-gate 	uint_t policy_mask;
1497c478bd9Sstevel@tonic-gate 	char *policy_desc;
1507c478bd9Sstevel@tonic-gate };
1517c478bd9Sstevel@tonic-gate 
1527c478bd9Sstevel@tonic-gate static struct arg_entry arg_table[] = {
1537c478bd9Sstevel@tonic-gate 	{ "-aconf",		"",			AC_ARG_ACONF},
1547c478bd9Sstevel@tonic-gate 	{ "-audit",	"event sorf retval string",	AC_ARG_AUDIT},
1557c478bd9Sstevel@tonic-gate 	{ "-chkaconf",		"",			AC_ARG_CHKACONF},
1567c478bd9Sstevel@tonic-gate 	{ "-chkconf",		"",			AC_ARG_CHKCONF},
1577c478bd9Sstevel@tonic-gate 	{ "-conf",		"",			AC_ARG_CONF},
1587c478bd9Sstevel@tonic-gate 	{ "-getasid",		"",			AC_ARG_GETASID},
1597c478bd9Sstevel@tonic-gate 	{ "-getaudit",		"",			AC_ARG_GETAUDIT},
1607c478bd9Sstevel@tonic-gate 	{ "-getauid",		"",			AC_ARG_GETAUID},
1617c478bd9Sstevel@tonic-gate 	{ "-getcar",		"",			AC_ARG_GETCAR},
162*9e3700dfSgww 	{ "-getclass",		"event",		AC_ARG_GETCLASS},
1637c478bd9Sstevel@tonic-gate 	{ "-getcond",		"",			AC_ARG_GETCOND},
1647c478bd9Sstevel@tonic-gate 	{ "-getcwd",		"",			AC_ARG_GETCWD},
1657c478bd9Sstevel@tonic-gate 	{ "-getestate",		"event",		AC_ARG_GETESTATE},
1667c478bd9Sstevel@tonic-gate 	{ "-getfsize",		"",			AC_ARG_GETFSIZE},
1677c478bd9Sstevel@tonic-gate 	{ "-getkaudit",		"",			AC_ARG_GETKAUDIT},
1687c478bd9Sstevel@tonic-gate 	{ "-getkmask",		"",			AC_ARG_GETKMASK},
169*9e3700dfSgww 	{ "-getpinfo",		"pid",			AC_ARG_GETPINFO},
1707c478bd9Sstevel@tonic-gate 	{ "-getpolicy",		"",			AC_ARG_GETPOLICY},
1717c478bd9Sstevel@tonic-gate 	{ "-getqbufsz",		"",			AC_ARG_GETQBUFSZ},
1727c478bd9Sstevel@tonic-gate 	{ "-getqctrl",		"",			AC_ARG_GETQCTRL},
1737c478bd9Sstevel@tonic-gate 	{ "-getqdelay",		"",			AC_ARG_GETQDELAY},
1747c478bd9Sstevel@tonic-gate 	{ "-getqhiwater",	"",			AC_ARG_GETQHIWATER},
1757c478bd9Sstevel@tonic-gate 	{ "-getqlowater",	"",			AC_ARG_GETQLOWATER},
1767c478bd9Sstevel@tonic-gate 	{ "-getstat",		"",			AC_ARG_GETSTAT},
1777c478bd9Sstevel@tonic-gate 	{ "-gettid",		"",			AC_ARG_GETTERMID},
1787c478bd9Sstevel@tonic-gate 	{ "-lsevent",		"",			AC_ARG_LSEVENT},
1797c478bd9Sstevel@tonic-gate 	{ "-lspolicy",		"",			AC_ARG_LSPOLICY},
1807c478bd9Sstevel@tonic-gate 	{ "-setasid",		"asid [cmd]",		AC_ARG_SETASID},
181*9e3700dfSgww 	{ "-setaudit",		"auid audit_flags termid asid [cmd]",
1827c478bd9Sstevel@tonic-gate 							AC_ARG_SETAUDIT},
1837c478bd9Sstevel@tonic-gate 	{ "-setauid",		"auid [cmd]",		AC_ARG_SETAUID},
1847c478bd9Sstevel@tonic-gate 	{ "-setclass",		"event audit_flags",	AC_ARG_SETCLASS},
1857c478bd9Sstevel@tonic-gate 	{ "-setfsize",		"filesize",		AC_ARG_SETFSIZE},
1867c478bd9Sstevel@tonic-gate 	{ "-setkaudit",		"type IP_address",	AC_ARG_SETKAUDIT},
1877c478bd9Sstevel@tonic-gate 	{ "-setkmask",		"audit_flags",		AC_ARG_SETKMASK},
188*9e3700dfSgww 	{ "-setpmask",		"pid audit_flags",	AC_ARG_SETPMASK},
189*9e3700dfSgww 	{ "-setpolicy",		"[+|-]policy_flags",	AC_ARG_SETPOLICY},
1907c478bd9Sstevel@tonic-gate 	{ "-setqbufsz",		"bufsz",		AC_ARG_SETQBUFSZ},
1917c478bd9Sstevel@tonic-gate 	{ "-setqctrl",	"hiwater lowater bufsz delay",	AC_ARG_SETQCTRL},
1927c478bd9Sstevel@tonic-gate 	{ "-setqdelay",		"delay",		AC_ARG_SETQDELAY},
1937c478bd9Sstevel@tonic-gate 	{ "-setqhiwater",	"hiwater",		AC_ARG_SETQHIWATER},
1947c478bd9Sstevel@tonic-gate 	{ "-setqlowater",	"lowater",		AC_ARG_SETQLOWATER},
1957c478bd9Sstevel@tonic-gate 	{ "-setsmask",		"asid audit_flags",	AC_ARG_SETSMASK},
1967c478bd9Sstevel@tonic-gate 	{ "-setstat",		"",			AC_ARG_SETSTAT},
1977c478bd9Sstevel@tonic-gate 	{ "-setumask",		"user audit_flags",	AC_ARG_SETUMASK},
1987c478bd9Sstevel@tonic-gate };
1997c478bd9Sstevel@tonic-gate 
2007c478bd9Sstevel@tonic-gate #define	ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry))
2017c478bd9Sstevel@tonic-gate 
2027c478bd9Sstevel@tonic-gate static struct policy_entry policy_table[] = {
203*9e3700dfSgww 	{"ahlt",  AUDIT_AHLT,   "halt machine if it can not record an "
204*9e3700dfSgww 	    "async event"},
205*9e3700dfSgww 	{"all",   ALL_POLICIES,	"all policies"},
206*9e3700dfSgww 	{"arge",  AUDIT_ARGE,   "include exec environment args in audit recs"},
207*9e3700dfSgww 	{"argv",  AUDIT_ARGV,   "include exec command line args in audit recs"},
208*9e3700dfSgww 	{"cnt",   AUDIT_CNT,    "when no more space, drop recs and keep a cnt"},
209*9e3700dfSgww 	{"group", AUDIT_GROUP,	"include supplementary groups in audit recs"},
210*9e3700dfSgww 	{"none",  NO_POLICIES,	"no policies"},
211*9e3700dfSgww 	{"path",  AUDIT_PATH,	"allow multiple paths per event"},
212*9e3700dfSgww 	{"perzone", AUDIT_PERZONE,      "use a separate queue and auditd per "
213*9e3700dfSgww 	    "zone"},
214*9e3700dfSgww 	{"public",  AUDIT_PUBLIC,    "audit public files"},
215*9e3700dfSgww 	{"seq",   AUDIT_SEQ,    "include a sequence number in audit recs"},
216*9e3700dfSgww 	{"trail", AUDIT_TRAIL,	"include trailer token in audit recs"},
217*9e3700dfSgww 	{"windata_down", AUDIT_WINDATA_DOWN,  "include downgraded window "
218*9e3700dfSgww 	    "information in audit recs"},
219*9e3700dfSgww 	{"windata_up",  AUDIT_WINDATA_UP,     "include upgraded window "
220*9e3700dfSgww 	    "information in audit recs"},
221*9e3700dfSgww 	{"zonename", AUDIT_ZONENAME,    "generate zonename token"}
2227c478bd9Sstevel@tonic-gate };
2237c478bd9Sstevel@tonic-gate 
2247c478bd9Sstevel@tonic-gate #define	POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry))
2257c478bd9Sstevel@tonic-gate 
226*9e3700dfSgww static char *progname = "auditconfig";
2277c478bd9Sstevel@tonic-gate 
228*9e3700dfSgww static au_event_ent_t *egetauevnam(char *event_name);
229*9e3700dfSgww static au_event_ent_t *egetauevnum(au_event_t event_number);
230*9e3700dfSgww static int arg_ent_compare(const void *aep1, const void *aep2);
231*9e3700dfSgww static char *cond2str(void);
232*9e3700dfSgww static int policy2str(uint_t policy, char *policy_str, size_t len);
233*9e3700dfSgww static int str2type(char *s, uint_t *type);
234*9e3700dfSgww static int str2policy(char *policy_str, uint_t *policy_mask);
235*9e3700dfSgww static int str2ipaddr(char *s, uint32_t *addr, uint32_t type);
236*9e3700dfSgww static int strisflags(char *s);
237*9e3700dfSgww static int strisipaddr(char *s);
238*9e3700dfSgww static int strisnum(char *s);
239*9e3700dfSgww static struct arg_entry *get_arg_ent(char *arg_str);
240*9e3700dfSgww static struct policy_entry *get_policy_ent(char *policy);
241*9e3700dfSgww static uid_t get_user_id(char *user);
242*9e3700dfSgww static void chk_event_num(int etype, au_event_t event);
243*9e3700dfSgww static void chk_event_str(int etype, char *event_str);
244*9e3700dfSgww static void chk_retval(char *retval_str);
245*9e3700dfSgww static void chk_sorf(char *sorf_str);
246*9e3700dfSgww static void do_aconf(void);
247*9e3700dfSgww static void do_args(char **argv);
248*9e3700dfSgww static void do_audit(char *, char, int, char *);
249*9e3700dfSgww static void do_chkaconf(void);
250*9e3700dfSgww static void do_chkconf(void);
251*9e3700dfSgww static void do_conf(void);
252*9e3700dfSgww static void do_getasid(void);
253*9e3700dfSgww static void do_getaudit(void);
254*9e3700dfSgww static void do_getkaudit(void);
255*9e3700dfSgww static void do_setkaudit(char *t, char *s);
256*9e3700dfSgww static void do_getauid(void);
257*9e3700dfSgww static void do_getcar(void);
258*9e3700dfSgww static void do_getclass(char *event_str);
259*9e3700dfSgww static void do_getcond(void);
260*9e3700dfSgww static void do_getcwd(void);
261*9e3700dfSgww static void do_getkmask(void);
262*9e3700dfSgww static void do_getpinfo(char *pid_str);
263*9e3700dfSgww static void do_getpolicy(void);
264*9e3700dfSgww static void do_getqbufsz(void);
265*9e3700dfSgww static void do_getqctrl(void);
266*9e3700dfSgww static void do_getqdelay(void);
267*9e3700dfSgww static void do_getqhiwater(void);
268*9e3700dfSgww static void do_getqlowater(void);
269*9e3700dfSgww static void do_getstat(void);
270*9e3700dfSgww static void do_gettermid(void);
271*9e3700dfSgww static void do_lsevent(void);
272*9e3700dfSgww static void do_lspolicy(void);
273*9e3700dfSgww static void do_setasid(char *sid_str, char **argv);
274*9e3700dfSgww static void do_setaudit(char *user_str, char *mask_str, char *tid_str,
275*9e3700dfSgww     char *sid_str, char **argv);
276*9e3700dfSgww static void do_setauid(char *user, char **argv);
277*9e3700dfSgww static void do_setclass(char *event_str, char *audit_flags);
278*9e3700dfSgww static void do_setkmask(char *audit_flags);
279*9e3700dfSgww static void do_setpmask(char *pid_str, char *audit_flags);
280*9e3700dfSgww static void do_setsmask(char *asid_str, char *audit_flags);
281*9e3700dfSgww static void do_setumask(char *auid_str, char *audit_flags);
282*9e3700dfSgww static void do_setpolicy(char *policy_str);
283*9e3700dfSgww static void do_setqbufsz(char *bufsz);
284*9e3700dfSgww static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay);
285*9e3700dfSgww static void do_setqdelay(char *delay);
286*9e3700dfSgww static void do_setqhiwater(char *hiwater);
287*9e3700dfSgww static void do_setqlowater(char *lowater);
288*9e3700dfSgww static void do_setstat(void);
289*9e3700dfSgww static void do_getfsize(void);
290*9e3700dfSgww static void do_setfsize(char *size);
291*9e3700dfSgww static void str2mask(char *mask_str, au_mask_t *mp);
292*9e3700dfSgww static void str2tid(char *tid_str, au_tid_addr_t *tp);
293*9e3700dfSgww static void strsplit(char *s, char *p1, char *p2, char c);
29445916cd2Sjpk 
295*9e3700dfSgww static void eauditon(int cmd, caddr_t data, int length);
296*9e3700dfSgww static void egetaudit(auditinfo_addr_t *ai, int size);
297*9e3700dfSgww static void egetkaudit(auditinfo_addr_t *ai, int size);
298*9e3700dfSgww static void esetkaudit(auditinfo_addr_t *ai, int size);
299*9e3700dfSgww static void egetauditflagsbin(char *auditflags, au_mask_t *pmask);
300*9e3700dfSgww static void egetauid(au_id_t *auid);
301*9e3700dfSgww static void esetaudit(auditinfo_addr_t *ai, int size);
302*9e3700dfSgww static void esetauid(au_id_t *auid);
303*9e3700dfSgww static void execit(char **argv);
304*9e3700dfSgww static void exit_error(char *fmt, ...);
305*9e3700dfSgww static void exit_usage(int status);
306*9e3700dfSgww static void parse_args(char **argv);
307*9e3700dfSgww static void print_asid(au_asid_t asid);
308*9e3700dfSgww static void print_auid(au_id_t auid);
309*9e3700dfSgww static void print_mask(char *desc, au_mask_t *pmp);
310*9e3700dfSgww static void print_tid_ex(au_tid_addr_t *tidp);
3117c478bd9Sstevel@tonic-gate 
3127c478bd9Sstevel@tonic-gate int
313*9e3700dfSgww main(int argc, char **argv)
3147c478bd9Sstevel@tonic-gate {
3157c478bd9Sstevel@tonic-gate 	(void) setlocale(LC_ALL, "");
3167c478bd9Sstevel@tonic-gate 	(void) textdomain(TEXT_DOMAIN);
3177c478bd9Sstevel@tonic-gate 
3187c478bd9Sstevel@tonic-gate 	if (argc == 1) {
3197c478bd9Sstevel@tonic-gate 		exit_usage(0);
3207c478bd9Sstevel@tonic-gate 		exit(0);
3217c478bd9Sstevel@tonic-gate 	}
3227c478bd9Sstevel@tonic-gate 
3237c478bd9Sstevel@tonic-gate 	if (argc == 2 &&
3247c478bd9Sstevel@tonic-gate 		(argv[1][0] == '?' ||
3257c478bd9Sstevel@tonic-gate 		strcmp(argv[1], "-h") == 0 ||
3267c478bd9Sstevel@tonic-gate 		strcmp(argv[1], "-?") == 0))
3277c478bd9Sstevel@tonic-gate 		exit_usage(0);
3287c478bd9Sstevel@tonic-gate 
3297c478bd9Sstevel@tonic-gate 	parse_args(argv);
3307c478bd9Sstevel@tonic-gate 	do_args(argv);
3317c478bd9Sstevel@tonic-gate 
3327c478bd9Sstevel@tonic-gate 	return (0);
3337c478bd9Sstevel@tonic-gate }
3347c478bd9Sstevel@tonic-gate 
3357c478bd9Sstevel@tonic-gate /*
3367c478bd9Sstevel@tonic-gate  * parse_args()
3377c478bd9Sstevel@tonic-gate  *     Desc: Checks command line argument syntax.
3387c478bd9Sstevel@tonic-gate  *     Inputs: Command line argv;
3397c478bd9Sstevel@tonic-gate  *     Returns: If a syntax error is detected, a usage message is printed
3407c478bd9Sstevel@tonic-gate  *              and exit() is called. If a syntax error is not detected,
3417c478bd9Sstevel@tonic-gate  *              parse_args() returns without a value.
3427c478bd9Sstevel@tonic-gate  */
3437c478bd9Sstevel@tonic-gate static void
3447c478bd9Sstevel@tonic-gate parse_args(char **argv)
3457c478bd9Sstevel@tonic-gate {
3467c478bd9Sstevel@tonic-gate 	struct arg_entry *ae;
3477c478bd9Sstevel@tonic-gate 
348*9e3700dfSgww 	au_mask_t mask;
3497c478bd9Sstevel@tonic-gate 	uint_t type;
3507c478bd9Sstevel@tonic-gate 	uint_t addr[4];
3517c478bd9Sstevel@tonic-gate 
3527c478bd9Sstevel@tonic-gate 	for (++argv; *argv; argv++) {
353*9e3700dfSgww 		if ((ae = get_arg_ent(*argv)) == NULL) {
3547c478bd9Sstevel@tonic-gate 			exit_usage(1);
3557c478bd9Sstevel@tonic-gate 		}
3567c478bd9Sstevel@tonic-gate 
3577c478bd9Sstevel@tonic-gate 		switch (ae->auditconfig_cmd) {
3587c478bd9Sstevel@tonic-gate 
3597c478bd9Sstevel@tonic-gate 		case AC_ARG_AUDIT:
3607c478bd9Sstevel@tonic-gate 			++argv;
3617c478bd9Sstevel@tonic-gate 			if (!*argv)
3627c478bd9Sstevel@tonic-gate 				exit_usage(1);
3637c478bd9Sstevel@tonic-gate 			if (strisnum(*argv)) {
3647c478bd9Sstevel@tonic-gate 				chk_event_num(AC_USER_EVENT,
3657c478bd9Sstevel@tonic-gate 					(au_event_t)atol(*argv));
366*9e3700dfSgww 			} else {
3677c478bd9Sstevel@tonic-gate 				chk_event_str(AC_USER_EVENT, *argv);
368*9e3700dfSgww 			}
3697c478bd9Sstevel@tonic-gate 			++argv;
3707c478bd9Sstevel@tonic-gate 			if (!*argv)
3717c478bd9Sstevel@tonic-gate 				exit_usage(1);
3727c478bd9Sstevel@tonic-gate 			chk_sorf(*argv);
3737c478bd9Sstevel@tonic-gate 			++argv;
3747c478bd9Sstevel@tonic-gate 			if (!*argv)
3757c478bd9Sstevel@tonic-gate 				exit_usage(1);
3767c478bd9Sstevel@tonic-gate 			chk_retval(*argv);
3777c478bd9Sstevel@tonic-gate 			++argv;
3787c478bd9Sstevel@tonic-gate 			if (!*argv)
3797c478bd9Sstevel@tonic-gate 				exit_usage(1);
3807c478bd9Sstevel@tonic-gate 			break;
3817c478bd9Sstevel@tonic-gate 
3827c478bd9Sstevel@tonic-gate 		case AC_ARG_CHKCONF:
3837c478bd9Sstevel@tonic-gate 		case AC_ARG_CONF:
3847c478bd9Sstevel@tonic-gate 		case AC_ARG_ACONF:
3857c478bd9Sstevel@tonic-gate 		case AC_ARG_CHKACONF:
3867c478bd9Sstevel@tonic-gate 		case AC_ARG_GETASID:
3877c478bd9Sstevel@tonic-gate 		case AC_ARG_GETAUID:
3887c478bd9Sstevel@tonic-gate 		case AC_ARG_GETAUDIT:
3897c478bd9Sstevel@tonic-gate 		case AC_ARG_GETKAUDIT:
3907c478bd9Sstevel@tonic-gate 			break;
3917c478bd9Sstevel@tonic-gate 
3927c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCLASS:
3937c478bd9Sstevel@tonic-gate 		case AC_ARG_GETESTATE:
3947c478bd9Sstevel@tonic-gate 			++argv;
3957c478bd9Sstevel@tonic-gate 			if (!*argv)
3967c478bd9Sstevel@tonic-gate 				exit_usage(1);
397*9e3700dfSgww 			if (strisnum(*argv)) {
3987c478bd9Sstevel@tonic-gate 				chk_event_num(AC_KERN_EVENT,
3997c478bd9Sstevel@tonic-gate 				    (au_event_t)atol(*argv));
400*9e3700dfSgww 			} else {
4017c478bd9Sstevel@tonic-gate 				chk_event_str(AC_KERN_EVENT, *argv);
402*9e3700dfSgww 			}
4037c478bd9Sstevel@tonic-gate 			break;
4047c478bd9Sstevel@tonic-gate 
4057c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCAR:
4067c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCOND:
4077c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCWD:
4087c478bd9Sstevel@tonic-gate 		case AC_ARG_GETKMASK:
4097c478bd9Sstevel@tonic-gate 		case AC_ARG_GETPOLICY:
4107c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQBUFSZ:
4117c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQCTRL:
4127c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQDELAY:
4137c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQHIWATER:
4147c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQLOWATER:
4157c478bd9Sstevel@tonic-gate 		case AC_ARG_GETSTAT:
4167c478bd9Sstevel@tonic-gate 		case AC_ARG_GETTERMID:
4177c478bd9Sstevel@tonic-gate 		case AC_ARG_LSEVENT:
4187c478bd9Sstevel@tonic-gate 		case AC_ARG_LSPOLICY:
4197c478bd9Sstevel@tonic-gate 			break;
4207c478bd9Sstevel@tonic-gate 
4217c478bd9Sstevel@tonic-gate 		case AC_ARG_SETASID:
4227c478bd9Sstevel@tonic-gate 		case AC_ARG_SETAUID:
4237c478bd9Sstevel@tonic-gate 		case AC_ARG_SETAUDIT:
4247c478bd9Sstevel@tonic-gate 			++argv;
4257c478bd9Sstevel@tonic-gate 			if (!*argv)
4267c478bd9Sstevel@tonic-gate 				exit_usage(1);
4277c478bd9Sstevel@tonic-gate 
4287c478bd9Sstevel@tonic-gate 			while (*argv)
4297c478bd9Sstevel@tonic-gate 				++argv;
4307c478bd9Sstevel@tonic-gate 			--argv;
4317c478bd9Sstevel@tonic-gate 
4327c478bd9Sstevel@tonic-gate 			break;
4337c478bd9Sstevel@tonic-gate 
4347c478bd9Sstevel@tonic-gate 		case AC_ARG_SETKAUDIT:
4357c478bd9Sstevel@tonic-gate 			++argv;
4367c478bd9Sstevel@tonic-gate 			if (!*argv)
4377c478bd9Sstevel@tonic-gate 				exit_usage(1);
4387c478bd9Sstevel@tonic-gate 			if (str2type (*argv, &type))
4397c478bd9Sstevel@tonic-gate 				exit_error(gettext(
4407c478bd9Sstevel@tonic-gate 					"Invalid IP address type specified."));
4417c478bd9Sstevel@tonic-gate 			++argv;
4427c478bd9Sstevel@tonic-gate 			if (!*argv)
4437c478bd9Sstevel@tonic-gate 				exit_usage(1);
4447c478bd9Sstevel@tonic-gate 
4457c478bd9Sstevel@tonic-gate 			if (str2ipaddr(*argv, addr, type))
4467c478bd9Sstevel@tonic-gate 				exit_error(gettext(
4477c478bd9Sstevel@tonic-gate 					"Invalid IP address specified."));
4487c478bd9Sstevel@tonic-gate 			break;
4497c478bd9Sstevel@tonic-gate 
4507c478bd9Sstevel@tonic-gate 		case AC_ARG_SETCLASS:
4517c478bd9Sstevel@tonic-gate 			++argv;
4527c478bd9Sstevel@tonic-gate 			if (!*argv)
4537c478bd9Sstevel@tonic-gate 				exit_usage(1);
4547c478bd9Sstevel@tonic-gate 			if (strisnum(*argv))
4557c478bd9Sstevel@tonic-gate 				chk_event_num(AC_KERN_EVENT,
4567c478bd9Sstevel@tonic-gate 					(au_event_t)atol(*argv));
4577c478bd9Sstevel@tonic-gate 			else
4587c478bd9Sstevel@tonic-gate 				chk_event_str(AC_KERN_EVENT, *argv);
4597c478bd9Sstevel@tonic-gate 			++argv;
4607c478bd9Sstevel@tonic-gate 			if (!*argv)
4617c478bd9Sstevel@tonic-gate 				exit_usage(1);
462*9e3700dfSgww 			str2mask(*argv, &mask);
4637c478bd9Sstevel@tonic-gate 			break;
4647c478bd9Sstevel@tonic-gate 
4657c478bd9Sstevel@tonic-gate 		case AC_ARG_SETKMASK:
4667c478bd9Sstevel@tonic-gate 			++argv;
4677c478bd9Sstevel@tonic-gate 			if (!*argv)
4687c478bd9Sstevel@tonic-gate 				exit_usage(1);
469*9e3700dfSgww 			str2mask(*argv, &mask);
4707c478bd9Sstevel@tonic-gate 			break;
4717c478bd9Sstevel@tonic-gate 
4727c478bd9Sstevel@tonic-gate 		case AC_ARG_SETPOLICY:
4737c478bd9Sstevel@tonic-gate 			++argv;
4747c478bd9Sstevel@tonic-gate 			if (!*argv)
4757c478bd9Sstevel@tonic-gate 				exit_usage(1);
4767c478bd9Sstevel@tonic-gate 			break;
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate 		case AC_ARG_SETSTAT:
4797c478bd9Sstevel@tonic-gate 			break;
4807c478bd9Sstevel@tonic-gate 
4817c478bd9Sstevel@tonic-gate 		case AC_ARG_GETPINFO:
4827c478bd9Sstevel@tonic-gate 			++argv;
4837c478bd9Sstevel@tonic-gate 			if (!*argv)
4847c478bd9Sstevel@tonic-gate 				exit_usage(1);
4857c478bd9Sstevel@tonic-gate 			break;
4867c478bd9Sstevel@tonic-gate 
4877c478bd9Sstevel@tonic-gate 		case AC_ARG_SETPMASK:
4887c478bd9Sstevel@tonic-gate 			++argv;
4897c478bd9Sstevel@tonic-gate 			if (!*argv)
4907c478bd9Sstevel@tonic-gate 				exit_usage(1);
4917c478bd9Sstevel@tonic-gate 			++argv;
4927c478bd9Sstevel@tonic-gate 			if (!*argv)
4937c478bd9Sstevel@tonic-gate 				exit_usage(1);
494*9e3700dfSgww 			str2mask(*argv, &mask);
4957c478bd9Sstevel@tonic-gate 			break;
4967c478bd9Sstevel@tonic-gate 
4977c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQBUFSZ:
4987c478bd9Sstevel@tonic-gate 			++argv;
4997c478bd9Sstevel@tonic-gate 			if (!*argv)
5007c478bd9Sstevel@tonic-gate 				exit_usage(1);
5017c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5027c478bd9Sstevel@tonic-gate 				exit_error(gettext("Invalid bufsz specified."));
5037c478bd9Sstevel@tonic-gate 			break;
5047c478bd9Sstevel@tonic-gate 
5057c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQCTRL:
5067c478bd9Sstevel@tonic-gate 			++argv;
5077c478bd9Sstevel@tonic-gate 			if (!*argv)
5087c478bd9Sstevel@tonic-gate 				exit_usage(1);
5097c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5107c478bd9Sstevel@tonic-gate 				exit_error(gettext(
5117c478bd9Sstevel@tonic-gate 					"Invalid hiwater specified."));
5127c478bd9Sstevel@tonic-gate 			++argv;
5137c478bd9Sstevel@tonic-gate 			if (!*argv)
5147c478bd9Sstevel@tonic-gate 				exit_usage(1);
5157c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5167c478bd9Sstevel@tonic-gate 				exit_error(gettext(
5177c478bd9Sstevel@tonic-gate 					gettext("Invalid lowater specified.")));
5187c478bd9Sstevel@tonic-gate 			++argv;
5197c478bd9Sstevel@tonic-gate 			if (!*argv)
5207c478bd9Sstevel@tonic-gate 				exit_usage(1);
5217c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5227c478bd9Sstevel@tonic-gate 				exit_error(gettext("Invalid bufsz specified."));
5237c478bd9Sstevel@tonic-gate 			++argv;
5247c478bd9Sstevel@tonic-gate 			if (!*argv)
5257c478bd9Sstevel@tonic-gate 				exit_usage(1);
5267c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5277c478bd9Sstevel@tonic-gate 				exit_error(gettext("Invalid delay specified."));
5287c478bd9Sstevel@tonic-gate 			break;
5297c478bd9Sstevel@tonic-gate 
5307c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQDELAY:
5317c478bd9Sstevel@tonic-gate 			++argv;
5327c478bd9Sstevel@tonic-gate 			if (!*argv)
5337c478bd9Sstevel@tonic-gate 				exit_usage(1);
5347c478bd9Sstevel@tonic-gate 			if (!strisnum(*argv))
5357c478bd9Sstevel@tonic-gate 				exit_error(gettext("Invalid delay specified."));
5367c478bd9Sstevel@tonic-gate 			break;
5377c478bd9Sstevel@tonic-gate 
5387c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQHIWATER:
5397c478bd9Sstevel@tonic-gate 			++argv;
5407c478bd9Sstevel@tonic-gate 			if (!*argv)
5417c478bd9Sstevel@tonic-gate 				exit_usage(1);
542*9e3700dfSgww 			if (!strisnum(*argv)) {
5437c478bd9Sstevel@tonic-gate 				exit_error(gettext(
5447c478bd9Sstevel@tonic-gate 				    "Invalid hiwater specified."));
545*9e3700dfSgww 			}
5467c478bd9Sstevel@tonic-gate 			break;
5477c478bd9Sstevel@tonic-gate 
5487c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQLOWATER:
5497c478bd9Sstevel@tonic-gate 			++argv;
5507c478bd9Sstevel@tonic-gate 			if (!*argv)
5517c478bd9Sstevel@tonic-gate 				exit_usage(1);
552*9e3700dfSgww 			if (!strisnum(*argv)) {
5537c478bd9Sstevel@tonic-gate 				exit_error(gettext(
5547c478bd9Sstevel@tonic-gate 				    "Invalid lowater specified."));
555*9e3700dfSgww 			}
5567c478bd9Sstevel@tonic-gate 			break;
5577c478bd9Sstevel@tonic-gate 
5587c478bd9Sstevel@tonic-gate 		case AC_ARG_SETSMASK:
5597c478bd9Sstevel@tonic-gate 		case AC_ARG_SETUMASK:
5607c478bd9Sstevel@tonic-gate 			++argv;
5617c478bd9Sstevel@tonic-gate 			if (!*argv)
5627c478bd9Sstevel@tonic-gate 				exit_usage(1);
5637c478bd9Sstevel@tonic-gate 			++argv;
5647c478bd9Sstevel@tonic-gate 			if (!*argv)
5657c478bd9Sstevel@tonic-gate 				exit_usage(1);
566*9e3700dfSgww 			str2mask(*argv, &mask);
5677c478bd9Sstevel@tonic-gate 			break;
5687c478bd9Sstevel@tonic-gate 
5697c478bd9Sstevel@tonic-gate 		case AC_ARG_GETFSIZE:
5707c478bd9Sstevel@tonic-gate 			break;
5717c478bd9Sstevel@tonic-gate 
5727c478bd9Sstevel@tonic-gate 		case AC_ARG_SETFSIZE:
5737c478bd9Sstevel@tonic-gate 			++argv;
5747c478bd9Sstevel@tonic-gate 			if (!*argv)
5757c478bd9Sstevel@tonic-gate 				exit_usage(1);
576*9e3700dfSgww 			if (!strisnum(*argv)) {
5777c478bd9Sstevel@tonic-gate 				exit_error(gettext(
5787c478bd9Sstevel@tonic-gate 				    "Invalid hiwater specified."));
579*9e3700dfSgww 			}
5807c478bd9Sstevel@tonic-gate 			break;
5817c478bd9Sstevel@tonic-gate 
5827c478bd9Sstevel@tonic-gate 		default:
5837c478bd9Sstevel@tonic-gate 			exit_error(gettext("Internal error #1."));
5847c478bd9Sstevel@tonic-gate 			break;
5857c478bd9Sstevel@tonic-gate 		}
5867c478bd9Sstevel@tonic-gate 	}
5877c478bd9Sstevel@tonic-gate }
5887c478bd9Sstevel@tonic-gate 
5897c478bd9Sstevel@tonic-gate 
5907c478bd9Sstevel@tonic-gate /*
5917c478bd9Sstevel@tonic-gate  * do_args()
5927c478bd9Sstevel@tonic-gate  *     Desc: Do command line arguments in the order in which they appear.
5937c478bd9Sstevel@tonic-gate  */
5947c478bd9Sstevel@tonic-gate static void
595*9e3700dfSgww do_args(char **argv)
5967c478bd9Sstevel@tonic-gate {
5977c478bd9Sstevel@tonic-gate 	struct arg_entry *ae;
5987c478bd9Sstevel@tonic-gate 
5997c478bd9Sstevel@tonic-gate 	for (++argv; *argv; argv++) {
6007c478bd9Sstevel@tonic-gate 		ae = get_arg_ent(*argv);
6017c478bd9Sstevel@tonic-gate 
6027c478bd9Sstevel@tonic-gate 		switch (ae->auditconfig_cmd) {
6037c478bd9Sstevel@tonic-gate 
6047c478bd9Sstevel@tonic-gate 		case AC_ARG_AUDIT:
6057c478bd9Sstevel@tonic-gate 			{
6067c478bd9Sstevel@tonic-gate 				char sorf;
6077c478bd9Sstevel@tonic-gate 				int  retval;
6087c478bd9Sstevel@tonic-gate 				char *event_name;
6097c478bd9Sstevel@tonic-gate 				char *audit_str;
6107c478bd9Sstevel@tonic-gate 
6117c478bd9Sstevel@tonic-gate 				++argv;
6127c478bd9Sstevel@tonic-gate 				event_name = *argv;
6137c478bd9Sstevel@tonic-gate 				++argv;
6147c478bd9Sstevel@tonic-gate 				sorf = (char)atoi(*argv);
6157c478bd9Sstevel@tonic-gate 				++argv;
6167c478bd9Sstevel@tonic-gate 				retval = atoi(*argv);
6177c478bd9Sstevel@tonic-gate 				++argv;
6187c478bd9Sstevel@tonic-gate 				audit_str = *argv;
6197c478bd9Sstevel@tonic-gate 				do_audit(event_name, sorf, retval, audit_str);
6207c478bd9Sstevel@tonic-gate 			}
6217c478bd9Sstevel@tonic-gate 			break;
6227c478bd9Sstevel@tonic-gate 
6237c478bd9Sstevel@tonic-gate 		case AC_ARG_CHKCONF:
6247c478bd9Sstevel@tonic-gate 			do_chkconf();
6257c478bd9Sstevel@tonic-gate 			break;
6267c478bd9Sstevel@tonic-gate 
6277c478bd9Sstevel@tonic-gate 		case AC_ARG_CONF:
6287c478bd9Sstevel@tonic-gate 			do_conf();
6297c478bd9Sstevel@tonic-gate 			break;
6307c478bd9Sstevel@tonic-gate 
6317c478bd9Sstevel@tonic-gate 		case AC_ARG_CHKACONF:
6327c478bd9Sstevel@tonic-gate 			do_chkaconf();
6337c478bd9Sstevel@tonic-gate 			break;
6347c478bd9Sstevel@tonic-gate 
6357c478bd9Sstevel@tonic-gate 		case AC_ARG_ACONF:
6367c478bd9Sstevel@tonic-gate 			do_aconf();
6377c478bd9Sstevel@tonic-gate 			break;
6387c478bd9Sstevel@tonic-gate 
6397c478bd9Sstevel@tonic-gate 		case AC_ARG_GETASID:
6407c478bd9Sstevel@tonic-gate 			do_getasid();
6417c478bd9Sstevel@tonic-gate 			break;
6427c478bd9Sstevel@tonic-gate 
6437c478bd9Sstevel@tonic-gate 		case AC_ARG_GETAUID:
6447c478bd9Sstevel@tonic-gate 			do_getauid();
6457c478bd9Sstevel@tonic-gate 			break;
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 		case AC_ARG_GETAUDIT:
6487c478bd9Sstevel@tonic-gate 			do_getaudit();
6497c478bd9Sstevel@tonic-gate 			break;
6507c478bd9Sstevel@tonic-gate 
6517c478bd9Sstevel@tonic-gate 		case AC_ARG_GETKAUDIT:
6527c478bd9Sstevel@tonic-gate 			do_getkaudit();
6537c478bd9Sstevel@tonic-gate 			break;
6547c478bd9Sstevel@tonic-gate 
6557c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCLASS:
6567c478bd9Sstevel@tonic-gate 		case AC_ARG_GETESTATE:
6577c478bd9Sstevel@tonic-gate 			++argv;
6587c478bd9Sstevel@tonic-gate 			do_getclass(*argv);
6597c478bd9Sstevel@tonic-gate 			break;
6607c478bd9Sstevel@tonic-gate 
6617c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCAR:
6627c478bd9Sstevel@tonic-gate 			do_getcar();
6637c478bd9Sstevel@tonic-gate 			break;
6647c478bd9Sstevel@tonic-gate 
6657c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCOND:
6667c478bd9Sstevel@tonic-gate 			do_getcond();
6677c478bd9Sstevel@tonic-gate 			break;
6687c478bd9Sstevel@tonic-gate 
6697c478bd9Sstevel@tonic-gate 		case AC_ARG_GETCWD:
6707c478bd9Sstevel@tonic-gate 			do_getcwd();
6717c478bd9Sstevel@tonic-gate 			break;
6727c478bd9Sstevel@tonic-gate 
6737c478bd9Sstevel@tonic-gate 		case AC_ARG_GETKMASK:
6747c478bd9Sstevel@tonic-gate 			do_getkmask();
6757c478bd9Sstevel@tonic-gate 			break;
6767c478bd9Sstevel@tonic-gate 
6777c478bd9Sstevel@tonic-gate 		case AC_ARG_GETPOLICY:
6787c478bd9Sstevel@tonic-gate 			do_getpolicy();
6797c478bd9Sstevel@tonic-gate 			break;
6807c478bd9Sstevel@tonic-gate 
6817c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQBUFSZ:
6827c478bd9Sstevel@tonic-gate 			do_getqbufsz();
6837c478bd9Sstevel@tonic-gate 			break;
6847c478bd9Sstevel@tonic-gate 
6857c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQCTRL:
6867c478bd9Sstevel@tonic-gate 			do_getqctrl();
6877c478bd9Sstevel@tonic-gate 			break;
6887c478bd9Sstevel@tonic-gate 
6897c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQDELAY:
6907c478bd9Sstevel@tonic-gate 			do_getqdelay();
6917c478bd9Sstevel@tonic-gate 			break;
6927c478bd9Sstevel@tonic-gate 
6937c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQHIWATER:
6947c478bd9Sstevel@tonic-gate 			do_getqhiwater();
6957c478bd9Sstevel@tonic-gate 			break;
6967c478bd9Sstevel@tonic-gate 
6977c478bd9Sstevel@tonic-gate 		case AC_ARG_GETQLOWATER:
6987c478bd9Sstevel@tonic-gate 			do_getqlowater();
6997c478bd9Sstevel@tonic-gate 			break;
7007c478bd9Sstevel@tonic-gate 
7017c478bd9Sstevel@tonic-gate 		case AC_ARG_GETSTAT:
7027c478bd9Sstevel@tonic-gate 			do_getstat();
7037c478bd9Sstevel@tonic-gate 			break;
7047c478bd9Sstevel@tonic-gate 
7057c478bd9Sstevel@tonic-gate 		case AC_ARG_GETTERMID:
7067c478bd9Sstevel@tonic-gate 			do_gettermid();
7077c478bd9Sstevel@tonic-gate 			break;
7087c478bd9Sstevel@tonic-gate 
7097c478bd9Sstevel@tonic-gate 		case AC_ARG_LSEVENT:
7107c478bd9Sstevel@tonic-gate 			do_lsevent();
7117c478bd9Sstevel@tonic-gate 			break;
7127c478bd9Sstevel@tonic-gate 
7137c478bd9Sstevel@tonic-gate 		case AC_ARG_LSPOLICY:
7147c478bd9Sstevel@tonic-gate 			do_lspolicy();
7157c478bd9Sstevel@tonic-gate 			break;
7167c478bd9Sstevel@tonic-gate 
7177c478bd9Sstevel@tonic-gate 		case AC_ARG_SETASID:
7187c478bd9Sstevel@tonic-gate 			{
7197c478bd9Sstevel@tonic-gate 				char *sid_str;
7207c478bd9Sstevel@tonic-gate 
7217c478bd9Sstevel@tonic-gate 				++argv;
7227c478bd9Sstevel@tonic-gate 				sid_str = *argv;
7237c478bd9Sstevel@tonic-gate 				++argv;
7247c478bd9Sstevel@tonic-gate 				do_setasid(sid_str, argv);
7257c478bd9Sstevel@tonic-gate 			}
7267c478bd9Sstevel@tonic-gate 			break;
7277c478bd9Sstevel@tonic-gate 
7287c478bd9Sstevel@tonic-gate 		case AC_ARG_SETAUID:
7297c478bd9Sstevel@tonic-gate 			{
7307c478bd9Sstevel@tonic-gate 				char *user;
7317c478bd9Sstevel@tonic-gate 
7327c478bd9Sstevel@tonic-gate 				++argv;
7337c478bd9Sstevel@tonic-gate 				user = *argv;
7347c478bd9Sstevel@tonic-gate 				++argv;
7357c478bd9Sstevel@tonic-gate 				do_setauid(user, argv);
7367c478bd9Sstevel@tonic-gate 			}
7377c478bd9Sstevel@tonic-gate 			break;
7387c478bd9Sstevel@tonic-gate 
7397c478bd9Sstevel@tonic-gate 		case AC_ARG_SETAUDIT:
7407c478bd9Sstevel@tonic-gate 			{
7417c478bd9Sstevel@tonic-gate 				char *user_str;
7427c478bd9Sstevel@tonic-gate 				char *mask_str;
7437c478bd9Sstevel@tonic-gate 				char *tid_str;
7447c478bd9Sstevel@tonic-gate 				char *sid_str;
7457c478bd9Sstevel@tonic-gate 
7467c478bd9Sstevel@tonic-gate 				++argv;
7477c478bd9Sstevel@tonic-gate 				user_str = *argv;
7487c478bd9Sstevel@tonic-gate 				++argv;
7497c478bd9Sstevel@tonic-gate 				mask_str = *argv;
7507c478bd9Sstevel@tonic-gate 				++argv;
7517c478bd9Sstevel@tonic-gate 				tid_str = *argv;
7527c478bd9Sstevel@tonic-gate 				++argv;
7537c478bd9Sstevel@tonic-gate 				sid_str = *argv;
7547c478bd9Sstevel@tonic-gate 				++argv;
7557c478bd9Sstevel@tonic-gate 				do_setaudit(user_str, mask_str,
7567c478bd9Sstevel@tonic-gate 				    tid_str, sid_str, argv);
7577c478bd9Sstevel@tonic-gate 			}
7587c478bd9Sstevel@tonic-gate 			break;
7597c478bd9Sstevel@tonic-gate 
7607c478bd9Sstevel@tonic-gate 		case AC_ARG_SETKAUDIT:
7617c478bd9Sstevel@tonic-gate 			{
7627c478bd9Sstevel@tonic-gate 				char *address_type, *address;
7637c478bd9Sstevel@tonic-gate 
7647c478bd9Sstevel@tonic-gate 				++argv; address_type = *argv;
7657c478bd9Sstevel@tonic-gate 				++argv; address = *argv;
7667c478bd9Sstevel@tonic-gate 				do_setkaudit(address_type, address);
7677c478bd9Sstevel@tonic-gate 			}
7687c478bd9Sstevel@tonic-gate 			break;
7697c478bd9Sstevel@tonic-gate 
7707c478bd9Sstevel@tonic-gate 		case AC_ARG_SETCLASS:
7717c478bd9Sstevel@tonic-gate 			{
7727c478bd9Sstevel@tonic-gate 				char *event_str, *audit_flags;
7737c478bd9Sstevel@tonic-gate 
7747c478bd9Sstevel@tonic-gate 				++argv; event_str = *argv;
7757c478bd9Sstevel@tonic-gate 				++argv; audit_flags = *argv;
7767c478bd9Sstevel@tonic-gate 				do_setclass(event_str, audit_flags);
7777c478bd9Sstevel@tonic-gate 			}
7787c478bd9Sstevel@tonic-gate 			break;
7797c478bd9Sstevel@tonic-gate 
7807c478bd9Sstevel@tonic-gate 		case AC_ARG_SETKMASK:
7817c478bd9Sstevel@tonic-gate 			++argv;
7827c478bd9Sstevel@tonic-gate 			do_setkmask(*argv);
7837c478bd9Sstevel@tonic-gate 			break;
7847c478bd9Sstevel@tonic-gate 
7857c478bd9Sstevel@tonic-gate 		case AC_ARG_SETPOLICY:
7867c478bd9Sstevel@tonic-gate 			++argv;
7877c478bd9Sstevel@tonic-gate 			do_setpolicy(*argv);
7887c478bd9Sstevel@tonic-gate 			break;
7897c478bd9Sstevel@tonic-gate 
7907c478bd9Sstevel@tonic-gate 		case AC_ARG_GETPINFO:
7917c478bd9Sstevel@tonic-gate 			{
7927c478bd9Sstevel@tonic-gate 				char *pid_str;
7937c478bd9Sstevel@tonic-gate 
7947c478bd9Sstevel@tonic-gate 				++argv;
7957c478bd9Sstevel@tonic-gate 				pid_str = *argv;
7967c478bd9Sstevel@tonic-gate 				do_getpinfo(pid_str);
7977c478bd9Sstevel@tonic-gate 			}
7987c478bd9Sstevel@tonic-gate 			break;
7997c478bd9Sstevel@tonic-gate 
8007c478bd9Sstevel@tonic-gate 		case AC_ARG_SETPMASK:
8017c478bd9Sstevel@tonic-gate 			{
8027c478bd9Sstevel@tonic-gate 				char *pid_str;
8037c478bd9Sstevel@tonic-gate 				char *audit_flags;
8047c478bd9Sstevel@tonic-gate 
8057c478bd9Sstevel@tonic-gate 				++argv;
8067c478bd9Sstevel@tonic-gate 				pid_str = *argv;
8077c478bd9Sstevel@tonic-gate 				++argv;
8087c478bd9Sstevel@tonic-gate 				audit_flags = *argv;
8097c478bd9Sstevel@tonic-gate 				do_setpmask(pid_str, audit_flags);
8107c478bd9Sstevel@tonic-gate 			}
8117c478bd9Sstevel@tonic-gate 			break;
8127c478bd9Sstevel@tonic-gate 
8137c478bd9Sstevel@tonic-gate 		case AC_ARG_SETSTAT:
8147c478bd9Sstevel@tonic-gate 			do_setstat();
8157c478bd9Sstevel@tonic-gate 			break;
8167c478bd9Sstevel@tonic-gate 
8177c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQBUFSZ:
8187c478bd9Sstevel@tonic-gate 			++argv;
8197c478bd9Sstevel@tonic-gate 			do_setqbufsz(*argv);
8207c478bd9Sstevel@tonic-gate 			break;
8217c478bd9Sstevel@tonic-gate 
8227c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQCTRL:
8237c478bd9Sstevel@tonic-gate 			{
8247c478bd9Sstevel@tonic-gate 				char *hiwater, *lowater, *bufsz, *delay;
8257c478bd9Sstevel@tonic-gate 
8267c478bd9Sstevel@tonic-gate 				++argv; hiwater = *argv;
8277c478bd9Sstevel@tonic-gate 				++argv; lowater = *argv;
8287c478bd9Sstevel@tonic-gate 				++argv; bufsz = *argv;
8297c478bd9Sstevel@tonic-gate 				++argv; delay = *argv;
8307c478bd9Sstevel@tonic-gate 				do_setqctrl(hiwater, lowater, bufsz, delay);
8317c478bd9Sstevel@tonic-gate 			}
8327c478bd9Sstevel@tonic-gate 			break;
8337c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQDELAY:
8347c478bd9Sstevel@tonic-gate 			++argv;
8357c478bd9Sstevel@tonic-gate 			do_setqdelay(*argv);
8367c478bd9Sstevel@tonic-gate 			break;
8377c478bd9Sstevel@tonic-gate 
8387c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQHIWATER:
8397c478bd9Sstevel@tonic-gate 			++argv;
8407c478bd9Sstevel@tonic-gate 			do_setqhiwater(*argv);
8417c478bd9Sstevel@tonic-gate 			break;
8427c478bd9Sstevel@tonic-gate 
8437c478bd9Sstevel@tonic-gate 		case AC_ARG_SETQLOWATER:
8447c478bd9Sstevel@tonic-gate 			++argv;
8457c478bd9Sstevel@tonic-gate 			do_setqlowater(*argv);
8467c478bd9Sstevel@tonic-gate 			break;
8477c478bd9Sstevel@tonic-gate 
8487c478bd9Sstevel@tonic-gate 		case AC_ARG_SETSMASK:
8497c478bd9Sstevel@tonic-gate 			{
8507c478bd9Sstevel@tonic-gate 				char *asid_str;
8517c478bd9Sstevel@tonic-gate 				char *audit_flags;
8527c478bd9Sstevel@tonic-gate 
8537c478bd9Sstevel@tonic-gate 				++argv;
8547c478bd9Sstevel@tonic-gate 				asid_str = *argv;
8557c478bd9Sstevel@tonic-gate 				++argv;
8567c478bd9Sstevel@tonic-gate 				audit_flags = *argv;
8577c478bd9Sstevel@tonic-gate 				do_setsmask(asid_str, audit_flags);
8587c478bd9Sstevel@tonic-gate 			}
8597c478bd9Sstevel@tonic-gate 			break;
8607c478bd9Sstevel@tonic-gate 		case AC_ARG_SETUMASK:
8617c478bd9Sstevel@tonic-gate 			{
8627c478bd9Sstevel@tonic-gate 				char *auid_str;
8637c478bd9Sstevel@tonic-gate 				char *audit_flags;
8647c478bd9Sstevel@tonic-gate 
8657c478bd9Sstevel@tonic-gate 				++argv;
8667c478bd9Sstevel@tonic-gate 				auid_str = *argv;
8677c478bd9Sstevel@tonic-gate 				++argv;
8687c478bd9Sstevel@tonic-gate 				audit_flags = *argv;
8697c478bd9Sstevel@tonic-gate 				do_setumask(auid_str, audit_flags);
8707c478bd9Sstevel@tonic-gate 			}
8717c478bd9Sstevel@tonic-gate 			break;
8727c478bd9Sstevel@tonic-gate 		case AC_ARG_GETFSIZE:
8737c478bd9Sstevel@tonic-gate 			do_getfsize();
8747c478bd9Sstevel@tonic-gate 			break;
8757c478bd9Sstevel@tonic-gate 		case AC_ARG_SETFSIZE:
8767c478bd9Sstevel@tonic-gate 			++argv;
8777c478bd9Sstevel@tonic-gate 			do_setfsize(*argv);
8787c478bd9Sstevel@tonic-gate 			break;
8797c478bd9Sstevel@tonic-gate 
8807c478bd9Sstevel@tonic-gate 		default:
8817c478bd9Sstevel@tonic-gate 			exit_error(gettext("Internal error #2."));
8827c478bd9Sstevel@tonic-gate 			break;
8837c478bd9Sstevel@tonic-gate 		}
8847c478bd9Sstevel@tonic-gate 	}
8857c478bd9Sstevel@tonic-gate }
8867c478bd9Sstevel@tonic-gate 
8877c478bd9Sstevel@tonic-gate /*
8887c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
8897c478bd9Sstevel@tonic-gate  * set.
8907c478bd9Sstevel@tonic-gate  */
8917c478bd9Sstevel@tonic-gate 
8927c478bd9Sstevel@tonic-gate static void
893*9e3700dfSgww do_chkconf(void)
8947c478bd9Sstevel@tonic-gate {
8957c478bd9Sstevel@tonic-gate 	register au_event_ent_t *evp;
8967c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
8977c478bd9Sstevel@tonic-gate 	char conf_aflags[256];
8987c478bd9Sstevel@tonic-gate 	char run_aflags[256];
8997c478bd9Sstevel@tonic-gate 	au_stat_t as;
9007c478bd9Sstevel@tonic-gate 	int class;
9017c478bd9Sstevel@tonic-gate 	int			len;
9027c478bd9Sstevel@tonic-gate 	struct au_evclass_map	cmap;
9037c478bd9Sstevel@tonic-gate 
9047c478bd9Sstevel@tonic-gate 	pmask.am_success = pmask.am_failure = 0;
9057c478bd9Sstevel@tonic-gate 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
9067c478bd9Sstevel@tonic-gate 
9077c478bd9Sstevel@tonic-gate 	setauevent();
908*9e3700dfSgww 	if (getauevent() == NULL) {
9097c478bd9Sstevel@tonic-gate 		(void) exit_error(gettext(
910*9e3700dfSgww 		    "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE);
9117c478bd9Sstevel@tonic-gate 	}
9127c478bd9Sstevel@tonic-gate 
9137c478bd9Sstevel@tonic-gate 	setauevent();
914*9e3700dfSgww 	while ((evp = getauevent()) != NULL) {
9157c478bd9Sstevel@tonic-gate 		cmap.ec_number = evp->ae_number;
9167c478bd9Sstevel@tonic-gate 		len = sizeof (struct au_evclass_map);
917*9e3700dfSgww 		if (evp->ae_number <= as.as_numevent) {
9187c478bd9Sstevel@tonic-gate 			if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) {
9197c478bd9Sstevel@tonic-gate 				(void) printf("%s(%d):%s",
920*9e3700dfSgww 				    evp->ae_name, evp->ae_number,
921*9e3700dfSgww 				    gettext("UNKNOWN EVENT: Could not get "
922*9e3700dfSgww 				    "class for event. Configuration may "
923*9e3700dfSgww 				    "be bad.\n"));
9247c478bd9Sstevel@tonic-gate 			} else {
9257c478bd9Sstevel@tonic-gate 				class = cmap.ec_class;
9267c478bd9Sstevel@tonic-gate 				if (class != evp->ae_class) {
9277c478bd9Sstevel@tonic-gate 					conf_aflags[0] = run_aflags[0] = '\0';
9287c478bd9Sstevel@tonic-gate 					pmask.am_success = class;
9297c478bd9Sstevel@tonic-gate 					pmask.am_failure = class;
9307c478bd9Sstevel@tonic-gate 					(void) getauditflagschar(run_aflags,
9317c478bd9Sstevel@tonic-gate 						&pmask, 0);
9327c478bd9Sstevel@tonic-gate 					pmask.am_success = evp->ae_class;
9337c478bd9Sstevel@tonic-gate 					pmask.am_failure = evp->ae_class;
9347c478bd9Sstevel@tonic-gate 					(void) getauditflagschar(conf_aflags,
9357c478bd9Sstevel@tonic-gate 						&pmask, 0);
9367c478bd9Sstevel@tonic-gate 
9377c478bd9Sstevel@tonic-gate 					(void) printf(gettext(
938*9e3700dfSgww 					    "%s(%d): CLASS MISMATCH: "
939*9e3700dfSgww 					    "runtime class (%s) != "
940*9e3700dfSgww 					    "configured class (%s)\n"),
9417c478bd9Sstevel@tonic-gate 					    evp->ae_name, evp->ae_number,
942*9e3700dfSgww 					    NONE(run_aflags),
943*9e3700dfSgww 					    NONE(conf_aflags));
944*9e3700dfSgww 				}
9457c478bd9Sstevel@tonic-gate 			}
9467c478bd9Sstevel@tonic-gate 		}
9477c478bd9Sstevel@tonic-gate 	}
9487c478bd9Sstevel@tonic-gate 	endauevent();
9497c478bd9Sstevel@tonic-gate }
9507c478bd9Sstevel@tonic-gate 
9517c478bd9Sstevel@tonic-gate /*
9527c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
9537c478bd9Sstevel@tonic-gate  * set.
9547c478bd9Sstevel@tonic-gate  */
9557c478bd9Sstevel@tonic-gate static void
956*9e3700dfSgww do_conf(void)
9577c478bd9Sstevel@tonic-gate {
9587c478bd9Sstevel@tonic-gate 	register au_event_ent_t *evp;
9597c478bd9Sstevel@tonic-gate 	register int i;
9607c478bd9Sstevel@tonic-gate 	au_evclass_map_t ec;
9617c478bd9Sstevel@tonic-gate 	au_stat_t as;
9627c478bd9Sstevel@tonic-gate 
9637c478bd9Sstevel@tonic-gate 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
9647c478bd9Sstevel@tonic-gate 
9657c478bd9Sstevel@tonic-gate 	i = 0;
9667c478bd9Sstevel@tonic-gate 	setauevent();
967*9e3700dfSgww 	while ((evp = getauevent()) != NULL) {
9687c478bd9Sstevel@tonic-gate 		if (evp->ae_number <= as.as_numevent) {
9697c478bd9Sstevel@tonic-gate 			++i;
9707c478bd9Sstevel@tonic-gate 			ec.ec_number = evp->ae_number;
9717c478bd9Sstevel@tonic-gate 			ec.ec_class = evp->ae_class;
9727c478bd9Sstevel@tonic-gate 			eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec));
9737c478bd9Sstevel@tonic-gate 		}
9747c478bd9Sstevel@tonic-gate 	}
9757c478bd9Sstevel@tonic-gate 	endauevent();
9767c478bd9Sstevel@tonic-gate 	(void) printf(gettext("Configured %d kernel events.\n"), i);
9777c478bd9Sstevel@tonic-gate 
9787c478bd9Sstevel@tonic-gate }
9797c478bd9Sstevel@tonic-gate 
9807c478bd9Sstevel@tonic-gate /*
9817c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
9827c478bd9Sstevel@tonic-gate  * set.
9837c478bd9Sstevel@tonic-gate  */
9847c478bd9Sstevel@tonic-gate 
9857c478bd9Sstevel@tonic-gate static void
986*9e3700dfSgww do_chkaconf(void)
9877c478bd9Sstevel@tonic-gate {
9887c478bd9Sstevel@tonic-gate 	char buf[1024];
9897c478bd9Sstevel@tonic-gate 	au_mask_t pmask, kmask;
9907c478bd9Sstevel@tonic-gate 
9917c478bd9Sstevel@tonic-gate 	if (getacna(buf, sizeof (buf)) < 0) {
9927c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
9937c478bd9Sstevel@tonic-gate 		    gettext("bad non-attributable flags in audit_control\n"));
9947c478bd9Sstevel@tonic-gate 		exit(1);
9957c478bd9Sstevel@tonic-gate 	}
9967c478bd9Sstevel@tonic-gate 
9977c478bd9Sstevel@tonic-gate 	if (getauditflagsbin(buf, &pmask) < 0) {
9987c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
9997c478bd9Sstevel@tonic-gate 		    gettext("bad audit flag value encountered\n"));
10007c478bd9Sstevel@tonic-gate 		exit(1);
10017c478bd9Sstevel@tonic-gate 	}
10027c478bd9Sstevel@tonic-gate 
10037c478bd9Sstevel@tonic-gate 	eauditon(A_GETKMASK, (caddr_t)&kmask, (int)sizeof (kmask));
10047c478bd9Sstevel@tonic-gate 
10057c478bd9Sstevel@tonic-gate 	if ((pmask.am_success != kmask.am_success) ||
10067c478bd9Sstevel@tonic-gate 	    (pmask.am_failure != kmask.am_failure)) {
10077c478bd9Sstevel@tonic-gate 		char kbuf[2048];
10087c478bd9Sstevel@tonic-gate 		if (getauditflagschar(kbuf, &kmask, 0) < 0) {
10097c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr,
10107c478bd9Sstevel@tonic-gate 			    gettext("bad kernel non-attributable mask\n"));
10117c478bd9Sstevel@tonic-gate 			exit(1);
10127c478bd9Sstevel@tonic-gate 		}
10137c478bd9Sstevel@tonic-gate 		(void) printf(gettext("non-attributable event mismatch "));
10147c478bd9Sstevel@tonic-gate 		(void) printf(gettext("audit_control(%s) kernel(%s)\n"),
10157c478bd9Sstevel@tonic-gate 		    buf, kbuf);
10167c478bd9Sstevel@tonic-gate 	}
10177c478bd9Sstevel@tonic-gate }
10187c478bd9Sstevel@tonic-gate 
10197c478bd9Sstevel@tonic-gate /*
10207c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
10217c478bd9Sstevel@tonic-gate  * set.
10227c478bd9Sstevel@tonic-gate  */
10237c478bd9Sstevel@tonic-gate 
10247c478bd9Sstevel@tonic-gate static void
1025*9e3700dfSgww do_aconf(void)
10267c478bd9Sstevel@tonic-gate {
10277c478bd9Sstevel@tonic-gate 	char buf[2048];
10287c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
10297c478bd9Sstevel@tonic-gate 
10307c478bd9Sstevel@tonic-gate 	if (getacna(buf, sizeof (buf)) < 0) {
10317c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
10327c478bd9Sstevel@tonic-gate 		    gettext("bad non-attributable flags in audit_control\n"));
10337c478bd9Sstevel@tonic-gate 		exit(1);
10347c478bd9Sstevel@tonic-gate 	}
10357c478bd9Sstevel@tonic-gate 
10367c478bd9Sstevel@tonic-gate 	if (getauditflagsbin(buf, &pmask) < 0) {
10377c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
10387c478bd9Sstevel@tonic-gate 		    gettext("bad audit flag value encountered\n"));
10397c478bd9Sstevel@tonic-gate 		exit(1);
10407c478bd9Sstevel@tonic-gate 	}
10417c478bd9Sstevel@tonic-gate 
10427c478bd9Sstevel@tonic-gate 	eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
10437c478bd9Sstevel@tonic-gate 	(void) printf(gettext("Configured non-attributable events.\n"));
10447c478bd9Sstevel@tonic-gate }
10457c478bd9Sstevel@tonic-gate 
10467c478bd9Sstevel@tonic-gate static void
1047*9e3700dfSgww do_audit(char *event, char sorf, int retval, char *audit_str)
10487c478bd9Sstevel@tonic-gate {
10497c478bd9Sstevel@tonic-gate 	int rtn;
10507c478bd9Sstevel@tonic-gate 	int rd;
10517c478bd9Sstevel@tonic-gate 	au_event_t event_num;
10527c478bd9Sstevel@tonic-gate 	au_event_ent_t *evp;
10537c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
10547c478bd9Sstevel@tonic-gate 	token_t *tokp;
10557c478bd9Sstevel@tonic-gate 
10567c478bd9Sstevel@tonic-gate 	egetaudit(&ai, sizeof (ai));
10577c478bd9Sstevel@tonic-gate 
10587c478bd9Sstevel@tonic-gate 	if (strisnum(event)) {
10597c478bd9Sstevel@tonic-gate 		event_num = (au_event_t)atoi(event);
10607c478bd9Sstevel@tonic-gate 		evp = egetauevnum(event_num);
1061*9e3700dfSgww 	} else {
10627c478bd9Sstevel@tonic-gate 		evp = egetauevnam(event);
1063*9e3700dfSgww 	}
10647c478bd9Sstevel@tonic-gate 
10657c478bd9Sstevel@tonic-gate 	rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf,
10667c478bd9Sstevel@tonic-gate 	    AU_PRS_USECACHE);
10677c478bd9Sstevel@tonic-gate 
1068*9e3700dfSgww 	if (rtn == -1) {
10697c478bd9Sstevel@tonic-gate 		exit_error("%s\n%s %d\n",
10707c478bd9Sstevel@tonic-gate 		    gettext("Check audit event configuration."),
10717c478bd9Sstevel@tonic-gate 		    gettext("Could not get audit class for event number"),
10727c478bd9Sstevel@tonic-gate 		    evp->ae_number);
1073*9e3700dfSgww 	}
10747c478bd9Sstevel@tonic-gate 
10757c478bd9Sstevel@tonic-gate 	/* record is preselected */
10767c478bd9Sstevel@tonic-gate 	if (rtn == 1) {
1077*9e3700dfSgww 		if ((rd = au_open()) == -1) {
1078*9e3700dfSgww 			exit_error(gettext("Could not get and audit record "
1079*9e3700dfSgww 			    "descriptor\n"));
1080*9e3700dfSgww 		}
1081*9e3700dfSgww 		if ((tokp = au_to_me()) == NULL) {
1082*9e3700dfSgww 			exit_error(gettext("Could not allocate subject "
1083*9e3700dfSgww 			    "token\n"));
1084*9e3700dfSgww 		}
1085*9e3700dfSgww 		if (au_write(rd, tokp) == -1) {
1086*9e3700dfSgww 			exit_error(gettext("Could not construct subject "
1087*9e3700dfSgww 			    "token of audit record\n"));
1088*9e3700dfSgww 		}
1089*9e3700dfSgww 		if (is_system_labeled()) {
1090*9e3700dfSgww 			if ((tokp = au_to_mylabel()) == NULL) {
1091*9e3700dfSgww 				exit_error(gettext("Could not allocate "
1092*9e3700dfSgww 				    "label token\n"));
1093*9e3700dfSgww 			}
1094*9e3700dfSgww 			if (au_write(rd, tokp) == -1) {
1095*9e3700dfSgww 				exit_error(gettext("Could not construct "
1096*9e3700dfSgww 				    "label token of audit record\n"));
1097*9e3700dfSgww 			}
109845916cd2Sjpk 		}
109945916cd2Sjpk 
1100*9e3700dfSgww 		if ((tokp = au_to_text(audit_str)) == NULL)
11017c478bd9Sstevel@tonic-gate 			exit_error(gettext("Could not allocate text token\n"));
11027c478bd9Sstevel@tonic-gate 		if (au_write(rd, tokp) == -1)
1103*9e3700dfSgww 			exit_error(gettext("Could not construct text token of "
1104*9e3700dfSgww 			    "audit record\n"));
11057c478bd9Sstevel@tonic-gate #ifdef _LP64
1106*9e3700dfSgww 		if ((tokp = au_to_return64(sorf, retval)) == NULL)
11077c478bd9Sstevel@tonic-gate #else
1108*9e3700dfSgww 		if ((tokp = au_to_return32(sorf, retval)) == NULL)
11097c478bd9Sstevel@tonic-gate #endif
1110*9e3700dfSgww 			exit_error(gettext("Could not allocate return "
1111*9e3700dfSgww 			    "token\n"));
1112*9e3700dfSgww 		if (au_write(rd, tokp) == -1) {
1113*9e3700dfSgww 			exit_error(gettext("Could not construct return token "
1114*9e3700dfSgww 			    "of audit record\n"));
1115*9e3700dfSgww 		}
1116*9e3700dfSgww 		if (au_close(rd, 1, evp->ae_number) == -1) {
1117*9e3700dfSgww 			exit_error(gettext("Could not write audit record: "
1118*9e3700dfSgww 			    "%s\n"), strerror(errno));
1119*9e3700dfSgww 		}
11207c478bd9Sstevel@tonic-gate 	}
11217c478bd9Sstevel@tonic-gate }
11227c478bd9Sstevel@tonic-gate 
11237c478bd9Sstevel@tonic-gate static void
1124*9e3700dfSgww do_getauid(void)
11257c478bd9Sstevel@tonic-gate {
11267c478bd9Sstevel@tonic-gate 	au_id_t auid;
11277c478bd9Sstevel@tonic-gate 
11287c478bd9Sstevel@tonic-gate 	egetauid(&auid);
11297c478bd9Sstevel@tonic-gate 	print_auid(auid);
11307c478bd9Sstevel@tonic-gate }
11317c478bd9Sstevel@tonic-gate 
11327c478bd9Sstevel@tonic-gate static void
1133*9e3700dfSgww do_getaudit(void)
11347c478bd9Sstevel@tonic-gate {
11357c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
11367c478bd9Sstevel@tonic-gate 
11377c478bd9Sstevel@tonic-gate 	egetaudit(&ai, sizeof (ai));
11387c478bd9Sstevel@tonic-gate 	print_auid(ai.ai_auid);
11397c478bd9Sstevel@tonic-gate 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
11407c478bd9Sstevel@tonic-gate 	print_tid_ex(&ai.ai_termid);
11417c478bd9Sstevel@tonic-gate 	print_asid(ai.ai_asid);
11427c478bd9Sstevel@tonic-gate }
11437c478bd9Sstevel@tonic-gate 
11447c478bd9Sstevel@tonic-gate static void
1145*9e3700dfSgww do_getkaudit(void)
11467c478bd9Sstevel@tonic-gate {
11477c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
11487c478bd9Sstevel@tonic-gate 
11497c478bd9Sstevel@tonic-gate 	egetkaudit(&ai, sizeof (ai));
11507c478bd9Sstevel@tonic-gate 	print_auid(ai.ai_auid);
11517c478bd9Sstevel@tonic-gate 	print_mask(gettext("process preselection mask"), &ai.ai_mask);
11527c478bd9Sstevel@tonic-gate 	print_tid_ex(&ai.ai_termid);
11537c478bd9Sstevel@tonic-gate 	print_asid(ai.ai_asid);
11547c478bd9Sstevel@tonic-gate }
11557c478bd9Sstevel@tonic-gate 
11567c478bd9Sstevel@tonic-gate /*
11577c478bd9Sstevel@tonic-gate  * per zone if AUDIT_PERZONE set, else only in global zone.
11587c478bd9Sstevel@tonic-gate  */
11597c478bd9Sstevel@tonic-gate 
11607c478bd9Sstevel@tonic-gate static void
1161*9e3700dfSgww do_setkaudit(char *t, char *s)
11627c478bd9Sstevel@tonic-gate {
11637c478bd9Sstevel@tonic-gate 	uint_t type;
11647c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
11657c478bd9Sstevel@tonic-gate 
11667c478bd9Sstevel@tonic-gate 	egetkaudit(&ai, sizeof (ai));
11677c478bd9Sstevel@tonic-gate 	(void) str2type(t, &type);
11687c478bd9Sstevel@tonic-gate 	(void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type);
11697c478bd9Sstevel@tonic-gate 	ai.ai_termid.at_type = type;
11707c478bd9Sstevel@tonic-gate 	esetkaudit(&ai, sizeof (ai));
11717c478bd9Sstevel@tonic-gate }
11727c478bd9Sstevel@tonic-gate 
11737c478bd9Sstevel@tonic-gate /*
11747c478bd9Sstevel@tonic-gate  * returns zone-relative root
11757c478bd9Sstevel@tonic-gate  */
11767c478bd9Sstevel@tonic-gate 
11777c478bd9Sstevel@tonic-gate static void
1178*9e3700dfSgww do_getcar(void)
11797c478bd9Sstevel@tonic-gate {
11807c478bd9Sstevel@tonic-gate 	char path[MAXPATHLEN];
11817c478bd9Sstevel@tonic-gate 
11827c478bd9Sstevel@tonic-gate 	eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path));
11837c478bd9Sstevel@tonic-gate 	(void) printf(gettext("current active root = %s\n"), path);
11847c478bd9Sstevel@tonic-gate }
11857c478bd9Sstevel@tonic-gate 
11867c478bd9Sstevel@tonic-gate /*
11877c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
11887c478bd9Sstevel@tonic-gate  * set.
11897c478bd9Sstevel@tonic-gate  */
11907c478bd9Sstevel@tonic-gate 
11917c478bd9Sstevel@tonic-gate static void
1192*9e3700dfSgww do_getclass(char *event_str)
11937c478bd9Sstevel@tonic-gate {
11947c478bd9Sstevel@tonic-gate 	au_evclass_map_t ec;
11957c478bd9Sstevel@tonic-gate 	au_event_ent_t *evp;
11967c478bd9Sstevel@tonic-gate 	au_event_t event_number;
11977c478bd9Sstevel@tonic-gate 	char *event_name;
11987c478bd9Sstevel@tonic-gate 
11997c478bd9Sstevel@tonic-gate 	if (strisnum(event_str)) {
12007c478bd9Sstevel@tonic-gate 		event_number = atol(event_str);
1201*9e3700dfSgww 		if ((evp = egetauevnum(event_number)) != NULL) {
12027c478bd9Sstevel@tonic-gate 			event_number = evp->ae_number;
12037c478bd9Sstevel@tonic-gate 			event_name = evp->ae_name;
1204*9e3700dfSgww 		} else {
12057c478bd9Sstevel@tonic-gate 			event_name = gettext("unknown");
1206*9e3700dfSgww 		}
12077c478bd9Sstevel@tonic-gate 	} else {
12087c478bd9Sstevel@tonic-gate 		event_name = event_str;
1209*9e3700dfSgww 		if ((evp = egetauevnam(event_str)) != NULL) {
12107c478bd9Sstevel@tonic-gate 			event_number = evp->ae_number;
12117c478bd9Sstevel@tonic-gate 		}
1212*9e3700dfSgww 	}
12137c478bd9Sstevel@tonic-gate 
12147c478bd9Sstevel@tonic-gate 	ec.ec_number = event_number;
12157c478bd9Sstevel@tonic-gate 	eauditon(A_GETCLASS, (caddr_t)&ec, 0);
12167c478bd9Sstevel@tonic-gate 
1217*9e3700dfSgww 	(void) printf(gettext("audit class mask for event %s(%d) = 0x%x\n"),
1218*9e3700dfSgww 	    event_name, event_number, ec.ec_class);
12197c478bd9Sstevel@tonic-gate }
12207c478bd9Sstevel@tonic-gate 
12217c478bd9Sstevel@tonic-gate /*
12227c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
12237c478bd9Sstevel@tonic-gate  * set.  (AUC_DISABLED is always global, the other states are per zone
12247c478bd9Sstevel@tonic-gate  * if AUDIT_PERZONE is set)
12257c478bd9Sstevel@tonic-gate  */
12267c478bd9Sstevel@tonic-gate 
12277c478bd9Sstevel@tonic-gate static void
1228*9e3700dfSgww do_getcond(void)
12297c478bd9Sstevel@tonic-gate {
1230*9e3700dfSgww 	(void) printf(gettext("audit condition = %s\n"), cond2str());
12317c478bd9Sstevel@tonic-gate }
12327c478bd9Sstevel@tonic-gate 
12337c478bd9Sstevel@tonic-gate /*
12347c478bd9Sstevel@tonic-gate  * returned path is relative to zone root
12357c478bd9Sstevel@tonic-gate  */
12367c478bd9Sstevel@tonic-gate 
12377c478bd9Sstevel@tonic-gate static void
1238*9e3700dfSgww do_getcwd(void)
12397c478bd9Sstevel@tonic-gate {
12407c478bd9Sstevel@tonic-gate 	char path[MAXPATHLEN];
12417c478bd9Sstevel@tonic-gate 
12427c478bd9Sstevel@tonic-gate 	eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path));
12437c478bd9Sstevel@tonic-gate 	(void) printf(gettext("current working directory = %s\n"), path);
12447c478bd9Sstevel@tonic-gate }
12457c478bd9Sstevel@tonic-gate 
12467c478bd9Sstevel@tonic-gate /*
12477c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
12487c478bd9Sstevel@tonic-gate  * set.
12497c478bd9Sstevel@tonic-gate  */
12507c478bd9Sstevel@tonic-gate 
12517c478bd9Sstevel@tonic-gate static void
1252*9e3700dfSgww do_getkmask(void)
12537c478bd9Sstevel@tonic-gate {
12547c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
12557c478bd9Sstevel@tonic-gate 
12567c478bd9Sstevel@tonic-gate 	eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
12577c478bd9Sstevel@tonic-gate 	print_mask(gettext("audit flags for non-attributable events"), &pmask);
12587c478bd9Sstevel@tonic-gate }
12597c478bd9Sstevel@tonic-gate 
12607c478bd9Sstevel@tonic-gate /*
12617c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
12627c478bd9Sstevel@tonic-gate  * set. (some policies can only be set from the global zone, but all
12637c478bd9Sstevel@tonic-gate  * can be read from anywhere.)
12647c478bd9Sstevel@tonic-gate  */
12657c478bd9Sstevel@tonic-gate 
12667c478bd9Sstevel@tonic-gate static void
1267*9e3700dfSgww do_getpolicy(void)
12687c478bd9Sstevel@tonic-gate {
12697c478bd9Sstevel@tonic-gate 	char policy_str[1024];
12707c478bd9Sstevel@tonic-gate 	uint_t policy;
12717c478bd9Sstevel@tonic-gate 
12727c478bd9Sstevel@tonic-gate 	eauditon(A_GETPOLICY, (caddr_t)&policy, 0);
12737c478bd9Sstevel@tonic-gate 	(void) policy2str(policy, policy_str, sizeof (policy_str));
12747c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit policies = %s\n"), policy_str);
12757c478bd9Sstevel@tonic-gate }
12767c478bd9Sstevel@tonic-gate 
12777c478bd9Sstevel@tonic-gate static void
1278*9e3700dfSgww do_getpinfo(char *pid_str)
12797c478bd9Sstevel@tonic-gate {
12807c478bd9Sstevel@tonic-gate 	struct auditpinfo_addr ap;
12817c478bd9Sstevel@tonic-gate 
12827c478bd9Sstevel@tonic-gate 	if (strisnum(pid_str))
12837c478bd9Sstevel@tonic-gate 		ap.ap_pid = (pid_t)atoi(pid_str);
12847c478bd9Sstevel@tonic-gate 	else
12857c478bd9Sstevel@tonic-gate 		exit_usage(1);
12867c478bd9Sstevel@tonic-gate 
12877c478bd9Sstevel@tonic-gate 	eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap));
12887c478bd9Sstevel@tonic-gate 
12897c478bd9Sstevel@tonic-gate 	print_auid(ap.ap_auid);
12907c478bd9Sstevel@tonic-gate 	print_mask(gettext("process preselection mask"), &(ap.ap_mask));
12917c478bd9Sstevel@tonic-gate 	print_tid_ex(&(ap.ap_termid));
12927c478bd9Sstevel@tonic-gate 	print_asid(ap.ap_asid);
12937c478bd9Sstevel@tonic-gate }
12947c478bd9Sstevel@tonic-gate 
12957c478bd9Sstevel@tonic-gate /*
12967c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
12977c478bd9Sstevel@tonic-gate  * set.
12987c478bd9Sstevel@tonic-gate  */
12997c478bd9Sstevel@tonic-gate 
13007c478bd9Sstevel@tonic-gate static void
1301*9e3700dfSgww do_getqbufsz(void)
13027c478bd9Sstevel@tonic-gate {
13037c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
13047c478bd9Sstevel@tonic-gate 
13057c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
13067c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue buffer size (bytes) = %ld\n"),
13077c478bd9Sstevel@tonic-gate 		qctrl.aq_bufsz);
13087c478bd9Sstevel@tonic-gate }
13097c478bd9Sstevel@tonic-gate 
13107c478bd9Sstevel@tonic-gate /*
13117c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
13127c478bd9Sstevel@tonic-gate  * set.
13137c478bd9Sstevel@tonic-gate  */
13147c478bd9Sstevel@tonic-gate 
13157c478bd9Sstevel@tonic-gate static void
1316*9e3700dfSgww do_getqctrl(void)
13177c478bd9Sstevel@tonic-gate {
13187c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
13197c478bd9Sstevel@tonic-gate 
13207c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
13217c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue hiwater mark (records) = %ld\n"),
13227c478bd9Sstevel@tonic-gate 	    qctrl.aq_hiwater);
13237c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue lowater mark (records) = %ld\n"),
13247c478bd9Sstevel@tonic-gate 	    qctrl.aq_lowater);
13257c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue buffer size (bytes) = %ld\n"),
13267c478bd9Sstevel@tonic-gate 	    qctrl.aq_bufsz);
13277c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue delay (ticks) = %ld\n"),
13287c478bd9Sstevel@tonic-gate 	    qctrl.aq_delay);
13297c478bd9Sstevel@tonic-gate }
13307c478bd9Sstevel@tonic-gate 
13317c478bd9Sstevel@tonic-gate /*
13327c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
13337c478bd9Sstevel@tonic-gate  * set.
13347c478bd9Sstevel@tonic-gate  */
13357c478bd9Sstevel@tonic-gate 
13367c478bd9Sstevel@tonic-gate static void
1337*9e3700dfSgww do_getqdelay(void)
13387c478bd9Sstevel@tonic-gate {
13397c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
13407c478bd9Sstevel@tonic-gate 
13417c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
13427c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue delay (ticks) = %ld\n"),
13437c478bd9Sstevel@tonic-gate 	    qctrl.aq_delay);
13447c478bd9Sstevel@tonic-gate }
13457c478bd9Sstevel@tonic-gate 
13467c478bd9Sstevel@tonic-gate /*
13477c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
13487c478bd9Sstevel@tonic-gate  * set.
13497c478bd9Sstevel@tonic-gate  */
13507c478bd9Sstevel@tonic-gate 
13517c478bd9Sstevel@tonic-gate static void
1352*9e3700dfSgww do_getqhiwater(void)
13537c478bd9Sstevel@tonic-gate {
13547c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
13557c478bd9Sstevel@tonic-gate 
13567c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
13577c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue hiwater mark (records) = %ld\n"),
13587c478bd9Sstevel@tonic-gate 	    qctrl.aq_hiwater);
13597c478bd9Sstevel@tonic-gate }
13607c478bd9Sstevel@tonic-gate 
13617c478bd9Sstevel@tonic-gate /*
13627c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
13637c478bd9Sstevel@tonic-gate  * set.
13647c478bd9Sstevel@tonic-gate  */
13657c478bd9Sstevel@tonic-gate 
13667c478bd9Sstevel@tonic-gate static void
1367*9e3700dfSgww do_getqlowater(void)
13687c478bd9Sstevel@tonic-gate {
13697c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
13707c478bd9Sstevel@tonic-gate 
13717c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
13727c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit queue lowater mark (records) = %ld\n"),
13737c478bd9Sstevel@tonic-gate 		qctrl.aq_lowater);
13747c478bd9Sstevel@tonic-gate }
13757c478bd9Sstevel@tonic-gate 
13767c478bd9Sstevel@tonic-gate static void
1377*9e3700dfSgww do_getasid(void)
13787c478bd9Sstevel@tonic-gate {
13797c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
13807c478bd9Sstevel@tonic-gate 
13817c478bd9Sstevel@tonic-gate 	if (getaudit_addr(&ai, sizeof (ai))) {
13827c478bd9Sstevel@tonic-gate 		exit_error(gettext("getaudit_addr(2) failed"));
13837c478bd9Sstevel@tonic-gate 	}
13847c478bd9Sstevel@tonic-gate 	print_asid(ai.ai_asid);
13857c478bd9Sstevel@tonic-gate }
13867c478bd9Sstevel@tonic-gate 
13877c478bd9Sstevel@tonic-gate /*
13887c478bd9Sstevel@tonic-gate  * The stats are for the entire system unless AUDIT_PERZONE is set.
13897c478bd9Sstevel@tonic-gate  */
13907c478bd9Sstevel@tonic-gate 
13917c478bd9Sstevel@tonic-gate static void
1392*9e3700dfSgww do_getstat(void)
13937c478bd9Sstevel@tonic-gate {
13947c478bd9Sstevel@tonic-gate 	au_stat_t as;
1395*9e3700dfSgww 	int offset[12];   /* used to line the header up correctly */
1396*9e3700dfSgww 	char buf[512];
13977c478bd9Sstevel@tonic-gate 
13987c478bd9Sstevel@tonic-gate 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
1399*9e3700dfSgww 	(void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu "
1400*9e3700dfSgww 	    "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n",
1401*9e3700dfSgww 	    (ulong_t)as.as_generated,	&(offset[0]),
1402*9e3700dfSgww 	    (ulong_t)as.as_nonattrib,	&(offset[1]),
1403*9e3700dfSgww 	    (ulong_t)as.as_kernel,	&(offset[2]),
1404*9e3700dfSgww 	    (ulong_t)as.as_audit,	&(offset[3]),
1405*9e3700dfSgww 	    (ulong_t)as.as_auditctl,	&(offset[4]),
1406*9e3700dfSgww 	    (ulong_t)as.as_enqueue,	&(offset[5]),
1407*9e3700dfSgww 	    (ulong_t)as.as_written,	&(offset[6]),
1408*9e3700dfSgww 	    (ulong_t)as.as_wblocked,	&(offset[7]),
1409*9e3700dfSgww 	    (ulong_t)as.as_rblocked,	&(offset[8]),
1410*9e3700dfSgww 	    (ulong_t)as.as_dropped,	&(offset[9]),
1411*9e3700dfSgww 	    (ulong_t)as.as_totalsize / ONEK, &(offset[10]),
1412*9e3700dfSgww 	    (ulong_t)as.as_memused / ONEK, &(offset[11]));
1413*9e3700dfSgww 
1414*9e3700dfSgww 	/*
1415*9e3700dfSgww 	 * TRANSLATION_NOTE
1416*9e3700dfSgww 	 *	Print a properly aligned header.
1417*9e3700dfSgww 	 */
1418*9e3700dfSgww 	(void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n",
1419*9e3700dfSgww 		offset[0] - 1,			gettext("gen"),
1420*9e3700dfSgww 		offset[1] - offset[0] -1,	gettext("nona"),
1421*9e3700dfSgww 		offset[2] - offset[1] -1,	gettext("kern"),
1422*9e3700dfSgww 		offset[3] - offset[2] -1,	gettext("aud"),
1423*9e3700dfSgww 		offset[4] - offset[3] -1,	gettext("ctl"),
1424*9e3700dfSgww 		offset[5] - offset[4] -1,	gettext("enq"),
1425*9e3700dfSgww 		offset[6] - offset[5] -1,	gettext("wrtn"),
1426*9e3700dfSgww 		offset[7] - offset[6] -1,	gettext("wblk"),
1427*9e3700dfSgww 		offset[8] - offset[7] -1,	gettext("rblk"),
1428*9e3700dfSgww 		offset[9] - offset[8] -1,	gettext("drop"),
1429*9e3700dfSgww 		offset[10] - offset[9] -1,	gettext("tot"),
1430*9e3700dfSgww 		offset[11] - offset[10],	gettext("mem"));
1431*9e3700dfSgww 
1432*9e3700dfSgww 	(void) printf("%s\n", buf);
14337c478bd9Sstevel@tonic-gate }
14347c478bd9Sstevel@tonic-gate 
14357c478bd9Sstevel@tonic-gate static void
1436*9e3700dfSgww do_gettermid(void)
14377c478bd9Sstevel@tonic-gate {
14387c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
14397c478bd9Sstevel@tonic-gate 
14407c478bd9Sstevel@tonic-gate 	if (getaudit_addr(&ai, sizeof (ai))) {
14417c478bd9Sstevel@tonic-gate 		exit_error(gettext("getaudit_addr(2) failed"));
14427c478bd9Sstevel@tonic-gate 	}
14437c478bd9Sstevel@tonic-gate 	print_tid_ex(&ai.ai_termid);
14447c478bd9Sstevel@tonic-gate }
14457c478bd9Sstevel@tonic-gate 
14467c478bd9Sstevel@tonic-gate /*
14477c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
14487c478bd9Sstevel@tonic-gate  * set.
14497c478bd9Sstevel@tonic-gate  */
14507c478bd9Sstevel@tonic-gate 
14517c478bd9Sstevel@tonic-gate static void
1452*9e3700dfSgww do_getfsize(void)
14537c478bd9Sstevel@tonic-gate {
14547c478bd9Sstevel@tonic-gate 	au_fstat_t fstat;
14557c478bd9Sstevel@tonic-gate 
14567c478bd9Sstevel@tonic-gate 	eauditon(A_GETFSIZE, (caddr_t)&fstat, 0);
14577c478bd9Sstevel@tonic-gate 	(void) printf(gettext("Maximum file size %d, current file size %d\n"),
14587c478bd9Sstevel@tonic-gate 	    fstat.af_filesz, fstat.af_currsz);
14597c478bd9Sstevel@tonic-gate }
14607c478bd9Sstevel@tonic-gate 
14617c478bd9Sstevel@tonic-gate /*
14627c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
14637c478bd9Sstevel@tonic-gate  * set.
14647c478bd9Sstevel@tonic-gate  */
14657c478bd9Sstevel@tonic-gate 
14667c478bd9Sstevel@tonic-gate static void
1467*9e3700dfSgww do_lsevent(void)
14687c478bd9Sstevel@tonic-gate {
14697c478bd9Sstevel@tonic-gate 	register au_event_ent_t *evp;
14707c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
14717c478bd9Sstevel@tonic-gate 	char auflags[256];
14727c478bd9Sstevel@tonic-gate 
14737c478bd9Sstevel@tonic-gate 	setauevent();
1474*9e3700dfSgww 	if (getauevent() == NULL) {
14757c478bd9Sstevel@tonic-gate 		(void) exit_error(gettext(
1476*9e3700dfSgww 		    "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE);
14777c478bd9Sstevel@tonic-gate 	}
14787c478bd9Sstevel@tonic-gate 
14797c478bd9Sstevel@tonic-gate 	setauevent();
1480*9e3700dfSgww 	while ((evp = getauevent()) != NULL) {
14817c478bd9Sstevel@tonic-gate 		pmask.am_success = pmask.am_failure = evp->ae_class;
14827c478bd9Sstevel@tonic-gate 		if (getauditflagschar(auflags, &pmask, 0) == -1)
14837c478bd9Sstevel@tonic-gate 			(void) strcpy(auflags, "unknown");
14847c478bd9Sstevel@tonic-gate 		(void) printf("%-30s %5d %s %s\n",
14857c478bd9Sstevel@tonic-gate 		    evp->ae_name, evp->ae_number, auflags, evp->ae_desc);
14867c478bd9Sstevel@tonic-gate 	}
14877c478bd9Sstevel@tonic-gate 	endauevent();
14887c478bd9Sstevel@tonic-gate }
14897c478bd9Sstevel@tonic-gate 
14907c478bd9Sstevel@tonic-gate /*
14917c478bd9Sstevel@tonic-gate  * The returned value is for the global zone unless AUDIT_PERZONE is
14927c478bd9Sstevel@tonic-gate  * set.
14937c478bd9Sstevel@tonic-gate  */
14947c478bd9Sstevel@tonic-gate 
14957c478bd9Sstevel@tonic-gate static void
1496*9e3700dfSgww do_lspolicy(void)
14977c478bd9Sstevel@tonic-gate {
14987c478bd9Sstevel@tonic-gate 	int i;
14997c478bd9Sstevel@tonic-gate 
15007c478bd9Sstevel@tonic-gate 	/*
15017c478bd9Sstevel@tonic-gate 	 * TRANSLATION_NOTE
15027c478bd9Sstevel@tonic-gate 	 *	Print a properly aligned header.
15037c478bd9Sstevel@tonic-gate 	 */
15047c478bd9Sstevel@tonic-gate 	(void) printf(gettext("policy string    description:\n"));
150545916cd2Sjpk 	for (i = 0; i < POLICY_TBL_SZ; i++) {
150645916cd2Sjpk 		(void) printf("%-17s%s\n", policy_table[i].policy_str,
15077c478bd9Sstevel@tonic-gate 		    gettext(policy_table[i].policy_desc));
15087c478bd9Sstevel@tonic-gate 	}
150945916cd2Sjpk }
15107c478bd9Sstevel@tonic-gate 
15117c478bd9Sstevel@tonic-gate static void
1512*9e3700dfSgww do_setasid(char *sid_str, char **argv)
15137c478bd9Sstevel@tonic-gate {
15147c478bd9Sstevel@tonic-gate 	struct auditinfo_addr ai;
15157c478bd9Sstevel@tonic-gate 
15167c478bd9Sstevel@tonic-gate 	if (getaudit_addr(&ai, sizeof (ai))) {
15177c478bd9Sstevel@tonic-gate 		exit_error(gettext("getaudit_addr(2) failed"));
15187c478bd9Sstevel@tonic-gate 	}
15197c478bd9Sstevel@tonic-gate 	ai.ai_asid = (au_asid_t)atol(sid_str);
15207c478bd9Sstevel@tonic-gate 	if (setaudit_addr(&ai, sizeof (ai))) {
15217c478bd9Sstevel@tonic-gate 		exit_error(gettext("setaudit_addr(2) failed"));
15227c478bd9Sstevel@tonic-gate 	}
15237c478bd9Sstevel@tonic-gate 	execit(argv);
15247c478bd9Sstevel@tonic-gate }
15257c478bd9Sstevel@tonic-gate 
15267c478bd9Sstevel@tonic-gate static void
1527*9e3700dfSgww do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str,
1528*9e3700dfSgww     char **argv)
15297c478bd9Sstevel@tonic-gate {
15307c478bd9Sstevel@tonic-gate 	auditinfo_addr_t ai;
15317c478bd9Sstevel@tonic-gate 
15327c478bd9Sstevel@tonic-gate 	ai.ai_auid = (au_id_t)get_user_id(user_str);
15337c478bd9Sstevel@tonic-gate 	str2mask(mask_str, &ai.ai_mask),
15347c478bd9Sstevel@tonic-gate 	str2tid(tid_str, &ai.ai_termid);
15357c478bd9Sstevel@tonic-gate 	ai.ai_asid = (au_asid_t)atol(sid_str);
15367c478bd9Sstevel@tonic-gate 
15377c478bd9Sstevel@tonic-gate 	esetaudit(&ai, sizeof (ai));
15387c478bd9Sstevel@tonic-gate 	execit(argv);
15397c478bd9Sstevel@tonic-gate }
15407c478bd9Sstevel@tonic-gate 
15417c478bd9Sstevel@tonic-gate static void
1542*9e3700dfSgww do_setauid(char *user, char **argv)
15437c478bd9Sstevel@tonic-gate {
15447c478bd9Sstevel@tonic-gate 	au_id_t auid;
15457c478bd9Sstevel@tonic-gate 
15467c478bd9Sstevel@tonic-gate 	auid = get_user_id(user);
15477c478bd9Sstevel@tonic-gate 	esetauid(&auid);
15487c478bd9Sstevel@tonic-gate 	execit(argv);
15497c478bd9Sstevel@tonic-gate }
15507c478bd9Sstevel@tonic-gate 
15517c478bd9Sstevel@tonic-gate static void
1552*9e3700dfSgww do_setpmask(char *pid_str, char *audit_flags)
15537c478bd9Sstevel@tonic-gate {
15547c478bd9Sstevel@tonic-gate 	struct auditpinfo ap;
15557c478bd9Sstevel@tonic-gate 
15567c478bd9Sstevel@tonic-gate 	if (strisnum(pid_str))
15577c478bd9Sstevel@tonic-gate 		ap.ap_pid = (pid_t)atoi(pid_str);
15587c478bd9Sstevel@tonic-gate 	else
15597c478bd9Sstevel@tonic-gate 		exit_usage(1);
15607c478bd9Sstevel@tonic-gate 
15617c478bd9Sstevel@tonic-gate 	str2mask(audit_flags, &ap.ap_mask);
15627c478bd9Sstevel@tonic-gate 
15637c478bd9Sstevel@tonic-gate 	eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap));
15647c478bd9Sstevel@tonic-gate }
15657c478bd9Sstevel@tonic-gate 
15667c478bd9Sstevel@tonic-gate static void
1567*9e3700dfSgww do_setsmask(char *asid_str, char *audit_flags)
15687c478bd9Sstevel@tonic-gate {
15697c478bd9Sstevel@tonic-gate 	struct auditinfo ainfo;
15707c478bd9Sstevel@tonic-gate 
15717c478bd9Sstevel@tonic-gate 	if (strisnum(asid_str))
15727c478bd9Sstevel@tonic-gate 		ainfo.ai_asid = (pid_t)atoi(asid_str);
15737c478bd9Sstevel@tonic-gate 	else
15747c478bd9Sstevel@tonic-gate 		exit_usage(1);
15757c478bd9Sstevel@tonic-gate 
15767c478bd9Sstevel@tonic-gate 	str2mask(audit_flags, &ainfo.ai_mask);
15777c478bd9Sstevel@tonic-gate 
15787c478bd9Sstevel@tonic-gate 	eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo));
15797c478bd9Sstevel@tonic-gate }
15807c478bd9Sstevel@tonic-gate 
15817c478bd9Sstevel@tonic-gate static void
1582*9e3700dfSgww do_setumask(char *auid_str, char *audit_flags)
15837c478bd9Sstevel@tonic-gate {
15847c478bd9Sstevel@tonic-gate 	struct auditinfo ainfo;
15857c478bd9Sstevel@tonic-gate 
15867c478bd9Sstevel@tonic-gate 	if (strisnum(auid_str))
15877c478bd9Sstevel@tonic-gate 		ainfo.ai_auid = (pid_t)atoi(auid_str);
15887c478bd9Sstevel@tonic-gate 	else
15897c478bd9Sstevel@tonic-gate 		exit_usage(1);
15907c478bd9Sstevel@tonic-gate 
15917c478bd9Sstevel@tonic-gate 	str2mask(audit_flags, &ainfo.ai_mask);
15927c478bd9Sstevel@tonic-gate 
15937c478bd9Sstevel@tonic-gate 	eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo));
15947c478bd9Sstevel@tonic-gate }
15957c478bd9Sstevel@tonic-gate 
15967c478bd9Sstevel@tonic-gate /*
15977c478bd9Sstevel@tonic-gate  * local zone use is valid if AUDIT_PERZONE is set, otherwise the
15987c478bd9Sstevel@tonic-gate  * syscall returns EPERM.
15997c478bd9Sstevel@tonic-gate  */
16007c478bd9Sstevel@tonic-gate 
16017c478bd9Sstevel@tonic-gate static void
1602*9e3700dfSgww do_setstat(void)
16037c478bd9Sstevel@tonic-gate {
16047c478bd9Sstevel@tonic-gate 	au_stat_t as;
16057c478bd9Sstevel@tonic-gate 
16067c478bd9Sstevel@tonic-gate 	as.as_audit	= (uint_t)-1;
16077c478bd9Sstevel@tonic-gate 	as.as_auditctl	= (uint_t)-1;
16087c478bd9Sstevel@tonic-gate 	as.as_dropped	= (uint_t)-1;
16097c478bd9Sstevel@tonic-gate 	as.as_enqueue	= (uint_t)-1;
16107c478bd9Sstevel@tonic-gate 	as.as_generated	= (uint_t)-1;
16117c478bd9Sstevel@tonic-gate 	as.as_kernel	= (uint_t)-1;
16127c478bd9Sstevel@tonic-gate 	as.as_nonattrib	= (uint_t)-1;
16137c478bd9Sstevel@tonic-gate 	as.as_rblocked	= (uint_t)-1;
16147c478bd9Sstevel@tonic-gate 	as.as_totalsize	= (uint_t)-1;
16157c478bd9Sstevel@tonic-gate 	as.as_wblocked	= (uint_t)-1;
16167c478bd9Sstevel@tonic-gate 	as.as_written	= (uint_t)-1;
16177c478bd9Sstevel@tonic-gate 
16187c478bd9Sstevel@tonic-gate 	eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as));
1619*9e3700dfSgww 	(void) printf("%s\n", gettext("audit stats reset"));
16207c478bd9Sstevel@tonic-gate }
16217c478bd9Sstevel@tonic-gate 
16227c478bd9Sstevel@tonic-gate /*
16237c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
16247c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
16257c478bd9Sstevel@tonic-gate  */
16267c478bd9Sstevel@tonic-gate 
16277c478bd9Sstevel@tonic-gate static void
1628*9e3700dfSgww do_setclass(char *event_str, char *audit_flags)
16297c478bd9Sstevel@tonic-gate {
16307c478bd9Sstevel@tonic-gate 	au_event_t event;
16317c478bd9Sstevel@tonic-gate 	int mask;
16327c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
16337c478bd9Sstevel@tonic-gate 	au_evclass_map_t ec;
16347c478bd9Sstevel@tonic-gate 	au_event_ent_t *evp;
16357c478bd9Sstevel@tonic-gate 
16367c478bd9Sstevel@tonic-gate 	if (strisnum(event_str))
16377c478bd9Sstevel@tonic-gate 		event = (uint_t)atol(event_str);
16387c478bd9Sstevel@tonic-gate 	else {
1639*9e3700dfSgww 		if ((evp = egetauevnam(event_str)) != NULL)
16407c478bd9Sstevel@tonic-gate 			event = evp->ae_number;
16417c478bd9Sstevel@tonic-gate 	}
16427c478bd9Sstevel@tonic-gate 
16437c478bd9Sstevel@tonic-gate 	if (strisnum(audit_flags))
16447c478bd9Sstevel@tonic-gate 		mask = atoi(audit_flags);
16457c478bd9Sstevel@tonic-gate 	else {
16467c478bd9Sstevel@tonic-gate 		str2mask(audit_flags, &pmask);
16477c478bd9Sstevel@tonic-gate 		mask = pmask.am_success | pmask.am_failure;
16487c478bd9Sstevel@tonic-gate 	}
16497c478bd9Sstevel@tonic-gate 
16507c478bd9Sstevel@tonic-gate 	ec.ec_number = event;
16517c478bd9Sstevel@tonic-gate 	ec.ec_class = mask;
16527c478bd9Sstevel@tonic-gate 	eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec));
16537c478bd9Sstevel@tonic-gate }
16547c478bd9Sstevel@tonic-gate 
16557c478bd9Sstevel@tonic-gate /*
16567c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
16577c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
16587c478bd9Sstevel@tonic-gate  */
16597c478bd9Sstevel@tonic-gate 
16607c478bd9Sstevel@tonic-gate static void
1661*9e3700dfSgww do_setkmask(char *audit_flags)
16627c478bd9Sstevel@tonic-gate {
16637c478bd9Sstevel@tonic-gate 	au_mask_t pmask;
16647c478bd9Sstevel@tonic-gate 
16657c478bd9Sstevel@tonic-gate 	str2mask(audit_flags, &pmask);
16667c478bd9Sstevel@tonic-gate 	eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask));
16677c478bd9Sstevel@tonic-gate 	print_mask(gettext("audit flags for non-attributable events"), &pmask);
16687c478bd9Sstevel@tonic-gate }
16697c478bd9Sstevel@tonic-gate 
16707c478bd9Sstevel@tonic-gate /*
16717c478bd9Sstevel@tonic-gate  * ahlt and perzone are global zone only; the other policies are valid
16727c478bd9Sstevel@tonic-gate  * in a local zone if AUDIT_PERZONE is set.  The kernel insures that
16737c478bd9Sstevel@tonic-gate  * a local zone can't change ahlt and perzone (EINVAL).
16747c478bd9Sstevel@tonic-gate  */
16757c478bd9Sstevel@tonic-gate 
16767c478bd9Sstevel@tonic-gate static void
1677*9e3700dfSgww do_setpolicy(char *policy_str)
16787c478bd9Sstevel@tonic-gate {
16797c478bd9Sstevel@tonic-gate 	uint_t	policy;
16807c478bd9Sstevel@tonic-gate 
16817c478bd9Sstevel@tonic-gate 	switch (str2policy(policy_str, &policy)) {
16827c478bd9Sstevel@tonic-gate 	case 2:
16837c478bd9Sstevel@tonic-gate 		exit_error(gettext(
16847c478bd9Sstevel@tonic-gate 			"policy (%s) invalid in a local zone."),
16857c478bd9Sstevel@tonic-gate 			policy_str);
16867c478bd9Sstevel@tonic-gate 		break;
16877c478bd9Sstevel@tonic-gate 	default:
16887c478bd9Sstevel@tonic-gate 		exit_error(gettext(
16897c478bd9Sstevel@tonic-gate 		    "Invalid policy (%s) specified."),
16907c478bd9Sstevel@tonic-gate 		    policy_str);
16917c478bd9Sstevel@tonic-gate 		break;
16927c478bd9Sstevel@tonic-gate 	case 0:
16937c478bd9Sstevel@tonic-gate 		eauditon(A_SETPOLICY, (caddr_t)&policy, 0);
16947c478bd9Sstevel@tonic-gate 		break;
16957c478bd9Sstevel@tonic-gate 	}
16967c478bd9Sstevel@tonic-gate }
16977c478bd9Sstevel@tonic-gate 
16987c478bd9Sstevel@tonic-gate /*
16997c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17007c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17017c478bd9Sstevel@tonic-gate  */
17027c478bd9Sstevel@tonic-gate 
17037c478bd9Sstevel@tonic-gate static void
1704*9e3700dfSgww do_setqbufsz(char *bufsz)
17057c478bd9Sstevel@tonic-gate {
17067c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
17077c478bd9Sstevel@tonic-gate 
17087c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
17097c478bd9Sstevel@tonic-gate 	qctrl.aq_bufsz = atol(bufsz);
17107c478bd9Sstevel@tonic-gate 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
17117c478bd9Sstevel@tonic-gate }
17127c478bd9Sstevel@tonic-gate 
17137c478bd9Sstevel@tonic-gate /*
17147c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17157c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17167c478bd9Sstevel@tonic-gate  */
17177c478bd9Sstevel@tonic-gate 
17187c478bd9Sstevel@tonic-gate static void
1719*9e3700dfSgww do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay)
17207c478bd9Sstevel@tonic-gate {
17217c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
17227c478bd9Sstevel@tonic-gate 
17237c478bd9Sstevel@tonic-gate 	qctrl.aq_hiwater = atol(hiwater);
17247c478bd9Sstevel@tonic-gate 	qctrl.aq_lowater = atol(lowater);
17257c478bd9Sstevel@tonic-gate 	qctrl.aq_bufsz = atol(bufsz);
17267c478bd9Sstevel@tonic-gate 	qctrl.aq_delay = atol(delay);
17277c478bd9Sstevel@tonic-gate 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
17287c478bd9Sstevel@tonic-gate }
17297c478bd9Sstevel@tonic-gate 
17307c478bd9Sstevel@tonic-gate /*
17317c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17327c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17337c478bd9Sstevel@tonic-gate  */
17347c478bd9Sstevel@tonic-gate 
17357c478bd9Sstevel@tonic-gate static void
1736*9e3700dfSgww do_setqdelay(char *delay)
17377c478bd9Sstevel@tonic-gate {
17387c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
17397c478bd9Sstevel@tonic-gate 
17407c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
17417c478bd9Sstevel@tonic-gate 	qctrl.aq_delay = atol(delay);
17427c478bd9Sstevel@tonic-gate 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
17437c478bd9Sstevel@tonic-gate }
17447c478bd9Sstevel@tonic-gate 
17457c478bd9Sstevel@tonic-gate /*
17467c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17477c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17487c478bd9Sstevel@tonic-gate  */
17497c478bd9Sstevel@tonic-gate 
17507c478bd9Sstevel@tonic-gate static void
1751*9e3700dfSgww do_setqhiwater(char *hiwater)
17527c478bd9Sstevel@tonic-gate {
17537c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
17547c478bd9Sstevel@tonic-gate 
17557c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
17567c478bd9Sstevel@tonic-gate 	qctrl.aq_hiwater = atol(hiwater);
17577c478bd9Sstevel@tonic-gate 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
17587c478bd9Sstevel@tonic-gate }
17597c478bd9Sstevel@tonic-gate 
17607c478bd9Sstevel@tonic-gate /*
17617c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17627c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17637c478bd9Sstevel@tonic-gate  */
17647c478bd9Sstevel@tonic-gate 
17657c478bd9Sstevel@tonic-gate static void
1766*9e3700dfSgww do_setqlowater(char *lowater)
17677c478bd9Sstevel@tonic-gate {
17687c478bd9Sstevel@tonic-gate 	struct au_qctrl qctrl;
17697c478bd9Sstevel@tonic-gate 
17707c478bd9Sstevel@tonic-gate 	eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
17717c478bd9Sstevel@tonic-gate 	qctrl.aq_lowater = atol(lowater);
17727c478bd9Sstevel@tonic-gate 	eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
17737c478bd9Sstevel@tonic-gate }
17747c478bd9Sstevel@tonic-gate 
17757c478bd9Sstevel@tonic-gate /*
17767c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE set:  valid in all zones
17777c478bd9Sstevel@tonic-gate  * AUDIT_PERZONE not set: valid in global zone only
17787c478bd9Sstevel@tonic-gate  */
17797c478bd9Sstevel@tonic-gate 
17807c478bd9Sstevel@tonic-gate static void
1781*9e3700dfSgww do_setfsize(char *size)
17827c478bd9Sstevel@tonic-gate {
17837c478bd9Sstevel@tonic-gate 	au_fstat_t fstat;
17847c478bd9Sstevel@tonic-gate 
17857c478bd9Sstevel@tonic-gate 	fstat.af_filesz = atol(size);
17867c478bd9Sstevel@tonic-gate 	eauditon(A_SETFSIZE, (caddr_t)&fstat, 0);
17877c478bd9Sstevel@tonic-gate }
17887c478bd9Sstevel@tonic-gate 
17897c478bd9Sstevel@tonic-gate static void
1790*9e3700dfSgww eauditon(int cmd, caddr_t data, int length)
17917c478bd9Sstevel@tonic-gate {
17927c478bd9Sstevel@tonic-gate 	if (auditon(cmd, data, length) == -1)
17937c478bd9Sstevel@tonic-gate 		exit_error(gettext("auditon(2) failed."));
17947c478bd9Sstevel@tonic-gate }
17957c478bd9Sstevel@tonic-gate 
17967c478bd9Sstevel@tonic-gate static void
1797*9e3700dfSgww egetauid(au_id_t *auid)
17987c478bd9Sstevel@tonic-gate {
17997c478bd9Sstevel@tonic-gate 	if (getauid(auid) == -1)
18007c478bd9Sstevel@tonic-gate 		exit_error(gettext("getauid(2) failed."));
18017c478bd9Sstevel@tonic-gate }
18027c478bd9Sstevel@tonic-gate 
18037c478bd9Sstevel@tonic-gate static void
1804*9e3700dfSgww egetaudit(auditinfo_addr_t *ai, int size)
18057c478bd9Sstevel@tonic-gate {
18067c478bd9Sstevel@tonic-gate 	if (getaudit_addr(ai, size) == -1)
18077c478bd9Sstevel@tonic-gate 		exit_error(gettext("getaudit_addr(2) failed."));
18087c478bd9Sstevel@tonic-gate }
18097c478bd9Sstevel@tonic-gate 
18107c478bd9Sstevel@tonic-gate static void
1811*9e3700dfSgww egetkaudit(auditinfo_addr_t *ai, int size)
18127c478bd9Sstevel@tonic-gate {
18137c478bd9Sstevel@tonic-gate 	if (auditon(A_GETKAUDIT, (char *)ai, size) < 0)
18147c478bd9Sstevel@tonic-gate 		exit_error(gettext("auditon: A_GETKAUDIT failed."));
18157c478bd9Sstevel@tonic-gate }
18167c478bd9Sstevel@tonic-gate 
18177c478bd9Sstevel@tonic-gate static void
1818*9e3700dfSgww esetkaudit(auditinfo_addr_t *ai, int size)
18197c478bd9Sstevel@tonic-gate {
18207c478bd9Sstevel@tonic-gate 	if (auditon(A_SETKAUDIT, (char *)ai, size) < 0)
18217c478bd9Sstevel@tonic-gate 		exit_error(gettext("auditon: A_SETKAUDIT failed."));
18227c478bd9Sstevel@tonic-gate }
18237c478bd9Sstevel@tonic-gate 
18247c478bd9Sstevel@tonic-gate static void
1825*9e3700dfSgww egetauditflagsbin(char *auditflags, au_mask_t *pmask)
18267c478bd9Sstevel@tonic-gate {
18277c478bd9Sstevel@tonic-gate 	pmask->am_success = pmask->am_failure = 0;
18287c478bd9Sstevel@tonic-gate 
18297c478bd9Sstevel@tonic-gate 	if (strcmp(auditflags, "none") == 0)
18307c478bd9Sstevel@tonic-gate 		return;
18317c478bd9Sstevel@tonic-gate 
18327c478bd9Sstevel@tonic-gate 	if (getauditflagsbin(auditflags, pmask) < 0) {
18337c478bd9Sstevel@tonic-gate 		exit_error(gettext("Could not get audit flags (%s)"),
18347c478bd9Sstevel@tonic-gate 		    auditflags);
18357c478bd9Sstevel@tonic-gate 	}
18367c478bd9Sstevel@tonic-gate }
18377c478bd9Sstevel@tonic-gate 
18387c478bd9Sstevel@tonic-gate static au_event_ent_t *
1839*9e3700dfSgww egetauevnum(au_event_t event_number)
18407c478bd9Sstevel@tonic-gate {
18417c478bd9Sstevel@tonic-gate 	au_event_ent_t *evp;
18427c478bd9Sstevel@tonic-gate 
1843*9e3700dfSgww 	if ((evp = getauevnum(event_number)) == NULL) {
18447c478bd9Sstevel@tonic-gate 		exit_error(gettext("Could not get audit event %d"),
18457c478bd9Sstevel@tonic-gate 		    event_number);
1846*9e3700dfSgww 	}
18477c478bd9Sstevel@tonic-gate 
18487c478bd9Sstevel@tonic-gate 	return (evp);
18497c478bd9Sstevel@tonic-gate }
18507c478bd9Sstevel@tonic-gate 
18517c478bd9Sstevel@tonic-gate static au_event_ent_t *
1852*9e3700dfSgww egetauevnam(char *event_name)
18537c478bd9Sstevel@tonic-gate {
18547c478bd9Sstevel@tonic-gate 	register au_event_ent_t *evp;
18557c478bd9Sstevel@tonic-gate 
1856*9e3700dfSgww 	if ((evp = getauevnam(event_name)) == NULL)
18577c478bd9Sstevel@tonic-gate 		exit_error(gettext("Could not get audit event %s"), event_name);
18587c478bd9Sstevel@tonic-gate 
18597c478bd9Sstevel@tonic-gate 	return (evp);
18607c478bd9Sstevel@tonic-gate }
18617c478bd9Sstevel@tonic-gate 
18627c478bd9Sstevel@tonic-gate static void
1863*9e3700dfSgww esetauid(au_id_t *auid)
18647c478bd9Sstevel@tonic-gate {
18657c478bd9Sstevel@tonic-gate 	if (setauid(auid) == -1)
18667c478bd9Sstevel@tonic-gate 		exit_error(gettext("setauid(2) failed."));
18677c478bd9Sstevel@tonic-gate }
18687c478bd9Sstevel@tonic-gate 
18697c478bd9Sstevel@tonic-gate static void
1870*9e3700dfSgww esetaudit(auditinfo_addr_t *ai, int size)
18717c478bd9Sstevel@tonic-gate {
18727c478bd9Sstevel@tonic-gate 	if (setaudit_addr(ai, size) == -1)
18737c478bd9Sstevel@tonic-gate 		exit_error(gettext("setaudit_addr(2) failed."));
18747c478bd9Sstevel@tonic-gate }
18757c478bd9Sstevel@tonic-gate 
18767c478bd9Sstevel@tonic-gate static uid_t
1877*9e3700dfSgww get_user_id(char *user)
18787c478bd9Sstevel@tonic-gate {
18797c478bd9Sstevel@tonic-gate 	struct passwd *pwd;
18807c478bd9Sstevel@tonic-gate 	uid_t uid;
18817c478bd9Sstevel@tonic-gate 
18827c478bd9Sstevel@tonic-gate 	if (isdigit(*user)) {
18837c478bd9Sstevel@tonic-gate 		uid = atoi(user);
1884*9e3700dfSgww 		if ((pwd = getpwuid(uid)) == NULL) {
18857c478bd9Sstevel@tonic-gate 			exit_error(gettext("Invalid user: %s"), user);
18867c478bd9Sstevel@tonic-gate 		}
18877c478bd9Sstevel@tonic-gate 	} else {
1888*9e3700dfSgww 		if ((pwd = getpwnam(user)) == NULL) {
18897c478bd9Sstevel@tonic-gate 			exit_error(gettext("Invalid user: %s"), user);
18907c478bd9Sstevel@tonic-gate 		}
18917c478bd9Sstevel@tonic-gate 	}
18927c478bd9Sstevel@tonic-gate 
18937c478bd9Sstevel@tonic-gate 	return (pwd->pw_uid);
18947c478bd9Sstevel@tonic-gate }
18957c478bd9Sstevel@tonic-gate 
18967c478bd9Sstevel@tonic-gate /*
18977c478bd9Sstevel@tonic-gate  * get_arg_ent()
18987c478bd9Sstevel@tonic-gate  *     Inputs: command line argument string
18997c478bd9Sstevel@tonic-gate  *     Returns ptr to policy_entry if found; null, if not found
19007c478bd9Sstevel@tonic-gate  */
19017c478bd9Sstevel@tonic-gate static struct arg_entry *
1902*9e3700dfSgww get_arg_ent(char *arg_str)
19037c478bd9Sstevel@tonic-gate {
19047c478bd9Sstevel@tonic-gate 	struct arg_entry key;
19057c478bd9Sstevel@tonic-gate 
19067c478bd9Sstevel@tonic-gate 	key.arg_str = arg_str;
19077c478bd9Sstevel@tonic-gate 
1908*9e3700dfSgww 	return ((struct arg_entry *)bsearch((char *)&key, (char *)arg_table,
1909*9e3700dfSgww 	    ARG_TBL_SZ, sizeof (struct arg_entry), arg_ent_compare));
19107c478bd9Sstevel@tonic-gate }
19117c478bd9Sstevel@tonic-gate 
19127c478bd9Sstevel@tonic-gate /*
19137c478bd9Sstevel@tonic-gate  * arg_ent_compare()
19147c478bd9Sstevel@tonic-gate  *     Compares two command line arguments to determine which is
19157c478bd9Sstevel@tonic-gate  *       lexicographically greater.
19167c478bd9Sstevel@tonic-gate  *     Inputs: two argument map table entry pointers
19177c478bd9Sstevel@tonic-gate  *     Returns: > 1: aep1->arg_str > aep2->arg_str
19187c478bd9Sstevel@tonic-gate  *              < 1: aep1->arg_str < aep2->arg_str
19197c478bd9Sstevel@tonic-gate  *                0: aep1->arg_str = aep->arg_str2
19207c478bd9Sstevel@tonic-gate  */
19217c478bd9Sstevel@tonic-gate static int
1922*9e3700dfSgww arg_ent_compare(const void *aep1, const void *aep2)
19237c478bd9Sstevel@tonic-gate {
1924*9e3700dfSgww 	return (strcmp(((struct arg_entry *)aep1)->arg_str,
1925*9e3700dfSgww 	    ((struct arg_entry *)aep2)->arg_str));
19267c478bd9Sstevel@tonic-gate }
19277c478bd9Sstevel@tonic-gate 
19287c478bd9Sstevel@tonic-gate /*
19297c478bd9Sstevel@tonic-gate  * Convert mask of the following forms:
19307c478bd9Sstevel@tonic-gate  *
19317c478bd9Sstevel@tonic-gate  *    audit_flags (ie. +lo,-ad,pc)
19327c478bd9Sstevel@tonic-gate  *    0xffffffff,0xffffffff
19337c478bd9Sstevel@tonic-gate  *    ffffffff,ffffffff
19347c478bd9Sstevel@tonic-gate  *    20,20
19357c478bd9Sstevel@tonic-gate  */
19367c478bd9Sstevel@tonic-gate static void
1937*9e3700dfSgww str2mask(char *mask_str, au_mask_t *mp)
19387c478bd9Sstevel@tonic-gate {
19397c478bd9Sstevel@tonic-gate 
19407c478bd9Sstevel@tonic-gate 	char sp[256];
19417c478bd9Sstevel@tonic-gate 	char fp[256];
19427c478bd9Sstevel@tonic-gate 
19437c478bd9Sstevel@tonic-gate 	mp->am_success = 0;
19447c478bd9Sstevel@tonic-gate 	mp->am_failure = 0;
19457c478bd9Sstevel@tonic-gate 
19467c478bd9Sstevel@tonic-gate 	/*
1947*9e3700dfSgww 	 * a mask of the form +aa,bb,cc,-dd or
1948*9e3700dfSgww 	 * a mask of the form 0xffffffff,0xffffffff or 1,1
19497c478bd9Sstevel@tonic-gate 	 */
19507c478bd9Sstevel@tonic-gate 	if (strisflags(mask_str)) {
19517c478bd9Sstevel@tonic-gate 		egetauditflagsbin(mask_str, mp);
19527c478bd9Sstevel@tonic-gate 	} else {
19537c478bd9Sstevel@tonic-gate 		strsplit(mask_str, sp, fp, ',');
19547c478bd9Sstevel@tonic-gate 
1955*9e3700dfSgww 		if (strlen(sp) > (size_t)2 && !strncasecmp(sp, "0x", 2)) {
19567c478bd9Sstevel@tonic-gate 			(void) sscanf(sp + 2, "%x", &mp->am_success);
1957*9e3700dfSgww 		} else {
19587c478bd9Sstevel@tonic-gate 			(void) sscanf(sp, "%u", &mp->am_success);
1959*9e3700dfSgww 		}
19607c478bd9Sstevel@tonic-gate 
1961*9e3700dfSgww 		if (strlen(fp) > (size_t)2 && !strncasecmp(fp, "0x", 2)) {
19627c478bd9Sstevel@tonic-gate 			(void) sscanf(fp + 2, "%x", &mp->am_failure);
1963*9e3700dfSgww 		} else {
19647c478bd9Sstevel@tonic-gate 			(void) sscanf(fp, "%u", &mp->am_failure);
19657c478bd9Sstevel@tonic-gate 		}
19667c478bd9Sstevel@tonic-gate 	}
1967*9e3700dfSgww }
19687c478bd9Sstevel@tonic-gate 
19697c478bd9Sstevel@tonic-gate /*
19707c478bd9Sstevel@tonic-gate  * tid_str is major,minor,host  -- host is a name or an ip address
19717c478bd9Sstevel@tonic-gate  */
19727c478bd9Sstevel@tonic-gate 
19737c478bd9Sstevel@tonic-gate static void
19747c478bd9Sstevel@tonic-gate str2tid(char *tid_str, au_tid_addr_t *tp)
19757c478bd9Sstevel@tonic-gate {
1976*9e3700dfSgww 	char *major_str;
1977*9e3700dfSgww 	char *minor_str;
1978*9e3700dfSgww 	char *host_str = NULL;
19797c478bd9Sstevel@tonic-gate 	major_t major = 0;
19807c478bd9Sstevel@tonic-gate 	major_t minor = 0;
19817c478bd9Sstevel@tonic-gate 	dev_t dev = 0;
19827c478bd9Sstevel@tonic-gate 	struct hostent *phe;
19837c478bd9Sstevel@tonic-gate 	int err;
19847c478bd9Sstevel@tonic-gate 	uint32_t ibuf;
19857c478bd9Sstevel@tonic-gate 	uint32_t ibuf6[4];
19867c478bd9Sstevel@tonic-gate 
19877c478bd9Sstevel@tonic-gate 	tp->at_port = 0;
19887c478bd9Sstevel@tonic-gate 	tp->at_type = 0;
19897c478bd9Sstevel@tonic-gate 	bzero(tp->at_addr, 16);
19907c478bd9Sstevel@tonic-gate 
19917c478bd9Sstevel@tonic-gate 	major_str = tid_str;
19927c478bd9Sstevel@tonic-gate 	if ((minor_str = strchr(tid_str, ',')) != NULL) {
19937c478bd9Sstevel@tonic-gate 		*minor_str = '\0';
19947c478bd9Sstevel@tonic-gate 		minor_str++;
19957c478bd9Sstevel@tonic-gate 	}
19967c478bd9Sstevel@tonic-gate 
1997*9e3700dfSgww 	if (minor_str) {
19987c478bd9Sstevel@tonic-gate 		if ((host_str = strchr(minor_str, ',')) != NULL) {
19997c478bd9Sstevel@tonic-gate 			*host_str = '\0';
20007c478bd9Sstevel@tonic-gate 			host_str++;
20017c478bd9Sstevel@tonic-gate 		}
2002*9e3700dfSgww 	}
20037c478bd9Sstevel@tonic-gate 
20047c478bd9Sstevel@tonic-gate 	if (major_str)
20057c478bd9Sstevel@tonic-gate 		major = (major_t)atoi(major_str);
20067c478bd9Sstevel@tonic-gate 
20077c478bd9Sstevel@tonic-gate 	if (minor_str)
20087c478bd9Sstevel@tonic-gate 		minor = (minor_t)atoi(minor_str);
20097c478bd9Sstevel@tonic-gate 
20107c478bd9Sstevel@tonic-gate 	if ((dev = makedev(major, minor)) != NODEV)
20117c478bd9Sstevel@tonic-gate 		tp->at_port = dev;
20127c478bd9Sstevel@tonic-gate 
20137c478bd9Sstevel@tonic-gate 	if (host_str) {
20147c478bd9Sstevel@tonic-gate 		if (strisipaddr(host_str)) {
20157c478bd9Sstevel@tonic-gate 			if (inet_pton(AF_INET, host_str, &ibuf)) {
20167c478bd9Sstevel@tonic-gate 				tp->at_addr[0] = ibuf;
20177c478bd9Sstevel@tonic-gate 				tp->at_type = AU_IPv4;
20187c478bd9Sstevel@tonic-gate 			} else if (inet_pton(AF_INET6, host_str, ibuf6)) {
20197c478bd9Sstevel@tonic-gate 				tp->at_addr[0] = ibuf6[0];
20207c478bd9Sstevel@tonic-gate 				tp->at_addr[1] = ibuf6[1];
20217c478bd9Sstevel@tonic-gate 				tp->at_addr[2] = ibuf6[2];
20227c478bd9Sstevel@tonic-gate 				tp->at_addr[3] = ibuf6[3];
20237c478bd9Sstevel@tonic-gate 				tp->at_type = AU_IPv6;
20247c478bd9Sstevel@tonic-gate 			}
20257c478bd9Sstevel@tonic-gate 		} else {
20267c478bd9Sstevel@tonic-gate 			phe = getipnodebyname((const void *)host_str,
20277c478bd9Sstevel@tonic-gate 			    AF_INET, 0, &err);
20287c478bd9Sstevel@tonic-gate 			if (phe == 0) {
20297c478bd9Sstevel@tonic-gate 				phe = getipnodebyname((const void *)host_str,
20307c478bd9Sstevel@tonic-gate 				    AF_INET6, 0, &err);
20317c478bd9Sstevel@tonic-gate 			}
20327c478bd9Sstevel@tonic-gate 
20337c478bd9Sstevel@tonic-gate 			if (phe != NULL) {
20347c478bd9Sstevel@tonic-gate 				if (phe->h_addrtype == AF_INET6) {
20357c478bd9Sstevel@tonic-gate 					/* address is IPv6 (128 bits) */
20367c478bd9Sstevel@tonic-gate 					(void) memcpy(&tp->at_addr[0],
20377c478bd9Sstevel@tonic-gate 					    phe->h_addr_list[0], 16);
20387c478bd9Sstevel@tonic-gate 					tp->at_type = AU_IPv6;
20397c478bd9Sstevel@tonic-gate 				} else {
20407c478bd9Sstevel@tonic-gate 					/* address is IPv4 (32 bits) */
20417c478bd9Sstevel@tonic-gate 					(void) memcpy(&tp->at_addr[0],
20427c478bd9Sstevel@tonic-gate 					    phe->h_addr_list[0], 4);
20437c478bd9Sstevel@tonic-gate 					tp->at_type = AU_IPv4;
20447c478bd9Sstevel@tonic-gate 				}
20457c478bd9Sstevel@tonic-gate 				freehostent(phe);
20467c478bd9Sstevel@tonic-gate 			}
20477c478bd9Sstevel@tonic-gate 		}
20487c478bd9Sstevel@tonic-gate 	}
20497c478bd9Sstevel@tonic-gate }
20507c478bd9Sstevel@tonic-gate 
2051*9e3700dfSgww static char *
2052*9e3700dfSgww cond2str(void)
20537c478bd9Sstevel@tonic-gate {
2054*9e3700dfSgww 	uint_t cond;
20557c478bd9Sstevel@tonic-gate 
2056*9e3700dfSgww 	eauditon(A_GETCOND, (caddr_t)&cond, (int)sizeof (cond));
2057*9e3700dfSgww 
2058*9e3700dfSgww 	switch (cond) {
2059*9e3700dfSgww 
2060*9e3700dfSgww 	case AUC_AUDITING:
2061*9e3700dfSgww 		return ("auditing");
2062*9e3700dfSgww 
2063*9e3700dfSgww 	case AUC_NOAUDIT:
2064*9e3700dfSgww 	case AUC_INIT_AUDIT:
2065*9e3700dfSgww 		return ("noaudit");
2066*9e3700dfSgww 
2067*9e3700dfSgww 	case AUC_UNSET:
2068*9e3700dfSgww 		return ("unset");
2069*9e3700dfSgww 
2070*9e3700dfSgww 	case AUC_NOSPACE:
2071*9e3700dfSgww 		return ("nospace");
2072*9e3700dfSgww 
2073*9e3700dfSgww 	default:
2074*9e3700dfSgww 		return ("");
20757c478bd9Sstevel@tonic-gate 	}
20767c478bd9Sstevel@tonic-gate }
20777c478bd9Sstevel@tonic-gate 
20787c478bd9Sstevel@tonic-gate static struct policy_entry *
2079*9e3700dfSgww get_policy_ent(char *policy)
20807c478bd9Sstevel@tonic-gate {
20817c478bd9Sstevel@tonic-gate 	int i;
20827c478bd9Sstevel@tonic-gate 
208345916cd2Sjpk 	for (i = 0; i < POLICY_TBL_SZ; i++) {
2084*9e3700dfSgww 		if (strcasecmp(policy,
2085*9e3700dfSgww 		    policy_table[i].policy_str) == 0) {
20867c478bd9Sstevel@tonic-gate 			return (&policy_table[i]);
208745916cd2Sjpk 		}
20887c478bd9Sstevel@tonic-gate 	}
20897c478bd9Sstevel@tonic-gate 
2090*9e3700dfSgww 	return (NULL);
2091*9e3700dfSgww }
2092*9e3700dfSgww 
2093*9e3700dfSgww /*
2094*9e3700dfSgww  * 	exit = 0, success
2095*9e3700dfSgww  *	       1, error
2096*9e3700dfSgww  *	       2, bad zone
2097*9e3700dfSgww  */
2098*9e3700dfSgww 
20997c478bd9Sstevel@tonic-gate static int
21007c478bd9Sstevel@tonic-gate str2policy(char *policy_str, uint_t *policy_mask)
21017c478bd9Sstevel@tonic-gate {
21027c478bd9Sstevel@tonic-gate 	char		*buf;
21037c478bd9Sstevel@tonic-gate 	char		*tok;
21047c478bd9Sstevel@tonic-gate 	char		pfix;
21057c478bd9Sstevel@tonic-gate 	boolean_t	is_all = 0;
21067c478bd9Sstevel@tonic-gate 	uint_t		pm = 0;
21077c478bd9Sstevel@tonic-gate 	uint_t		curp = 0;
21087c478bd9Sstevel@tonic-gate 	struct		policy_entry *pep;
21097c478bd9Sstevel@tonic-gate 
21107c478bd9Sstevel@tonic-gate 	pfix = *policy_str;
21117c478bd9Sstevel@tonic-gate 
21127c478bd9Sstevel@tonic-gate 	if (pfix == '-' || pfix == '+' || pfix == '=')
21137c478bd9Sstevel@tonic-gate 		++policy_str;
21147c478bd9Sstevel@tonic-gate 
21157c478bd9Sstevel@tonic-gate 	if ((buf = strdup(policy_str)) == NULL)
21167c478bd9Sstevel@tonic-gate 		return (1);
21177c478bd9Sstevel@tonic-gate 
2118*9e3700dfSgww 	for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) {
21197c478bd9Sstevel@tonic-gate 		if ((pep = get_policy_ent(tok)) == NULL) {
21207c478bd9Sstevel@tonic-gate 			return (1);
21217c478bd9Sstevel@tonic-gate 		} else {
21227c478bd9Sstevel@tonic-gate 			pm |= pep->policy_mask;
2123*9e3700dfSgww 			if (pep->policy_mask == ALL_POLICIES) {
21247c478bd9Sstevel@tonic-gate 				is_all = 1;
21257c478bd9Sstevel@tonic-gate 			}
21267c478bd9Sstevel@tonic-gate 		}
2127*9e3700dfSgww 	}
21287c478bd9Sstevel@tonic-gate 	free(buf);
21297c478bd9Sstevel@tonic-gate 
21307c478bd9Sstevel@tonic-gate 	if (pfix == '-') {
2131*9e3700dfSgww 		if (!is_all &&
2132*9e3700dfSgww 		    (getzoneid() != GLOBAL_ZONEID) &&
2133*9e3700dfSgww 		    (pm & ~AUDIT_LOCAL)) {
21347c478bd9Sstevel@tonic-gate 			return (2);
2135*9e3700dfSgww 		}
21367c478bd9Sstevel@tonic-gate 		eauditon(A_GETPOLICY, (caddr_t)&curp, 0);
21377c478bd9Sstevel@tonic-gate 		if (getzoneid() != GLOBAL_ZONEID)
21387c478bd9Sstevel@tonic-gate 			curp &= AUDIT_LOCAL;
21397c478bd9Sstevel@tonic-gate 		*policy_mask = curp & ~pm;
21407c478bd9Sstevel@tonic-gate 	} else if (pfix == '+') {
21417c478bd9Sstevel@tonic-gate 		/*
2142*9e3700dfSgww 		 * In a local zone, accept specifying "all", but not
2143*9e3700dfSgww 		 * individually specifying global-zone only policies.
2144*9e3700dfSgww 		 * Limit to all locally allowed, so system call doesn't
2145*9e3700dfSgww 		 * fail.
21467c478bd9Sstevel@tonic-gate 		 */
2147*9e3700dfSgww 		if (!is_all &&
2148*9e3700dfSgww 		    (getzoneid() != GLOBAL_ZONEID) &&
2149*9e3700dfSgww 		    (pm & ~AUDIT_LOCAL)) {
21507c478bd9Sstevel@tonic-gate 			return (2);
2151*9e3700dfSgww 		}
21527c478bd9Sstevel@tonic-gate 		eauditon(A_GETPOLICY, (caddr_t)&curp, 0);
21537c478bd9Sstevel@tonic-gate 		if (getzoneid() != GLOBAL_ZONEID) {
21547c478bd9Sstevel@tonic-gate 			curp &= AUDIT_LOCAL;
2155*9e3700dfSgww 			if (is_all) {
21567c478bd9Sstevel@tonic-gate 				pm &= AUDIT_LOCAL;
21577c478bd9Sstevel@tonic-gate 			}
2158*9e3700dfSgww 		}
21597c478bd9Sstevel@tonic-gate 		*policy_mask = curp | pm;
21607c478bd9Sstevel@tonic-gate 	} else {
2161*9e3700dfSgww 		if (is_all && (getzoneid() != GLOBAL_ZONEID)) {
21627c478bd9Sstevel@tonic-gate 			pm &= AUDIT_LOCAL;
2163*9e3700dfSgww 		}
21647c478bd9Sstevel@tonic-gate 		*policy_mask = pm;
21657c478bd9Sstevel@tonic-gate 	}
21667c478bd9Sstevel@tonic-gate 	return (0);
21677c478bd9Sstevel@tonic-gate }
21687c478bd9Sstevel@tonic-gate 
21697c478bd9Sstevel@tonic-gate static int
2170*9e3700dfSgww policy2str(uint_t policy, char *policy_str, size_t len)
21717c478bd9Sstevel@tonic-gate {
21727c478bd9Sstevel@tonic-gate 	int i, j;
21737c478bd9Sstevel@tonic-gate 
21747c478bd9Sstevel@tonic-gate 	if (policy == ALL_POLICIES) {
21757c478bd9Sstevel@tonic-gate 		(void) strcpy(policy_str, "all");
21767c478bd9Sstevel@tonic-gate 		return (1);
21777c478bd9Sstevel@tonic-gate 	}
21787c478bd9Sstevel@tonic-gate 
21797c478bd9Sstevel@tonic-gate 	if (policy == NO_POLICIES) {
21807c478bd9Sstevel@tonic-gate 		(void) strcpy(policy_str, "none");
21817c478bd9Sstevel@tonic-gate 		return (1);
21827c478bd9Sstevel@tonic-gate 	}
21837c478bd9Sstevel@tonic-gate 
21847c478bd9Sstevel@tonic-gate 	*policy_str = '\0';
21857c478bd9Sstevel@tonic-gate 
218645916cd2Sjpk 	for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) {
21877c478bd9Sstevel@tonic-gate 		if (policy & policy_table[i].policy_mask &&
21887c478bd9Sstevel@tonic-gate 		    policy_table[i].policy_mask != ALL_POLICIES) {
2189*9e3700dfSgww 			if (j++) {
21907c478bd9Sstevel@tonic-gate 				(void) strcat(policy_str, ",");
2191*9e3700dfSgww 			}
2192*9e3700dfSgww 			(void) strlcat(policy_str, policy_table[i].policy_str,
2193*9e3700dfSgww 			    len);
21947c478bd9Sstevel@tonic-gate 		}
219545916cd2Sjpk 	}
21967c478bd9Sstevel@tonic-gate 
21977c478bd9Sstevel@tonic-gate 	if (*policy_str)
21987c478bd9Sstevel@tonic-gate 		return (0);
21997c478bd9Sstevel@tonic-gate 
22007c478bd9Sstevel@tonic-gate 	return (1);
22017c478bd9Sstevel@tonic-gate }
22027c478bd9Sstevel@tonic-gate 
22037c478bd9Sstevel@tonic-gate 
22047c478bd9Sstevel@tonic-gate static int
2205*9e3700dfSgww strisnum(char *s)
22067c478bd9Sstevel@tonic-gate {
2207*9e3700dfSgww 	if (s == NULL || !*s)
22087c478bd9Sstevel@tonic-gate 		return (0);
22097c478bd9Sstevel@tonic-gate 
22107c478bd9Sstevel@tonic-gate 	for (; *s == '-' || *s == '+'; s++)
22117c478bd9Sstevel@tonic-gate 
22127c478bd9Sstevel@tonic-gate 	if (!*s)
22137c478bd9Sstevel@tonic-gate 		return (0);
22147c478bd9Sstevel@tonic-gate 
22157c478bd9Sstevel@tonic-gate 	for (; *s; s++)
22167c478bd9Sstevel@tonic-gate 		if (!isdigit(*s))
22177c478bd9Sstevel@tonic-gate 			return (0);
22187c478bd9Sstevel@tonic-gate 
22197c478bd9Sstevel@tonic-gate 	return (1);
22207c478bd9Sstevel@tonic-gate }
22217c478bd9Sstevel@tonic-gate 
22227c478bd9Sstevel@tonic-gate static int
2223*9e3700dfSgww strisflags(char *s)
22247c478bd9Sstevel@tonic-gate {
2225*9e3700dfSgww 	if (s == NULL || !*s)
22267c478bd9Sstevel@tonic-gate 		return (0);
22277c478bd9Sstevel@tonic-gate 
22287c478bd9Sstevel@tonic-gate 	for (; *s; s++) {
22297c478bd9Sstevel@tonic-gate 		if (!isalpha(*s) &&
22307c478bd9Sstevel@tonic-gate 		    (*s != '+' && *s != '-' && *s != '^' && *s != ','))
22317c478bd9Sstevel@tonic-gate 			return (0);
22327c478bd9Sstevel@tonic-gate 	}
22337c478bd9Sstevel@tonic-gate 
22347c478bd9Sstevel@tonic-gate 	return (1);
22357c478bd9Sstevel@tonic-gate }
22367c478bd9Sstevel@tonic-gate 
22377c478bd9Sstevel@tonic-gate static int
2238*9e3700dfSgww strisipaddr(char *s)
22397c478bd9Sstevel@tonic-gate {
22407c478bd9Sstevel@tonic-gate 	int dot = 0;
22417c478bd9Sstevel@tonic-gate 	int colon = 0;
22427c478bd9Sstevel@tonic-gate 
22437c478bd9Sstevel@tonic-gate 	/* no string */
2244*9e3700dfSgww 	if ((s == NULL) || (!*s))
22457c478bd9Sstevel@tonic-gate 		return (0);
22467c478bd9Sstevel@tonic-gate 
22477c478bd9Sstevel@tonic-gate 	for (; *s; s++) {
22487c478bd9Sstevel@tonic-gate 		if (!(isxdigit(*s) || *s != '.' || *s != ':'))
22497c478bd9Sstevel@tonic-gate 			return (0);
2250*9e3700dfSgww 		if (*s == '.')
2251*9e3700dfSgww 			dot++;
2252*9e3700dfSgww 		if (*s == ':')
2253*9e3700dfSgww 			colon++;
22547c478bd9Sstevel@tonic-gate 	}
22557c478bd9Sstevel@tonic-gate 
22567c478bd9Sstevel@tonic-gate 	if (dot && colon)
22577c478bd9Sstevel@tonic-gate 		return (0);
22587c478bd9Sstevel@tonic-gate 
22597c478bd9Sstevel@tonic-gate 	if (!dot && !colon)
22607c478bd9Sstevel@tonic-gate 		return (0);
22617c478bd9Sstevel@tonic-gate 
22627c478bd9Sstevel@tonic-gate 	return (1);
22637c478bd9Sstevel@tonic-gate }
22647c478bd9Sstevel@tonic-gate 
22657c478bd9Sstevel@tonic-gate static void
2266*9e3700dfSgww strsplit(char *s, char *p1, char *p2, char c)
22677c478bd9Sstevel@tonic-gate {
22687c478bd9Sstevel@tonic-gate 	*p1 = *p2 = '\0';
22697c478bd9Sstevel@tonic-gate 
22707c478bd9Sstevel@tonic-gate 	while (*s != '\0' && *s != c)
22717c478bd9Sstevel@tonic-gate 		*p1++ = *s++;
22727c478bd9Sstevel@tonic-gate 	*p1 = '\0';
22737c478bd9Sstevel@tonic-gate 	s++;
22747c478bd9Sstevel@tonic-gate 
22757c478bd9Sstevel@tonic-gate 	while (*s != '\0')
22767c478bd9Sstevel@tonic-gate 		*p2++ = *s++;
22777c478bd9Sstevel@tonic-gate 	*p2 = '\0';
22787c478bd9Sstevel@tonic-gate }
22797c478bd9Sstevel@tonic-gate 
22807c478bd9Sstevel@tonic-gate static void
2281*9e3700dfSgww chk_event_num(int etype, au_event_t event)
22827c478bd9Sstevel@tonic-gate {
22837c478bd9Sstevel@tonic-gate 	au_stat_t as;
22847c478bd9Sstevel@tonic-gate 
22857c478bd9Sstevel@tonic-gate 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
22867c478bd9Sstevel@tonic-gate 
22877c478bd9Sstevel@tonic-gate 	if (etype == AC_KERN_EVENT) {
22887c478bd9Sstevel@tonic-gate 		if (event > as.as_numevent) {
2289*9e3700dfSgww 			exit_error(gettext("Invalid kernel audit event "
2290*9e3700dfSgww 			    "number specified.\n"
2291*9e3700dfSgww 			    "\t%d is outside allowable range 0-%d."),
22927c478bd9Sstevel@tonic-gate 			    event, as.as_numevent);
22937c478bd9Sstevel@tonic-gate 		}
2294*9e3700dfSgww 	} else  {
2295*9e3700dfSgww 		/* user event */
22967c478bd9Sstevel@tonic-gate 		if (event <= as.as_numevent) {
2297*9e3700dfSgww 			exit_error(gettext("Invalid user level audit event "
2298*9e3700dfSgww 			    "number specified %d."), event);
22997c478bd9Sstevel@tonic-gate 		}
23007c478bd9Sstevel@tonic-gate 	}
23017c478bd9Sstevel@tonic-gate }
23027c478bd9Sstevel@tonic-gate 
23037c478bd9Sstevel@tonic-gate static void
2304*9e3700dfSgww chk_event_str(int etype, char *event_str)
23057c478bd9Sstevel@tonic-gate {
23067c478bd9Sstevel@tonic-gate 	au_event_ent_t *evp;
23077c478bd9Sstevel@tonic-gate 	au_stat_t as;
23087c478bd9Sstevel@tonic-gate 
23097c478bd9Sstevel@tonic-gate 	eauditon(A_GETSTAT, (caddr_t)&as, 0);
23107c478bd9Sstevel@tonic-gate 
23117c478bd9Sstevel@tonic-gate 	evp = egetauevnam(event_str);
23127c478bd9Sstevel@tonic-gate 	if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {
23137c478bd9Sstevel@tonic-gate 		exit_error(
23147c478bd9Sstevel@tonic-gate 		    gettext("Invalid kernel audit event string specified.\n"
23157c478bd9Sstevel@tonic-gate 		    "\t\"%s\" appears to be a user level event. "
2316*9e3700dfSgww 		    "Check configuration."), event_str);
23177c478bd9Sstevel@tonic-gate 	} else if (etype == AC_USER_EVENT &&
23187c478bd9Sstevel@tonic-gate 	    (evp->ae_number < as.as_numevent)) {
23197c478bd9Sstevel@tonic-gate 		exit_error(
23207c478bd9Sstevel@tonic-gate 		    gettext("Invalid user audit event string specified.\n"
23217c478bd9Sstevel@tonic-gate 		    "\t\"%s\" appears to be a kernel event. "
2322*9e3700dfSgww 		    "Check configuration."), event_str);
23237c478bd9Sstevel@tonic-gate 	}
23247c478bd9Sstevel@tonic-gate }
23257c478bd9Sstevel@tonic-gate 
23267c478bd9Sstevel@tonic-gate static void
2327*9e3700dfSgww chk_sorf(char *sorf_str)
23287c478bd9Sstevel@tonic-gate {
23297c478bd9Sstevel@tonic-gate 	if (!strisnum(sorf_str))
23307c478bd9Sstevel@tonic-gate 		exit_error(gettext("Invalid sorf specified: %s"), sorf_str);
23317c478bd9Sstevel@tonic-gate }
23327c478bd9Sstevel@tonic-gate 
23337c478bd9Sstevel@tonic-gate static void
2334*9e3700dfSgww chk_retval(char *retval_str)
23357c478bd9Sstevel@tonic-gate {
23367c478bd9Sstevel@tonic-gate 	if (!strisnum(retval_str))
23377c478bd9Sstevel@tonic-gate 		exit_error(gettext("Invalid retval specified: %s"), retval_str);
23387c478bd9Sstevel@tonic-gate }
23397c478bd9Sstevel@tonic-gate 
23407c478bd9Sstevel@tonic-gate static void
2341*9e3700dfSgww execit(char **argv)
23427c478bd9Sstevel@tonic-gate {
23437c478bd9Sstevel@tonic-gate 	char *shell;
23447c478bd9Sstevel@tonic-gate 
2345*9e3700dfSgww 	if (*argv) {
23467c478bd9Sstevel@tonic-gate 		(void) execvp(*argv, argv);
2347*9e3700dfSgww 	} else {
2348*9e3700dfSgww 		if (((shell = getenv("SHELL")) == NULL) ||
23497c478bd9Sstevel@tonic-gate 			*shell != '/')
23507c478bd9Sstevel@tonic-gate 			shell = "/bin/csh";
23517c478bd9Sstevel@tonic-gate 
2352*9e3700dfSgww 		(void) execlp(shell, shell, NULL);
23537c478bd9Sstevel@tonic-gate 	}
23547c478bd9Sstevel@tonic-gate 
23557c478bd9Sstevel@tonic-gate 	exit_error(gettext("exec(2) failed"));
23567c478bd9Sstevel@tonic-gate }
23577c478bd9Sstevel@tonic-gate 
23587c478bd9Sstevel@tonic-gate /*
23597c478bd9Sstevel@tonic-gate  * exit_error()
23607c478bd9Sstevel@tonic-gate  *     Desc: Prints an error message along with corresponding system
23617c478bd9Sstevel@tonic-gate  *                  error number and error message, then exits.
23627c478bd9Sstevel@tonic-gate  *     Inputs: Program name, program error message.
23637c478bd9Sstevel@tonic-gate  */
23647c478bd9Sstevel@tonic-gate /*PRINTFLIKE1*/
23657c478bd9Sstevel@tonic-gate static void
23667c478bd9Sstevel@tonic-gate exit_error(char *fmt, ...)
23677c478bd9Sstevel@tonic-gate {
23687c478bd9Sstevel@tonic-gate 	va_list args;
23697c478bd9Sstevel@tonic-gate 
23707c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "%s: ", progname);
23717c478bd9Sstevel@tonic-gate 
23727c478bd9Sstevel@tonic-gate 	va_start(args, fmt);
23737c478bd9Sstevel@tonic-gate 	(void) vfprintf(stderr, fmt, args);
23747c478bd9Sstevel@tonic-gate 	va_end(args);
23757c478bd9Sstevel@tonic-gate 
23767c478bd9Sstevel@tonic-gate 	(void) fputc('\n', stderr);
23777c478bd9Sstevel@tonic-gate 	if (errno)
23787c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, gettext("%s: error = %s(%d)\n"),
23797c478bd9Sstevel@tonic-gate 			progname, strerror(errno), errno);
23807c478bd9Sstevel@tonic-gate 	(void) fflush(stderr);
23817c478bd9Sstevel@tonic-gate 
23827c478bd9Sstevel@tonic-gate 	exit(1);
23837c478bd9Sstevel@tonic-gate }
23847c478bd9Sstevel@tonic-gate 
23857c478bd9Sstevel@tonic-gate static void
2386*9e3700dfSgww exit_usage(int status)
23877c478bd9Sstevel@tonic-gate {
23887c478bd9Sstevel@tonic-gate 	FILE *fp;
23897c478bd9Sstevel@tonic-gate 	int i;
23907c478bd9Sstevel@tonic-gate 
23917c478bd9Sstevel@tonic-gate 	fp = (status ? stderr : stdout);
23927c478bd9Sstevel@tonic-gate 	(void) fprintf(fp, gettext("usage: %s option ...\n"), progname);
23937c478bd9Sstevel@tonic-gate 
2394*9e3700dfSgww 	for (i = 0; i < ARG_TBL_SZ; i++)
23957c478bd9Sstevel@tonic-gate 		(void) fprintf(fp, " %s %s\n",
2396*9e3700dfSgww 			arg_table[i].arg_str, arg_table[i].arg_opts);
23977c478bd9Sstevel@tonic-gate 
23987c478bd9Sstevel@tonic-gate 	exit(status);
23997c478bd9Sstevel@tonic-gate }
24007c478bd9Sstevel@tonic-gate 
24017c478bd9Sstevel@tonic-gate static void
2402*9e3700dfSgww print_asid(au_asid_t asid)
24037c478bd9Sstevel@tonic-gate {
24047c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit session id = %u\n"), asid);
24057c478bd9Sstevel@tonic-gate }
24067c478bd9Sstevel@tonic-gate 
24077c478bd9Sstevel@tonic-gate static void
2408*9e3700dfSgww print_auid(au_id_t auid)
24097c478bd9Sstevel@tonic-gate {
24107c478bd9Sstevel@tonic-gate 	struct passwd *pwd;
24117c478bd9Sstevel@tonic-gate 	char *username;
24127c478bd9Sstevel@tonic-gate 
2413*9e3700dfSgww 	if ((pwd = getpwuid((uid_t)auid)) != NULL)
24147c478bd9Sstevel@tonic-gate 		username = pwd->pw_name;
24157c478bd9Sstevel@tonic-gate 	else
24167c478bd9Sstevel@tonic-gate 		username = gettext("unknown");
24177c478bd9Sstevel@tonic-gate 
24187c478bd9Sstevel@tonic-gate 	(void) printf(gettext("audit id = %s(%d)\n"), username, auid);
24197c478bd9Sstevel@tonic-gate }
24207c478bd9Sstevel@tonic-gate 
24217c478bd9Sstevel@tonic-gate static void
2422*9e3700dfSgww print_mask(char *desc, au_mask_t *pmp)
24237c478bd9Sstevel@tonic-gate {
24247c478bd9Sstevel@tonic-gate 	char auflags[512];
24257c478bd9Sstevel@tonic-gate 
24267c478bd9Sstevel@tonic-gate 	if (getauditflagschar(auflags, pmp, NULL) < 0)
24277c478bd9Sstevel@tonic-gate 		(void) strlcpy(auflags, gettext("unknown"), sizeof (auflags));
24287c478bd9Sstevel@tonic-gate 
24297c478bd9Sstevel@tonic-gate 	(void) printf("%s = %s(0x%x,0x%x)\n",
24307c478bd9Sstevel@tonic-gate 	    desc, auflags, pmp->am_success, pmp->am_failure);
24317c478bd9Sstevel@tonic-gate }
24327c478bd9Sstevel@tonic-gate 
24337c478bd9Sstevel@tonic-gate static void
2434*9e3700dfSgww print_tid_ex(au_tid_addr_t *tidp)
24357c478bd9Sstevel@tonic-gate {
24367c478bd9Sstevel@tonic-gate 	struct hostent *phe;
24377c478bd9Sstevel@tonic-gate 	char *hostname;
24387c478bd9Sstevel@tonic-gate 	struct in_addr ia;
24397c478bd9Sstevel@tonic-gate 	uint32_t *addr;
24407c478bd9Sstevel@tonic-gate 	int err;
2441*9e3700dfSgww 	char buf[INET6_ADDRSTRLEN];
24427c478bd9Sstevel@tonic-gate 	char *bufp;
24437c478bd9Sstevel@tonic-gate 
24447c478bd9Sstevel@tonic-gate 
24457c478bd9Sstevel@tonic-gate 	/* IPV6 or IPV4 address */
24467c478bd9Sstevel@tonic-gate 	if (tidp->at_type == AU_IPv4) {
24477c478bd9Sstevel@tonic-gate 		if ((phe = gethostbyaddr((char *)&tidp->at_addr[0],
2448*9e3700dfSgww 		    sizeof (tidp->at_addr[0]), AF_INET)) != NULL) {
24497c478bd9Sstevel@tonic-gate 			hostname = phe->h_name;
2450*9e3700dfSgww 		} else {
24517c478bd9Sstevel@tonic-gate 			hostname = gettext("unknown");
2452*9e3700dfSgww 		}
24537c478bd9Sstevel@tonic-gate 
24547c478bd9Sstevel@tonic-gate 		ia.s_addr = tidp->at_addr[0];
24557c478bd9Sstevel@tonic-gate 
24567c478bd9Sstevel@tonic-gate 		(void) printf(gettext(
24577c478bd9Sstevel@tonic-gate 		    "terminal id (maj,min,host) = %u,%u,%s(%s)\n"),
24587c478bd9Sstevel@tonic-gate 		    major(tidp->at_port), minor(tidp->at_port),
24597c478bd9Sstevel@tonic-gate 		    hostname, inet_ntoa(ia));
24607c478bd9Sstevel@tonic-gate 	} else {
24617c478bd9Sstevel@tonic-gate 		addr = &tidp->at_addr[0];
24627c478bd9Sstevel@tonic-gate 		phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err);
24637c478bd9Sstevel@tonic-gate 
24647c478bd9Sstevel@tonic-gate 		bzero(buf, sizeof (buf));
24657c478bd9Sstevel@tonic-gate 
2466*9e3700dfSgww 		(void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf));
2467*9e3700dfSgww 		if (phe == NULL) {
24687c478bd9Sstevel@tonic-gate 			bufp = gettext("unknown");
2469*9e3700dfSgww 		} else {
24707c478bd9Sstevel@tonic-gate 			bufp = phe->h_name;
2471*9e3700dfSgww 		}
24727c478bd9Sstevel@tonic-gate 
24737c478bd9Sstevel@tonic-gate 		(void) printf(gettext(
24747c478bd9Sstevel@tonic-gate 		    "terminal id (maj,min,host) = %u,%u,%s(%s)\n"),
24757c478bd9Sstevel@tonic-gate 		    major(tidp->at_port), minor(tidp->at_port),
24767c478bd9Sstevel@tonic-gate 		    bufp, buf);
2477*9e3700dfSgww 		if (phe) {
24787c478bd9Sstevel@tonic-gate 			freehostent(phe);
24797c478bd9Sstevel@tonic-gate 		}
24807c478bd9Sstevel@tonic-gate 	}
2481*9e3700dfSgww }
24827c478bd9Sstevel@tonic-gate 
24837c478bd9Sstevel@tonic-gate static int
2484*9e3700dfSgww str2ipaddr(char *s, uint32_t *addr, uint32_t type)
24857c478bd9Sstevel@tonic-gate {
24867c478bd9Sstevel@tonic-gate 	int j, sl;
24877c478bd9Sstevel@tonic-gate 	char *ss;
24887c478bd9Sstevel@tonic-gate 	unsigned int v;
24897c478bd9Sstevel@tonic-gate 
24907c478bd9Sstevel@tonic-gate 	bzero(addr, 16);
24917c478bd9Sstevel@tonic-gate 	if (strisipaddr(s)) {
24927c478bd9Sstevel@tonic-gate 		if (type == AU_IPv4) {
2493*9e3700dfSgww 			if (inet_pton(AF_INET, s, addr)) {
24947c478bd9Sstevel@tonic-gate 				return (0);
24957c478bd9Sstevel@tonic-gate 			}
2496*9e3700dfSgww 			return (1);
2497*9e3700dfSgww 		} else if (type == AU_IPv6) {
24987c478bd9Sstevel@tonic-gate 			if (inet_pton(AF_INET6, s, addr))
24997c478bd9Sstevel@tonic-gate 				return (0);
25007c478bd9Sstevel@tonic-gate 			return (1);
25017c478bd9Sstevel@tonic-gate 		}
25027c478bd9Sstevel@tonic-gate 		return (1);
25037c478bd9Sstevel@tonic-gate 	} else {
25047c478bd9Sstevel@tonic-gate 		if (type == AU_IPv4) {
25057c478bd9Sstevel@tonic-gate 			(void) sscanf(s, "%x", &addr[0]);
25067c478bd9Sstevel@tonic-gate 			return (0);
2507*9e3700dfSgww 		} else if (type == AU_IPv6) {
25087c478bd9Sstevel@tonic-gate 			sl = strlen(s);
25097c478bd9Sstevel@tonic-gate 			ss = s;
25107c478bd9Sstevel@tonic-gate 			for (j = 3; j >= 0; j--) {
25117c478bd9Sstevel@tonic-gate 				if ((sl - 8) <= 0) {
25127c478bd9Sstevel@tonic-gate 					(void) sscanf(s, "%x", &v);
25137c478bd9Sstevel@tonic-gate 					addr[j] = v;
25147c478bd9Sstevel@tonic-gate 					return (0);
25157c478bd9Sstevel@tonic-gate 				}
25167c478bd9Sstevel@tonic-gate 				ss = &s[sl-8];
25177c478bd9Sstevel@tonic-gate 				(void) sscanf(ss, "%x", &v);
25187c478bd9Sstevel@tonic-gate 				addr[j] = v;
25197c478bd9Sstevel@tonic-gate 				sl -= 8;
25207c478bd9Sstevel@tonic-gate 				*ss = '\0';
25217c478bd9Sstevel@tonic-gate 			}
25227c478bd9Sstevel@tonic-gate 		}
25237c478bd9Sstevel@tonic-gate 		return (0);
25247c478bd9Sstevel@tonic-gate 	}
25257c478bd9Sstevel@tonic-gate }
25267c478bd9Sstevel@tonic-gate 
25277c478bd9Sstevel@tonic-gate static int
2528*9e3700dfSgww str2type(char *s, uint_t *type)
25297c478bd9Sstevel@tonic-gate {
25307c478bd9Sstevel@tonic-gate 	if (strcmp(s, "ipv6") == 0) {
25317c478bd9Sstevel@tonic-gate 		*type = AU_IPv6;
25327c478bd9Sstevel@tonic-gate 		return (0);
25337c478bd9Sstevel@tonic-gate 	}
25347c478bd9Sstevel@tonic-gate 	if (strcmp(s, "ipv4") == 0) {
25357c478bd9Sstevel@tonic-gate 		*type = AU_IPv4;
25367c478bd9Sstevel@tonic-gate 		return (0);
25377c478bd9Sstevel@tonic-gate 	}
25387c478bd9Sstevel@tonic-gate 
25397c478bd9Sstevel@tonic-gate 	return (1);
25407c478bd9Sstevel@tonic-gate }
2541