17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 2245916cd2Sjpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate /* 297c478bd9Sstevel@tonic-gate * auditconfig - set and display audit parameters 307c478bd9Sstevel@tonic-gate */ 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include <locale.h> 337c478bd9Sstevel@tonic-gate #include <sys/types.h> 347c478bd9Sstevel@tonic-gate #include <ctype.h> 357c478bd9Sstevel@tonic-gate #include <stdlib.h> 367c478bd9Sstevel@tonic-gate #include <stdarg.h> 377c478bd9Sstevel@tonic-gate #include <unistd.h> 387c478bd9Sstevel@tonic-gate #include <errno.h> 397c478bd9Sstevel@tonic-gate #include <sys/param.h> 407c478bd9Sstevel@tonic-gate #include <stdio.h> 417c478bd9Sstevel@tonic-gate #include <string.h> 427c478bd9Sstevel@tonic-gate #include <strings.h> 437c478bd9Sstevel@tonic-gate #include <nlist.h> 447c478bd9Sstevel@tonic-gate #include <fcntl.h> 457c478bd9Sstevel@tonic-gate #include <sys/socket.h> 467c478bd9Sstevel@tonic-gate #include <netdb.h> 477c478bd9Sstevel@tonic-gate #include <netinet/in.h> 487c478bd9Sstevel@tonic-gate #include <arpa/inet.h> 497c478bd9Sstevel@tonic-gate #include <sys/mkdev.h> 507c478bd9Sstevel@tonic-gate #include <sys/param.h> 517c478bd9Sstevel@tonic-gate #include <pwd.h> 527c478bd9Sstevel@tonic-gate #include <libintl.h> 537c478bd9Sstevel@tonic-gate #include <zone.h> 547c478bd9Sstevel@tonic-gate 55*9e3700dfSgww #include <tsol/label.h> 567c478bd9Sstevel@tonic-gate #include <bsm/audit.h> 577c478bd9Sstevel@tonic-gate #include <bsm/audit_record.h> 587c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h> 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) 617c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SUNW_OST_OSCMD" 627c478bd9Sstevel@tonic-gate #endif 637c478bd9Sstevel@tonic-gate 64*9e3700dfSgww enum commands { 65*9e3700dfSgww AC_ARG_AUDIT, 66*9e3700dfSgww AC_ARG_ACONF, 67*9e3700dfSgww AC_ARG_CHKCONF, 68*9e3700dfSgww AC_ARG_CHKACONF, 69*9e3700dfSgww AC_ARG_CONF, 70*9e3700dfSgww AC_ARG_GETASID, 71*9e3700dfSgww AC_ARG_GETAUDIT, 72*9e3700dfSgww AC_ARG_GETAUID, 73*9e3700dfSgww AC_ARG_GETCAR, 74*9e3700dfSgww AC_ARG_GETCLASS, 75*9e3700dfSgww AC_ARG_GETCOND, 76*9e3700dfSgww AC_ARG_GETCWD, 77*9e3700dfSgww AC_ARG_GETESTATE, 78*9e3700dfSgww AC_ARG_GETFSIZE, 79*9e3700dfSgww AC_ARG_GETKAUDIT, 80*9e3700dfSgww AC_ARG_GETKMASK, 81*9e3700dfSgww AC_ARG_GETPINFO, 82*9e3700dfSgww AC_ARG_GETPOLICY, 83*9e3700dfSgww AC_ARG_GETQBUFSZ, 84*9e3700dfSgww AC_ARG_GETQCTRL, 85*9e3700dfSgww AC_ARG_GETQDELAY, 86*9e3700dfSgww AC_ARG_GETQHIWATER, 87*9e3700dfSgww AC_ARG_GETQLOWATER, 88*9e3700dfSgww AC_ARG_GETSTAT, 89*9e3700dfSgww AC_ARG_GETTERMID, 90*9e3700dfSgww AC_ARG_LSEVENT, 91*9e3700dfSgww AC_ARG_LSPOLICY, 92*9e3700dfSgww AC_ARG_SETASID, 93*9e3700dfSgww AC_ARG_SETAUDIT, 94*9e3700dfSgww AC_ARG_SETAUID, 95*9e3700dfSgww AC_ARG_SETCLASS, 96*9e3700dfSgww AC_ARG_SETFSIZE, 97*9e3700dfSgww AC_ARG_SETKAUDIT, 98*9e3700dfSgww AC_ARG_SETKMASK, 99*9e3700dfSgww AC_ARG_SETPMASK, 100*9e3700dfSgww AC_ARG_SETPOLICY, 101*9e3700dfSgww AC_ARG_SETSMASK, 102*9e3700dfSgww AC_ARG_SETSTAT, 103*9e3700dfSgww AC_ARG_SETQBUFSZ, 104*9e3700dfSgww AC_ARG_SETQCTRL, 105*9e3700dfSgww AC_ARG_SETQDELAY, 106*9e3700dfSgww AC_ARG_SETQHIWATER, 107*9e3700dfSgww AC_ARG_SETQLOWATER, 108*9e3700dfSgww AC_ARG_SETUMASK 109*9e3700dfSgww }; 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate #define AC_KERN_EVENT 0 1127c478bd9Sstevel@tonic-gate #define AC_USER_EVENT 1 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate #define NONE(s) (!strlen(s) ? gettext("none") : s) 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate #define ALL_POLICIES (AUDIT_AHLT|\ 1177c478bd9Sstevel@tonic-gate AUDIT_ARGE|\ 1187c478bd9Sstevel@tonic-gate AUDIT_ARGV|\ 1197c478bd9Sstevel@tonic-gate AUDIT_CNT|\ 1207c478bd9Sstevel@tonic-gate AUDIT_GROUP|\ 1217c478bd9Sstevel@tonic-gate AUDIT_PASSWD|\ 1227c478bd9Sstevel@tonic-gate AUDIT_WINDATA|\ 1237c478bd9Sstevel@tonic-gate AUDIT_SEQ|\ 1247c478bd9Sstevel@tonic-gate AUDIT_TRAIL|\ 1257c478bd9Sstevel@tonic-gate AUDIT_PATH|\ 1267c478bd9Sstevel@tonic-gate AUDIT_PUBLIC|\ 1277c478bd9Sstevel@tonic-gate AUDIT_ZONENAME|\ 12845916cd2Sjpk AUDIT_PERZONE|\ 12945916cd2Sjpk AUDIT_WINDATA_DOWN|\ 13045916cd2Sjpk AUDIT_WINDATA_UP) 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate #define NO_POLICIES (0) 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate #define ONEK 1024 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate /* 1377c478bd9Sstevel@tonic-gate * remove this after the audit.h is fixed 1387c478bd9Sstevel@tonic-gate */ 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate struct arg_entry { 1417c478bd9Sstevel@tonic-gate char *arg_str; 1427c478bd9Sstevel@tonic-gate char *arg_opts; 143*9e3700dfSgww enum commands auditconfig_cmd; 1447c478bd9Sstevel@tonic-gate }; 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate struct policy_entry { 1477c478bd9Sstevel@tonic-gate char *policy_str; 1487c478bd9Sstevel@tonic-gate uint_t policy_mask; 1497c478bd9Sstevel@tonic-gate char *policy_desc; 1507c478bd9Sstevel@tonic-gate }; 1517c478bd9Sstevel@tonic-gate 1527c478bd9Sstevel@tonic-gate static struct arg_entry arg_table[] = { 1537c478bd9Sstevel@tonic-gate { "-aconf", "", AC_ARG_ACONF}, 1547c478bd9Sstevel@tonic-gate { "-audit", "event sorf retval string", AC_ARG_AUDIT}, 1557c478bd9Sstevel@tonic-gate { "-chkaconf", "", AC_ARG_CHKACONF}, 1567c478bd9Sstevel@tonic-gate { "-chkconf", "", AC_ARG_CHKCONF}, 1577c478bd9Sstevel@tonic-gate { "-conf", "", AC_ARG_CONF}, 1587c478bd9Sstevel@tonic-gate { "-getasid", "", AC_ARG_GETASID}, 1597c478bd9Sstevel@tonic-gate { "-getaudit", "", AC_ARG_GETAUDIT}, 1607c478bd9Sstevel@tonic-gate { "-getauid", "", AC_ARG_GETAUID}, 1617c478bd9Sstevel@tonic-gate { "-getcar", "", AC_ARG_GETCAR}, 162*9e3700dfSgww { "-getclass", "event", AC_ARG_GETCLASS}, 1637c478bd9Sstevel@tonic-gate { "-getcond", "", AC_ARG_GETCOND}, 1647c478bd9Sstevel@tonic-gate { "-getcwd", "", AC_ARG_GETCWD}, 1657c478bd9Sstevel@tonic-gate { "-getestate", "event", AC_ARG_GETESTATE}, 1667c478bd9Sstevel@tonic-gate { "-getfsize", "", AC_ARG_GETFSIZE}, 1677c478bd9Sstevel@tonic-gate { "-getkaudit", "", AC_ARG_GETKAUDIT}, 1687c478bd9Sstevel@tonic-gate { "-getkmask", "", AC_ARG_GETKMASK}, 169*9e3700dfSgww { "-getpinfo", "pid", AC_ARG_GETPINFO}, 1707c478bd9Sstevel@tonic-gate { "-getpolicy", "", AC_ARG_GETPOLICY}, 1717c478bd9Sstevel@tonic-gate { "-getqbufsz", "", AC_ARG_GETQBUFSZ}, 1727c478bd9Sstevel@tonic-gate { "-getqctrl", "", AC_ARG_GETQCTRL}, 1737c478bd9Sstevel@tonic-gate { "-getqdelay", "", AC_ARG_GETQDELAY}, 1747c478bd9Sstevel@tonic-gate { "-getqhiwater", "", AC_ARG_GETQHIWATER}, 1757c478bd9Sstevel@tonic-gate { "-getqlowater", "", AC_ARG_GETQLOWATER}, 1767c478bd9Sstevel@tonic-gate { "-getstat", "", AC_ARG_GETSTAT}, 1777c478bd9Sstevel@tonic-gate { "-gettid", "", AC_ARG_GETTERMID}, 1787c478bd9Sstevel@tonic-gate { "-lsevent", "", AC_ARG_LSEVENT}, 1797c478bd9Sstevel@tonic-gate { "-lspolicy", "", AC_ARG_LSPOLICY}, 1807c478bd9Sstevel@tonic-gate { "-setasid", "asid [cmd]", AC_ARG_SETASID}, 181*9e3700dfSgww { "-setaudit", "auid audit_flags termid asid [cmd]", 1827c478bd9Sstevel@tonic-gate AC_ARG_SETAUDIT}, 1837c478bd9Sstevel@tonic-gate { "-setauid", "auid [cmd]", AC_ARG_SETAUID}, 1847c478bd9Sstevel@tonic-gate { "-setclass", "event audit_flags", AC_ARG_SETCLASS}, 1857c478bd9Sstevel@tonic-gate { "-setfsize", "filesize", AC_ARG_SETFSIZE}, 1867c478bd9Sstevel@tonic-gate { "-setkaudit", "type IP_address", AC_ARG_SETKAUDIT}, 1877c478bd9Sstevel@tonic-gate { "-setkmask", "audit_flags", AC_ARG_SETKMASK}, 188*9e3700dfSgww { "-setpmask", "pid audit_flags", AC_ARG_SETPMASK}, 189*9e3700dfSgww { "-setpolicy", "[+|-]policy_flags", AC_ARG_SETPOLICY}, 1907c478bd9Sstevel@tonic-gate { "-setqbufsz", "bufsz", AC_ARG_SETQBUFSZ}, 1917c478bd9Sstevel@tonic-gate { "-setqctrl", "hiwater lowater bufsz delay", AC_ARG_SETQCTRL}, 1927c478bd9Sstevel@tonic-gate { "-setqdelay", "delay", AC_ARG_SETQDELAY}, 1937c478bd9Sstevel@tonic-gate { "-setqhiwater", "hiwater", AC_ARG_SETQHIWATER}, 1947c478bd9Sstevel@tonic-gate { "-setqlowater", "lowater", AC_ARG_SETQLOWATER}, 1957c478bd9Sstevel@tonic-gate { "-setsmask", "asid audit_flags", AC_ARG_SETSMASK}, 1967c478bd9Sstevel@tonic-gate { "-setstat", "", AC_ARG_SETSTAT}, 1977c478bd9Sstevel@tonic-gate { "-setumask", "user audit_flags", AC_ARG_SETUMASK}, 1987c478bd9Sstevel@tonic-gate }; 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate #define ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry)) 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate static struct policy_entry policy_table[] = { 203*9e3700dfSgww {"ahlt", AUDIT_AHLT, "halt machine if it can not record an " 204*9e3700dfSgww "async event"}, 205*9e3700dfSgww {"all", ALL_POLICIES, "all policies"}, 206*9e3700dfSgww {"arge", AUDIT_ARGE, "include exec environment args in audit recs"}, 207*9e3700dfSgww {"argv", AUDIT_ARGV, "include exec command line args in audit recs"}, 208*9e3700dfSgww {"cnt", AUDIT_CNT, "when no more space, drop recs and keep a cnt"}, 209*9e3700dfSgww {"group", AUDIT_GROUP, "include supplementary groups in audit recs"}, 210*9e3700dfSgww {"none", NO_POLICIES, "no policies"}, 211*9e3700dfSgww {"path", AUDIT_PATH, "allow multiple paths per event"}, 212*9e3700dfSgww {"perzone", AUDIT_PERZONE, "use a separate queue and auditd per " 213*9e3700dfSgww "zone"}, 214*9e3700dfSgww {"public", AUDIT_PUBLIC, "audit public files"}, 215*9e3700dfSgww {"seq", AUDIT_SEQ, "include a sequence number in audit recs"}, 216*9e3700dfSgww {"trail", AUDIT_TRAIL, "include trailer token in audit recs"}, 217*9e3700dfSgww {"windata_down", AUDIT_WINDATA_DOWN, "include downgraded window " 218*9e3700dfSgww "information in audit recs"}, 219*9e3700dfSgww {"windata_up", AUDIT_WINDATA_UP, "include upgraded window " 220*9e3700dfSgww "information in audit recs"}, 221*9e3700dfSgww {"zonename", AUDIT_ZONENAME, "generate zonename token"} 2227c478bd9Sstevel@tonic-gate }; 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate #define POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry)) 2257c478bd9Sstevel@tonic-gate 226*9e3700dfSgww static char *progname = "auditconfig"; 2277c478bd9Sstevel@tonic-gate 228*9e3700dfSgww static au_event_ent_t *egetauevnam(char *event_name); 229*9e3700dfSgww static au_event_ent_t *egetauevnum(au_event_t event_number); 230*9e3700dfSgww static int arg_ent_compare(const void *aep1, const void *aep2); 231*9e3700dfSgww static char *cond2str(void); 232*9e3700dfSgww static int policy2str(uint_t policy, char *policy_str, size_t len); 233*9e3700dfSgww static int str2type(char *s, uint_t *type); 234*9e3700dfSgww static int str2policy(char *policy_str, uint_t *policy_mask); 235*9e3700dfSgww static int str2ipaddr(char *s, uint32_t *addr, uint32_t type); 236*9e3700dfSgww static int strisflags(char *s); 237*9e3700dfSgww static int strisipaddr(char *s); 238*9e3700dfSgww static int strisnum(char *s); 239*9e3700dfSgww static struct arg_entry *get_arg_ent(char *arg_str); 240*9e3700dfSgww static struct policy_entry *get_policy_ent(char *policy); 241*9e3700dfSgww static uid_t get_user_id(char *user); 242*9e3700dfSgww static void chk_event_num(int etype, au_event_t event); 243*9e3700dfSgww static void chk_event_str(int etype, char *event_str); 244*9e3700dfSgww static void chk_retval(char *retval_str); 245*9e3700dfSgww static void chk_sorf(char *sorf_str); 246*9e3700dfSgww static void do_aconf(void); 247*9e3700dfSgww static void do_args(char **argv); 248*9e3700dfSgww static void do_audit(char *, char, int, char *); 249*9e3700dfSgww static void do_chkaconf(void); 250*9e3700dfSgww static void do_chkconf(void); 251*9e3700dfSgww static void do_conf(void); 252*9e3700dfSgww static void do_getasid(void); 253*9e3700dfSgww static void do_getaudit(void); 254*9e3700dfSgww static void do_getkaudit(void); 255*9e3700dfSgww static void do_setkaudit(char *t, char *s); 256*9e3700dfSgww static void do_getauid(void); 257*9e3700dfSgww static void do_getcar(void); 258*9e3700dfSgww static void do_getclass(char *event_str); 259*9e3700dfSgww static void do_getcond(void); 260*9e3700dfSgww static void do_getcwd(void); 261*9e3700dfSgww static void do_getkmask(void); 262*9e3700dfSgww static void do_getpinfo(char *pid_str); 263*9e3700dfSgww static void do_getpolicy(void); 264*9e3700dfSgww static void do_getqbufsz(void); 265*9e3700dfSgww static void do_getqctrl(void); 266*9e3700dfSgww static void do_getqdelay(void); 267*9e3700dfSgww static void do_getqhiwater(void); 268*9e3700dfSgww static void do_getqlowater(void); 269*9e3700dfSgww static void do_getstat(void); 270*9e3700dfSgww static void do_gettermid(void); 271*9e3700dfSgww static void do_lsevent(void); 272*9e3700dfSgww static void do_lspolicy(void); 273*9e3700dfSgww static void do_setasid(char *sid_str, char **argv); 274*9e3700dfSgww static void do_setaudit(char *user_str, char *mask_str, char *tid_str, 275*9e3700dfSgww char *sid_str, char **argv); 276*9e3700dfSgww static void do_setauid(char *user, char **argv); 277*9e3700dfSgww static void do_setclass(char *event_str, char *audit_flags); 278*9e3700dfSgww static void do_setkmask(char *audit_flags); 279*9e3700dfSgww static void do_setpmask(char *pid_str, char *audit_flags); 280*9e3700dfSgww static void do_setsmask(char *asid_str, char *audit_flags); 281*9e3700dfSgww static void do_setumask(char *auid_str, char *audit_flags); 282*9e3700dfSgww static void do_setpolicy(char *policy_str); 283*9e3700dfSgww static void do_setqbufsz(char *bufsz); 284*9e3700dfSgww static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay); 285*9e3700dfSgww static void do_setqdelay(char *delay); 286*9e3700dfSgww static void do_setqhiwater(char *hiwater); 287*9e3700dfSgww static void do_setqlowater(char *lowater); 288*9e3700dfSgww static void do_setstat(void); 289*9e3700dfSgww static void do_getfsize(void); 290*9e3700dfSgww static void do_setfsize(char *size); 291*9e3700dfSgww static void str2mask(char *mask_str, au_mask_t *mp); 292*9e3700dfSgww static void str2tid(char *tid_str, au_tid_addr_t *tp); 293*9e3700dfSgww static void strsplit(char *s, char *p1, char *p2, char c); 29445916cd2Sjpk 295*9e3700dfSgww static void eauditon(int cmd, caddr_t data, int length); 296*9e3700dfSgww static void egetaudit(auditinfo_addr_t *ai, int size); 297*9e3700dfSgww static void egetkaudit(auditinfo_addr_t *ai, int size); 298*9e3700dfSgww static void esetkaudit(auditinfo_addr_t *ai, int size); 299*9e3700dfSgww static void egetauditflagsbin(char *auditflags, au_mask_t *pmask); 300*9e3700dfSgww static void egetauid(au_id_t *auid); 301*9e3700dfSgww static void esetaudit(auditinfo_addr_t *ai, int size); 302*9e3700dfSgww static void esetauid(au_id_t *auid); 303*9e3700dfSgww static void execit(char **argv); 304*9e3700dfSgww static void exit_error(char *fmt, ...); 305*9e3700dfSgww static void exit_usage(int status); 306*9e3700dfSgww static void parse_args(char **argv); 307*9e3700dfSgww static void print_asid(au_asid_t asid); 308*9e3700dfSgww static void print_auid(au_id_t auid); 309*9e3700dfSgww static void print_mask(char *desc, au_mask_t *pmp); 310*9e3700dfSgww static void print_tid_ex(au_tid_addr_t *tidp); 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate int 313*9e3700dfSgww main(int argc, char **argv) 3147c478bd9Sstevel@tonic-gate { 3157c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 3167c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate if (argc == 1) { 3197c478bd9Sstevel@tonic-gate exit_usage(0); 3207c478bd9Sstevel@tonic-gate exit(0); 3217c478bd9Sstevel@tonic-gate } 3227c478bd9Sstevel@tonic-gate 3237c478bd9Sstevel@tonic-gate if (argc == 2 && 3247c478bd9Sstevel@tonic-gate (argv[1][0] == '?' || 3257c478bd9Sstevel@tonic-gate strcmp(argv[1], "-h") == 0 || 3267c478bd9Sstevel@tonic-gate strcmp(argv[1], "-?") == 0)) 3277c478bd9Sstevel@tonic-gate exit_usage(0); 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate parse_args(argv); 3307c478bd9Sstevel@tonic-gate do_args(argv); 3317c478bd9Sstevel@tonic-gate 3327c478bd9Sstevel@tonic-gate return (0); 3337c478bd9Sstevel@tonic-gate } 3347c478bd9Sstevel@tonic-gate 3357c478bd9Sstevel@tonic-gate /* 3367c478bd9Sstevel@tonic-gate * parse_args() 3377c478bd9Sstevel@tonic-gate * Desc: Checks command line argument syntax. 3387c478bd9Sstevel@tonic-gate * Inputs: Command line argv; 3397c478bd9Sstevel@tonic-gate * Returns: If a syntax error is detected, a usage message is printed 3407c478bd9Sstevel@tonic-gate * and exit() is called. If a syntax error is not detected, 3417c478bd9Sstevel@tonic-gate * parse_args() returns without a value. 3427c478bd9Sstevel@tonic-gate */ 3437c478bd9Sstevel@tonic-gate static void 3447c478bd9Sstevel@tonic-gate parse_args(char **argv) 3457c478bd9Sstevel@tonic-gate { 3467c478bd9Sstevel@tonic-gate struct arg_entry *ae; 3477c478bd9Sstevel@tonic-gate 348*9e3700dfSgww au_mask_t mask; 3497c478bd9Sstevel@tonic-gate uint_t type; 3507c478bd9Sstevel@tonic-gate uint_t addr[4]; 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate for (++argv; *argv; argv++) { 353*9e3700dfSgww if ((ae = get_arg_ent(*argv)) == NULL) { 3547c478bd9Sstevel@tonic-gate exit_usage(1); 3557c478bd9Sstevel@tonic-gate } 3567c478bd9Sstevel@tonic-gate 3577c478bd9Sstevel@tonic-gate switch (ae->auditconfig_cmd) { 3587c478bd9Sstevel@tonic-gate 3597c478bd9Sstevel@tonic-gate case AC_ARG_AUDIT: 3607c478bd9Sstevel@tonic-gate ++argv; 3617c478bd9Sstevel@tonic-gate if (!*argv) 3627c478bd9Sstevel@tonic-gate exit_usage(1); 3637c478bd9Sstevel@tonic-gate if (strisnum(*argv)) { 3647c478bd9Sstevel@tonic-gate chk_event_num(AC_USER_EVENT, 3657c478bd9Sstevel@tonic-gate (au_event_t)atol(*argv)); 366*9e3700dfSgww } else { 3677c478bd9Sstevel@tonic-gate chk_event_str(AC_USER_EVENT, *argv); 368*9e3700dfSgww } 3697c478bd9Sstevel@tonic-gate ++argv; 3707c478bd9Sstevel@tonic-gate if (!*argv) 3717c478bd9Sstevel@tonic-gate exit_usage(1); 3727c478bd9Sstevel@tonic-gate chk_sorf(*argv); 3737c478bd9Sstevel@tonic-gate ++argv; 3747c478bd9Sstevel@tonic-gate if (!*argv) 3757c478bd9Sstevel@tonic-gate exit_usage(1); 3767c478bd9Sstevel@tonic-gate chk_retval(*argv); 3777c478bd9Sstevel@tonic-gate ++argv; 3787c478bd9Sstevel@tonic-gate if (!*argv) 3797c478bd9Sstevel@tonic-gate exit_usage(1); 3807c478bd9Sstevel@tonic-gate break; 3817c478bd9Sstevel@tonic-gate 3827c478bd9Sstevel@tonic-gate case AC_ARG_CHKCONF: 3837c478bd9Sstevel@tonic-gate case AC_ARG_CONF: 3847c478bd9Sstevel@tonic-gate case AC_ARG_ACONF: 3857c478bd9Sstevel@tonic-gate case AC_ARG_CHKACONF: 3867c478bd9Sstevel@tonic-gate case AC_ARG_GETASID: 3877c478bd9Sstevel@tonic-gate case AC_ARG_GETAUID: 3887c478bd9Sstevel@tonic-gate case AC_ARG_GETAUDIT: 3897c478bd9Sstevel@tonic-gate case AC_ARG_GETKAUDIT: 3907c478bd9Sstevel@tonic-gate break; 3917c478bd9Sstevel@tonic-gate 3927c478bd9Sstevel@tonic-gate case AC_ARG_GETCLASS: 3937c478bd9Sstevel@tonic-gate case AC_ARG_GETESTATE: 3947c478bd9Sstevel@tonic-gate ++argv; 3957c478bd9Sstevel@tonic-gate if (!*argv) 3967c478bd9Sstevel@tonic-gate exit_usage(1); 397*9e3700dfSgww if (strisnum(*argv)) { 3987c478bd9Sstevel@tonic-gate chk_event_num(AC_KERN_EVENT, 3997c478bd9Sstevel@tonic-gate (au_event_t)atol(*argv)); 400*9e3700dfSgww } else { 4017c478bd9Sstevel@tonic-gate chk_event_str(AC_KERN_EVENT, *argv); 402*9e3700dfSgww } 4037c478bd9Sstevel@tonic-gate break; 4047c478bd9Sstevel@tonic-gate 4057c478bd9Sstevel@tonic-gate case AC_ARG_GETCAR: 4067c478bd9Sstevel@tonic-gate case AC_ARG_GETCOND: 4077c478bd9Sstevel@tonic-gate case AC_ARG_GETCWD: 4087c478bd9Sstevel@tonic-gate case AC_ARG_GETKMASK: 4097c478bd9Sstevel@tonic-gate case AC_ARG_GETPOLICY: 4107c478bd9Sstevel@tonic-gate case AC_ARG_GETQBUFSZ: 4117c478bd9Sstevel@tonic-gate case AC_ARG_GETQCTRL: 4127c478bd9Sstevel@tonic-gate case AC_ARG_GETQDELAY: 4137c478bd9Sstevel@tonic-gate case AC_ARG_GETQHIWATER: 4147c478bd9Sstevel@tonic-gate case AC_ARG_GETQLOWATER: 4157c478bd9Sstevel@tonic-gate case AC_ARG_GETSTAT: 4167c478bd9Sstevel@tonic-gate case AC_ARG_GETTERMID: 4177c478bd9Sstevel@tonic-gate case AC_ARG_LSEVENT: 4187c478bd9Sstevel@tonic-gate case AC_ARG_LSPOLICY: 4197c478bd9Sstevel@tonic-gate break; 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gate case AC_ARG_SETASID: 4227c478bd9Sstevel@tonic-gate case AC_ARG_SETAUID: 4237c478bd9Sstevel@tonic-gate case AC_ARG_SETAUDIT: 4247c478bd9Sstevel@tonic-gate ++argv; 4257c478bd9Sstevel@tonic-gate if (!*argv) 4267c478bd9Sstevel@tonic-gate exit_usage(1); 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate while (*argv) 4297c478bd9Sstevel@tonic-gate ++argv; 4307c478bd9Sstevel@tonic-gate --argv; 4317c478bd9Sstevel@tonic-gate 4327c478bd9Sstevel@tonic-gate break; 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate case AC_ARG_SETKAUDIT: 4357c478bd9Sstevel@tonic-gate ++argv; 4367c478bd9Sstevel@tonic-gate if (!*argv) 4377c478bd9Sstevel@tonic-gate exit_usage(1); 4387c478bd9Sstevel@tonic-gate if (str2type (*argv, &type)) 4397c478bd9Sstevel@tonic-gate exit_error(gettext( 4407c478bd9Sstevel@tonic-gate "Invalid IP address type specified.")); 4417c478bd9Sstevel@tonic-gate ++argv; 4427c478bd9Sstevel@tonic-gate if (!*argv) 4437c478bd9Sstevel@tonic-gate exit_usage(1); 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate if (str2ipaddr(*argv, addr, type)) 4467c478bd9Sstevel@tonic-gate exit_error(gettext( 4477c478bd9Sstevel@tonic-gate "Invalid IP address specified.")); 4487c478bd9Sstevel@tonic-gate break; 4497c478bd9Sstevel@tonic-gate 4507c478bd9Sstevel@tonic-gate case AC_ARG_SETCLASS: 4517c478bd9Sstevel@tonic-gate ++argv; 4527c478bd9Sstevel@tonic-gate if (!*argv) 4537c478bd9Sstevel@tonic-gate exit_usage(1); 4547c478bd9Sstevel@tonic-gate if (strisnum(*argv)) 4557c478bd9Sstevel@tonic-gate chk_event_num(AC_KERN_EVENT, 4567c478bd9Sstevel@tonic-gate (au_event_t)atol(*argv)); 4577c478bd9Sstevel@tonic-gate else 4587c478bd9Sstevel@tonic-gate chk_event_str(AC_KERN_EVENT, *argv); 4597c478bd9Sstevel@tonic-gate ++argv; 4607c478bd9Sstevel@tonic-gate if (!*argv) 4617c478bd9Sstevel@tonic-gate exit_usage(1); 462*9e3700dfSgww str2mask(*argv, &mask); 4637c478bd9Sstevel@tonic-gate break; 4647c478bd9Sstevel@tonic-gate 4657c478bd9Sstevel@tonic-gate case AC_ARG_SETKMASK: 4667c478bd9Sstevel@tonic-gate ++argv; 4677c478bd9Sstevel@tonic-gate if (!*argv) 4687c478bd9Sstevel@tonic-gate exit_usage(1); 469*9e3700dfSgww str2mask(*argv, &mask); 4707c478bd9Sstevel@tonic-gate break; 4717c478bd9Sstevel@tonic-gate 4727c478bd9Sstevel@tonic-gate case AC_ARG_SETPOLICY: 4737c478bd9Sstevel@tonic-gate ++argv; 4747c478bd9Sstevel@tonic-gate if (!*argv) 4757c478bd9Sstevel@tonic-gate exit_usage(1); 4767c478bd9Sstevel@tonic-gate break; 4777c478bd9Sstevel@tonic-gate 4787c478bd9Sstevel@tonic-gate case AC_ARG_SETSTAT: 4797c478bd9Sstevel@tonic-gate break; 4807c478bd9Sstevel@tonic-gate 4817c478bd9Sstevel@tonic-gate case AC_ARG_GETPINFO: 4827c478bd9Sstevel@tonic-gate ++argv; 4837c478bd9Sstevel@tonic-gate if (!*argv) 4847c478bd9Sstevel@tonic-gate exit_usage(1); 4857c478bd9Sstevel@tonic-gate break; 4867c478bd9Sstevel@tonic-gate 4877c478bd9Sstevel@tonic-gate case AC_ARG_SETPMASK: 4887c478bd9Sstevel@tonic-gate ++argv; 4897c478bd9Sstevel@tonic-gate if (!*argv) 4907c478bd9Sstevel@tonic-gate exit_usage(1); 4917c478bd9Sstevel@tonic-gate ++argv; 4927c478bd9Sstevel@tonic-gate if (!*argv) 4937c478bd9Sstevel@tonic-gate exit_usage(1); 494*9e3700dfSgww str2mask(*argv, &mask); 4957c478bd9Sstevel@tonic-gate break; 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate case AC_ARG_SETQBUFSZ: 4987c478bd9Sstevel@tonic-gate ++argv; 4997c478bd9Sstevel@tonic-gate if (!*argv) 5007c478bd9Sstevel@tonic-gate exit_usage(1); 5017c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5027c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid bufsz specified.")); 5037c478bd9Sstevel@tonic-gate break; 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate case AC_ARG_SETQCTRL: 5067c478bd9Sstevel@tonic-gate ++argv; 5077c478bd9Sstevel@tonic-gate if (!*argv) 5087c478bd9Sstevel@tonic-gate exit_usage(1); 5097c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5107c478bd9Sstevel@tonic-gate exit_error(gettext( 5117c478bd9Sstevel@tonic-gate "Invalid hiwater specified.")); 5127c478bd9Sstevel@tonic-gate ++argv; 5137c478bd9Sstevel@tonic-gate if (!*argv) 5147c478bd9Sstevel@tonic-gate exit_usage(1); 5157c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5167c478bd9Sstevel@tonic-gate exit_error(gettext( 5177c478bd9Sstevel@tonic-gate gettext("Invalid lowater specified."))); 5187c478bd9Sstevel@tonic-gate ++argv; 5197c478bd9Sstevel@tonic-gate if (!*argv) 5207c478bd9Sstevel@tonic-gate exit_usage(1); 5217c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5227c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid bufsz specified.")); 5237c478bd9Sstevel@tonic-gate ++argv; 5247c478bd9Sstevel@tonic-gate if (!*argv) 5257c478bd9Sstevel@tonic-gate exit_usage(1); 5267c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5277c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid delay specified.")); 5287c478bd9Sstevel@tonic-gate break; 5297c478bd9Sstevel@tonic-gate 5307c478bd9Sstevel@tonic-gate case AC_ARG_SETQDELAY: 5317c478bd9Sstevel@tonic-gate ++argv; 5327c478bd9Sstevel@tonic-gate if (!*argv) 5337c478bd9Sstevel@tonic-gate exit_usage(1); 5347c478bd9Sstevel@tonic-gate if (!strisnum(*argv)) 5357c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid delay specified.")); 5367c478bd9Sstevel@tonic-gate break; 5377c478bd9Sstevel@tonic-gate 5387c478bd9Sstevel@tonic-gate case AC_ARG_SETQHIWATER: 5397c478bd9Sstevel@tonic-gate ++argv; 5407c478bd9Sstevel@tonic-gate if (!*argv) 5417c478bd9Sstevel@tonic-gate exit_usage(1); 542*9e3700dfSgww if (!strisnum(*argv)) { 5437c478bd9Sstevel@tonic-gate exit_error(gettext( 5447c478bd9Sstevel@tonic-gate "Invalid hiwater specified.")); 545*9e3700dfSgww } 5467c478bd9Sstevel@tonic-gate break; 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate case AC_ARG_SETQLOWATER: 5497c478bd9Sstevel@tonic-gate ++argv; 5507c478bd9Sstevel@tonic-gate if (!*argv) 5517c478bd9Sstevel@tonic-gate exit_usage(1); 552*9e3700dfSgww if (!strisnum(*argv)) { 5537c478bd9Sstevel@tonic-gate exit_error(gettext( 5547c478bd9Sstevel@tonic-gate "Invalid lowater specified.")); 555*9e3700dfSgww } 5567c478bd9Sstevel@tonic-gate break; 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate case AC_ARG_SETSMASK: 5597c478bd9Sstevel@tonic-gate case AC_ARG_SETUMASK: 5607c478bd9Sstevel@tonic-gate ++argv; 5617c478bd9Sstevel@tonic-gate if (!*argv) 5627c478bd9Sstevel@tonic-gate exit_usage(1); 5637c478bd9Sstevel@tonic-gate ++argv; 5647c478bd9Sstevel@tonic-gate if (!*argv) 5657c478bd9Sstevel@tonic-gate exit_usage(1); 566*9e3700dfSgww str2mask(*argv, &mask); 5677c478bd9Sstevel@tonic-gate break; 5687c478bd9Sstevel@tonic-gate 5697c478bd9Sstevel@tonic-gate case AC_ARG_GETFSIZE: 5707c478bd9Sstevel@tonic-gate break; 5717c478bd9Sstevel@tonic-gate 5727c478bd9Sstevel@tonic-gate case AC_ARG_SETFSIZE: 5737c478bd9Sstevel@tonic-gate ++argv; 5747c478bd9Sstevel@tonic-gate if (!*argv) 5757c478bd9Sstevel@tonic-gate exit_usage(1); 576*9e3700dfSgww if (!strisnum(*argv)) { 5777c478bd9Sstevel@tonic-gate exit_error(gettext( 5787c478bd9Sstevel@tonic-gate "Invalid hiwater specified.")); 579*9e3700dfSgww } 5807c478bd9Sstevel@tonic-gate break; 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate default: 5837c478bd9Sstevel@tonic-gate exit_error(gettext("Internal error #1.")); 5847c478bd9Sstevel@tonic-gate break; 5857c478bd9Sstevel@tonic-gate } 5867c478bd9Sstevel@tonic-gate } 5877c478bd9Sstevel@tonic-gate } 5887c478bd9Sstevel@tonic-gate 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate /* 5917c478bd9Sstevel@tonic-gate * do_args() 5927c478bd9Sstevel@tonic-gate * Desc: Do command line arguments in the order in which they appear. 5937c478bd9Sstevel@tonic-gate */ 5947c478bd9Sstevel@tonic-gate static void 595*9e3700dfSgww do_args(char **argv) 5967c478bd9Sstevel@tonic-gate { 5977c478bd9Sstevel@tonic-gate struct arg_entry *ae; 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate for (++argv; *argv; argv++) { 6007c478bd9Sstevel@tonic-gate ae = get_arg_ent(*argv); 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate switch (ae->auditconfig_cmd) { 6037c478bd9Sstevel@tonic-gate 6047c478bd9Sstevel@tonic-gate case AC_ARG_AUDIT: 6057c478bd9Sstevel@tonic-gate { 6067c478bd9Sstevel@tonic-gate char sorf; 6077c478bd9Sstevel@tonic-gate int retval; 6087c478bd9Sstevel@tonic-gate char *event_name; 6097c478bd9Sstevel@tonic-gate char *audit_str; 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate ++argv; 6127c478bd9Sstevel@tonic-gate event_name = *argv; 6137c478bd9Sstevel@tonic-gate ++argv; 6147c478bd9Sstevel@tonic-gate sorf = (char)atoi(*argv); 6157c478bd9Sstevel@tonic-gate ++argv; 6167c478bd9Sstevel@tonic-gate retval = atoi(*argv); 6177c478bd9Sstevel@tonic-gate ++argv; 6187c478bd9Sstevel@tonic-gate audit_str = *argv; 6197c478bd9Sstevel@tonic-gate do_audit(event_name, sorf, retval, audit_str); 6207c478bd9Sstevel@tonic-gate } 6217c478bd9Sstevel@tonic-gate break; 6227c478bd9Sstevel@tonic-gate 6237c478bd9Sstevel@tonic-gate case AC_ARG_CHKCONF: 6247c478bd9Sstevel@tonic-gate do_chkconf(); 6257c478bd9Sstevel@tonic-gate break; 6267c478bd9Sstevel@tonic-gate 6277c478bd9Sstevel@tonic-gate case AC_ARG_CONF: 6287c478bd9Sstevel@tonic-gate do_conf(); 6297c478bd9Sstevel@tonic-gate break; 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate case AC_ARG_CHKACONF: 6327c478bd9Sstevel@tonic-gate do_chkaconf(); 6337c478bd9Sstevel@tonic-gate break; 6347c478bd9Sstevel@tonic-gate 6357c478bd9Sstevel@tonic-gate case AC_ARG_ACONF: 6367c478bd9Sstevel@tonic-gate do_aconf(); 6377c478bd9Sstevel@tonic-gate break; 6387c478bd9Sstevel@tonic-gate 6397c478bd9Sstevel@tonic-gate case AC_ARG_GETASID: 6407c478bd9Sstevel@tonic-gate do_getasid(); 6417c478bd9Sstevel@tonic-gate break; 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate case AC_ARG_GETAUID: 6447c478bd9Sstevel@tonic-gate do_getauid(); 6457c478bd9Sstevel@tonic-gate break; 6467c478bd9Sstevel@tonic-gate 6477c478bd9Sstevel@tonic-gate case AC_ARG_GETAUDIT: 6487c478bd9Sstevel@tonic-gate do_getaudit(); 6497c478bd9Sstevel@tonic-gate break; 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate case AC_ARG_GETKAUDIT: 6527c478bd9Sstevel@tonic-gate do_getkaudit(); 6537c478bd9Sstevel@tonic-gate break; 6547c478bd9Sstevel@tonic-gate 6557c478bd9Sstevel@tonic-gate case AC_ARG_GETCLASS: 6567c478bd9Sstevel@tonic-gate case AC_ARG_GETESTATE: 6577c478bd9Sstevel@tonic-gate ++argv; 6587c478bd9Sstevel@tonic-gate do_getclass(*argv); 6597c478bd9Sstevel@tonic-gate break; 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate case AC_ARG_GETCAR: 6627c478bd9Sstevel@tonic-gate do_getcar(); 6637c478bd9Sstevel@tonic-gate break; 6647c478bd9Sstevel@tonic-gate 6657c478bd9Sstevel@tonic-gate case AC_ARG_GETCOND: 6667c478bd9Sstevel@tonic-gate do_getcond(); 6677c478bd9Sstevel@tonic-gate break; 6687c478bd9Sstevel@tonic-gate 6697c478bd9Sstevel@tonic-gate case AC_ARG_GETCWD: 6707c478bd9Sstevel@tonic-gate do_getcwd(); 6717c478bd9Sstevel@tonic-gate break; 6727c478bd9Sstevel@tonic-gate 6737c478bd9Sstevel@tonic-gate case AC_ARG_GETKMASK: 6747c478bd9Sstevel@tonic-gate do_getkmask(); 6757c478bd9Sstevel@tonic-gate break; 6767c478bd9Sstevel@tonic-gate 6777c478bd9Sstevel@tonic-gate case AC_ARG_GETPOLICY: 6787c478bd9Sstevel@tonic-gate do_getpolicy(); 6797c478bd9Sstevel@tonic-gate break; 6807c478bd9Sstevel@tonic-gate 6817c478bd9Sstevel@tonic-gate case AC_ARG_GETQBUFSZ: 6827c478bd9Sstevel@tonic-gate do_getqbufsz(); 6837c478bd9Sstevel@tonic-gate break; 6847c478bd9Sstevel@tonic-gate 6857c478bd9Sstevel@tonic-gate case AC_ARG_GETQCTRL: 6867c478bd9Sstevel@tonic-gate do_getqctrl(); 6877c478bd9Sstevel@tonic-gate break; 6887c478bd9Sstevel@tonic-gate 6897c478bd9Sstevel@tonic-gate case AC_ARG_GETQDELAY: 6907c478bd9Sstevel@tonic-gate do_getqdelay(); 6917c478bd9Sstevel@tonic-gate break; 6927c478bd9Sstevel@tonic-gate 6937c478bd9Sstevel@tonic-gate case AC_ARG_GETQHIWATER: 6947c478bd9Sstevel@tonic-gate do_getqhiwater(); 6957c478bd9Sstevel@tonic-gate break; 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate case AC_ARG_GETQLOWATER: 6987c478bd9Sstevel@tonic-gate do_getqlowater(); 6997c478bd9Sstevel@tonic-gate break; 7007c478bd9Sstevel@tonic-gate 7017c478bd9Sstevel@tonic-gate case AC_ARG_GETSTAT: 7027c478bd9Sstevel@tonic-gate do_getstat(); 7037c478bd9Sstevel@tonic-gate break; 7047c478bd9Sstevel@tonic-gate 7057c478bd9Sstevel@tonic-gate case AC_ARG_GETTERMID: 7067c478bd9Sstevel@tonic-gate do_gettermid(); 7077c478bd9Sstevel@tonic-gate break; 7087c478bd9Sstevel@tonic-gate 7097c478bd9Sstevel@tonic-gate case AC_ARG_LSEVENT: 7107c478bd9Sstevel@tonic-gate do_lsevent(); 7117c478bd9Sstevel@tonic-gate break; 7127c478bd9Sstevel@tonic-gate 7137c478bd9Sstevel@tonic-gate case AC_ARG_LSPOLICY: 7147c478bd9Sstevel@tonic-gate do_lspolicy(); 7157c478bd9Sstevel@tonic-gate break; 7167c478bd9Sstevel@tonic-gate 7177c478bd9Sstevel@tonic-gate case AC_ARG_SETASID: 7187c478bd9Sstevel@tonic-gate { 7197c478bd9Sstevel@tonic-gate char *sid_str; 7207c478bd9Sstevel@tonic-gate 7217c478bd9Sstevel@tonic-gate ++argv; 7227c478bd9Sstevel@tonic-gate sid_str = *argv; 7237c478bd9Sstevel@tonic-gate ++argv; 7247c478bd9Sstevel@tonic-gate do_setasid(sid_str, argv); 7257c478bd9Sstevel@tonic-gate } 7267c478bd9Sstevel@tonic-gate break; 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate case AC_ARG_SETAUID: 7297c478bd9Sstevel@tonic-gate { 7307c478bd9Sstevel@tonic-gate char *user; 7317c478bd9Sstevel@tonic-gate 7327c478bd9Sstevel@tonic-gate ++argv; 7337c478bd9Sstevel@tonic-gate user = *argv; 7347c478bd9Sstevel@tonic-gate ++argv; 7357c478bd9Sstevel@tonic-gate do_setauid(user, argv); 7367c478bd9Sstevel@tonic-gate } 7377c478bd9Sstevel@tonic-gate break; 7387c478bd9Sstevel@tonic-gate 7397c478bd9Sstevel@tonic-gate case AC_ARG_SETAUDIT: 7407c478bd9Sstevel@tonic-gate { 7417c478bd9Sstevel@tonic-gate char *user_str; 7427c478bd9Sstevel@tonic-gate char *mask_str; 7437c478bd9Sstevel@tonic-gate char *tid_str; 7447c478bd9Sstevel@tonic-gate char *sid_str; 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate ++argv; 7477c478bd9Sstevel@tonic-gate user_str = *argv; 7487c478bd9Sstevel@tonic-gate ++argv; 7497c478bd9Sstevel@tonic-gate mask_str = *argv; 7507c478bd9Sstevel@tonic-gate ++argv; 7517c478bd9Sstevel@tonic-gate tid_str = *argv; 7527c478bd9Sstevel@tonic-gate ++argv; 7537c478bd9Sstevel@tonic-gate sid_str = *argv; 7547c478bd9Sstevel@tonic-gate ++argv; 7557c478bd9Sstevel@tonic-gate do_setaudit(user_str, mask_str, 7567c478bd9Sstevel@tonic-gate tid_str, sid_str, argv); 7577c478bd9Sstevel@tonic-gate } 7587c478bd9Sstevel@tonic-gate break; 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate case AC_ARG_SETKAUDIT: 7617c478bd9Sstevel@tonic-gate { 7627c478bd9Sstevel@tonic-gate char *address_type, *address; 7637c478bd9Sstevel@tonic-gate 7647c478bd9Sstevel@tonic-gate ++argv; address_type = *argv; 7657c478bd9Sstevel@tonic-gate ++argv; address = *argv; 7667c478bd9Sstevel@tonic-gate do_setkaudit(address_type, address); 7677c478bd9Sstevel@tonic-gate } 7687c478bd9Sstevel@tonic-gate break; 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate case AC_ARG_SETCLASS: 7717c478bd9Sstevel@tonic-gate { 7727c478bd9Sstevel@tonic-gate char *event_str, *audit_flags; 7737c478bd9Sstevel@tonic-gate 7747c478bd9Sstevel@tonic-gate ++argv; event_str = *argv; 7757c478bd9Sstevel@tonic-gate ++argv; audit_flags = *argv; 7767c478bd9Sstevel@tonic-gate do_setclass(event_str, audit_flags); 7777c478bd9Sstevel@tonic-gate } 7787c478bd9Sstevel@tonic-gate break; 7797c478bd9Sstevel@tonic-gate 7807c478bd9Sstevel@tonic-gate case AC_ARG_SETKMASK: 7817c478bd9Sstevel@tonic-gate ++argv; 7827c478bd9Sstevel@tonic-gate do_setkmask(*argv); 7837c478bd9Sstevel@tonic-gate break; 7847c478bd9Sstevel@tonic-gate 7857c478bd9Sstevel@tonic-gate case AC_ARG_SETPOLICY: 7867c478bd9Sstevel@tonic-gate ++argv; 7877c478bd9Sstevel@tonic-gate do_setpolicy(*argv); 7887c478bd9Sstevel@tonic-gate break; 7897c478bd9Sstevel@tonic-gate 7907c478bd9Sstevel@tonic-gate case AC_ARG_GETPINFO: 7917c478bd9Sstevel@tonic-gate { 7927c478bd9Sstevel@tonic-gate char *pid_str; 7937c478bd9Sstevel@tonic-gate 7947c478bd9Sstevel@tonic-gate ++argv; 7957c478bd9Sstevel@tonic-gate pid_str = *argv; 7967c478bd9Sstevel@tonic-gate do_getpinfo(pid_str); 7977c478bd9Sstevel@tonic-gate } 7987c478bd9Sstevel@tonic-gate break; 7997c478bd9Sstevel@tonic-gate 8007c478bd9Sstevel@tonic-gate case AC_ARG_SETPMASK: 8017c478bd9Sstevel@tonic-gate { 8027c478bd9Sstevel@tonic-gate char *pid_str; 8037c478bd9Sstevel@tonic-gate char *audit_flags; 8047c478bd9Sstevel@tonic-gate 8057c478bd9Sstevel@tonic-gate ++argv; 8067c478bd9Sstevel@tonic-gate pid_str = *argv; 8077c478bd9Sstevel@tonic-gate ++argv; 8087c478bd9Sstevel@tonic-gate audit_flags = *argv; 8097c478bd9Sstevel@tonic-gate do_setpmask(pid_str, audit_flags); 8107c478bd9Sstevel@tonic-gate } 8117c478bd9Sstevel@tonic-gate break; 8127c478bd9Sstevel@tonic-gate 8137c478bd9Sstevel@tonic-gate case AC_ARG_SETSTAT: 8147c478bd9Sstevel@tonic-gate do_setstat(); 8157c478bd9Sstevel@tonic-gate break; 8167c478bd9Sstevel@tonic-gate 8177c478bd9Sstevel@tonic-gate case AC_ARG_SETQBUFSZ: 8187c478bd9Sstevel@tonic-gate ++argv; 8197c478bd9Sstevel@tonic-gate do_setqbufsz(*argv); 8207c478bd9Sstevel@tonic-gate break; 8217c478bd9Sstevel@tonic-gate 8227c478bd9Sstevel@tonic-gate case AC_ARG_SETQCTRL: 8237c478bd9Sstevel@tonic-gate { 8247c478bd9Sstevel@tonic-gate char *hiwater, *lowater, *bufsz, *delay; 8257c478bd9Sstevel@tonic-gate 8267c478bd9Sstevel@tonic-gate ++argv; hiwater = *argv; 8277c478bd9Sstevel@tonic-gate ++argv; lowater = *argv; 8287c478bd9Sstevel@tonic-gate ++argv; bufsz = *argv; 8297c478bd9Sstevel@tonic-gate ++argv; delay = *argv; 8307c478bd9Sstevel@tonic-gate do_setqctrl(hiwater, lowater, bufsz, delay); 8317c478bd9Sstevel@tonic-gate } 8327c478bd9Sstevel@tonic-gate break; 8337c478bd9Sstevel@tonic-gate case AC_ARG_SETQDELAY: 8347c478bd9Sstevel@tonic-gate ++argv; 8357c478bd9Sstevel@tonic-gate do_setqdelay(*argv); 8367c478bd9Sstevel@tonic-gate break; 8377c478bd9Sstevel@tonic-gate 8387c478bd9Sstevel@tonic-gate case AC_ARG_SETQHIWATER: 8397c478bd9Sstevel@tonic-gate ++argv; 8407c478bd9Sstevel@tonic-gate do_setqhiwater(*argv); 8417c478bd9Sstevel@tonic-gate break; 8427c478bd9Sstevel@tonic-gate 8437c478bd9Sstevel@tonic-gate case AC_ARG_SETQLOWATER: 8447c478bd9Sstevel@tonic-gate ++argv; 8457c478bd9Sstevel@tonic-gate do_setqlowater(*argv); 8467c478bd9Sstevel@tonic-gate break; 8477c478bd9Sstevel@tonic-gate 8487c478bd9Sstevel@tonic-gate case AC_ARG_SETSMASK: 8497c478bd9Sstevel@tonic-gate { 8507c478bd9Sstevel@tonic-gate char *asid_str; 8517c478bd9Sstevel@tonic-gate char *audit_flags; 8527c478bd9Sstevel@tonic-gate 8537c478bd9Sstevel@tonic-gate ++argv; 8547c478bd9Sstevel@tonic-gate asid_str = *argv; 8557c478bd9Sstevel@tonic-gate ++argv; 8567c478bd9Sstevel@tonic-gate audit_flags = *argv; 8577c478bd9Sstevel@tonic-gate do_setsmask(asid_str, audit_flags); 8587c478bd9Sstevel@tonic-gate } 8597c478bd9Sstevel@tonic-gate break; 8607c478bd9Sstevel@tonic-gate case AC_ARG_SETUMASK: 8617c478bd9Sstevel@tonic-gate { 8627c478bd9Sstevel@tonic-gate char *auid_str; 8637c478bd9Sstevel@tonic-gate char *audit_flags; 8647c478bd9Sstevel@tonic-gate 8657c478bd9Sstevel@tonic-gate ++argv; 8667c478bd9Sstevel@tonic-gate auid_str = *argv; 8677c478bd9Sstevel@tonic-gate ++argv; 8687c478bd9Sstevel@tonic-gate audit_flags = *argv; 8697c478bd9Sstevel@tonic-gate do_setumask(auid_str, audit_flags); 8707c478bd9Sstevel@tonic-gate } 8717c478bd9Sstevel@tonic-gate break; 8727c478bd9Sstevel@tonic-gate case AC_ARG_GETFSIZE: 8737c478bd9Sstevel@tonic-gate do_getfsize(); 8747c478bd9Sstevel@tonic-gate break; 8757c478bd9Sstevel@tonic-gate case AC_ARG_SETFSIZE: 8767c478bd9Sstevel@tonic-gate ++argv; 8777c478bd9Sstevel@tonic-gate do_setfsize(*argv); 8787c478bd9Sstevel@tonic-gate break; 8797c478bd9Sstevel@tonic-gate 8807c478bd9Sstevel@tonic-gate default: 8817c478bd9Sstevel@tonic-gate exit_error(gettext("Internal error #2.")); 8827c478bd9Sstevel@tonic-gate break; 8837c478bd9Sstevel@tonic-gate } 8847c478bd9Sstevel@tonic-gate } 8857c478bd9Sstevel@tonic-gate } 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate /* 8887c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 8897c478bd9Sstevel@tonic-gate * set. 8907c478bd9Sstevel@tonic-gate */ 8917c478bd9Sstevel@tonic-gate 8927c478bd9Sstevel@tonic-gate static void 893*9e3700dfSgww do_chkconf(void) 8947c478bd9Sstevel@tonic-gate { 8957c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 8967c478bd9Sstevel@tonic-gate au_mask_t pmask; 8977c478bd9Sstevel@tonic-gate char conf_aflags[256]; 8987c478bd9Sstevel@tonic-gate char run_aflags[256]; 8997c478bd9Sstevel@tonic-gate au_stat_t as; 9007c478bd9Sstevel@tonic-gate int class; 9017c478bd9Sstevel@tonic-gate int len; 9027c478bd9Sstevel@tonic-gate struct au_evclass_map cmap; 9037c478bd9Sstevel@tonic-gate 9047c478bd9Sstevel@tonic-gate pmask.am_success = pmask.am_failure = 0; 9057c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 9067c478bd9Sstevel@tonic-gate 9077c478bd9Sstevel@tonic-gate setauevent(); 908*9e3700dfSgww if (getauevent() == NULL) { 9097c478bd9Sstevel@tonic-gate (void) exit_error(gettext( 910*9e3700dfSgww "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); 9117c478bd9Sstevel@tonic-gate } 9127c478bd9Sstevel@tonic-gate 9137c478bd9Sstevel@tonic-gate setauevent(); 914*9e3700dfSgww while ((evp = getauevent()) != NULL) { 9157c478bd9Sstevel@tonic-gate cmap.ec_number = evp->ae_number; 9167c478bd9Sstevel@tonic-gate len = sizeof (struct au_evclass_map); 917*9e3700dfSgww if (evp->ae_number <= as.as_numevent) { 9187c478bd9Sstevel@tonic-gate if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { 9197c478bd9Sstevel@tonic-gate (void) printf("%s(%d):%s", 920*9e3700dfSgww evp->ae_name, evp->ae_number, 921*9e3700dfSgww gettext("UNKNOWN EVENT: Could not get " 922*9e3700dfSgww "class for event. Configuration may " 923*9e3700dfSgww "be bad.\n")); 9247c478bd9Sstevel@tonic-gate } else { 9257c478bd9Sstevel@tonic-gate class = cmap.ec_class; 9267c478bd9Sstevel@tonic-gate if (class != evp->ae_class) { 9277c478bd9Sstevel@tonic-gate conf_aflags[0] = run_aflags[0] = '\0'; 9287c478bd9Sstevel@tonic-gate pmask.am_success = class; 9297c478bd9Sstevel@tonic-gate pmask.am_failure = class; 9307c478bd9Sstevel@tonic-gate (void) getauditflagschar(run_aflags, 9317c478bd9Sstevel@tonic-gate &pmask, 0); 9327c478bd9Sstevel@tonic-gate pmask.am_success = evp->ae_class; 9337c478bd9Sstevel@tonic-gate pmask.am_failure = evp->ae_class; 9347c478bd9Sstevel@tonic-gate (void) getauditflagschar(conf_aflags, 9357c478bd9Sstevel@tonic-gate &pmask, 0); 9367c478bd9Sstevel@tonic-gate 9377c478bd9Sstevel@tonic-gate (void) printf(gettext( 938*9e3700dfSgww "%s(%d): CLASS MISMATCH: " 939*9e3700dfSgww "runtime class (%s) != " 940*9e3700dfSgww "configured class (%s)\n"), 9417c478bd9Sstevel@tonic-gate evp->ae_name, evp->ae_number, 942*9e3700dfSgww NONE(run_aflags), 943*9e3700dfSgww NONE(conf_aflags)); 944*9e3700dfSgww } 9457c478bd9Sstevel@tonic-gate } 9467c478bd9Sstevel@tonic-gate } 9477c478bd9Sstevel@tonic-gate } 9487c478bd9Sstevel@tonic-gate endauevent(); 9497c478bd9Sstevel@tonic-gate } 9507c478bd9Sstevel@tonic-gate 9517c478bd9Sstevel@tonic-gate /* 9527c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 9537c478bd9Sstevel@tonic-gate * set. 9547c478bd9Sstevel@tonic-gate */ 9557c478bd9Sstevel@tonic-gate static void 956*9e3700dfSgww do_conf(void) 9577c478bd9Sstevel@tonic-gate { 9587c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 9597c478bd9Sstevel@tonic-gate register int i; 9607c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 9617c478bd9Sstevel@tonic-gate au_stat_t as; 9627c478bd9Sstevel@tonic-gate 9637c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 9647c478bd9Sstevel@tonic-gate 9657c478bd9Sstevel@tonic-gate i = 0; 9667c478bd9Sstevel@tonic-gate setauevent(); 967*9e3700dfSgww while ((evp = getauevent()) != NULL) { 9687c478bd9Sstevel@tonic-gate if (evp->ae_number <= as.as_numevent) { 9697c478bd9Sstevel@tonic-gate ++i; 9707c478bd9Sstevel@tonic-gate ec.ec_number = evp->ae_number; 9717c478bd9Sstevel@tonic-gate ec.ec_class = evp->ae_class; 9727c478bd9Sstevel@tonic-gate eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 9737c478bd9Sstevel@tonic-gate } 9747c478bd9Sstevel@tonic-gate } 9757c478bd9Sstevel@tonic-gate endauevent(); 9767c478bd9Sstevel@tonic-gate (void) printf(gettext("Configured %d kernel events.\n"), i); 9777c478bd9Sstevel@tonic-gate 9787c478bd9Sstevel@tonic-gate } 9797c478bd9Sstevel@tonic-gate 9807c478bd9Sstevel@tonic-gate /* 9817c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 9827c478bd9Sstevel@tonic-gate * set. 9837c478bd9Sstevel@tonic-gate */ 9847c478bd9Sstevel@tonic-gate 9857c478bd9Sstevel@tonic-gate static void 986*9e3700dfSgww do_chkaconf(void) 9877c478bd9Sstevel@tonic-gate { 9887c478bd9Sstevel@tonic-gate char buf[1024]; 9897c478bd9Sstevel@tonic-gate au_mask_t pmask, kmask; 9907c478bd9Sstevel@tonic-gate 9917c478bd9Sstevel@tonic-gate if (getacna(buf, sizeof (buf)) < 0) { 9927c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 9937c478bd9Sstevel@tonic-gate gettext("bad non-attributable flags in audit_control\n")); 9947c478bd9Sstevel@tonic-gate exit(1); 9957c478bd9Sstevel@tonic-gate } 9967c478bd9Sstevel@tonic-gate 9977c478bd9Sstevel@tonic-gate if (getauditflagsbin(buf, &pmask) < 0) { 9987c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 9997c478bd9Sstevel@tonic-gate gettext("bad audit flag value encountered\n")); 10007c478bd9Sstevel@tonic-gate exit(1); 10017c478bd9Sstevel@tonic-gate } 10027c478bd9Sstevel@tonic-gate 10037c478bd9Sstevel@tonic-gate eauditon(A_GETKMASK, (caddr_t)&kmask, (int)sizeof (kmask)); 10047c478bd9Sstevel@tonic-gate 10057c478bd9Sstevel@tonic-gate if ((pmask.am_success != kmask.am_success) || 10067c478bd9Sstevel@tonic-gate (pmask.am_failure != kmask.am_failure)) { 10077c478bd9Sstevel@tonic-gate char kbuf[2048]; 10087c478bd9Sstevel@tonic-gate if (getauditflagschar(kbuf, &kmask, 0) < 0) { 10097c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 10107c478bd9Sstevel@tonic-gate gettext("bad kernel non-attributable mask\n")); 10117c478bd9Sstevel@tonic-gate exit(1); 10127c478bd9Sstevel@tonic-gate } 10137c478bd9Sstevel@tonic-gate (void) printf(gettext("non-attributable event mismatch ")); 10147c478bd9Sstevel@tonic-gate (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 10157c478bd9Sstevel@tonic-gate buf, kbuf); 10167c478bd9Sstevel@tonic-gate } 10177c478bd9Sstevel@tonic-gate } 10187c478bd9Sstevel@tonic-gate 10197c478bd9Sstevel@tonic-gate /* 10207c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 10217c478bd9Sstevel@tonic-gate * set. 10227c478bd9Sstevel@tonic-gate */ 10237c478bd9Sstevel@tonic-gate 10247c478bd9Sstevel@tonic-gate static void 1025*9e3700dfSgww do_aconf(void) 10267c478bd9Sstevel@tonic-gate { 10277c478bd9Sstevel@tonic-gate char buf[2048]; 10287c478bd9Sstevel@tonic-gate au_mask_t pmask; 10297c478bd9Sstevel@tonic-gate 10307c478bd9Sstevel@tonic-gate if (getacna(buf, sizeof (buf)) < 0) { 10317c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 10327c478bd9Sstevel@tonic-gate gettext("bad non-attributable flags in audit_control\n")); 10337c478bd9Sstevel@tonic-gate exit(1); 10347c478bd9Sstevel@tonic-gate } 10357c478bd9Sstevel@tonic-gate 10367c478bd9Sstevel@tonic-gate if (getauditflagsbin(buf, &pmask) < 0) { 10377c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 10387c478bd9Sstevel@tonic-gate gettext("bad audit flag value encountered\n")); 10397c478bd9Sstevel@tonic-gate exit(1); 10407c478bd9Sstevel@tonic-gate } 10417c478bd9Sstevel@tonic-gate 10427c478bd9Sstevel@tonic-gate eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 10437c478bd9Sstevel@tonic-gate (void) printf(gettext("Configured non-attributable events.\n")); 10447c478bd9Sstevel@tonic-gate } 10457c478bd9Sstevel@tonic-gate 10467c478bd9Sstevel@tonic-gate static void 1047*9e3700dfSgww do_audit(char *event, char sorf, int retval, char *audit_str) 10487c478bd9Sstevel@tonic-gate { 10497c478bd9Sstevel@tonic-gate int rtn; 10507c478bd9Sstevel@tonic-gate int rd; 10517c478bd9Sstevel@tonic-gate au_event_t event_num; 10527c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 10537c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 10547c478bd9Sstevel@tonic-gate token_t *tokp; 10557c478bd9Sstevel@tonic-gate 10567c478bd9Sstevel@tonic-gate egetaudit(&ai, sizeof (ai)); 10577c478bd9Sstevel@tonic-gate 10587c478bd9Sstevel@tonic-gate if (strisnum(event)) { 10597c478bd9Sstevel@tonic-gate event_num = (au_event_t)atoi(event); 10607c478bd9Sstevel@tonic-gate evp = egetauevnum(event_num); 1061*9e3700dfSgww } else { 10627c478bd9Sstevel@tonic-gate evp = egetauevnam(event); 1063*9e3700dfSgww } 10647c478bd9Sstevel@tonic-gate 10657c478bd9Sstevel@tonic-gate rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf, 10667c478bd9Sstevel@tonic-gate AU_PRS_USECACHE); 10677c478bd9Sstevel@tonic-gate 1068*9e3700dfSgww if (rtn == -1) { 10697c478bd9Sstevel@tonic-gate exit_error("%s\n%s %d\n", 10707c478bd9Sstevel@tonic-gate gettext("Check audit event configuration."), 10717c478bd9Sstevel@tonic-gate gettext("Could not get audit class for event number"), 10727c478bd9Sstevel@tonic-gate evp->ae_number); 1073*9e3700dfSgww } 10747c478bd9Sstevel@tonic-gate 10757c478bd9Sstevel@tonic-gate /* record is preselected */ 10767c478bd9Sstevel@tonic-gate if (rtn == 1) { 1077*9e3700dfSgww if ((rd = au_open()) == -1) { 1078*9e3700dfSgww exit_error(gettext("Could not get and audit record " 1079*9e3700dfSgww "descriptor\n")); 1080*9e3700dfSgww } 1081*9e3700dfSgww if ((tokp = au_to_me()) == NULL) { 1082*9e3700dfSgww exit_error(gettext("Could not allocate subject " 1083*9e3700dfSgww "token\n")); 1084*9e3700dfSgww } 1085*9e3700dfSgww if (au_write(rd, tokp) == -1) { 1086*9e3700dfSgww exit_error(gettext("Could not construct subject " 1087*9e3700dfSgww "token of audit record\n")); 1088*9e3700dfSgww } 1089*9e3700dfSgww if (is_system_labeled()) { 1090*9e3700dfSgww if ((tokp = au_to_mylabel()) == NULL) { 1091*9e3700dfSgww exit_error(gettext("Could not allocate " 1092*9e3700dfSgww "label token\n")); 1093*9e3700dfSgww } 1094*9e3700dfSgww if (au_write(rd, tokp) == -1) { 1095*9e3700dfSgww exit_error(gettext("Could not construct " 1096*9e3700dfSgww "label token of audit record\n")); 1097*9e3700dfSgww } 109845916cd2Sjpk } 109945916cd2Sjpk 1100*9e3700dfSgww if ((tokp = au_to_text(audit_str)) == NULL) 11017c478bd9Sstevel@tonic-gate exit_error(gettext("Could not allocate text token\n")); 11027c478bd9Sstevel@tonic-gate if (au_write(rd, tokp) == -1) 1103*9e3700dfSgww exit_error(gettext("Could not construct text token of " 1104*9e3700dfSgww "audit record\n")); 11057c478bd9Sstevel@tonic-gate #ifdef _LP64 1106*9e3700dfSgww if ((tokp = au_to_return64(sorf, retval)) == NULL) 11077c478bd9Sstevel@tonic-gate #else 1108*9e3700dfSgww if ((tokp = au_to_return32(sorf, retval)) == NULL) 11097c478bd9Sstevel@tonic-gate #endif 1110*9e3700dfSgww exit_error(gettext("Could not allocate return " 1111*9e3700dfSgww "token\n")); 1112*9e3700dfSgww if (au_write(rd, tokp) == -1) { 1113*9e3700dfSgww exit_error(gettext("Could not construct return token " 1114*9e3700dfSgww "of audit record\n")); 1115*9e3700dfSgww } 1116*9e3700dfSgww if (au_close(rd, 1, evp->ae_number) == -1) { 1117*9e3700dfSgww exit_error(gettext("Could not write audit record: " 1118*9e3700dfSgww "%s\n"), strerror(errno)); 1119*9e3700dfSgww } 11207c478bd9Sstevel@tonic-gate } 11217c478bd9Sstevel@tonic-gate } 11227c478bd9Sstevel@tonic-gate 11237c478bd9Sstevel@tonic-gate static void 1124*9e3700dfSgww do_getauid(void) 11257c478bd9Sstevel@tonic-gate { 11267c478bd9Sstevel@tonic-gate au_id_t auid; 11277c478bd9Sstevel@tonic-gate 11287c478bd9Sstevel@tonic-gate egetauid(&auid); 11297c478bd9Sstevel@tonic-gate print_auid(auid); 11307c478bd9Sstevel@tonic-gate } 11317c478bd9Sstevel@tonic-gate 11327c478bd9Sstevel@tonic-gate static void 1133*9e3700dfSgww do_getaudit(void) 11347c478bd9Sstevel@tonic-gate { 11357c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 11367c478bd9Sstevel@tonic-gate 11377c478bd9Sstevel@tonic-gate egetaudit(&ai, sizeof (ai)); 11387c478bd9Sstevel@tonic-gate print_auid(ai.ai_auid); 11397c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &ai.ai_mask); 11407c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 11417c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 11427c478bd9Sstevel@tonic-gate } 11437c478bd9Sstevel@tonic-gate 11447c478bd9Sstevel@tonic-gate static void 1145*9e3700dfSgww do_getkaudit(void) 11467c478bd9Sstevel@tonic-gate { 11477c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 11487c478bd9Sstevel@tonic-gate 11497c478bd9Sstevel@tonic-gate egetkaudit(&ai, sizeof (ai)); 11507c478bd9Sstevel@tonic-gate print_auid(ai.ai_auid); 11517c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &ai.ai_mask); 11527c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 11537c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 11547c478bd9Sstevel@tonic-gate } 11557c478bd9Sstevel@tonic-gate 11567c478bd9Sstevel@tonic-gate /* 11577c478bd9Sstevel@tonic-gate * per zone if AUDIT_PERZONE set, else only in global zone. 11587c478bd9Sstevel@tonic-gate */ 11597c478bd9Sstevel@tonic-gate 11607c478bd9Sstevel@tonic-gate static void 1161*9e3700dfSgww do_setkaudit(char *t, char *s) 11627c478bd9Sstevel@tonic-gate { 11637c478bd9Sstevel@tonic-gate uint_t type; 11647c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 11657c478bd9Sstevel@tonic-gate 11667c478bd9Sstevel@tonic-gate egetkaudit(&ai, sizeof (ai)); 11677c478bd9Sstevel@tonic-gate (void) str2type(t, &type); 11687c478bd9Sstevel@tonic-gate (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 11697c478bd9Sstevel@tonic-gate ai.ai_termid.at_type = type; 11707c478bd9Sstevel@tonic-gate esetkaudit(&ai, sizeof (ai)); 11717c478bd9Sstevel@tonic-gate } 11727c478bd9Sstevel@tonic-gate 11737c478bd9Sstevel@tonic-gate /* 11747c478bd9Sstevel@tonic-gate * returns zone-relative root 11757c478bd9Sstevel@tonic-gate */ 11767c478bd9Sstevel@tonic-gate 11777c478bd9Sstevel@tonic-gate static void 1178*9e3700dfSgww do_getcar(void) 11797c478bd9Sstevel@tonic-gate { 11807c478bd9Sstevel@tonic-gate char path[MAXPATHLEN]; 11817c478bd9Sstevel@tonic-gate 11827c478bd9Sstevel@tonic-gate eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 11837c478bd9Sstevel@tonic-gate (void) printf(gettext("current active root = %s\n"), path); 11847c478bd9Sstevel@tonic-gate } 11857c478bd9Sstevel@tonic-gate 11867c478bd9Sstevel@tonic-gate /* 11877c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 11887c478bd9Sstevel@tonic-gate * set. 11897c478bd9Sstevel@tonic-gate */ 11907c478bd9Sstevel@tonic-gate 11917c478bd9Sstevel@tonic-gate static void 1192*9e3700dfSgww do_getclass(char *event_str) 11937c478bd9Sstevel@tonic-gate { 11947c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 11957c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 11967c478bd9Sstevel@tonic-gate au_event_t event_number; 11977c478bd9Sstevel@tonic-gate char *event_name; 11987c478bd9Sstevel@tonic-gate 11997c478bd9Sstevel@tonic-gate if (strisnum(event_str)) { 12007c478bd9Sstevel@tonic-gate event_number = atol(event_str); 1201*9e3700dfSgww if ((evp = egetauevnum(event_number)) != NULL) { 12027c478bd9Sstevel@tonic-gate event_number = evp->ae_number; 12037c478bd9Sstevel@tonic-gate event_name = evp->ae_name; 1204*9e3700dfSgww } else { 12057c478bd9Sstevel@tonic-gate event_name = gettext("unknown"); 1206*9e3700dfSgww } 12077c478bd9Sstevel@tonic-gate } else { 12087c478bd9Sstevel@tonic-gate event_name = event_str; 1209*9e3700dfSgww if ((evp = egetauevnam(event_str)) != NULL) { 12107c478bd9Sstevel@tonic-gate event_number = evp->ae_number; 12117c478bd9Sstevel@tonic-gate } 1212*9e3700dfSgww } 12137c478bd9Sstevel@tonic-gate 12147c478bd9Sstevel@tonic-gate ec.ec_number = event_number; 12157c478bd9Sstevel@tonic-gate eauditon(A_GETCLASS, (caddr_t)&ec, 0); 12167c478bd9Sstevel@tonic-gate 1217*9e3700dfSgww (void) printf(gettext("audit class mask for event %s(%d) = 0x%x\n"), 1218*9e3700dfSgww event_name, event_number, ec.ec_class); 12197c478bd9Sstevel@tonic-gate } 12207c478bd9Sstevel@tonic-gate 12217c478bd9Sstevel@tonic-gate /* 12227c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 12237c478bd9Sstevel@tonic-gate * set. (AUC_DISABLED is always global, the other states are per zone 12247c478bd9Sstevel@tonic-gate * if AUDIT_PERZONE is set) 12257c478bd9Sstevel@tonic-gate */ 12267c478bd9Sstevel@tonic-gate 12277c478bd9Sstevel@tonic-gate static void 1228*9e3700dfSgww do_getcond(void) 12297c478bd9Sstevel@tonic-gate { 1230*9e3700dfSgww (void) printf(gettext("audit condition = %s\n"), cond2str()); 12317c478bd9Sstevel@tonic-gate } 12327c478bd9Sstevel@tonic-gate 12337c478bd9Sstevel@tonic-gate /* 12347c478bd9Sstevel@tonic-gate * returned path is relative to zone root 12357c478bd9Sstevel@tonic-gate */ 12367c478bd9Sstevel@tonic-gate 12377c478bd9Sstevel@tonic-gate static void 1238*9e3700dfSgww do_getcwd(void) 12397c478bd9Sstevel@tonic-gate { 12407c478bd9Sstevel@tonic-gate char path[MAXPATHLEN]; 12417c478bd9Sstevel@tonic-gate 12427c478bd9Sstevel@tonic-gate eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 12437c478bd9Sstevel@tonic-gate (void) printf(gettext("current working directory = %s\n"), path); 12447c478bd9Sstevel@tonic-gate } 12457c478bd9Sstevel@tonic-gate 12467c478bd9Sstevel@tonic-gate /* 12477c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 12487c478bd9Sstevel@tonic-gate * set. 12497c478bd9Sstevel@tonic-gate */ 12507c478bd9Sstevel@tonic-gate 12517c478bd9Sstevel@tonic-gate static void 1252*9e3700dfSgww do_getkmask(void) 12537c478bd9Sstevel@tonic-gate { 12547c478bd9Sstevel@tonic-gate au_mask_t pmask; 12557c478bd9Sstevel@tonic-gate 12567c478bd9Sstevel@tonic-gate eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 12577c478bd9Sstevel@tonic-gate print_mask(gettext("audit flags for non-attributable events"), &pmask); 12587c478bd9Sstevel@tonic-gate } 12597c478bd9Sstevel@tonic-gate 12607c478bd9Sstevel@tonic-gate /* 12617c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 12627c478bd9Sstevel@tonic-gate * set. (some policies can only be set from the global zone, but all 12637c478bd9Sstevel@tonic-gate * can be read from anywhere.) 12647c478bd9Sstevel@tonic-gate */ 12657c478bd9Sstevel@tonic-gate 12667c478bd9Sstevel@tonic-gate static void 1267*9e3700dfSgww do_getpolicy(void) 12687c478bd9Sstevel@tonic-gate { 12697c478bd9Sstevel@tonic-gate char policy_str[1024]; 12707c478bd9Sstevel@tonic-gate uint_t policy; 12717c478bd9Sstevel@tonic-gate 12727c478bd9Sstevel@tonic-gate eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 12737c478bd9Sstevel@tonic-gate (void) policy2str(policy, policy_str, sizeof (policy_str)); 12747c478bd9Sstevel@tonic-gate (void) printf(gettext("audit policies = %s\n"), policy_str); 12757c478bd9Sstevel@tonic-gate } 12767c478bd9Sstevel@tonic-gate 12777c478bd9Sstevel@tonic-gate static void 1278*9e3700dfSgww do_getpinfo(char *pid_str) 12797c478bd9Sstevel@tonic-gate { 12807c478bd9Sstevel@tonic-gate struct auditpinfo_addr ap; 12817c478bd9Sstevel@tonic-gate 12827c478bd9Sstevel@tonic-gate if (strisnum(pid_str)) 12837c478bd9Sstevel@tonic-gate ap.ap_pid = (pid_t)atoi(pid_str); 12847c478bd9Sstevel@tonic-gate else 12857c478bd9Sstevel@tonic-gate exit_usage(1); 12867c478bd9Sstevel@tonic-gate 12877c478bd9Sstevel@tonic-gate eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 12887c478bd9Sstevel@tonic-gate 12897c478bd9Sstevel@tonic-gate print_auid(ap.ap_auid); 12907c478bd9Sstevel@tonic-gate print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 12917c478bd9Sstevel@tonic-gate print_tid_ex(&(ap.ap_termid)); 12927c478bd9Sstevel@tonic-gate print_asid(ap.ap_asid); 12937c478bd9Sstevel@tonic-gate } 12947c478bd9Sstevel@tonic-gate 12957c478bd9Sstevel@tonic-gate /* 12967c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 12977c478bd9Sstevel@tonic-gate * set. 12987c478bd9Sstevel@tonic-gate */ 12997c478bd9Sstevel@tonic-gate 13007c478bd9Sstevel@tonic-gate static void 1301*9e3700dfSgww do_getqbufsz(void) 13027c478bd9Sstevel@tonic-gate { 13037c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 13047c478bd9Sstevel@tonic-gate 13057c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 13067c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 13077c478bd9Sstevel@tonic-gate qctrl.aq_bufsz); 13087c478bd9Sstevel@tonic-gate } 13097c478bd9Sstevel@tonic-gate 13107c478bd9Sstevel@tonic-gate /* 13117c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 13127c478bd9Sstevel@tonic-gate * set. 13137c478bd9Sstevel@tonic-gate */ 13147c478bd9Sstevel@tonic-gate 13157c478bd9Sstevel@tonic-gate static void 1316*9e3700dfSgww do_getqctrl(void) 13177c478bd9Sstevel@tonic-gate { 13187c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 13197c478bd9Sstevel@tonic-gate 13207c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 13217c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 13227c478bd9Sstevel@tonic-gate qctrl.aq_hiwater); 13237c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 13247c478bd9Sstevel@tonic-gate qctrl.aq_lowater); 13257c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 13267c478bd9Sstevel@tonic-gate qctrl.aq_bufsz); 13277c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue delay (ticks) = %ld\n"), 13287c478bd9Sstevel@tonic-gate qctrl.aq_delay); 13297c478bd9Sstevel@tonic-gate } 13307c478bd9Sstevel@tonic-gate 13317c478bd9Sstevel@tonic-gate /* 13327c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 13337c478bd9Sstevel@tonic-gate * set. 13347c478bd9Sstevel@tonic-gate */ 13357c478bd9Sstevel@tonic-gate 13367c478bd9Sstevel@tonic-gate static void 1337*9e3700dfSgww do_getqdelay(void) 13387c478bd9Sstevel@tonic-gate { 13397c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 13407c478bd9Sstevel@tonic-gate 13417c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 13427c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue delay (ticks) = %ld\n"), 13437c478bd9Sstevel@tonic-gate qctrl.aq_delay); 13447c478bd9Sstevel@tonic-gate } 13457c478bd9Sstevel@tonic-gate 13467c478bd9Sstevel@tonic-gate /* 13477c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 13487c478bd9Sstevel@tonic-gate * set. 13497c478bd9Sstevel@tonic-gate */ 13507c478bd9Sstevel@tonic-gate 13517c478bd9Sstevel@tonic-gate static void 1352*9e3700dfSgww do_getqhiwater(void) 13537c478bd9Sstevel@tonic-gate { 13547c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 13557c478bd9Sstevel@tonic-gate 13567c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 13577c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 13587c478bd9Sstevel@tonic-gate qctrl.aq_hiwater); 13597c478bd9Sstevel@tonic-gate } 13607c478bd9Sstevel@tonic-gate 13617c478bd9Sstevel@tonic-gate /* 13627c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 13637c478bd9Sstevel@tonic-gate * set. 13647c478bd9Sstevel@tonic-gate */ 13657c478bd9Sstevel@tonic-gate 13667c478bd9Sstevel@tonic-gate static void 1367*9e3700dfSgww do_getqlowater(void) 13687c478bd9Sstevel@tonic-gate { 13697c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 13707c478bd9Sstevel@tonic-gate 13717c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 13727c478bd9Sstevel@tonic-gate (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 13737c478bd9Sstevel@tonic-gate qctrl.aq_lowater); 13747c478bd9Sstevel@tonic-gate } 13757c478bd9Sstevel@tonic-gate 13767c478bd9Sstevel@tonic-gate static void 1377*9e3700dfSgww do_getasid(void) 13787c478bd9Sstevel@tonic-gate { 13797c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 13807c478bd9Sstevel@tonic-gate 13817c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 13827c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 13837c478bd9Sstevel@tonic-gate } 13847c478bd9Sstevel@tonic-gate print_asid(ai.ai_asid); 13857c478bd9Sstevel@tonic-gate } 13867c478bd9Sstevel@tonic-gate 13877c478bd9Sstevel@tonic-gate /* 13887c478bd9Sstevel@tonic-gate * The stats are for the entire system unless AUDIT_PERZONE is set. 13897c478bd9Sstevel@tonic-gate */ 13907c478bd9Sstevel@tonic-gate 13917c478bd9Sstevel@tonic-gate static void 1392*9e3700dfSgww do_getstat(void) 13937c478bd9Sstevel@tonic-gate { 13947c478bd9Sstevel@tonic-gate au_stat_t as; 1395*9e3700dfSgww int offset[12]; /* used to line the header up correctly */ 1396*9e3700dfSgww char buf[512]; 13977c478bd9Sstevel@tonic-gate 13987c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 1399*9e3700dfSgww (void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu " 1400*9e3700dfSgww "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n", 1401*9e3700dfSgww (ulong_t)as.as_generated, &(offset[0]), 1402*9e3700dfSgww (ulong_t)as.as_nonattrib, &(offset[1]), 1403*9e3700dfSgww (ulong_t)as.as_kernel, &(offset[2]), 1404*9e3700dfSgww (ulong_t)as.as_audit, &(offset[3]), 1405*9e3700dfSgww (ulong_t)as.as_auditctl, &(offset[4]), 1406*9e3700dfSgww (ulong_t)as.as_enqueue, &(offset[5]), 1407*9e3700dfSgww (ulong_t)as.as_written, &(offset[6]), 1408*9e3700dfSgww (ulong_t)as.as_wblocked, &(offset[7]), 1409*9e3700dfSgww (ulong_t)as.as_rblocked, &(offset[8]), 1410*9e3700dfSgww (ulong_t)as.as_dropped, &(offset[9]), 1411*9e3700dfSgww (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1412*9e3700dfSgww (ulong_t)as.as_memused / ONEK, &(offset[11])); 1413*9e3700dfSgww 1414*9e3700dfSgww /* 1415*9e3700dfSgww * TRANSLATION_NOTE 1416*9e3700dfSgww * Print a properly aligned header. 1417*9e3700dfSgww */ 1418*9e3700dfSgww (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n", 1419*9e3700dfSgww offset[0] - 1, gettext("gen"), 1420*9e3700dfSgww offset[1] - offset[0] -1, gettext("nona"), 1421*9e3700dfSgww offset[2] - offset[1] -1, gettext("kern"), 1422*9e3700dfSgww offset[3] - offset[2] -1, gettext("aud"), 1423*9e3700dfSgww offset[4] - offset[3] -1, gettext("ctl"), 1424*9e3700dfSgww offset[5] - offset[4] -1, gettext("enq"), 1425*9e3700dfSgww offset[6] - offset[5] -1, gettext("wrtn"), 1426*9e3700dfSgww offset[7] - offset[6] -1, gettext("wblk"), 1427*9e3700dfSgww offset[8] - offset[7] -1, gettext("rblk"), 1428*9e3700dfSgww offset[9] - offset[8] -1, gettext("drop"), 1429*9e3700dfSgww offset[10] - offset[9] -1, gettext("tot"), 1430*9e3700dfSgww offset[11] - offset[10], gettext("mem")); 1431*9e3700dfSgww 1432*9e3700dfSgww (void) printf("%s\n", buf); 14337c478bd9Sstevel@tonic-gate } 14347c478bd9Sstevel@tonic-gate 14357c478bd9Sstevel@tonic-gate static void 1436*9e3700dfSgww do_gettermid(void) 14377c478bd9Sstevel@tonic-gate { 14387c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 14397c478bd9Sstevel@tonic-gate 14407c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 14417c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 14427c478bd9Sstevel@tonic-gate } 14437c478bd9Sstevel@tonic-gate print_tid_ex(&ai.ai_termid); 14447c478bd9Sstevel@tonic-gate } 14457c478bd9Sstevel@tonic-gate 14467c478bd9Sstevel@tonic-gate /* 14477c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 14487c478bd9Sstevel@tonic-gate * set. 14497c478bd9Sstevel@tonic-gate */ 14507c478bd9Sstevel@tonic-gate 14517c478bd9Sstevel@tonic-gate static void 1452*9e3700dfSgww do_getfsize(void) 14537c478bd9Sstevel@tonic-gate { 14547c478bd9Sstevel@tonic-gate au_fstat_t fstat; 14557c478bd9Sstevel@tonic-gate 14567c478bd9Sstevel@tonic-gate eauditon(A_GETFSIZE, (caddr_t)&fstat, 0); 14577c478bd9Sstevel@tonic-gate (void) printf(gettext("Maximum file size %d, current file size %d\n"), 14587c478bd9Sstevel@tonic-gate fstat.af_filesz, fstat.af_currsz); 14597c478bd9Sstevel@tonic-gate } 14607c478bd9Sstevel@tonic-gate 14617c478bd9Sstevel@tonic-gate /* 14627c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 14637c478bd9Sstevel@tonic-gate * set. 14647c478bd9Sstevel@tonic-gate */ 14657c478bd9Sstevel@tonic-gate 14667c478bd9Sstevel@tonic-gate static void 1467*9e3700dfSgww do_lsevent(void) 14687c478bd9Sstevel@tonic-gate { 14697c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 14707c478bd9Sstevel@tonic-gate au_mask_t pmask; 14717c478bd9Sstevel@tonic-gate char auflags[256]; 14727c478bd9Sstevel@tonic-gate 14737c478bd9Sstevel@tonic-gate setauevent(); 1474*9e3700dfSgww if (getauevent() == NULL) { 14757c478bd9Sstevel@tonic-gate (void) exit_error(gettext( 1476*9e3700dfSgww "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); 14777c478bd9Sstevel@tonic-gate } 14787c478bd9Sstevel@tonic-gate 14797c478bd9Sstevel@tonic-gate setauevent(); 1480*9e3700dfSgww while ((evp = getauevent()) != NULL) { 14817c478bd9Sstevel@tonic-gate pmask.am_success = pmask.am_failure = evp->ae_class; 14827c478bd9Sstevel@tonic-gate if (getauditflagschar(auflags, &pmask, 0) == -1) 14837c478bd9Sstevel@tonic-gate (void) strcpy(auflags, "unknown"); 14847c478bd9Sstevel@tonic-gate (void) printf("%-30s %5d %s %s\n", 14857c478bd9Sstevel@tonic-gate evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 14867c478bd9Sstevel@tonic-gate } 14877c478bd9Sstevel@tonic-gate endauevent(); 14887c478bd9Sstevel@tonic-gate } 14897c478bd9Sstevel@tonic-gate 14907c478bd9Sstevel@tonic-gate /* 14917c478bd9Sstevel@tonic-gate * The returned value is for the global zone unless AUDIT_PERZONE is 14927c478bd9Sstevel@tonic-gate * set. 14937c478bd9Sstevel@tonic-gate */ 14947c478bd9Sstevel@tonic-gate 14957c478bd9Sstevel@tonic-gate static void 1496*9e3700dfSgww do_lspolicy(void) 14977c478bd9Sstevel@tonic-gate { 14987c478bd9Sstevel@tonic-gate int i; 14997c478bd9Sstevel@tonic-gate 15007c478bd9Sstevel@tonic-gate /* 15017c478bd9Sstevel@tonic-gate * TRANSLATION_NOTE 15027c478bd9Sstevel@tonic-gate * Print a properly aligned header. 15037c478bd9Sstevel@tonic-gate */ 15047c478bd9Sstevel@tonic-gate (void) printf(gettext("policy string description:\n")); 150545916cd2Sjpk for (i = 0; i < POLICY_TBL_SZ; i++) { 150645916cd2Sjpk (void) printf("%-17s%s\n", policy_table[i].policy_str, 15077c478bd9Sstevel@tonic-gate gettext(policy_table[i].policy_desc)); 15087c478bd9Sstevel@tonic-gate } 150945916cd2Sjpk } 15107c478bd9Sstevel@tonic-gate 15117c478bd9Sstevel@tonic-gate static void 1512*9e3700dfSgww do_setasid(char *sid_str, char **argv) 15137c478bd9Sstevel@tonic-gate { 15147c478bd9Sstevel@tonic-gate struct auditinfo_addr ai; 15157c478bd9Sstevel@tonic-gate 15167c478bd9Sstevel@tonic-gate if (getaudit_addr(&ai, sizeof (ai))) { 15177c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed")); 15187c478bd9Sstevel@tonic-gate } 15197c478bd9Sstevel@tonic-gate ai.ai_asid = (au_asid_t)atol(sid_str); 15207c478bd9Sstevel@tonic-gate if (setaudit_addr(&ai, sizeof (ai))) { 15217c478bd9Sstevel@tonic-gate exit_error(gettext("setaudit_addr(2) failed")); 15227c478bd9Sstevel@tonic-gate } 15237c478bd9Sstevel@tonic-gate execit(argv); 15247c478bd9Sstevel@tonic-gate } 15257c478bd9Sstevel@tonic-gate 15267c478bd9Sstevel@tonic-gate static void 1527*9e3700dfSgww do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str, 1528*9e3700dfSgww char **argv) 15297c478bd9Sstevel@tonic-gate { 15307c478bd9Sstevel@tonic-gate auditinfo_addr_t ai; 15317c478bd9Sstevel@tonic-gate 15327c478bd9Sstevel@tonic-gate ai.ai_auid = (au_id_t)get_user_id(user_str); 15337c478bd9Sstevel@tonic-gate str2mask(mask_str, &ai.ai_mask), 15347c478bd9Sstevel@tonic-gate str2tid(tid_str, &ai.ai_termid); 15357c478bd9Sstevel@tonic-gate ai.ai_asid = (au_asid_t)atol(sid_str); 15367c478bd9Sstevel@tonic-gate 15377c478bd9Sstevel@tonic-gate esetaudit(&ai, sizeof (ai)); 15387c478bd9Sstevel@tonic-gate execit(argv); 15397c478bd9Sstevel@tonic-gate } 15407c478bd9Sstevel@tonic-gate 15417c478bd9Sstevel@tonic-gate static void 1542*9e3700dfSgww do_setauid(char *user, char **argv) 15437c478bd9Sstevel@tonic-gate { 15447c478bd9Sstevel@tonic-gate au_id_t auid; 15457c478bd9Sstevel@tonic-gate 15467c478bd9Sstevel@tonic-gate auid = get_user_id(user); 15477c478bd9Sstevel@tonic-gate esetauid(&auid); 15487c478bd9Sstevel@tonic-gate execit(argv); 15497c478bd9Sstevel@tonic-gate } 15507c478bd9Sstevel@tonic-gate 15517c478bd9Sstevel@tonic-gate static void 1552*9e3700dfSgww do_setpmask(char *pid_str, char *audit_flags) 15537c478bd9Sstevel@tonic-gate { 15547c478bd9Sstevel@tonic-gate struct auditpinfo ap; 15557c478bd9Sstevel@tonic-gate 15567c478bd9Sstevel@tonic-gate if (strisnum(pid_str)) 15577c478bd9Sstevel@tonic-gate ap.ap_pid = (pid_t)atoi(pid_str); 15587c478bd9Sstevel@tonic-gate else 15597c478bd9Sstevel@tonic-gate exit_usage(1); 15607c478bd9Sstevel@tonic-gate 15617c478bd9Sstevel@tonic-gate str2mask(audit_flags, &ap.ap_mask); 15627c478bd9Sstevel@tonic-gate 15637c478bd9Sstevel@tonic-gate eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 15647c478bd9Sstevel@tonic-gate } 15657c478bd9Sstevel@tonic-gate 15667c478bd9Sstevel@tonic-gate static void 1567*9e3700dfSgww do_setsmask(char *asid_str, char *audit_flags) 15687c478bd9Sstevel@tonic-gate { 15697c478bd9Sstevel@tonic-gate struct auditinfo ainfo; 15707c478bd9Sstevel@tonic-gate 15717c478bd9Sstevel@tonic-gate if (strisnum(asid_str)) 15727c478bd9Sstevel@tonic-gate ainfo.ai_asid = (pid_t)atoi(asid_str); 15737c478bd9Sstevel@tonic-gate else 15747c478bd9Sstevel@tonic-gate exit_usage(1); 15757c478bd9Sstevel@tonic-gate 15767c478bd9Sstevel@tonic-gate str2mask(audit_flags, &ainfo.ai_mask); 15777c478bd9Sstevel@tonic-gate 15787c478bd9Sstevel@tonic-gate eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 15797c478bd9Sstevel@tonic-gate } 15807c478bd9Sstevel@tonic-gate 15817c478bd9Sstevel@tonic-gate static void 1582*9e3700dfSgww do_setumask(char *auid_str, char *audit_flags) 15837c478bd9Sstevel@tonic-gate { 15847c478bd9Sstevel@tonic-gate struct auditinfo ainfo; 15857c478bd9Sstevel@tonic-gate 15867c478bd9Sstevel@tonic-gate if (strisnum(auid_str)) 15877c478bd9Sstevel@tonic-gate ainfo.ai_auid = (pid_t)atoi(auid_str); 15887c478bd9Sstevel@tonic-gate else 15897c478bd9Sstevel@tonic-gate exit_usage(1); 15907c478bd9Sstevel@tonic-gate 15917c478bd9Sstevel@tonic-gate str2mask(audit_flags, &ainfo.ai_mask); 15927c478bd9Sstevel@tonic-gate 15937c478bd9Sstevel@tonic-gate eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 15947c478bd9Sstevel@tonic-gate } 15957c478bd9Sstevel@tonic-gate 15967c478bd9Sstevel@tonic-gate /* 15977c478bd9Sstevel@tonic-gate * local zone use is valid if AUDIT_PERZONE is set, otherwise the 15987c478bd9Sstevel@tonic-gate * syscall returns EPERM. 15997c478bd9Sstevel@tonic-gate */ 16007c478bd9Sstevel@tonic-gate 16017c478bd9Sstevel@tonic-gate static void 1602*9e3700dfSgww do_setstat(void) 16037c478bd9Sstevel@tonic-gate { 16047c478bd9Sstevel@tonic-gate au_stat_t as; 16057c478bd9Sstevel@tonic-gate 16067c478bd9Sstevel@tonic-gate as.as_audit = (uint_t)-1; 16077c478bd9Sstevel@tonic-gate as.as_auditctl = (uint_t)-1; 16087c478bd9Sstevel@tonic-gate as.as_dropped = (uint_t)-1; 16097c478bd9Sstevel@tonic-gate as.as_enqueue = (uint_t)-1; 16107c478bd9Sstevel@tonic-gate as.as_generated = (uint_t)-1; 16117c478bd9Sstevel@tonic-gate as.as_kernel = (uint_t)-1; 16127c478bd9Sstevel@tonic-gate as.as_nonattrib = (uint_t)-1; 16137c478bd9Sstevel@tonic-gate as.as_rblocked = (uint_t)-1; 16147c478bd9Sstevel@tonic-gate as.as_totalsize = (uint_t)-1; 16157c478bd9Sstevel@tonic-gate as.as_wblocked = (uint_t)-1; 16167c478bd9Sstevel@tonic-gate as.as_written = (uint_t)-1; 16177c478bd9Sstevel@tonic-gate 16187c478bd9Sstevel@tonic-gate eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1619*9e3700dfSgww (void) printf("%s\n", gettext("audit stats reset")); 16207c478bd9Sstevel@tonic-gate } 16217c478bd9Sstevel@tonic-gate 16227c478bd9Sstevel@tonic-gate /* 16237c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 16247c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 16257c478bd9Sstevel@tonic-gate */ 16267c478bd9Sstevel@tonic-gate 16277c478bd9Sstevel@tonic-gate static void 1628*9e3700dfSgww do_setclass(char *event_str, char *audit_flags) 16297c478bd9Sstevel@tonic-gate { 16307c478bd9Sstevel@tonic-gate au_event_t event; 16317c478bd9Sstevel@tonic-gate int mask; 16327c478bd9Sstevel@tonic-gate au_mask_t pmask; 16337c478bd9Sstevel@tonic-gate au_evclass_map_t ec; 16347c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 16357c478bd9Sstevel@tonic-gate 16367c478bd9Sstevel@tonic-gate if (strisnum(event_str)) 16377c478bd9Sstevel@tonic-gate event = (uint_t)atol(event_str); 16387c478bd9Sstevel@tonic-gate else { 1639*9e3700dfSgww if ((evp = egetauevnam(event_str)) != NULL) 16407c478bd9Sstevel@tonic-gate event = evp->ae_number; 16417c478bd9Sstevel@tonic-gate } 16427c478bd9Sstevel@tonic-gate 16437c478bd9Sstevel@tonic-gate if (strisnum(audit_flags)) 16447c478bd9Sstevel@tonic-gate mask = atoi(audit_flags); 16457c478bd9Sstevel@tonic-gate else { 16467c478bd9Sstevel@tonic-gate str2mask(audit_flags, &pmask); 16477c478bd9Sstevel@tonic-gate mask = pmask.am_success | pmask.am_failure; 16487c478bd9Sstevel@tonic-gate } 16497c478bd9Sstevel@tonic-gate 16507c478bd9Sstevel@tonic-gate ec.ec_number = event; 16517c478bd9Sstevel@tonic-gate ec.ec_class = mask; 16527c478bd9Sstevel@tonic-gate eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 16537c478bd9Sstevel@tonic-gate } 16547c478bd9Sstevel@tonic-gate 16557c478bd9Sstevel@tonic-gate /* 16567c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 16577c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 16587c478bd9Sstevel@tonic-gate */ 16597c478bd9Sstevel@tonic-gate 16607c478bd9Sstevel@tonic-gate static void 1661*9e3700dfSgww do_setkmask(char *audit_flags) 16627c478bd9Sstevel@tonic-gate { 16637c478bd9Sstevel@tonic-gate au_mask_t pmask; 16647c478bd9Sstevel@tonic-gate 16657c478bd9Sstevel@tonic-gate str2mask(audit_flags, &pmask); 16667c478bd9Sstevel@tonic-gate eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 16677c478bd9Sstevel@tonic-gate print_mask(gettext("audit flags for non-attributable events"), &pmask); 16687c478bd9Sstevel@tonic-gate } 16697c478bd9Sstevel@tonic-gate 16707c478bd9Sstevel@tonic-gate /* 16717c478bd9Sstevel@tonic-gate * ahlt and perzone are global zone only; the other policies are valid 16727c478bd9Sstevel@tonic-gate * in a local zone if AUDIT_PERZONE is set. The kernel insures that 16737c478bd9Sstevel@tonic-gate * a local zone can't change ahlt and perzone (EINVAL). 16747c478bd9Sstevel@tonic-gate */ 16757c478bd9Sstevel@tonic-gate 16767c478bd9Sstevel@tonic-gate static void 1677*9e3700dfSgww do_setpolicy(char *policy_str) 16787c478bd9Sstevel@tonic-gate { 16797c478bd9Sstevel@tonic-gate uint_t policy; 16807c478bd9Sstevel@tonic-gate 16817c478bd9Sstevel@tonic-gate switch (str2policy(policy_str, &policy)) { 16827c478bd9Sstevel@tonic-gate case 2: 16837c478bd9Sstevel@tonic-gate exit_error(gettext( 16847c478bd9Sstevel@tonic-gate "policy (%s) invalid in a local zone."), 16857c478bd9Sstevel@tonic-gate policy_str); 16867c478bd9Sstevel@tonic-gate break; 16877c478bd9Sstevel@tonic-gate default: 16887c478bd9Sstevel@tonic-gate exit_error(gettext( 16897c478bd9Sstevel@tonic-gate "Invalid policy (%s) specified."), 16907c478bd9Sstevel@tonic-gate policy_str); 16917c478bd9Sstevel@tonic-gate break; 16927c478bd9Sstevel@tonic-gate case 0: 16937c478bd9Sstevel@tonic-gate eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 16947c478bd9Sstevel@tonic-gate break; 16957c478bd9Sstevel@tonic-gate } 16967c478bd9Sstevel@tonic-gate } 16977c478bd9Sstevel@tonic-gate 16987c478bd9Sstevel@tonic-gate /* 16997c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17007c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17017c478bd9Sstevel@tonic-gate */ 17027c478bd9Sstevel@tonic-gate 17037c478bd9Sstevel@tonic-gate static void 1704*9e3700dfSgww do_setqbufsz(char *bufsz) 17057c478bd9Sstevel@tonic-gate { 17067c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 17077c478bd9Sstevel@tonic-gate 17087c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 17097c478bd9Sstevel@tonic-gate qctrl.aq_bufsz = atol(bufsz); 17107c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 17117c478bd9Sstevel@tonic-gate } 17127c478bd9Sstevel@tonic-gate 17137c478bd9Sstevel@tonic-gate /* 17147c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17157c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17167c478bd9Sstevel@tonic-gate */ 17177c478bd9Sstevel@tonic-gate 17187c478bd9Sstevel@tonic-gate static void 1719*9e3700dfSgww do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay) 17207c478bd9Sstevel@tonic-gate { 17217c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 17227c478bd9Sstevel@tonic-gate 17237c478bd9Sstevel@tonic-gate qctrl.aq_hiwater = atol(hiwater); 17247c478bd9Sstevel@tonic-gate qctrl.aq_lowater = atol(lowater); 17257c478bd9Sstevel@tonic-gate qctrl.aq_bufsz = atol(bufsz); 17267c478bd9Sstevel@tonic-gate qctrl.aq_delay = atol(delay); 17277c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 17287c478bd9Sstevel@tonic-gate } 17297c478bd9Sstevel@tonic-gate 17307c478bd9Sstevel@tonic-gate /* 17317c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17327c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17337c478bd9Sstevel@tonic-gate */ 17347c478bd9Sstevel@tonic-gate 17357c478bd9Sstevel@tonic-gate static void 1736*9e3700dfSgww do_setqdelay(char *delay) 17377c478bd9Sstevel@tonic-gate { 17387c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 17397c478bd9Sstevel@tonic-gate 17407c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 17417c478bd9Sstevel@tonic-gate qctrl.aq_delay = atol(delay); 17427c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 17437c478bd9Sstevel@tonic-gate } 17447c478bd9Sstevel@tonic-gate 17457c478bd9Sstevel@tonic-gate /* 17467c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17477c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17487c478bd9Sstevel@tonic-gate */ 17497c478bd9Sstevel@tonic-gate 17507c478bd9Sstevel@tonic-gate static void 1751*9e3700dfSgww do_setqhiwater(char *hiwater) 17527c478bd9Sstevel@tonic-gate { 17537c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 17547c478bd9Sstevel@tonic-gate 17557c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 17567c478bd9Sstevel@tonic-gate qctrl.aq_hiwater = atol(hiwater); 17577c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 17587c478bd9Sstevel@tonic-gate } 17597c478bd9Sstevel@tonic-gate 17607c478bd9Sstevel@tonic-gate /* 17617c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17627c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17637c478bd9Sstevel@tonic-gate */ 17647c478bd9Sstevel@tonic-gate 17657c478bd9Sstevel@tonic-gate static void 1766*9e3700dfSgww do_setqlowater(char *lowater) 17677c478bd9Sstevel@tonic-gate { 17687c478bd9Sstevel@tonic-gate struct au_qctrl qctrl; 17697c478bd9Sstevel@tonic-gate 17707c478bd9Sstevel@tonic-gate eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 17717c478bd9Sstevel@tonic-gate qctrl.aq_lowater = atol(lowater); 17727c478bd9Sstevel@tonic-gate eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 17737c478bd9Sstevel@tonic-gate } 17747c478bd9Sstevel@tonic-gate 17757c478bd9Sstevel@tonic-gate /* 17767c478bd9Sstevel@tonic-gate * AUDIT_PERZONE set: valid in all zones 17777c478bd9Sstevel@tonic-gate * AUDIT_PERZONE not set: valid in global zone only 17787c478bd9Sstevel@tonic-gate */ 17797c478bd9Sstevel@tonic-gate 17807c478bd9Sstevel@tonic-gate static void 1781*9e3700dfSgww do_setfsize(char *size) 17827c478bd9Sstevel@tonic-gate { 17837c478bd9Sstevel@tonic-gate au_fstat_t fstat; 17847c478bd9Sstevel@tonic-gate 17857c478bd9Sstevel@tonic-gate fstat.af_filesz = atol(size); 17867c478bd9Sstevel@tonic-gate eauditon(A_SETFSIZE, (caddr_t)&fstat, 0); 17877c478bd9Sstevel@tonic-gate } 17887c478bd9Sstevel@tonic-gate 17897c478bd9Sstevel@tonic-gate static void 1790*9e3700dfSgww eauditon(int cmd, caddr_t data, int length) 17917c478bd9Sstevel@tonic-gate { 17927c478bd9Sstevel@tonic-gate if (auditon(cmd, data, length) == -1) 17937c478bd9Sstevel@tonic-gate exit_error(gettext("auditon(2) failed.")); 17947c478bd9Sstevel@tonic-gate } 17957c478bd9Sstevel@tonic-gate 17967c478bd9Sstevel@tonic-gate static void 1797*9e3700dfSgww egetauid(au_id_t *auid) 17987c478bd9Sstevel@tonic-gate { 17997c478bd9Sstevel@tonic-gate if (getauid(auid) == -1) 18007c478bd9Sstevel@tonic-gate exit_error(gettext("getauid(2) failed.")); 18017c478bd9Sstevel@tonic-gate } 18027c478bd9Sstevel@tonic-gate 18037c478bd9Sstevel@tonic-gate static void 1804*9e3700dfSgww egetaudit(auditinfo_addr_t *ai, int size) 18057c478bd9Sstevel@tonic-gate { 18067c478bd9Sstevel@tonic-gate if (getaudit_addr(ai, size) == -1) 18077c478bd9Sstevel@tonic-gate exit_error(gettext("getaudit_addr(2) failed.")); 18087c478bd9Sstevel@tonic-gate } 18097c478bd9Sstevel@tonic-gate 18107c478bd9Sstevel@tonic-gate static void 1811*9e3700dfSgww egetkaudit(auditinfo_addr_t *ai, int size) 18127c478bd9Sstevel@tonic-gate { 18137c478bd9Sstevel@tonic-gate if (auditon(A_GETKAUDIT, (char *)ai, size) < 0) 18147c478bd9Sstevel@tonic-gate exit_error(gettext("auditon: A_GETKAUDIT failed.")); 18157c478bd9Sstevel@tonic-gate } 18167c478bd9Sstevel@tonic-gate 18177c478bd9Sstevel@tonic-gate static void 1818*9e3700dfSgww esetkaudit(auditinfo_addr_t *ai, int size) 18197c478bd9Sstevel@tonic-gate { 18207c478bd9Sstevel@tonic-gate if (auditon(A_SETKAUDIT, (char *)ai, size) < 0) 18217c478bd9Sstevel@tonic-gate exit_error(gettext("auditon: A_SETKAUDIT failed.")); 18227c478bd9Sstevel@tonic-gate } 18237c478bd9Sstevel@tonic-gate 18247c478bd9Sstevel@tonic-gate static void 1825*9e3700dfSgww egetauditflagsbin(char *auditflags, au_mask_t *pmask) 18267c478bd9Sstevel@tonic-gate { 18277c478bd9Sstevel@tonic-gate pmask->am_success = pmask->am_failure = 0; 18287c478bd9Sstevel@tonic-gate 18297c478bd9Sstevel@tonic-gate if (strcmp(auditflags, "none") == 0) 18307c478bd9Sstevel@tonic-gate return; 18317c478bd9Sstevel@tonic-gate 18327c478bd9Sstevel@tonic-gate if (getauditflagsbin(auditflags, pmask) < 0) { 18337c478bd9Sstevel@tonic-gate exit_error(gettext("Could not get audit flags (%s)"), 18347c478bd9Sstevel@tonic-gate auditflags); 18357c478bd9Sstevel@tonic-gate } 18367c478bd9Sstevel@tonic-gate } 18377c478bd9Sstevel@tonic-gate 18387c478bd9Sstevel@tonic-gate static au_event_ent_t * 1839*9e3700dfSgww egetauevnum(au_event_t event_number) 18407c478bd9Sstevel@tonic-gate { 18417c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 18427c478bd9Sstevel@tonic-gate 1843*9e3700dfSgww if ((evp = getauevnum(event_number)) == NULL) { 18447c478bd9Sstevel@tonic-gate exit_error(gettext("Could not get audit event %d"), 18457c478bd9Sstevel@tonic-gate event_number); 1846*9e3700dfSgww } 18477c478bd9Sstevel@tonic-gate 18487c478bd9Sstevel@tonic-gate return (evp); 18497c478bd9Sstevel@tonic-gate } 18507c478bd9Sstevel@tonic-gate 18517c478bd9Sstevel@tonic-gate static au_event_ent_t * 1852*9e3700dfSgww egetauevnam(char *event_name) 18537c478bd9Sstevel@tonic-gate { 18547c478bd9Sstevel@tonic-gate register au_event_ent_t *evp; 18557c478bd9Sstevel@tonic-gate 1856*9e3700dfSgww if ((evp = getauevnam(event_name)) == NULL) 18577c478bd9Sstevel@tonic-gate exit_error(gettext("Could not get audit event %s"), event_name); 18587c478bd9Sstevel@tonic-gate 18597c478bd9Sstevel@tonic-gate return (evp); 18607c478bd9Sstevel@tonic-gate } 18617c478bd9Sstevel@tonic-gate 18627c478bd9Sstevel@tonic-gate static void 1863*9e3700dfSgww esetauid(au_id_t *auid) 18647c478bd9Sstevel@tonic-gate { 18657c478bd9Sstevel@tonic-gate if (setauid(auid) == -1) 18667c478bd9Sstevel@tonic-gate exit_error(gettext("setauid(2) failed.")); 18677c478bd9Sstevel@tonic-gate } 18687c478bd9Sstevel@tonic-gate 18697c478bd9Sstevel@tonic-gate static void 1870*9e3700dfSgww esetaudit(auditinfo_addr_t *ai, int size) 18717c478bd9Sstevel@tonic-gate { 18727c478bd9Sstevel@tonic-gate if (setaudit_addr(ai, size) == -1) 18737c478bd9Sstevel@tonic-gate exit_error(gettext("setaudit_addr(2) failed.")); 18747c478bd9Sstevel@tonic-gate } 18757c478bd9Sstevel@tonic-gate 18767c478bd9Sstevel@tonic-gate static uid_t 1877*9e3700dfSgww get_user_id(char *user) 18787c478bd9Sstevel@tonic-gate { 18797c478bd9Sstevel@tonic-gate struct passwd *pwd; 18807c478bd9Sstevel@tonic-gate uid_t uid; 18817c478bd9Sstevel@tonic-gate 18827c478bd9Sstevel@tonic-gate if (isdigit(*user)) { 18837c478bd9Sstevel@tonic-gate uid = atoi(user); 1884*9e3700dfSgww if ((pwd = getpwuid(uid)) == NULL) { 18857c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid user: %s"), user); 18867c478bd9Sstevel@tonic-gate } 18877c478bd9Sstevel@tonic-gate } else { 1888*9e3700dfSgww if ((pwd = getpwnam(user)) == NULL) { 18897c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid user: %s"), user); 18907c478bd9Sstevel@tonic-gate } 18917c478bd9Sstevel@tonic-gate } 18927c478bd9Sstevel@tonic-gate 18937c478bd9Sstevel@tonic-gate return (pwd->pw_uid); 18947c478bd9Sstevel@tonic-gate } 18957c478bd9Sstevel@tonic-gate 18967c478bd9Sstevel@tonic-gate /* 18977c478bd9Sstevel@tonic-gate * get_arg_ent() 18987c478bd9Sstevel@tonic-gate * Inputs: command line argument string 18997c478bd9Sstevel@tonic-gate * Returns ptr to policy_entry if found; null, if not found 19007c478bd9Sstevel@tonic-gate */ 19017c478bd9Sstevel@tonic-gate static struct arg_entry * 1902*9e3700dfSgww get_arg_ent(char *arg_str) 19037c478bd9Sstevel@tonic-gate { 19047c478bd9Sstevel@tonic-gate struct arg_entry key; 19057c478bd9Sstevel@tonic-gate 19067c478bd9Sstevel@tonic-gate key.arg_str = arg_str; 19077c478bd9Sstevel@tonic-gate 1908*9e3700dfSgww return ((struct arg_entry *)bsearch((char *)&key, (char *)arg_table, 1909*9e3700dfSgww ARG_TBL_SZ, sizeof (struct arg_entry), arg_ent_compare)); 19107c478bd9Sstevel@tonic-gate } 19117c478bd9Sstevel@tonic-gate 19127c478bd9Sstevel@tonic-gate /* 19137c478bd9Sstevel@tonic-gate * arg_ent_compare() 19147c478bd9Sstevel@tonic-gate * Compares two command line arguments to determine which is 19157c478bd9Sstevel@tonic-gate * lexicographically greater. 19167c478bd9Sstevel@tonic-gate * Inputs: two argument map table entry pointers 19177c478bd9Sstevel@tonic-gate * Returns: > 1: aep1->arg_str > aep2->arg_str 19187c478bd9Sstevel@tonic-gate * < 1: aep1->arg_str < aep2->arg_str 19197c478bd9Sstevel@tonic-gate * 0: aep1->arg_str = aep->arg_str2 19207c478bd9Sstevel@tonic-gate */ 19217c478bd9Sstevel@tonic-gate static int 1922*9e3700dfSgww arg_ent_compare(const void *aep1, const void *aep2) 19237c478bd9Sstevel@tonic-gate { 1924*9e3700dfSgww return (strcmp(((struct arg_entry *)aep1)->arg_str, 1925*9e3700dfSgww ((struct arg_entry *)aep2)->arg_str)); 19267c478bd9Sstevel@tonic-gate } 19277c478bd9Sstevel@tonic-gate 19287c478bd9Sstevel@tonic-gate /* 19297c478bd9Sstevel@tonic-gate * Convert mask of the following forms: 19307c478bd9Sstevel@tonic-gate * 19317c478bd9Sstevel@tonic-gate * audit_flags (ie. +lo,-ad,pc) 19327c478bd9Sstevel@tonic-gate * 0xffffffff,0xffffffff 19337c478bd9Sstevel@tonic-gate * ffffffff,ffffffff 19347c478bd9Sstevel@tonic-gate * 20,20 19357c478bd9Sstevel@tonic-gate */ 19367c478bd9Sstevel@tonic-gate static void 1937*9e3700dfSgww str2mask(char *mask_str, au_mask_t *mp) 19387c478bd9Sstevel@tonic-gate { 19397c478bd9Sstevel@tonic-gate 19407c478bd9Sstevel@tonic-gate char sp[256]; 19417c478bd9Sstevel@tonic-gate char fp[256]; 19427c478bd9Sstevel@tonic-gate 19437c478bd9Sstevel@tonic-gate mp->am_success = 0; 19447c478bd9Sstevel@tonic-gate mp->am_failure = 0; 19457c478bd9Sstevel@tonic-gate 19467c478bd9Sstevel@tonic-gate /* 1947*9e3700dfSgww * a mask of the form +aa,bb,cc,-dd or 1948*9e3700dfSgww * a mask of the form 0xffffffff,0xffffffff or 1,1 19497c478bd9Sstevel@tonic-gate */ 19507c478bd9Sstevel@tonic-gate if (strisflags(mask_str)) { 19517c478bd9Sstevel@tonic-gate egetauditflagsbin(mask_str, mp); 19527c478bd9Sstevel@tonic-gate } else { 19537c478bd9Sstevel@tonic-gate strsplit(mask_str, sp, fp, ','); 19547c478bd9Sstevel@tonic-gate 1955*9e3700dfSgww if (strlen(sp) > (size_t)2 && !strncasecmp(sp, "0x", 2)) { 19567c478bd9Sstevel@tonic-gate (void) sscanf(sp + 2, "%x", &mp->am_success); 1957*9e3700dfSgww } else { 19587c478bd9Sstevel@tonic-gate (void) sscanf(sp, "%u", &mp->am_success); 1959*9e3700dfSgww } 19607c478bd9Sstevel@tonic-gate 1961*9e3700dfSgww if (strlen(fp) > (size_t)2 && !strncasecmp(fp, "0x", 2)) { 19627c478bd9Sstevel@tonic-gate (void) sscanf(fp + 2, "%x", &mp->am_failure); 1963*9e3700dfSgww } else { 19647c478bd9Sstevel@tonic-gate (void) sscanf(fp, "%u", &mp->am_failure); 19657c478bd9Sstevel@tonic-gate } 19667c478bd9Sstevel@tonic-gate } 1967*9e3700dfSgww } 19687c478bd9Sstevel@tonic-gate 19697c478bd9Sstevel@tonic-gate /* 19707c478bd9Sstevel@tonic-gate * tid_str is major,minor,host -- host is a name or an ip address 19717c478bd9Sstevel@tonic-gate */ 19727c478bd9Sstevel@tonic-gate 19737c478bd9Sstevel@tonic-gate static void 19747c478bd9Sstevel@tonic-gate str2tid(char *tid_str, au_tid_addr_t *tp) 19757c478bd9Sstevel@tonic-gate { 1976*9e3700dfSgww char *major_str; 1977*9e3700dfSgww char *minor_str; 1978*9e3700dfSgww char *host_str = NULL; 19797c478bd9Sstevel@tonic-gate major_t major = 0; 19807c478bd9Sstevel@tonic-gate major_t minor = 0; 19817c478bd9Sstevel@tonic-gate dev_t dev = 0; 19827c478bd9Sstevel@tonic-gate struct hostent *phe; 19837c478bd9Sstevel@tonic-gate int err; 19847c478bd9Sstevel@tonic-gate uint32_t ibuf; 19857c478bd9Sstevel@tonic-gate uint32_t ibuf6[4]; 19867c478bd9Sstevel@tonic-gate 19877c478bd9Sstevel@tonic-gate tp->at_port = 0; 19887c478bd9Sstevel@tonic-gate tp->at_type = 0; 19897c478bd9Sstevel@tonic-gate bzero(tp->at_addr, 16); 19907c478bd9Sstevel@tonic-gate 19917c478bd9Sstevel@tonic-gate major_str = tid_str; 19927c478bd9Sstevel@tonic-gate if ((minor_str = strchr(tid_str, ',')) != NULL) { 19937c478bd9Sstevel@tonic-gate *minor_str = '\0'; 19947c478bd9Sstevel@tonic-gate minor_str++; 19957c478bd9Sstevel@tonic-gate } 19967c478bd9Sstevel@tonic-gate 1997*9e3700dfSgww if (minor_str) { 19987c478bd9Sstevel@tonic-gate if ((host_str = strchr(minor_str, ',')) != NULL) { 19997c478bd9Sstevel@tonic-gate *host_str = '\0'; 20007c478bd9Sstevel@tonic-gate host_str++; 20017c478bd9Sstevel@tonic-gate } 2002*9e3700dfSgww } 20037c478bd9Sstevel@tonic-gate 20047c478bd9Sstevel@tonic-gate if (major_str) 20057c478bd9Sstevel@tonic-gate major = (major_t)atoi(major_str); 20067c478bd9Sstevel@tonic-gate 20077c478bd9Sstevel@tonic-gate if (minor_str) 20087c478bd9Sstevel@tonic-gate minor = (minor_t)atoi(minor_str); 20097c478bd9Sstevel@tonic-gate 20107c478bd9Sstevel@tonic-gate if ((dev = makedev(major, minor)) != NODEV) 20117c478bd9Sstevel@tonic-gate tp->at_port = dev; 20127c478bd9Sstevel@tonic-gate 20137c478bd9Sstevel@tonic-gate if (host_str) { 20147c478bd9Sstevel@tonic-gate if (strisipaddr(host_str)) { 20157c478bd9Sstevel@tonic-gate if (inet_pton(AF_INET, host_str, &ibuf)) { 20167c478bd9Sstevel@tonic-gate tp->at_addr[0] = ibuf; 20177c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv4; 20187c478bd9Sstevel@tonic-gate } else if (inet_pton(AF_INET6, host_str, ibuf6)) { 20197c478bd9Sstevel@tonic-gate tp->at_addr[0] = ibuf6[0]; 20207c478bd9Sstevel@tonic-gate tp->at_addr[1] = ibuf6[1]; 20217c478bd9Sstevel@tonic-gate tp->at_addr[2] = ibuf6[2]; 20227c478bd9Sstevel@tonic-gate tp->at_addr[3] = ibuf6[3]; 20237c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv6; 20247c478bd9Sstevel@tonic-gate } 20257c478bd9Sstevel@tonic-gate } else { 20267c478bd9Sstevel@tonic-gate phe = getipnodebyname((const void *)host_str, 20277c478bd9Sstevel@tonic-gate AF_INET, 0, &err); 20287c478bd9Sstevel@tonic-gate if (phe == 0) { 20297c478bd9Sstevel@tonic-gate phe = getipnodebyname((const void *)host_str, 20307c478bd9Sstevel@tonic-gate AF_INET6, 0, &err); 20317c478bd9Sstevel@tonic-gate } 20327c478bd9Sstevel@tonic-gate 20337c478bd9Sstevel@tonic-gate if (phe != NULL) { 20347c478bd9Sstevel@tonic-gate if (phe->h_addrtype == AF_INET6) { 20357c478bd9Sstevel@tonic-gate /* address is IPv6 (128 bits) */ 20367c478bd9Sstevel@tonic-gate (void) memcpy(&tp->at_addr[0], 20377c478bd9Sstevel@tonic-gate phe->h_addr_list[0], 16); 20387c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv6; 20397c478bd9Sstevel@tonic-gate } else { 20407c478bd9Sstevel@tonic-gate /* address is IPv4 (32 bits) */ 20417c478bd9Sstevel@tonic-gate (void) memcpy(&tp->at_addr[0], 20427c478bd9Sstevel@tonic-gate phe->h_addr_list[0], 4); 20437c478bd9Sstevel@tonic-gate tp->at_type = AU_IPv4; 20447c478bd9Sstevel@tonic-gate } 20457c478bd9Sstevel@tonic-gate freehostent(phe); 20467c478bd9Sstevel@tonic-gate } 20477c478bd9Sstevel@tonic-gate } 20487c478bd9Sstevel@tonic-gate } 20497c478bd9Sstevel@tonic-gate } 20507c478bd9Sstevel@tonic-gate 2051*9e3700dfSgww static char * 2052*9e3700dfSgww cond2str(void) 20537c478bd9Sstevel@tonic-gate { 2054*9e3700dfSgww uint_t cond; 20557c478bd9Sstevel@tonic-gate 2056*9e3700dfSgww eauditon(A_GETCOND, (caddr_t)&cond, (int)sizeof (cond)); 2057*9e3700dfSgww 2058*9e3700dfSgww switch (cond) { 2059*9e3700dfSgww 2060*9e3700dfSgww case AUC_AUDITING: 2061*9e3700dfSgww return ("auditing"); 2062*9e3700dfSgww 2063*9e3700dfSgww case AUC_NOAUDIT: 2064*9e3700dfSgww case AUC_INIT_AUDIT: 2065*9e3700dfSgww return ("noaudit"); 2066*9e3700dfSgww 2067*9e3700dfSgww case AUC_UNSET: 2068*9e3700dfSgww return ("unset"); 2069*9e3700dfSgww 2070*9e3700dfSgww case AUC_NOSPACE: 2071*9e3700dfSgww return ("nospace"); 2072*9e3700dfSgww 2073*9e3700dfSgww default: 2074*9e3700dfSgww return (""); 20757c478bd9Sstevel@tonic-gate } 20767c478bd9Sstevel@tonic-gate } 20777c478bd9Sstevel@tonic-gate 20787c478bd9Sstevel@tonic-gate static struct policy_entry * 2079*9e3700dfSgww get_policy_ent(char *policy) 20807c478bd9Sstevel@tonic-gate { 20817c478bd9Sstevel@tonic-gate int i; 20827c478bd9Sstevel@tonic-gate 208345916cd2Sjpk for (i = 0; i < POLICY_TBL_SZ; i++) { 2084*9e3700dfSgww if (strcasecmp(policy, 2085*9e3700dfSgww policy_table[i].policy_str) == 0) { 20867c478bd9Sstevel@tonic-gate return (&policy_table[i]); 208745916cd2Sjpk } 20887c478bd9Sstevel@tonic-gate } 20897c478bd9Sstevel@tonic-gate 2090*9e3700dfSgww return (NULL); 2091*9e3700dfSgww } 2092*9e3700dfSgww 2093*9e3700dfSgww /* 2094*9e3700dfSgww * exit = 0, success 2095*9e3700dfSgww * 1, error 2096*9e3700dfSgww * 2, bad zone 2097*9e3700dfSgww */ 2098*9e3700dfSgww 20997c478bd9Sstevel@tonic-gate static int 21007c478bd9Sstevel@tonic-gate str2policy(char *policy_str, uint_t *policy_mask) 21017c478bd9Sstevel@tonic-gate { 21027c478bd9Sstevel@tonic-gate char *buf; 21037c478bd9Sstevel@tonic-gate char *tok; 21047c478bd9Sstevel@tonic-gate char pfix; 21057c478bd9Sstevel@tonic-gate boolean_t is_all = 0; 21067c478bd9Sstevel@tonic-gate uint_t pm = 0; 21077c478bd9Sstevel@tonic-gate uint_t curp = 0; 21087c478bd9Sstevel@tonic-gate struct policy_entry *pep; 21097c478bd9Sstevel@tonic-gate 21107c478bd9Sstevel@tonic-gate pfix = *policy_str; 21117c478bd9Sstevel@tonic-gate 21127c478bd9Sstevel@tonic-gate if (pfix == '-' || pfix == '+' || pfix == '=') 21137c478bd9Sstevel@tonic-gate ++policy_str; 21147c478bd9Sstevel@tonic-gate 21157c478bd9Sstevel@tonic-gate if ((buf = strdup(policy_str)) == NULL) 21167c478bd9Sstevel@tonic-gate return (1); 21177c478bd9Sstevel@tonic-gate 2118*9e3700dfSgww for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) { 21197c478bd9Sstevel@tonic-gate if ((pep = get_policy_ent(tok)) == NULL) { 21207c478bd9Sstevel@tonic-gate return (1); 21217c478bd9Sstevel@tonic-gate } else { 21227c478bd9Sstevel@tonic-gate pm |= pep->policy_mask; 2123*9e3700dfSgww if (pep->policy_mask == ALL_POLICIES) { 21247c478bd9Sstevel@tonic-gate is_all = 1; 21257c478bd9Sstevel@tonic-gate } 21267c478bd9Sstevel@tonic-gate } 2127*9e3700dfSgww } 21287c478bd9Sstevel@tonic-gate free(buf); 21297c478bd9Sstevel@tonic-gate 21307c478bd9Sstevel@tonic-gate if (pfix == '-') { 2131*9e3700dfSgww if (!is_all && 2132*9e3700dfSgww (getzoneid() != GLOBAL_ZONEID) && 2133*9e3700dfSgww (pm & ~AUDIT_LOCAL)) { 21347c478bd9Sstevel@tonic-gate return (2); 2135*9e3700dfSgww } 21367c478bd9Sstevel@tonic-gate eauditon(A_GETPOLICY, (caddr_t)&curp, 0); 21377c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) 21387c478bd9Sstevel@tonic-gate curp &= AUDIT_LOCAL; 21397c478bd9Sstevel@tonic-gate *policy_mask = curp & ~pm; 21407c478bd9Sstevel@tonic-gate } else if (pfix == '+') { 21417c478bd9Sstevel@tonic-gate /* 2142*9e3700dfSgww * In a local zone, accept specifying "all", but not 2143*9e3700dfSgww * individually specifying global-zone only policies. 2144*9e3700dfSgww * Limit to all locally allowed, so system call doesn't 2145*9e3700dfSgww * fail. 21467c478bd9Sstevel@tonic-gate */ 2147*9e3700dfSgww if (!is_all && 2148*9e3700dfSgww (getzoneid() != GLOBAL_ZONEID) && 2149*9e3700dfSgww (pm & ~AUDIT_LOCAL)) { 21507c478bd9Sstevel@tonic-gate return (2); 2151*9e3700dfSgww } 21527c478bd9Sstevel@tonic-gate eauditon(A_GETPOLICY, (caddr_t)&curp, 0); 21537c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) { 21547c478bd9Sstevel@tonic-gate curp &= AUDIT_LOCAL; 2155*9e3700dfSgww if (is_all) { 21567c478bd9Sstevel@tonic-gate pm &= AUDIT_LOCAL; 21577c478bd9Sstevel@tonic-gate } 2158*9e3700dfSgww } 21597c478bd9Sstevel@tonic-gate *policy_mask = curp | pm; 21607c478bd9Sstevel@tonic-gate } else { 2161*9e3700dfSgww if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 21627c478bd9Sstevel@tonic-gate pm &= AUDIT_LOCAL; 2163*9e3700dfSgww } 21647c478bd9Sstevel@tonic-gate *policy_mask = pm; 21657c478bd9Sstevel@tonic-gate } 21667c478bd9Sstevel@tonic-gate return (0); 21677c478bd9Sstevel@tonic-gate } 21687c478bd9Sstevel@tonic-gate 21697c478bd9Sstevel@tonic-gate static int 2170*9e3700dfSgww policy2str(uint_t policy, char *policy_str, size_t len) 21717c478bd9Sstevel@tonic-gate { 21727c478bd9Sstevel@tonic-gate int i, j; 21737c478bd9Sstevel@tonic-gate 21747c478bd9Sstevel@tonic-gate if (policy == ALL_POLICIES) { 21757c478bd9Sstevel@tonic-gate (void) strcpy(policy_str, "all"); 21767c478bd9Sstevel@tonic-gate return (1); 21777c478bd9Sstevel@tonic-gate } 21787c478bd9Sstevel@tonic-gate 21797c478bd9Sstevel@tonic-gate if (policy == NO_POLICIES) { 21807c478bd9Sstevel@tonic-gate (void) strcpy(policy_str, "none"); 21817c478bd9Sstevel@tonic-gate return (1); 21827c478bd9Sstevel@tonic-gate } 21837c478bd9Sstevel@tonic-gate 21847c478bd9Sstevel@tonic-gate *policy_str = '\0'; 21857c478bd9Sstevel@tonic-gate 218645916cd2Sjpk for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) { 21877c478bd9Sstevel@tonic-gate if (policy & policy_table[i].policy_mask && 21887c478bd9Sstevel@tonic-gate policy_table[i].policy_mask != ALL_POLICIES) { 2189*9e3700dfSgww if (j++) { 21907c478bd9Sstevel@tonic-gate (void) strcat(policy_str, ","); 2191*9e3700dfSgww } 2192*9e3700dfSgww (void) strlcat(policy_str, policy_table[i].policy_str, 2193*9e3700dfSgww len); 21947c478bd9Sstevel@tonic-gate } 219545916cd2Sjpk } 21967c478bd9Sstevel@tonic-gate 21977c478bd9Sstevel@tonic-gate if (*policy_str) 21987c478bd9Sstevel@tonic-gate return (0); 21997c478bd9Sstevel@tonic-gate 22007c478bd9Sstevel@tonic-gate return (1); 22017c478bd9Sstevel@tonic-gate } 22027c478bd9Sstevel@tonic-gate 22037c478bd9Sstevel@tonic-gate 22047c478bd9Sstevel@tonic-gate static int 2205*9e3700dfSgww strisnum(char *s) 22067c478bd9Sstevel@tonic-gate { 2207*9e3700dfSgww if (s == NULL || !*s) 22087c478bd9Sstevel@tonic-gate return (0); 22097c478bd9Sstevel@tonic-gate 22107c478bd9Sstevel@tonic-gate for (; *s == '-' || *s == '+'; s++) 22117c478bd9Sstevel@tonic-gate 22127c478bd9Sstevel@tonic-gate if (!*s) 22137c478bd9Sstevel@tonic-gate return (0); 22147c478bd9Sstevel@tonic-gate 22157c478bd9Sstevel@tonic-gate for (; *s; s++) 22167c478bd9Sstevel@tonic-gate if (!isdigit(*s)) 22177c478bd9Sstevel@tonic-gate return (0); 22187c478bd9Sstevel@tonic-gate 22197c478bd9Sstevel@tonic-gate return (1); 22207c478bd9Sstevel@tonic-gate } 22217c478bd9Sstevel@tonic-gate 22227c478bd9Sstevel@tonic-gate static int 2223*9e3700dfSgww strisflags(char *s) 22247c478bd9Sstevel@tonic-gate { 2225*9e3700dfSgww if (s == NULL || !*s) 22267c478bd9Sstevel@tonic-gate return (0); 22277c478bd9Sstevel@tonic-gate 22287c478bd9Sstevel@tonic-gate for (; *s; s++) { 22297c478bd9Sstevel@tonic-gate if (!isalpha(*s) && 22307c478bd9Sstevel@tonic-gate (*s != '+' && *s != '-' && *s != '^' && *s != ',')) 22317c478bd9Sstevel@tonic-gate return (0); 22327c478bd9Sstevel@tonic-gate } 22337c478bd9Sstevel@tonic-gate 22347c478bd9Sstevel@tonic-gate return (1); 22357c478bd9Sstevel@tonic-gate } 22367c478bd9Sstevel@tonic-gate 22377c478bd9Sstevel@tonic-gate static int 2238*9e3700dfSgww strisipaddr(char *s) 22397c478bd9Sstevel@tonic-gate { 22407c478bd9Sstevel@tonic-gate int dot = 0; 22417c478bd9Sstevel@tonic-gate int colon = 0; 22427c478bd9Sstevel@tonic-gate 22437c478bd9Sstevel@tonic-gate /* no string */ 2244*9e3700dfSgww if ((s == NULL) || (!*s)) 22457c478bd9Sstevel@tonic-gate return (0); 22467c478bd9Sstevel@tonic-gate 22477c478bd9Sstevel@tonic-gate for (; *s; s++) { 22487c478bd9Sstevel@tonic-gate if (!(isxdigit(*s) || *s != '.' || *s != ':')) 22497c478bd9Sstevel@tonic-gate return (0); 2250*9e3700dfSgww if (*s == '.') 2251*9e3700dfSgww dot++; 2252*9e3700dfSgww if (*s == ':') 2253*9e3700dfSgww colon++; 22547c478bd9Sstevel@tonic-gate } 22557c478bd9Sstevel@tonic-gate 22567c478bd9Sstevel@tonic-gate if (dot && colon) 22577c478bd9Sstevel@tonic-gate return (0); 22587c478bd9Sstevel@tonic-gate 22597c478bd9Sstevel@tonic-gate if (!dot && !colon) 22607c478bd9Sstevel@tonic-gate return (0); 22617c478bd9Sstevel@tonic-gate 22627c478bd9Sstevel@tonic-gate return (1); 22637c478bd9Sstevel@tonic-gate } 22647c478bd9Sstevel@tonic-gate 22657c478bd9Sstevel@tonic-gate static void 2266*9e3700dfSgww strsplit(char *s, char *p1, char *p2, char c) 22677c478bd9Sstevel@tonic-gate { 22687c478bd9Sstevel@tonic-gate *p1 = *p2 = '\0'; 22697c478bd9Sstevel@tonic-gate 22707c478bd9Sstevel@tonic-gate while (*s != '\0' && *s != c) 22717c478bd9Sstevel@tonic-gate *p1++ = *s++; 22727c478bd9Sstevel@tonic-gate *p1 = '\0'; 22737c478bd9Sstevel@tonic-gate s++; 22747c478bd9Sstevel@tonic-gate 22757c478bd9Sstevel@tonic-gate while (*s != '\0') 22767c478bd9Sstevel@tonic-gate *p2++ = *s++; 22777c478bd9Sstevel@tonic-gate *p2 = '\0'; 22787c478bd9Sstevel@tonic-gate } 22797c478bd9Sstevel@tonic-gate 22807c478bd9Sstevel@tonic-gate static void 2281*9e3700dfSgww chk_event_num(int etype, au_event_t event) 22827c478bd9Sstevel@tonic-gate { 22837c478bd9Sstevel@tonic-gate au_stat_t as; 22847c478bd9Sstevel@tonic-gate 22857c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 22867c478bd9Sstevel@tonic-gate 22877c478bd9Sstevel@tonic-gate if (etype == AC_KERN_EVENT) { 22887c478bd9Sstevel@tonic-gate if (event > as.as_numevent) { 2289*9e3700dfSgww exit_error(gettext("Invalid kernel audit event " 2290*9e3700dfSgww "number specified.\n" 2291*9e3700dfSgww "\t%d is outside allowable range 0-%d."), 22927c478bd9Sstevel@tonic-gate event, as.as_numevent); 22937c478bd9Sstevel@tonic-gate } 2294*9e3700dfSgww } else { 2295*9e3700dfSgww /* user event */ 22967c478bd9Sstevel@tonic-gate if (event <= as.as_numevent) { 2297*9e3700dfSgww exit_error(gettext("Invalid user level audit event " 2298*9e3700dfSgww "number specified %d."), event); 22997c478bd9Sstevel@tonic-gate } 23007c478bd9Sstevel@tonic-gate } 23017c478bd9Sstevel@tonic-gate } 23027c478bd9Sstevel@tonic-gate 23037c478bd9Sstevel@tonic-gate static void 2304*9e3700dfSgww chk_event_str(int etype, char *event_str) 23057c478bd9Sstevel@tonic-gate { 23067c478bd9Sstevel@tonic-gate au_event_ent_t *evp; 23077c478bd9Sstevel@tonic-gate au_stat_t as; 23087c478bd9Sstevel@tonic-gate 23097c478bd9Sstevel@tonic-gate eauditon(A_GETSTAT, (caddr_t)&as, 0); 23107c478bd9Sstevel@tonic-gate 23117c478bd9Sstevel@tonic-gate evp = egetauevnam(event_str); 23127c478bd9Sstevel@tonic-gate if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) { 23137c478bd9Sstevel@tonic-gate exit_error( 23147c478bd9Sstevel@tonic-gate gettext("Invalid kernel audit event string specified.\n" 23157c478bd9Sstevel@tonic-gate "\t\"%s\" appears to be a user level event. " 2316*9e3700dfSgww "Check configuration."), event_str); 23177c478bd9Sstevel@tonic-gate } else if (etype == AC_USER_EVENT && 23187c478bd9Sstevel@tonic-gate (evp->ae_number < as.as_numevent)) { 23197c478bd9Sstevel@tonic-gate exit_error( 23207c478bd9Sstevel@tonic-gate gettext("Invalid user audit event string specified.\n" 23217c478bd9Sstevel@tonic-gate "\t\"%s\" appears to be a kernel event. " 2322*9e3700dfSgww "Check configuration."), event_str); 23237c478bd9Sstevel@tonic-gate } 23247c478bd9Sstevel@tonic-gate } 23257c478bd9Sstevel@tonic-gate 23267c478bd9Sstevel@tonic-gate static void 2327*9e3700dfSgww chk_sorf(char *sorf_str) 23287c478bd9Sstevel@tonic-gate { 23297c478bd9Sstevel@tonic-gate if (!strisnum(sorf_str)) 23307c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid sorf specified: %s"), sorf_str); 23317c478bd9Sstevel@tonic-gate } 23327c478bd9Sstevel@tonic-gate 23337c478bd9Sstevel@tonic-gate static void 2334*9e3700dfSgww chk_retval(char *retval_str) 23357c478bd9Sstevel@tonic-gate { 23367c478bd9Sstevel@tonic-gate if (!strisnum(retval_str)) 23377c478bd9Sstevel@tonic-gate exit_error(gettext("Invalid retval specified: %s"), retval_str); 23387c478bd9Sstevel@tonic-gate } 23397c478bd9Sstevel@tonic-gate 23407c478bd9Sstevel@tonic-gate static void 2341*9e3700dfSgww execit(char **argv) 23427c478bd9Sstevel@tonic-gate { 23437c478bd9Sstevel@tonic-gate char *shell; 23447c478bd9Sstevel@tonic-gate 2345*9e3700dfSgww if (*argv) { 23467c478bd9Sstevel@tonic-gate (void) execvp(*argv, argv); 2347*9e3700dfSgww } else { 2348*9e3700dfSgww if (((shell = getenv("SHELL")) == NULL) || 23497c478bd9Sstevel@tonic-gate *shell != '/') 23507c478bd9Sstevel@tonic-gate shell = "/bin/csh"; 23517c478bd9Sstevel@tonic-gate 2352*9e3700dfSgww (void) execlp(shell, shell, NULL); 23537c478bd9Sstevel@tonic-gate } 23547c478bd9Sstevel@tonic-gate 23557c478bd9Sstevel@tonic-gate exit_error(gettext("exec(2) failed")); 23567c478bd9Sstevel@tonic-gate } 23577c478bd9Sstevel@tonic-gate 23587c478bd9Sstevel@tonic-gate /* 23597c478bd9Sstevel@tonic-gate * exit_error() 23607c478bd9Sstevel@tonic-gate * Desc: Prints an error message along with corresponding system 23617c478bd9Sstevel@tonic-gate * error number and error message, then exits. 23627c478bd9Sstevel@tonic-gate * Inputs: Program name, program error message. 23637c478bd9Sstevel@tonic-gate */ 23647c478bd9Sstevel@tonic-gate /*PRINTFLIKE1*/ 23657c478bd9Sstevel@tonic-gate static void 23667c478bd9Sstevel@tonic-gate exit_error(char *fmt, ...) 23677c478bd9Sstevel@tonic-gate { 23687c478bd9Sstevel@tonic-gate va_list args; 23697c478bd9Sstevel@tonic-gate 23707c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: ", progname); 23717c478bd9Sstevel@tonic-gate 23727c478bd9Sstevel@tonic-gate va_start(args, fmt); 23737c478bd9Sstevel@tonic-gate (void) vfprintf(stderr, fmt, args); 23747c478bd9Sstevel@tonic-gate va_end(args); 23757c478bd9Sstevel@tonic-gate 23767c478bd9Sstevel@tonic-gate (void) fputc('\n', stderr); 23777c478bd9Sstevel@tonic-gate if (errno) 23787c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("%s: error = %s(%d)\n"), 23797c478bd9Sstevel@tonic-gate progname, strerror(errno), errno); 23807c478bd9Sstevel@tonic-gate (void) fflush(stderr); 23817c478bd9Sstevel@tonic-gate 23827c478bd9Sstevel@tonic-gate exit(1); 23837c478bd9Sstevel@tonic-gate } 23847c478bd9Sstevel@tonic-gate 23857c478bd9Sstevel@tonic-gate static void 2386*9e3700dfSgww exit_usage(int status) 23877c478bd9Sstevel@tonic-gate { 23887c478bd9Sstevel@tonic-gate FILE *fp; 23897c478bd9Sstevel@tonic-gate int i; 23907c478bd9Sstevel@tonic-gate 23917c478bd9Sstevel@tonic-gate fp = (status ? stderr : stdout); 23927c478bd9Sstevel@tonic-gate (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 23937c478bd9Sstevel@tonic-gate 2394*9e3700dfSgww for (i = 0; i < ARG_TBL_SZ; i++) 23957c478bd9Sstevel@tonic-gate (void) fprintf(fp, " %s %s\n", 2396*9e3700dfSgww arg_table[i].arg_str, arg_table[i].arg_opts); 23977c478bd9Sstevel@tonic-gate 23987c478bd9Sstevel@tonic-gate exit(status); 23997c478bd9Sstevel@tonic-gate } 24007c478bd9Sstevel@tonic-gate 24017c478bd9Sstevel@tonic-gate static void 2402*9e3700dfSgww print_asid(au_asid_t asid) 24037c478bd9Sstevel@tonic-gate { 24047c478bd9Sstevel@tonic-gate (void) printf(gettext("audit session id = %u\n"), asid); 24057c478bd9Sstevel@tonic-gate } 24067c478bd9Sstevel@tonic-gate 24077c478bd9Sstevel@tonic-gate static void 2408*9e3700dfSgww print_auid(au_id_t auid) 24097c478bd9Sstevel@tonic-gate { 24107c478bd9Sstevel@tonic-gate struct passwd *pwd; 24117c478bd9Sstevel@tonic-gate char *username; 24127c478bd9Sstevel@tonic-gate 2413*9e3700dfSgww if ((pwd = getpwuid((uid_t)auid)) != NULL) 24147c478bd9Sstevel@tonic-gate username = pwd->pw_name; 24157c478bd9Sstevel@tonic-gate else 24167c478bd9Sstevel@tonic-gate username = gettext("unknown"); 24177c478bd9Sstevel@tonic-gate 24187c478bd9Sstevel@tonic-gate (void) printf(gettext("audit id = %s(%d)\n"), username, auid); 24197c478bd9Sstevel@tonic-gate } 24207c478bd9Sstevel@tonic-gate 24217c478bd9Sstevel@tonic-gate static void 2422*9e3700dfSgww print_mask(char *desc, au_mask_t *pmp) 24237c478bd9Sstevel@tonic-gate { 24247c478bd9Sstevel@tonic-gate char auflags[512]; 24257c478bd9Sstevel@tonic-gate 24267c478bd9Sstevel@tonic-gate if (getauditflagschar(auflags, pmp, NULL) < 0) 24277c478bd9Sstevel@tonic-gate (void) strlcpy(auflags, gettext("unknown"), sizeof (auflags)); 24287c478bd9Sstevel@tonic-gate 24297c478bd9Sstevel@tonic-gate (void) printf("%s = %s(0x%x,0x%x)\n", 24307c478bd9Sstevel@tonic-gate desc, auflags, pmp->am_success, pmp->am_failure); 24317c478bd9Sstevel@tonic-gate } 24327c478bd9Sstevel@tonic-gate 24337c478bd9Sstevel@tonic-gate static void 2434*9e3700dfSgww print_tid_ex(au_tid_addr_t *tidp) 24357c478bd9Sstevel@tonic-gate { 24367c478bd9Sstevel@tonic-gate struct hostent *phe; 24377c478bd9Sstevel@tonic-gate char *hostname; 24387c478bd9Sstevel@tonic-gate struct in_addr ia; 24397c478bd9Sstevel@tonic-gate uint32_t *addr; 24407c478bd9Sstevel@tonic-gate int err; 2441*9e3700dfSgww char buf[INET6_ADDRSTRLEN]; 24427c478bd9Sstevel@tonic-gate char *bufp; 24437c478bd9Sstevel@tonic-gate 24447c478bd9Sstevel@tonic-gate 24457c478bd9Sstevel@tonic-gate /* IPV6 or IPV4 address */ 24467c478bd9Sstevel@tonic-gate if (tidp->at_type == AU_IPv4) { 24477c478bd9Sstevel@tonic-gate if ((phe = gethostbyaddr((char *)&tidp->at_addr[0], 2448*9e3700dfSgww sizeof (tidp->at_addr[0]), AF_INET)) != NULL) { 24497c478bd9Sstevel@tonic-gate hostname = phe->h_name; 2450*9e3700dfSgww } else { 24517c478bd9Sstevel@tonic-gate hostname = gettext("unknown"); 2452*9e3700dfSgww } 24537c478bd9Sstevel@tonic-gate 24547c478bd9Sstevel@tonic-gate ia.s_addr = tidp->at_addr[0]; 24557c478bd9Sstevel@tonic-gate 24567c478bd9Sstevel@tonic-gate (void) printf(gettext( 24577c478bd9Sstevel@tonic-gate "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), 24587c478bd9Sstevel@tonic-gate major(tidp->at_port), minor(tidp->at_port), 24597c478bd9Sstevel@tonic-gate hostname, inet_ntoa(ia)); 24607c478bd9Sstevel@tonic-gate } else { 24617c478bd9Sstevel@tonic-gate addr = &tidp->at_addr[0]; 24627c478bd9Sstevel@tonic-gate phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err); 24637c478bd9Sstevel@tonic-gate 24647c478bd9Sstevel@tonic-gate bzero(buf, sizeof (buf)); 24657c478bd9Sstevel@tonic-gate 2466*9e3700dfSgww (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf)); 2467*9e3700dfSgww if (phe == NULL) { 24687c478bd9Sstevel@tonic-gate bufp = gettext("unknown"); 2469*9e3700dfSgww } else { 24707c478bd9Sstevel@tonic-gate bufp = phe->h_name; 2471*9e3700dfSgww } 24727c478bd9Sstevel@tonic-gate 24737c478bd9Sstevel@tonic-gate (void) printf(gettext( 24747c478bd9Sstevel@tonic-gate "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), 24757c478bd9Sstevel@tonic-gate major(tidp->at_port), minor(tidp->at_port), 24767c478bd9Sstevel@tonic-gate bufp, buf); 2477*9e3700dfSgww if (phe) { 24787c478bd9Sstevel@tonic-gate freehostent(phe); 24797c478bd9Sstevel@tonic-gate } 24807c478bd9Sstevel@tonic-gate } 2481*9e3700dfSgww } 24827c478bd9Sstevel@tonic-gate 24837c478bd9Sstevel@tonic-gate static int 2484*9e3700dfSgww str2ipaddr(char *s, uint32_t *addr, uint32_t type) 24857c478bd9Sstevel@tonic-gate { 24867c478bd9Sstevel@tonic-gate int j, sl; 24877c478bd9Sstevel@tonic-gate char *ss; 24887c478bd9Sstevel@tonic-gate unsigned int v; 24897c478bd9Sstevel@tonic-gate 24907c478bd9Sstevel@tonic-gate bzero(addr, 16); 24917c478bd9Sstevel@tonic-gate if (strisipaddr(s)) { 24927c478bd9Sstevel@tonic-gate if (type == AU_IPv4) { 2493*9e3700dfSgww if (inet_pton(AF_INET, s, addr)) { 24947c478bd9Sstevel@tonic-gate return (0); 24957c478bd9Sstevel@tonic-gate } 2496*9e3700dfSgww return (1); 2497*9e3700dfSgww } else if (type == AU_IPv6) { 24987c478bd9Sstevel@tonic-gate if (inet_pton(AF_INET6, s, addr)) 24997c478bd9Sstevel@tonic-gate return (0); 25007c478bd9Sstevel@tonic-gate return (1); 25017c478bd9Sstevel@tonic-gate } 25027c478bd9Sstevel@tonic-gate return (1); 25037c478bd9Sstevel@tonic-gate } else { 25047c478bd9Sstevel@tonic-gate if (type == AU_IPv4) { 25057c478bd9Sstevel@tonic-gate (void) sscanf(s, "%x", &addr[0]); 25067c478bd9Sstevel@tonic-gate return (0); 2507*9e3700dfSgww } else if (type == AU_IPv6) { 25087c478bd9Sstevel@tonic-gate sl = strlen(s); 25097c478bd9Sstevel@tonic-gate ss = s; 25107c478bd9Sstevel@tonic-gate for (j = 3; j >= 0; j--) { 25117c478bd9Sstevel@tonic-gate if ((sl - 8) <= 0) { 25127c478bd9Sstevel@tonic-gate (void) sscanf(s, "%x", &v); 25137c478bd9Sstevel@tonic-gate addr[j] = v; 25147c478bd9Sstevel@tonic-gate return (0); 25157c478bd9Sstevel@tonic-gate } 25167c478bd9Sstevel@tonic-gate ss = &s[sl-8]; 25177c478bd9Sstevel@tonic-gate (void) sscanf(ss, "%x", &v); 25187c478bd9Sstevel@tonic-gate addr[j] = v; 25197c478bd9Sstevel@tonic-gate sl -= 8; 25207c478bd9Sstevel@tonic-gate *ss = '\0'; 25217c478bd9Sstevel@tonic-gate } 25227c478bd9Sstevel@tonic-gate } 25237c478bd9Sstevel@tonic-gate return (0); 25247c478bd9Sstevel@tonic-gate } 25257c478bd9Sstevel@tonic-gate } 25267c478bd9Sstevel@tonic-gate 25277c478bd9Sstevel@tonic-gate static int 2528*9e3700dfSgww str2type(char *s, uint_t *type) 25297c478bd9Sstevel@tonic-gate { 25307c478bd9Sstevel@tonic-gate if (strcmp(s, "ipv6") == 0) { 25317c478bd9Sstevel@tonic-gate *type = AU_IPv6; 25327c478bd9Sstevel@tonic-gate return (0); 25337c478bd9Sstevel@tonic-gate } 25347c478bd9Sstevel@tonic-gate if (strcmp(s, "ipv4") == 0) { 25357c478bd9Sstevel@tonic-gate *type = AU_IPv4; 25367c478bd9Sstevel@tonic-gate return (0); 25377c478bd9Sstevel@tonic-gate } 25387c478bd9Sstevel@tonic-gate 25397c478bd9Sstevel@tonic-gate return (1); 25407c478bd9Sstevel@tonic-gate } 2541