xref: /titanic_44/usr/src/uts/common/c2/audit_syscalls.c (revision 62a1b812a0c45c0d4c10ef645dda42bf71080108)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * This file contains the auditing system call code.
28  *
29  */
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/user.h>
36 #include <sys/vnode.h>
37 #include <sys/vfs.h>
38 #include <sys/session.h>	/* for session structure (auditctl(2) */
39 #include <sys/kmem.h>		/* for KM_SLEEP */
40 #include <sys/cred_impl.h>
41 #include <sys/types.h>
42 #include <sys/proc.h>
43 #include <sys/uio.h>
44 #include <sys/file.h>
45 #include <sys/stat.h>
46 #include <sys/pathname.h>
47 #include <sys/acct.h>
48 #include <sys/stropts.h>
49 #include <sys/exec.h>
50 #include <sys/thread.h>
51 #include <sys/cmn_err.h>
52 #include <sys/debug.h>
53 #include <sys/disp.h>
54 #include <sys/kobj.h>
55 #include <sys/sysmacros.h>
56 #include <sys/policy.h>
57 #include <sys/taskq.h>
58 #include <sys/zone.h>
59 
60 #include <c2/audit.h>
61 #include <c2/audit_kernel.h>
62 #include <c2/audit_record.h>
63 
64 #define	CLEAR_VAL	-1
65 
66 #define	HEADER_SIZE64	1;
67 #define	HEADER_SIZE32	0;
68 #define	AU_MIN_FILE_SZ	0x80000	/* minumum audit file size */
69 #define	AUDIT_REC_SIZE	0x8000	/* maximum user audit record size */
70 
71 extern kmutex_t pidlock;
72 
73 extern pri_t		minclsyspri;		/* priority for taskq */
74 
75 extern int audit_load;		/* defined in audit_start.c */
76 
77 int		au_auditstate = AUC_UNSET;	/* global audit state */
78 int		audit_policy;	/* global audit policies in force */
79 static clock_t	au_resid = 15;	/* wait .15 sec before droping a rec */
80 
81 static int	getauid(caddr_t);
82 static int	setauid(caddr_t);
83 static int	getaudit(caddr_t);
84 static int	getaudit_addr(caddr_t, int);
85 static int	setaudit(caddr_t);
86 static int	setaudit_addr(caddr_t, int);
87 static int	auditdoor(int);
88 static int	auditsvc(int, int);
89 static int	auditctl(int, caddr_t, int);
90 static int	audit_modsysent(char *, int, int (*)());
91 static void	au_output_thread();
92 /*
93  * This is the loadable module wrapper.
94  */
95 #include <sys/modctl.h>
96 #include "sys/syscall.h"
97 
98 static struct sysent auditsysent = {
99 	6,
100 	0,
101 	_auditsys
102 };
103 
104 /*
105  * Module linkage information for the kernel.
106  */
107 extern struct mod_ops mod_syscallops;
108 
109 static struct modlsys modlsys = {
110 	&mod_syscallops, "C2 system call", &auditsysent
111 };
112 
113 static struct modlinkage modlinkage = {
114 	MODREV_1, (void *)&modlsys, 0
115 };
116 
117 int
118 _init()
119 {
120 	int retval;
121 
122 	if (audit_load == 0)
123 		return (-1);
124 
125 	/*
126 	 * We are going to do an ugly thing here.
127 	 *  Because auditsys is already defined as a regular
128 	 *  syscall we have to change the definition for syscall
129 	 *  auditsys. Basically or in the SE_LOADABLE flag for
130 	 *  auditsys. We no have a static loadable syscall. Also
131 	 *  create an rw_lock.
132 	 */
133 
134 	if ((audit_modsysent("c2audit",
135 		SE_LOADABLE|SE_NOUNLOAD,
136 		_auditsys)) == -1)
137 		return (-1);
138 
139 	if ((retval = mod_install(&modlinkage)) != 0)
140 		return (retval);
141 
142 	return (0);
143 }
144 
145 int
146 _fini()
147 {
148 	return (EBUSY);
149 }
150 
151 int
152 _info(struct modinfo *modinfop)
153 {
154 	return (mod_info(&modlinkage, modinfop));
155 }
156 
157 /*
158  * when auditing is updated to allow enable/disable without
159  * reboot (and when the audit stubs are removed) *most* of these
160  * calls should return an error when auditing is off -- some
161  * for local zones only.
162  */
163 
164 int
165 _auditsys(struct auditcalls *uap, rval_t *rvp)
166 {
167 	int result = 0;
168 
169 	switch (uap->code) {
170 	case BSM_GETAUID:
171 		result = getauid((caddr_t)uap->a1);
172 		break;
173 	case BSM_SETAUID:
174 		result = setauid((caddr_t)uap->a1);
175 		break;
176 	case BSM_GETAUDIT:
177 		result = getaudit((caddr_t)uap->a1);
178 		break;
179 	case BSM_GETAUDIT_ADDR:
180 
181 		result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
182 		break;
183 	case BSM_SETAUDIT:
184 		result = setaudit((caddr_t)uap->a1);
185 		break;
186 	case BSM_SETAUDIT_ADDR:
187 		result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
188 		break;
189 	case BSM_AUDIT:
190 		result = audit((caddr_t)uap->a1, (int)uap->a2);
191 		break;
192 	case BSM_AUDITSVC:
193 		result = auditsvc((int)uap->a1, (int)uap->a2);
194 		break;
195 	case BSM_AUDITDOOR:
196 		result = auditdoor((int)uap->a1);
197 		break;
198 	case BSM_AUDITON:
199 	case BSM_AUDITCTL:
200 		result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
201 		break;
202 	default:
203 		result = EINVAL;
204 	}
205 	rvp->r_vals = result;
206 	return (result);
207 }
208 
209 /*
210  * Return the audit user ID for the current process.  Currently only
211  * the privileged processes may see the audit id.  That may change.
212  * If copyout is unsucessful return EFAULT.
213  */
214 static int
215 getauid(caddr_t auid_p)
216 {
217 	const auditinfo_addr_t	*ainfo;
218 
219 	if (secpolicy_audit_getattr(CRED()) != 0)
220 		return (EPERM);
221 
222 	ainfo = crgetauinfo(CRED());
223 	if (ainfo == NULL)
224 		return (EINVAL);
225 
226 	if (copyout(&ainfo->ai_auid, auid_p, sizeof (au_id_t)))
227 		return (EFAULT);
228 
229 	return (0);
230 }
231 
232 /*
233  * Set the audit userid, for a process.  This can only be changed by
234  * privileged processes.  The audit userid is inherited across forks & execs.
235  * Passed in is a pointer to the au_id_t; if copyin unsuccessful return EFAULT.
236  */
237 static int
238 setauid(caddr_t auid_p)
239 {
240 	proc_t *p;
241 	au_id_t	auid;
242 	cred_t *newcred;
243 	auditinfo_addr_t *auinfo;
244 
245 	if (secpolicy_audit_config(CRED()) != 0)
246 		return (EPERM);
247 
248 	if (copyin(auid_p, &auid, sizeof (au_id_t))) {
249 		return (EFAULT);
250 	}
251 
252 	newcred = cralloc();
253 	if ((auinfo = crgetauinfo_modifiable(newcred)) == NULL) {
254 		crfree(newcred);
255 		return (EINVAL);
256 	}
257 
258 	/* grab p_crlock and switch to new cred */
259 	p = curproc;
260 	mutex_enter(&p->p_crlock);
261 	crcopy_to(p->p_cred, newcred);
262 	p->p_cred = newcred;
263 
264 	auinfo->ai_auid = auid;			/* update the auid */
265 
266 	/* unlock and broadcast the cred changes */
267 	mutex_exit(&p->p_crlock);
268 	crset(p, newcred);
269 
270 	return (0);
271 }
272 
273 /*
274  * Get the audit state information from the current process.
275  * Return EFAULT if copyout fails.
276  */
277 static int
278 getaudit(caddr_t info_p)
279 {
280 	STRUCT_DECL(auditinfo, info);
281 	const auditinfo_addr_t	*ainfo;
282 	model_t	model;
283 
284 	if (secpolicy_audit_getattr(CRED()) != 0)
285 		return (EPERM);
286 
287 	model = get_udatamodel();
288 	STRUCT_INIT(info, model);
289 
290 	ainfo = crgetauinfo(CRED());
291 	if (ainfo == NULL)
292 		return (EINVAL);
293 
294 	/* trying to read a process with an IPv6 address? */
295 	if (ainfo->ai_termid.at_type == AU_IPv6)
296 		return (EOVERFLOW);
297 
298 	STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
299 	STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
300 #ifdef _LP64
301 	if (model == DATAMODEL_ILP32) {
302 		dev32_t dev;
303 		/* convert internal 64 bit form to 32 bit version */
304 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
305 			return (EOVERFLOW);
306 		}
307 		STRUCT_FSET(info, ai_termid.port, dev);
308 	} else
309 		STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
310 #else
311 	STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
312 #endif
313 	STRUCT_FSET(info, ai_termid.machine, ainfo->ai_termid.at_addr[0]);
314 	STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
315 
316 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
317 		return (EFAULT);
318 
319 	return (0);
320 }
321 
322 /*
323  * Get the audit state information from the current process.
324  * Return EFAULT if copyout fails.
325  */
326 static int
327 getaudit_addr(caddr_t info_p, int len)
328 {
329 	STRUCT_DECL(auditinfo_addr, info);
330 	const auditinfo_addr_t	*ainfo;
331 	model_t	model;
332 
333 	if (secpolicy_audit_getattr(CRED()) != 0)
334 		return (EPERM);
335 
336 	model = get_udatamodel();
337 	STRUCT_INIT(info, model);
338 
339 	if (len < STRUCT_SIZE(info))
340 		return (EOVERFLOW);
341 
342 	ainfo = crgetauinfo(CRED());
343 
344 	if (ainfo == NULL)
345 		return (EINVAL);
346 
347 	STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
348 	STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
349 #ifdef _LP64
350 	if (model == DATAMODEL_ILP32) {
351 		dev32_t dev;
352 		/* convert internal 64 bit form to 32 bit version */
353 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
354 			return (EOVERFLOW);
355 		}
356 		STRUCT_FSET(info, ai_termid.at_port, dev);
357 	} else
358 		STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
359 #else
360 	STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
361 #endif
362 	STRUCT_FSET(info, ai_termid.at_type, ainfo->ai_termid.at_type);
363 	STRUCT_FSET(info, ai_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
364 	STRUCT_FSET(info, ai_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
365 	STRUCT_FSET(info, ai_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
366 	STRUCT_FSET(info, ai_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
367 	STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
368 
369 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
370 		return (EFAULT);
371 
372 	return (0);
373 }
374 
375 /*
376  * Set the audit state information for the current process.
377  * Return EFAULT if copyout fails.
378  */
379 static int
380 setaudit(caddr_t info_p)
381 {
382 	STRUCT_DECL(auditinfo, info);
383 	proc_t *p;
384 	cred_t	*newcred;
385 	model_t	model;
386 	auditinfo_addr_t *ainfo;
387 
388 	if (secpolicy_audit_config(CRED()) != 0)
389 		return (EPERM);
390 
391 	model = get_udatamodel();
392 	STRUCT_INIT(info, model);
393 
394 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
395 		return (EFAULT);
396 
397 	newcred = cralloc();
398 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
399 		crfree(newcred);
400 		return (EINVAL);
401 	}
402 
403 	/* grab p_crlock and switch to new cred */
404 	p = curproc;
405 	mutex_enter(&p->p_crlock);
406 	crcopy_to(p->p_cred, newcred);
407 	p->p_cred = newcred;
408 
409 	/* Set audit mask, id, termid and session id as specified */
410 	ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
411 #ifdef _LP64
412 	/* only convert to 64 bit if coming from a 32 bit binary */
413 	if (model == DATAMODEL_ILP32)
414 		ainfo->ai_termid.at_port =
415 			DEVEXPL(STRUCT_FGET(info, ai_termid.port));
416 	else
417 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
418 #else
419 	ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
420 #endif
421 	ainfo->ai_termid.at_type = AU_IPv4;
422 	ainfo->ai_termid.at_addr[0] = STRUCT_FGET(info, ai_termid.machine);
423 	ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
424 	ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
425 
426 	/* unlock and broadcast the cred changes */
427 	mutex_exit(&p->p_crlock);
428 	crset(p, newcred);
429 
430 	return (0);
431 }
432 
433 /*
434  * Set the audit state information for the current process.
435  * Return EFAULT if copyin fails.
436  */
437 static int
438 setaudit_addr(caddr_t info_p, int len)
439 {
440 	STRUCT_DECL(auditinfo_addr, info);
441 	proc_t *p;
442 	cred_t	*newcred;
443 	model_t	model;
444 	int i;
445 	int type;
446 	auditinfo_addr_t *ainfo;
447 
448 	if (secpolicy_audit_config(CRED()) != 0)
449 		return (EPERM);
450 
451 	model = get_udatamodel();
452 	STRUCT_INIT(info, model);
453 
454 	if (len < STRUCT_SIZE(info))
455 		return (EOVERFLOW);
456 
457 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
458 		return (EFAULT);
459 
460 	type = STRUCT_FGET(info, ai_termid.at_type);
461 	if ((type != AU_IPv4) && (type != AU_IPv6))
462 		return (EINVAL);
463 
464 	newcred = cralloc();
465 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
466 		crfree(newcred);
467 		return (EINVAL);
468 	}
469 
470 	/* grab p_crlock and switch to new cred */
471 	p = curproc;
472 	mutex_enter(&p->p_crlock);
473 	crcopy_to(p->p_cred, newcred);
474 	p->p_cred = newcred;
475 
476 	/* Set audit mask, id, termid and session id as specified */
477 	ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
478 	ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
479 #ifdef _LP64
480 	/* only convert to 64 bit if coming from a 32 bit binary */
481 	if (model == DATAMODEL_ILP32)
482 		ainfo->ai_termid.at_port =
483 			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
484 	else
485 		ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
486 #else
487 	ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
488 #endif
489 	ainfo->ai_termid.at_type = type;
490 	bzero(&ainfo->ai_termid.at_addr[0], sizeof (ainfo->ai_termid.at_addr));
491 	for (i = 0; i < (type/sizeof (int)); i++)
492 		ainfo->ai_termid.at_addr[i] =
493 			STRUCT_FGET(info, ai_termid.at_addr[i]);
494 
495 	if (ainfo->ai_termid.at_type == AU_IPv6 &&
496 	    IN6_IS_ADDR_V4MAPPED(((in6_addr_t *)ainfo->ai_termid.at_addr))) {
497 		ainfo->ai_termid.at_type = AU_IPv4;
498 		ainfo->ai_termid.at_addr[0] = ainfo->ai_termid.at_addr[3];
499 		ainfo->ai_termid.at_addr[1] = 0;
500 		ainfo->ai_termid.at_addr[2] = 0;
501 		ainfo->ai_termid.at_addr[3] = 0;
502 	}
503 
504 	ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
505 
506 	/* unlock and broadcast the cred changes */
507 	mutex_exit(&p->p_crlock);
508 	crset(p, newcred);
509 
510 	return (0);
511 }
512 
513 /*
514  * The audit system call. Trust what the user has sent down and save it
515  * away in the audit file. User passes a complete audit record and its
516  * length.  We will fill in the time stamp, check the header and the length
517  * Put a trailer and a sequence token if policy requires.
518  * In the future length might become size_t instead of an int.
519  *
520  * The call is valid whether or not AUDIT_PERZONE is set (think of
521  * login to a zone).  When the local audit state (auk_auditstate) is
522  * AUC_INIT_AUDIT, records are accepted even though auditd isn't
523  * running.
524  */
525 int
526 audit(caddr_t record, int length)
527 {
528 	char	c;
529 	int	count, l;
530 	token_t	*m, *n, *s, *ad;
531 	int	hdrlen, delta;
532 	adr_t	hadr;
533 	adr_t	sadr;
534 	int	size;	/* 0: 32 bit utility  1: 64 bit utility */
535 	int	host_len;
536 	size_t	zlen;
537 	au_kcontext_t	*kctx = SET_KCTX_PZ;
538 
539 	ASSERT(kctx != NULL);
540 
541 	/* if auditing not enabled, then don't generate an audit record */
542 	if (kctx->auk_auditstate != AUC_AUDITING &&
543 	    kctx->auk_auditstate != AUC_INIT_AUDIT)
544 		return (0);
545 
546 	/* Only privileged processes can audit */
547 	if (secpolicy_audit_modify(CRED()) != 0)
548 		return (EPERM);
549 
550 	/* Max user record size is 32K */
551 	if (length > AUDIT_REC_SIZE)
552 		return (E2BIG);
553 
554 	/*
555 	 * The specified length must be at least as big as the smallest
556 	 * possible header token. Later after beginning to scan the
557 	 * header we'll determine the true minimum length according to
558 	 * the header type and attributes.
559 	 */
560 #define	AU_MIN_HEADER_LEN	(sizeof (char) + sizeof (int32_t) + \
561 	sizeof (char) + sizeof (short) + sizeof (short) + \
562 	(sizeof (int32_t) * 2))
563 
564 	if (length < AU_MIN_HEADER_LEN)
565 		return (EINVAL);
566 
567 	/* Read in user's audit record */
568 	count = length;
569 	m = n = s = ad = NULL;
570 	while (count) {
571 		m = au_getclr();
572 		if (!s)
573 			s = n = m;
574 		else {
575 			n->next_buf = m;
576 			n = m;
577 		}
578 		l = MIN(count, AU_BUFSIZE);
579 		if (copyin(record, memtod(m, caddr_t),
580 			(size_t)l)) {
581 				/* copyin failed release au_membuf */
582 				au_free_rec(s);
583 				return (EFAULT);
584 		}
585 		record += l;
586 		count -= l;
587 		m->len = (uchar_t)l;
588 	}
589 
590 	/* Now attach the entire thing to ad */
591 	au_write((caddr_t *)&(ad), s);
592 
593 	/* validate header token type. trust everything following it */
594 	adr_start(&hadr, memtod(s, char *));
595 	(void) adr_getchar(&hadr, &c);
596 	switch (c) {
597 	case AUT_HEADER32:
598 		/* size vers+event_ID+event_modifier fields */
599 		delta = 1 + 2 + 2;
600 		hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2);
601 		size = HEADER_SIZE32;
602 		break;
603 
604 #ifdef _LP64
605 	case AUT_HEADER64:
606 		/* size vers+event_ID+event_modifier fields */
607 		delta = 1 + 2 + 2;
608 		hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2);
609 		size = HEADER_SIZE64;
610 		break;
611 #endif
612 
613 	case AUT_HEADER32_EX:
614 		/*
615 		 * Skip over the length/version/type/mod fields and
616 		 * grab the host address type (length), then rewind.
617 		 * This is safe per the previous minimum length check.
618 		 */
619 		hadr.adr_now += 9;
620 		(void) adr_getint32(&hadr, &host_len);
621 		hadr.adr_now -= 9 + sizeof (int32_t);
622 
623 		/* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */
624 		delta = 1 + 2 + 2 + 4 + host_len;
625 		hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2);
626 		size = HEADER_SIZE32;
627 		break;
628 
629 #ifdef _LP64
630 	case AUT_HEADER64_EX:
631 		/*
632 		 * Skip over the length/version/type/mod fields and grab
633 		 * the host address type (length), then rewind.
634 		 * This is safe per the previous minimum length check.
635 		 */
636 		hadr.adr_now += 9;
637 		(void) adr_getint32(&hadr, &host_len);
638 		hadr.adr_now -= 9 + sizeof (int32_t);
639 
640 		/* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */
641 		delta = 1 + 2 + 2 + 4 + host_len;
642 		hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2);
643 		size = HEADER_SIZE64;
644 		break;
645 #endif
646 
647 	default:
648 		/* Header is wrong, reject message */
649 		au_free_rec(s);
650 		return (EINVAL);
651 	}
652 
653 	if (length < hdrlen) {
654 		au_free_rec(s);
655 		return (0);
656 	}
657 
658 	/* advance over header token length field */
659 	hadr.adr_now += 4;
660 
661 	/* validate version */
662 	(void) adr_getchar(&hadr, &c);
663 	if (c != TOKEN_VERSION) {
664 		/* version is wrong, reject message */
665 		au_free_rec(s);
666 		return (EINVAL);
667 	}
668 
669 	/* backup to header length field (including version field) */
670 	hadr.adr_now -= 5;
671 
672 	/*
673 	 * add on the zonename token if policy AUDIT_ZONENAME is set
674 	 */
675 	if (kctx->auk_policy & AUDIT_ZONENAME) {
676 		zlen = au_zonename_length();
677 		if (zlen > 0) {
678 			length += zlen;
679 			m = au_to_zonename(zlen);
680 			(void) au_append_rec(ad, m, AU_PACK);
681 		}
682 	}
683 	/* Add an (optional) sequence token. NULL offset if none */
684 	if (kctx->auk_policy & AUDIT_SEQ) {
685 		/* get the sequnce token */
686 		m = au_to_seq();
687 
688 		/* sequence token 5 bytes long */
689 		length += 5;
690 
691 		/* link to audit record (i.e. don't pack the data) */
692 		(void) au_append_rec(ad, m, AU_LINK);
693 
694 		/* advance to count field of token */
695 		adr_start(&sadr, memtod(m, char *));
696 		sadr.adr_now += 1;
697 	} else
698 		sadr.adr_now = (char *)NULL;
699 
700 	/* add the (optional) trailer token */
701 	if (kctx->auk_policy & AUDIT_TRAIL) {
702 		/* trailer token is 7 bytes long */
703 		length += 7;
704 
705 		/* append to audit record */
706 		(void) au_append_rec(ad, au_to_trailer(length), AU_PACK);
707 	}
708 
709 	/* audit record completely assembled. set the length */
710 	adr_int32(&hadr, (int32_t *)&length, 1);
711 
712 	/* advance to date/time field of header */
713 	hadr.adr_now += delta;
714 
715 	/* We are done  put it on the queue */
716 	AS_INC(as_generated, 1, kctx);
717 	AS_INC(as_audit, 1, kctx);
718 
719 	au_enqueue(kctx, s, &hadr, &sadr, size, 0);
720 
721 	AS_INC(as_totalsize, length, kctx);
722 
723 	return (0);
724 }
725 
726 static void
727 audit_dont_stop(void *kctx)
728 {
729 
730 	if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) ||
731 	    (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT))
732 		return;
733 
734 	mutex_enter(&(((au_kcontext_t *)kctx)->auk_queue.lock));
735 	cv_broadcast(&(((au_kcontext_t *)kctx)->auk_queue.write_cv));
736 	mutex_exit(&(((au_kcontext_t *)kctx)->auk_queue.lock));
737 }
738 
739 /*
740  * auditdoor starts a kernel thread to generate output from the audit
741  * queue.  The thread terminates when it detects auditing being turned
742  * off, such as when auditd exits with a SIGTERM.  If a subsequent
743  * auditdoor arrives while the thread is running, the door descriptor
744  * of the last auditdoor in will be used for output.  auditd is responsible
745  * for insuring that multiple copies are not running.
746  */
747 
748 static int
749 auditdoor(int fd)
750 {
751 	struct file	*fp;
752 	struct vnode	*vp;
753 	int		error = 0;
754 	int		do_create = 0;
755 	au_kcontext_t	*kctx;
756 
757 	if (secpolicy_audit_config(CRED()) != 0)
758 		return (EPERM);
759 
760 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
761 		return (EINVAL);
762 
763 	kctx = SET_KCTX_LZ;
764 
765 	/*
766 	 * Prevent a second audit daemon from running this code.
767 	 * auk_svc_busy == 2 until the output thread terminates.
768 	 * Multiple calls to auditdoor() are valid but a call
769 	 * to auditsvc() while au_output_thread() is running
770 	 * or a call to auditdoor() while auditsvc is running
771 	 * is blocked.
772 	 */
773 	mutex_enter(&(kctx->auk_svc_lock));
774 	if (kctx->auk_svc_busy == 1) {		/* active auditsvc? */
775 		mutex_exit(&(kctx->auk_svc_lock));
776 		return (EBUSY);
777 	}
778 	kctx->auk_svc_busy = 2;
779 	mutex_exit(&(kctx->auk_svc_lock));
780 	/*
781 	 * convert file pointer to file descriptor
782 	 *   Note: fd ref count incremented here.
783 	 */
784 	if ((fp = (struct file *)getf(fd)) == NULL) {
785 		error = EBADF;
786 		goto svc_exit;
787 	}
788 	vp = fp->f_vnode;
789 	if (vp->v_type != VDOOR) {
790 		cmn_err(CE_WARN,
791 		    "auditdoor() did not get the expected door descriptor\n");
792 		error = EINVAL;
793 		releasef(fd);
794 		goto svc_exit;
795 	}
796 	/*
797 	 * If the output thread is already running, then replace the
798 	 * door descriptor with the new one and continue; otherwise
799 	 * create the thread too.  Since au_output_thread makes a call
800 	 * to au_doorio() which also does
801 	 * mutex_lock(&(kctx->auk_svc_lock)), the create/dispatch is
802 	 * done after the unlock...
803 	 */
804 	mutex_enter(&(kctx->auk_svc_lock));
805 
806 	if (kctx->auk_current_vp != NULL)
807 		VN_RELE(kctx->auk_current_vp);
808 
809 	kctx->auk_current_vp = vp;
810 	VN_HOLD(kctx->auk_current_vp);
811 	releasef(fd);
812 
813 	if (!kctx->auk_output_active) {
814 		kctx->auk_output_active = 1;
815 		do_create = 1;
816 	}
817 	mutex_exit(&(kctx->auk_svc_lock));
818 	if (do_create) {
819 		kctx->auk_taskq =
820 		    taskq_create("output_master", 1, minclsyspri, 1, 1, 0);
821 		(void) taskq_dispatch(kctx->auk_taskq,
822 		    (task_func_t *)au_output_thread,
823 		    kctx, TQ_SLEEP);
824 	}
825 svc_exit:
826 	if (error) {
827 		mutex_enter(&(kctx->auk_svc_lock));
828 		kctx->auk_svc_busy = 2;
829 		mutex_exit(&(kctx->auk_svc_lock));
830 	}
831 	return (error);
832 }
833 
834 /*
835  * au_queue_kick -- wake up the output queue after delay ticks
836  */
837 static void
838 au_queue_kick(void *kctx)
839 {
840 	/*
841 	 * wakeup reader if its not running and there is something
842 	 * to do.  It also helps that kctx still be valid...
843 	 */
844 
845 	if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) ||
846 	    (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT))
847 		return;
848 
849 	if (((au_kcontext_t *)kctx)->auk_queue.cnt &&
850 	    ((au_kcontext_t *)kctx)->auk_queue.rd_block)
851 		cv_broadcast(&((au_kcontext_t *)kctx)->auk_queue.read_cv);
852 
853 	/* fire off timeout event to kick audit queue awake */
854 	(void) timeout(au_queue_kick, kctx,
855 	    ((au_kcontext_t *)kctx)->auk_queue.delay);
856 }
857 
858 /*
859  * output thread
860  *
861  * this runs "forever" where "forever" means until either auk_auditstate
862  * changes from AUC_AUDITING or if the door descriptor becomes invalid.
863  *
864  * there is one thread per active zone if AUC_PERZONE is set.  Since
865  * there is the possibility that a zone may go down without auditd
866  * terminating properly, a zone shutdown kills its au_output_thread()
867  * via taskq_destroy().
868  */
869 
870 static void
871 au_output_thread(au_kcontext_t *kctx)
872 {
873 	int		error = 0;
874 
875 	(void) timeout(au_queue_kick, kctx, kctx->auk_queue.delay);
876 
877 	/*
878 	 * Wait for work, until a signal arrives,
879 	 * or until auditing is disabled.
880 	 */
881 
882 	while (!error) {
883 	    if (kctx->auk_auditstate == AUC_AUDITING) {
884 		mutex_enter(&(kctx->auk_queue.lock));
885 		while (kctx->auk_queue.head == NULL) {
886 		    /* safety check. kick writer awake */
887 		    if (kctx->auk_queue.wt_block)
888 			cv_broadcast(&(kctx->auk_queue.write_cv));
889 
890 		    kctx->auk_queue.rd_block = 1;
891 		    AS_INC(as_rblocked, 1, kctx);
892 
893 		    cv_wait(&(kctx->auk_queue.read_cv),
894 			&(kctx->auk_queue.lock));
895 
896 		    kctx->auk_queue.rd_block = 0;
897 
898 		    if (kctx->auk_auditstate != AUC_AUDITING) {
899 			mutex_exit(&(kctx->auk_queue.lock));
900 			(void) timeout(audit_dont_stop, kctx, au_resid);
901 			goto output_exit;
902 		    }
903 		    kctx->auk_queue.rd_block = 0;
904 		}
905 		mutex_exit(&(kctx->auk_queue.lock));
906 		/*
907 		 * au_doorio() calls au_door_upcall which holds auk_svc_lock;
908 		 * au_doorio empties the queue before returning.
909 		 */
910 
911 		error = au_doorio(kctx);
912 	    } else	/* auditing turned off while we slept */
913 		break;
914 	}
915 output_exit:
916 	mutex_enter(&(kctx->auk_svc_lock));
917 
918 	VN_RELE(kctx->auk_current_vp);
919 	kctx->auk_current_vp = NULL;
920 
921 	kctx->auk_output_active = 0;
922 	kctx->auk_svc_busy = 0;
923 
924 	mutex_exit(&(kctx->auk_svc_lock));
925 }
926 
927 
928 /*
929  * Get the global policy flag
930  */
931 
932 static int
933 getpolicy(caddr_t data)
934 {
935 	int	policy;
936 	au_kcontext_t	*kctx = SET_KCTX_PZ;
937 
938 	policy = audit_policy | kctx->auk_policy;
939 
940 	if (copyout(&policy, data, sizeof (int)))
941 		return (EFAULT);
942 	return (0);
943 }
944 
945 /*
946  * Set the global and local policy flags
947  *
948  * The global flags only make sense from the global zone;
949  * the local flags depend on the AUDIT_PERZONE policy:
950  * if the perzone policy is set, then policy is set separately
951  * per zone, else held only in the global zone.
952  *
953  * The initial value of a local zone's policy flag is determined
954  * by the value of the global zone's flags at the time the
955  * local zone is created.
956  *
957  * While auditconfig(1M) allows setting and unsetting policies one bit
958  * at a time, the mask passed in from auditconfig() is created by a
959  * syscall to getpolicy and then modified based on the auditconfig()
960  * cmd line, so the input policy value is used to replace the existing
961  * policy.
962  */
963 
964 
965 static int
966 setpolicy(caddr_t data)
967 {
968 	int	policy;
969 	au_kcontext_t	*kctx;
970 
971 	if (copyin(data, &policy, sizeof (int)))
972 		return (EFAULT);
973 
974 	kctx = SET_KCTX_LZ;
975 	ASSERT(kctx != NULL);
976 
977 	if (INGLOBALZONE(curproc)) {
978 		if (policy & ~(AUDIT_GLOBAL | AUDIT_LOCAL))
979 			return (EINVAL);
980 
981 		audit_policy = policy & AUDIT_GLOBAL;
982 	} else {
983 		if (!(audit_policy & AUDIT_PERZONE))
984 			return (EINVAL);
985 
986 		if (policy & ~AUDIT_LOCAL)	/* global bits are a no-no */
987 			return (EINVAL);
988 	}
989 	kctx->auk_policy = policy & AUDIT_LOCAL;
990 
991 	/*
992 	 * auk_current_vp is NULL before auditd starts (or during early
993 	 * auditd starup) or if auditd is halted; in either case,
994 	 * notification of a policy change is not needed, since auditd
995 	 * reads policy as it comes up.  The error return from au_doormsg()
996 	 * is ignored to avoid a race condition -- for example if auditd
997 	 * segv's, the audit state may be "auditing" but the door may
998 	 * be closed.  Returning an error if the door is open makes it
999 	 * impossible for Greenline to restart auditd.
1000 	 */
1001 	if (kctx->auk_current_vp != NULL)
1002 		(void) au_doormsg(kctx, AU_DBUF_POLICY, &policy);
1003 
1004 	/*
1005 	 * Wake up anyone who might have blocked on full audit
1006 	 * partitions. audit daemons need to set AUDIT_FULL when no
1007 	 * space so we can tell if we should start dropping records.
1008 	 */
1009 	mutex_enter(&(kctx->auk_queue.lock));
1010 
1011 	if ((policy & (AUDIT_CNT | AUDIT_SCNT) &&
1012 	    (kctx->auk_queue.cnt >= kctx->auk_queue.hiwater)))
1013 		cv_broadcast(&(kctx->auk_queue.write_cv));
1014 
1015 	mutex_exit(&(kctx->auk_queue.lock));
1016 
1017 	return (0);
1018 }
1019 
1020 static int
1021 getkmask(caddr_t data)
1022 {
1023 	au_kcontext_t	*kctx;
1024 
1025 	kctx = SET_KCTX_PZ;
1026 
1027 	if (copyout(&kctx->auk_info.ai_mask, data, sizeof (au_mask_t)))
1028 		return (EFAULT);
1029 	return (0);
1030 }
1031 
1032 static int
1033 setkmask(caddr_t data)
1034 {
1035 	au_mask_t	mask;
1036 	au_kcontext_t	*kctx;
1037 
1038 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1039 		return (EINVAL);
1040 
1041 	kctx = SET_KCTX_LZ;
1042 
1043 	if (copyin(data, &mask, sizeof (au_mask_t)))
1044 		return (EFAULT);
1045 
1046 	kctx->auk_info.ai_mask = mask;
1047 	return (0);
1048 }
1049 
1050 static int
1051 getkaudit(caddr_t info_p, int len)
1052 {
1053 	STRUCT_DECL(auditinfo_addr, info);
1054 	model_t model;
1055 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1056 
1057 	model = get_udatamodel();
1058 	STRUCT_INIT(info, model);
1059 
1060 	if (len < STRUCT_SIZE(info))
1061 		return (EOVERFLOW);
1062 
1063 	STRUCT_FSET(info, ai_auid, kctx->auk_info.ai_auid);
1064 	STRUCT_FSET(info, ai_mask, kctx->auk_info.ai_mask);
1065 #ifdef _LP64
1066 	if (model == DATAMODEL_ILP32) {
1067 		dev32_t dev;
1068 		/* convert internal 64 bit form to 32 bit version */
1069 		if (cmpldev(&dev, kctx->auk_info.ai_termid.at_port) == 0) {
1070 			return (EOVERFLOW);
1071 		}
1072 		STRUCT_FSET(info, ai_termid.at_port, dev);
1073 	} else
1074 		STRUCT_FSET(info, ai_termid.at_port,
1075 			kctx->auk_info.ai_termid.at_port);
1076 #else
1077 	STRUCT_FSET(info, ai_termid.at_port,
1078 		kctx->auk_info.ai_termid.at_port);
1079 #endif
1080 	STRUCT_FSET(info, ai_termid.at_type,
1081 	    kctx->auk_info.ai_termid.at_type);
1082 	STRUCT_FSET(info, ai_termid.at_addr[0],
1083 	    kctx->auk_info.ai_termid.at_addr[0]);
1084 	STRUCT_FSET(info, ai_termid.at_addr[1],
1085 	    kctx->auk_info.ai_termid.at_addr[1]);
1086 	STRUCT_FSET(info, ai_termid.at_addr[2],
1087 	    kctx->auk_info.ai_termid.at_addr[2]);
1088 	STRUCT_FSET(info, ai_termid.at_addr[3],
1089 	    kctx->auk_info.ai_termid.at_addr[3]);
1090 	STRUCT_FSET(info, ai_asid, kctx->auk_info.ai_asid);
1091 
1092 	if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
1093 		return (EFAULT);
1094 
1095 	return (0);
1096 }
1097 
1098 /*
1099  * the host address for AUDIT_PERZONE == 0 is that of the global
1100  * zone and for local zones it is of the current zone.
1101  */
1102 
1103 static int
1104 setkaudit(caddr_t info_p, int len)
1105 {
1106 	STRUCT_DECL(auditinfo_addr, info);
1107 	model_t model;
1108 	au_kcontext_t	*kctx;
1109 
1110 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1111 		return (EINVAL);
1112 
1113 	kctx = SET_KCTX_LZ;
1114 
1115 	model = get_udatamodel();
1116 	STRUCT_INIT(info, model);
1117 
1118 	if (len < STRUCT_SIZE(info))
1119 		return (EOVERFLOW);
1120 
1121 	if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
1122 		return (EFAULT);
1123 
1124 	if ((STRUCT_FGET(info, ai_termid.at_type) != AU_IPv4) &&
1125 	    (STRUCT_FGET(info, ai_termid.at_type) != AU_IPv6))
1126 		return (EINVAL);
1127 
1128 	/* Set audit mask, termid and session id as specified */
1129 	kctx->auk_info.ai_auid = STRUCT_FGET(info, ai_auid);
1130 	kctx->auk_info.ai_mask = STRUCT_FGET(info, ai_mask);
1131 #ifdef _LP64
1132 	/* only convert to 64 bit if coming from a 32 bit binary */
1133 	if (model == DATAMODEL_ILP32)
1134 		kctx->auk_info.ai_termid.at_port =
1135 			DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
1136 	else
1137 		kctx->auk_info.ai_termid.at_port =
1138 			STRUCT_FGET(info, ai_termid.at_port);
1139 #else
1140 	kctx->auk_info.ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
1141 #endif
1142 	kctx->auk_info.ai_termid.at_type = STRUCT_FGET(info, ai_termid.at_type);
1143 	bzero(&kctx->auk_info.ai_termid.at_addr[0],
1144 		sizeof (kctx->auk_info.ai_termid.at_addr));
1145 	kctx->auk_info.ai_termid.at_addr[0] =
1146 	    STRUCT_FGET(info, ai_termid.at_addr[0]);
1147 	kctx->auk_info.ai_termid.at_addr[1] =
1148 	    STRUCT_FGET(info, ai_termid.at_addr[1]);
1149 	kctx->auk_info.ai_termid.at_addr[2] =
1150 	    STRUCT_FGET(info, ai_termid.at_addr[2]);
1151 	kctx->auk_info.ai_termid.at_addr[3] =
1152 	    STRUCT_FGET(info, ai_termid.at_addr[3]);
1153 	kctx->auk_info.ai_asid = STRUCT_FGET(info, ai_asid);
1154 
1155 	if (kctx->auk_info.ai_termid.at_type == AU_IPv6 &&
1156 	    IN6_IS_ADDR_V4MAPPED(
1157 	    ((in6_addr_t *)kctx->auk_info.ai_termid.at_addr))) {
1158 		kctx->auk_info.ai_termid.at_type = AU_IPv4;
1159 		kctx->auk_info.ai_termid.at_addr[0] =
1160 		    kctx->auk_info.ai_termid.at_addr[3];
1161 		kctx->auk_info.ai_termid.at_addr[1] = 0;
1162 		kctx->auk_info.ai_termid.at_addr[2] = 0;
1163 		kctx->auk_info.ai_termid.at_addr[3] = 0;
1164 	}
1165 	if (kctx->auk_info.ai_termid.at_type == AU_IPv6)
1166 		kctx->auk_hostaddr_valid = IN6_IS_ADDR_UNSPECIFIED(
1167 		    (in6_addr_t *)kctx->auk_info.ai_termid.at_addr) ? 0 : 1;
1168 	else
1169 		kctx->auk_hostaddr_valid =
1170 		    (kctx->auk_info.ai_termid.at_addr[0] ==
1171 		    htonl(INADDR_ANY)) ? 0 : 1;
1172 
1173 	return (0);
1174 }
1175 
1176 static int
1177 getqctrl(caddr_t data)
1178 {
1179 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1180 	STRUCT_DECL(au_qctrl, qctrl);
1181 	STRUCT_INIT(qctrl, get_udatamodel());
1182 
1183 	mutex_enter(&(kctx->auk_queue.lock));
1184 	STRUCT_FSET(qctrl, aq_hiwater, kctx->auk_queue.hiwater);
1185 	STRUCT_FSET(qctrl, aq_lowater, kctx->auk_queue.lowater);
1186 	STRUCT_FSET(qctrl, aq_bufsz, kctx->auk_queue.bufsz);
1187 	STRUCT_FSET(qctrl, aq_delay, kctx->auk_queue.delay);
1188 	mutex_exit(&(kctx->auk_queue.lock));
1189 
1190 	if (copyout(STRUCT_BUF(qctrl), data, STRUCT_SIZE(qctrl)))
1191 		return (EFAULT);
1192 
1193 	return (0);
1194 }
1195 
1196 static int
1197 setqctrl(caddr_t data)
1198 {
1199 	au_kcontext_t	*kctx;
1200 	struct au_qctrl qctrl_tmp;
1201 	STRUCT_DECL(au_qctrl, qctrl);
1202 	STRUCT_INIT(qctrl, get_udatamodel());
1203 
1204 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1205 		return (EINVAL);
1206 	kctx = SET_KCTX_LZ;
1207 
1208 	if (copyin(data, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
1209 		return (EFAULT);
1210 
1211 	qctrl_tmp.aq_hiwater = (size_t)STRUCT_FGET(qctrl, aq_hiwater);
1212 	qctrl_tmp.aq_lowater = (size_t)STRUCT_FGET(qctrl, aq_lowater);
1213 	qctrl_tmp.aq_bufsz = (size_t)STRUCT_FGET(qctrl, aq_bufsz);
1214 	qctrl_tmp.aq_delay = (clock_t)STRUCT_FGET(qctrl, aq_delay);
1215 
1216 	/* enforce sane values */
1217 
1218 	if (qctrl_tmp.aq_hiwater <= qctrl_tmp.aq_lowater)
1219 		return (EINVAL);
1220 
1221 	if (qctrl_tmp.aq_hiwater < AQ_LOWATER)
1222 		return (EINVAL);
1223 
1224 	if (qctrl_tmp.aq_hiwater > AQ_MAXHIGH)
1225 		return (EINVAL);
1226 
1227 	if (qctrl_tmp.aq_bufsz < AQ_BUFSZ)
1228 		return (EINVAL);
1229 
1230 	if (qctrl_tmp.aq_bufsz > AQ_MAXBUFSZ)
1231 		return (EINVAL);
1232 
1233 	if (qctrl_tmp.aq_delay == 0)
1234 		return (EINVAL);
1235 
1236 	if (qctrl_tmp.aq_delay > AQ_MAXDELAY)
1237 		return (EINVAL);
1238 
1239 	/* update everything at once so things are consistant */
1240 	mutex_enter(&(kctx->auk_queue.lock));
1241 	kctx->auk_queue.hiwater = qctrl_tmp.aq_hiwater;
1242 	kctx->auk_queue.lowater = qctrl_tmp.aq_lowater;
1243 	kctx->auk_queue.bufsz = qctrl_tmp.aq_bufsz;
1244 	kctx->auk_queue.delay = qctrl_tmp.aq_delay;
1245 
1246 	if (kctx->auk_queue.rd_block &&
1247 	    kctx->auk_queue.cnt > kctx->auk_queue.lowater)
1248 		cv_broadcast(&(kctx->auk_queue.read_cv));
1249 
1250 	if (kctx->auk_queue.wt_block &&
1251 	    kctx->auk_queue.cnt < kctx->auk_queue.hiwater)
1252 		cv_broadcast(&(kctx->auk_queue.write_cv));
1253 
1254 	mutex_exit(&(kctx->auk_queue.lock));
1255 
1256 	return (0);
1257 }
1258 
1259 static int
1260 getcwd(caddr_t data, int length)
1261 {
1262 	struct p_audit_data	*pad;
1263 	struct audit_path	*app;
1264 	int	pathlen;
1265 
1266 	pad = P2A(curproc);
1267 	ASSERT(pad != NULL);
1268 
1269 	mutex_enter(&(pad->pad_lock));
1270 	app = pad->pad_cwd;
1271 	au_pathhold(app);
1272 	mutex_exit(&(pad->pad_lock));
1273 
1274 	pathlen = app->audp_sect[1] - app->audp_sect[0];
1275 	if (pathlen > length) {
1276 		au_pathrele(app);
1277 		return (E2BIG);
1278 	}
1279 
1280 	if (copyout(app->audp_sect[0], data, pathlen)) {
1281 		au_pathrele(app);
1282 		return (EFAULT);
1283 	}
1284 
1285 	au_pathrele(app);
1286 	return (0);
1287 }
1288 
1289 static int
1290 getcar(caddr_t data, int length)
1291 {
1292 	struct p_audit_data	*pad;
1293 	struct audit_path	*app;
1294 	int	pathlen;
1295 
1296 	pad = P2A(curproc);
1297 	ASSERT(pad != NULL);
1298 
1299 	mutex_enter(&(pad->pad_lock));
1300 	app = pad->pad_root;
1301 	au_pathhold(app);
1302 	mutex_exit(&(pad->pad_lock));
1303 
1304 	pathlen = app->audp_sect[1] - app->audp_sect[0];
1305 	if (pathlen > length) {
1306 		au_pathrele(app);
1307 		return (E2BIG);
1308 	}
1309 
1310 	if (copyout(app->audp_sect[0], data, pathlen)) {
1311 		au_pathrele(app);
1312 		return (EFAULT);
1313 	}
1314 
1315 	au_pathrele(app);
1316 	return (0);
1317 }
1318 
1319 static int
1320 getstat(caddr_t data)
1321 {
1322 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1323 
1324 	membar_consumer();
1325 
1326 	if (copyout((caddr_t)&(kctx->auk_statistics), data, sizeof (au_stat_t)))
1327 		return (EFAULT);
1328 	return (0);
1329 }
1330 
1331 
1332 static int
1333 setstat(caddr_t data)
1334 {
1335 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1336 	au_stat_t au_stat;
1337 
1338 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1339 		return (EINVAL);
1340 
1341 	if (copyin(data, &au_stat, sizeof (au_stat_t)))
1342 		return (EFAULT);
1343 
1344 	if (au_stat.as_generated == CLEAR_VAL)
1345 		kctx->auk_statistics.as_generated = 0;
1346 	if (au_stat.as_nonattrib == CLEAR_VAL)
1347 		kctx->auk_statistics.as_nonattrib = 0;
1348 	if (au_stat.as_kernel == CLEAR_VAL)
1349 		kctx->auk_statistics.as_kernel = 0;
1350 	if (au_stat.as_audit == CLEAR_VAL)
1351 		kctx->auk_statistics.as_audit = 0;
1352 	if (au_stat.as_auditctl == CLEAR_VAL)
1353 		kctx->auk_statistics.as_auditctl = 0;
1354 	if (au_stat.as_enqueue == CLEAR_VAL)
1355 		kctx->auk_statistics.as_enqueue = 0;
1356 	if (au_stat.as_written == CLEAR_VAL)
1357 		kctx->auk_statistics.as_written = 0;
1358 	if (au_stat.as_wblocked == CLEAR_VAL)
1359 		kctx->auk_statistics.as_wblocked = 0;
1360 	if (au_stat.as_rblocked == CLEAR_VAL)
1361 		kctx->auk_statistics.as_rblocked = 0;
1362 	if (au_stat.as_dropped == CLEAR_VAL)
1363 		kctx->auk_statistics.as_dropped = 0;
1364 	if (au_stat.as_totalsize == CLEAR_VAL)
1365 		kctx->auk_statistics.as_totalsize = 0;
1366 
1367 	membar_producer();
1368 
1369 	return (0);
1370 
1371 }
1372 
1373 static int
1374 setumask(caddr_t data)
1375 {
1376 	STRUCT_DECL(auditinfo, user_info);
1377 	struct proc *p;
1378 	const auditinfo_addr_t	*ainfo;
1379 	model_t	model;
1380 
1381 	model = get_udatamodel();
1382 	STRUCT_INIT(user_info, model);
1383 
1384 	if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
1385 		return (EFAULT);
1386 
1387 	mutex_enter(&pidlock);	/* lock the process queue against updates */
1388 	for (p = practive; p != NULL; p = p->p_next) {
1389 		cred_t	*cr;
1390 
1391 		mutex_enter(&p->p_lock);	/* so process doesn't go away */
1392 		mutex_enter(&p->p_crlock);
1393 		crhold(cr = p->p_cred);
1394 		mutex_exit(&p->p_crlock);
1395 		ainfo = crgetauinfo(cr);
1396 		if (ainfo == NULL) {
1397 			mutex_exit(&p->p_lock);
1398 			crfree(cr);
1399 			continue;
1400 		}
1401 
1402 		if (ainfo->ai_auid == STRUCT_FGET(user_info, ai_auid)) {
1403 			au_mask_t	mask;
1404 			int		err;
1405 
1406 			/*
1407 			 * Here's a process which matches the specified auid.
1408 			 * If its mask doesn't already match the new mask,
1409 			 * save the new mask in the pad, to be picked up
1410 			 * next syscall.
1411 			 */
1412 			mask = STRUCT_FGET(user_info, ai_mask);
1413 			err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
1414 			crfree(cr);
1415 			if (err != 0) {
1416 				struct p_audit_data *pad = P2A(p);
1417 				ASSERT(pad != NULL);
1418 
1419 				mutex_enter(&(pad->pad_lock));
1420 				pad->pad_flags |= PAD_SETMASK;
1421 				pad->pad_newmask = mask;
1422 				mutex_exit(&(pad->pad_lock));
1423 
1424 				/*
1425 				 * No need to call set_proc_pre_sys(), since
1426 				 * t_pre_sys is ALWAYS on when audit is
1427 				 * enabled...due to syscall auditing.
1428 				 */
1429 			}
1430 		} else {
1431 			crfree(cr);
1432 		}
1433 		mutex_exit(&p->p_lock);
1434 	}
1435 	mutex_exit(&pidlock);
1436 
1437 	return (0);
1438 }
1439 
1440 static int
1441 setsmask(caddr_t data)
1442 {
1443 	STRUCT_DECL(auditinfo, user_info);
1444 	struct proc *p;
1445 	const auditinfo_addr_t	*ainfo;
1446 	model_t	model;
1447 
1448 	model = get_udatamodel();
1449 	STRUCT_INIT(user_info, model);
1450 
1451 	if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
1452 		return (EFAULT);
1453 
1454 	mutex_enter(&pidlock);	/* lock the process queue against updates */
1455 	for (p = practive; p != NULL; p = p->p_next) {
1456 		cred_t	*cr;
1457 
1458 		mutex_enter(&p->p_lock);	/* so process doesn't go away */
1459 		mutex_enter(&p->p_crlock);
1460 		crhold(cr = p->p_cred);
1461 		mutex_exit(&p->p_crlock);
1462 		ainfo = crgetauinfo(cr);
1463 		if (ainfo == NULL) {
1464 			mutex_exit(&p->p_lock);
1465 			crfree(cr);
1466 			continue;
1467 		}
1468 
1469 		if (ainfo->ai_asid == STRUCT_FGET(user_info, ai_asid)) {
1470 			au_mask_t	mask;
1471 			int		err;
1472 
1473 			/*
1474 			 * Here's a process which matches the specified asid.
1475 			 * If its mask doesn't already match the new mask,
1476 			 * save the new mask in the pad, to be picked up
1477 			 * next syscall.
1478 			 */
1479 			mask = STRUCT_FGET(user_info, ai_mask);
1480 			err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
1481 			crfree(cr);
1482 			if (err != 0) {
1483 				struct p_audit_data *pad = P2A(p);
1484 				ASSERT(pad != NULL);
1485 
1486 				mutex_enter(&(pad->pad_lock));
1487 				pad->pad_flags |= PAD_SETMASK;
1488 				pad->pad_newmask = mask;
1489 				mutex_exit(&(pad->pad_lock));
1490 
1491 				/*
1492 				 * No need to call set_proc_pre_sys(), since
1493 				 * t_pre_sys is ALWAYS on when audit is
1494 				 * enabled...due to syscall auditing.
1495 				 */
1496 			}
1497 		} else {
1498 			crfree(cr);
1499 		}
1500 		mutex_exit(&p->p_lock);
1501 	}
1502 	mutex_exit(&pidlock);
1503 
1504 	return (0);
1505 }
1506 
1507 /*
1508  * Get the current audit state of the system
1509  */
1510 static int
1511 getcond(caddr_t data)
1512 {
1513 	au_kcontext_t	*kctx;
1514 
1515 	if (au_auditstate == AUC_DISABLED)
1516 		if (copyout(&au_auditstate, data, sizeof (int)))
1517 			return (EFAULT);
1518 
1519 	kctx = SET_KCTX_PZ;
1520 
1521 	if (copyout(&(kctx->auk_auditstate), data, sizeof (int)))
1522 		return (EFAULT);
1523 
1524 	return (0);
1525 }
1526 
1527 /*
1528  * Set the current audit state of the system to on (AUC_AUDITING) or
1529  * off (AUC_NOAUDIT).
1530  */
1531 /* ARGSUSED */
1532 static int
1533 setcond(caddr_t data)
1534 {
1535 	int	auditstate;
1536 	au_kcontext_t	*kctx;
1537 
1538 	if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc)))
1539 		return (EINVAL);
1540 
1541 	kctx = SET_KCTX_LZ;
1542 
1543 	if (copyin(data, &auditstate, sizeof (int)))
1544 		return (EFAULT);
1545 
1546 	switch (auditstate) {
1547 	case AUC_AUDITING:		/* Turn auditing on */
1548 		kctx->auk_auditstate = AUC_AUDITING;
1549 		au_auditstate = AUC_ENABLED;
1550 		break;
1551 
1552 	case AUC_NOAUDIT:		/* Turn auditing off */
1553 		if (kctx->auk_auditstate == AUC_NOAUDIT)
1554 			break;
1555 		kctx->auk_auditstate = AUC_NOAUDIT;
1556 
1557 		/* clear out the audit queue */
1558 
1559 		mutex_enter(&(kctx->auk_queue.lock));
1560 		if (kctx->auk_queue.wt_block)
1561 			cv_broadcast(&(kctx->auk_queue.write_cv));
1562 
1563 		/* unblock au_output_thread */
1564 		cv_broadcast(&(kctx->auk_queue.read_cv));
1565 
1566 		mutex_exit(&(kctx->auk_queue.lock));
1567 		break;
1568 
1569 	default:
1570 		return (EINVAL);
1571 	}
1572 
1573 	return (0);
1574 }
1575 
1576 static int
1577 getclass(caddr_t data)
1578 {
1579 	au_evclass_map_t event;
1580 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1581 
1582 	if (copyin(data, &event, sizeof (au_evclass_map_t)))
1583 		return (EFAULT);
1584 
1585 	if (event.ec_number < 0 || event.ec_number > (au_naevent - 1))
1586 		return (EINVAL);
1587 
1588 	event.ec_class = kctx->auk_ets[event.ec_number];
1589 
1590 	if (copyout(&event, data, sizeof (au_evclass_map_t)))
1591 		return (EFAULT);
1592 
1593 	return (0);
1594 }
1595 
1596 static int
1597 setclass(caddr_t data)
1598 {
1599 	au_evclass_map_t event;
1600 	au_kcontext_t	*kctx;
1601 
1602 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1603 		return (EINVAL);
1604 
1605 	kctx = SET_KCTX_LZ;
1606 
1607 	if (copyin(data, &event, sizeof (au_evclass_map_t)))
1608 		return (EFAULT);
1609 
1610 	if (event.ec_number < 0 || event.ec_number > (au_naevent - 1))
1611 		return (EINVAL);
1612 
1613 	kctx->auk_ets[event.ec_number] = event.ec_class;
1614 
1615 	return (0);
1616 }
1617 
1618 static int
1619 getpinfo(caddr_t data)
1620 {
1621 	STRUCT_DECL(auditpinfo, apinfo);
1622 	proc_t *proc;
1623 	const auditinfo_addr_t	*ainfo;
1624 	model_t	model;
1625 	cred_t	*cr, *newcred;
1626 
1627 	model = get_udatamodel();
1628 	STRUCT_INIT(apinfo, model);
1629 
1630 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1631 		return (EFAULT);
1632 
1633 	newcred = cralloc();
1634 
1635 	mutex_enter(&pidlock);
1636 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1637 		mutex_exit(&pidlock);
1638 		crfree(newcred);
1639 		return (ESRCH);		/* no such process */
1640 	}
1641 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1642 	mutex_exit(&pidlock);
1643 
1644 	audit_update_context(proc, newcred);	/* make sure it's up-to-date */
1645 
1646 	mutex_enter(&proc->p_crlock);
1647 	crhold(cr = proc->p_cred);
1648 	mutex_exit(&proc->p_crlock);
1649 	mutex_exit(&proc->p_lock);
1650 
1651 	ainfo = crgetauinfo(cr);
1652 	if (ainfo == NULL) {
1653 		crfree(cr);
1654 		return (EINVAL);
1655 	}
1656 
1657 	/* designated process has an ipv6 address? */
1658 	if (ainfo->ai_termid.at_type == AU_IPv6) {
1659 		crfree(cr);
1660 		return (EOVERFLOW);
1661 	}
1662 
1663 	STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
1664 	STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
1665 #ifdef _LP64
1666 	if (model == DATAMODEL_ILP32) {
1667 		dev32_t dev;
1668 		/* convert internal 64 bit form to 32 bit version */
1669 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
1670 			crfree(cr);
1671 			return (EOVERFLOW);
1672 		}
1673 		STRUCT_FSET(apinfo, ap_termid.port, dev);
1674 	} else
1675 		STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
1676 #else
1677 	STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
1678 #endif
1679 	STRUCT_FSET(apinfo, ap_termid.machine, ainfo->ai_termid.at_addr[0]);
1680 	STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
1681 
1682 	crfree(cr);
1683 
1684 	if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
1685 		return (EFAULT);
1686 
1687 	return (0);
1688 }
1689 
1690 static int
1691 getpinfo_addr(caddr_t data, int len)
1692 {
1693 	STRUCT_DECL(auditpinfo_addr, apinfo);
1694 	proc_t *proc;
1695 	const auditinfo_addr_t	*ainfo;
1696 	model_t	model;
1697 	cred_t	*cr, *newcred;
1698 
1699 	model = get_udatamodel();
1700 	STRUCT_INIT(apinfo, model);
1701 
1702 	if (len < STRUCT_SIZE(apinfo))
1703 		return (EOVERFLOW);
1704 
1705 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1706 		return (EFAULT);
1707 
1708 	newcred = cralloc();
1709 
1710 	mutex_enter(&pidlock);
1711 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1712 		mutex_exit(&pidlock);
1713 		crfree(newcred);
1714 		return (ESRCH);
1715 	}
1716 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1717 	mutex_exit(&pidlock);
1718 
1719 	audit_update_context(proc, newcred);	/* make sure it's up-to-date */
1720 
1721 	mutex_enter(&proc->p_crlock);
1722 	crhold(cr = proc->p_cred);
1723 	mutex_exit(&proc->p_crlock);
1724 	mutex_exit(&proc->p_lock);
1725 
1726 	ainfo = crgetauinfo(cr);
1727 	if (ainfo == NULL) {
1728 		crfree(cr);
1729 		return (EINVAL);
1730 	}
1731 
1732 	STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
1733 	STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
1734 #ifdef _LP64
1735 	if (model == DATAMODEL_ILP32) {
1736 		dev32_t dev;
1737 		/* convert internal 64 bit form to 32 bit version */
1738 		if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
1739 			crfree(cr);
1740 			return (EOVERFLOW);
1741 		}
1742 		STRUCT_FSET(apinfo, ap_termid.at_port, dev);
1743 	} else
1744 		STRUCT_FSET(apinfo, ap_termid.at_port,
1745 		    ainfo->ai_termid.at_port);
1746 #else
1747 	STRUCT_FSET(apinfo, ap_termid.at_port, ainfo->ai_termid.at_port);
1748 #endif
1749 	STRUCT_FSET(apinfo, ap_termid.at_type, ainfo->ai_termid.at_type);
1750 	STRUCT_FSET(apinfo, ap_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
1751 	STRUCT_FSET(apinfo, ap_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
1752 	STRUCT_FSET(apinfo, ap_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
1753 	STRUCT_FSET(apinfo, ap_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
1754 	STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
1755 
1756 	crfree(cr);
1757 
1758 	if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
1759 		return (EFAULT);
1760 
1761 	return (0);
1762 }
1763 
1764 static int
1765 setpmask(caddr_t data)
1766 {
1767 	STRUCT_DECL(auditpinfo, apinfo);
1768 	proc_t *proc;
1769 	cred_t	*newcred;
1770 	auditinfo_addr_t	*ainfo;
1771 	struct p_audit_data	*pad;
1772 
1773 	model_t	model;
1774 
1775 	model = get_udatamodel();
1776 	STRUCT_INIT(apinfo, model);
1777 
1778 	if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
1779 		return (EFAULT);
1780 
1781 	mutex_enter(&pidlock);
1782 	if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
1783 		mutex_exit(&pidlock);
1784 		return (ESRCH);
1785 	}
1786 	mutex_enter(&proc->p_lock);	/* so process doesn't go away */
1787 	mutex_exit(&pidlock);
1788 
1789 	newcred = cralloc();
1790 	if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
1791 		mutex_exit(&proc->p_lock);
1792 		crfree(newcred);
1793 		return (EINVAL);
1794 	}
1795 
1796 	mutex_enter(&proc->p_crlock);
1797 	crcopy_to(proc->p_cred, newcred);
1798 	proc->p_cred = newcred;
1799 
1800 	ainfo->ai_mask = STRUCT_FGET(apinfo, ap_mask);
1801 
1802 	/*
1803 	 * Unlock. No need to broadcast changes via set_proc_pre_sys(),
1804 	 * since t_pre_sys is ALWAYS on when audit is enabled... due to
1805 	 * syscall auditing.
1806 	 */
1807 	crfree(newcred);
1808 	mutex_exit(&proc->p_crlock);
1809 
1810 	/* Reset flag for any previous pending mask change; this supercedes */
1811 	pad = P2A(proc);
1812 	ASSERT(pad != NULL);
1813 	mutex_enter(&(pad->pad_lock));
1814 	pad->pad_flags &= ~PAD_SETMASK;
1815 	mutex_exit(&(pad->pad_lock));
1816 
1817 	mutex_exit(&proc->p_lock);
1818 
1819 	return (0);
1820 }
1821 
1822 static int
1823 getfsize(caddr_t data)
1824 {
1825 	au_fstat_t fstat;
1826 	au_kcontext_t	*kctx = SET_KCTX_PZ;
1827 
1828 	mutex_enter(&(kctx->auk_fstat_lock));
1829 	fstat.af_filesz = kctx->auk_file_stat.af_filesz;
1830 	fstat.af_currsz = kctx->auk_file_stat.af_currsz;
1831 	mutex_exit(&(kctx->auk_fstat_lock));
1832 
1833 	if (copyout(&fstat, data, sizeof (au_fstat_t)))
1834 		return (EFAULT);
1835 
1836 	return (0);
1837 }
1838 
1839 static int
1840 setfsize(caddr_t data)
1841 {
1842 	au_fstat_t fstat;
1843 	au_kcontext_t	*kctx;
1844 
1845 	if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
1846 		return (EINVAL);
1847 
1848 	kctx = SET_KCTX_LZ;
1849 
1850 	if (copyin(data, &fstat, sizeof (au_fstat_t)))
1851 		return (EFAULT);
1852 
1853 	if ((fstat.af_filesz != 0) && (fstat.af_filesz < AU_MIN_FILE_SZ))
1854 		return (EINVAL);
1855 
1856 	mutex_enter(&(kctx->auk_fstat_lock));
1857 	kctx->auk_file_stat.af_filesz = fstat.af_filesz;
1858 	mutex_exit(&(kctx->auk_fstat_lock));
1859 
1860 	return (0);
1861 }
1862 /*
1863  * The out of control system call
1864  * This is audit kitchen sink aka auditadm, aka auditon
1865  */
1866 static int
1867 auditctl(
1868 	int	cmd,
1869 	caddr_t data,
1870 	int	length)
1871 {
1872 	int result;
1873 
1874 	if (!audit_active)
1875 		return (EINVAL);
1876 
1877 	switch (cmd) {
1878 	case A_GETCOND:
1879 	case A_GETCAR:
1880 	case A_GETCLASS:
1881 	case A_GETCWD:
1882 	case A_GETFSIZE:
1883 	case A_GETKAUDIT:
1884 	case A_GETKMASK:
1885 	case A_GETPINFO:
1886 	case A_GETPINFO_ADDR:
1887 	case A_GETPOLICY:
1888 	case A_GETQCTRL:
1889 	case A_GETSTAT:
1890 		if (secpolicy_audit_getattr(CRED()) != 0)
1891 			return (EPERM);
1892 		break;
1893 	default:
1894 		if (secpolicy_audit_config(CRED()) != 0)
1895 			return (EPERM);
1896 		break;
1897 	}
1898 
1899 	switch (cmd) {
1900 	case A_GETPOLICY:
1901 		result = getpolicy(data);
1902 		break;
1903 	case A_SETPOLICY:
1904 		result = setpolicy(data);
1905 		break;
1906 	case A_GETKMASK:
1907 		result = getkmask(data);
1908 		break;
1909 	case A_SETKMASK:
1910 		result = setkmask(data);
1911 		break;
1912 	case A_GETKAUDIT:
1913 		result = getkaudit(data, length);
1914 		break;
1915 	case A_SETKAUDIT:
1916 		result = setkaudit(data, length);
1917 		break;
1918 	case A_GETQCTRL:
1919 		result = getqctrl(data);
1920 		break;
1921 	case A_SETQCTRL:
1922 		result = setqctrl(data);
1923 		break;
1924 	case A_GETCWD:
1925 		result = getcwd(data, length);
1926 		break;
1927 	case A_GETCAR:
1928 		result = getcar(data, length);
1929 		break;
1930 	case A_GETSTAT:
1931 		result = getstat(data);
1932 		break;
1933 	case A_SETSTAT:
1934 		result = setstat(data);
1935 		break;
1936 	case A_SETUMASK:
1937 		result = setumask(data);
1938 		break;
1939 	case A_SETSMASK:
1940 		result = setsmask(data);
1941 		break;
1942 	case A_GETCOND:
1943 		result = getcond(data);
1944 		break;
1945 	case A_SETCOND:
1946 		result = setcond(data);
1947 		break;
1948 	case A_GETCLASS:
1949 		result = getclass(data);
1950 		break;
1951 	case A_SETCLASS:
1952 		result = setclass(data);
1953 		break;
1954 	case A_GETPINFO:
1955 		result = getpinfo(data);
1956 		break;
1957 	case A_GETPINFO_ADDR:
1958 		result = getpinfo_addr(data, length);
1959 		break;
1960 	case A_SETPMASK:
1961 		result = setpmask(data);
1962 		break;
1963 	case A_SETFSIZE:
1964 		result = setfsize(data);
1965 		break;
1966 	case A_GETFSIZE:
1967 		result = getfsize(data);
1968 		break;
1969 	default:
1970 		result = EINVAL;
1971 		break;
1972 	}
1973 	return (result);
1974 }
1975 
1976 /*
1977  * auditsvc was EOL'd effective Sol 10
1978  */
1979 static int
1980 auditsvc(int fd, int limit)
1981 {
1982 	struct file *fp;
1983 	struct vnode *vp;
1984 	int error = 0;
1985 	au_kcontext_t	*kctx;
1986 
1987 	if (secpolicy_audit_config(CRED()) != 0)
1988 		return (EPERM);
1989 
1990 	if (!INGLOBALZONE(curproc))
1991 		return (EINVAL);
1992 
1993 	kctx = SET_KCTX_GZ;
1994 
1995 	if (limit < 0 ||
1996 	    (!(kctx->auk_auditstate == AUC_AUDITING ||
1997 	    kctx->auk_auditstate == AUC_NOSPACE)))
1998 		return (EINVAL);
1999 
2000 	/*
2001 	 * Prevent a second audit daemon from running this code
2002 	 */
2003 	mutex_enter(&(kctx->auk_svc_lock));
2004 	if (kctx->auk_svc_busy) {
2005 		mutex_exit(&(kctx->auk_svc_lock));
2006 		return (EBUSY);
2007 	}
2008 	kctx->auk_svc_busy = 1;
2009 	mutex_exit(&(kctx->auk_svc_lock));
2010 
2011 	/*
2012 	 * convert file pointer to file descriptor
2013 	 *   Note: fd ref count incremented here.
2014 	 */
2015 	if ((fp = (struct file *)getf(fd)) == NULL) {
2016 		mutex_enter(&(kctx->auk_svc_lock));
2017 		kctx->auk_svc_busy = 0;
2018 		mutex_exit(&(kctx->auk_svc_lock));
2019 		return (EBADF);
2020 	}
2021 
2022 	vp = fp->f_vnode;
2023 
2024 	kctx->auk_file_stat.af_currsz = 0;
2025 
2026 	/*
2027 	 * Wait for work, until a signal arrives,
2028 	 * or until auditing is disabled.
2029 	 */
2030 	while (!error) {
2031 	    if (kctx->auk_auditstate == AUC_AUDITING) {
2032 		mutex_enter(&(kctx->auk_queue.lock));
2033 		    /* nothing on the audit queue */
2034 		while (kctx->auk_queue.head == NULL) {
2035 			/* safety check. kick writer awake */
2036 		    if (kctx->auk_queue.wt_block)
2037 			cv_broadcast(&(kctx->auk_queue.write_cv));
2038 			/* sleep waiting for things to to */
2039 		    kctx->auk_queue.rd_block = 1;
2040 		    AS_INC(as_rblocked, 1, kctx);
2041 		    if (!cv_wait_sig(&(kctx->auk_queue.read_cv),
2042 			&(kctx->auk_queue.lock))) {
2043 				/* interrupted system call */
2044 			kctx->auk_queue.rd_block = 0;
2045 			mutex_exit(&(kctx->auk_queue.lock));
2046 			error = ((kctx->auk_auditstate == AUC_AUDITING) ||
2047 			    (kctx->auk_auditstate == AUC_NOSPACE)) ?
2048 			    EINTR : EINVAL;
2049 			mutex_enter(&(kctx->auk_svc_lock));
2050 			kctx->auk_svc_busy = 0;
2051 			mutex_exit(&(kctx->auk_svc_lock));
2052 
2053 		/* decrement file descriptor reference count */
2054 			releasef(fd);
2055 			(void) timeout(audit_dont_stop, kctx, au_resid);
2056 			return (error);
2057 		    }
2058 		    kctx->auk_queue.rd_block = 0;
2059 		}
2060 		mutex_exit(&(kctx->auk_queue.lock));
2061 
2062 			/* do as much as we can */
2063 		error = au_doio(vp, limit);
2064 
2065 		/* if we ran out of space, be sure to fire off timeout */
2066 		if (error == ENOSPC)
2067 			(void) timeout(audit_dont_stop, kctx, au_resid);
2068 
2069 	    } else	/* auditing turned off while we slept */
2070 		    break;
2071 	}
2072 
2073 	/*
2074 	 * decrement file descriptor reference count
2075 	 */
2076 	releasef(fd);
2077 
2078 	/*
2079 	 * If auditing has been disabled quit processing
2080 	 */
2081 	if (!(kctx->auk_auditstate == AUC_AUDITING ||
2082 	    kctx->auk_auditstate == AUC_NOSPACE))
2083 		error = EINVAL;
2084 
2085 	mutex_enter(&(kctx->auk_svc_lock));
2086 	kctx->auk_svc_busy = 0;
2087 	mutex_exit(&(kctx->auk_svc_lock));
2088 
2089 	return (error);
2090 }
2091 
2092 static int
2093 audit_modsysent(char *modname, int flags, int (*func)())
2094 {
2095 	struct sysent *sysp;
2096 	int sysnum;
2097 	krwlock_t *kl;
2098 
2099 	if ((sysnum = mod_getsysnum(modname)) == -1) {
2100 		cmn_err(CE_WARN, "system call missing from bind file");
2101 		return (-1);
2102 	}
2103 
2104 	kl = (krwlock_t *)kobj_zalloc(sizeof (krwlock_t), KM_SLEEP);
2105 
2106 	sysp = &sysent[sysnum];
2107 	sysp->sy_narg = auditsysent.sy_narg;
2108 #ifdef _LP64
2109 	sysp->sy_flags = (unsigned short)flags;
2110 #else
2111 	sysp->sy_flags = (unsigned char)flags;
2112 #endif
2113 	sysp->sy_call = func;
2114 	sysp->sy_lock = kl;
2115 
2116 #ifdef _SYSCALL32_IMPL
2117 	sysp = &sysent32[sysnum];
2118 	sysp->sy_narg = auditsysent.sy_narg;
2119 	sysp->sy_flags = (unsigned short)flags;
2120 	sysp->sy_call = func;
2121 	sysp->sy_lock = kl;
2122 #endif
2123 
2124 	rw_init(sysp->sy_lock, NULL, RW_DEFAULT, NULL);
2125 
2126 	return (0);
2127 }
2128