xref: /titanic_50/usr/src/cmd/uadmin/uadmin.c (revision 1b2d1c944935c64d6eeb28c8054864f4bdf20e9f) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
558091fd8Ssetje  * Common Development and Distribution License (the "License").
658091fd8Ssetje  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22*1b2d1c94SMarek Pospisil  * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
237c478bd9Sstevel@tonic-gate  */
247c478bd9Sstevel@tonic-gate 
257c478bd9Sstevel@tonic-gate /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
267c478bd9Sstevel@tonic-gate /*	  All Rights Reserved  	*/
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate 
297c478bd9Sstevel@tonic-gate 
306dcd8691Sgww #include <errno.h>
317c478bd9Sstevel@tonic-gate #include <fcntl.h>
327c478bd9Sstevel@tonic-gate #include <stdio.h>
337c478bd9Sstevel@tonic-gate #include <stdlib.h>
346dcd8691Sgww #include <string.h>
356dcd8691Sgww #include <strings.h>
367c478bd9Sstevel@tonic-gate #include <signal.h>
376dcd8691Sgww #include <unistd.h>
38753a6d45SSherry Moore #ifdef	__i386
39753a6d45SSherry Moore #include <libscf_priv.h>
40753a6d45SSherry Moore #endif /* __i386 */
416dcd8691Sgww 
426a3b10dbStz204579 #include <bsm/adt.h>
436a3b10dbStz204579 #include <bsm/adt_event.h>
446dcd8691Sgww 
45b08d8a12Sgww #include <sys/types.h>
466dcd8691Sgww #include <sys/uadmin.h>
47b08d8a12Sgww #include <sys/wait.h>
487c478bd9Sstevel@tonic-gate 
4958091fd8Ssetje #define	SMF_RST	"/etc/svc/volatile/resetting"
50b08d8a12Sgww #define	RETRY_COUNT 15	/* number of 1 sec retries for audit(1M) to complete */
5158091fd8Ssetje 
527c478bd9Sstevel@tonic-gate static const char *Usage = "Usage: %s cmd fcn [mdep]\n";
537c478bd9Sstevel@tonic-gate 
54b08d8a12Sgww static int closeout_audit(int, int);
55b08d8a12Sgww static int turnoff_auditd(void);
566a3b10dbStz204579 static void wait_for_auqueue();
57b08d8a12Sgww static int change_audit_file(void);
587c478bd9Sstevel@tonic-gate 
597c478bd9Sstevel@tonic-gate int
main(int argc,char * argv[])607c478bd9Sstevel@tonic-gate main(int argc, char *argv[])
617c478bd9Sstevel@tonic-gate {
627c478bd9Sstevel@tonic-gate 	int cmd, fcn;
637c478bd9Sstevel@tonic-gate 	uintptr_t mdep = NULL;
647c478bd9Sstevel@tonic-gate 	sigset_t set;
656a3b10dbStz204579 	adt_session_data_t *ah;  /* audit session handle */
666a3b10dbStz204579 	adt_event_data_t *event = NULL; /* event to be generated */
676a3b10dbStz204579 	au_event_t event_id;
686a3b10dbStz204579 	enum adt_uadmin_fcn fcn_id;
697c478bd9Sstevel@tonic-gate 
707c478bd9Sstevel@tonic-gate 	if (argc < 3 || argc > 4) {
717c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, Usage, argv[0]);
727c478bd9Sstevel@tonic-gate 		return (1);
737c478bd9Sstevel@tonic-gate 	}
747c478bd9Sstevel@tonic-gate 
757c478bd9Sstevel@tonic-gate 	(void) sigfillset(&set);
767c478bd9Sstevel@tonic-gate 	(void) sigprocmask(SIG_BLOCK, &set, NULL);
777c478bd9Sstevel@tonic-gate 
787c478bd9Sstevel@tonic-gate 	cmd = atoi(argv[1]);
797c478bd9Sstevel@tonic-gate 	fcn = atoi(argv[2]);
807c478bd9Sstevel@tonic-gate 	if (argc == 4) {	/* mdep argument given */
812df1fe9cSrandyf 		if (cmd != A_REBOOT && cmd != A_SHUTDOWN && cmd != A_DUMP &&
822df1fe9cSrandyf 		    cmd != A_FREEZE) {
837c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s: mdep argument not "
847c478bd9Sstevel@tonic-gate 			    "allowed for this cmd value\n", argv[0]);
857c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, Usage, argv[0]);
867c478bd9Sstevel@tonic-gate 			return (1);
877c478bd9Sstevel@tonic-gate 		} else {
887c478bd9Sstevel@tonic-gate 			mdep = (uintptr_t)argv[3];
897c478bd9Sstevel@tonic-gate 		}
907c478bd9Sstevel@tonic-gate 	}
917c478bd9Sstevel@tonic-gate 
926a3b10dbStz204579 	/* set up audit session and event */
936a3b10dbStz204579 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
946a3b10dbStz204579 		(void) fprintf(stderr, "%s: can't start audit session\n",
956a3b10dbStz204579 		    argv[0]);
966a3b10dbStz204579 	}
976a3b10dbStz204579 	switch (cmd) {
986a3b10dbStz204579 	case A_SHUTDOWN:
996a3b10dbStz204579 		event_id = ADT_uadmin_shutdown;
1006a3b10dbStz204579 		break;
1016a3b10dbStz204579 	case A_REBOOT:
1026a3b10dbStz204579 		event_id = ADT_uadmin_reboot;
1036a3b10dbStz204579 		break;
1046a3b10dbStz204579 	case A_DUMP:
1056a3b10dbStz204579 		event_id = ADT_uadmin_dump;
1066a3b10dbStz204579 		break;
1076a3b10dbStz204579 	case A_REMOUNT:
1086a3b10dbStz204579 		event_id = ADT_uadmin_remount;
1096a3b10dbStz204579 		break;
1106a3b10dbStz204579 	case A_FREEZE:
1116a3b10dbStz204579 		event_id = ADT_uadmin_freeze;
1126a3b10dbStz204579 		break;
1136a3b10dbStz204579 	case A_FTRACE:
1146a3b10dbStz204579 		event_id = ADT_uadmin_ftrace;
1156a3b10dbStz204579 		break;
116753a6d45SSherry Moore 	case A_CONFIG:
117753a6d45SSherry Moore 		event_id = ADT_uadmin_config;
118753a6d45SSherry Moore 		break;
1196a3b10dbStz204579 	case A_SWAPCTL:
1206a3b10dbStz204579 		event_id = ADT_uadmin_swapctl;
1216a3b10dbStz204579 		break;
1226a3b10dbStz204579 	default:
1236a3b10dbStz204579 		event_id = 0;
1246a3b10dbStz204579 	}
1256a3b10dbStz204579 	if ((event_id != 0) &&
1266a3b10dbStz204579 	    (event = adt_alloc_event(ah, event_id)) == NULL) {
1276a3b10dbStz204579 		(void) fprintf(stderr, "%s: can't allocate audit event\n",
1286a3b10dbStz204579 		    argv[0]);
1296a3b10dbStz204579 	}
1306a3b10dbStz204579 	switch (fcn) {
1316a3b10dbStz204579 	case AD_HALT:
1326a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_HALT;
1336a3b10dbStz204579 		break;
1346a3b10dbStz204579 	case AD_POWEROFF:
1356a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_POWEROFF;
1366a3b10dbStz204579 		break;
1376a3b10dbStz204579 	case AD_BOOT:
1386a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_BOOT;
1396a3b10dbStz204579 		break;
1406a3b10dbStz204579 	case AD_IBOOT:
1416a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_IBOOT;
1426a3b10dbStz204579 		break;
1436a3b10dbStz204579 	case AD_SBOOT:
1446a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_SBOOT;
1456a3b10dbStz204579 		break;
1466a3b10dbStz204579 	case AD_SIBOOT:
1476a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_SIBOOT;
1486a3b10dbStz204579 		break;
1496a3b10dbStz204579 	case AD_NOSYNC:
1506a3b10dbStz204579 		fcn_id = ADT_UADMIN_FCN_AD_NOSYNC;
1516a3b10dbStz204579 		break;
15219397407SSherry Moore 	case AD_FASTREBOOT:
15319397407SSherry Moore #ifdef __i386
15419397407SSherry Moore 		fcn_id = ADT_UADMIN_FCN_AD_FASTREBOOT;
15519397407SSherry Moore 		mdep = NULL;	/* Ignore all arguments */
156753a6d45SSherry Moore #else /* __i386 */
15719397407SSherry Moore 		fcn = AD_BOOT;
15819397407SSherry Moore 		fcn_id = ADT_UADMIN_FCN_AD_BOOT;
15919397407SSherry Moore #endif /* __i386 */
16019397407SSherry Moore 		break;
16119397407SSherry Moore 	case AD_FASTREBOOT_DRYRUN:
16219397407SSherry Moore 		fcn_id = ADT_UADMIN_FCN_AD_FASTREBOOT_DRYRUN;
16319397407SSherry Moore 		mdep = NULL;	/* Ignore all arguments */
16419397407SSherry Moore 		break;
1656a3b10dbStz204579 	default:
1666a3b10dbStz204579 		fcn_id = 0;
1676a3b10dbStz204579 	}
1686a3b10dbStz204579 	if (cmd == A_FREEZE) {
1696a3b10dbStz204579 		switch (fcn) {
1706a3b10dbStz204579 		case AD_SUSPEND_TO_DISK:
1716a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_DISK;
1726a3b10dbStz204579 			break;
1736a3b10dbStz204579 		case AD_CHECK_SUSPEND_TO_DISK:
1746a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_DISK;
1756a3b10dbStz204579 			break;
1766a3b10dbStz204579 		case AD_FORCE:
1776a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_FORCE;
1786a3b10dbStz204579 			break;
1796a3b10dbStz204579 		case AD_SUSPEND_TO_RAM:
1806a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_RAM;
1816a3b10dbStz204579 			break;
1826a3b10dbStz204579 		case AD_CHECK_SUSPEND_TO_RAM:
1836a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_RAM;
1846a3b10dbStz204579 			break;
1856a3b10dbStz204579 		case AD_REUSEINIT:
1866a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_REUSEINIT;
1876a3b10dbStz204579 			break;
1886a3b10dbStz204579 		case AD_REUSABLE:
1896a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_REUSABLE;
1906a3b10dbStz204579 			break;
1916a3b10dbStz204579 		case AD_REUSEFINI:
1926a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_REUSEFINI;
1936a3b10dbStz204579 			break;
1946a3b10dbStz204579 		}
1956a3b10dbStz204579 	} else if (cmd == A_FTRACE) {
1966a3b10dbStz204579 		switch (fcn) {
1976a3b10dbStz204579 		case AD_FTRACE_START:
1986a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_FTRACE_START;
1996a3b10dbStz204579 			break;
2006a3b10dbStz204579 		case AD_FTRACE_STOP:
2016a3b10dbStz204579 			fcn_id = ADT_UADMIN_FCN_AD_FTRACE_STOP;
2026a3b10dbStz204579 			break;
2036a3b10dbStz204579 		}
204753a6d45SSherry Moore #ifdef	__i386
205753a6d45SSherry Moore 	} else if (cmd == A_CONFIG) {
206c90a5fbeSSherry Moore 		uint8_t boot_config = 0;
207c90a5fbeSSherry Moore 		uint8_t boot_config_ovr = 0;
208c90a5fbeSSherry Moore 
209753a6d45SSherry Moore 		switch (fcn) {
210753a6d45SSherry Moore 		case AD_UPDATE_BOOT_CONFIG:
211753a6d45SSherry Moore 			fcn_id = ADT_UADMIN_FCN_AD_UPDATE_BOOT_CONFIG;
212753a6d45SSherry Moore 			scf_get_boot_config(&boot_config);
213c90a5fbeSSherry Moore 			boot_config_ovr = boot_config;
214c90a5fbeSSherry Moore 			scf_get_boot_config_ovr(&boot_config_ovr);
215c90a5fbeSSherry Moore 			boot_config &= boot_config_ovr;
216753a6d45SSherry Moore 			mdep = (uintptr_t)(&boot_config);
217753a6d45SSherry Moore 			break;
218753a6d45SSherry Moore 		}
219753a6d45SSherry Moore #endif /* __i386 */
2206a3b10dbStz204579 	}
2216a3b10dbStz204579 
2227c478bd9Sstevel@tonic-gate 	if (geteuid() == 0) {
2236a3b10dbStz204579 		if (event != NULL) {
2246a3b10dbStz204579 			switch (cmd) {
2256a3b10dbStz204579 			case A_SHUTDOWN:
2266a3b10dbStz204579 				event->adt_uadmin_shutdown.fcn = fcn_id;
2276a3b10dbStz204579 				event->adt_uadmin_shutdown.mdep = (char *)mdep;
2286a3b10dbStz204579 				break;
2296a3b10dbStz204579 			case A_REBOOT:
2306a3b10dbStz204579 				event->adt_uadmin_reboot.fcn = fcn_id;
2316a3b10dbStz204579 				event->adt_uadmin_reboot.mdep = (char *)mdep;
2326a3b10dbStz204579 				break;
2336a3b10dbStz204579 			case A_DUMP:
2346a3b10dbStz204579 				event->adt_uadmin_dump.fcn = fcn_id;
2356a3b10dbStz204579 				event->adt_uadmin_dump.mdep = (char *)mdep;
2366a3b10dbStz204579 				break;
2376a3b10dbStz204579 			case A_REMOUNT:
2386a3b10dbStz204579 				/* no parameters */
2396a3b10dbStz204579 				break;
2406a3b10dbStz204579 			case A_FREEZE:
2416a3b10dbStz204579 				event->adt_uadmin_freeze.fcn = fcn_id;
2426a3b10dbStz204579 				event->adt_uadmin_freeze.mdep = (char *)mdep;
2436a3b10dbStz204579 				break;
2446a3b10dbStz204579 			case A_FTRACE:
2456a3b10dbStz204579 				event->adt_uadmin_ftrace.fcn = fcn_id;
246753a6d45SSherry Moore 				event->adt_uadmin_ftrace.mdep = (char *)mdep;
247753a6d45SSherry Moore 				break;
248753a6d45SSherry Moore 			case A_CONFIG:
249753a6d45SSherry Moore 				event->adt_uadmin_config.fcn = fcn_id;
250753a6d45SSherry Moore 				event->adt_uadmin_config.mdep = (char *)mdep;
2516a3b10dbStz204579 				break;
2526a3b10dbStz204579 			case A_SWAPCTL:
2536a3b10dbStz204579 				event->adt_uadmin_swapctl.fcn = fcn_id;
2546a3b10dbStz204579 				break;
2556a3b10dbStz204579 			}
2566a3b10dbStz204579 
2576a3b10dbStz204579 			if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
2586a3b10dbStz204579 				(void) fprintf(stderr,
2596a3b10dbStz204579 				    "%s: can't put audit event\n", argv[0]);
2606a3b10dbStz204579 			}
2616a3b10dbStz204579 			/*
2626a3b10dbStz204579 			 * allow audit record to be processed in the kernel
2636a3b10dbStz204579 			 * audit queue
2646a3b10dbStz204579 			 */
2656a3b10dbStz204579 			wait_for_auqueue();
2666a3b10dbStz204579 		}
2676a3b10dbStz204579 
268b08d8a12Sgww 		if (closeout_audit(cmd, fcn) == -1)
2697c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s: can't turn off auditd\n",
2707c478bd9Sstevel@tonic-gate 			    argv[0]);
2717c478bd9Sstevel@tonic-gate 
2727c478bd9Sstevel@tonic-gate 		if (cmd == A_SHUTDOWN || cmd == A_REBOOT)
27358091fd8Ssetje 			(void) creat(SMF_RST, 0777);
2747c478bd9Sstevel@tonic-gate 	}
2757c478bd9Sstevel@tonic-gate 
2766a3b10dbStz204579 	(void) adt_free_event(event);
2777c478bd9Sstevel@tonic-gate 	if (uadmin(cmd, fcn, mdep) < 0) {
2787c478bd9Sstevel@tonic-gate 		perror("uadmin");
2797c478bd9Sstevel@tonic-gate 
28058091fd8Ssetje 		(void) unlink(SMF_RST);
28158091fd8Ssetje 
2827c478bd9Sstevel@tonic-gate 		return (1);
2837c478bd9Sstevel@tonic-gate 	}
2847c478bd9Sstevel@tonic-gate 
285b08d8a12Sgww 	/* If returning from a suspend, audit thaw */
286b08d8a12Sgww 	if ((cmd == A_FREEZE) &&
287b08d8a12Sgww 	    ((fcn == AD_FORCE) ||
288b08d8a12Sgww 	    (fcn == AD_REUSABLE) ||
289b08d8a12Sgww 	    (fcn == AD_SUSPEND_TO_DISK) ||
290b08d8a12Sgww 	    (fcn == AD_SUSPEND_TO_RAM))) {
291b08d8a12Sgww 		if ((event = adt_alloc_event(ah, ADT_uadmin_thaw)) == NULL) {
292b08d8a12Sgww 			(void) fprintf(stderr, "%s: can't allocate thaw audit "
293b08d8a12Sgww 			    "event\n", argv[0]);
294b08d8a12Sgww 		}
295b08d8a12Sgww 		event->adt_uadmin_thaw.fcn = fcn_id;
296b08d8a12Sgww 		if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
297b08d8a12Sgww 			(void) fprintf(stderr, "%s: can't put thaw audit "
298b08d8a12Sgww 			    "event\n", argv[0]);
299b08d8a12Sgww 		}
300b08d8a12Sgww 		(void) adt_free_event(event);
301b08d8a12Sgww 	}
302b08d8a12Sgww 	(void) adt_end_session(ah);
303b08d8a12Sgww 
3047c478bd9Sstevel@tonic-gate 	return (0);
3057c478bd9Sstevel@tonic-gate }
3066a3b10dbStz204579 
3076a3b10dbStz204579 static int
closeout_audit(int cmd,int fcn)308b08d8a12Sgww closeout_audit(int cmd, int fcn)
3096a3b10dbStz204579 {
310b08d8a12Sgww 	if (!adt_audit_state(AUC_AUDITING)) {
311b08d8a12Sgww 		/* auditd not running, just return */
312b08d8a12Sgww 		return (0);
313b08d8a12Sgww 	}
314e333042dSgww 	switch (cmd) {
315e333042dSgww 	case A_SHUTDOWN:
31619397407SSherry Moore 		switch (fcn) {
31719397407SSherry Moore 		case AD_FASTREBOOT_DRYRUN:
31819397407SSherry Moore 			/* No system discontinuity, don't turn off auditd */
31919397407SSherry Moore 			return (0);
32019397407SSherry Moore 		default:
32119397407SSherry Moore 			break;	/* For all the other shutdown functions */
32219397407SSherry Moore 		}
32319397407SSherry Moore 		/* FALLTHROUGH */
324e333042dSgww 	case A_REBOOT:
325e333042dSgww 	case A_DUMP:
326e333042dSgww 		/* system shutting down, turn off auditd */
327b08d8a12Sgww 		return (turnoff_auditd());
328e333042dSgww 	case A_REMOUNT:
329e333042dSgww 	case A_SWAPCTL:
330e333042dSgww 	case A_FTRACE:
331753a6d45SSherry Moore 	case A_CONFIG:
332e333042dSgww 		/* No system discontinuity, don't turn off auditd */
333e333042dSgww 		return (0);
334e333042dSgww 	case A_FREEZE:
335e333042dSgww 		switch (fcn) {
336e333042dSgww 		case AD_CHECK_SUSPEND_TO_DISK:	/* AD_CHECK */
337e333042dSgww 		case AD_CHECK_SUSPEND_TO_RAM:
338e333042dSgww 		case AD_REUSEINIT:
339e333042dSgww 		case AD_REUSEFINI:
340e333042dSgww 			/* No system discontinuity, don't turn off auditd */
341e333042dSgww 			return (0);
342e333042dSgww 		case AD_REUSABLE:
343e333042dSgww 		case AD_SUSPEND_TO_DISK:	/* AD_COMPRESS */
344e333042dSgww 		case AD_SUSPEND_TO_RAM:
345e333042dSgww 		case AD_FORCE:
346e333042dSgww 			/* suspend the system, change audit files */
347b08d8a12Sgww 			return (change_audit_file());
348e333042dSgww 		default:
349b08d8a12Sgww 			return (0);	/* not an audit error */
350e333042dSgww 		}
351e333042dSgww 	default:
352b08d8a12Sgww 		return (0);	/* not an audit error */
353b08d8a12Sgww 	}
354e333042dSgww }
355e333042dSgww 
356b08d8a12Sgww static int
turnoff_auditd(void)357b08d8a12Sgww turnoff_auditd(void)
358b08d8a12Sgww {
359b08d8a12Sgww 	int	rc;
360b08d8a12Sgww 	int	retries = RETRY_COUNT;
361b08d8a12Sgww 
362b08d8a12Sgww 	if ((rc = (int)fork()) == 0) {
363*1b2d1c94SMarek Pospisil 		(void) execl("/usr/sbin/audit", "audit", "-T", NULL);
3646a3b10dbStz204579 		(void) fprintf(stderr, "error disabling auditd: %s\n",
3656dcd8691Sgww 		    strerror(errno));
3666dcd8691Sgww 		_exit(-1);
3676dcd8691Sgww 	} else if (rc == -1) {
3686dcd8691Sgww 		(void) fprintf(stderr, "error disabling auditd: %s\n",
3696dcd8691Sgww 		    strerror(errno));
3706a3b10dbStz204579 		return (-1);
3716a3b10dbStz204579 	}
3726a3b10dbStz204579 
3736dcd8691Sgww 	/*
3746dcd8691Sgww 	 * wait for auditd to finish its work.  auditd will change the
3756dcd8691Sgww 	 * auditstart from AUC_AUDITING (auditd up and running) to
3766dcd8691Sgww 	 * AUC_NOAUDIT.  Other states are errors, so we're done as well.
3776dcd8691Sgww 	 */
3786a3b10dbStz204579 	do {
3796dcd8691Sgww 		int	auditstate;
3806a3b10dbStz204579 
3816dcd8691Sgww 		rc = -1;
3826dcd8691Sgww 		if ((auditon(A_GETCOND, (caddr_t)&auditstate,
3836dcd8691Sgww 		    sizeof (auditstate)) == 0) &&
3846dcd8691Sgww 		    (auditstate == AUC_AUDITING)) {
3856a3b10dbStz204579 			retries--;
3866a3b10dbStz204579 			(void) sleep(1);
3876a3b10dbStz204579 		} else {
3886a3b10dbStz204579 			rc = 0;
3896a3b10dbStz204579 		}
3906dcd8691Sgww 	} while ((rc != 0) && (retries != 0));
3916a3b10dbStz204579 
3926a3b10dbStz204579 	return (rc);
3936a3b10dbStz204579 }
3946a3b10dbStz204579 
395b08d8a12Sgww static int
change_audit_file(void)396b08d8a12Sgww change_audit_file(void)
397b08d8a12Sgww {
398b08d8a12Sgww 	pid_t	pid;
399b08d8a12Sgww 
400b08d8a12Sgww 	if ((pid = fork()) == 0) {
401b08d8a12Sgww 		(void) execl("/usr/sbin/audit", "audit", "-n", NULL);
402b08d8a12Sgww 		(void) fprintf(stderr, "error changing audit files: %s\n",
403b08d8a12Sgww 		    strerror(errno));
404b08d8a12Sgww 		_exit(-1);
405b08d8a12Sgww 	} else if (pid == -1) {
406b08d8a12Sgww 		(void) fprintf(stderr, "error changing audit files: %s\n",
407b08d8a12Sgww 		    strerror(errno));
408b08d8a12Sgww 		return (-1);
409b08d8a12Sgww 	} else {
410b08d8a12Sgww 		pid_t	rc;
411b08d8a12Sgww 		int	retries = RETRY_COUNT;
412b08d8a12Sgww 
413b08d8a12Sgww 		/*
414b08d8a12Sgww 		 * Wait for audit(1M) -n process to complete
415b08d8a12Sgww 		 *
416b08d8a12Sgww 		 */
417b08d8a12Sgww 		do {
418b08d8a12Sgww 			if ((rc = waitpid(pid, NULL, WNOHANG)) == pid) {
419b08d8a12Sgww 				return (0);
420b08d8a12Sgww 			} else if (rc == -1) {
421b08d8a12Sgww 				return (-1);
422b08d8a12Sgww 			} else {
423b08d8a12Sgww 				(void) sleep(1);
424b08d8a12Sgww 				retries--;
425b08d8a12Sgww 			}
426b08d8a12Sgww 
427b08d8a12Sgww 		} while (retries != 0);
428b08d8a12Sgww 	}
429b08d8a12Sgww 	return (-1);
430b08d8a12Sgww }
431b08d8a12Sgww 
4326a3b10dbStz204579 static void
wait_for_auqueue()4336a3b10dbStz204579 wait_for_auqueue()
4346a3b10dbStz204579 {
4356a3b10dbStz204579 	au_stat_t	au_stat;
4366a3b10dbStz204579 	int		retries = 10;
4376a3b10dbStz204579 
4386a3b10dbStz204579 	while (retries-- && auditon(A_GETSTAT, (caddr_t)&au_stat, NULL) == 0) {
4396a3b10dbStz204579 		if (au_stat.as_enqueue == au_stat.as_written) {
4406a3b10dbStz204579 			break;
4416a3b10dbStz204579 		}
4426a3b10dbStz204579 		(void) sleep(1);
4436a3b10dbStz204579 	}
4446a3b10dbStz204579 }
445