1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * auditconfig - set and display audit parameters 30 */ 31 32 #include <locale.h> 33 #include <sys/types.h> 34 #include <ctype.h> 35 #include <stdlib.h> 36 #include <stdarg.h> 37 #include <unistd.h> 38 #include <errno.h> 39 #include <sys/param.h> 40 #include <stdio.h> 41 #include <string.h> 42 #include <strings.h> 43 #include <nlist.h> 44 #include <fcntl.h> 45 #include <sys/socket.h> 46 #include <netdb.h> 47 #include <netinet/in.h> 48 #include <arpa/inet.h> 49 #include <sys/mkdev.h> 50 #include <sys/param.h> 51 #include <pwd.h> 52 #include <libintl.h> 53 #include <zone.h> 54 55 #include <tsol/label.h> 56 #include <bsm/audit.h> 57 #include <bsm/audit_record.h> 58 #include <bsm/libbsm.h> 59 60 #if !defined(TEXT_DOMAIN) 61 #define TEXT_DOMAIN "SUNW_OST_OSCMD" 62 #endif 63 64 enum commands { 65 AC_ARG_AUDIT, 66 AC_ARG_ACONF, 67 AC_ARG_CHKCONF, 68 AC_ARG_CHKACONF, 69 AC_ARG_CONF, 70 AC_ARG_GETASID, 71 AC_ARG_GETAUDIT, 72 AC_ARG_GETAUID, 73 AC_ARG_GETCAR, 74 AC_ARG_GETCLASS, 75 AC_ARG_GETCOND, 76 AC_ARG_GETCWD, 77 AC_ARG_GETESTATE, 78 AC_ARG_GETFSIZE, 79 AC_ARG_GETKAUDIT, 80 AC_ARG_GETKMASK, 81 AC_ARG_GETPINFO, 82 AC_ARG_GETPOLICY, 83 AC_ARG_GETQBUFSZ, 84 AC_ARG_GETQCTRL, 85 AC_ARG_GETQDELAY, 86 AC_ARG_GETQHIWATER, 87 AC_ARG_GETQLOWATER, 88 AC_ARG_GETSTAT, 89 AC_ARG_GETTERMID, 90 AC_ARG_LSEVENT, 91 AC_ARG_LSPOLICY, 92 AC_ARG_SETASID, 93 AC_ARG_SETAUDIT, 94 AC_ARG_SETAUID, 95 AC_ARG_SETCLASS, 96 AC_ARG_SETFSIZE, 97 AC_ARG_SETKAUDIT, 98 AC_ARG_SETKMASK, 99 AC_ARG_SETPMASK, 100 AC_ARG_SETPOLICY, 101 AC_ARG_SETSMASK, 102 AC_ARG_SETSTAT, 103 AC_ARG_SETQBUFSZ, 104 AC_ARG_SETQCTRL, 105 AC_ARG_SETQDELAY, 106 AC_ARG_SETQHIWATER, 107 AC_ARG_SETQLOWATER, 108 AC_ARG_SETUMASK 109 }; 110 111 #define AC_KERN_EVENT 0 112 #define AC_USER_EVENT 1 113 114 #define NONE(s) (!strlen(s) ? gettext("none") : s) 115 116 #define ALL_POLICIES (AUDIT_AHLT|\ 117 AUDIT_ARGE|\ 118 AUDIT_ARGV|\ 119 AUDIT_CNT|\ 120 AUDIT_GROUP|\ 121 AUDIT_PASSWD|\ 122 AUDIT_WINDATA|\ 123 AUDIT_SEQ|\ 124 AUDIT_TRAIL|\ 125 AUDIT_PATH|\ 126 AUDIT_PUBLIC|\ 127 AUDIT_ZONENAME|\ 128 AUDIT_PERZONE|\ 129 AUDIT_WINDATA_DOWN|\ 130 AUDIT_WINDATA_UP) 131 132 #define NO_POLICIES (0) 133 134 #define ONEK 1024 135 136 /* 137 * remove this after the audit.h is fixed 138 */ 139 140 struct arg_entry { 141 char *arg_str; 142 char *arg_opts; 143 enum commands auditconfig_cmd; 144 }; 145 146 struct policy_entry { 147 char *policy_str; 148 uint_t policy_mask; 149 char *policy_desc; 150 }; 151 152 static struct arg_entry arg_table[] = { 153 { "-aconf", "", AC_ARG_ACONF}, 154 { "-audit", "event sorf retval string", AC_ARG_AUDIT}, 155 { "-chkaconf", "", AC_ARG_CHKACONF}, 156 { "-chkconf", "", AC_ARG_CHKCONF}, 157 { "-conf", "", AC_ARG_CONF}, 158 { "-getasid", "", AC_ARG_GETASID}, 159 { "-getaudit", "", AC_ARG_GETAUDIT}, 160 { "-getauid", "", AC_ARG_GETAUID}, 161 { "-getcar", "", AC_ARG_GETCAR}, 162 { "-getclass", "event", AC_ARG_GETCLASS}, 163 { "-getcond", "", AC_ARG_GETCOND}, 164 { "-getcwd", "", AC_ARG_GETCWD}, 165 { "-getestate", "event", AC_ARG_GETESTATE}, 166 { "-getfsize", "", AC_ARG_GETFSIZE}, 167 { "-getkaudit", "", AC_ARG_GETKAUDIT}, 168 { "-getkmask", "", AC_ARG_GETKMASK}, 169 { "-getpinfo", "pid", AC_ARG_GETPINFO}, 170 { "-getpolicy", "", AC_ARG_GETPOLICY}, 171 { "-getqbufsz", "", AC_ARG_GETQBUFSZ}, 172 { "-getqctrl", "", AC_ARG_GETQCTRL}, 173 { "-getqdelay", "", AC_ARG_GETQDELAY}, 174 { "-getqhiwater", "", AC_ARG_GETQHIWATER}, 175 { "-getqlowater", "", AC_ARG_GETQLOWATER}, 176 { "-getstat", "", AC_ARG_GETSTAT}, 177 { "-gettid", "", AC_ARG_GETTERMID}, 178 { "-lsevent", "", AC_ARG_LSEVENT}, 179 { "-lspolicy", "", AC_ARG_LSPOLICY}, 180 { "-setasid", "asid [cmd]", AC_ARG_SETASID}, 181 { "-setaudit", "auid audit_flags termid asid [cmd]", 182 AC_ARG_SETAUDIT}, 183 { "-setauid", "auid [cmd]", AC_ARG_SETAUID}, 184 { "-setclass", "event audit_flags", AC_ARG_SETCLASS}, 185 { "-setfsize", "filesize", AC_ARG_SETFSIZE}, 186 { "-setkaudit", "type IP_address", AC_ARG_SETKAUDIT}, 187 { "-setkmask", "audit_flags", AC_ARG_SETKMASK}, 188 { "-setpmask", "pid audit_flags", AC_ARG_SETPMASK}, 189 { "-setpolicy", "[+|-]policy_flags", AC_ARG_SETPOLICY}, 190 { "-setqbufsz", "bufsz", AC_ARG_SETQBUFSZ}, 191 { "-setqctrl", "hiwater lowater bufsz delay", AC_ARG_SETQCTRL}, 192 { "-setqdelay", "delay", AC_ARG_SETQDELAY}, 193 { "-setqhiwater", "hiwater", AC_ARG_SETQHIWATER}, 194 { "-setqlowater", "lowater", AC_ARG_SETQLOWATER}, 195 { "-setsmask", "asid audit_flags", AC_ARG_SETSMASK}, 196 { "-setstat", "", AC_ARG_SETSTAT}, 197 { "-setumask", "user audit_flags", AC_ARG_SETUMASK}, 198 }; 199 200 #define ARG_TBL_SZ (sizeof (arg_table) / sizeof (struct arg_entry)) 201 202 static struct policy_entry policy_table[] = { 203 {"ahlt", AUDIT_AHLT, "halt machine if it can not record an " 204 "async event"}, 205 {"all", ALL_POLICIES, "all policies"}, 206 {"arge", AUDIT_ARGE, "include exec environment args in audit recs"}, 207 {"argv", AUDIT_ARGV, "include exec command line args in audit recs"}, 208 {"cnt", AUDIT_CNT, "when no more space, drop recs and keep a cnt"}, 209 {"group", AUDIT_GROUP, "include supplementary groups in audit recs"}, 210 {"none", NO_POLICIES, "no policies"}, 211 {"path", AUDIT_PATH, "allow multiple paths per event"}, 212 {"perzone", AUDIT_PERZONE, "use a separate queue and auditd per " 213 "zone"}, 214 {"public", AUDIT_PUBLIC, "audit public files"}, 215 {"seq", AUDIT_SEQ, "include a sequence number in audit recs"}, 216 {"trail", AUDIT_TRAIL, "include trailer token in audit recs"}, 217 {"windata_down", AUDIT_WINDATA_DOWN, "include downgraded window " 218 "information in audit recs"}, 219 {"windata_up", AUDIT_WINDATA_UP, "include upgraded window " 220 "information in audit recs"}, 221 {"zonename", AUDIT_ZONENAME, "generate zonename token"} 222 }; 223 224 #define POLICY_TBL_SZ (sizeof (policy_table) / sizeof (struct policy_entry)) 225 226 static char *progname = "auditconfig"; 227 228 static au_event_ent_t *egetauevnam(char *event_name); 229 static au_event_ent_t *egetauevnum(au_event_t event_number); 230 static int arg_ent_compare(const void *aep1, const void *aep2); 231 static char *cond2str(void); 232 static int policy2str(uint_t policy, char *policy_str, size_t len); 233 static int str2type(char *s, uint_t *type); 234 static int str2policy(char *policy_str, uint_t *policy_mask); 235 static int str2ipaddr(char *s, uint32_t *addr, uint32_t type); 236 static int strisflags(char *s); 237 static int strisipaddr(char *s); 238 static int strisnum(char *s); 239 static struct arg_entry *get_arg_ent(char *arg_str); 240 static struct policy_entry *get_policy_ent(char *policy); 241 static uid_t get_user_id(char *user); 242 static void chk_event_num(int etype, au_event_t event); 243 static void chk_event_str(int etype, char *event_str); 244 static void chk_retval(char *retval_str); 245 static void chk_sorf(char *sorf_str); 246 static void do_aconf(void); 247 static void do_args(char **argv); 248 static void do_audit(char *, char, int, char *); 249 static void do_chkaconf(void); 250 static void do_chkconf(void); 251 static void do_conf(void); 252 static void do_getasid(void); 253 static void do_getaudit(void); 254 static void do_getkaudit(void); 255 static void do_setkaudit(char *t, char *s); 256 static void do_getauid(void); 257 static void do_getcar(void); 258 static void do_getclass(char *event_str); 259 static void do_getcond(void); 260 static void do_getcwd(void); 261 static void do_getkmask(void); 262 static void do_getpinfo(char *pid_str); 263 static void do_getpolicy(void); 264 static void do_getqbufsz(void); 265 static void do_getqctrl(void); 266 static void do_getqdelay(void); 267 static void do_getqhiwater(void); 268 static void do_getqlowater(void); 269 static void do_getstat(void); 270 static void do_gettermid(void); 271 static void do_lsevent(void); 272 static void do_lspolicy(void); 273 static void do_setasid(char *sid_str, char **argv); 274 static void do_setaudit(char *user_str, char *mask_str, char *tid_str, 275 char *sid_str, char **argv); 276 static void do_setauid(char *user, char **argv); 277 static void do_setclass(char *event_str, char *audit_flags); 278 static void do_setkmask(char *audit_flags); 279 static void do_setpmask(char *pid_str, char *audit_flags); 280 static void do_setsmask(char *asid_str, char *audit_flags); 281 static void do_setumask(char *auid_str, char *audit_flags); 282 static void do_setpolicy(char *policy_str); 283 static void do_setqbufsz(char *bufsz); 284 static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay); 285 static void do_setqdelay(char *delay); 286 static void do_setqhiwater(char *hiwater); 287 static void do_setqlowater(char *lowater); 288 static void do_setstat(void); 289 static void do_getfsize(void); 290 static void do_setfsize(char *size); 291 static void str2mask(char *mask_str, au_mask_t *mp); 292 static void str2tid(char *tid_str, au_tid_addr_t *tp); 293 static void strsplit(char *s, char *p1, char *p2, char c); 294 295 static void eauditon(int cmd, caddr_t data, int length); 296 static void egetaudit(auditinfo_addr_t *ai, int size); 297 static void egetkaudit(auditinfo_addr_t *ai, int size); 298 static void esetkaudit(auditinfo_addr_t *ai, int size); 299 static void egetauditflagsbin(char *auditflags, au_mask_t *pmask); 300 static void egetauid(au_id_t *auid); 301 static void esetaudit(auditinfo_addr_t *ai, int size); 302 static void esetauid(au_id_t *auid); 303 static void execit(char **argv); 304 static void exit_error(char *fmt, ...); 305 static void exit_usage(int status); 306 static void parse_args(char **argv); 307 static void print_asid(au_asid_t asid); 308 static void print_auid(au_id_t auid); 309 static void print_mask(char *desc, au_mask_t *pmp); 310 static void print_tid_ex(au_tid_addr_t *tidp); 311 312 int 313 main(int argc, char **argv) 314 { 315 (void) setlocale(LC_ALL, ""); 316 (void) textdomain(TEXT_DOMAIN); 317 318 if (argc == 1) { 319 exit_usage(0); 320 exit(0); 321 } 322 323 if (argc == 2 && 324 (argv[1][0] == '?' || 325 strcmp(argv[1], "-h") == 0 || 326 strcmp(argv[1], "-?") == 0)) 327 exit_usage(0); 328 329 parse_args(argv); 330 do_args(argv); 331 332 return (0); 333 } 334 335 /* 336 * parse_args() 337 * Desc: Checks command line argument syntax. 338 * Inputs: Command line argv; 339 * Returns: If a syntax error is detected, a usage message is printed 340 * and exit() is called. If a syntax error is not detected, 341 * parse_args() returns without a value. 342 */ 343 static void 344 parse_args(char **argv) 345 { 346 struct arg_entry *ae; 347 348 au_mask_t mask; 349 uint_t type; 350 uint_t addr[4]; 351 352 for (++argv; *argv; argv++) { 353 if ((ae = get_arg_ent(*argv)) == NULL) { 354 exit_usage(1); 355 } 356 357 switch (ae->auditconfig_cmd) { 358 359 case AC_ARG_AUDIT: 360 ++argv; 361 if (!*argv) 362 exit_usage(1); 363 if (strisnum(*argv)) { 364 chk_event_num(AC_USER_EVENT, 365 (au_event_t)atol(*argv)); 366 } else { 367 chk_event_str(AC_USER_EVENT, *argv); 368 } 369 ++argv; 370 if (!*argv) 371 exit_usage(1); 372 chk_sorf(*argv); 373 ++argv; 374 if (!*argv) 375 exit_usage(1); 376 chk_retval(*argv); 377 ++argv; 378 if (!*argv) 379 exit_usage(1); 380 break; 381 382 case AC_ARG_CHKCONF: 383 case AC_ARG_CONF: 384 case AC_ARG_ACONF: 385 case AC_ARG_CHKACONF: 386 case AC_ARG_GETASID: 387 case AC_ARG_GETAUID: 388 case AC_ARG_GETAUDIT: 389 case AC_ARG_GETKAUDIT: 390 break; 391 392 case AC_ARG_GETCLASS: 393 case AC_ARG_GETESTATE: 394 ++argv; 395 if (!*argv) 396 exit_usage(1); 397 if (strisnum(*argv)) { 398 chk_event_num(AC_KERN_EVENT, 399 (au_event_t)atol(*argv)); 400 } else { 401 chk_event_str(AC_KERN_EVENT, *argv); 402 } 403 break; 404 405 case AC_ARG_GETCAR: 406 case AC_ARG_GETCOND: 407 case AC_ARG_GETCWD: 408 case AC_ARG_GETKMASK: 409 case AC_ARG_GETPOLICY: 410 case AC_ARG_GETQBUFSZ: 411 case AC_ARG_GETQCTRL: 412 case AC_ARG_GETQDELAY: 413 case AC_ARG_GETQHIWATER: 414 case AC_ARG_GETQLOWATER: 415 case AC_ARG_GETSTAT: 416 case AC_ARG_GETTERMID: 417 case AC_ARG_LSEVENT: 418 case AC_ARG_LSPOLICY: 419 break; 420 421 case AC_ARG_SETASID: 422 case AC_ARG_SETAUID: 423 case AC_ARG_SETAUDIT: 424 ++argv; 425 if (!*argv) 426 exit_usage(1); 427 428 while (*argv) 429 ++argv; 430 --argv; 431 432 break; 433 434 case AC_ARG_SETKAUDIT: 435 ++argv; 436 if (!*argv) 437 exit_usage(1); 438 if (str2type (*argv, &type)) 439 exit_error(gettext( 440 "Invalid IP address type specified.")); 441 ++argv; 442 if (!*argv) 443 exit_usage(1); 444 445 if (str2ipaddr(*argv, addr, type)) 446 exit_error(gettext( 447 "Invalid IP address specified.")); 448 break; 449 450 case AC_ARG_SETCLASS: 451 ++argv; 452 if (!*argv) 453 exit_usage(1); 454 if (strisnum(*argv)) 455 chk_event_num(AC_KERN_EVENT, 456 (au_event_t)atol(*argv)); 457 else 458 chk_event_str(AC_KERN_EVENT, *argv); 459 ++argv; 460 if (!*argv) 461 exit_usage(1); 462 str2mask(*argv, &mask); 463 break; 464 465 case AC_ARG_SETKMASK: 466 ++argv; 467 if (!*argv) 468 exit_usage(1); 469 str2mask(*argv, &mask); 470 break; 471 472 case AC_ARG_SETPOLICY: 473 ++argv; 474 if (!*argv) 475 exit_usage(1); 476 break; 477 478 case AC_ARG_SETSTAT: 479 break; 480 481 case AC_ARG_GETPINFO: 482 ++argv; 483 if (!*argv) 484 exit_usage(1); 485 break; 486 487 case AC_ARG_SETPMASK: 488 ++argv; 489 if (!*argv) 490 exit_usage(1); 491 ++argv; 492 if (!*argv) 493 exit_usage(1); 494 str2mask(*argv, &mask); 495 break; 496 497 case AC_ARG_SETQBUFSZ: 498 ++argv; 499 if (!*argv) 500 exit_usage(1); 501 if (!strisnum(*argv)) 502 exit_error(gettext("Invalid bufsz specified.")); 503 break; 504 505 case AC_ARG_SETQCTRL: 506 ++argv; 507 if (!*argv) 508 exit_usage(1); 509 if (!strisnum(*argv)) 510 exit_error(gettext( 511 "Invalid hiwater specified.")); 512 ++argv; 513 if (!*argv) 514 exit_usage(1); 515 if (!strisnum(*argv)) 516 exit_error(gettext( 517 gettext("Invalid lowater specified."))); 518 ++argv; 519 if (!*argv) 520 exit_usage(1); 521 if (!strisnum(*argv)) 522 exit_error(gettext("Invalid bufsz specified.")); 523 ++argv; 524 if (!*argv) 525 exit_usage(1); 526 if (!strisnum(*argv)) 527 exit_error(gettext("Invalid delay specified.")); 528 break; 529 530 case AC_ARG_SETQDELAY: 531 ++argv; 532 if (!*argv) 533 exit_usage(1); 534 if (!strisnum(*argv)) 535 exit_error(gettext("Invalid delay specified.")); 536 break; 537 538 case AC_ARG_SETQHIWATER: 539 ++argv; 540 if (!*argv) 541 exit_usage(1); 542 if (!strisnum(*argv)) { 543 exit_error(gettext( 544 "Invalid hiwater specified.")); 545 } 546 break; 547 548 case AC_ARG_SETQLOWATER: 549 ++argv; 550 if (!*argv) 551 exit_usage(1); 552 if (!strisnum(*argv)) { 553 exit_error(gettext( 554 "Invalid lowater specified.")); 555 } 556 break; 557 558 case AC_ARG_SETSMASK: 559 case AC_ARG_SETUMASK: 560 ++argv; 561 if (!*argv) 562 exit_usage(1); 563 ++argv; 564 if (!*argv) 565 exit_usage(1); 566 str2mask(*argv, &mask); 567 break; 568 569 case AC_ARG_GETFSIZE: 570 break; 571 572 case AC_ARG_SETFSIZE: 573 ++argv; 574 if (!*argv) 575 exit_usage(1); 576 if (!strisnum(*argv)) { 577 exit_error(gettext( 578 "Invalid hiwater specified.")); 579 } 580 break; 581 582 default: 583 exit_error(gettext("Internal error #1.")); 584 break; 585 } 586 } 587 } 588 589 590 /* 591 * do_args() 592 * Desc: Do command line arguments in the order in which they appear. 593 */ 594 static void 595 do_args(char **argv) 596 { 597 struct arg_entry *ae; 598 599 for (++argv; *argv; argv++) { 600 ae = get_arg_ent(*argv); 601 602 switch (ae->auditconfig_cmd) { 603 604 case AC_ARG_AUDIT: 605 { 606 char sorf; 607 int retval; 608 char *event_name; 609 char *audit_str; 610 611 ++argv; 612 event_name = *argv; 613 ++argv; 614 sorf = (char)atoi(*argv); 615 ++argv; 616 retval = atoi(*argv); 617 ++argv; 618 audit_str = *argv; 619 do_audit(event_name, sorf, retval, audit_str); 620 } 621 break; 622 623 case AC_ARG_CHKCONF: 624 do_chkconf(); 625 break; 626 627 case AC_ARG_CONF: 628 do_conf(); 629 break; 630 631 case AC_ARG_CHKACONF: 632 do_chkaconf(); 633 break; 634 635 case AC_ARG_ACONF: 636 do_aconf(); 637 break; 638 639 case AC_ARG_GETASID: 640 do_getasid(); 641 break; 642 643 case AC_ARG_GETAUID: 644 do_getauid(); 645 break; 646 647 case AC_ARG_GETAUDIT: 648 do_getaudit(); 649 break; 650 651 case AC_ARG_GETKAUDIT: 652 do_getkaudit(); 653 break; 654 655 case AC_ARG_GETCLASS: 656 case AC_ARG_GETESTATE: 657 ++argv; 658 do_getclass(*argv); 659 break; 660 661 case AC_ARG_GETCAR: 662 do_getcar(); 663 break; 664 665 case AC_ARG_GETCOND: 666 do_getcond(); 667 break; 668 669 case AC_ARG_GETCWD: 670 do_getcwd(); 671 break; 672 673 case AC_ARG_GETKMASK: 674 do_getkmask(); 675 break; 676 677 case AC_ARG_GETPOLICY: 678 do_getpolicy(); 679 break; 680 681 case AC_ARG_GETQBUFSZ: 682 do_getqbufsz(); 683 break; 684 685 case AC_ARG_GETQCTRL: 686 do_getqctrl(); 687 break; 688 689 case AC_ARG_GETQDELAY: 690 do_getqdelay(); 691 break; 692 693 case AC_ARG_GETQHIWATER: 694 do_getqhiwater(); 695 break; 696 697 case AC_ARG_GETQLOWATER: 698 do_getqlowater(); 699 break; 700 701 case AC_ARG_GETSTAT: 702 do_getstat(); 703 break; 704 705 case AC_ARG_GETTERMID: 706 do_gettermid(); 707 break; 708 709 case AC_ARG_LSEVENT: 710 do_lsevent(); 711 break; 712 713 case AC_ARG_LSPOLICY: 714 do_lspolicy(); 715 break; 716 717 case AC_ARG_SETASID: 718 { 719 char *sid_str; 720 721 ++argv; 722 sid_str = *argv; 723 ++argv; 724 do_setasid(sid_str, argv); 725 } 726 break; 727 728 case AC_ARG_SETAUID: 729 { 730 char *user; 731 732 ++argv; 733 user = *argv; 734 ++argv; 735 do_setauid(user, argv); 736 } 737 break; 738 739 case AC_ARG_SETAUDIT: 740 { 741 char *user_str; 742 char *mask_str; 743 char *tid_str; 744 char *sid_str; 745 746 ++argv; 747 user_str = *argv; 748 ++argv; 749 mask_str = *argv; 750 ++argv; 751 tid_str = *argv; 752 ++argv; 753 sid_str = *argv; 754 ++argv; 755 do_setaudit(user_str, mask_str, 756 tid_str, sid_str, argv); 757 } 758 break; 759 760 case AC_ARG_SETKAUDIT: 761 { 762 char *address_type, *address; 763 764 ++argv; address_type = *argv; 765 ++argv; address = *argv; 766 do_setkaudit(address_type, address); 767 } 768 break; 769 770 case AC_ARG_SETCLASS: 771 { 772 char *event_str, *audit_flags; 773 774 ++argv; event_str = *argv; 775 ++argv; audit_flags = *argv; 776 do_setclass(event_str, audit_flags); 777 } 778 break; 779 780 case AC_ARG_SETKMASK: 781 ++argv; 782 do_setkmask(*argv); 783 break; 784 785 case AC_ARG_SETPOLICY: 786 ++argv; 787 do_setpolicy(*argv); 788 break; 789 790 case AC_ARG_GETPINFO: 791 { 792 char *pid_str; 793 794 ++argv; 795 pid_str = *argv; 796 do_getpinfo(pid_str); 797 } 798 break; 799 800 case AC_ARG_SETPMASK: 801 { 802 char *pid_str; 803 char *audit_flags; 804 805 ++argv; 806 pid_str = *argv; 807 ++argv; 808 audit_flags = *argv; 809 do_setpmask(pid_str, audit_flags); 810 } 811 break; 812 813 case AC_ARG_SETSTAT: 814 do_setstat(); 815 break; 816 817 case AC_ARG_SETQBUFSZ: 818 ++argv; 819 do_setqbufsz(*argv); 820 break; 821 822 case AC_ARG_SETQCTRL: 823 { 824 char *hiwater, *lowater, *bufsz, *delay; 825 826 ++argv; hiwater = *argv; 827 ++argv; lowater = *argv; 828 ++argv; bufsz = *argv; 829 ++argv; delay = *argv; 830 do_setqctrl(hiwater, lowater, bufsz, delay); 831 } 832 break; 833 case AC_ARG_SETQDELAY: 834 ++argv; 835 do_setqdelay(*argv); 836 break; 837 838 case AC_ARG_SETQHIWATER: 839 ++argv; 840 do_setqhiwater(*argv); 841 break; 842 843 case AC_ARG_SETQLOWATER: 844 ++argv; 845 do_setqlowater(*argv); 846 break; 847 848 case AC_ARG_SETSMASK: 849 { 850 char *asid_str; 851 char *audit_flags; 852 853 ++argv; 854 asid_str = *argv; 855 ++argv; 856 audit_flags = *argv; 857 do_setsmask(asid_str, audit_flags); 858 } 859 break; 860 case AC_ARG_SETUMASK: 861 { 862 char *auid_str; 863 char *audit_flags; 864 865 ++argv; 866 auid_str = *argv; 867 ++argv; 868 audit_flags = *argv; 869 do_setumask(auid_str, audit_flags); 870 } 871 break; 872 case AC_ARG_GETFSIZE: 873 do_getfsize(); 874 break; 875 case AC_ARG_SETFSIZE: 876 ++argv; 877 do_setfsize(*argv); 878 break; 879 880 default: 881 exit_error(gettext("Internal error #2.")); 882 break; 883 } 884 } 885 } 886 887 /* 888 * The returned value is for the global zone unless AUDIT_PERZONE is 889 * set. 890 */ 891 892 static void 893 do_chkconf(void) 894 { 895 register au_event_ent_t *evp; 896 au_mask_t pmask; 897 char conf_aflags[256]; 898 char run_aflags[256]; 899 au_stat_t as; 900 int class; 901 int len; 902 struct au_evclass_map cmap; 903 904 pmask.am_success = pmask.am_failure = 0; 905 eauditon(A_GETSTAT, (caddr_t)&as, 0); 906 907 setauevent(); 908 if (getauevent() == NULL) { 909 (void) exit_error(gettext( 910 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); 911 } 912 913 setauevent(); 914 while ((evp = getauevent()) != NULL) { 915 cmap.ec_number = evp->ae_number; 916 len = sizeof (struct au_evclass_map); 917 if (evp->ae_number <= as.as_numevent) { 918 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) { 919 (void) printf("%s(%d):%s", 920 evp->ae_name, evp->ae_number, 921 gettext("UNKNOWN EVENT: Could not get " 922 "class for event. Configuration may " 923 "be bad.\n")); 924 } else { 925 class = cmap.ec_class; 926 if (class != evp->ae_class) { 927 conf_aflags[0] = run_aflags[0] = '\0'; 928 pmask.am_success = class; 929 pmask.am_failure = class; 930 (void) getauditflagschar(run_aflags, 931 &pmask, 0); 932 pmask.am_success = evp->ae_class; 933 pmask.am_failure = evp->ae_class; 934 (void) getauditflagschar(conf_aflags, 935 &pmask, 0); 936 937 (void) printf(gettext( 938 "%s(%d): CLASS MISMATCH: " 939 "runtime class (%s) != " 940 "configured class (%s)\n"), 941 evp->ae_name, evp->ae_number, 942 NONE(run_aflags), 943 NONE(conf_aflags)); 944 } 945 } 946 } 947 } 948 endauevent(); 949 } 950 951 /* 952 * The returned value is for the global zone unless AUDIT_PERZONE is 953 * set. 954 */ 955 static void 956 do_conf(void) 957 { 958 register au_event_ent_t *evp; 959 register int i; 960 au_evclass_map_t ec; 961 au_stat_t as; 962 963 eauditon(A_GETSTAT, (caddr_t)&as, 0); 964 965 i = 0; 966 setauevent(); 967 while ((evp = getauevent()) != NULL) { 968 if (evp->ae_number <= as.as_numevent) { 969 ++i; 970 ec.ec_number = evp->ae_number; 971 ec.ec_class = evp->ae_class; 972 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 973 } 974 } 975 endauevent(); 976 (void) printf(gettext("Configured %d kernel events.\n"), i); 977 978 } 979 980 /* 981 * The returned value is for the global zone unless AUDIT_PERZONE is 982 * set. 983 */ 984 985 static void 986 do_chkaconf(void) 987 { 988 char buf[1024]; 989 au_mask_t pmask, kmask; 990 991 if (getacna(buf, sizeof (buf)) < 0) { 992 (void) fprintf(stderr, 993 gettext("bad non-attributable flags in audit_control\n")); 994 exit(1); 995 } 996 997 if (getauditflagsbin(buf, &pmask) < 0) { 998 (void) fprintf(stderr, 999 gettext("bad audit flag value encountered\n")); 1000 exit(1); 1001 } 1002 1003 eauditon(A_GETKMASK, (caddr_t)&kmask, (int)sizeof (kmask)); 1004 1005 if ((pmask.am_success != kmask.am_success) || 1006 (pmask.am_failure != kmask.am_failure)) { 1007 char kbuf[2048]; 1008 if (getauditflagschar(kbuf, &kmask, 0) < 0) { 1009 (void) fprintf(stderr, 1010 gettext("bad kernel non-attributable mask\n")); 1011 exit(1); 1012 } 1013 (void) printf(gettext("non-attributable event mismatch ")); 1014 (void) printf(gettext("audit_control(%s) kernel(%s)\n"), 1015 buf, kbuf); 1016 } 1017 } 1018 1019 /* 1020 * The returned value is for the global zone unless AUDIT_PERZONE is 1021 * set. 1022 */ 1023 1024 static void 1025 do_aconf(void) 1026 { 1027 char buf[2048]; 1028 au_mask_t pmask; 1029 1030 if (getacna(buf, sizeof (buf)) < 0) { 1031 (void) fprintf(stderr, 1032 gettext("bad non-attributable flags in audit_control\n")); 1033 exit(1); 1034 } 1035 1036 if (getauditflagsbin(buf, &pmask) < 0) { 1037 (void) fprintf(stderr, 1038 gettext("bad audit flag value encountered\n")); 1039 exit(1); 1040 } 1041 1042 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1043 (void) printf(gettext("Configured non-attributable events.\n")); 1044 } 1045 1046 static void 1047 do_audit(char *event, char sorf, int retval, char *audit_str) 1048 { 1049 int rtn; 1050 int rd; 1051 au_event_t event_num; 1052 au_event_ent_t *evp; 1053 auditinfo_addr_t ai; 1054 token_t *tokp; 1055 1056 egetaudit(&ai, sizeof (ai)); 1057 1058 if (strisnum(event)) { 1059 event_num = (au_event_t)atoi(event); 1060 evp = egetauevnum(event_num); 1061 } else { 1062 evp = egetauevnam(event); 1063 } 1064 1065 rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf, 1066 AU_PRS_USECACHE); 1067 1068 if (rtn == -1) { 1069 exit_error("%s\n%s %d\n", 1070 gettext("Check audit event configuration."), 1071 gettext("Could not get audit class for event number"), 1072 evp->ae_number); 1073 } 1074 1075 /* record is preselected */ 1076 if (rtn == 1) { 1077 if ((rd = au_open()) == -1) { 1078 exit_error(gettext("Could not get and audit record " 1079 "descriptor\n")); 1080 } 1081 if ((tokp = au_to_me()) == NULL) { 1082 exit_error(gettext("Could not allocate subject " 1083 "token\n")); 1084 } 1085 if (au_write(rd, tokp) == -1) { 1086 exit_error(gettext("Could not construct subject " 1087 "token of audit record\n")); 1088 } 1089 if (is_system_labeled()) { 1090 if ((tokp = au_to_mylabel()) == NULL) { 1091 exit_error(gettext("Could not allocate " 1092 "label token\n")); 1093 } 1094 if (au_write(rd, tokp) == -1) { 1095 exit_error(gettext("Could not construct " 1096 "label token of audit record\n")); 1097 } 1098 } 1099 1100 if ((tokp = au_to_text(audit_str)) == NULL) 1101 exit_error(gettext("Could not allocate text token\n")); 1102 if (au_write(rd, tokp) == -1) 1103 exit_error(gettext("Could not construct text token of " 1104 "audit record\n")); 1105 #ifdef _LP64 1106 if ((tokp = au_to_return64(sorf, retval)) == NULL) 1107 #else 1108 if ((tokp = au_to_return32(sorf, retval)) == NULL) 1109 #endif 1110 exit_error(gettext("Could not allocate return " 1111 "token\n")); 1112 if (au_write(rd, tokp) == -1) { 1113 exit_error(gettext("Could not construct return token " 1114 "of audit record\n")); 1115 } 1116 if (au_close(rd, 1, evp->ae_number) == -1) { 1117 exit_error(gettext("Could not write audit record: " 1118 "%s\n"), strerror(errno)); 1119 } 1120 } 1121 } 1122 1123 static void 1124 do_getauid(void) 1125 { 1126 au_id_t auid; 1127 1128 egetauid(&auid); 1129 print_auid(auid); 1130 } 1131 1132 static void 1133 do_getaudit(void) 1134 { 1135 auditinfo_addr_t ai; 1136 1137 egetaudit(&ai, sizeof (ai)); 1138 print_auid(ai.ai_auid); 1139 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1140 print_tid_ex(&ai.ai_termid); 1141 print_asid(ai.ai_asid); 1142 } 1143 1144 static void 1145 do_getkaudit(void) 1146 { 1147 auditinfo_addr_t ai; 1148 1149 egetkaudit(&ai, sizeof (ai)); 1150 print_auid(ai.ai_auid); 1151 print_mask(gettext("process preselection mask"), &ai.ai_mask); 1152 print_tid_ex(&ai.ai_termid); 1153 print_asid(ai.ai_asid); 1154 } 1155 1156 /* 1157 * per zone if AUDIT_PERZONE set, else only in global zone. 1158 */ 1159 1160 static void 1161 do_setkaudit(char *t, char *s) 1162 { 1163 uint_t type; 1164 auditinfo_addr_t ai; 1165 1166 egetkaudit(&ai, sizeof (ai)); 1167 (void) str2type(t, &type); 1168 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type); 1169 ai.ai_termid.at_type = type; 1170 esetkaudit(&ai, sizeof (ai)); 1171 } 1172 1173 /* 1174 * returns zone-relative root 1175 */ 1176 1177 static void 1178 do_getcar(void) 1179 { 1180 char path[MAXPATHLEN]; 1181 1182 eauditon(A_GETCAR, (caddr_t)path, (int)sizeof (path)); 1183 (void) printf(gettext("current active root = %s\n"), path); 1184 } 1185 1186 /* 1187 * The returned value is for the global zone unless AUDIT_PERZONE is 1188 * set. 1189 */ 1190 1191 static void 1192 do_getclass(char *event_str) 1193 { 1194 au_evclass_map_t ec; 1195 au_event_ent_t *evp; 1196 au_event_t event_number; 1197 char *event_name; 1198 1199 if (strisnum(event_str)) { 1200 event_number = atol(event_str); 1201 if ((evp = egetauevnum(event_number)) != NULL) { 1202 event_number = evp->ae_number; 1203 event_name = evp->ae_name; 1204 } else { 1205 event_name = gettext("unknown"); 1206 } 1207 } else { 1208 event_name = event_str; 1209 if ((evp = egetauevnam(event_str)) != NULL) { 1210 event_number = evp->ae_number; 1211 } 1212 } 1213 1214 ec.ec_number = event_number; 1215 eauditon(A_GETCLASS, (caddr_t)&ec, 0); 1216 1217 (void) printf(gettext("audit class mask for event %s(%d) = 0x%x\n"), 1218 event_name, event_number, ec.ec_class); 1219 } 1220 1221 /* 1222 * The returned value is for the global zone unless AUDIT_PERZONE is 1223 * set. (AUC_DISABLED is always global, the other states are per zone 1224 * if AUDIT_PERZONE is set) 1225 */ 1226 1227 static void 1228 do_getcond(void) 1229 { 1230 (void) printf(gettext("audit condition = %s\n"), cond2str()); 1231 } 1232 1233 /* 1234 * returned path is relative to zone root 1235 */ 1236 1237 static void 1238 do_getcwd(void) 1239 { 1240 char path[MAXPATHLEN]; 1241 1242 eauditon(A_GETCWD, (caddr_t)path, (int)sizeof (path)); 1243 (void) printf(gettext("current working directory = %s\n"), path); 1244 } 1245 1246 /* 1247 * The returned value is for the global zone unless AUDIT_PERZONE is 1248 * set. 1249 */ 1250 1251 static void 1252 do_getkmask(void) 1253 { 1254 au_mask_t pmask; 1255 1256 eauditon(A_GETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1257 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1258 } 1259 1260 /* 1261 * The returned value is for the global zone unless AUDIT_PERZONE is 1262 * set. (some policies can only be set from the global zone, but all 1263 * can be read from anywhere.) 1264 */ 1265 1266 static void 1267 do_getpolicy(void) 1268 { 1269 char policy_str[1024]; 1270 uint_t policy; 1271 1272 eauditon(A_GETPOLICY, (caddr_t)&policy, 0); 1273 (void) policy2str(policy, policy_str, sizeof (policy_str)); 1274 (void) printf(gettext("audit policies = %s\n"), policy_str); 1275 } 1276 1277 static void 1278 do_getpinfo(char *pid_str) 1279 { 1280 struct auditpinfo_addr ap; 1281 1282 if (strisnum(pid_str)) 1283 ap.ap_pid = (pid_t)atoi(pid_str); 1284 else 1285 exit_usage(1); 1286 1287 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap)); 1288 1289 print_auid(ap.ap_auid); 1290 print_mask(gettext("process preselection mask"), &(ap.ap_mask)); 1291 print_tid_ex(&(ap.ap_termid)); 1292 print_asid(ap.ap_asid); 1293 } 1294 1295 /* 1296 * The returned value is for the global zone unless AUDIT_PERZONE is 1297 * set. 1298 */ 1299 1300 static void 1301 do_getqbufsz(void) 1302 { 1303 struct au_qctrl qctrl; 1304 1305 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1306 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 1307 qctrl.aq_bufsz); 1308 } 1309 1310 /* 1311 * The returned value is for the global zone unless AUDIT_PERZONE is 1312 * set. 1313 */ 1314 1315 static void 1316 do_getqctrl(void) 1317 { 1318 struct au_qctrl qctrl; 1319 1320 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1321 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1322 qctrl.aq_hiwater); 1323 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1324 qctrl.aq_lowater); 1325 (void) printf(gettext("audit queue buffer size (bytes) = %ld\n"), 1326 qctrl.aq_bufsz); 1327 (void) printf(gettext("audit queue delay (ticks) = %ld\n"), 1328 qctrl.aq_delay); 1329 } 1330 1331 /* 1332 * The returned value is for the global zone unless AUDIT_PERZONE is 1333 * set. 1334 */ 1335 1336 static void 1337 do_getqdelay(void) 1338 { 1339 struct au_qctrl qctrl; 1340 1341 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1342 (void) printf(gettext("audit queue delay (ticks) = %ld\n"), 1343 qctrl.aq_delay); 1344 } 1345 1346 /* 1347 * The returned value is for the global zone unless AUDIT_PERZONE is 1348 * set. 1349 */ 1350 1351 static void 1352 do_getqhiwater(void) 1353 { 1354 struct au_qctrl qctrl; 1355 1356 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1357 (void) printf(gettext("audit queue hiwater mark (records) = %ld\n"), 1358 qctrl.aq_hiwater); 1359 } 1360 1361 /* 1362 * The returned value is for the global zone unless AUDIT_PERZONE is 1363 * set. 1364 */ 1365 1366 static void 1367 do_getqlowater(void) 1368 { 1369 struct au_qctrl qctrl; 1370 1371 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1372 (void) printf(gettext("audit queue lowater mark (records) = %ld\n"), 1373 qctrl.aq_lowater); 1374 } 1375 1376 static void 1377 do_getasid(void) 1378 { 1379 auditinfo_addr_t ai; 1380 1381 if (getaudit_addr(&ai, sizeof (ai))) { 1382 exit_error(gettext("getaudit_addr(2) failed")); 1383 } 1384 print_asid(ai.ai_asid); 1385 } 1386 1387 /* 1388 * The stats are for the entire system unless AUDIT_PERZONE is set. 1389 */ 1390 1391 static void 1392 do_getstat(void) 1393 { 1394 au_stat_t as; 1395 int offset[12]; /* used to line the header up correctly */ 1396 char buf[512]; 1397 1398 eauditon(A_GETSTAT, (caddr_t)&as, 0); 1399 (void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu " 1400 "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n", 1401 (ulong_t)as.as_generated, &(offset[0]), 1402 (ulong_t)as.as_nonattrib, &(offset[1]), 1403 (ulong_t)as.as_kernel, &(offset[2]), 1404 (ulong_t)as.as_audit, &(offset[3]), 1405 (ulong_t)as.as_auditctl, &(offset[4]), 1406 (ulong_t)as.as_enqueue, &(offset[5]), 1407 (ulong_t)as.as_written, &(offset[6]), 1408 (ulong_t)as.as_wblocked, &(offset[7]), 1409 (ulong_t)as.as_rblocked, &(offset[8]), 1410 (ulong_t)as.as_dropped, &(offset[9]), 1411 (ulong_t)as.as_totalsize / ONEK, &(offset[10]), 1412 (ulong_t)as.as_memused / ONEK, &(offset[11])); 1413 1414 /* 1415 * TRANSLATION_NOTE 1416 * Print a properly aligned header. 1417 */ 1418 (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n", 1419 offset[0] - 1, gettext("gen"), 1420 offset[1] - offset[0] -1, gettext("nona"), 1421 offset[2] - offset[1] -1, gettext("kern"), 1422 offset[3] - offset[2] -1, gettext("aud"), 1423 offset[4] - offset[3] -1, gettext("ctl"), 1424 offset[5] - offset[4] -1, gettext("enq"), 1425 offset[6] - offset[5] -1, gettext("wrtn"), 1426 offset[7] - offset[6] -1, gettext("wblk"), 1427 offset[8] - offset[7] -1, gettext("rblk"), 1428 offset[9] - offset[8] -1, gettext("drop"), 1429 offset[10] - offset[9] -1, gettext("tot"), 1430 offset[11] - offset[10], gettext("mem")); 1431 1432 (void) printf("%s\n", buf); 1433 } 1434 1435 static void 1436 do_gettermid(void) 1437 { 1438 auditinfo_addr_t ai; 1439 1440 if (getaudit_addr(&ai, sizeof (ai))) { 1441 exit_error(gettext("getaudit_addr(2) failed")); 1442 } 1443 print_tid_ex(&ai.ai_termid); 1444 } 1445 1446 /* 1447 * The returned value is for the global zone unless AUDIT_PERZONE is 1448 * set. 1449 */ 1450 1451 static void 1452 do_getfsize(void) 1453 { 1454 au_fstat_t fstat; 1455 1456 eauditon(A_GETFSIZE, (caddr_t)&fstat, 0); 1457 (void) printf(gettext("Maximum file size %d, current file size %d\n"), 1458 fstat.af_filesz, fstat.af_currsz); 1459 } 1460 1461 /* 1462 * The returned value is for the global zone unless AUDIT_PERZONE is 1463 * set. 1464 */ 1465 1466 static void 1467 do_lsevent(void) 1468 { 1469 register au_event_ent_t *evp; 1470 au_mask_t pmask; 1471 char auflags[256]; 1472 1473 setauevent(); 1474 if (getauevent() == NULL) { 1475 (void) exit_error(gettext( 1476 "NO AUDIT EVENTS: Could not read %s\n."), AUDITEVENTFILE); 1477 } 1478 1479 setauevent(); 1480 while ((evp = getauevent()) != NULL) { 1481 pmask.am_success = pmask.am_failure = evp->ae_class; 1482 if (getauditflagschar(auflags, &pmask, 0) == -1) 1483 (void) strcpy(auflags, "unknown"); 1484 (void) printf("%-30s %5d %s %s\n", 1485 evp->ae_name, evp->ae_number, auflags, evp->ae_desc); 1486 } 1487 endauevent(); 1488 } 1489 1490 /* 1491 * The returned value is for the global zone unless AUDIT_PERZONE is 1492 * set. 1493 */ 1494 1495 static void 1496 do_lspolicy(void) 1497 { 1498 int i; 1499 1500 /* 1501 * TRANSLATION_NOTE 1502 * Print a properly aligned header. 1503 */ 1504 (void) printf(gettext("policy string description:\n")); 1505 for (i = 0; i < POLICY_TBL_SZ; i++) { 1506 (void) printf("%-17s%s\n", policy_table[i].policy_str, 1507 gettext(policy_table[i].policy_desc)); 1508 } 1509 } 1510 1511 static void 1512 do_setasid(char *sid_str, char **argv) 1513 { 1514 struct auditinfo_addr ai; 1515 1516 if (getaudit_addr(&ai, sizeof (ai))) { 1517 exit_error(gettext("getaudit_addr(2) failed")); 1518 } 1519 ai.ai_asid = (au_asid_t)atol(sid_str); 1520 if (setaudit_addr(&ai, sizeof (ai))) { 1521 exit_error(gettext("setaudit_addr(2) failed")); 1522 } 1523 execit(argv); 1524 } 1525 1526 static void 1527 do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str, 1528 char **argv) 1529 { 1530 auditinfo_addr_t ai; 1531 1532 ai.ai_auid = (au_id_t)get_user_id(user_str); 1533 str2mask(mask_str, &ai.ai_mask), 1534 str2tid(tid_str, &ai.ai_termid); 1535 ai.ai_asid = (au_asid_t)atol(sid_str); 1536 1537 esetaudit(&ai, sizeof (ai)); 1538 execit(argv); 1539 } 1540 1541 static void 1542 do_setauid(char *user, char **argv) 1543 { 1544 au_id_t auid; 1545 1546 auid = get_user_id(user); 1547 esetauid(&auid); 1548 execit(argv); 1549 } 1550 1551 static void 1552 do_setpmask(char *pid_str, char *audit_flags) 1553 { 1554 struct auditpinfo ap; 1555 1556 if (strisnum(pid_str)) 1557 ap.ap_pid = (pid_t)atoi(pid_str); 1558 else 1559 exit_usage(1); 1560 1561 str2mask(audit_flags, &ap.ap_mask); 1562 1563 eauditon(A_SETPMASK, (caddr_t)&ap, (int)sizeof (ap)); 1564 } 1565 1566 static void 1567 do_setsmask(char *asid_str, char *audit_flags) 1568 { 1569 struct auditinfo ainfo; 1570 1571 if (strisnum(asid_str)) 1572 ainfo.ai_asid = (pid_t)atoi(asid_str); 1573 else 1574 exit_usage(1); 1575 1576 str2mask(audit_flags, &ainfo.ai_mask); 1577 1578 eauditon(A_SETSMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1579 } 1580 1581 static void 1582 do_setumask(char *auid_str, char *audit_flags) 1583 { 1584 struct auditinfo ainfo; 1585 1586 if (strisnum(auid_str)) 1587 ainfo.ai_auid = (pid_t)atoi(auid_str); 1588 else 1589 exit_usage(1); 1590 1591 str2mask(audit_flags, &ainfo.ai_mask); 1592 1593 eauditon(A_SETUMASK, (caddr_t)&ainfo, (int)sizeof (ainfo)); 1594 } 1595 1596 /* 1597 * local zone use is valid if AUDIT_PERZONE is set, otherwise the 1598 * syscall returns EPERM. 1599 */ 1600 1601 static void 1602 do_setstat(void) 1603 { 1604 au_stat_t as; 1605 1606 as.as_audit = (uint_t)-1; 1607 as.as_auditctl = (uint_t)-1; 1608 as.as_dropped = (uint_t)-1; 1609 as.as_enqueue = (uint_t)-1; 1610 as.as_generated = (uint_t)-1; 1611 as.as_kernel = (uint_t)-1; 1612 as.as_nonattrib = (uint_t)-1; 1613 as.as_rblocked = (uint_t)-1; 1614 as.as_totalsize = (uint_t)-1; 1615 as.as_wblocked = (uint_t)-1; 1616 as.as_written = (uint_t)-1; 1617 1618 eauditon(A_SETSTAT, (caddr_t)&as, (int)sizeof (as)); 1619 (void) printf("%s\n", gettext("audit stats reset")); 1620 } 1621 1622 /* 1623 * AUDIT_PERZONE set: valid in all zones 1624 * AUDIT_PERZONE not set: valid in global zone only 1625 */ 1626 1627 static void 1628 do_setclass(char *event_str, char *audit_flags) 1629 { 1630 au_event_t event; 1631 int mask; 1632 au_mask_t pmask; 1633 au_evclass_map_t ec; 1634 au_event_ent_t *evp; 1635 1636 if (strisnum(event_str)) 1637 event = (uint_t)atol(event_str); 1638 else { 1639 if ((evp = egetauevnam(event_str)) != NULL) 1640 event = evp->ae_number; 1641 } 1642 1643 if (strisnum(audit_flags)) 1644 mask = atoi(audit_flags); 1645 else { 1646 str2mask(audit_flags, &pmask); 1647 mask = pmask.am_success | pmask.am_failure; 1648 } 1649 1650 ec.ec_number = event; 1651 ec.ec_class = mask; 1652 eauditon(A_SETCLASS, (caddr_t)&ec, (int)sizeof (ec)); 1653 } 1654 1655 /* 1656 * AUDIT_PERZONE set: valid in all zones 1657 * AUDIT_PERZONE not set: valid in global zone only 1658 */ 1659 1660 static void 1661 do_setkmask(char *audit_flags) 1662 { 1663 au_mask_t pmask; 1664 1665 str2mask(audit_flags, &pmask); 1666 eauditon(A_SETKMASK, (caddr_t)&pmask, (int)sizeof (pmask)); 1667 print_mask(gettext("audit flags for non-attributable events"), &pmask); 1668 } 1669 1670 /* 1671 * ahlt and perzone are global zone only; the other policies are valid 1672 * in a local zone if AUDIT_PERZONE is set. The kernel insures that 1673 * a local zone can't change ahlt and perzone (EINVAL). 1674 */ 1675 1676 static void 1677 do_setpolicy(char *policy_str) 1678 { 1679 uint_t policy; 1680 1681 switch (str2policy(policy_str, &policy)) { 1682 case 2: 1683 exit_error(gettext( 1684 "policy (%s) invalid in a local zone."), 1685 policy_str); 1686 break; 1687 default: 1688 exit_error(gettext( 1689 "Invalid policy (%s) specified."), 1690 policy_str); 1691 break; 1692 case 0: 1693 eauditon(A_SETPOLICY, (caddr_t)&policy, 0); 1694 break; 1695 } 1696 } 1697 1698 /* 1699 * AUDIT_PERZONE set: valid in all zones 1700 * AUDIT_PERZONE not set: valid in global zone only 1701 */ 1702 1703 static void 1704 do_setqbufsz(char *bufsz) 1705 { 1706 struct au_qctrl qctrl; 1707 1708 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1709 qctrl.aq_bufsz = atol(bufsz); 1710 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1711 } 1712 1713 /* 1714 * AUDIT_PERZONE set: valid in all zones 1715 * AUDIT_PERZONE not set: valid in global zone only 1716 */ 1717 1718 static void 1719 do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay) 1720 { 1721 struct au_qctrl qctrl; 1722 1723 qctrl.aq_hiwater = atol(hiwater); 1724 qctrl.aq_lowater = atol(lowater); 1725 qctrl.aq_bufsz = atol(bufsz); 1726 qctrl.aq_delay = atol(delay); 1727 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1728 } 1729 1730 /* 1731 * AUDIT_PERZONE set: valid in all zones 1732 * AUDIT_PERZONE not set: valid in global zone only 1733 */ 1734 1735 static void 1736 do_setqdelay(char *delay) 1737 { 1738 struct au_qctrl qctrl; 1739 1740 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1741 qctrl.aq_delay = atol(delay); 1742 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1743 } 1744 1745 /* 1746 * AUDIT_PERZONE set: valid in all zones 1747 * AUDIT_PERZONE not set: valid in global zone only 1748 */ 1749 1750 static void 1751 do_setqhiwater(char *hiwater) 1752 { 1753 struct au_qctrl qctrl; 1754 1755 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1756 qctrl.aq_hiwater = atol(hiwater); 1757 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1758 } 1759 1760 /* 1761 * AUDIT_PERZONE set: valid in all zones 1762 * AUDIT_PERZONE not set: valid in global zone only 1763 */ 1764 1765 static void 1766 do_setqlowater(char *lowater) 1767 { 1768 struct au_qctrl qctrl; 1769 1770 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0); 1771 qctrl.aq_lowater = atol(lowater); 1772 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0); 1773 } 1774 1775 /* 1776 * AUDIT_PERZONE set: valid in all zones 1777 * AUDIT_PERZONE not set: valid in global zone only 1778 */ 1779 1780 static void 1781 do_setfsize(char *size) 1782 { 1783 au_fstat_t fstat; 1784 1785 fstat.af_filesz = atol(size); 1786 eauditon(A_SETFSIZE, (caddr_t)&fstat, 0); 1787 } 1788 1789 static void 1790 eauditon(int cmd, caddr_t data, int length) 1791 { 1792 if (auditon(cmd, data, length) == -1) 1793 exit_error(gettext("auditon(2) failed.")); 1794 } 1795 1796 static void 1797 egetauid(au_id_t *auid) 1798 { 1799 if (getauid(auid) == -1) 1800 exit_error(gettext("getauid(2) failed.")); 1801 } 1802 1803 static void 1804 egetaudit(auditinfo_addr_t *ai, int size) 1805 { 1806 if (getaudit_addr(ai, size) == -1) 1807 exit_error(gettext("getaudit_addr(2) failed.")); 1808 } 1809 1810 static void 1811 egetkaudit(auditinfo_addr_t *ai, int size) 1812 { 1813 if (auditon(A_GETKAUDIT, (char *)ai, size) < 0) 1814 exit_error(gettext("auditon: A_GETKAUDIT failed.")); 1815 } 1816 1817 static void 1818 esetkaudit(auditinfo_addr_t *ai, int size) 1819 { 1820 if (auditon(A_SETKAUDIT, (char *)ai, size) < 0) 1821 exit_error(gettext("auditon: A_SETKAUDIT failed.")); 1822 } 1823 1824 static void 1825 egetauditflagsbin(char *auditflags, au_mask_t *pmask) 1826 { 1827 pmask->am_success = pmask->am_failure = 0; 1828 1829 if (strcmp(auditflags, "none") == 0) 1830 return; 1831 1832 if (getauditflagsbin(auditflags, pmask) < 0) { 1833 exit_error(gettext("Could not get audit flags (%s)"), 1834 auditflags); 1835 } 1836 } 1837 1838 static au_event_ent_t * 1839 egetauevnum(au_event_t event_number) 1840 { 1841 au_event_ent_t *evp; 1842 1843 if ((evp = getauevnum(event_number)) == NULL) { 1844 exit_error(gettext("Could not get audit event %d"), 1845 event_number); 1846 } 1847 1848 return (evp); 1849 } 1850 1851 static au_event_ent_t * 1852 egetauevnam(char *event_name) 1853 { 1854 register au_event_ent_t *evp; 1855 1856 if ((evp = getauevnam(event_name)) == NULL) 1857 exit_error(gettext("Could not get audit event %s"), event_name); 1858 1859 return (evp); 1860 } 1861 1862 static void 1863 esetauid(au_id_t *auid) 1864 { 1865 if (setauid(auid) == -1) 1866 exit_error(gettext("setauid(2) failed.")); 1867 } 1868 1869 static void 1870 esetaudit(auditinfo_addr_t *ai, int size) 1871 { 1872 if (setaudit_addr(ai, size) == -1) 1873 exit_error(gettext("setaudit_addr(2) failed.")); 1874 } 1875 1876 static uid_t 1877 get_user_id(char *user) 1878 { 1879 struct passwd *pwd; 1880 uid_t uid; 1881 1882 if (isdigit(*user)) { 1883 uid = atoi(user); 1884 if ((pwd = getpwuid(uid)) == NULL) { 1885 exit_error(gettext("Invalid user: %s"), user); 1886 } 1887 } else { 1888 if ((pwd = getpwnam(user)) == NULL) { 1889 exit_error(gettext("Invalid user: %s"), user); 1890 } 1891 } 1892 1893 return (pwd->pw_uid); 1894 } 1895 1896 /* 1897 * get_arg_ent() 1898 * Inputs: command line argument string 1899 * Returns ptr to policy_entry if found; null, if not found 1900 */ 1901 static struct arg_entry * 1902 get_arg_ent(char *arg_str) 1903 { 1904 struct arg_entry key; 1905 1906 key.arg_str = arg_str; 1907 1908 return ((struct arg_entry *)bsearch((char *)&key, (char *)arg_table, 1909 ARG_TBL_SZ, sizeof (struct arg_entry), arg_ent_compare)); 1910 } 1911 1912 /* 1913 * arg_ent_compare() 1914 * Compares two command line arguments to determine which is 1915 * lexicographically greater. 1916 * Inputs: two argument map table entry pointers 1917 * Returns: > 1: aep1->arg_str > aep2->arg_str 1918 * < 1: aep1->arg_str < aep2->arg_str 1919 * 0: aep1->arg_str = aep->arg_str2 1920 */ 1921 static int 1922 arg_ent_compare(const void *aep1, const void *aep2) 1923 { 1924 return (strcmp(((struct arg_entry *)aep1)->arg_str, 1925 ((struct arg_entry *)aep2)->arg_str)); 1926 } 1927 1928 /* 1929 * Convert mask of the following forms: 1930 * 1931 * audit_flags (ie. +lo,-ad,pc) 1932 * 0xffffffff,0xffffffff 1933 * ffffffff,ffffffff 1934 * 20,20 1935 */ 1936 static void 1937 str2mask(char *mask_str, au_mask_t *mp) 1938 { 1939 1940 char sp[256]; 1941 char fp[256]; 1942 1943 mp->am_success = 0; 1944 mp->am_failure = 0; 1945 1946 /* 1947 * a mask of the form +aa,bb,cc,-dd or 1948 * a mask of the form 0xffffffff,0xffffffff or 1,1 1949 */ 1950 if (strisflags(mask_str)) { 1951 egetauditflagsbin(mask_str, mp); 1952 } else { 1953 strsplit(mask_str, sp, fp, ','); 1954 1955 if (strlen(sp) > (size_t)2 && !strncasecmp(sp, "0x", 2)) { 1956 (void) sscanf(sp + 2, "%x", &mp->am_success); 1957 } else { 1958 (void) sscanf(sp, "%u", &mp->am_success); 1959 } 1960 1961 if (strlen(fp) > (size_t)2 && !strncasecmp(fp, "0x", 2)) { 1962 (void) sscanf(fp + 2, "%x", &mp->am_failure); 1963 } else { 1964 (void) sscanf(fp, "%u", &mp->am_failure); 1965 } 1966 } 1967 } 1968 1969 /* 1970 * tid_str is major,minor,host -- host is a name or an ip address 1971 */ 1972 1973 static void 1974 str2tid(char *tid_str, au_tid_addr_t *tp) 1975 { 1976 char *major_str; 1977 char *minor_str; 1978 char *host_str = NULL; 1979 major_t major = 0; 1980 major_t minor = 0; 1981 dev_t dev = 0; 1982 struct hostent *phe; 1983 int err; 1984 uint32_t ibuf; 1985 uint32_t ibuf6[4]; 1986 1987 tp->at_port = 0; 1988 tp->at_type = 0; 1989 bzero(tp->at_addr, 16); 1990 1991 major_str = tid_str; 1992 if ((minor_str = strchr(tid_str, ',')) != NULL) { 1993 *minor_str = '\0'; 1994 minor_str++; 1995 } 1996 1997 if (minor_str) { 1998 if ((host_str = strchr(minor_str, ',')) != NULL) { 1999 *host_str = '\0'; 2000 host_str++; 2001 } 2002 } 2003 2004 if (major_str) 2005 major = (major_t)atoi(major_str); 2006 2007 if (minor_str) 2008 minor = (minor_t)atoi(minor_str); 2009 2010 if ((dev = makedev(major, minor)) != NODEV) 2011 tp->at_port = dev; 2012 2013 if (host_str) { 2014 if (strisipaddr(host_str)) { 2015 if (inet_pton(AF_INET, host_str, &ibuf)) { 2016 tp->at_addr[0] = ibuf; 2017 tp->at_type = AU_IPv4; 2018 } else if (inet_pton(AF_INET6, host_str, ibuf6)) { 2019 tp->at_addr[0] = ibuf6[0]; 2020 tp->at_addr[1] = ibuf6[1]; 2021 tp->at_addr[2] = ibuf6[2]; 2022 tp->at_addr[3] = ibuf6[3]; 2023 tp->at_type = AU_IPv6; 2024 } 2025 } else { 2026 phe = getipnodebyname((const void *)host_str, 2027 AF_INET, 0, &err); 2028 if (phe == 0) { 2029 phe = getipnodebyname((const void *)host_str, 2030 AF_INET6, 0, &err); 2031 } 2032 2033 if (phe != NULL) { 2034 if (phe->h_addrtype == AF_INET6) { 2035 /* address is IPv6 (128 bits) */ 2036 (void) memcpy(&tp->at_addr[0], 2037 phe->h_addr_list[0], 16); 2038 tp->at_type = AU_IPv6; 2039 } else { 2040 /* address is IPv4 (32 bits) */ 2041 (void) memcpy(&tp->at_addr[0], 2042 phe->h_addr_list[0], 4); 2043 tp->at_type = AU_IPv4; 2044 } 2045 freehostent(phe); 2046 } 2047 } 2048 } 2049 } 2050 2051 static char * 2052 cond2str(void) 2053 { 2054 uint_t cond; 2055 2056 eauditon(A_GETCOND, (caddr_t)&cond, (int)sizeof (cond)); 2057 2058 switch (cond) { 2059 2060 case AUC_AUDITING: 2061 return ("auditing"); 2062 2063 case AUC_NOAUDIT: 2064 case AUC_INIT_AUDIT: 2065 return ("noaudit"); 2066 2067 case AUC_UNSET: 2068 return ("unset"); 2069 2070 case AUC_NOSPACE: 2071 return ("nospace"); 2072 2073 default: 2074 return (""); 2075 } 2076 } 2077 2078 static struct policy_entry * 2079 get_policy_ent(char *policy) 2080 { 2081 int i; 2082 2083 for (i = 0; i < POLICY_TBL_SZ; i++) { 2084 if (strcasecmp(policy, 2085 policy_table[i].policy_str) == 0) { 2086 return (&policy_table[i]); 2087 } 2088 } 2089 2090 return (NULL); 2091 } 2092 2093 /* 2094 * exit = 0, success 2095 * 1, error 2096 * 2, bad zone 2097 */ 2098 2099 static int 2100 str2policy(char *policy_str, uint_t *policy_mask) 2101 { 2102 char *buf; 2103 char *tok; 2104 char pfix; 2105 boolean_t is_all = 0; 2106 uint_t pm = 0; 2107 uint_t curp = 0; 2108 struct policy_entry *pep; 2109 2110 pfix = *policy_str; 2111 2112 if (pfix == '-' || pfix == '+' || pfix == '=') 2113 ++policy_str; 2114 2115 if ((buf = strdup(policy_str)) == NULL) 2116 return (1); 2117 2118 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) { 2119 if ((pep = get_policy_ent(tok)) == NULL) { 2120 return (1); 2121 } else { 2122 pm |= pep->policy_mask; 2123 if (pep->policy_mask == ALL_POLICIES) { 2124 is_all = 1; 2125 } 2126 } 2127 } 2128 free(buf); 2129 2130 if (pfix == '-') { 2131 if (!is_all && 2132 (getzoneid() != GLOBAL_ZONEID) && 2133 (pm & ~AUDIT_LOCAL)) { 2134 return (2); 2135 } 2136 eauditon(A_GETPOLICY, (caddr_t)&curp, 0); 2137 if (getzoneid() != GLOBAL_ZONEID) 2138 curp &= AUDIT_LOCAL; 2139 *policy_mask = curp & ~pm; 2140 } else if (pfix == '+') { 2141 /* 2142 * In a local zone, accept specifying "all", but not 2143 * individually specifying global-zone only policies. 2144 * Limit to all locally allowed, so system call doesn't 2145 * fail. 2146 */ 2147 if (!is_all && 2148 (getzoneid() != GLOBAL_ZONEID) && 2149 (pm & ~AUDIT_LOCAL)) { 2150 return (2); 2151 } 2152 eauditon(A_GETPOLICY, (caddr_t)&curp, 0); 2153 if (getzoneid() != GLOBAL_ZONEID) { 2154 curp &= AUDIT_LOCAL; 2155 if (is_all) { 2156 pm &= AUDIT_LOCAL; 2157 } 2158 } 2159 *policy_mask = curp | pm; 2160 } else { 2161 if (is_all && (getzoneid() != GLOBAL_ZONEID)) { 2162 pm &= AUDIT_LOCAL; 2163 } 2164 *policy_mask = pm; 2165 } 2166 return (0); 2167 } 2168 2169 static int 2170 policy2str(uint_t policy, char *policy_str, size_t len) 2171 { 2172 int i, j; 2173 2174 if (policy == ALL_POLICIES) { 2175 (void) strcpy(policy_str, "all"); 2176 return (1); 2177 } 2178 2179 if (policy == NO_POLICIES) { 2180 (void) strcpy(policy_str, "none"); 2181 return (1); 2182 } 2183 2184 *policy_str = '\0'; 2185 2186 for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) { 2187 if (policy & policy_table[i].policy_mask && 2188 policy_table[i].policy_mask != ALL_POLICIES) { 2189 if (j++) { 2190 (void) strcat(policy_str, ","); 2191 } 2192 (void) strlcat(policy_str, policy_table[i].policy_str, 2193 len); 2194 } 2195 } 2196 2197 if (*policy_str) 2198 return (0); 2199 2200 return (1); 2201 } 2202 2203 2204 static int 2205 strisnum(char *s) 2206 { 2207 if (s == NULL || !*s) 2208 return (0); 2209 2210 for (; *s == '-' || *s == '+'; s++) 2211 2212 if (!*s) 2213 return (0); 2214 2215 for (; *s; s++) 2216 if (!isdigit(*s)) 2217 return (0); 2218 2219 return (1); 2220 } 2221 2222 static int 2223 strisflags(char *s) 2224 { 2225 if (s == NULL || !*s) 2226 return (0); 2227 2228 for (; *s; s++) { 2229 if (!isalpha(*s) && 2230 (*s != '+' && *s != '-' && *s != '^' && *s != ',')) 2231 return (0); 2232 } 2233 2234 return (1); 2235 } 2236 2237 static int 2238 strisipaddr(char *s) 2239 { 2240 int dot = 0; 2241 int colon = 0; 2242 2243 /* no string */ 2244 if ((s == NULL) || (!*s)) 2245 return (0); 2246 2247 for (; *s; s++) { 2248 if (!(isxdigit(*s) || *s != '.' || *s != ':')) 2249 return (0); 2250 if (*s == '.') 2251 dot++; 2252 if (*s == ':') 2253 colon++; 2254 } 2255 2256 if (dot && colon) 2257 return (0); 2258 2259 if (!dot && !colon) 2260 return (0); 2261 2262 return (1); 2263 } 2264 2265 static void 2266 strsplit(char *s, char *p1, char *p2, char c) 2267 { 2268 *p1 = *p2 = '\0'; 2269 2270 while (*s != '\0' && *s != c) 2271 *p1++ = *s++; 2272 *p1 = '\0'; 2273 s++; 2274 2275 while (*s != '\0') 2276 *p2++ = *s++; 2277 *p2 = '\0'; 2278 } 2279 2280 static void 2281 chk_event_num(int etype, au_event_t event) 2282 { 2283 au_stat_t as; 2284 2285 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2286 2287 if (etype == AC_KERN_EVENT) { 2288 if (event > as.as_numevent) { 2289 exit_error(gettext("Invalid kernel audit event " 2290 "number specified.\n" 2291 "\t%d is outside allowable range 0-%d."), 2292 event, as.as_numevent); 2293 } 2294 } else { 2295 /* user event */ 2296 if (event <= as.as_numevent) { 2297 exit_error(gettext("Invalid user level audit event " 2298 "number specified %d."), event); 2299 } 2300 } 2301 } 2302 2303 static void 2304 chk_event_str(int etype, char *event_str) 2305 { 2306 au_event_ent_t *evp; 2307 au_stat_t as; 2308 2309 eauditon(A_GETSTAT, (caddr_t)&as, 0); 2310 2311 evp = egetauevnam(event_str); 2312 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) { 2313 exit_error( 2314 gettext("Invalid kernel audit event string specified.\n" 2315 "\t\"%s\" appears to be a user level event. " 2316 "Check configuration."), event_str); 2317 } else if (etype == AC_USER_EVENT && 2318 (evp->ae_number < as.as_numevent)) { 2319 exit_error( 2320 gettext("Invalid user audit event string specified.\n" 2321 "\t\"%s\" appears to be a kernel event. " 2322 "Check configuration."), event_str); 2323 } 2324 } 2325 2326 static void 2327 chk_sorf(char *sorf_str) 2328 { 2329 if (!strisnum(sorf_str)) 2330 exit_error(gettext("Invalid sorf specified: %s"), sorf_str); 2331 } 2332 2333 static void 2334 chk_retval(char *retval_str) 2335 { 2336 if (!strisnum(retval_str)) 2337 exit_error(gettext("Invalid retval specified: %s"), retval_str); 2338 } 2339 2340 static void 2341 execit(char **argv) 2342 { 2343 char *shell; 2344 2345 if (*argv) { 2346 (void) execvp(*argv, argv); 2347 } else { 2348 if (((shell = getenv("SHELL")) == NULL) || 2349 *shell != '/') 2350 shell = "/bin/csh"; 2351 2352 (void) execlp(shell, shell, NULL); 2353 } 2354 2355 exit_error(gettext("exec(2) failed")); 2356 } 2357 2358 /* 2359 * exit_error() 2360 * Desc: Prints an error message along with corresponding system 2361 * error number and error message, then exits. 2362 * Inputs: Program name, program error message. 2363 */ 2364 /*PRINTFLIKE1*/ 2365 static void 2366 exit_error(char *fmt, ...) 2367 { 2368 va_list args; 2369 2370 (void) fprintf(stderr, "%s: ", progname); 2371 2372 va_start(args, fmt); 2373 (void) vfprintf(stderr, fmt, args); 2374 va_end(args); 2375 2376 (void) fputc('\n', stderr); 2377 if (errno) 2378 (void) fprintf(stderr, gettext("%s: error = %s(%d)\n"), 2379 progname, strerror(errno), errno); 2380 (void) fflush(stderr); 2381 2382 exit(1); 2383 } 2384 2385 static void 2386 exit_usage(int status) 2387 { 2388 FILE *fp; 2389 int i; 2390 2391 fp = (status ? stderr : stdout); 2392 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname); 2393 2394 for (i = 0; i < ARG_TBL_SZ; i++) 2395 (void) fprintf(fp, " %s %s\n", 2396 arg_table[i].arg_str, arg_table[i].arg_opts); 2397 2398 exit(status); 2399 } 2400 2401 static void 2402 print_asid(au_asid_t asid) 2403 { 2404 (void) printf(gettext("audit session id = %u\n"), asid); 2405 } 2406 2407 static void 2408 print_auid(au_id_t auid) 2409 { 2410 struct passwd *pwd; 2411 char *username; 2412 2413 if ((pwd = getpwuid((uid_t)auid)) != NULL) 2414 username = pwd->pw_name; 2415 else 2416 username = gettext("unknown"); 2417 2418 (void) printf(gettext("audit id = %s(%d)\n"), username, auid); 2419 } 2420 2421 static void 2422 print_mask(char *desc, au_mask_t *pmp) 2423 { 2424 char auflags[512]; 2425 2426 if (getauditflagschar(auflags, pmp, NULL) < 0) 2427 (void) strlcpy(auflags, gettext("unknown"), sizeof (auflags)); 2428 2429 (void) printf("%s = %s(0x%x,0x%x)\n", 2430 desc, auflags, pmp->am_success, pmp->am_failure); 2431 } 2432 2433 static void 2434 print_tid_ex(au_tid_addr_t *tidp) 2435 { 2436 struct hostent *phe; 2437 char *hostname; 2438 struct in_addr ia; 2439 uint32_t *addr; 2440 int err; 2441 char buf[INET6_ADDRSTRLEN]; 2442 char *bufp; 2443 2444 2445 /* IPV6 or IPV4 address */ 2446 if (tidp->at_type == AU_IPv4) { 2447 if ((phe = gethostbyaddr((char *)&tidp->at_addr[0], 2448 sizeof (tidp->at_addr[0]), AF_INET)) != NULL) { 2449 hostname = phe->h_name; 2450 } else { 2451 hostname = gettext("unknown"); 2452 } 2453 2454 ia.s_addr = tidp->at_addr[0]; 2455 2456 (void) printf(gettext( 2457 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), 2458 major(tidp->at_port), minor(tidp->at_port), 2459 hostname, inet_ntoa(ia)); 2460 } else { 2461 addr = &tidp->at_addr[0]; 2462 phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err); 2463 2464 bzero(buf, sizeof (buf)); 2465 2466 (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf)); 2467 if (phe == NULL) { 2468 bufp = gettext("unknown"); 2469 } else { 2470 bufp = phe->h_name; 2471 } 2472 2473 (void) printf(gettext( 2474 "terminal id (maj,min,host) = %u,%u,%s(%s)\n"), 2475 major(tidp->at_port), minor(tidp->at_port), 2476 bufp, buf); 2477 if (phe) { 2478 freehostent(phe); 2479 } 2480 } 2481 } 2482 2483 static int 2484 str2ipaddr(char *s, uint32_t *addr, uint32_t type) 2485 { 2486 int j, sl; 2487 char *ss; 2488 unsigned int v; 2489 2490 bzero(addr, 16); 2491 if (strisipaddr(s)) { 2492 if (type == AU_IPv4) { 2493 if (inet_pton(AF_INET, s, addr)) { 2494 return (0); 2495 } 2496 return (1); 2497 } else if (type == AU_IPv6) { 2498 if (inet_pton(AF_INET6, s, addr)) 2499 return (0); 2500 return (1); 2501 } 2502 return (1); 2503 } else { 2504 if (type == AU_IPv4) { 2505 (void) sscanf(s, "%x", &addr[0]); 2506 return (0); 2507 } else if (type == AU_IPv6) { 2508 sl = strlen(s); 2509 ss = s; 2510 for (j = 3; j >= 0; j--) { 2511 if ((sl - 8) <= 0) { 2512 (void) sscanf(s, "%x", &v); 2513 addr[j] = v; 2514 return (0); 2515 } 2516 ss = &s[sl-8]; 2517 (void) sscanf(ss, "%x", &v); 2518 addr[j] = v; 2519 sl -= 8; 2520 *ss = '\0'; 2521 } 2522 } 2523 return (0); 2524 } 2525 } 2526 2527 static int 2528 str2type(char *s, uint_t *type) 2529 { 2530 if (strcmp(s, "ipv6") == 0) { 2531 *type = AU_IPv6; 2532 return (0); 2533 } 2534 if (strcmp(s, "ipv4") == 0) { 2535 *type = AU_IPv4; 2536 return (0); 2537 } 2538 2539 return (1); 2540 } 2541