17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*405e5d68Stz204579 * Common Development and Distribution License (the "License"). 6*405e5d68Stz204579 * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*405e5d68Stz204579 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #include <sys/systm.h> 297c478bd9Sstevel@tonic-gate #include <sys/errno.h> 307c478bd9Sstevel@tonic-gate #include <sys/policy.h> 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include <c2/audit.h> 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate /*ARGSUSED1*/ 357c478bd9Sstevel@tonic-gate int 367c478bd9Sstevel@tonic-gate auditsys(struct auditcalls *uap, rval_t *rvp) 377c478bd9Sstevel@tonic-gate { 387c478bd9Sstevel@tonic-gate int err; 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate /* 417c478bd9Sstevel@tonic-gate * this ugly hack is because auditsys returns 0 for 427c478bd9Sstevel@tonic-gate * all cases except audit_active == 0 and 437c478bd9Sstevel@tonic-gate * uap->code == BSM_AUDITCTRL || BSM_AUDITON || default) 447c478bd9Sstevel@tonic-gate */ 457c478bd9Sstevel@tonic-gate 46*405e5d68Stz204579 if (!audit_active) 47*405e5d68Stz204579 return (ENOTSUP); 48*405e5d68Stz204579 497c478bd9Sstevel@tonic-gate switch (uap->code) { 507c478bd9Sstevel@tonic-gate case BSM_GETAUID: 517c478bd9Sstevel@tonic-gate case BSM_SETAUID: 527c478bd9Sstevel@tonic-gate case BSM_GETAUDIT: 537c478bd9Sstevel@tonic-gate case BSM_SETAUDIT: 547c478bd9Sstevel@tonic-gate case BSM_AUDIT: 557c478bd9Sstevel@tonic-gate case BSM_AUDITSVC: 567c478bd9Sstevel@tonic-gate return (0); 577c478bd9Sstevel@tonic-gate case BSM_AUDITCTL: 587c478bd9Sstevel@tonic-gate case BSM_AUDITON: 597c478bd9Sstevel@tonic-gate if ((int)uap->a1 == A_GETCOND) 607c478bd9Sstevel@tonic-gate err = secpolicy_audit_getattr(CRED()); 617c478bd9Sstevel@tonic-gate else 627c478bd9Sstevel@tonic-gate /* FALLTHROUGH */ 637c478bd9Sstevel@tonic-gate default: 647c478bd9Sstevel@tonic-gate /* Return a different error when not privileged */ 657c478bd9Sstevel@tonic-gate err = secpolicy_audit_config(CRED()); 667c478bd9Sstevel@tonic-gate if (err == 0) 677c478bd9Sstevel@tonic-gate return (EINVAL); 687c478bd9Sstevel@tonic-gate else 697c478bd9Sstevel@tonic-gate return (err); 707c478bd9Sstevel@tonic-gate } 717c478bd9Sstevel@tonic-gate } 72