1185573Srwatson/*- 2191273Srwatson * Copyright (c) 2004-2009 Apple Inc. 3155131Srwatson * All rights reserved. 4155131Srwatson * 5155131Srwatson * Redistribution and use in source and binary forms, with or without 6155131Srwatson * modification, are permitted provided that the following conditions 7155131Srwatson * are met: 8155131Srwatson * 1. Redistributions of source code must retain the above copyright 9155131Srwatson * notice, this list of conditions and the following disclaimer. 10155131Srwatson * 2. Redistributions in binary form must reproduce the above copyright 11155131Srwatson * notice, this list of conditions and the following disclaimer in the 12155131Srwatson * documentation and/or other materials provided with the distribution. 13185573Srwatson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 14155131Srwatson * its contributors may be used to endorse or promote products derived 15155131Srwatson * from this software without specific prior written permission. 16155131Srwatson * 17155131Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 18155131Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19155131Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20155131Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 21155131Srwatson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22155131Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23155131Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24155131Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25155131Srwatson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26155131Srwatson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27155131Srwatson * POSSIBILITY OF SUCH DAMAGE. 28155131Srwatson */ 29155131Srwatson 30155518Srwatson#ifdef __APPLE__ 31155518Srwatson#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 32155518Srwatson#endif 33155518Srwatson 34155131Srwatson#include <sys/param.h> 35155131Srwatson#include <sys/stat.h> 36156283Srwatson 37156283Srwatson#ifdef __APPLE__ 38156283Srwatson#include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ 39156283Srwatson#endif 40156283Srwatson 41155131Srwatson#include <sys/sysctl.h> 42155131Srwatson 43155131Srwatson#include <bsm/libbsm.h> 44155131Srwatson 45155131Srwatson#include <unistd.h> 46155131Srwatson#include <syslog.h> 47159248Srwatson#include <stdarg.h> 48155131Srwatson#include <string.h> 49155131Srwatson#include <errno.h> 50155131Srwatson 51155131Srwatson/* These are not advertised in libbsm.h */ 52155131Srwatsonint audit_set_terminal_port(dev_t *p); 53155131Srwatsonint audit_set_terminal_host(uint32_t *m); 54155131Srwatson 55159248Srwatson/* 56159248Srwatson * General purpose audit submission mechanism for userspace. 57159248Srwatson */ 58155131Srwatsonint 59159248Srwatsonaudit_submit(short au_event, au_id_t auid, char status, 60159248Srwatson int reterr, const char *fmt, ...) 61159248Srwatson{ 62159248Srwatson char text[MAX_AUDITSTRING_LEN]; 63159248Srwatson token_t *token; 64191273Srwatson int acond; 65159248Srwatson va_list ap; 66159248Srwatson pid_t pid; 67168777Srwatson int error, afd, subj_ex; 68159248Srwatson struct auditinfo ai; 69168777Srwatson struct auditinfo_addr aia; 70186647Srwatson au_tid_t atid; 71159248Srwatson 72191273Srwatson if (audit_get_cond(&acond) != 0) { 73159248Srwatson /* 74159248Srwatson * If auditon(2) returns ENOSYS, then audit has not been 75159248Srwatson * compiled into the kernel, so just return. 76159248Srwatson */ 77159248Srwatson if (errno == ENOSYS) 78159248Srwatson return (0); 79159248Srwatson error = errno; 80159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 81159248Srwatson strerror(errno)); 82159248Srwatson errno = error; 83159248Srwatson return (-1); 84159248Srwatson } 85159248Srwatson if (acond == AUC_NOAUDIT) 86159248Srwatson return (0); 87159248Srwatson afd = au_open(); 88159248Srwatson if (afd < 0) { 89159248Srwatson error = errno; 90159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 91159248Srwatson strerror(errno)); 92159248Srwatson errno = error; 93159248Srwatson return (-1); 94159248Srwatson } 95168777Srwatson /* 96186647Srwatson * Try to use getaudit_addr(2) first. If this kernel does not support 97186647Srwatson * it, then fall back on to getaudit(2). 98168777Srwatson */ 99168777Srwatson subj_ex = 0; 100186647Srwatson error = getaudit_addr(&aia, sizeof(aia)); 101186647Srwatson if (error < 0 && errno == ENOSYS) { 102186647Srwatson error = getaudit(&ai); 103186647Srwatson if (error < 0) { 104186647Srwatson error = errno; 105186647Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 106186647Srwatson strerror(errno)); 107186647Srwatson errno = error; 108186647Srwatson return (-1); 109186647Srwatson } 110186647Srwatson /* 111186647Srwatson * Convert this auditinfo_t to an auditinfo_addr_t to make the 112186647Srwatson * following code less complicated wrt to preselection and 113186647Srwatson * subject token generation. 114186647Srwatson */ 115186647Srwatson aia.ai_auid = ai.ai_auid; 116186647Srwatson aia.ai_mask = ai.ai_mask; 117186647Srwatson aia.ai_asid = ai.ai_asid; 118186647Srwatson aia.ai_termid.at_type = AU_IPv4; 119186647Srwatson aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 120186647Srwatson aia.ai_termid.at_port = ai.ai_termid.port; 121186647Srwatson } else if (error < 0) { 122159248Srwatson error = errno; 123186647Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", 124159248Srwatson strerror(errno)); 125159248Srwatson errno = error; 126159248Srwatson return (-1); 127159248Srwatson } 128186647Srwatson /* 129186647Srwatson * NB: We should be performing pre-selection here now that we have the 130186647Srwatson * masks for this process. 131186647Srwatson */ 132186647Srwatson if (aia.ai_termid.at_type == AU_IPv6) 133186647Srwatson subj_ex = 1; 134159248Srwatson pid = getpid(); 135186647Srwatson if (subj_ex == 0) { 136186647Srwatson atid.port = aia.ai_termid.at_port; 137186647Srwatson atid.machine = aia.ai_termid.at_addr[0]; 138168777Srwatson token = au_to_subject32(auid, geteuid(), getegid(), 139186647Srwatson getuid(), getgid(), pid, pid, &atid); 140186647Srwatson } else 141168777Srwatson token = au_to_subject_ex(auid, geteuid(), getegid(), 142168777Srwatson getuid(), getgid(), pid, pid, &aia.ai_termid); 143159248Srwatson if (token == NULL) { 144159248Srwatson syslog(LOG_AUTH | LOG_ERR, 145159248Srwatson "audit: unable to build subject token"); 146159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 147159248Srwatson errno = EPERM; 148159248Srwatson return (-1); 149159248Srwatson } 150159248Srwatson if (au_write(afd, token) < 0) { 151159248Srwatson error = errno; 152159248Srwatson syslog(LOG_AUTH | LOG_ERR, 153159248Srwatson "audit: au_write failed: %s", strerror(errno)); 154159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 155159248Srwatson errno = error; 156159248Srwatson return (-1); 157159248Srwatson } 158159248Srwatson if (fmt != NULL) { 159159248Srwatson va_start(ap, fmt); 160159248Srwatson (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 161159248Srwatson va_end(ap); 162159248Srwatson token = au_to_text(text); 163159248Srwatson if (token == NULL) { 164159248Srwatson syslog(LOG_AUTH | LOG_ERR, 165159248Srwatson "audit: failed to generate text token"); 166159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 167159248Srwatson errno = EPERM; 168159248Srwatson return (-1); 169159248Srwatson } 170159248Srwatson if (au_write(afd, token) < 0) { 171159248Srwatson error = errno; 172159248Srwatson syslog(LOG_AUTH | LOG_ERR, 173159248Srwatson "audit: au_write failed: %s", strerror(errno)); 174159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 175159248Srwatson errno = error; 176159248Srwatson return (-1); 177159248Srwatson } 178159248Srwatson } 179191273Srwatson token = au_to_return32(au_errno_to_bsm(status), reterr); 180159248Srwatson if (token == NULL) { 181159248Srwatson syslog(LOG_AUTH | LOG_ERR, 182243750Srwatson "audit: unable to build return token"); 183159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 184159248Srwatson errno = EPERM; 185159248Srwatson return (-1); 186159248Srwatson } 187159248Srwatson if (au_write(afd, token) < 0) { 188159248Srwatson error = errno; 189159248Srwatson syslog(LOG_AUTH | LOG_ERR, 190159248Srwatson "audit: au_write failed: %s", strerror(errno)); 191159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 192159248Srwatson errno = error; 193159248Srwatson return (-1); 194159248Srwatson } 195159248Srwatson if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 196159248Srwatson error = errno; 197159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); 198159248Srwatson errno = error; 199159248Srwatson return (-1); 200159248Srwatson } 201159248Srwatson return (0); 202159248Srwatson} 203159248Srwatson 204159248Srwatsonint 205155131Srwatsonaudit_set_terminal_port(dev_t *p) 206155131Srwatson{ 207155131Srwatson struct stat st; 208155131Srwatson 209155131Srwatson if (p == NULL) 210155131Srwatson return (kAUBadParamErr); 211155131Srwatson 212156283Srwatson#ifdef NODEV 213155131Srwatson *p = NODEV; 214156283Srwatson#else 215156283Srwatson *p = -1; 216156283Srwatson#endif 217155131Srwatson 218155131Srwatson /* for /usr/bin/login, try fstat() first */ 219155131Srwatson if (fstat(STDIN_FILENO, &st) != 0) { 220155131Srwatson if (errno != EBADF) { 221155131Srwatson syslog(LOG_ERR, "fstat() failed (%s)", 222155131Srwatson strerror(errno)); 223155131Srwatson return (kAUStatErr); 224155131Srwatson } 225155131Srwatson if (stat("/dev/console", &st) != 0) { 226155131Srwatson syslog(LOG_ERR, "stat() failed (%s)", 227155131Srwatson strerror(errno)); 228155131Srwatson return (kAUStatErr); 229155131Srwatson } 230155131Srwatson } 231155131Srwatson *p = st.st_rdev; 232155131Srwatson return (kAUNoErr); 233155131Srwatson} 234155131Srwatson 235155131Srwatsonint 236155131Srwatsonaudit_set_terminal_host(uint32_t *m) 237155131Srwatson{ 238156283Srwatson 239156283Srwatson#ifdef KERN_HOSTID 240155131Srwatson int name[2] = { CTL_KERN, KERN_HOSTID }; 241155131Srwatson size_t len; 242155131Srwatson 243155131Srwatson if (m == NULL) 244155131Srwatson return (kAUBadParamErr); 245155131Srwatson *m = 0; 246155131Srwatson len = sizeof(*m); 247155131Srwatson if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 248155131Srwatson syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 249155131Srwatson return (kAUSysctlErr); 250155131Srwatson } 251155131Srwatson return (kAUNoErr); 252156283Srwatson#else 253156283Srwatson *m = -1; 254156283Srwatson return (kAUNoErr); 255156283Srwatson#endif 256155131Srwatson} 257155131Srwatson 258155131Srwatsonint 259155131Srwatsonaudit_set_terminal_id(au_tid_t *tid) 260155131Srwatson{ 261155131Srwatson int ret; 262155131Srwatson 263155131Srwatson if (tid == NULL) 264155131Srwatson return (kAUBadParamErr); 265155131Srwatson if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 266155131Srwatson return (ret); 267155131Srwatson return (audit_set_terminal_host(&tid->machine)); 268155131Srwatson} 269155131Srwatson 270155131Srwatson/* 271155131Srwatson * This is OK for those callers who have only one token to write. If you have 272155131Srwatson * multiple tokens that logically form part of the same audit record, you need 273155131Srwatson * to use the existing au_open()/au_write()/au_close() API: 274155131Srwatson * 275155131Srwatson * aufd = au_open(); 276155131Srwatson * tok = au_to_random_token_1(...); 277155131Srwatson * au_write(aufd, tok); 278155131Srwatson * tok = au_to_random_token_2(...); 279155131Srwatson * au_write(aufd, tok); 280155131Srwatson * ... 281159248Srwatson * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 282155131Srwatson * 283155131Srwatson * Assumes, like all wrapper calls, that the caller has previously checked 284155131Srwatson * that auditing is enabled via the audit_get_state() call. 285155131Srwatson * 286155131Srwatson * XXX: Should be more robust against bad arguments. 287155131Srwatson */ 288155131Srwatsonint 289155131Srwatsonaudit_write(short event_code, token_t *subject, token_t *misctok, char retval, 290155131Srwatson int errcode) 291155131Srwatson{ 292155131Srwatson int aufd; 293155131Srwatson char *func = "audit_write()"; 294155131Srwatson token_t *rettok; 295155131Srwatson 296155131Srwatson if ((aufd = au_open()) == -1) { 297155131Srwatson au_free_token(subject); 298155131Srwatson au_free_token(misctok); 299155131Srwatson syslog(LOG_ERR, "%s: au_open() failed", func); 300155131Srwatson return (kAUOpenErr); 301155131Srwatson } 302155131Srwatson 303155131Srwatson /* Save subject. */ 304155131Srwatson if (subject && au_write(aufd, subject) == -1) { 305155131Srwatson au_free_token(subject); 306155131Srwatson au_free_token(misctok); 307185573Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 308155131Srwatson syslog(LOG_ERR, "%s: write of subject failed", func); 309155131Srwatson return (kAUWriteSubjectTokErr); 310155131Srwatson } 311155131Srwatson 312155131Srwatson /* Save the event-specific token. */ 313155131Srwatson if (misctok && au_write(aufd, misctok) == -1) { 314155131Srwatson au_free_token(misctok); 315159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 316155131Srwatson syslog(LOG_ERR, "%s: write of caller token failed", func); 317155131Srwatson return (kAUWriteCallerTokErr); 318155131Srwatson } 319155131Srwatson 320155131Srwatson /* Tokenize and save the return value. */ 321155131Srwatson if ((rettok = au_to_return32(retval, errcode)) == NULL) { 322159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 323155131Srwatson syslog(LOG_ERR, "%s: au_to_return32() failed", func); 324155131Srwatson return (kAUMakeReturnTokErr); 325155131Srwatson } 326155131Srwatson 327155131Srwatson if (au_write(aufd, rettok) == -1) { 328155131Srwatson au_free_token(rettok); 329159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 330155131Srwatson syslog(LOG_ERR, "%s: write of return code failed", func); 331155131Srwatson return (kAUWriteReturnTokErr); 332155131Srwatson } 333155131Srwatson 334155131Srwatson /* 335159248Srwatson * We assume the caller wouldn't have bothered with this 336155131Srwatson * function if it hadn't already decided to keep the record. 337155131Srwatson */ 338159248Srwatson if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 339155131Srwatson syslog(LOG_ERR, "%s: au_close() failed", func); 340155131Srwatson return (kAUCloseErr); 341155131Srwatson } 342155131Srwatson 343155131Srwatson return (kAUNoErr); 344155131Srwatson} 345155131Srwatson 346155131Srwatson/* 347155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 348155131Srwatson * assumes success; use audit_write_failure() on error. 349155131Srwatson */ 350155131Srwatsonint 351155131Srwatsonaudit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, 352155131Srwatson gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 353155131Srwatson au_tid_t *tid) 354155131Srwatson{ 355155131Srwatson char *func = "audit_write_success()"; 356155131Srwatson token_t *subject = NULL; 357155131Srwatson 358155131Srwatson /* Tokenize and save subject. */ 359155131Srwatson subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 360155131Srwatson tid); 361155131Srwatson if (subject == NULL) { 362155131Srwatson syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 363155131Srwatson return kAUMakeSubjectTokErr; 364155131Srwatson } 365155131Srwatson 366155131Srwatson return (audit_write(event_code, subject, tok, 0, 0)); 367155131Srwatson} 368155131Srwatson 369155131Srwatson/* 370155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 371155131Srwatson * assumes success; use audit_write_failure_self() on error. 372155131Srwatson */ 373155131Srwatsonint 374155131Srwatsonaudit_write_success_self(short event_code, token_t *tok) 375155131Srwatson{ 376155131Srwatson token_t *subject; 377155131Srwatson char *func = "audit_write_success_self()"; 378155131Srwatson 379155131Srwatson if ((subject = au_to_me()) == NULL) { 380155131Srwatson syslog(LOG_ERR, "%s: au_to_me() failed", func); 381155131Srwatson return (kAUMakeSubjectTokErr); 382155131Srwatson } 383155131Srwatson 384155131Srwatson return (audit_write(event_code, subject, tok, 0, 0)); 385155131Srwatson} 386155131Srwatson 387155131Srwatson/* 388155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 389155131Srwatson * assumes failure; use audit_write_success() otherwise. 390155131Srwatson * 391155131Srwatson * XXX This should let the caller pass an error return value rather than 392155131Srwatson * hard-coding -1. 393155131Srwatson */ 394155131Srwatsonint 395155131Srwatsonaudit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, 396155131Srwatson uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 397155131Srwatson au_tid_t *tid) 398155131Srwatson{ 399155131Srwatson char *func = "audit_write_failure()"; 400155131Srwatson token_t *subject, *errtok; 401155131Srwatson 402155131Srwatson subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 403155131Srwatson if (subject == NULL) { 404155131Srwatson syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 405155131Srwatson return (kAUMakeSubjectTokErr); 406155131Srwatson } 407155131Srwatson 408155131Srwatson /* tokenize and save the error message */ 409155131Srwatson if ((errtok = au_to_text(errmsg)) == NULL) { 410155131Srwatson au_free_token(subject); 411155131Srwatson syslog(LOG_ERR, "%s: au_to_text() failed", func); 412155131Srwatson return (kAUMakeTextTokErr); 413155131Srwatson } 414155131Srwatson 415155131Srwatson return (audit_write(event_code, subject, errtok, -1, errcode)); 416155131Srwatson} 417155131Srwatson 418155131Srwatson/* 419155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 420155131Srwatson * assumes failure; use audit_write_success_self() otherwise. 421155131Srwatson * 422155131Srwatson * XXX This should let the caller pass an error return value rather than 423155131Srwatson * hard-coding -1. 424155131Srwatson */ 425155131Srwatsonint 426155131Srwatsonaudit_write_failure_self(short event_code, char *errmsg, int errret) 427155131Srwatson{ 428155131Srwatson char *func = "audit_write_failure_self()"; 429155131Srwatson token_t *subject, *errtok; 430155131Srwatson 431155131Srwatson if ((subject = au_to_me()) == NULL) { 432155131Srwatson syslog(LOG_ERR, "%s: au_to_me() failed", func); 433155131Srwatson return (kAUMakeSubjectTokErr); 434155131Srwatson } 435155131Srwatson /* tokenize and save the error message */ 436155131Srwatson if ((errtok = au_to_text(errmsg)) == NULL) { 437155131Srwatson au_free_token(subject); 438155131Srwatson syslog(LOG_ERR, "%s: au_to_text() failed", func); 439155131Srwatson return (kAUMakeTextTokErr); 440155131Srwatson } 441155131Srwatson return (audit_write(event_code, subject, errtok, -1, errret)); 442155131Srwatson} 443155131Srwatson 444155131Srwatson/* 445155131Srwatson * For auditing errors during login. Such errors are implicitly 446155131Srwatson * non-attributable (i.e., not ascribable to any user). 447155131Srwatson * 448155131Srwatson * Assumes, like all wrapper calls, that the caller has previously checked 449155131Srwatson * that auditing is enabled via the audit_get_state() call. 450155131Srwatson */ 451155131Srwatsonint 452155131Srwatsonaudit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, 453155131Srwatson uid_t egid, pid_t pid, au_tid_t *tid) 454155131Srwatson{ 455155131Srwatson 456155131Srwatson return (audit_write_failure(event_code, errmsg, errret, -1, euid, 457155131Srwatson egid, -1, -1, pid, -1, tid)); 458155131Srwatson} 459155131Srwatson 460155131Srwatson/* END OF au_write() WRAPPERS */ 461155131Srwatson 462155131Srwatson#ifdef __APPLE__ 463155131Srwatsonvoid 464155131Srwatsonaudit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, 465155131Srwatson gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, 466155131Srwatson au_tid_t *tidp) 467155131Srwatson{ 468155131Srwatson 469155131Srwatson if (auidp != NULL) 470155131Srwatson *auidp = (uid_t)atoken.val[0]; 471155131Srwatson if (euidp != NULL) 472155131Srwatson *euidp = (uid_t)atoken.val[1]; 473155131Srwatson if (egidp != NULL) 474155131Srwatson *egidp = (gid_t)atoken.val[2]; 475155131Srwatson if (ruidp != NULL) 476155131Srwatson *ruidp = (uid_t)atoken.val[3]; 477155131Srwatson if (rgidp != NULL) 478155131Srwatson *rgidp = (gid_t)atoken.val[4]; 479155131Srwatson if (pidp != NULL) 480155131Srwatson *pidp = (pid_t)atoken.val[5]; 481155131Srwatson if (asidp != NULL) 482155131Srwatson *asidp = (au_asid_t)atoken.val[6]; 483155131Srwatson if (tidp != NULL) { 484155131Srwatson audit_set_terminal_host(&tidp->machine); 485155131Srwatson tidp->port = (dev_t)atoken.val[7]; 486155131Srwatson } 487155131Srwatson} 488155131Srwatson#endif /* !__APPLE__ */ 489191273Srwatson 490191273Srwatsonint 491191273Srwatsonaudit_get_cond(int *cond) 492191273Srwatson{ 493191273Srwatson int ret; 494191273Srwatson 495191273Srwatson ret = auditon(A_GETCOND, cond, sizeof(*cond)); 496191273Srwatson#ifdef A_OLDGETCOND 497191273Srwatson if ((0 != ret) && EINVAL == errno) { 498191273Srwatson long lcond = *cond; 499191273Srwatson 500191273Srwatson ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 501191273Srwatson *cond = (int)lcond; 502191273Srwatson } 503191273Srwatson#endif 504191273Srwatson return (ret); 505191273Srwatson} 506191273Srwatson 507191273Srwatsonint 508191273Srwatsonaudit_set_cond(int *cond) 509191273Srwatson{ 510191273Srwatson int ret; 511191273Srwatson 512191273Srwatson ret = auditon(A_SETCOND, cond, sizeof(*cond)); 513191273Srwatson#ifdef A_OLDSETCOND 514191273Srwatson if ((0 != ret) && (EINVAL == errno)) { 515191273Srwatson long lcond = (long)*cond; 516191273Srwatson 517191273Srwatson ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 518191273Srwatson *cond = (int)lcond; 519191273Srwatson } 520191273Srwatson#endif 521191273Srwatson return (ret); 522191273Srwatson} 523191273Srwatson 524191273Srwatsonint 525191273Srwatsonaudit_get_policy(int *policy) 526191273Srwatson{ 527191273Srwatson int ret; 528191273Srwatson 529191273Srwatson ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); 530191273Srwatson#ifdef A_OLDGETPOLICY 531191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 532191273Srwatson long lpolicy = (long)*policy; 533191273Srwatson 534191273Srwatson ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 535191273Srwatson *policy = (int)lpolicy; 536191273Srwatson } 537191273Srwatson#endif 538191273Srwatson return (ret); 539191273Srwatson} 540191273Srwatson 541191273Srwatsonint 542191273Srwatsonaudit_set_policy(int *policy) 543191273Srwatson{ 544191273Srwatson int ret; 545191273Srwatson 546191273Srwatson ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); 547191273Srwatson#ifdef A_OLDSETPOLICY 548191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 549191273Srwatson long lpolicy = (long)*policy; 550191273Srwatson 551191273Srwatson ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 552191273Srwatson *policy = (int)lpolicy; 553191273Srwatson } 554191273Srwatson#endif 555191273Srwatson return (ret); 556191273Srwatson} 557191273Srwatson 558191273Srwatsonint 559191273Srwatsonaudit_get_qctrl(au_qctrl_t *qctrl, size_t sz) 560191273Srwatson{ 561191273Srwatson int ret; 562191273Srwatson 563191273Srwatson if (sizeof(*qctrl) != sz) { 564191273Srwatson errno = EINVAL; 565191273Srwatson return (-1); 566191273Srwatson } 567191273Srwatson 568191273Srwatson ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); 569191273Srwatson#ifdef A_OLDGETQCTRL 570191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 571191273Srwatson struct old_qctrl { 572191273Srwatson size_t oq_hiwater; 573191273Srwatson size_t oq_lowater; 574191273Srwatson size_t oq_bufsz; 575191273Srwatson clock_t oq_delay; 576191273Srwatson int oq_minfree; 577191273Srwatson } oq; 578191273Srwatson 579191273Srwatson oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 580191273Srwatson oq.oq_lowater = (size_t)qctrl->aq_lowater; 581191273Srwatson oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 582191273Srwatson oq.oq_delay = (clock_t)qctrl->aq_delay; 583191273Srwatson oq.oq_minfree = qctrl->aq_minfree; 584191273Srwatson 585191273Srwatson ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 586191273Srwatson 587191273Srwatson qctrl->aq_hiwater = (int)oq.oq_hiwater; 588191273Srwatson qctrl->aq_lowater = (int)oq.oq_lowater; 589191273Srwatson qctrl->aq_bufsz = (int)oq.oq_bufsz; 590191273Srwatson qctrl->aq_delay = (int)oq.oq_delay; 591191273Srwatson qctrl->aq_minfree = oq.oq_minfree; 592191273Srwatson } 593191273Srwatson#endif /* A_OLDGETQCTRL */ 594191273Srwatson return (ret); 595191273Srwatson} 596191273Srwatson 597191273Srwatsonint 598191273Srwatsonaudit_set_qctrl(au_qctrl_t *qctrl, size_t sz) 599191273Srwatson{ 600191273Srwatson int ret; 601191273Srwatson 602191273Srwatson if (sizeof(*qctrl) != sz) { 603191273Srwatson errno = EINVAL; 604191273Srwatson return (-1); 605191273Srwatson } 606191273Srwatson 607191273Srwatson ret = auditon(A_SETQCTRL, qctrl, sz); 608191273Srwatson#ifdef A_OLDSETQCTRL 609191273Srwatson if ((0 != ret) && (EINVAL == errno)) { 610191273Srwatson struct old_qctrl { 611191273Srwatson size_t oq_hiwater; 612191273Srwatson size_t oq_lowater; 613191273Srwatson size_t oq_bufsz; 614191273Srwatson clock_t oq_delay; 615191273Srwatson int oq_minfree; 616191273Srwatson } oq; 617191273Srwatson 618191273Srwatson oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 619191273Srwatson oq.oq_lowater = (size_t)qctrl->aq_lowater; 620191273Srwatson oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 621191273Srwatson oq.oq_delay = (clock_t)qctrl->aq_delay; 622191273Srwatson oq.oq_minfree = qctrl->aq_minfree; 623191273Srwatson 624191273Srwatson ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 625191273Srwatson 626191273Srwatson qctrl->aq_hiwater = (int)oq.oq_hiwater; 627191273Srwatson qctrl->aq_lowater = (int)oq.oq_lowater; 628191273Srwatson qctrl->aq_bufsz = (int)oq.oq_bufsz; 629191273Srwatson qctrl->aq_delay = (int)oq.oq_delay; 630191273Srwatson qctrl->aq_minfree = oq.oq_minfree; 631191273Srwatson } 632191273Srwatson#endif /* A_OLDSETQCTRL */ 633191273Srwatson return (ret); 634191273Srwatson} 635191273Srwatson 636191273Srwatsonint 637191273Srwatsonaudit_send_trigger(int *trigger) 638191273Srwatson{ 639191273Srwatson 640191273Srwatson return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); 641191273Srwatson} 642191273Srwatson 643191273Srwatsonint 644191273Srwatsonaudit_get_kaudit(auditinfo_addr_t *aia, size_t sz) 645191273Srwatson{ 646191273Srwatson 647191273Srwatson if (sizeof(*aia) != sz) { 648191273Srwatson errno = EINVAL; 649191273Srwatson return (-1); 650191273Srwatson } 651191273Srwatson 652191273Srwatson return (auditon(A_GETKAUDIT, aia, sz)); 653191273Srwatson} 654191273Srwatson 655191273Srwatsonint 656191273Srwatsonaudit_set_kaudit(auditinfo_addr_t *aia, size_t sz) 657191273Srwatson{ 658191273Srwatson 659191273Srwatson if (sizeof(*aia) != sz) { 660191273Srwatson errno = EINVAL; 661191273Srwatson return (-1); 662191273Srwatson } 663191273Srwatson 664191273Srwatson return (auditon(A_SETKAUDIT, aia, sz)); 665191273Srwatson} 666191273Srwatson 667191273Srwatsonint 668191273Srwatsonaudit_get_class(au_evclass_map_t *evc_map, size_t sz) 669191273Srwatson{ 670191273Srwatson 671191273Srwatson if (sizeof(*evc_map) != sz) { 672191273Srwatson errno = EINVAL; 673191273Srwatson return (-1); 674191273Srwatson } 675191273Srwatson 676191273Srwatson return (auditon(A_GETCLASS, evc_map, sz)); 677191273Srwatson} 678191273Srwatson 679191273Srwatsonint 680191273Srwatsonaudit_set_class(au_evclass_map_t *evc_map, size_t sz) 681191273Srwatson{ 682191273Srwatson 683191273Srwatson if (sizeof(*evc_map) != sz) { 684191273Srwatson errno = EINVAL; 685191273Srwatson return (-1); 686191273Srwatson } 687191273Srwatson 688191273Srwatson return (auditon(A_SETCLASS, evc_map, sz)); 689191273Srwatson} 690191273Srwatson 691191273Srwatsonint 692191273Srwatsonaudit_get_kmask(au_mask_t *kmask, size_t sz) 693191273Srwatson{ 694191273Srwatson if (sizeof(*kmask) != sz) { 695191273Srwatson errno = EINVAL; 696191273Srwatson return (-1); 697191273Srwatson } 698191273Srwatson 699191273Srwatson return (auditon(A_GETKMASK, kmask, sz)); 700191273Srwatson} 701191273Srwatson 702191273Srwatsonint 703191273Srwatsonaudit_set_kmask(au_mask_t *kmask, size_t sz) 704191273Srwatson{ 705191273Srwatson if (sizeof(*kmask) != sz) { 706191273Srwatson errno = EINVAL; 707191273Srwatson return (-1); 708191273Srwatson } 709191273Srwatson 710191273Srwatson return (auditon(A_SETKMASK, kmask, sz)); 711191273Srwatson} 712191273Srwatson 713191273Srwatsonint 714191273Srwatsonaudit_get_fsize(au_fstat_t *fstat, size_t sz) 715191273Srwatson{ 716191273Srwatson 717191273Srwatson if (sizeof(*fstat) != sz) { 718191273Srwatson errno = EINVAL; 719191273Srwatson return (-1); 720191273Srwatson } 721191273Srwatson 722191273Srwatson return (auditon(A_GETFSIZE, fstat, sz)); 723191273Srwatson} 724191273Srwatson 725191273Srwatsonint 726191273Srwatsonaudit_set_fsize(au_fstat_t *fstat, size_t sz) 727191273Srwatson{ 728191273Srwatson 729191273Srwatson if (sizeof(*fstat) != sz) { 730191273Srwatson errno = EINVAL; 731191273Srwatson return (-1); 732191273Srwatson } 733191273Srwatson 734191273Srwatson return (auditon(A_SETFSIZE, fstat, sz)); 735191273Srwatson} 736191273Srwatson 737191273Srwatsonint 738191273Srwatsonaudit_set_pmask(auditpinfo_t *api, size_t sz) 739191273Srwatson{ 740191273Srwatson 741191273Srwatson if (sizeof(*api) != sz) { 742191273Srwatson errno = EINVAL; 743191273Srwatson return (-1); 744191273Srwatson } 745191273Srwatson 746191273Srwatson return (auditon(A_SETPMASK, api, sz)); 747191273Srwatson} 748191273Srwatson 749191273Srwatsonint 750191273Srwatsonaudit_get_pinfo(auditpinfo_t *api, size_t sz) 751191273Srwatson{ 752191273Srwatson 753191273Srwatson if (sizeof(*api) != sz) { 754191273Srwatson errno = EINVAL; 755191273Srwatson return (-1); 756191273Srwatson } 757191273Srwatson 758191273Srwatson return (auditon(A_GETPINFO, api, sz)); 759191273Srwatson} 760191273Srwatson 761191273Srwatsonint 762191273Srwatsonaudit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) 763191273Srwatson{ 764191273Srwatson 765191273Srwatson if (sizeof(*apia) != sz) { 766191273Srwatson errno = EINVAL; 767191273Srwatson return (-1); 768191273Srwatson } 769191273Srwatson 770191273Srwatson return (auditon(A_GETPINFO_ADDR, apia, sz)); 771191273Srwatson} 772191273Srwatson 773191273Srwatsonint 774191273Srwatsonaudit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) 775191273Srwatson{ 776191273Srwatson 777191273Srwatson if (sizeof(*aia) != sz) { 778191273Srwatson errno = EINVAL; 779191273Srwatson return (-1); 780191273Srwatson } 781191273Srwatson 782191273Srwatson return (auditon(A_GETSINFO_ADDR, aia, sz)); 783191273Srwatson} 784191273Srwatson 785191273Srwatsonint 786191273Srwatsonaudit_get_stat(au_stat_t *stats, size_t sz) 787191273Srwatson{ 788191273Srwatson 789191273Srwatson if (sizeof(*stats) != sz) { 790191273Srwatson errno = EINVAL; 791191273Srwatson return (-1); 792191273Srwatson } 793191273Srwatson 794191273Srwatson return (auditon(A_GETSTAT, stats, sz)); 795191273Srwatson} 796191273Srwatson 797191273Srwatsonint 798191273Srwatsonaudit_set_stat(au_stat_t *stats, size_t sz) 799191273Srwatson{ 800191273Srwatson 801191273Srwatson if (sizeof(*stats) != sz) { 802191273Srwatson errno = EINVAL; 803191273Srwatson return (-1); 804191273Srwatson } 805191273Srwatson 806191273Srwatson return (auditon(A_GETSTAT, stats, sz)); 807191273Srwatson} 808191273Srwatson 809191273Srwatsonint 810191273Srwatsonaudit_get_cwd(char *path, size_t sz) 811191273Srwatson{ 812191273Srwatson 813191273Srwatson return (auditon(A_GETCWD, path, sz)); 814191273Srwatson} 815191273Srwatson 816191273Srwatsonint 817191273Srwatsonaudit_get_car(char *path, size_t sz) 818191273Srwatson{ 819191273Srwatson 820191273Srwatson return (auditon(A_GETCAR, path, sz)); 821191273Srwatson} 822