bsm_wrappers.c revision 243750
1185573Srwatson/*- 2191273Srwatson * Copyright (c) 2004-2009 Apple Inc. 3155131Srwatson * All rights reserved. 4155131Srwatson * 5155131Srwatson * Redistribution and use in source and binary forms, with or without 6155131Srwatson * modification, are permitted provided that the following conditions 7155131Srwatson * are met: 8155131Srwatson * 1. Redistributions of source code must retain the above copyright 9155131Srwatson * notice, this list of conditions and the following disclaimer. 10155131Srwatson * 2. Redistributions in binary form must reproduce the above copyright 11155131Srwatson * notice, this list of conditions and the following disclaimer in the 12155131Srwatson * documentation and/or other materials provided with the distribution. 13185573Srwatson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 14155131Srwatson * its contributors may be used to endorse or promote products derived 15155131Srwatson * from this software without specific prior written permission. 16155131Srwatson * 17155131Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 18155131Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19155131Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20155131Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 21155131Srwatson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22155131Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23155131Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24155131Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25155131Srwatson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26155131Srwatson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27155131Srwatson * POSSIBILITY OF SUCH DAMAGE. 28155131Srwatson * 29243750Srwatson * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#32 $ 30155131Srwatson */ 31155131Srwatson 32155518Srwatson#ifdef __APPLE__ 33155518Srwatson#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 34155518Srwatson#endif 35155518Srwatson 36155131Srwatson#include <sys/param.h> 37155131Srwatson#include <sys/stat.h> 38156283Srwatson 39156283Srwatson#ifdef __APPLE__ 40156283Srwatson#include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ 41156283Srwatson#endif 42156283Srwatson 43155131Srwatson#include <sys/sysctl.h> 44155131Srwatson 45155131Srwatson#include <bsm/libbsm.h> 46155131Srwatson 47155131Srwatson#include <unistd.h> 48155131Srwatson#include <syslog.h> 49159248Srwatson#include <stdarg.h> 50155131Srwatson#include <string.h> 51155131Srwatson#include <errno.h> 52155131Srwatson 53155131Srwatson/* These are not advertised in libbsm.h */ 54155131Srwatsonint audit_set_terminal_port(dev_t *p); 55155131Srwatsonint audit_set_terminal_host(uint32_t *m); 56155131Srwatson 57159248Srwatson/* 58159248Srwatson * General purpose audit submission mechanism for userspace. 59159248Srwatson */ 60155131Srwatsonint 61159248Srwatsonaudit_submit(short au_event, au_id_t auid, char status, 62159248Srwatson int reterr, const char *fmt, ...) 63159248Srwatson{ 64159248Srwatson char text[MAX_AUDITSTRING_LEN]; 65159248Srwatson token_t *token; 66191273Srwatson int acond; 67159248Srwatson va_list ap; 68159248Srwatson pid_t pid; 69168777Srwatson int error, afd, subj_ex; 70159248Srwatson struct auditinfo ai; 71168777Srwatson struct auditinfo_addr aia; 72186647Srwatson au_tid_t atid; 73159248Srwatson 74191273Srwatson if (audit_get_cond(&acond) != 0) { 75159248Srwatson /* 76159248Srwatson * If auditon(2) returns ENOSYS, then audit has not been 77159248Srwatson * compiled into the kernel, so just return. 78159248Srwatson */ 79159248Srwatson if (errno == ENOSYS) 80159248Srwatson return (0); 81159248Srwatson error = errno; 82159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 83159248Srwatson strerror(errno)); 84159248Srwatson errno = error; 85159248Srwatson return (-1); 86159248Srwatson } 87159248Srwatson if (acond == AUC_NOAUDIT) 88159248Srwatson return (0); 89159248Srwatson afd = au_open(); 90159248Srwatson if (afd < 0) { 91159248Srwatson error = errno; 92159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 93159248Srwatson strerror(errno)); 94159248Srwatson errno = error; 95159248Srwatson return (-1); 96159248Srwatson } 97168777Srwatson /* 98186647Srwatson * Try to use getaudit_addr(2) first. If this kernel does not support 99186647Srwatson * it, then fall back on to getaudit(2). 100168777Srwatson */ 101168777Srwatson subj_ex = 0; 102186647Srwatson error = getaudit_addr(&aia, sizeof(aia)); 103186647Srwatson if (error < 0 && errno == ENOSYS) { 104186647Srwatson error = getaudit(&ai); 105186647Srwatson if (error < 0) { 106186647Srwatson error = errno; 107186647Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 108186647Srwatson strerror(errno)); 109186647Srwatson errno = error; 110186647Srwatson return (-1); 111186647Srwatson } 112186647Srwatson /* 113186647Srwatson * Convert this auditinfo_t to an auditinfo_addr_t to make the 114186647Srwatson * following code less complicated wrt to preselection and 115186647Srwatson * subject token generation. 116186647Srwatson */ 117186647Srwatson aia.ai_auid = ai.ai_auid; 118186647Srwatson aia.ai_mask = ai.ai_mask; 119186647Srwatson aia.ai_asid = ai.ai_asid; 120186647Srwatson aia.ai_termid.at_type = AU_IPv4; 121186647Srwatson aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 122186647Srwatson aia.ai_termid.at_port = ai.ai_termid.port; 123186647Srwatson } else if (error < 0) { 124159248Srwatson error = errno; 125186647Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", 126159248Srwatson strerror(errno)); 127159248Srwatson errno = error; 128159248Srwatson return (-1); 129159248Srwatson } 130186647Srwatson /* 131186647Srwatson * NB: We should be performing pre-selection here now that we have the 132186647Srwatson * masks for this process. 133186647Srwatson */ 134186647Srwatson if (aia.ai_termid.at_type == AU_IPv6) 135186647Srwatson subj_ex = 1; 136159248Srwatson pid = getpid(); 137186647Srwatson if (subj_ex == 0) { 138186647Srwatson atid.port = aia.ai_termid.at_port; 139186647Srwatson atid.machine = aia.ai_termid.at_addr[0]; 140168777Srwatson token = au_to_subject32(auid, geteuid(), getegid(), 141186647Srwatson getuid(), getgid(), pid, pid, &atid); 142186647Srwatson } else 143168777Srwatson token = au_to_subject_ex(auid, geteuid(), getegid(), 144168777Srwatson getuid(), getgid(), pid, pid, &aia.ai_termid); 145159248Srwatson if (token == NULL) { 146159248Srwatson syslog(LOG_AUTH | LOG_ERR, 147159248Srwatson "audit: unable to build subject token"); 148159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 149159248Srwatson errno = EPERM; 150159248Srwatson return (-1); 151159248Srwatson } 152159248Srwatson if (au_write(afd, token) < 0) { 153159248Srwatson error = errno; 154159248Srwatson syslog(LOG_AUTH | LOG_ERR, 155159248Srwatson "audit: au_write failed: %s", strerror(errno)); 156159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 157159248Srwatson errno = error; 158159248Srwatson return (-1); 159159248Srwatson } 160159248Srwatson if (fmt != NULL) { 161159248Srwatson va_start(ap, fmt); 162159248Srwatson (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 163159248Srwatson va_end(ap); 164159248Srwatson token = au_to_text(text); 165159248Srwatson if (token == NULL) { 166159248Srwatson syslog(LOG_AUTH | LOG_ERR, 167159248Srwatson "audit: failed to generate text token"); 168159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 169159248Srwatson errno = EPERM; 170159248Srwatson return (-1); 171159248Srwatson } 172159248Srwatson if (au_write(afd, token) < 0) { 173159248Srwatson error = errno; 174159248Srwatson syslog(LOG_AUTH | LOG_ERR, 175159248Srwatson "audit: au_write failed: %s", strerror(errno)); 176159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 177159248Srwatson errno = error; 178159248Srwatson return (-1); 179159248Srwatson } 180159248Srwatson } 181191273Srwatson token = au_to_return32(au_errno_to_bsm(status), reterr); 182159248Srwatson if (token == NULL) { 183159248Srwatson syslog(LOG_AUTH | LOG_ERR, 184243750Srwatson "audit: unable to build return token"); 185159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 186159248Srwatson errno = EPERM; 187159248Srwatson return (-1); 188159248Srwatson } 189159248Srwatson if (au_write(afd, token) < 0) { 190159248Srwatson error = errno; 191159248Srwatson syslog(LOG_AUTH | LOG_ERR, 192159248Srwatson "audit: au_write failed: %s", strerror(errno)); 193159248Srwatson (void) au_close(afd, AU_TO_NO_WRITE, au_event); 194159248Srwatson errno = error; 195159248Srwatson return (-1); 196159248Srwatson } 197159248Srwatson if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 198159248Srwatson error = errno; 199159248Srwatson syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); 200159248Srwatson errno = error; 201159248Srwatson return (-1); 202159248Srwatson } 203159248Srwatson return (0); 204159248Srwatson} 205159248Srwatson 206159248Srwatsonint 207155131Srwatsonaudit_set_terminal_port(dev_t *p) 208155131Srwatson{ 209155131Srwatson struct stat st; 210155131Srwatson 211155131Srwatson if (p == NULL) 212155131Srwatson return (kAUBadParamErr); 213155131Srwatson 214156283Srwatson#ifdef NODEV 215155131Srwatson *p = NODEV; 216156283Srwatson#else 217156283Srwatson *p = -1; 218156283Srwatson#endif 219155131Srwatson 220155131Srwatson /* for /usr/bin/login, try fstat() first */ 221155131Srwatson if (fstat(STDIN_FILENO, &st) != 0) { 222155131Srwatson if (errno != EBADF) { 223155131Srwatson syslog(LOG_ERR, "fstat() failed (%s)", 224155131Srwatson strerror(errno)); 225155131Srwatson return (kAUStatErr); 226155131Srwatson } 227155131Srwatson if (stat("/dev/console", &st) != 0) { 228155131Srwatson syslog(LOG_ERR, "stat() failed (%s)", 229155131Srwatson strerror(errno)); 230155131Srwatson return (kAUStatErr); 231155131Srwatson } 232155131Srwatson } 233155131Srwatson *p = st.st_rdev; 234155131Srwatson return (kAUNoErr); 235155131Srwatson} 236155131Srwatson 237155131Srwatsonint 238155131Srwatsonaudit_set_terminal_host(uint32_t *m) 239155131Srwatson{ 240156283Srwatson 241156283Srwatson#ifdef KERN_HOSTID 242155131Srwatson int name[2] = { CTL_KERN, KERN_HOSTID }; 243155131Srwatson size_t len; 244155131Srwatson 245155131Srwatson if (m == NULL) 246155131Srwatson return (kAUBadParamErr); 247155131Srwatson *m = 0; 248155131Srwatson len = sizeof(*m); 249155131Srwatson if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 250155131Srwatson syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 251155131Srwatson return (kAUSysctlErr); 252155131Srwatson } 253155131Srwatson return (kAUNoErr); 254156283Srwatson#else 255156283Srwatson *m = -1; 256156283Srwatson return (kAUNoErr); 257156283Srwatson#endif 258155131Srwatson} 259155131Srwatson 260155131Srwatsonint 261155131Srwatsonaudit_set_terminal_id(au_tid_t *tid) 262155131Srwatson{ 263155131Srwatson int ret; 264155131Srwatson 265155131Srwatson if (tid == NULL) 266155131Srwatson return (kAUBadParamErr); 267155131Srwatson if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 268155131Srwatson return (ret); 269155131Srwatson return (audit_set_terminal_host(&tid->machine)); 270155131Srwatson} 271155131Srwatson 272155131Srwatson/* 273155131Srwatson * This is OK for those callers who have only one token to write. If you have 274155131Srwatson * multiple tokens that logically form part of the same audit record, you need 275155131Srwatson * to use the existing au_open()/au_write()/au_close() API: 276155131Srwatson * 277155131Srwatson * aufd = au_open(); 278155131Srwatson * tok = au_to_random_token_1(...); 279155131Srwatson * au_write(aufd, tok); 280155131Srwatson * tok = au_to_random_token_2(...); 281155131Srwatson * au_write(aufd, tok); 282155131Srwatson * ... 283159248Srwatson * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 284155131Srwatson * 285155131Srwatson * Assumes, like all wrapper calls, that the caller has previously checked 286155131Srwatson * that auditing is enabled via the audit_get_state() call. 287155131Srwatson * 288155131Srwatson * XXX: Should be more robust against bad arguments. 289155131Srwatson */ 290155131Srwatsonint 291155131Srwatsonaudit_write(short event_code, token_t *subject, token_t *misctok, char retval, 292155131Srwatson int errcode) 293155131Srwatson{ 294155131Srwatson int aufd; 295155131Srwatson char *func = "audit_write()"; 296155131Srwatson token_t *rettok; 297155131Srwatson 298155131Srwatson if ((aufd = au_open()) == -1) { 299155131Srwatson au_free_token(subject); 300155131Srwatson au_free_token(misctok); 301155131Srwatson syslog(LOG_ERR, "%s: au_open() failed", func); 302155131Srwatson return (kAUOpenErr); 303155131Srwatson } 304155131Srwatson 305155131Srwatson /* Save subject. */ 306155131Srwatson if (subject && au_write(aufd, subject) == -1) { 307155131Srwatson au_free_token(subject); 308155131Srwatson au_free_token(misctok); 309185573Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 310155131Srwatson syslog(LOG_ERR, "%s: write of subject failed", func); 311155131Srwatson return (kAUWriteSubjectTokErr); 312155131Srwatson } 313155131Srwatson 314155131Srwatson /* Save the event-specific token. */ 315155131Srwatson if (misctok && au_write(aufd, misctok) == -1) { 316155131Srwatson au_free_token(misctok); 317159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 318155131Srwatson syslog(LOG_ERR, "%s: write of caller token failed", func); 319155131Srwatson return (kAUWriteCallerTokErr); 320155131Srwatson } 321155131Srwatson 322155131Srwatson /* Tokenize and save the return value. */ 323155131Srwatson if ((rettok = au_to_return32(retval, errcode)) == NULL) { 324159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 325155131Srwatson syslog(LOG_ERR, "%s: au_to_return32() failed", func); 326155131Srwatson return (kAUMakeReturnTokErr); 327155131Srwatson } 328155131Srwatson 329155131Srwatson if (au_write(aufd, rettok) == -1) { 330155131Srwatson au_free_token(rettok); 331159248Srwatson (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 332155131Srwatson syslog(LOG_ERR, "%s: write of return code failed", func); 333155131Srwatson return (kAUWriteReturnTokErr); 334155131Srwatson } 335155131Srwatson 336155131Srwatson /* 337159248Srwatson * We assume the caller wouldn't have bothered with this 338155131Srwatson * function if it hadn't already decided to keep the record. 339155131Srwatson */ 340159248Srwatson if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 341155131Srwatson syslog(LOG_ERR, "%s: au_close() failed", func); 342155131Srwatson return (kAUCloseErr); 343155131Srwatson } 344155131Srwatson 345155131Srwatson return (kAUNoErr); 346155131Srwatson} 347155131Srwatson 348155131Srwatson/* 349155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 350155131Srwatson * assumes success; use audit_write_failure() on error. 351155131Srwatson */ 352155131Srwatsonint 353155131Srwatsonaudit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, 354155131Srwatson gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 355155131Srwatson au_tid_t *tid) 356155131Srwatson{ 357155131Srwatson char *func = "audit_write_success()"; 358155131Srwatson token_t *subject = NULL; 359155131Srwatson 360155131Srwatson /* Tokenize and save subject. */ 361155131Srwatson subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 362155131Srwatson tid); 363155131Srwatson if (subject == NULL) { 364155131Srwatson syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 365155131Srwatson return kAUMakeSubjectTokErr; 366155131Srwatson } 367155131Srwatson 368155131Srwatson return (audit_write(event_code, subject, tok, 0, 0)); 369155131Srwatson} 370155131Srwatson 371155131Srwatson/* 372155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 373155131Srwatson * assumes success; use audit_write_failure_self() on error. 374155131Srwatson */ 375155131Srwatsonint 376155131Srwatsonaudit_write_success_self(short event_code, token_t *tok) 377155131Srwatson{ 378155131Srwatson token_t *subject; 379155131Srwatson char *func = "audit_write_success_self()"; 380155131Srwatson 381155131Srwatson if ((subject = au_to_me()) == NULL) { 382155131Srwatson syslog(LOG_ERR, "%s: au_to_me() failed", func); 383155131Srwatson return (kAUMakeSubjectTokErr); 384155131Srwatson } 385155131Srwatson 386155131Srwatson return (audit_write(event_code, subject, tok, 0, 0)); 387155131Srwatson} 388155131Srwatson 389155131Srwatson/* 390155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 391155131Srwatson * assumes failure; use audit_write_success() otherwise. 392155131Srwatson * 393155131Srwatson * XXX This should let the caller pass an error return value rather than 394155131Srwatson * hard-coding -1. 395155131Srwatson */ 396155131Srwatsonint 397155131Srwatsonaudit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, 398155131Srwatson uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 399155131Srwatson au_tid_t *tid) 400155131Srwatson{ 401155131Srwatson char *func = "audit_write_failure()"; 402155131Srwatson token_t *subject, *errtok; 403155131Srwatson 404155131Srwatson subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 405155131Srwatson if (subject == NULL) { 406155131Srwatson syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 407155131Srwatson return (kAUMakeSubjectTokErr); 408155131Srwatson } 409155131Srwatson 410155131Srwatson /* tokenize and save the error message */ 411155131Srwatson if ((errtok = au_to_text(errmsg)) == NULL) { 412155131Srwatson au_free_token(subject); 413155131Srwatson syslog(LOG_ERR, "%s: au_to_text() failed", func); 414155131Srwatson return (kAUMakeTextTokErr); 415155131Srwatson } 416155131Srwatson 417155131Srwatson return (audit_write(event_code, subject, errtok, -1, errcode)); 418155131Srwatson} 419155131Srwatson 420155131Srwatson/* 421155131Srwatson * Same caveats as audit_write(). In addition, this function explicitly 422155131Srwatson * assumes failure; use audit_write_success_self() otherwise. 423155131Srwatson * 424155131Srwatson * XXX This should let the caller pass an error return value rather than 425155131Srwatson * hard-coding -1. 426155131Srwatson */ 427155131Srwatsonint 428155131Srwatsonaudit_write_failure_self(short event_code, char *errmsg, int errret) 429155131Srwatson{ 430155131Srwatson char *func = "audit_write_failure_self()"; 431155131Srwatson token_t *subject, *errtok; 432155131Srwatson 433155131Srwatson if ((subject = au_to_me()) == NULL) { 434155131Srwatson syslog(LOG_ERR, "%s: au_to_me() failed", func); 435155131Srwatson return (kAUMakeSubjectTokErr); 436155131Srwatson } 437155131Srwatson /* tokenize and save the error message */ 438155131Srwatson if ((errtok = au_to_text(errmsg)) == NULL) { 439155131Srwatson au_free_token(subject); 440155131Srwatson syslog(LOG_ERR, "%s: au_to_text() failed", func); 441155131Srwatson return (kAUMakeTextTokErr); 442155131Srwatson } 443155131Srwatson return (audit_write(event_code, subject, errtok, -1, errret)); 444155131Srwatson} 445155131Srwatson 446155131Srwatson/* 447155131Srwatson * For auditing errors during login. Such errors are implicitly 448155131Srwatson * non-attributable (i.e., not ascribable to any user). 449155131Srwatson * 450155131Srwatson * Assumes, like all wrapper calls, that the caller has previously checked 451155131Srwatson * that auditing is enabled via the audit_get_state() call. 452155131Srwatson */ 453155131Srwatsonint 454155131Srwatsonaudit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, 455155131Srwatson uid_t egid, pid_t pid, au_tid_t *tid) 456155131Srwatson{ 457155131Srwatson 458155131Srwatson return (audit_write_failure(event_code, errmsg, errret, -1, euid, 459155131Srwatson egid, -1, -1, pid, -1, tid)); 460155131Srwatson} 461155131Srwatson 462155131Srwatson/* END OF au_write() WRAPPERS */ 463155131Srwatson 464155131Srwatson#ifdef __APPLE__ 465155131Srwatsonvoid 466155131Srwatsonaudit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, 467155131Srwatson gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, 468155131Srwatson au_tid_t *tidp) 469155131Srwatson{ 470155131Srwatson 471155131Srwatson if (auidp != NULL) 472155131Srwatson *auidp = (uid_t)atoken.val[0]; 473155131Srwatson if (euidp != NULL) 474155131Srwatson *euidp = (uid_t)atoken.val[1]; 475155131Srwatson if (egidp != NULL) 476155131Srwatson *egidp = (gid_t)atoken.val[2]; 477155131Srwatson if (ruidp != NULL) 478155131Srwatson *ruidp = (uid_t)atoken.val[3]; 479155131Srwatson if (rgidp != NULL) 480155131Srwatson *rgidp = (gid_t)atoken.val[4]; 481155131Srwatson if (pidp != NULL) 482155131Srwatson *pidp = (pid_t)atoken.val[5]; 483155131Srwatson if (asidp != NULL) 484155131Srwatson *asidp = (au_asid_t)atoken.val[6]; 485155131Srwatson if (tidp != NULL) { 486155131Srwatson audit_set_terminal_host(&tidp->machine); 487155131Srwatson tidp->port = (dev_t)atoken.val[7]; 488155131Srwatson } 489155131Srwatson} 490155131Srwatson#endif /* !__APPLE__ */ 491191273Srwatson 492191273Srwatsonint 493191273Srwatsonaudit_get_cond(int *cond) 494191273Srwatson{ 495191273Srwatson int ret; 496191273Srwatson 497191273Srwatson ret = auditon(A_GETCOND, cond, sizeof(*cond)); 498191273Srwatson#ifdef A_OLDGETCOND 499191273Srwatson if ((0 != ret) && EINVAL == errno) { 500191273Srwatson long lcond = *cond; 501191273Srwatson 502191273Srwatson ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 503191273Srwatson *cond = (int)lcond; 504191273Srwatson } 505191273Srwatson#endif 506191273Srwatson return (ret); 507191273Srwatson} 508191273Srwatson 509191273Srwatsonint 510191273Srwatsonaudit_set_cond(int *cond) 511191273Srwatson{ 512191273Srwatson int ret; 513191273Srwatson 514191273Srwatson ret = auditon(A_SETCOND, cond, sizeof(*cond)); 515191273Srwatson#ifdef A_OLDSETCOND 516191273Srwatson if ((0 != ret) && (EINVAL == errno)) { 517191273Srwatson long lcond = (long)*cond; 518191273Srwatson 519191273Srwatson ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 520191273Srwatson *cond = (int)lcond; 521191273Srwatson } 522191273Srwatson#endif 523191273Srwatson return (ret); 524191273Srwatson} 525191273Srwatson 526191273Srwatsonint 527191273Srwatsonaudit_get_policy(int *policy) 528191273Srwatson{ 529191273Srwatson int ret; 530191273Srwatson 531191273Srwatson ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); 532191273Srwatson#ifdef A_OLDGETPOLICY 533191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 534191273Srwatson long lpolicy = (long)*policy; 535191273Srwatson 536191273Srwatson ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 537191273Srwatson *policy = (int)lpolicy; 538191273Srwatson } 539191273Srwatson#endif 540191273Srwatson return (ret); 541191273Srwatson} 542191273Srwatson 543191273Srwatsonint 544191273Srwatsonaudit_set_policy(int *policy) 545191273Srwatson{ 546191273Srwatson int ret; 547191273Srwatson 548191273Srwatson ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); 549191273Srwatson#ifdef A_OLDSETPOLICY 550191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 551191273Srwatson long lpolicy = (long)*policy; 552191273Srwatson 553191273Srwatson ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 554191273Srwatson *policy = (int)lpolicy; 555191273Srwatson } 556191273Srwatson#endif 557191273Srwatson return (ret); 558191273Srwatson} 559191273Srwatson 560191273Srwatsonint 561191273Srwatsonaudit_get_qctrl(au_qctrl_t *qctrl, size_t sz) 562191273Srwatson{ 563191273Srwatson int ret; 564191273Srwatson 565191273Srwatson if (sizeof(*qctrl) != sz) { 566191273Srwatson errno = EINVAL; 567191273Srwatson return (-1); 568191273Srwatson } 569191273Srwatson 570191273Srwatson ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); 571191273Srwatson#ifdef A_OLDGETQCTRL 572191273Srwatson if ((0 != ret) && (EINVAL == errno)){ 573191273Srwatson struct old_qctrl { 574191273Srwatson size_t oq_hiwater; 575191273Srwatson size_t oq_lowater; 576191273Srwatson size_t oq_bufsz; 577191273Srwatson clock_t oq_delay; 578191273Srwatson int oq_minfree; 579191273Srwatson } oq; 580191273Srwatson 581191273Srwatson oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 582191273Srwatson oq.oq_lowater = (size_t)qctrl->aq_lowater; 583191273Srwatson oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 584191273Srwatson oq.oq_delay = (clock_t)qctrl->aq_delay; 585191273Srwatson oq.oq_minfree = qctrl->aq_minfree; 586191273Srwatson 587191273Srwatson ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 588191273Srwatson 589191273Srwatson qctrl->aq_hiwater = (int)oq.oq_hiwater; 590191273Srwatson qctrl->aq_lowater = (int)oq.oq_lowater; 591191273Srwatson qctrl->aq_bufsz = (int)oq.oq_bufsz; 592191273Srwatson qctrl->aq_delay = (int)oq.oq_delay; 593191273Srwatson qctrl->aq_minfree = oq.oq_minfree; 594191273Srwatson } 595191273Srwatson#endif /* A_OLDGETQCTRL */ 596191273Srwatson return (ret); 597191273Srwatson} 598191273Srwatson 599191273Srwatsonint 600191273Srwatsonaudit_set_qctrl(au_qctrl_t *qctrl, size_t sz) 601191273Srwatson{ 602191273Srwatson int ret; 603191273Srwatson 604191273Srwatson if (sizeof(*qctrl) != sz) { 605191273Srwatson errno = EINVAL; 606191273Srwatson return (-1); 607191273Srwatson } 608191273Srwatson 609191273Srwatson ret = auditon(A_SETQCTRL, qctrl, sz); 610191273Srwatson#ifdef A_OLDSETQCTRL 611191273Srwatson if ((0 != ret) && (EINVAL == errno)) { 612191273Srwatson struct old_qctrl { 613191273Srwatson size_t oq_hiwater; 614191273Srwatson size_t oq_lowater; 615191273Srwatson size_t oq_bufsz; 616191273Srwatson clock_t oq_delay; 617191273Srwatson int oq_minfree; 618191273Srwatson } oq; 619191273Srwatson 620191273Srwatson oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 621191273Srwatson oq.oq_lowater = (size_t)qctrl->aq_lowater; 622191273Srwatson oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 623191273Srwatson oq.oq_delay = (clock_t)qctrl->aq_delay; 624191273Srwatson oq.oq_minfree = qctrl->aq_minfree; 625191273Srwatson 626191273Srwatson ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 627191273Srwatson 628191273Srwatson qctrl->aq_hiwater = (int)oq.oq_hiwater; 629191273Srwatson qctrl->aq_lowater = (int)oq.oq_lowater; 630191273Srwatson qctrl->aq_bufsz = (int)oq.oq_bufsz; 631191273Srwatson qctrl->aq_delay = (int)oq.oq_delay; 632191273Srwatson qctrl->aq_minfree = oq.oq_minfree; 633191273Srwatson } 634191273Srwatson#endif /* A_OLDSETQCTRL */ 635191273Srwatson return (ret); 636191273Srwatson} 637191273Srwatson 638191273Srwatsonint 639191273Srwatsonaudit_send_trigger(int *trigger) 640191273Srwatson{ 641191273Srwatson 642191273Srwatson return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); 643191273Srwatson} 644191273Srwatson 645191273Srwatsonint 646191273Srwatsonaudit_get_kaudit(auditinfo_addr_t *aia, size_t sz) 647191273Srwatson{ 648191273Srwatson 649191273Srwatson if (sizeof(*aia) != sz) { 650191273Srwatson errno = EINVAL; 651191273Srwatson return (-1); 652191273Srwatson } 653191273Srwatson 654191273Srwatson return (auditon(A_GETKAUDIT, aia, sz)); 655191273Srwatson} 656191273Srwatson 657191273Srwatsonint 658191273Srwatsonaudit_set_kaudit(auditinfo_addr_t *aia, size_t sz) 659191273Srwatson{ 660191273Srwatson 661191273Srwatson if (sizeof(*aia) != sz) { 662191273Srwatson errno = EINVAL; 663191273Srwatson return (-1); 664191273Srwatson } 665191273Srwatson 666191273Srwatson return (auditon(A_SETKAUDIT, aia, sz)); 667191273Srwatson} 668191273Srwatson 669191273Srwatsonint 670191273Srwatsonaudit_get_class(au_evclass_map_t *evc_map, size_t sz) 671191273Srwatson{ 672191273Srwatson 673191273Srwatson if (sizeof(*evc_map) != sz) { 674191273Srwatson errno = EINVAL; 675191273Srwatson return (-1); 676191273Srwatson } 677191273Srwatson 678191273Srwatson return (auditon(A_GETCLASS, evc_map, sz)); 679191273Srwatson} 680191273Srwatson 681191273Srwatsonint 682191273Srwatsonaudit_set_class(au_evclass_map_t *evc_map, size_t sz) 683191273Srwatson{ 684191273Srwatson 685191273Srwatson if (sizeof(*evc_map) != sz) { 686191273Srwatson errno = EINVAL; 687191273Srwatson return (-1); 688191273Srwatson } 689191273Srwatson 690191273Srwatson return (auditon(A_SETCLASS, evc_map, sz)); 691191273Srwatson} 692191273Srwatson 693191273Srwatsonint 694191273Srwatsonaudit_get_kmask(au_mask_t *kmask, size_t sz) 695191273Srwatson{ 696191273Srwatson if (sizeof(*kmask) != sz) { 697191273Srwatson errno = EINVAL; 698191273Srwatson return (-1); 699191273Srwatson } 700191273Srwatson 701191273Srwatson return (auditon(A_GETKMASK, kmask, sz)); 702191273Srwatson} 703191273Srwatson 704191273Srwatsonint 705191273Srwatsonaudit_set_kmask(au_mask_t *kmask, size_t sz) 706191273Srwatson{ 707191273Srwatson if (sizeof(*kmask) != sz) { 708191273Srwatson errno = EINVAL; 709191273Srwatson return (-1); 710191273Srwatson } 711191273Srwatson 712191273Srwatson return (auditon(A_SETKMASK, kmask, sz)); 713191273Srwatson} 714191273Srwatson 715191273Srwatsonint 716191273Srwatsonaudit_get_fsize(au_fstat_t *fstat, size_t sz) 717191273Srwatson{ 718191273Srwatson 719191273Srwatson if (sizeof(*fstat) != sz) { 720191273Srwatson errno = EINVAL; 721191273Srwatson return (-1); 722191273Srwatson } 723191273Srwatson 724191273Srwatson return (auditon(A_GETFSIZE, fstat, sz)); 725191273Srwatson} 726191273Srwatson 727191273Srwatsonint 728191273Srwatsonaudit_set_fsize(au_fstat_t *fstat, size_t sz) 729191273Srwatson{ 730191273Srwatson 731191273Srwatson if (sizeof(*fstat) != sz) { 732191273Srwatson errno = EINVAL; 733191273Srwatson return (-1); 734191273Srwatson } 735191273Srwatson 736191273Srwatson return (auditon(A_SETFSIZE, fstat, sz)); 737191273Srwatson} 738191273Srwatson 739191273Srwatsonint 740191273Srwatsonaudit_set_pmask(auditpinfo_t *api, size_t sz) 741191273Srwatson{ 742191273Srwatson 743191273Srwatson if (sizeof(*api) != sz) { 744191273Srwatson errno = EINVAL; 745191273Srwatson return (-1); 746191273Srwatson } 747191273Srwatson 748191273Srwatson return (auditon(A_SETPMASK, api, sz)); 749191273Srwatson} 750191273Srwatson 751191273Srwatsonint 752191273Srwatsonaudit_get_pinfo(auditpinfo_t *api, size_t sz) 753191273Srwatson{ 754191273Srwatson 755191273Srwatson if (sizeof(*api) != sz) { 756191273Srwatson errno = EINVAL; 757191273Srwatson return (-1); 758191273Srwatson } 759191273Srwatson 760191273Srwatson return (auditon(A_GETPINFO, api, sz)); 761191273Srwatson} 762191273Srwatson 763191273Srwatsonint 764191273Srwatsonaudit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) 765191273Srwatson{ 766191273Srwatson 767191273Srwatson if (sizeof(*apia) != sz) { 768191273Srwatson errno = EINVAL; 769191273Srwatson return (-1); 770191273Srwatson } 771191273Srwatson 772191273Srwatson return (auditon(A_GETPINFO_ADDR, apia, sz)); 773191273Srwatson} 774191273Srwatson 775191273Srwatsonint 776191273Srwatsonaudit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) 777191273Srwatson{ 778191273Srwatson 779191273Srwatson if (sizeof(*aia) != sz) { 780191273Srwatson errno = EINVAL; 781191273Srwatson return (-1); 782191273Srwatson } 783191273Srwatson 784191273Srwatson return (auditon(A_GETSINFO_ADDR, aia, sz)); 785191273Srwatson} 786191273Srwatson 787191273Srwatsonint 788191273Srwatsonaudit_get_stat(au_stat_t *stats, size_t sz) 789191273Srwatson{ 790191273Srwatson 791191273Srwatson if (sizeof(*stats) != sz) { 792191273Srwatson errno = EINVAL; 793191273Srwatson return (-1); 794191273Srwatson } 795191273Srwatson 796191273Srwatson return (auditon(A_GETSTAT, stats, sz)); 797191273Srwatson} 798191273Srwatson 799191273Srwatsonint 800191273Srwatsonaudit_set_stat(au_stat_t *stats, size_t sz) 801191273Srwatson{ 802191273Srwatson 803191273Srwatson if (sizeof(*stats) != sz) { 804191273Srwatson errno = EINVAL; 805191273Srwatson return (-1); 806191273Srwatson } 807191273Srwatson 808191273Srwatson return (auditon(A_GETSTAT, stats, sz)); 809191273Srwatson} 810191273Srwatson 811191273Srwatsonint 812191273Srwatsonaudit_get_cwd(char *path, size_t sz) 813191273Srwatson{ 814191273Srwatson 815191273Srwatson return (auditon(A_GETCWD, path, sz)); 816191273Srwatson} 817191273Srwatson 818191273Srwatsonint 819191273Srwatsonaudit_get_car(char *path, size_t sz) 820191273Srwatson{ 821191273Srwatson 822191273Srwatson return (auditon(A_GETCAR, path, sz)); 823191273Srwatson} 824