bsm_wrappers.c revision 191273 
1/*-
2 * Copyright (c) 2004-2009 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1.  Redistributions of source code must retain the above copyright
9 *     notice, this list of conditions and the following disclaimer.
10 * 2.  Redistributions in binary form must reproduce the above copyright
11 *     notice, this list of conditions and the following disclaimer in the
12 *     documentation and/or other materials provided with the distribution.
13 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
14 *     its contributors may be used to endorse or promote products derived
15 *     from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#31 $
30 */
31
32#ifdef __APPLE__
33#define	_SYS_AUDIT_H		/* Prevent include of sys/audit.h. */
34#endif
35
36#include <sys/param.h>
37#include <sys/stat.h>
38
39#ifdef __APPLE__
40#include <sys/queue.h>		/* Our bsm/audit.h doesn't include queue.h. */
41#endif
42
43#include <sys/sysctl.h>
44
45#include <bsm/libbsm.h>
46
47#include <unistd.h>
48#include <syslog.h>
49#include <stdarg.h>
50#include <string.h>
51#include <errno.h>
52
53/* These are not advertised in libbsm.h */
54int audit_set_terminal_port(dev_t *p);
55int audit_set_terminal_host(uint32_t *m);
56
57/*
58 * General purpose audit submission mechanism for userspace.
59 */
60int
61audit_submit(short au_event, au_id_t auid, char status,
62    int reterr, const char *fmt, ...)
63{
64	char text[MAX_AUDITSTRING_LEN];
65	token_t *token;
66	int acond;
67	va_list ap;
68	pid_t pid;
69	int error, afd, subj_ex;
70	struct auditinfo ai;
71	struct auditinfo_addr aia;
72	au_tid_t atid;
73
74	if (audit_get_cond(&acond) != 0) {
75		/*
76		 * If auditon(2) returns ENOSYS, then audit has not been
77		 * compiled into the kernel, so just return.
78		 */
79		if (errno == ENOSYS)
80			return (0);
81		error = errno;
82		syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
83		    strerror(errno));
84		errno = error;
85		return (-1);
86	}
87	if (acond == AUC_NOAUDIT)
88		return (0);
89	afd = au_open();
90	if (afd < 0) {
91		error = errno;
92		syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
93		    strerror(errno));
94		errno = error;
95		return (-1);
96	}
97	/*
98	 * Try to use getaudit_addr(2) first.  If this kernel does not support
99	 * it, then fall back on to getaudit(2).
100	 */
101	subj_ex = 0;
102	error = getaudit_addr(&aia, sizeof(aia));
103	if (error < 0 && errno == ENOSYS) {
104		error = getaudit(&ai);
105		if (error < 0) {
106			error = errno;
107			syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
108			    strerror(errno));
109			errno = error;
110			return (-1);
111		}
112		/*
113		 * Convert this auditinfo_t to an auditinfo_addr_t to make the
114		 * following code less complicated wrt to preselection and
115		 * subject token generation.
116		 */
117		aia.ai_auid = ai.ai_auid;
118		aia.ai_mask = ai.ai_mask;
119		aia.ai_asid = ai.ai_asid;
120		aia.ai_termid.at_type = AU_IPv4;
121		aia.ai_termid.at_addr[0] = ai.ai_termid.machine;
122		aia.ai_termid.at_port = ai.ai_termid.port;
123	} else if (error < 0) {
124		error = errno;
125		syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s",
126		    strerror(errno));
127		errno = error;
128		return (-1);
129	}
130	/*
131	 * NB: We should be performing pre-selection here now that we have the
132	 * masks for this process.
133	 */
134	if (aia.ai_termid.at_type == AU_IPv6)
135		subj_ex = 1;
136	pid = getpid();
137	if (subj_ex == 0) {
138		atid.port = aia.ai_termid.at_port;
139		atid.machine = aia.ai_termid.at_addr[0];
140		token = au_to_subject32(auid, geteuid(), getegid(),
141		    getuid(), getgid(), pid, pid, &atid);
142	} else
143		token = au_to_subject_ex(auid, geteuid(), getegid(),
144		    getuid(), getgid(), pid, pid, &aia.ai_termid);
145	if (token == NULL) {
146		syslog(LOG_AUTH | LOG_ERR,
147		    "audit: unable to build subject token");
148		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
149		errno = EPERM;
150		return (-1);
151	}
152	if (au_write(afd, token) < 0) {
153		error = errno;
154		syslog(LOG_AUTH | LOG_ERR,
155		    "audit: au_write failed: %s", strerror(errno));
156		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
157		errno = error;
158		return (-1);
159	}
160	if (fmt != NULL) {
161		va_start(ap, fmt);
162		(void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
163		va_end(ap);
164		token = au_to_text(text);
165		if (token == NULL) {
166			syslog(LOG_AUTH | LOG_ERR,
167			    "audit: failed to generate text token");
168			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
169			errno = EPERM;
170			return (-1);
171		}
172		if (au_write(afd, token) < 0) {
173			error = errno;
174			syslog(LOG_AUTH | LOG_ERR,
175			    "audit: au_write failed: %s", strerror(errno));
176			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
177			errno = error;
178			return (-1);
179		}
180	}
181	token = au_to_return32(au_errno_to_bsm(status), reterr);
182	if (token == NULL) {
183		syslog(LOG_AUTH | LOG_ERR,
184		    "audit: enable to build return token");
185		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
186		errno = EPERM;
187		return (-1);
188	}
189	if (au_write(afd, token) < 0) {
190		error = errno;
191		syslog(LOG_AUTH | LOG_ERR,
192		    "audit: au_write failed: %s", strerror(errno));
193		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
194		errno = error;
195		return (-1);
196	}
197	if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
198		error = errno;
199		syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
200		errno = error;
201		return (-1);
202	}
203	return (0);
204}
205
206int
207audit_set_terminal_port(dev_t *p)
208{
209	struct stat st;
210
211	if (p == NULL)
212		return (kAUBadParamErr);
213
214#ifdef NODEV
215	*p = NODEV;
216#else
217	*p = -1;
218#endif
219
220	/* for /usr/bin/login, try fstat() first */
221	if (fstat(STDIN_FILENO, &st) != 0) {
222		if (errno != EBADF) {
223			syslog(LOG_ERR, "fstat() failed (%s)",
224			    strerror(errno));
225			return (kAUStatErr);
226		}
227		if (stat("/dev/console", &st) != 0) {
228			syslog(LOG_ERR, "stat() failed (%s)",
229			    strerror(errno));
230			return (kAUStatErr);
231		}
232	}
233	*p = st.st_rdev;
234	return (kAUNoErr);
235}
236
237int
238audit_set_terminal_host(uint32_t *m)
239{
240
241#ifdef KERN_HOSTID
242	int name[2] = { CTL_KERN, KERN_HOSTID };
243	size_t len;
244
245	if (m == NULL)
246		return (kAUBadParamErr);
247	*m = 0;
248	len = sizeof(*m);
249	if (sysctl(name, 2, m, &len, NULL, 0) != 0) {
250		syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno));
251		return (kAUSysctlErr);
252	}
253	return (kAUNoErr);
254#else
255	*m = -1;
256	return (kAUNoErr);
257#endif
258}
259
260int
261audit_set_terminal_id(au_tid_t *tid)
262{
263	int ret;
264
265	if (tid == NULL)
266		return (kAUBadParamErr);
267	if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr)
268		return (ret);
269	return (audit_set_terminal_host(&tid->machine));
270}
271
272/*
273 * This is OK for those callers who have only one token to write.  If you have
274 * multiple tokens that logically form part of the same audit record, you need
275 * to use the existing au_open()/au_write()/au_close() API:
276 *
277 * aufd = au_open();
278 * tok = au_to_random_token_1(...);
279 * au_write(aufd, tok);
280 * tok = au_to_random_token_2(...);
281 * au_write(aufd, tok);
282 * ...
283 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type);
284 *
285 * Assumes, like all wrapper calls, that the caller has previously checked
286 * that auditing is enabled via the audit_get_state() call.
287 *
288 * XXX: Should be more robust against bad arguments.
289 */
290int
291audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
292    int errcode)
293{
294	int aufd;
295	char *func = "audit_write()";
296	token_t *rettok;
297
298	if ((aufd = au_open()) == -1) {
299		au_free_token(subject);
300		au_free_token(misctok);
301		syslog(LOG_ERR, "%s: au_open() failed", func);
302		return (kAUOpenErr);
303	}
304
305	/* Save subject. */
306	if (subject && au_write(aufd, subject) == -1) {
307		au_free_token(subject);
308		au_free_token(misctok);
309		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
310		syslog(LOG_ERR, "%s: write of subject failed", func);
311		return (kAUWriteSubjectTokErr);
312	}
313
314	/* Save the event-specific token. */
315	if (misctok && au_write(aufd, misctok) == -1) {
316		au_free_token(misctok);
317		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
318		syslog(LOG_ERR, "%s: write of caller token failed", func);
319		return (kAUWriteCallerTokErr);
320	}
321
322	/* Tokenize and save the return value. */
323	if ((rettok = au_to_return32(retval, errcode)) == NULL) {
324		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
325		syslog(LOG_ERR, "%s: au_to_return32() failed", func);
326		return (kAUMakeReturnTokErr);
327	}
328
329	if (au_write(aufd, rettok) == -1) {
330		au_free_token(rettok);
331		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
332		syslog(LOG_ERR, "%s: write of return code failed", func);
333		return (kAUWriteReturnTokErr);
334	}
335
336	/*
337	 * We assume the caller wouldn't have bothered with this
338	 * function if it hadn't already decided to keep the record.
339	 */
340	if (au_close(aufd, AU_TO_WRITE, event_code) < 0) {
341		syslog(LOG_ERR, "%s: au_close() failed", func);
342		return (kAUCloseErr);
343	}
344
345	return (kAUNoErr);
346}
347
348/*
349 * Same caveats as audit_write().  In addition, this function explicitly
350 * assumes success; use audit_write_failure() on error.
351 */
352int
353audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,
354    gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
355    au_tid_t *tid)
356{
357	char *func = "audit_write_success()";
358	token_t *subject = NULL;
359
360	/* Tokenize and save subject. */
361	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,
362	    tid);
363	if (subject == NULL) {
364		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
365		return kAUMakeSubjectTokErr;
366	}
367
368	return (audit_write(event_code, subject, tok, 0, 0));
369}
370
371/*
372 * Same caveats as audit_write().  In addition, this function explicitly
373 * assumes success; use audit_write_failure_self() on error.
374 */
375int
376audit_write_success_self(short event_code, token_t *tok)
377{
378	token_t *subject;
379	char *func = "audit_write_success_self()";
380
381	if ((subject = au_to_me()) == NULL) {
382		syslog(LOG_ERR, "%s: au_to_me() failed", func);
383		return (kAUMakeSubjectTokErr);
384	}
385
386	return (audit_write(event_code, subject, tok, 0, 0));
387}
388
389/*
390 * Same caveats as audit_write().  In addition, this function explicitly
391 * assumes failure; use audit_write_success() otherwise.
392 *
393 * XXX  This should let the caller pass an error return value rather than
394 * hard-coding -1.
395 */
396int
397audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,
398    uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
399    au_tid_t *tid)
400{
401	char *func = "audit_write_failure()";
402	token_t *subject, *errtok;
403
404	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid);
405	if (subject == NULL) {
406		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
407		return (kAUMakeSubjectTokErr);
408	}
409
410	/* tokenize and save the error message */
411	if ((errtok = au_to_text(errmsg)) == NULL) {
412		au_free_token(subject);
413		syslog(LOG_ERR, "%s: au_to_text() failed", func);
414		return (kAUMakeTextTokErr);
415	}
416
417	return (audit_write(event_code, subject, errtok, -1, errcode));
418}
419
420/*
421 * Same caveats as audit_write().  In addition, this function explicitly
422 * assumes failure; use audit_write_success_self() otherwise.
423 *
424 * XXX  This should let the caller pass an error return value rather than
425 * hard-coding -1.
426 */
427int
428audit_write_failure_self(short event_code, char *errmsg, int errret)
429{
430	char *func = "audit_write_failure_self()";
431	token_t *subject, *errtok;
432
433	if ((subject = au_to_me()) == NULL) {
434		syslog(LOG_ERR, "%s: au_to_me() failed", func);
435		return (kAUMakeSubjectTokErr);
436	}
437	/* tokenize and save the error message */
438	if ((errtok = au_to_text(errmsg)) == NULL) {
439		au_free_token(subject);
440		syslog(LOG_ERR, "%s: au_to_text() failed", func);
441		return (kAUMakeTextTokErr);
442	}
443	return (audit_write(event_code, subject, errtok, -1, errret));
444}
445
446/*
447 * For auditing errors during login.  Such errors are implicitly
448 * non-attributable (i.e., not ascribable to any user).
449 *
450 * Assumes, like all wrapper calls, that the caller has previously checked
451 * that auditing is enabled via the audit_get_state() call.
452 */
453int
454audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,
455    uid_t egid, pid_t pid, au_tid_t *tid)
456{
457
458	return (audit_write_failure(event_code, errmsg, errret, -1, euid,
459	    egid, -1, -1, pid, -1, tid));
460}
461
462/* END OF au_write() WRAPPERS */
463
464#ifdef __APPLE__
465void
466audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp,
467    gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp,
468    au_tid_t *tidp)
469{
470
471	if (auidp != NULL)
472		*auidp = (uid_t)atoken.val[0];
473	if (euidp != NULL)
474		*euidp = (uid_t)atoken.val[1];
475	if (egidp != NULL)
476		*egidp = (gid_t)atoken.val[2];
477	if (ruidp != NULL)
478		*ruidp = (uid_t)atoken.val[3];
479	if (rgidp != NULL)
480		*rgidp = (gid_t)atoken.val[4];
481	if (pidp != NULL)
482		*pidp = (pid_t)atoken.val[5];
483	if (asidp != NULL)
484		*asidp = (au_asid_t)atoken.val[6];
485	if (tidp != NULL) {
486		audit_set_terminal_host(&tidp->machine);
487		tidp->port = (dev_t)atoken.val[7];
488	}
489}
490#endif /* !__APPLE__ */
491
492int
493audit_get_cond(int *cond)
494{
495	int ret;
496
497	ret = auditon(A_GETCOND, cond, sizeof(*cond));
498#ifdef A_OLDGETCOND
499	if ((0 != ret) && EINVAL == errno) {
500		long lcond = *cond;
501
502		ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond));
503		*cond = (int)lcond;
504	}
505#endif
506	return (ret);
507}
508
509int
510audit_set_cond(int *cond)
511{
512	int ret;
513
514	ret = auditon(A_SETCOND, cond, sizeof(*cond));
515#ifdef A_OLDSETCOND
516	if ((0 != ret) && (EINVAL == errno)) {
517		long lcond = (long)*cond;
518
519		ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond));
520		*cond = (int)lcond;
521	}
522#endif
523	return (ret);
524}
525
526int
527audit_get_policy(int *policy)
528{
529	int ret;
530
531	ret = auditon(A_GETPOLICY, policy, sizeof(*policy));
532#ifdef A_OLDGETPOLICY
533	if ((0 != ret) && (EINVAL == errno)){
534		long lpolicy = (long)*policy;
535
536		ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy));
537		*policy = (int)lpolicy;
538	}
539#endif
540	return (ret);
541}
542
543int
544audit_set_policy(int *policy)
545{
546	int ret;
547
548	ret = auditon(A_SETPOLICY, policy, sizeof(*policy));
549#ifdef A_OLDSETPOLICY
550	if ((0 != ret) && (EINVAL == errno)){
551		long lpolicy = (long)*policy;
552
553		ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy));
554		*policy = (int)lpolicy;
555	}
556#endif
557	return (ret);
558}
559
560int
561audit_get_qctrl(au_qctrl_t *qctrl, size_t sz)
562{
563	int ret;
564
565	if (sizeof(*qctrl) != sz) {
566		errno = EINVAL;
567		return (-1);
568	}
569
570	ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl));
571#ifdef A_OLDGETQCTRL
572	if ((0 != ret) && (EINVAL == errno)){
573		struct old_qctrl {
574			size_t   oq_hiwater;
575			size_t   oq_lowater;
576			size_t   oq_bufsz;
577			clock_t  oq_delay;
578			int	 oq_minfree;
579		} oq;
580
581		oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
582		oq.oq_lowater = (size_t)qctrl->aq_lowater;
583		oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
584		oq.oq_delay = (clock_t)qctrl->aq_delay;
585		oq.oq_minfree = qctrl->aq_minfree;
586
587		ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq));
588
589		qctrl->aq_hiwater = (int)oq.oq_hiwater;
590		qctrl->aq_lowater = (int)oq.oq_lowater;
591		qctrl->aq_bufsz = (int)oq.oq_bufsz;
592		qctrl->aq_delay = (int)oq.oq_delay;
593		qctrl->aq_minfree = oq.oq_minfree;
594	}
595#endif /* A_OLDGETQCTRL */
596	return (ret);
597}
598
599int
600audit_set_qctrl(au_qctrl_t *qctrl, size_t sz)
601{
602	int ret;
603
604	if (sizeof(*qctrl) != sz) {
605		errno = EINVAL;
606		return (-1);
607	}
608
609	ret = auditon(A_SETQCTRL, qctrl, sz);
610#ifdef	A_OLDSETQCTRL
611	if ((0 != ret) && (EINVAL == errno)) {
612		struct old_qctrl {
613			size_t   oq_hiwater;
614			size_t   oq_lowater;
615			size_t   oq_bufsz;
616			clock_t  oq_delay;
617			int	 oq_minfree;
618		} oq;
619
620		oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
621		oq.oq_lowater = (size_t)qctrl->aq_lowater;
622		oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
623		oq.oq_delay = (clock_t)qctrl->aq_delay;
624		oq.oq_minfree = qctrl->aq_minfree;
625
626		ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq));
627
628		qctrl->aq_hiwater = (int)oq.oq_hiwater;
629		qctrl->aq_lowater = (int)oq.oq_lowater;
630		qctrl->aq_bufsz = (int)oq.oq_bufsz;
631		qctrl->aq_delay = (int)oq.oq_delay;
632		qctrl->aq_minfree = oq.oq_minfree;
633	}
634#endif /* A_OLDSETQCTRL */
635	return (ret);
636}
637
638int
639audit_send_trigger(int *trigger)
640{
641
642	return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger)));
643}
644
645int
646audit_get_kaudit(auditinfo_addr_t *aia, size_t sz)
647{
648
649	if (sizeof(*aia) != sz) {
650		errno = EINVAL;
651		return (-1);
652	}
653
654	return (auditon(A_GETKAUDIT, aia, sz));
655}
656
657int
658audit_set_kaudit(auditinfo_addr_t *aia, size_t sz)
659{
660
661	if (sizeof(*aia) != sz) {
662		errno = EINVAL;
663		return (-1);
664	}
665
666	return (auditon(A_SETKAUDIT, aia, sz));
667}
668
669int
670audit_get_class(au_evclass_map_t *evc_map, size_t sz)
671{
672
673	if (sizeof(*evc_map) != sz) {
674		errno = EINVAL;
675		return (-1);
676	}
677
678	return (auditon(A_GETCLASS, evc_map, sz));
679}
680
681int
682audit_set_class(au_evclass_map_t *evc_map, size_t sz)
683{
684
685	if (sizeof(*evc_map) != sz) {
686		errno = EINVAL;
687		return (-1);
688	}
689
690	return (auditon(A_SETCLASS, evc_map, sz));
691}
692
693int
694audit_get_kmask(au_mask_t *kmask, size_t sz)
695{
696	if (sizeof(*kmask) != sz) {
697		errno = EINVAL;
698		return (-1);
699	}
700
701	return (auditon(A_GETKMASK, kmask, sz));
702}
703
704int
705audit_set_kmask(au_mask_t *kmask, size_t sz)
706{
707	if (sizeof(*kmask) != sz) {
708		errno = EINVAL;
709		return (-1);
710	}
711
712	return (auditon(A_SETKMASK, kmask, sz));
713}
714
715int
716audit_get_fsize(au_fstat_t *fstat, size_t sz)
717{
718
719	if (sizeof(*fstat) != sz) {
720		errno = EINVAL;
721		return (-1);
722	}
723
724	return (auditon(A_GETFSIZE, fstat, sz));
725}
726
727int
728audit_set_fsize(au_fstat_t *fstat, size_t sz)
729{
730
731	if (sizeof(*fstat) != sz) {
732		errno = EINVAL;
733		return (-1);
734	}
735
736	return (auditon(A_SETFSIZE, fstat, sz));
737}
738
739int
740audit_set_pmask(auditpinfo_t *api, size_t sz)
741{
742
743	if (sizeof(*api) != sz) {
744		errno = EINVAL;
745		return (-1);
746	}
747
748	return (auditon(A_SETPMASK, api, sz));
749}
750
751int
752audit_get_pinfo(auditpinfo_t *api, size_t sz)
753{
754
755	if (sizeof(*api) != sz) {
756		errno = EINVAL;
757		return (-1);
758	}
759
760	return (auditon(A_GETPINFO, api, sz));
761}
762
763int
764audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz)
765{
766
767	if (sizeof(*apia) != sz) {
768		errno = EINVAL;
769		return (-1);
770	}
771
772	return (auditon(A_GETPINFO_ADDR, apia, sz));
773}
774
775int
776audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz)
777{
778
779	if (sizeof(*aia) != sz) {
780		errno = EINVAL;
781		return (-1);
782	}
783
784	return (auditon(A_GETSINFO_ADDR, aia, sz));
785}
786
787int
788audit_get_stat(au_stat_t *stats, size_t sz)
789{
790
791	if (sizeof(*stats) != sz) {
792		errno = EINVAL;
793		return (-1);
794	}
795
796	return (auditon(A_GETSTAT, stats, sz));
797}
798
799int
800audit_set_stat(au_stat_t *stats, size_t sz)
801{
802
803	if (sizeof(*stats) != sz) {
804		errno = EINVAL;
805		return (-1);
806	}
807
808	return (auditon(A_GETSTAT, stats, sz));
809}
810
811int
812audit_get_cwd(char *path, size_t sz)
813{
814
815	return (auditon(A_GETCWD, path, sz));
816}
817
818int
819audit_get_car(char *path, size_t sz)
820{
821
822	return (auditon(A_GETCAR, path, sz));
823}
824