162587Sitojun/*- 295023Ssuz * Copyright (c) 2004-2009 Apple Inc. 362587Sitojun * Copyright (c) 2016 Robert N. M. Watson 4139826Simp * All rights reserved. 553541Sshin * 653541Sshin * Portions of this software were developed by BAE Systems, the University of 753541Sshin * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL 853541Sshin * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent 953541Sshin * Computing (TC) research program. 1053541Sshin * 1153541Sshin * Redistribution and use in source and binary forms, with or without 1253541Sshin * modification, are permitted provided that the following conditions 1353541Sshin * are met: 1453541Sshin * 1. Redistributions of source code must retain the above copyright 1553541Sshin * notice, this list of conditions and the following disclaimer. 1653541Sshin * 2. Redistributions in binary form must reproduce the above copyright 1753541Sshin * notice, this list of conditions and the following disclaimer in the 1853541Sshin * documentation and/or other materials provided with the distribution. 1953541Sshin * 3. Neither the name of Apple Inc. ("Apple") nor the names of 2053541Sshin * its contributors may be used to endorse or promote products derived 2153541Sshin * from this software without specific prior written permission. 2253541Sshin * 2353541Sshin * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 2453541Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2553541Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2653541Sshin * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 2753541Sshin * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2853541Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2953541Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3053541Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 3153541Sshin * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 3253541Sshin * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33139826Simp * POSSIBILITY OF SUCH DAMAGE. 3453541Sshin */ 3553541Sshin 3653541Sshin#ifdef __APPLE__ 3753541Sshin#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 3853541Sshin#endif 3953541Sshin 4053541Sshin#include <sys/param.h> 4153541Sshin#include <sys/stat.h> 4253541Sshin 4353541Sshin#ifdef __APPLE__ 4453541Sshin#include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ 4553541Sshin#endif 4653541Sshin 4753541Sshin#include <sys/sysctl.h> 4853541Sshin 4953541Sshin#include <bsm/libbsm.h> 5053541Sshin 5153541Sshin#include <unistd.h> 5253541Sshin#include <syslog.h> 5353541Sshin#include <stdarg.h> 5453541Sshin#include <string.h> 5553541Sshin#include <errno.h> 5653541Sshin 5753541Sshin/* These are not advertised in libbsm.h */ 5853541Sshinint audit_set_terminal_port(dev_t *p); 5953541Sshinint audit_set_terminal_host(uint32_t *m); 6053541Sshin 6153541Sshin/* 6253541Sshin * General purpose audit submission mechanism for userspace. 6353541Sshin */ 6462587Sitojunint 6562587Sitojunaudit_submit(short au_event, au_id_t auid, char status, 6662587Sitojun int reterr, const char *fmt, ...) 6753541Sshin{ 6853541Sshin char text[MAX_AUDITSTRING_LEN]; 6953541Sshin token_t *token; 7053541Sshin int acond; 7153541Sshin va_list ap; 7253541Sshin pid_t pid; 7353541Sshin int error, afd, subj_ex; 7453541Sshin struct auditinfo ai; 7553541Sshin struct auditinfo_addr aia; 7653541Sshin au_tid_t atid; 7753541Sshin 7853541Sshin if (audit_get_cond(&acond) != 0) { 7953541Sshin /* 8053541Sshin * If auditon(2) returns ENOSYS, then audit has not been 8153541Sshin * compiled into the kernel, so just return. 8253541Sshin */ 8353541Sshin if (errno == ENOSYS) 8453541Sshin return (0); 8553541Sshin error = errno; 8653541Sshin syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 8778064Sume strerror(errno)); 8878064Sume errno = error; 8978064Sume return (-1); 9053541Sshin } 9162587Sitojun if (acond == AUC_NOAUDIT) 9253541Sshin return (0); 9395023Ssuz afd = au_open(); 9453541Sshin if (afd < 0) { 9562587Sitojun error = errno; 9653541Sshin syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 9762587Sitojun strerror(errno)); 9878064Sume errno = error; 9962587Sitojun return (-1); 10053541Sshin } 10153541Sshin /* 10253541Sshin * Try to use getaudit_addr(2) first. If this kernel does not support 10353541Sshin * it, then fall back on to getaudit(2). 10453541Sshin */ 10553541Sshin subj_ex = 0; 10653541Sshin error = getaudit_addr(&aia, sizeof(aia)); 10762587Sitojun if (error < 0 && errno == ENOSYS) { 10862587Sitojun error = getaudit(&ai); 10962587Sitojun if (error < 0) { 11053541Sshin error = errno; 11162587Sitojun syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 11253541Sshin strerror(errno)); 11362587Sitojun errno = error; 11453541Sshin return (-1); 11553541Sshin } 11662587Sitojun /* 11762587Sitojun * Convert this auditinfo_t to an auditinfo_addr_t to make the 11862587Sitojun * following code less complicated wrt to preselection and 11962587Sitojun * subject token generation. 12062587Sitojun */ 12153541Sshin aia.ai_auid = ai.ai_auid; 122126552Sume aia.ai_mask = ai.ai_mask; 123126552Sume aia.ai_asid = ai.ai_asid; 12478064Sume aia.ai_termid.at_type = AU_IPv4; 12562587Sitojun aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 12683366Sjulian aia.ai_termid.at_port = ai.ai_termid.port; 12778064Sume } else if (error < 0) { 128120891Sume error = errno; 12978064Sume syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", 13053541Sshin strerror(errno)); 13162587Sitojun errno = error; 13283934Sbrooks return (-1); 13383934Sbrooks } 13453541Sshin /* 13553541Sshin * NB: We should be performing pre-selection here now that we have the 13653541Sshin * masks for this process. 13753541Sshin */ 13853541Sshin if (aia.ai_termid.at_type == AU_IPv6) 13953541Sshin subj_ex = 1; 14053541Sshin pid = getpid(); 14153541Sshin if (subj_ex == 0) { 14278064Sume atid.port = aia.ai_termid.at_port; 14378064Sume atid.machine = aia.ai_termid.at_addr[0]; 144120891Sume token = au_to_subject32(auid, geteuid(), getegid(), 14553541Sshin getuid(), getgid(), pid, pid, &atid); 14678064Sume } else 14778064Sume token = au_to_subject_ex(auid, geteuid(), getegid(), 14853541Sshin getuid(), getgid(), pid, pid, &aia.ai_termid); 14978064Sume if (token == NULL) { 15062587Sitojun syslog(LOG_AUTH | LOG_ERR, 15178064Sume "audit: unable to build subject token"); 15278064Sume (void) au_close(afd, AU_TO_NO_WRITE, au_event); 15378064Sume errno = EPERM; 15478064Sume return (-1); 15578064Sume } 15678064Sume if (au_write(afd, token) < 0) { 15762587Sitojun error = errno; 15878064Sume syslog(LOG_AUTH | LOG_ERR, 159120891Sume "audit: au_write failed: %s", strerror(errno)); 16078064Sume (void) au_close(afd, AU_TO_NO_WRITE, au_event); 161120891Sume errno = error; 16278064Sume return (-1); 16378064Sume } 16478064Sume if (fmt != NULL) { 16578064Sume va_start(ap, fmt); 16678064Sume (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 16778064Sume va_end(ap); 16853541Sshin token = au_to_text(text); 169120727Ssam if (token == NULL) { 170120727Ssam syslog(LOG_AUTH | LOG_ERR, 171120727Ssam "audit: failed to generate text token"); 172120727Ssam (void) au_close(afd, AU_TO_NO_WRITE, au_event); 173120727Ssam errno = EPERM; 174120727Ssam return (-1); 175120727Ssam } 176120727Ssam if (au_write(afd, token) < 0) { 177120727Ssam error = errno; 178120727Ssam syslog(LOG_AUTH | LOG_ERR, 179120727Ssam "audit: au_write failed: %s", strerror(errno)); 180120727Ssam (void) au_close(afd, AU_TO_NO_WRITE, au_event); 181120727Ssam errno = error; 18278064Sume return (-1); 183120727Ssam } 184120727Ssam } 185120727Ssam token = au_to_return32(au_errno_to_bsm(status), reterr); 186120727Ssam if (token == NULL) { 187120727Ssam syslog(LOG_AUTH | LOG_ERR, 188120727Ssam "audit: unable to build return token"); 189120727Ssam (void) au_close(afd, AU_TO_NO_WRITE, au_event); 190120727Ssam errno = EPERM; 19178064Sume return (-1); 19278064Sume } 193120727Ssam if (au_write(afd, token) < 0) { 19478064Sume error = errno; 19578064Sume syslog(LOG_AUTH | LOG_ERR, 196122334Ssam "audit: au_write failed: %s", strerror(errno)); 197120727Ssam (void) au_close(afd, AU_TO_NO_WRITE, au_event); 19878064Sume errno = error; 19978064Sume return (-1); 20053541Sshin } 20153541Sshin if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 20253541Sshin error = errno; 20378064Sume syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); 20478064Sume errno = error; 20578064Sume return (-1); 20678064Sume } 20778064Sume return (0); 20853541Sshin} 20953541Sshin 21053541Sshinint 21153541Sshinaudit_set_terminal_port(dev_t *p) 21278064Sume{ 213121716Ssam struct stat st; 21453541Sshin 21578064Sume if (p == NULL) 21678064Sume return (kAUBadParamErr); 217121716Ssam 218121716Ssam#ifdef NODEV 21978064Sume *p = NODEV; 220120727Ssam#else 221121716Ssam *p = -1; 222121716Ssam#endif 22353541Sshin 22453541Sshin /* for /usr/bin/login, try fstat() first */ 22553541Sshin if (fstat(STDIN_FILENO, &st) != 0) { 22653541Sshin if (errno != EBADF) { 22753541Sshin syslog(LOG_ERR, "fstat() failed (%s)", 22853541Sshin strerror(errno)); 22953541Sshin return (kAUStatErr); 23053541Sshin } 23153541Sshin if (stat("/dev/console", &st) != 0) { 23262587Sitojun syslog(LOG_ERR, "stat() failed (%s)", 23378064Sume strerror(errno)); 23462587Sitojun return (kAUStatErr); 23553541Sshin } 23662587Sitojun } 23778064Sume *p = st.st_rdev; 23862587Sitojun return (kAUNoErr); 23978064Sume} 24078064Sume 24178064Sumeint 24278064Sumeaudit_set_terminal_host(uint32_t *m) 24362587Sitojun{ 24462587Sitojun 24578064Sume#ifdef KERN_HOSTID 24678064Sume int name[2] = { CTL_KERN, KERN_HOSTID }; 24795023Ssuz size_t len; 24878064Sume 24978064Sume if (m == NULL) 25078064Sume return (kAUBadParamErr); 25178064Sume *m = 0; 25278064Sume len = sizeof(*m); 25378064Sume if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 25478064Sume syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 25578064Sume return (kAUSysctlErr); 25678064Sume } 25753541Sshin return (kAUNoErr); 25878064Sume#else 25978064Sume *m = -1; 26078064Sume return (kAUNoErr); 26178064Sume#endif 26278064Sume} 26395023Ssuz 26478064Sumeint 265120891Sumeaudit_set_terminal_id(au_tid_t *tid) 26678064Sume{ 26778064Sume dev_t port; 26878064Sume int ret; 26978064Sume 270120727Ssam if (tid == NULL) 271120727Ssam return (kAUBadParamErr); 272120727Ssam if ((ret = audit_set_terminal_port(&port)) != kAUNoErr) 273120727Ssam return (ret); 274120727Ssam tid->port = port; 275120727Ssam return (audit_set_terminal_host(&tid->machine)); 276120727Ssam} 27778064Sume 27853541Sshin/* 27953541Sshin * This is OK for those callers who have only one token to write. If you have 28053541Sshin * multiple tokens that logically form part of the same audit record, you need 28153541Sshin * to use the existing au_open()/au_write()/au_close() API: 28278064Sume * 28353541Sshin * aufd = au_open(); 28478064Sume * tok = au_to_random_token_1(...); 28553541Sshin * au_write(aufd, tok); 28678064Sume * tok = au_to_random_token_2(...); 28778064Sume * au_write(aufd, tok); 28853541Sshin * ... 289120891Sume * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 290120891Sume * 29178064Sume * Assumes, like all wrapper calls, that the caller has previously checked 29278064Sume * that auditing is enabled via the audit_get_state() call. 29378064Sume * 29453541Sshin * XXX: Should be more robust against bad arguments. 29553541Sshin */ 29653541Sshinint 29778064Sumeaudit_write(short event_code, token_t *subject, token_t *misctok, char retval, 29853541Sshin int errcode) 29978064Sume{ 30053541Sshin int aufd; 30153541Sshin char *func = "audit_write()"; 30253541Sshin token_t *rettok; 30378064Sume 30478064Sume if ((aufd = au_open()) == -1) { 30578064Sume au_free_token(subject); 30678064Sume au_free_token(misctok); 30778064Sume syslog(LOG_ERR, "%s: au_open() failed", func); 30878064Sume return (kAUOpenErr); 30978064Sume } 310120856Sume 31178064Sume /* Save subject. */ 31278064Sume if (subject && au_write(aufd, subject) == -1) { 313120856Sume au_free_token(subject); 31478064Sume au_free_token(misctok); 315120891Sume (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 31653541Sshin syslog(LOG_ERR, "%s: write of subject failed", func); 31753541Sshin return (kAUWriteSubjectTokErr); 31853541Sshin } 31953541Sshin 32062587Sitojun /* Save the event-specific token. */ 32153541Sshin if (misctok && au_write(aufd, misctok) == -1) { 32253541Sshin au_free_token(misctok); 32383366Sjulian (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 32453541Sshin syslog(LOG_ERR, "%s: write of caller token failed", func); 32553541Sshin return (kAUWriteCallerTokErr); 32653541Sshin } 32753541Sshin 32883366Sjulian /* Tokenize and save the return value. */ 32953541Sshin if ((rettok = au_to_return32(retval, errcode)) == NULL) { 33053541Sshin (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 33178064Sume syslog(LOG_ERR, "%s: au_to_return32() failed", func); 33253541Sshin return (kAUMakeReturnTokErr); 33353541Sshin } 33453541Sshin 33553541Sshin if (au_write(aufd, rettok) == -1) { 33693593Sjhb au_free_token(rettok); 33753541Sshin (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 33853541Sshin syslog(LOG_ERR, "%s: write of return code failed", func); 33962587Sitojun return (kAUWriteReturnTokErr); 34062587Sitojun } 34162587Sitojun 34262587Sitojun /* 34362587Sitojun * We assume the caller wouldn't have bothered with this 34453541Sshin * function if it hadn't already decided to keep the record. 345121742Sume */ 346121742Sume if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 347121742Sume syslog(LOG_ERR, "%s: au_close() failed", func); 348121742Sume return (kAUCloseErr); 349121742Sume } 350121742Sume 351121742Sume return (kAUNoErr); 352121742Sume} 35362587Sitojun 354120856Sume/* 35553541Sshin * Same caveats as audit_write(). In addition, this function explicitly 35653541Sshin * assumes success; use audit_write_failure() on error. 35753541Sshin */ 35853541Sshinint 35953541Sshinaudit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, 36062587Sitojun gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 36162587Sitojun au_tid_t *tid) 36253541Sshin{ 363120856Sume char *func = "audit_write_success()"; 364120891Sume token_t *subject = NULL; 36578064Sume 36653541Sshin /* Tokenize and save subject. */ 36753541Sshin subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 36853541Sshin tid); 36953541Sshin if (subject == NULL) { 37062587Sitojun syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 371120856Sume return kAUMakeSubjectTokErr; 37253541Sshin } 37353541Sshin 37453541Sshin return (audit_write(event_code, subject, tok, 0, 0)); 37553541Sshin} 37653541Sshin 37753541Sshin/* 37853541Sshin * Same caveats as audit_write(). In addition, this function explicitly 37953541Sshin * assumes success; use audit_write_failure_self() on error. 38053541Sshin */ 38178064Sumeint 38278064Sumeaudit_write_success_self(short event_code, token_t *tok) 38378064Sume{ 384120856Sume token_t *subject; 38553541Sshin char *func = "audit_write_success_self()"; 38653541Sshin 38795023Ssuz if ((subject = au_to_me()) == NULL) { 38862587Sitojun syslog(LOG_ERR, "%s: au_to_me() failed", func); 38962587Sitojun return (kAUMakeSubjectTokErr); 390120856Sume } 391121161Sume 392121161Sume return (audit_write(event_code, subject, tok, 0, 0)); 39362587Sitojun} 394121161Sume 395121161Sume/* 39662587Sitojun * Same caveats as audit_write(). In addition, this function explicitly 397121161Sume * assumes failure; use audit_write_success() otherwise. 398121161Sume * 39962587Sitojun * XXX This should let the caller pass an error return value rather than 40062587Sitojun * hard-coding -1. 40153541Sshin */ 40253541Sshinint 40353541Sshinaudit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, 40453541Sshin uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 405120856Sume au_tid_t *tid) 406120891Sume{ 40753541Sshin char *func = "audit_write_failure()"; 40883366Sjulian token_t *subject, *errtok; 40953541Sshin 41053541Sshin subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 41153541Sshin if (subject == NULL) { 41253541Sshin syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 41353541Sshin return (kAUMakeSubjectTokErr); 41462587Sitojun } 41553541Sshin 41653541Sshin /* tokenize and save the error message */ 41753541Sshin if ((errtok = au_to_text(errmsg)) == NULL) { 41853541Sshin au_free_token(subject); 41953541Sshin syslog(LOG_ERR, "%s: au_to_text() failed", func); 42078064Sume return (kAUMakeTextTokErr); 42153541Sshin } 422120891Sume 42362587Sitojun return (audit_write(event_code, subject, errtok, -1, errcode)); 424120891Sume} 425120856Sume 42662587Sitojun/* 42753541Sshin * Same caveats as audit_write(). In addition, this function explicitly 42853541Sshin * assumes failure; use audit_write_success_self() otherwise. 42953541Sshin * 430120856Sume * XXX This should let the caller pass an error return value rather than 43153541Sshin * hard-coding -1. 43253541Sshin */ 43353541Sshinint 43462587Sitojunaudit_write_failure_self(short event_code, char *errmsg, int errret) 43553541Sshin{ 43653541Sshin char *func = "audit_write_failure_self()"; 43753541Sshin token_t *subject, *errtok; 43878064Sume 43978064Sume if ((subject = au_to_me()) == NULL) { 44078064Sume syslog(LOG_ERR, "%s: au_to_me() failed", func); 44178064Sume return (kAUMakeSubjectTokErr); 44278064Sume } 44378064Sume /* tokenize and save the error message */ 44478064Sume if ((errtok = au_to_text(errmsg)) == NULL) { 44578064Sume au_free_token(subject); 44678064Sume syslog(LOG_ERR, "%s: au_to_text() failed", func); 447120856Sume return (kAUMakeTextTokErr); 44853541Sshin } 44953541Sshin return (audit_write(event_code, subject, errtok, -1, errret)); 45062587Sitojun} 45178064Sume 45262587Sitojun/* 45362587Sitojun * For auditing errors during login. Such errors are implicitly 45462587Sitojun * non-attributable (i.e., not ascribable to any user). 45578064Sume * 45662587Sitojun * Assumes, like all wrapper calls, that the caller has previously checked 45762587Sitojun * that auditing is enabled via the audit_get_state() call. 458120856Sume */ 45953541Sshinint 46053541Sshinaudit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, 46162587Sitojun uid_t egid, pid_t pid, au_tid_t *tid) 46278064Sume{ 46378064Sume 46462587Sitojun return (audit_write_failure(event_code, errmsg, errret, -1, euid, 46578064Sume egid, -1, -1, pid, -1, tid)); 46678064Sume} 467120856Sume 46853541Sshin/* END OF au_write() WRAPPERS */ 469120856Sume 47053541Sshin#ifdef __APPLE__ 47153541Sshinvoid 47253541Sshinaudit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, 47353541Sshin gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, 47453541Sshin au_tid_t *tidp) 475120891Sume{ 47653541Sshin 47753541Sshin if (auidp != NULL) 47853541Sshin *auidp = (uid_t)atoken.val[0]; 47953541Sshin if (euidp != NULL) 48053541Sshin *euidp = (uid_t)atoken.val[1]; 48162587Sitojun if (egidp != NULL) 482120856Sume *egidp = (gid_t)atoken.val[2]; 48353541Sshin if (ruidp != NULL) 48453541Sshin *ruidp = (uid_t)atoken.val[3]; 48553541Sshin if (rgidp != NULL) 48653541Sshin *rgidp = (gid_t)atoken.val[4]; 48753541Sshin if (pidp != NULL) 48853541Sshin *pidp = (pid_t)atoken.val[5]; 489120856Sume if (asidp != NULL) 49062587Sitojun *asidp = (au_asid_t)atoken.val[6]; 491120856Sume if (tidp != NULL) { 49253541Sshin audit_set_terminal_host(&tidp->machine); 49353541Sshin tidp->port = (dev_t)atoken.val[7]; 494126552Sume } 495126552Sume} 49653541Sshin#endif /* !__APPLE__ */ 49753541Sshin 498126552Sumeint 499126552Sumeaudit_get_cond(int *cond) 50053541Sshin{ 50153541Sshin int ret; 50253541Sshin 50353541Sshin ret = auditon(A_GETCOND, cond, sizeof(*cond)); 50453541Sshin#ifdef A_OLDGETCOND 50553541Sshin if ((0 != ret) && EINVAL == errno) { 50653541Sshin long lcond = *cond; 50753541Sshin 50853541Sshin ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 50953541Sshin *cond = (int)lcond; 51053541Sshin } 51153541Sshin#endif 51253541Sshin return (ret); 51353541Sshin} 514120856Sume 51562587Sitojunint 51662587Sitojunaudit_set_cond(int *cond) 51762587Sitojun{ 51862587Sitojun int ret; 51953541Sshin 52053541Sshin ret = auditon(A_SETCOND, cond, sizeof(*cond)); 52153541Sshin#ifdef A_OLDSETCOND 52253541Sshin if ((0 != ret) && (EINVAL == errno)) { 52353541Sshin long lcond = (long)*cond; 52453541Sshin 52553541Sshin ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 52653541Sshin *cond = (int)lcond; 52753541Sshin } 52853541Sshin#endif 52953541Sshin return (ret); 53053541Sshin} 531121167Sume 532121167Sumeint 533121161Sumeaudit_get_policy(int *policy) 534121161Sume{ 535121161Sume int ret; 536121161Sume 53753541Sshin ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); 53853541Sshin#ifdef A_OLDGETPOLICY 53953541Sshin if ((0 != ret) && (EINVAL == errno)){ 54053541Sshin long lpolicy = (long)*policy; 54153541Sshin 542121161Sume ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 543121161Sume *policy = (int)lpolicy; 544121161Sume } 545121161Sume#endif 54653541Sshin return (ret); 54753541Sshin} 54853541Sshin 54953541Sshinint 55053541Sshinaudit_set_policy(int *policy) 55153541Sshin{ 55253541Sshin int ret; 55353541Sshin 55453541Sshin ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); 55553541Sshin#ifdef A_OLDSETPOLICY 55653541Sshin if ((0 != ret) && (EINVAL == errno)){ 55753541Sshin long lpolicy = (long)*policy; 55853541Sshin 55953541Sshin ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 56053541Sshin *policy = (int)lpolicy; 56153541Sshin } 56253541Sshin#endif 56353541Sshin return (ret); 56453541Sshin} 56553541Sshin 56653541Sshinint 56778064Sumeaudit_get_qctrl(au_qctrl_t *qctrl, size_t sz) 56878064Sume{ 56978064Sume int ret; 57078064Sume 57178064Sume if (sizeof(*qctrl) != sz) { 57262587Sitojun errno = EINVAL; 57378064Sume return (-1); 57478064Sume } 57562587Sitojun 57678064Sume ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); 577120856Sume#ifdef A_OLDGETQCTRL 57853541Sshin if ((0 != ret) && (EINVAL == errno)){ 57978064Sume struct old_qctrl { 58078064Sume size_t oq_hiwater; 58178064Sume size_t oq_lowater; 58278064Sume size_t oq_bufsz; 58378064Sume clock_t oq_delay; 58478064Sume int oq_minfree; 58578064Sume } oq; 58678064Sume 58778064Sume oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 58878064Sume oq.oq_lowater = (size_t)qctrl->aq_lowater; 58978064Sume oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 59078064Sume oq.oq_delay = (clock_t)qctrl->aq_delay; 59178064Sume oq.oq_minfree = qctrl->aq_minfree; 59278064Sume 593120891Sume ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 594120891Sume 59578064Sume qctrl->aq_hiwater = (int)oq.oq_hiwater; 596120891Sume qctrl->aq_lowater = (int)oq.oq_lowater; 59778064Sume qctrl->aq_bufsz = (int)oq.oq_bufsz; 59878064Sume qctrl->aq_delay = (int)oq.oq_delay; 59978064Sume qctrl->aq_minfree = oq.oq_minfree; 60078064Sume } 60178064Sume#endif /* A_OLDGETQCTRL */ 602120891Sume return (ret); 60378064Sume} 60478064Sume 60595023Ssuzint 60695023Ssuzaudit_set_qctrl(au_qctrl_t *qctrl, size_t sz) 60795023Ssuz{ 60895023Ssuz int ret; 60995023Ssuz 61078064Sume if (sizeof(*qctrl) != sz) { 61178064Sume errno = EINVAL; 61278064Sume return (-1); 613120891Sume } 61478064Sume 61578064Sume ret = auditon(A_SETQCTRL, qctrl, sz); 61678064Sume#ifdef A_OLDSETQCTRL 617120891Sume if ((0 != ret) && (EINVAL == errno)) { 61878064Sume struct old_qctrl { 61978064Sume size_t oq_hiwater; 62078064Sume size_t oq_lowater; 62178064Sume size_t oq_bufsz; 62278064Sume clock_t oq_delay; 62378064Sume int oq_minfree; 624120856Sume } oq; 62578064Sume 626120891Sume oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 62778064Sume oq.oq_lowater = (size_t)qctrl->aq_lowater; 628120856Sume oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 62978064Sume oq.oq_delay = (clock_t)qctrl->aq_delay; 63078064Sume oq.oq_minfree = qctrl->aq_minfree; 63178064Sume 63278064Sume ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 63378064Sume 63478064Sume qctrl->aq_hiwater = (int)oq.oq_hiwater; 63578064Sume qctrl->aq_lowater = (int)oq.oq_lowater; 63678064Sume qctrl->aq_bufsz = (int)oq.oq_bufsz; 63778064Sume qctrl->aq_delay = (int)oq.oq_delay; 63878064Sume qctrl->aq_minfree = oq.oq_minfree; 63978064Sume } 64078064Sume#endif /* A_OLDSETQCTRL */ 64178064Sume return (ret); 64278064Sume} 64378064Sume 64478064Sumeint 64578064Sumeaudit_send_trigger(int *trigger) 64678064Sume{ 64778064Sume 64878064Sume return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); 64978064Sume} 65078064Sume 65178064Sumeint 65278064Sumeaudit_get_kaudit(auditinfo_addr_t *aia, size_t sz) 65378064Sume{ 654122059Sume 65578064Sume if (sizeof(*aia) != sz) { 65662587Sitojun errno = EINVAL; 65762587Sitojun return (-1); 65878064Sume } 65978064Sume 66078064Sume return (auditon(A_GETKAUDIT, aia, sz)); 66178064Sume} 66278064Sume 66378064Sumeint 66478064Sumeaudit_set_kaudit(auditinfo_addr_t *aia, size_t sz) 66562587Sitojun{ 666126264Smlaier 667126264Smlaier if (sizeof(*aia) != sz) { 66878064Sume errno = EINVAL; 66978064Sume return (-1); 67062587Sitojun } 67178064Sume 67278064Sume return (auditon(A_SETKAUDIT, aia, sz)); 67378064Sume} 67478064Sume 67578064Sumeint 67678064Sumeaudit_get_class(au_evclass_map_t *evc_map, size_t sz) 67778064Sume{ 67878064Sume 679120891Sume if (sizeof(*evc_map) != sz) { 68078064Sume errno = EINVAL; 68178064Sume return (-1); 68278064Sume } 68378064Sume 68478064Sume return (auditon(A_GETCLASS, evc_map, sz)); 68578064Sume} 68678064Sume 68778064Sumeint 68878064Sumeaudit_set_class(au_evclass_map_t *evc_map, size_t sz) 68978064Sume{ 69078064Sume 69178064Sume if (sizeof(*evc_map) != sz) { 69278064Sume errno = EINVAL; 69378064Sume return (-1); 69478064Sume } 69578064Sume 69678064Sume return (auditon(A_SETCLASS, evc_map, sz)); 69778064Sume} 69878064Sume 69978064Sumeint 70078064Sumeaudit_get_event(au_evname_map_t *evn_map, size_t sz) 70178064Sume{ 70278064Sume 70378064Sume if (sizeof(*evn_map) != sz) { 70478064Sume errno = EINVAL; 70578064Sume return (-1); 70678064Sume } 70778064Sume 70878064Sume return (auditon(A_GETEVENT, evn_map, sz)); 70978064Sume} 71078064Sume 71178064Sumeint 71278064Sumeaudit_set_event(au_evname_map_t *evn_map, size_t sz) 71378064Sume{ 71478064Sume 715126264Smlaier if (sizeof(*evn_map) != sz) { 71653541Sshin errno = EINVAL; 71778064Sume return (-1); 71853541Sshin } 71978064Sume 72078064Sume return (auditon(A_SETEVENT, evn_map, sz)); 721120856Sume} 722120856Sume 72378064Sumeint 72453541Sshinaudit_get_kmask(au_mask_t *kmask, size_t sz) 725120856Sume{ 72678064Sume if (sizeof(*kmask) != sz) { 72753541Sshin errno = EINVAL; 72878064Sume return (-1); 72978064Sume } 73078064Sume 73178064Sume return (auditon(A_GETKMASK, kmask, sz)); 73278064Sume} 73378064Sume 73478064Sumeint 73578064Sumeaudit_set_kmask(au_mask_t *kmask, size_t sz) 73678064Sume{ 73778064Sume if (sizeof(*kmask) != sz) { 73878064Sume errno = EINVAL; 73978064Sume return (-1); 74078064Sume } 74178064Sume 74278064Sume return (auditon(A_SETKMASK, kmask, sz)); 74378064Sume} 74478064Sume 74578064Sumeint 74678064Sumeaudit_get_fsize(au_fstat_t *fstat, size_t sz) 747120856Sume{ 74878064Sume 74978064Sume if (sizeof(*fstat) != sz) { 75078064Sume errno = EINVAL; 75178064Sume return (-1); 75278064Sume } 75378064Sume 75478064Sume return (auditon(A_GETFSIZE, fstat, sz)); 75578064Sume} 756120856Sume 75778064Sumeint 75878064Sumeaudit_set_fsize(au_fstat_t *fstat, size_t sz) 75978064Sume{ 76078064Sume 76178064Sume if (sizeof(*fstat) != sz) { 762120856Sume errno = EINVAL; 76378064Sume return (-1); 76478064Sume } 76578064Sume 76678064Sume return (auditon(A_SETFSIZE, fstat, sz)); 76778064Sume} 76878064Sume 76978064Sumeint 770120856Sumeaudit_set_pmask(auditpinfo_t *api, size_t sz) 77178064Sume{ 77278064Sume 773120891Sume if (sizeof(*api) != sz) { 774120891Sume errno = EINVAL; 77578064Sume return (-1); 776120856Sume } 777120891Sume 77862587Sitojun return (auditon(A_SETPMASK, api, sz)); 77995023Ssuz} 78078064Sume 78162587Sitojunint 78278064Sumeaudit_get_pinfo(auditpinfo_t *api, size_t sz) 78378064Sume{ 78478064Sume 78578064Sume if (sizeof(*api) != sz) { 78678064Sume errno = EINVAL; 78778064Sume return (-1); 78878064Sume } 78978064Sume 790120891Sume return (auditon(A_GETPINFO, api, sz)); 79178064Sume} 792126552Sume 79378064Sumeint 79478064Sumeaudit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) 795120891Sume{ 796120856Sume 797126552Sume if (sizeof(*apia) != sz) { 798121315Sume errno = EINVAL; 79978064Sume return (-1); 800126552Sume } 801126552Sume 802120856Sume return (auditon(A_GETPINFO_ADDR, apia, sz)); 80378064Sume} 80478064Sume 805120856Sumeint 80678064Sumeaudit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) 80778064Sume{ 80878064Sume 80978064Sume if (sizeof(*aia) != sz) { 81078064Sume errno = EINVAL; 81178064Sume return (-1); 81278064Sume } 81378064Sume 81478064Sume return (auditon(A_GETSINFO_ADDR, aia, sz)); 815126552Sume} 816122059Sume 817122059Sumeint 818120856Sumeaudit_get_stat(au_stat_t *stats, size_t sz) 81978064Sume{ 82078064Sume 821122059Sume if (sizeof(*stats) != sz) { 822122059Sume errno = EINVAL; 823120856Sume return (-1); 82478064Sume } 82578064Sume 82678064Sume return (auditon(A_GETSTAT, stats, sz)); 82778064Sume} 82878064Sume 82978064Sumeint 83078064Sumeaudit_set_stat(au_stat_t *stats, size_t sz) 83178064Sume{ 83278064Sume 83362587Sitojun if (sizeof(*stats) != sz) { 83478064Sume errno = EINVAL; 83578064Sume return (-1); 83662587Sitojun } 837122059Sume 83878064Sume return (auditon(A_GETSTAT, stats, sz)); 839122059Sume} 84078064Sume 84178064Sumeint 84278064Sumeaudit_get_cwd(char *path, size_t sz) 84378064Sume{ 84478064Sume 84562587Sitojun return (auditon(A_GETCWD, path, sz)); 84678064Sume} 84778064Sume 84878064Sumeint 84978064Sumeaudit_get_car(char *path, size_t sz) 85078064Sume{ 85178064Sume 85279763Sume return (auditon(A_GETCAR, path, sz)); 85379763Sume} 854120891Sume