1/*-
2 * Copyright (c) 2008-2011 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1.  Redistributions of source code must retain the above copyright
9 *     notice, this list of conditions and the following disclaimer.
10 * 2.  Redistributions in binary form must reproduce the above copyright
11 *     notice, this list of conditions and the following disclaimer in the
12 *     documentation and/or other materials provided with the distribution.
13 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
14 *     its contributors may be used to endorse or promote products derived
15 *     from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
29 */
30
31#include <sys/param.h>
32
33#include <security/audit/audit.h>
34
35#include <bsm/audit_errno.h>
36#include <bsm/audit_record.h>
37
38#include <sys/errno.h>
39
40#if CONFIG_AUDIT
41/*
42 * Different operating systems use different numeric constants for different
43 * error numbers, and sometimes error numbers don't exist in more than one
44 * operating system.  These routines convert between BSM and local error
45 * number spaces, subject to the above realities.  BSM error numbers are
46 * stored in a single 8-bit character, so don't have a byte order.
47 *
48 * Don't include string definitions when this code is compiled into a kernel.
49 */
50struct bsm_errno {
51	int		 be_bsm_errno;
52	int		 be_local_errno;
53#if !defined(KERNEL) && !defined(_KERNEL)
54	const char	*be_strerror;
55#endif
56};
57
58#define	ERRNO_NO_LOCAL_MAPPING	-600
59
60#if !defined(KERNEL) && !defined(_KERNEL)
61#define	ES(x)	x
62#else
63#define	ES(x)
64#endif
65
66/*
67 * Mapping table -- please maintain in numeric sorted order with respect to
68 * the BSM constant.  Today we do a linear lookup, but could switch to a
69 * binary search if it makes sense.  We only ifdef errors that aren't
70 * generally available, but it does make the table a lot more ugly.
71 *
72 * XXXRW: It would be nice to have a similar ordered table mapping to BSM
73 * constant from local constant, but the order of local constants varies by
74 * OS.  Really we need to build that table at compile-time but don't do that
75 * yet.
76 *
77 * XXXRW: We currently embed English-language error strings here, but should
78 * support catalogues; these are only used if the OS doesn't have an error
79 * string using strerror(3).
80 */
81static const struct bsm_errno bsm_errnos[] = {
82	{ BSM_ERRNO_ESUCCESS, 0, ES("Success") },
83	{ BSM_ERRNO_EPERM, EPERM, ES("Operation not permitted") },
84	{ BSM_ERRNO_ENOENT, ENOENT, ES("No such file or directory") },
85	{ BSM_ERRNO_ESRCH, ESRCH, ES("No such process") },
86	{ BSM_ERRNO_EINTR, EINTR, ES("Interrupted system call") },
87	{ BSM_ERRNO_EIO, EIO, ES("Input/output error") },
88	{ BSM_ERRNO_ENXIO, ENXIO, ES("Device not configured") },
89	{ BSM_ERRNO_E2BIG, E2BIG, ES("Argument list too long") },
90	{ BSM_ERRNO_ENOEXEC, ENOEXEC, ES("Exec format error") },
91	{ BSM_ERRNO_EBADF, EBADF, ES("Bad file descriptor") },
92	{ BSM_ERRNO_ECHILD, ECHILD, ES("No child processes") },
93	{ BSM_ERRNO_EAGAIN, EAGAIN, ES("Resource temporarily unavailable") },
94	{ BSM_ERRNO_ENOMEM, ENOMEM, ES("Cannot allocate memory") },
95	{ BSM_ERRNO_EACCES, EACCES, ES("Permission denied") },
96	{ BSM_ERRNO_EFAULT, EFAULT, ES("Bad address") },
97	{ BSM_ERRNO_ENOTBLK, ENOTBLK, ES("Block device required") },
98	{ BSM_ERRNO_EBUSY, EBUSY, ES("Device busy") },
99	{ BSM_ERRNO_EEXIST, EEXIST, ES("File exists") },
100	{ BSM_ERRNO_EXDEV, EXDEV, ES("Cross-device link") },
101	{ BSM_ERRNO_ENODEV, ENODEV, ES("Operation not supported by device") },
102	{ BSM_ERRNO_ENOTDIR, ENOTDIR, ES("Not a directory") },
103	{ BSM_ERRNO_EISDIR, EISDIR, ES("Is a directory") },
104	{ BSM_ERRNO_EINVAL, EINVAL, ES("Invalid argument") },
105	{ BSM_ERRNO_ENFILE, ENFILE, ES("Too many open files in system") },
106	{ BSM_ERRNO_EMFILE, EMFILE, ES("Too many open files") },
107	{ BSM_ERRNO_ENOTTY, ENOTTY, ES("Inappropriate ioctl for device") },
108	{ BSM_ERRNO_ETXTBSY, ETXTBSY, ES("Text file busy") },
109	{ BSM_ERRNO_EFBIG, EFBIG, ES("File too large") },
110	{ BSM_ERRNO_ENOSPC, ENOSPC, ES("No space left on device") },
111	{ BSM_ERRNO_ESPIPE, ESPIPE, ES("Illegal seek") },
112	{ BSM_ERRNO_EROFS, EROFS, ES("Read-only file system") },
113	{ BSM_ERRNO_EMLINK, EMLINK, ES("Too many links") },
114	{ BSM_ERRNO_EPIPE, EPIPE, ES("Broken pipe") },
115	{ BSM_ERRNO_EDOM, EDOM, ES("Numerical argument out of domain") },
116	{ BSM_ERRNO_ERANGE, ERANGE, ES("Result too large") },
117	{ BSM_ERRNO_ENOMSG, ENOMSG, ES("No message of desired type") },
118	{ BSM_ERRNO_EIDRM, EIDRM, ES("Identifier removed") },
119	{ BSM_ERRNO_ECHRNG,
120#ifdef ECHRNG
121	ECHRNG,
122#else
123	ERRNO_NO_LOCAL_MAPPING,
124#endif
125	ES("Channel number out of range") },
126	{ BSM_ERRNO_EL2NSYNC,
127#ifdef EL2NSYNC
128	EL2NSYNC,
129#else
130	ERRNO_NO_LOCAL_MAPPING,
131#endif
132	ES("Level 2 not synchronized") },
133	{ BSM_ERRNO_EL3HLT,
134#ifdef EL3HLT
135	EL3HLT,
136#else
137	ERRNO_NO_LOCAL_MAPPING,
138#endif
139	ES("Level 3 halted") },
140	{ BSM_ERRNO_EL3RST,
141#ifdef EL3RST
142	EL3RST,
143#else
144	ERRNO_NO_LOCAL_MAPPING,
145#endif
146	ES("Level 3 reset") },
147	{ BSM_ERRNO_ELNRNG,
148#ifdef ELNRNG
149	ELNRNG,
150#else
151	ERRNO_NO_LOCAL_MAPPING,
152#endif
153	ES("Link number out of range") },
154	{ BSM_ERRNO_EUNATCH,
155#ifdef EUNATCH
156	EUNATCH,
157#else
158	ERRNO_NO_LOCAL_MAPPING,
159#endif
160	ES("Protocol driver not attached") },
161	{ BSM_ERRNO_ENOCSI,
162#ifdef ENOCSI
163	ENOCSI,
164#else
165	ERRNO_NO_LOCAL_MAPPING,
166#endif
167	ES("No CSI structure available") },
168	{ BSM_ERRNO_EL2HLT,
169#ifdef EL2HLT
170	EL2HLT,
171#else
172	ERRNO_NO_LOCAL_MAPPING,
173#endif
174	ES("Level 2 halted") },
175	{ BSM_ERRNO_EDEADLK, EDEADLK, ES("Resource deadlock avoided") },
176	{ BSM_ERRNO_ENOLCK, ENOLCK, ES("No locks available") },
177	{ BSM_ERRNO_ECANCELED, ECANCELED, ES("Operation canceled") },
178	{ BSM_ERRNO_ENOTSUP, ENOTSUP, ES("Operation not supported") },
179	{ BSM_ERRNO_EDQUOT, EDQUOT, ES("Disc quota exceeded") },
180	{ BSM_ERRNO_EBADE,
181#ifdef EBADE
182	EBADE,
183#else
184	ERRNO_NO_LOCAL_MAPPING,
185#endif
186	ES("Invalid exchange") },
187	{ BSM_ERRNO_EBADR,
188#ifdef EBADR
189	EBADR,
190#else
191	ERRNO_NO_LOCAL_MAPPING,
192#endif
193	ES("Invalid request descriptor") },
194	{ BSM_ERRNO_EXFULL,
195#ifdef EXFULL
196	EXFULL,
197#else
198	ERRNO_NO_LOCAL_MAPPING,
199#endif
200	ES("Exchange full") },
201	{ BSM_ERRNO_ENOANO,
202#ifdef ENOANO
203	ENOANO,
204#else
205	ERRNO_NO_LOCAL_MAPPING,
206#endif
207	ES("No anode") },
208	{ BSM_ERRNO_EBADRQC,
209#ifdef EBADRQC
210	EBADRQC,
211#else
212	ERRNO_NO_LOCAL_MAPPING,
213#endif
214	ES("Invalid request descriptor") },
215	{ BSM_ERRNO_EBADSLT,
216#ifdef EBADSLT
217	EBADSLT,
218#else
219	ERRNO_NO_LOCAL_MAPPING,
220#endif
221	ES("Invalid slot") },
222	{ BSM_ERRNO_EDEADLOCK,
223#ifdef EDEADLOCK
224	EDEADLOCK,
225#else
226	ERRNO_NO_LOCAL_MAPPING,
227#endif
228	ES("Resource deadlock avoided") },
229	{ BSM_ERRNO_EBFONT,
230#ifdef EBFONT
231	EBFONT,
232#else
233	ERRNO_NO_LOCAL_MAPPING,
234#endif
235	ES("Bad font file format") },
236	{ BSM_ERRNO_EOWNERDEAD,
237#ifdef EOWNERDEAD
238	EOWNERDEAD,
239#else
240	ERRNO_NO_LOCAL_MAPPING,
241#endif
242	ES("Process died with the lock") },
243	{ BSM_ERRNO_ENOTRECOVERABLE,
244#ifdef ENOTRECOVERABLE
245	ENOTRECOVERABLE,
246#else
247	ERRNO_NO_LOCAL_MAPPING,
248#endif
249	ES("Lock is not recoverable") },
250	{ BSM_ERRNO_ENOSTR,
251#ifdef ENOSTR
252	ENOSTR,
253#else
254	ERRNO_NO_LOCAL_MAPPING,
255#endif
256	ES("Device not a stream") },
257	{ BSM_ERRNO_ENONET,
258#ifdef ENONET
259	ENONET,
260#else
261	ERRNO_NO_LOCAL_MAPPING,
262#endif
263	ES("Machine is not on the network") },
264	{ BSM_ERRNO_ENOPKG,
265#ifdef ENOPKG
266	ENOPKG,
267#else
268	ERRNO_NO_LOCAL_MAPPING,
269#endif
270	ES("Package not installed") },
271	{ BSM_ERRNO_EREMOTE, EREMOTE,
272	    ES("Too many levels of remote in path") },
273	{ BSM_ERRNO_ENOLINK,
274#ifdef ENOLINK
275	ENOLINK,
276#else
277	ERRNO_NO_LOCAL_MAPPING,
278#endif
279	ES("Link has been severed") },
280	{ BSM_ERRNO_EADV,
281#ifdef EADV
282	EADV,
283#else
284	ERRNO_NO_LOCAL_MAPPING,
285#endif
286	ES("Advertise error") },
287	{ BSM_ERRNO_ESRMNT,
288#ifdef ESRMNT
289	ESRMNT,
290#else
291	ERRNO_NO_LOCAL_MAPPING,
292#endif
293	ES("srmount error") },
294	{ BSM_ERRNO_ECOMM,
295#ifdef ECOMM
296	ECOMM,
297#else
298	ERRNO_NO_LOCAL_MAPPING,
299#endif
300	ES("Communication error on send") },
301	{ BSM_ERRNO_EPROTO,
302#ifdef EPROTO
303	EPROTO,
304#else
305	ERRNO_NO_LOCAL_MAPPING,
306#endif
307	ES("Protocol error") },
308	{ BSM_ERRNO_ELOCKUNMAPPED,
309#ifdef ELOCKUNMAPPED
310	ELOCKUNMAPPED,
311#else
312	ERRNO_NO_LOCAL_MAPPING,
313#endif
314	ES("Locked lock was unmapped") },
315	{ BSM_ERRNO_ENOTACTIVE,
316#ifdef ENOTACTIVE
317	ENOTACTIVE,
318#else
319	ERRNO_NO_LOCAL_MAPPING,
320#endif
321	ES("Facility is not active") },
322	{ BSM_ERRNO_EMULTIHOP,
323#ifdef EMULTIHOP
324	EMULTIHOP,
325#else
326	ERRNO_NO_LOCAL_MAPPING,
327#endif
328	ES("Multihop attempted") },
329	{ BSM_ERRNO_EBADMSG,
330#ifdef EBADMSG
331	EBADMSG,
332#else
333	ERRNO_NO_LOCAL_MAPPING,
334#endif
335	ES("Bad message") },
336	{ BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, ES("File name too long") },
337	{ BSM_ERRNO_EOVERFLOW, EOVERFLOW,
338	    ES("Value too large to be stored in data type") },
339	{ BSM_ERRNO_ENOTUNIQ,
340#ifdef ENOTUNIQ
341	ENOTUNIQ,
342#else
343	ERRNO_NO_LOCAL_MAPPING,
344#endif
345	ES("Given log name not unique") },
346	{ BSM_ERRNO_EBADFD,
347#ifdef EBADFD
348	EBADFD,
349#else
350	ERRNO_NO_LOCAL_MAPPING,
351#endif
352	ES("Given f.d. invalid for this operation") },
353	{ BSM_ERRNO_EREMCHG,
354#ifdef EREMCHG
355	EREMCHG,
356#else
357	ERRNO_NO_LOCAL_MAPPING,
358#endif
359	ES("Remote address changed") },
360	{ BSM_ERRNO_ELIBACC,
361#ifdef ELIBACC
362	ELIBACC,
363#else
364	ERRNO_NO_LOCAL_MAPPING,
365#endif
366	ES("Can't access a needed shared lib") },
367	{ BSM_ERRNO_ELIBBAD,
368#ifdef ELIBBAD
369	ELIBBAD,
370#else
371	ERRNO_NO_LOCAL_MAPPING,
372#endif
373	ES("Accessing a corrupted shared lib") },
374	{ BSM_ERRNO_ELIBSCN,
375#ifdef ELIBSCN
376	ELIBSCN,
377#else
378	ERRNO_NO_LOCAL_MAPPING,
379#endif
380	ES(".lib section in a.out corrupted") },
381	{ BSM_ERRNO_ELIBMAX,
382#ifdef ELIBMAX
383	ELIBMAX,
384#else
385	ERRNO_NO_LOCAL_MAPPING,
386#endif
387	ES("Attempting to link in too many libs") },
388	{ BSM_ERRNO_ELIBEXEC,
389#ifdef ELIBEXEC
390	ELIBEXEC,
391#else
392	ERRNO_NO_LOCAL_MAPPING,
393#endif
394	ES("Attempting to exec a shared library") },
395	{ BSM_ERRNO_EILSEQ, EILSEQ, ES("Illegal byte sequence") },
396	{ BSM_ERRNO_ENOSYS, ENOSYS, ES("Function not implemented") },
397	{ BSM_ERRNO_ELOOP, ELOOP, ES("Too many levels of symbolic links") },
398	{ BSM_ERRNO_ERESTART,
399#ifdef ERESTART
400	ERESTART,
401#else
402	ERRNO_NO_LOCAL_MAPPING,
403#endif
404	ES("Restart syscall") },
405	{ BSM_ERRNO_ESTRPIPE,
406#ifdef ESTRPIPE
407	ESTRPIPE,
408#else
409	ERRNO_NO_LOCAL_MAPPING,
410#endif
411	ES("If pipe/FIFO, don't sleep in stream head") },
412	{ BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, ES("Directory not empty") },
413	{ BSM_ERRNO_EUSERS, EUSERS, ES("Too many users") },
414	{ BSM_ERRNO_ENOTSOCK, ENOTSOCK,
415	    ES("Socket operation on non-socket") },
416	{ BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ,
417	    ES("Destination address required") },
418	{ BSM_ERRNO_EMSGSIZE, EMSGSIZE, ES("Message too long") },
419	{ BSM_ERRNO_EPROTOTYPE, EPROTOTYPE,
420	    ES("Protocol wrong type for socket") },
421	{ BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, ES("Protocol not available") },
422	{ BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT,
423	    ES("Protocol not supported") },
424	{ BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT,
425	    ES("Socket type not supported") },
426	{ BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, ES("Operation not supported") },
427	{ BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT,
428	    ES("Protocol family not supported") },
429	{ BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT,
430	    ES("Address family not supported by protocol family") },
431	{ BSM_ERRNO_EADDRINUSE, EADDRINUSE, ES("Address already in use") },
432	{ BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL,
433	    ES("Can't assign requested address") },
434	{ BSM_ERRNO_ENETDOWN, ENETDOWN, ES("Network is down") },
435	{ BSM_ERRNO_ENETRESET, ENETRESET,
436	    ES("Network dropped connection on reset") },
437	{ BSM_ERRNO_ECONNABORTED, ECONNABORTED,
438	    ES("Software caused connection abort") },
439	{ BSM_ERRNO_ECONNRESET, ECONNRESET, ES("Connection reset by peer") },
440	{ BSM_ERRNO_ENOBUFS, ENOBUFS, ES("No buffer space available") },
441	{ BSM_ERRNO_EISCONN, EISCONN, ES("Socket is already connected") },
442	{ BSM_ERRNO_ENOTCONN, ENOTCONN, ES("Socket is not connected") },
443	{ BSM_ERRNO_ESHUTDOWN, ESHUTDOWN,
444	    ES("Can't send after socket shutdown") },
445	{ BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS,
446	    ES("Too many references: can't splice") },
447	{ BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, ES("Operation timed out") },
448	{ BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, ES("Connection refused") },
449	{ BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, ES("Host is down") },
450	{ BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, ES("No route to host") },
451	{ BSM_ERRNO_EALREADY, EALREADY, ES("Operation already in progress") },
452	{ BSM_ERRNO_EINPROGRESS, EINPROGRESS,
453	    ES("Operation now in progress") },
454	{ BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") },
455	{ BSM_ERRNO_EQFULL, EQFULL, ES("Interface output queue is full") },
456	{ BSM_ERRNO_EPWROFF,
457#ifdef EPWROFF
458	EPWROFF,
459#else
460	ERRNO_NO_LOCAL_MAPPING,
461#endif
462	ES("Device power is off") },
463	{ BSM_ERRNO_EDEVERR,
464#ifdef EDEVERR
465	EDEVERR,
466#else
467	ERRNO_NO_LOCAL_MAPPING,
468#endif
469	ES("Device error") },
470	{ BSM_ERRNO_EBADEXEC,
471#ifdef EBADEXEC
472	EBADEXEC,
473#else
474	ERRNO_NO_LOCAL_MAPPING,
475#endif
476	ES("Bad executable") },
477	{ BSM_ERRNO_EBADARCH,
478#ifdef EBADARCH
479	EBADARCH,
480#else
481	ERRNO_NO_LOCAL_MAPPING,
482#endif
483	ES("Bad CPU type in executable") },
484	{ BSM_ERRNO_ESHLIBVERS,
485#ifdef ESHLIBVERS
486	ESHLIBVERS,
487#else
488	ERRNO_NO_LOCAL_MAPPING,
489#endif
490	ES("Shared library version mismatch") },
491	{ BSM_ERRNO_EBADMACHO,
492#ifdef EBADMACHO
493	EBADMACHO,
494#else
495	ERRNO_NO_LOCAL_MAPPING,
496#endif
497	ES("Malformed Macho file") },
498	{ BSM_ERRNO_EPOLICY,
499#ifdef EPOLICY
500	EPOLICY,
501#else
502	ERRNO_NO_LOCAL_MAPPING,
503#endif
504	ES("Operation failed by policy") },
505	{ BSM_ERRNO_EDOTDOT,
506#ifdef EDOTDOT
507	EDOTDOT,
508#else
509	ERRNO_NO_LOCAL_MAPPING,
510#endif
511	ES("RFS specific error") },
512	{ BSM_ERRNO_EUCLEAN,
513#ifdef EUCLEAN
514	EUCLEAN,
515#else
516	ERRNO_NO_LOCAL_MAPPING,
517#endif
518	ES("Structure needs cleaning") },
519	{ BSM_ERRNO_ENOTNAM,
520#ifdef ENOTNAM
521	ENOTNAM,
522#else
523	ERRNO_NO_LOCAL_MAPPING,
524#endif
525	ES("Not a XENIX named type file") },
526	{ BSM_ERRNO_ENAVAIL,
527#ifdef ENAVAIL
528	ENAVAIL,
529#else
530	ERRNO_NO_LOCAL_MAPPING,
531#endif
532	ES("No XENIX semaphores available") },
533	{ BSM_ERRNO_EISNAM,
534#ifdef EISNAM
535	EISNAM,
536#else
537	ERRNO_NO_LOCAL_MAPPING,
538#endif
539	ES("Is a named type file") },
540	{ BSM_ERRNO_EREMOTEIO,
541#ifdef EREMOTEIO
542	EREMOTEIO,
543#else
544	ERRNO_NO_LOCAL_MAPPING,
545#endif
546	ES("Remote I/O error") },
547	{ BSM_ERRNO_ENOMEDIUM,
548#ifdef ENOMEDIUM
549	ENOMEDIUM,
550#else
551	ERRNO_NO_LOCAL_MAPPING,
552#endif
553	ES("No medium found") },
554	{ BSM_ERRNO_EMEDIUMTYPE,
555#ifdef EMEDIUMTYPE
556	EMEDIUMTYPE,
557#else
558	ERRNO_NO_LOCAL_MAPPING,
559#endif
560	ES("Wrong medium type") },
561	{ BSM_ERRNO_ENOKEY,
562#ifdef ENOKEY
563	ENOKEY,
564#else
565	ERRNO_NO_LOCAL_MAPPING,
566#endif
567	ES("Required key not available") },
568	{ BSM_ERRNO_EKEYEXPIRED,
569#ifdef EKEEXPIRED
570	EKEYEXPIRED,
571#else
572	ERRNO_NO_LOCAL_MAPPING,
573#endif
574	ES("Key has expired") },
575	{ BSM_ERRNO_EKEYREVOKED,
576#ifdef EKEYREVOKED
577	EKEYREVOKED,
578#else
579	ERRNO_NO_LOCAL_MAPPING,
580#endif
581	ES("Key has been revoked") },
582	{ BSM_ERRNO_EKEYREJECTED,
583#ifdef EKEREJECTED
584	EKEYREJECTED,
585#else
586	ERRNO_NO_LOCAL_MAPPING,
587#endif
588	ES("Key was rejected by service") },
589};
590static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]);
591
592static const struct bsm_errno *
593bsm_lookup_errno_local(int local_errno)
594{
595	int i;
596
597	for (i = 0; i < bsm_errnos_count; i++) {
598		if (bsm_errnos[i].be_local_errno == local_errno)
599			return (&bsm_errnos[i]);
600	}
601	return (NULL);
602}
603
604/*
605 * Conversion to the BSM errno space isn't allowed to fail; we simply map to
606 * BSM_ERRNO_UNKNOWN and let the remote endpoint deal with it.
607 */
608u_char
609au_errno_to_bsm(int local_errno)
610{
611	const struct bsm_errno *bsme;
612
613	bsme = bsm_lookup_errno_local(local_errno);
614	if (bsme == NULL)
615		return (BSM_ERRNO_UNKNOWN);
616	return (bsme->be_bsm_errno);
617}
618
619static const struct bsm_errno *
620bsm_lookup_errno_bsm(u_char bsm_errno)
621{
622	int i;
623
624	for (i = 0; i < bsm_errnos_count; i++) {
625		if (bsm_errnos[i].be_bsm_errno == bsm_errno)
626			return (&bsm_errnos[i]);
627	}
628	return (NULL);
629}
630
631/*
632 * Converstion from a BSM error to a local error number may fail if either
633 * OpenBSM doesn't recognize the error on the wire, or because there is no
634 * appropriate local mapping.
635 */
636int
637au_bsm_to_errno(u_char bsm_errno, int *errorp)
638{
639	const struct bsm_errno *bsme;
640
641	bsme = bsm_lookup_errno_bsm(bsm_errno);
642	if (bsme == NULL || bsme->be_local_errno == ERRNO_NO_LOCAL_MAPPING)
643		return (-1);
644	*errorp = bsme->be_local_errno;
645	return (0);
646}
647
648#if !defined(KERNEL) && !defined(_KERNEL)
649const char *
650au_strerror(u_char bsm_errno)
651{
652	const struct bsm_errno *bsme;
653
654	bsme = bsm_lookup_errno_bsm(bsm_errno);
655	if (bsme == NULL)
656		return ("Unrecognized BSM error");
657	if (bsme->be_local_errno != ERRNO_NO_LOCAL_MAPPING)
658		return (strerror(bsme->be_local_errno));
659	return (bsme->be_strerror);
660}
661#endif
662#endif /* CONFIG_AUDIT */
663