Print this page
10120 smatch indenting fixes for usr/src/cmd
Reviewed by: Gergő Doma <domag02@gmail.com>
Portions contributed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/auditconfig/auditconfig.c
+++ new/usr/src/cmd/auditconfig/auditconfig.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
25 25 /*
26 + * Copyright (c) 2019, Joyent, Inc.
27 + */
28 +
29 +/*
26 30 * auditconfig - set and display audit parameters
27 31 */
28 32
29 33 #include <locale.h>
30 34 #include <sys/types.h>
31 35 #include <ctype.h>
32 36 #include <stdlib.h>
33 37 #include <stdarg.h>
34 38 #include <unistd.h>
35 39 #include <errno.h>
36 40 #include <sys/param.h>
37 41 #include <stdio.h>
38 42 #include <string.h>
39 43 #include <strings.h>
40 44 #include <nlist.h>
41 45 #include <fcntl.h>
42 46 #include <sys/socket.h>
43 47 #include <netdb.h>
44 48 #include <netinet/in.h>
45 49 #include <arpa/inet.h>
46 50 #include <sys/mkdev.h>
47 51 #include <sys/param.h>
48 52 #include <pwd.h>
49 53 #include <libintl.h>
50 54 #include <zone.h>
51 55 #include <libscf_priv.h>
52 56 #include <tsol/label.h>
53 57 #include <bsm/libbsm.h>
54 58 #include <audit_policy.h>
55 59 #include <audit_scf.h>
56 60
57 61 enum commands {
58 62 AC_ARG_ACONF,
59 63 AC_ARG_AUDIT,
60 64 AC_ARG_CHKACONF,
61 65 AC_ARG_CHKCONF,
62 66 AC_ARG_CONF,
63 67 AC_ARG_GETASID,
64 68 AC_ARG_GETAUDIT,
65 69 AC_ARG_GETAUID,
66 70 AC_ARG_GETCAR,
67 71 AC_ARG_GETCLASS,
68 72 AC_ARG_GETCOND,
69 73 AC_ARG_GETCWD,
70 74 AC_ARG_GETESTATE,
71 75 AC_ARG_GETFLAGS,
72 76 AC_ARG_GETKAUDIT,
73 77 AC_ARG_GETKMASK,
74 78 AC_ARG_GETNAFLAGS,
75 79 AC_ARG_GETPINFO,
76 80 AC_ARG_GETPLUGIN,
77 81 AC_ARG_GETPOLICY,
78 82 AC_ARG_GETQBUFSZ,
79 83 AC_ARG_GETQCTRL,
80 84 AC_ARG_GETQDELAY,
81 85 AC_ARG_GETQHIWATER,
82 86 AC_ARG_GETQLOWATER,
83 87 AC_ARG_GETSTAT,
84 88 AC_ARG_GETTERMID,
85 89 AC_ARG_LSEVENT,
86 90 AC_ARG_LSPOLICY,
87 91 AC_ARG_SETASID,
88 92 AC_ARG_SETAUDIT,
89 93 AC_ARG_SETAUID,
90 94 AC_ARG_SETCLASS,
91 95 AC_ARG_SETFLAGS,
92 96 AC_ARG_SETKAUDIT,
93 97 AC_ARG_SETKMASK,
94 98 AC_ARG_SETNAFLAGS,
95 99 AC_ARG_SETPLUGIN,
96 100 AC_ARG_SETPMASK,
97 101 AC_ARG_SETPOLICY,
98 102 AC_ARG_SETQBUFSZ,
99 103 AC_ARG_SETQCTRL,
100 104 AC_ARG_SETQDELAY,
101 105 AC_ARG_SETQHIWATER,
102 106 AC_ARG_SETQLOWATER,
103 107 AC_ARG_SETSMASK,
104 108 AC_ARG_SETSTAT,
105 109 AC_ARG_SETUMASK,
106 110 AC_ARG_SET_TEMPORARY
107 111 };
108 112
109 113 #define AC_KERN_EVENT 0
110 114 #define AC_USER_EVENT 1
111 115
112 116 #define NONE(s) (!strlen(s) ? gettext("none") : s)
113 117
114 118 #define ONEK 1024
115 119
116 120 /*
117 121 * remove this after the audit.h is fixed
118 122 */
119 123 struct arg_entry {
120 124 char *arg_str;
121 125 char *arg_opts;
122 126 enum commands auditconfig_cmd;
123 127 boolean_t temporary_allowed; /* -t allowed for the option */
124 128 };
125 129 typedef struct arg_entry arg_entry_t;
126 130
127 131 /* arg_table - command option and usage message table */
128 132 static arg_entry_t arg_table[] = {
129 133 { "-aconf", "", AC_ARG_ACONF, B_FALSE},
130 134 { "-audit", " event sorf retval string", AC_ARG_AUDIT, B_FALSE},
131 135 { "-chkaconf", "", AC_ARG_CHKACONF, B_FALSE},
132 136 { "-chkconf", "", AC_ARG_CHKCONF, B_FALSE},
133 137 { "-conf", "", AC_ARG_CONF, B_FALSE},
134 138 { "-getasid", "", AC_ARG_GETASID, B_FALSE},
135 139 { "-getaudit", "", AC_ARG_GETAUDIT, B_FALSE},
136 140 { "-getauid", "", AC_ARG_GETAUID, B_FALSE},
137 141 { "-getcar", "", AC_ARG_GETCAR, B_FALSE},
138 142 { "-getclass", " event", AC_ARG_GETCLASS, B_FALSE},
139 143 { "-getcond", "", AC_ARG_GETCOND, B_FALSE},
140 144 { "-getcwd", "", AC_ARG_GETCWD, B_FALSE},
141 145 { "-getestate", " event", AC_ARG_GETESTATE, B_FALSE},
142 146 { "-getflags", "", AC_ARG_GETFLAGS, B_FALSE},
143 147 { "-getkaudit", "", AC_ARG_GETKAUDIT, B_FALSE},
144 148 { "-getkmask", "", AC_ARG_GETKMASK, B_FALSE},
145 149 { "-getnaflags", "", AC_ARG_GETNAFLAGS, B_FALSE},
146 150 { "-getpinfo", " pid", AC_ARG_GETPINFO, B_FALSE},
147 151 { "-getplugin", " [plugin]", AC_ARG_GETPLUGIN, B_FALSE},
148 152 { "-getpolicy", "", AC_ARG_GETPOLICY, B_TRUE},
149 153 { "-getqbufsz", "", AC_ARG_GETQBUFSZ, B_TRUE},
150 154 { "-getqctrl", "", AC_ARG_GETQCTRL, B_TRUE},
151 155 { "-getqdelay", "", AC_ARG_GETQDELAY, B_TRUE},
152 156 { "-getqhiwater", "", AC_ARG_GETQHIWATER, B_TRUE},
153 157 { "-getqlowater", "", AC_ARG_GETQLOWATER, B_TRUE},
154 158 { "-getstat", "", AC_ARG_GETSTAT, B_FALSE},
155 159 { "-gettid", "", AC_ARG_GETTERMID, B_FALSE},
156 160 { "-lsevent", "", AC_ARG_LSEVENT, B_FALSE},
157 161 { "-lspolicy", "", AC_ARG_LSPOLICY, B_FALSE},
158 162 { "-setasid", " asid [cmd]", AC_ARG_SETASID, B_FALSE},
159 163 { "-setaudit", " auid audit_flags termid asid [cmd]",
160 164 AC_ARG_SETAUDIT, B_FALSE},
161 165 { "-setauid", " auid [cmd]", AC_ARG_SETAUID, B_FALSE},
162 166 { "-setclass", " event audit_flags", AC_ARG_SETCLASS, B_FALSE},
163 167 { "-setflags", " audit_flags", AC_ARG_SETFLAGS, B_FALSE},
164 168 { "-setkaudit", " type IP_address", AC_ARG_SETKAUDIT, B_FALSE},
165 169 { "-setkmask", " audit_flags", AC_ARG_SETKMASK, B_FALSE},
166 170 { "-setnaflags", " audit_naflags", AC_ARG_SETNAFLAGS, B_FALSE},
167 171 { "-setplugin", " name active|inactive [attributes [qsize]]",
168 172 AC_ARG_SETPLUGIN, B_FALSE},
169 173 { "-setpmask", " pid audit_flags", AC_ARG_SETPMASK, B_FALSE},
170 174 { "-setpolicy", " [+|-]policy_flags", AC_ARG_SETPOLICY, B_TRUE},
171 175 { "-setqbufsz", " bufsz", AC_ARG_SETQBUFSZ, B_TRUE},
172 176 { "-setqctrl", " hiwater lowater bufsz delay",
173 177 AC_ARG_SETQCTRL, B_TRUE},
174 178 { "-setqdelay", " delay", AC_ARG_SETQDELAY, B_TRUE},
175 179 { "-setqhiwater", " hiwater", AC_ARG_SETQHIWATER, B_TRUE},
176 180 { "-setqlowater", " lowater", AC_ARG_SETQLOWATER, B_TRUE},
177 181 { "-setsmask", " asid audit_flags", AC_ARG_SETSMASK, B_FALSE},
178 182 { "-setstat", "", AC_ARG_SETSTAT, B_FALSE},
179 183 { "-setumask", " user audit_flags", AC_ARG_SETUMASK, B_FALSE},
180 184 { "-t", "", AC_ARG_SET_TEMPORARY, B_FALSE},
181 185 };
182 186
183 187 #define ARG_TBL_SZ (sizeof (arg_table) / sizeof (arg_entry_t))
184 188
185 189 char *progname = "auditconfig";
186 190
187 191 /*
188 192 * temporary_set true to get/set only kernel settings,
189 193 * false to get/set kernel settings and service properties
190 194 */
191 195 static boolean_t temporary_set = B_FALSE;
192 196
193 197 static au_event_ent_t *egetauevnam(char *event_name);
194 198 static au_event_ent_t *egetauevnum(au_event_t event_number);
195 199 static int arg_ent_compare(const void *aep1, const void *aep2);
196 200 static char *cond2str(void);
197 201 static int policy2str(uint32_t policy, char *policy_str, size_t len);
198 202 static int str2type(char *s, uint_t *type);
199 203 static int str2policy(char *policy_str, uint32_t *policy_mask);
200 204 static int str2ipaddr(char *s, uint32_t *addr, uint32_t type);
201 205 static int strisipaddr(char *s);
202 206 static int strisnum(char *s);
203 207 static arg_entry_t *get_arg_ent(char *arg_str);
204 208 static uid_t get_user_id(char *user);
205 209 static void chk_arg_len(char *argv, uint_t len);
206 210 static void chk_event_num(int etype, au_event_t event);
207 211 static void chk_event_str(int etype, char *event_str);
208 212 static void chk_known_plugin(char *plugin_str);
209 213 static void chk_retval(char *retval_str);
210 214 static void chk_sorf(char *sorf_str);
211 215 static void do_aconf(void);
212 216 static void do_args(char **argv, au_mask_t *mask);
213 217 static void do_audit(char *, char, int, char *);
214 218 static void do_chkaconf(void);
215 219 static void do_chkconf(void);
216 220 static void do_conf(void);
217 221 static void do_getasid(void);
218 222 static void do_getaudit(void);
219 223 static void do_getkaudit(void);
220 224 static void do_setkaudit(char *t, char *s);
221 225 static void do_getauid(void);
222 226 static void do_getcar(void);
223 227 static void do_getclass(char *event_str);
224 228 static void do_getcond(void);
225 229 static void do_getcwd(void);
226 230 static void do_getflags(void);
227 231 static void do_getkmask(void);
228 232 static void do_getnaflags(void);
229 233 static void do_getpinfo(char *pid_str);
230 234 static void do_getplugin(char *plugin_str);
231 235 static void do_getpolicy(void);
232 236 static void do_getqbufsz(void);
233 237 static void do_getqctrl(void);
234 238 static void do_getqdelay(void);
235 239 static void do_getqhiwater(void);
236 240 static void do_getqlowater(void);
237 241 static void do_getstat(void);
238 242 static void do_gettermid(void);
239 243 static void do_lsevent(void);
240 244 static void do_lspolicy(void);
241 245 static void do_setasid(char *sid_str, char **argv);
242 246 static void do_setaudit(char *user_str, char *mask_str, char *tid_str,
243 247 char *sid_str, char **argv);
244 248 static void do_setauid(char *user, char **argv);
245 249 static void do_setclass(char *event_str, au_mask_t *mask);
246 250 static void do_setflags(char *audit_flags, au_mask_t *amask);
247 251 static void do_setkmask(au_mask_t *pmask);
248 252 static void do_setnaflags(char *audit_naflags, au_mask_t *namask);
249 253 static void do_setpmask(char *pid_str, au_mask_t *mask);
250 254 static void do_setsmask(char *asid_str, au_mask_t *mask);
251 255 static void do_setumask(char *auid_str, au_mask_t *mask);
252 256 static void do_setplugin(char *plugin_str, boolean_t plugin_state,
253 257 char *plugin_attr, int plugin_qsize);
254 258 static void do_setpolicy(char *policy_str);
255 259 static void do_setqbufsz(char *bufsz);
256 260 static void do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay);
257 261 static void do_setqdelay(char *delay);
258 262 static void do_setqhiwater(char *hiwater);
259 263 static void do_setqlowater(char *lowater);
260 264 static void do_setstat(void);
261 265 static void str2tid(char *tid_str, au_tid_addr_t *tp);
262 266
263 267 static void eauditon(int cmd, caddr_t data, int length);
264 268 static void echkflags(char *auditflags, au_mask_t *mask);
265 269 static void egetaudit(auditinfo_addr_t *ai, int size);
266 270 static void egetauditflagsbin(char *auditflags, au_mask_t *pmask);
267 271 static void egetauid(au_id_t *auid);
268 272 static void egetkaudit(auditinfo_addr_t *ai, int size);
269 273 static void esetaudit(auditinfo_addr_t *ai, int size);
270 274 static void esetauid(au_id_t *auid);
271 275 static void esetkaudit(auditinfo_addr_t *ai, int size);
272 276 static void execit(char **argv);
273 277 static void exit_error(char *fmt, ...);
274 278 static void exit_usage(int status);
275 279 static void parse_args(int argc, char **argv, au_mask_t *mask);
276 280 static void print_asid(au_asid_t asid);
277 281 static void print_auid(au_id_t auid);
278 282 static void print_mask(char *desc, au_mask_t *pmp);
279 283 static void print_plugin(char *plugin_name, kva_t *plugin_kva);
280 284 static void print_tid_ex(au_tid_addr_t *tidp);
281 285
282 286 #if !defined(TEXT_DOMAIN)
283 287 #define TEXT_DOMAIN "SUNW_OST_OSCMD"
284 288 #endif
285 289
286 290 int
287 291 main(int argc, char **argv)
288 292 {
289 293 au_mask_t mask; /* for options manipulating flags */
290 294
291 295 (void) setlocale(LC_ALL, "");
292 296 (void) textdomain(TEXT_DOMAIN);
293 297
294 298 if (argc == 1) {
295 299 exit_usage(0);
296 300 }
297 301
298 302 if (argc == 2 &&
299 303 (argv[1][0] == '?' ||
300 304 strcmp(argv[1], "-h") == 0 ||
301 305 strcmp(argv[1], "-?") == 0)) {
302 306 exit_usage(0);
303 307 }
304 308
305 309 parse_args(argc, argv, &mask);
306 310 do_args(argv, &mask);
307 311
308 312 return (0);
309 313 }
310 314
311 315 /*
312 316 * parse_args()
313 317 * Desc: Checks command line argument syntax.
314 318 * Inputs: Command line argv;
315 319 * Returns: If a syntax error is detected, a usage message is printed
316 320 * and exit() is called. If a syntax error is not detected,
317 321 * parse_args() returns without a value.
318 322 */
319 323 static void
320 324 parse_args(int argc, char **argv, au_mask_t *mask)
321 325 {
322 326 arg_entry_t *ae;
323 327
324 328 uint_t type;
325 329 uint_t addr[4];
326 330
327 331 for (++argv; *argv; argv++) {
328 332 if ((ae = get_arg_ent(*argv)) == NULL) {
329 333 exit_usage(1);
330 334 }
331 335
332 336 switch (ae->auditconfig_cmd) {
333 337
334 338 case AC_ARG_AUDIT:
335 339 ++argv;
336 340 if (!*argv)
337 341 exit_usage(1);
338 342 if (strisnum(*argv)) {
339 343 chk_event_num(AC_USER_EVENT,
340 344 (au_event_t)atol(*argv));
341 345 } else {
342 346 chk_event_str(AC_USER_EVENT, *argv);
343 347 }
344 348 ++argv;
345 349 if (!*argv)
346 350 exit_usage(1);
347 351 chk_sorf(*argv);
348 352 ++argv;
349 353 if (!*argv)
350 354 exit_usage(1);
351 355 chk_retval(*argv);
352 356 ++argv;
353 357 if (!*argv)
354 358 exit_usage(1);
355 359 break;
356 360
357 361 case AC_ARG_CHKCONF:
358 362 case AC_ARG_CONF:
359 363 case AC_ARG_ACONF:
360 364 case AC_ARG_CHKACONF:
361 365 case AC_ARG_GETASID:
362 366 case AC_ARG_GETAUID:
363 367 case AC_ARG_GETAUDIT:
364 368 case AC_ARG_GETKAUDIT:
365 369 break;
366 370
367 371 case AC_ARG_GETCLASS:
368 372 case AC_ARG_GETESTATE:
369 373 ++argv;
370 374 if (!*argv)
371 375 exit_usage(1);
372 376 if (strisnum(*argv)) {
373 377 chk_event_num(AC_KERN_EVENT,
374 378 (au_event_t)atol(*argv));
375 379 } else {
376 380 chk_event_str(AC_KERN_EVENT, *argv);
377 381 }
378 382 break;
379 383
380 384 case AC_ARG_GETCAR:
381 385 case AC_ARG_GETCOND:
382 386 case AC_ARG_GETCWD:
383 387 case AC_ARG_GETFLAGS:
384 388 case AC_ARG_GETKMASK:
385 389 case AC_ARG_GETNAFLAGS:
386 390 break;
387 391
388 392 case AC_ARG_GETPLUGIN:
389 393 if (*++argv == NULL) {
390 394 --argv;
391 395 break;
392 396 }
393 397 if (get_arg_ent(*argv) != NULL) {
394 398 --argv;
395 399 } else {
396 400 chk_arg_len(*argv, PLUGIN_MAXBUF);
397 401 chk_known_plugin(*argv);
398 402 }
399 403 break;
400 404
401 405 case AC_ARG_GETPOLICY:
402 406 case AC_ARG_GETQBUFSZ:
403 407 case AC_ARG_GETQCTRL:
404 408 case AC_ARG_GETQDELAY:
405 409 case AC_ARG_GETQHIWATER:
406 410 case AC_ARG_GETQLOWATER:
407 411 case AC_ARG_GETSTAT:
408 412 case AC_ARG_GETTERMID:
409 413 case AC_ARG_LSEVENT:
410 414 case AC_ARG_LSPOLICY:
411 415 break;
412 416
413 417 case AC_ARG_SETASID:
414 418 case AC_ARG_SETAUID:
415 419 case AC_ARG_SETAUDIT:
416 420 ++argv;
417 421 if (!*argv)
418 422 exit_usage(1);
419 423
420 424 while (*argv)
421 425 ++argv;
422 426 --argv;
423 427
424 428 break;
425 429
426 430 case AC_ARG_SETKAUDIT:
427 431 ++argv;
428 432 if (!*argv)
429 433 exit_usage(1);
430 434 if (str2type (*argv, &type))
431 435 exit_error(gettext(
432 436 "Invalid IP address type specified."));
433 437 ++argv;
434 438 if (!*argv)
435 439 exit_usage(1);
436 440
437 441 if (str2ipaddr(*argv, addr, type))
438 442 exit_error(
439 443 gettext("Invalid IP address specified."));
440 444 break;
441 445
442 446 case AC_ARG_SETCLASS:
443 447 ++argv;
444 448 if (!*argv)
445 449 exit_usage(1);
446 450 if (strisnum(*argv))
447 451 chk_event_num(AC_KERN_EVENT,
448 452 (au_event_t)atol(*argv));
449 453 else
450 454 chk_event_str(AC_KERN_EVENT, *argv);
451 455 ++argv;
452 456 if (!*argv)
453 457 exit_usage(1);
454 458 echkflags(*argv, mask);
455 459 break;
456 460
457 461 case AC_ARG_SETFLAGS:
458 462 ++argv;
459 463 if (!*argv)
460 464 exit_usage(1);
461 465 chk_arg_len(*argv, PRESELECTION_MAXBUF);
462 466 echkflags(*argv, mask);
463 467 break;
464 468
465 469 case AC_ARG_SETKMASK:
466 470 ++argv;
467 471 if (!*argv)
468 472 exit_usage(1);
469 473 echkflags(*argv, mask);
470 474 break;
471 475
472 476 case AC_ARG_SETNAFLAGS:
473 477 ++argv;
474 478 if (!*argv)
475 479 exit_usage(1);
476 480 chk_arg_len(*argv, PRESELECTION_MAXBUF);
477 481 echkflags(*argv, mask);
478 482 break;
479 483
480 484 case AC_ARG_SETPLUGIN:
481 485 if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
482 486 exit_usage(1);
483 487 }
484 488 chk_known_plugin(*argv);
485 489 chk_arg_len(*argv, PLUGIN_MAXBUF);
486 490 if (*++argv == NULL || strcmp(*argv, "active") != 0 &&
487 491 strcmp(*argv, "inactive") != 0) {
488 492 exit_usage(1);
489 493 }
490 494 if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
491 495 --argv;
492 496 break;
493 497 }
494 498 chk_arg_len(*argv, PLUGIN_MAXATT);
495 499 if (*++argv == NULL || get_arg_ent(*argv) != NULL) {
496 500 --argv;
497 501 break;
498 502 }
499 503 if (atoi(*argv) < 0) {
500 504 exit_error(gettext("Incorrect qsize specified "
501 505 "(%s)."), *argv);
502 506 }
503 507 break;
504 508
505 509 case AC_ARG_SETPOLICY:
506 510 ++argv;
507 511 if (!*argv)
508 512 exit_usage(1);
509 513 break;
510 514
511 515 case AC_ARG_SETSTAT:
512 516 break;
513 517
514 518 case AC_ARG_GETPINFO:
515 519 ++argv;
516 520 if (!*argv)
517 521 exit_usage(1);
518 522 break;
519 523
520 524 case AC_ARG_SETPMASK:
521 525 ++argv;
522 526 if (!*argv)
523 527 exit_usage(1);
524 528 ++argv;
525 529 if (!*argv)
526 530 exit_usage(1);
527 531 echkflags(*argv, mask);
528 532 break;
529 533
530 534 case AC_ARG_SETQBUFSZ:
531 535 ++argv;
532 536 if (!*argv)
533 537 exit_usage(1);
534 538 if (!strisnum(*argv))
535 539 exit_error(gettext("Invalid bufsz specified."));
536 540 break;
537 541
538 542 case AC_ARG_SETQCTRL:
539 543 ++argv;
540 544 if (!*argv)
541 545 exit_usage(1);
542 546 if (!strisnum(*argv))
543 547 exit_error(
544 548 gettext("Invalid hiwater specified."));
545 549 ++argv;
546 550 if (!*argv)
547 551 exit_usage(1);
548 552 if (!strisnum(*argv))
549 553 exit_error(
550 554 gettext("Invalid lowater specified."));
551 555 ++argv;
552 556 if (!*argv)
553 557 exit_usage(1);
554 558 if (!strisnum(*argv))
555 559 exit_error(gettext("Invalid bufsz specified."));
556 560 ++argv;
557 561 if (!*argv)
558 562 exit_usage(1);
559 563 if (!strisnum(*argv))
560 564 exit_error(gettext("Invalid delay specified."));
561 565 break;
562 566
563 567 case AC_ARG_SETQDELAY:
564 568 ++argv;
565 569 if (!*argv)
566 570 exit_usage(1);
567 571 if (!strisnum(*argv))
568 572 exit_error(gettext("Invalid delay specified."));
569 573 break;
570 574
571 575 case AC_ARG_SETQHIWATER:
572 576 ++argv;
573 577 if (!*argv)
574 578 exit_usage(1);
575 579 if (!strisnum(*argv)) {
576 580 exit_error(
577 581 gettext("Invalid hiwater specified."));
578 582 }
579 583 break;
580 584
581 585 case AC_ARG_SETQLOWATER:
582 586 ++argv;
583 587 if (!*argv)
584 588 exit_usage(1);
585 589 if (!strisnum(*argv)) {
586 590 exit_error(
587 591 gettext("Invalid lowater specified."));
588 592 }
589 593 break;
590 594
591 595 case AC_ARG_SETSMASK:
592 596 case AC_ARG_SETUMASK:
593 597 ++argv;
594 598 if (!*argv)
595 599 exit_usage(1);
596 600 ++argv;
597 601 if (!*argv)
598 602 exit_usage(1);
599 603 echkflags(*argv, mask);
600 604 break;
601 605
602 606 case AC_ARG_SET_TEMPORARY:
603 607 /* Do not accept single -t option. */
604 608 if (argc == 2) {
605 609 exit_error(
606 610 gettext("Only the -t option specified "
607 611 "(it is not a standalone option)."));
608 612 }
609 613 temporary_set = B_TRUE;
610 614 break;
611 615
612 616 default:
613 617 exit_error(gettext("Internal error #1."));
614 618 break;
615 619 }
616 620 }
617 621 }
618 622
619 623
620 624 /*
621 625 * do_args() - do command line arguments in the order in which they appear.
622 626 * Function return values returned by the underlying functions; the semantics
623 627 * they should follow is to return B_TRUE on successful execution, B_FALSE
624 628 * otherwise.
625 629 */
626 630 static void
627 631 do_args(char **argv, au_mask_t *mask)
628 632 {
629 633 arg_entry_t *ae;
630 634
631 635 for (++argv; *argv; argv++) {
632 636 ae = get_arg_ent(*argv);
633 637
634 638 switch (ae->auditconfig_cmd) {
635 639
636 640 case AC_ARG_AUDIT:
637 641 {
638 642 char sorf;
639 643 int retval;
640 644 char *event_name;
641 645 char *audit_str;
642 646
643 647 ++argv;
644 648 event_name = *argv;
645 649 ++argv;
646 650 sorf = (char)atoi(*argv);
647 651 ++argv;
648 652 retval = atoi(*argv);
649 653 ++argv;
650 654 audit_str = *argv;
651 655 do_audit(event_name, sorf, retval, audit_str);
652 656 }
653 657 break;
654 658
655 659 case AC_ARG_CHKCONF:
656 660 do_chkconf();
657 661 break;
658 662
659 663 case AC_ARG_CONF:
660 664 do_conf();
661 665 break;
662 666
663 667 case AC_ARG_CHKACONF:
664 668 do_chkaconf();
665 669 break;
666 670
667 671 case AC_ARG_ACONF:
668 672 do_aconf();
669 673 break;
670 674
671 675 case AC_ARG_GETASID:
672 676 do_getasid();
673 677 break;
674 678
675 679 case AC_ARG_GETAUID:
676 680 do_getauid();
677 681 break;
678 682
679 683 case AC_ARG_GETAUDIT:
680 684 do_getaudit();
681 685 break;
682 686
683 687 case AC_ARG_GETKAUDIT:
684 688 do_getkaudit();
685 689 break;
686 690
687 691 case AC_ARG_GETCLASS:
688 692 case AC_ARG_GETESTATE:
689 693 ++argv;
690 694 do_getclass(*argv);
691 695 break;
692 696
693 697 case AC_ARG_GETCAR:
694 698 do_getcar();
695 699 break;
696 700
697 701 case AC_ARG_GETCOND:
698 702 do_getcond();
699 703 break;
700 704
701 705 case AC_ARG_GETCWD:
702 706 do_getcwd();
703 707 break;
704 708
705 709 case AC_ARG_GETFLAGS:
706 710 do_getflags();
707 711 break;
708 712
709 713 case AC_ARG_GETKMASK:
710 714 do_getkmask();
711 715 break;
712 716
713 717 case AC_ARG_GETNAFLAGS:
714 718 do_getnaflags();
715 719 break;
716 720
717 721 case AC_ARG_GETPLUGIN:
718 722 {
719 723 char *plugin_str = NULL;
720 724
721 725 ++argv;
722 726 if (*argv != NULL) {
723 727 if (get_arg_ent(*argv) != NULL) {
724 728 --argv;
725 729 } else {
726 730 plugin_str = *argv;
727 731 }
728 732 } else {
729 733 --argv;
730 734 }
731 735
732 736 do_getplugin(plugin_str);
733 737 }
734 738 break;
735 739
736 740 case AC_ARG_GETPOLICY:
737 741 do_getpolicy();
738 742 break;
739 743
740 744 case AC_ARG_GETQBUFSZ:
741 745 do_getqbufsz();
742 746 break;
743 747
744 748 case AC_ARG_GETQCTRL:
745 749 do_getqctrl();
746 750 break;
747 751
748 752 case AC_ARG_GETQDELAY:
749 753 do_getqdelay();
750 754 break;
751 755
752 756 case AC_ARG_GETQHIWATER:
753 757 do_getqhiwater();
754 758 break;
755 759
756 760 case AC_ARG_GETQLOWATER:
757 761 do_getqlowater();
758 762 break;
759 763
760 764 case AC_ARG_GETSTAT:
761 765 do_getstat();
762 766 break;
763 767
764 768 case AC_ARG_GETTERMID:
765 769 do_gettermid();
766 770 break;
767 771
768 772 case AC_ARG_LSEVENT:
769 773 do_lsevent();
770 774 break;
771 775
772 776 case AC_ARG_LSPOLICY:
773 777 do_lspolicy();
774 778 break;
775 779
776 780 case AC_ARG_SETASID:
777 781 {
778 782 char *sid_str;
779 783
780 784 ++argv;
781 785 sid_str = *argv;
782 786 ++argv;
783 787 do_setasid(sid_str, argv);
784 788 }
785 789 break;
786 790
787 791 case AC_ARG_SETAUID:
788 792 {
789 793 char *user;
790 794
791 795 ++argv;
792 796 user = *argv;
793 797 ++argv;
794 798 do_setauid(user, argv);
795 799 }
796 800 break;
797 801
798 802 case AC_ARG_SETAUDIT:
799 803 {
800 804 char *user_str;
801 805 char *mask_str;
802 806 char *tid_str;
803 807 char *sid_str;
804 808
805 809 ++argv;
806 810 user_str = *argv;
807 811 ++argv;
808 812 mask_str = *argv;
809 813 ++argv;
810 814 tid_str = *argv;
811 815 ++argv;
812 816 sid_str = *argv;
813 817 ++argv;
814 818 do_setaudit(user_str, mask_str, tid_str,
815 819 sid_str, argv);
816 820 }
817 821 break;
818 822
819 823 case AC_ARG_SETKAUDIT:
820 824 {
821 825 char *address_type, *address;
822 826
823 827 ++argv; address_type = *argv;
824 828 ++argv; address = *argv;
825 829 do_setkaudit(address_type, address);
826 830 }
827 831 break;
828 832
829 833 case AC_ARG_SETCLASS:
830 834 {
831 835 char *event_str;
832 836
833 837 ++argv;
834 838 event_str = *argv;
835 839 do_setclass(event_str, mask);
836 840
837 841 ++argv;
838 842 }
839 843 break;
840 844
841 845 case AC_ARG_SETFLAGS:
842 846 ++argv;
843 847 do_setflags(*argv, mask);
844 848 break;
845 849
846 850 case AC_ARG_SETKMASK:
847 851 ++argv;
848 852 do_setkmask(mask);
849 853 break;
850 854
851 855 case AC_ARG_SETNAFLAGS:
852 856 ++argv;
853 857 do_setnaflags(*argv, mask);
854 858 break;
855 859
856 860 case AC_ARG_SETPLUGIN:
857 861 {
858 862 char *plugin_str = NULL;
859 863 boolean_t plugin_state = B_FALSE;
860 864 char *plugin_att = NULL;
861 865 int plugin_qsize = -1;
862 866
863 867 plugin_str = *++argv;
864 868 if (strcmp(*++argv, "active") == 0) {
865 869 plugin_state = B_TRUE;
866 870 }
867 871 if (*++argv != NULL &&
868 872 get_arg_ent(*argv) == NULL) {
869 873 plugin_att = *argv;
870 874 if (*++argv != NULL &&
871 875 get_arg_ent(*argv) == NULL) {
872 876 plugin_qsize = atoi(*argv);
873 877 } else {
874 878 --argv;
875 879 }
876 880 } else {
877 881 --argv;
878 882 }
879 883
880 884 do_setplugin(plugin_str, plugin_state,
881 885 plugin_att, plugin_qsize);
882 886 }
883 887 break;
884 888
885 889 case AC_ARG_SETPOLICY:
886 890 ++argv;
887 891 do_setpolicy(*argv);
888 892 break;
889 893
890 894 case AC_ARG_GETPINFO:
891 895 {
892 896 char *pid_str;
893 897
894 898 ++argv;
895 899 pid_str = *argv;
896 900 do_getpinfo(pid_str);
897 901 }
898 902 break;
899 903
900 904 case AC_ARG_SETPMASK:
901 905 {
902 906 char *pid_str;
903 907
904 908 ++argv;
905 909 pid_str = *argv;
906 910 do_setpmask(pid_str, mask);
907 911
908 912 ++argv;
909 913 }
910 914 break;
911 915
912 916 case AC_ARG_SETSTAT:
913 917 do_setstat();
914 918 break;
915 919
916 920 case AC_ARG_SETQBUFSZ:
917 921 ++argv;
918 922 do_setqbufsz(*argv);
919 923 break;
920 924
921 925 case AC_ARG_SETQCTRL:
922 926 {
923 927 char *hiwater, *lowater, *bufsz, *delay;
924 928
925 929 ++argv; hiwater = *argv;
926 930 ++argv; lowater = *argv;
927 931 ++argv; bufsz = *argv;
928 932 ++argv; delay = *argv;
929 933 do_setqctrl(hiwater, lowater, bufsz, delay);
930 934 }
931 935 break;
932 936 case AC_ARG_SETQDELAY:
933 937 ++argv;
934 938 do_setqdelay(*argv);
935 939 break;
936 940
937 941 case AC_ARG_SETQHIWATER:
938 942 ++argv;
939 943 do_setqhiwater(*argv);
940 944 break;
941 945
942 946 case AC_ARG_SETQLOWATER:
943 947 ++argv;
944 948 do_setqlowater(*argv);
945 949 break;
946 950
947 951 case AC_ARG_SETSMASK:
948 952 {
949 953 char *asid_str;
950 954
951 955 ++argv;
952 956 asid_str = *argv;
953 957 do_setsmask(asid_str, mask);
954 958
955 959 ++argv;
956 960 }
957 961 break;
958 962 case AC_ARG_SETUMASK:
959 963 {
960 964 char *auid_str;
961 965
962 966 ++argv;
963 967 auid_str = *argv;
964 968 do_setumask(auid_str, mask);
965 969
966 970 ++argv;
967 971 }
968 972 break;
969 973 case AC_ARG_SET_TEMPORARY:
970 974 break;
971 975
972 976 default:
973 977 exit_error(gettext("Internal error #2."));
974 978 break;
975 979 }
976 980 }
977 981 }
978 982
979 983 /*
980 984 * do_chkconf() - the returned value is for the global zone unless AUDIT_PERZONE
981 985 * is set.
982 986 */
983 987 static void
984 988 do_chkconf(void)
985 989 {
986 990 register au_event_ent_t *evp;
987 991 au_mask_t pmask;
988 992 char conf_aflags[256];
989 993 char run_aflags[256];
990 994 au_stat_t as;
991 995 int class;
992 996 int len;
993 997 struct au_evclass_map cmap;
994 998
995 999 pmask.am_success = pmask.am_failure = 0;
996 1000 eauditon(A_GETSTAT, (caddr_t)&as, 0);
997 1001
998 1002 setauevent();
999 1003 if (getauevent() == NULL) {
1000 1004 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."),
1001 1005 AUDITEVENTFILE);
1002 1006 }
1003 1007
1004 1008 setauevent();
1005 1009 while ((evp = getauevent()) != NULL) {
1006 1010 cmap.ec_number = evp->ae_number;
1007 1011 len = sizeof (struct au_evclass_map);
1008 1012 if (evp->ae_number <= as.as_numevent) {
1009 1013 if (auditon(A_GETCLASS, (caddr_t)&cmap, len) == -1) {
1010 1014 (void) printf("%s(%hu):%s",
1011 1015 evp->ae_name, evp->ae_number,
1012 1016 gettext("UNKNOWN EVENT: Could not get "
1013 1017 "class for event. Configuration may "
1014 1018 "be bad.\n"));
1015 1019 } else {
1016 1020 class = cmap.ec_class;
1017 1021 if (class != evp->ae_class) {
1018 1022 conf_aflags[0] = run_aflags[0] = '\0';
1019 1023 pmask.am_success = class;
1020 1024 pmask.am_failure = class;
1021 1025 (void) getauditflagschar(run_aflags,
1022 1026 &pmask, 0);
1023 1027 pmask.am_success = evp->ae_class;
1024 1028 pmask.am_failure = evp->ae_class;
1025 1029 (void) getauditflagschar(conf_aflags,
1026 1030 &pmask, 0);
1027 1031
1028 1032 (void) printf(gettext(
1029 1033 "%s(%hu): CLASS MISMATCH: "
1030 1034 "runtime class (%s) != "
1031 1035 "configured class (%s)\n"),
1032 1036 evp->ae_name, evp->ae_number,
1033 1037 NONE(run_aflags),
1034 1038 NONE(conf_aflags));
1035 1039 }
1036 1040 }
1037 1041 }
1038 1042 }
1039 1043 endauevent();
1040 1044 }
1041 1045
1042 1046 /*
1043 1047 * do_conf() - configure the kernel events. The value returned to the user is
1044 1048 * for the global zone unless AUDIT_PERZONE is set.
1045 1049 */
1046 1050 static void
1047 1051 do_conf(void)
1048 1052 {
1049 1053 register au_event_ent_t *evp;
1050 1054 register int i;
1051 1055 au_evclass_map_t ec;
1052 1056 au_stat_t as;
1053 1057
1054 1058 eauditon(A_GETSTAT, (caddr_t)&as, 0);
1055 1059
1056 1060 i = 0;
1057 1061 setauevent();
1058 1062 while ((evp = getauevent()) != NULL) {
1059 1063 if (evp->ae_number <= as.as_numevent) {
1060 1064 ++i;
1061 1065 ec.ec_number = evp->ae_number;
1062 1066 ec.ec_class = evp->ae_class;
1063 1067 eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec));
1064 1068 }
1065 1069 }
1066 1070 endauevent();
1067 1071 (void) printf(gettext("Configured %d kernel events.\n"), i);
1068 1072
1069 1073 }
1070 1074
1071 1075 /*
1072 1076 * do_chkaconf() - report a mismatch if the runtime class mask of a kernel audit
1073 1077 * event does not match the configured class mask. The value returned to the
1074 1078 * user is for the global zone unless AUDIT_PERZONE is set.
1075 1079 */
1076 1080 static void
1077 1081 do_chkaconf(void)
1078 1082 {
1079 1083 char *namask_cfg;
1080 1084 au_mask_t pmask, kmask;
1081 1085
1082 1086 if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1083 1087 exit_error(gettext("Could not get configured value."));
1084 1088 }
1085 1089 egetauditflagsbin(namask_cfg, &pmask);
1086 1090
1087 1091 eauditon(A_GETKMASK, (caddr_t)&kmask, sizeof (kmask));
1088 1092
1089 1093 if ((pmask.am_success != kmask.am_success) ||
1090 1094 (pmask.am_failure != kmask.am_failure)) {
1091 1095 char kbuf[2048];
1092 1096 if (getauditflagschar(kbuf, &kmask, 0) < 0) {
1093 1097 free(namask_cfg);
1094 1098 (void) fprintf(stderr,
1095 1099 gettext("bad kernel non-attributable mask\n"));
1096 1100 exit(1);
1097 1101 }
1098 1102 (void) printf(
1099 1103 gettext("non-attributable event flags mismatch:\n"));
1100 1104 (void) printf(gettext("active non-attributable audit flags "
1101 1105 "= %s\n"), kbuf);
1102 1106 (void) printf(gettext("configured non-attributable audit flags "
1103 1107 "= %s\n"), namask_cfg);
1104 1108 }
1105 1109 free(namask_cfg);
1106 1110 }
1107 1111
1108 1112 /*
1109 1113 * do_aconf - configures the non-attributable events. The value returned to the
1110 1114 * user is for the global zone unless AUDIT_PERZONE is set.
1111 1115 */
1112 1116 static void
1113 1117 do_aconf(void)
1114 1118 {
1115 1119 au_mask_t namask;
1116 1120 char *namask_cfg;
1117 1121
1118 1122 if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1119 1123 exit_error(gettext("Could not get configured value."));
1120 1124 }
1121 1125 egetauditflagsbin(namask_cfg, &namask);
1122 1126 free(namask_cfg);
1123 1127
1124 1128 eauditon(A_SETKMASK, (caddr_t)&namask, sizeof (namask));
1125 1129 (void) printf(gettext("Configured non-attributable event mask.\n"));
1126 1130 }
1127 1131
1128 1132 /*
1129 1133 * do_audit() - construct an audit record for audit event event using the
1130 1134 * process's audit characteristics containing a text token string audit_str. The
1131 1135 * return token is constructed from the success/failure flag sort. Returned
1132 1136 * value retval is an errno value.
1133 1137 */
1134 1138 static void
1135 1139 do_audit(char *event, char sorf, int retval, char *audit_str)
1136 1140 {
1137 1141 int rtn;
1138 1142 int rd;
1139 1143 au_event_t event_num;
1140 1144 au_event_ent_t *evp;
1141 1145 auditinfo_addr_t ai;
1142 1146 token_t *tokp;
1143 1147
1144 1148 egetaudit(&ai, sizeof (ai));
1145 1149
1146 1150 if (strisnum(event)) {
1147 1151 event_num = (au_event_t)atoi(event);
1148 1152 evp = egetauevnum(event_num);
1149 1153 } else {
1150 1154 evp = egetauevnam(event);
1151 1155 }
1152 1156
1153 1157 rtn = au_preselect(evp->ae_number, &ai.ai_mask, (int)sorf,
1154 1158 AU_PRS_USECACHE);
1155 1159
1156 1160 if (rtn == -1) {
1157 1161 exit_error("%s\n%s %hu\n",
1158 1162 gettext("Check audit event configuration."),
1159 1163 gettext("Could not get audit class for event number"),
1160 1164 evp->ae_number);
1161 1165 }
1162 1166
1163 1167 /* record is preselected */
1164 1168 if (rtn == 1) {
1165 1169 if ((rd = au_open()) == -1) {
1166 1170 exit_error(gettext(
1167 1171 "Could not get and audit record descriptor\n"));
1168 1172 }
1169 1173 if ((tokp = au_to_me()) == NULL) {
1170 1174 exit_error(
1171 1175 gettext("Could not allocate subject token\n"));
1172 1176 }
1173 1177 if (au_write(rd, tokp) == -1) {
1174 1178 exit_error(gettext("Could not construct subject token "
1175 1179 "of audit record\n"));
1176 1180 }
1177 1181 if (is_system_labeled()) {
1178 1182 if ((tokp = au_to_mylabel()) == NULL) {
1179 1183 exit_error(gettext(
1180 1184 "Could not allocate label token\n"));
1181 1185 }
1182 1186 if (au_write(rd, tokp) == -1) {
1183 1187 exit_error(gettext("Could not "
1184 1188 "construct label token of audit record\n"));
1185 1189 }
1186 1190 }
1187 1191
1188 1192 if ((tokp = au_to_text(audit_str)) == NULL)
1189 1193 exit_error(gettext("Could not allocate text token\n"));
1190 1194 if (au_write(rd, tokp) == -1)
1191 1195 exit_error(gettext("Could not construct text token of "
1192 1196 "audit record\n"));
1193 1197 #ifdef _LP64
1194 1198 if ((tokp = au_to_return64(sorf, retval)) == NULL)
1195 1199 #else
1196 1200 if ((tokp = au_to_return32(sorf, retval)) == NULL)
1197 1201 #endif
1198 1202 exit_error(
1199 1203 gettext("Could not allocate return token\n"));
1200 1204 if (au_write(rd, tokp) == -1) {
1201 1205 exit_error(gettext("Could not construct return token "
1202 1206 "of audit record\n"));
1203 1207 }
1204 1208 if (au_close(rd, 1, evp->ae_number) == -1) {
1205 1209 exit_error(
1206 1210 gettext("Could not write audit record: %s\n"),
1207 1211 strerror(errno));
1208 1212 }
1209 1213 }
1210 1214 }
1211 1215
1212 1216 /*
1213 1217 * do_getauid() - print the audit id of the current process.
1214 1218 */
1215 1219 static void
1216 1220 do_getauid(void)
1217 1221 {
1218 1222 au_id_t auid;
1219 1223
1220 1224 egetauid(&auid);
1221 1225 print_auid(auid);
1222 1226 }
1223 1227
1224 1228 /*
1225 1229 * do_getaudit() - print the audit characteristics of the current process.
1226 1230 */
1227 1231 static void
1228 1232 do_getaudit(void)
1229 1233 {
1230 1234 auditinfo_addr_t ai;
1231 1235
1232 1236 egetaudit(&ai, sizeof (ai));
1233 1237 print_auid(ai.ai_auid);
1234 1238 print_mask(gettext("process preselection mask"), &ai.ai_mask);
1235 1239 print_tid_ex(&ai.ai_termid);
1236 1240 print_asid(ai.ai_asid);
1237 1241 }
1238 1242
1239 1243 /*
1240 1244 * do_getkaudit() - print the audit characteristics of the current zone.
1241 1245 */
1242 1246 static void
1243 1247 do_getkaudit(void)
1244 1248 {
1245 1249 auditinfo_addr_t ai;
1246 1250
1247 1251 egetkaudit(&ai, sizeof (ai));
1248 1252 print_auid(ai.ai_auid);
1249 1253 print_mask(gettext("process preselection mask"), &ai.ai_mask);
1250 1254 print_tid_ex(&ai.ai_termid);
1251 1255 print_asid(ai.ai_asid);
1252 1256 }
1253 1257
1254 1258 /*
1255 1259 * do_setkaudit() - set IP address_type/address of machine to specified values;
1256 1260 * valid per zone if AUDIT_PERZONE is set, else only in global zone.
1257 1261 */
1258 1262 static void
1259 1263 do_setkaudit(char *t, char *s)
1260 1264 {
1261 1265 uint_t type;
1262 1266 auditinfo_addr_t ai;
1263 1267
1264 1268 egetkaudit(&ai, sizeof (ai));
1265 1269 (void) str2type(t, &type);
1266 1270 (void) str2ipaddr(s, &ai.ai_termid.at_addr[0], type);
1267 1271 ai.ai_termid.at_type = type;
1268 1272 esetkaudit(&ai, sizeof (ai));
1269 1273 }
1270 1274
1271 1275 /*
1272 1276 * do_getcar() - print the zone-relative root
1273 1277 */
1274 1278 static void
1275 1279 do_getcar(void)
1276 1280 {
1277 1281 char path[MAXPATHLEN];
1278 1282
1279 1283 eauditon(A_GETCAR, (caddr_t)path, sizeof (path));
1280 1284 (void) printf(gettext("current active root = %s\n"), path);
1281 1285 }
1282 1286
1283 1287 /*
1284 1288 * do_getclass() - print the preselection mask associated with the specified
1285 1289 * kernel audit event. The displayed value is for the global zone unless
1286 1290 * AUDIT_PERZONE is set.
1287 1291 */
1288 1292 static void
1289 1293 do_getclass(char *event_str)
1290 1294 {
1291 1295 au_evclass_map_t ec;
1292 1296 au_event_ent_t *evp;
1293 1297 au_event_t event_number;
1294 1298 char *event_name;
1295 1299
1296 1300 if (strisnum(event_str)) {
1297 1301 event_number = atol(event_str);
1298 1302 if ((evp = egetauevnum(event_number)) != NULL) {
1299 1303 event_number = evp->ae_number;
1300 1304 event_name = evp->ae_name;
1301 1305 } else {
1302 1306 event_name = gettext("unknown");
1303 1307 }
1304 1308 } else {
1305 1309 event_name = event_str;
1306 1310 if ((evp = egetauevnam(event_str)) != NULL) {
1307 1311 event_number = evp->ae_number;
1308 1312 }
1309 1313 }
1310 1314
1311 1315 ec.ec_number = event_number;
1312 1316 eauditon(A_GETCLASS, (caddr_t)&ec, 0);
1313 1317
1314 1318 (void) printf(gettext("audit class mask for event %s(%hu) = 0x%x\n"),
1315 1319 event_name, event_number, ec.ec_class);
1316 1320 }
1317 1321
1318 1322 /*
1319 1323 * do_getcond() - the printed value is for the global zone unless
1320 1324 * AUDIT_PERZONE is set. (AUC_DISABLED is always global, the other states are
1321 1325 * per zone if AUDIT_PERZONE is set)
1322 1326 */
1323 1327 static void
1324 1328 do_getcond(void)
1325 1329 {
1326 1330 (void) printf(gettext("audit condition = %s\n"), cond2str());
1327 1331 }
1328 1332
1329 1333 /*
1330 1334 * do_getcwd() - the printed path is relative to the current zone root
1331 1335 */
1332 1336 static void
1333 1337 do_getcwd(void)
1334 1338 {
1335 1339 char path[MAXPATHLEN];
1336 1340
1337 1341 eauditon(A_GETCWD, (caddr_t)path, sizeof (path));
1338 1342 (void) printf(gettext("current working directory = %s\n"), path);
1339 1343 }
1340 1344
1341 1345 /*
1342 1346 * do_getflags() - the printed value is for the global zone unless AUDIT_PERZONE
1343 1347 * is set.
1344 1348 */
1345 1349 static void
1346 1350 do_getflags(void)
1347 1351 {
1348 1352 au_mask_t amask;
1349 1353 char *amask_cfg;
1350 1354
1351 1355 eauditon(A_GETAMASK, (caddr_t)&amask, sizeof (amask));
1352 1356 print_mask(gettext("active user default audit flags"), &amask);
1353 1357
1354 1358 if (!do_getflags_scf(&amask_cfg) || amask_cfg == NULL) {
1355 1359 exit_error(gettext("Could not get configured value."));
1356 1360 }
1357 1361 egetauditflagsbin(amask_cfg, &amask);
1358 1362 print_mask(gettext("configured user default audit flags"), &amask);
1359 1363 free(amask_cfg);
1360 1364 }
1361 1365
1362 1366 /*
1363 1367 * do_getkmask() - the printed value is for the global zone unless AUDIT_PERZONE
1364 1368 * is set.
1365 1369 */
1366 1370 static void
1367 1371 do_getkmask(void)
1368 1372 {
1369 1373 au_mask_t pmask;
1370 1374
1371 1375 eauditon(A_GETKMASK, (caddr_t)&pmask, sizeof (pmask));
1372 1376 print_mask(gettext("active non-attributable audit flags"), &pmask);
1373 1377 }
1374 1378
1375 1379 /*
1376 1380 * do_getnaflags() - the printed value is for the global zone unless
1377 1381 * AUDIT_PERZONE is set.
1378 1382 */
1379 1383 static void
1380 1384 do_getnaflags(void)
1381 1385 {
1382 1386 au_mask_t namask;
1383 1387 char *namask_cfg;
1384 1388
1385 1389 eauditon(A_GETKMASK, (caddr_t)&namask, sizeof (namask));
1386 1390 print_mask(gettext("active non-attributable audit flags"), &namask);
1387 1391
1388 1392 if (!do_getnaflags_scf(&namask_cfg) || namask_cfg == NULL) {
1389 1393 exit_error(gettext("Could not get configured value."));
1390 1394 }
1391 1395 egetauditflagsbin(namask_cfg, &namask);
1392 1396 print_mask(gettext("configured non-attributable audit flags"), &namask);
1393 1397 free(namask_cfg);
1394 1398 }
1395 1399
1396 1400 /*
1397 1401 * do_getpolicy() - print active and configured kernel audit policy relative to
1398 1402 * the current zone.
1399 1403 */
1400 1404 static void
1401 1405 do_getpolicy(void)
1402 1406 {
1403 1407 char policy_str[1024];
1404 1408 uint32_t policy;
1405 1409
1406 1410 if (!temporary_set) {
1407 1411 if (!do_getpolicy_scf(&policy)) {
1408 1412 exit_error(gettext("Could not get configured values."));
1409 1413 }
1410 1414 (void) policy2str(policy, policy_str, sizeof (policy_str));
1411 1415 (void) printf(gettext("configured audit policies = %s\n"),
1412 1416 policy_str);
1413 1417 }
1414 1418
1415 1419 eauditon(A_GETPOLICY, (caddr_t)&policy, 0);
1416 1420 (void) policy2str(policy, policy_str, sizeof (policy_str));
1417 1421 (void) printf(gettext("active audit policies = %s\n"), policy_str);
1418 1422 }
1419 1423
1420 1424
1421 1425 /*
1422 1426 * do_getpinfo() - print the audit ID, preselection mask, terminal ID, and
1423 1427 * audit session ID for the specified process.
1424 1428 */
1425 1429 static void
1426 1430 do_getpinfo(char *pid_str)
1427 1431 {
1428 1432 struct auditpinfo_addr ap;
1429 1433
1430 1434 if (strisnum(pid_str))
1431 1435 ap.ap_pid = (pid_t)atoi(pid_str);
1432 1436 else
1433 1437 exit_usage(1);
1434 1438
1435 1439 eauditon(A_GETPINFO_ADDR, (caddr_t)&ap, sizeof (ap));
1436 1440
1437 1441 print_auid(ap.ap_auid);
1438 1442 print_mask(gettext("process preselection mask"), &(ap.ap_mask));
1439 1443 print_tid_ex(&(ap.ap_termid));
1440 1444 print_asid(ap.ap_asid);
1441 1445 }
1442 1446
1443 1447 /*
1444 1448 * do_getplugin() - print plugin configuration.
1445 1449 */
1446 1450 static void
1447 1451 do_getplugin(char *plugin_str)
1448 1452 {
1449 1453 scf_plugin_kva_node_t *plugin_kva_ll;
1450 1454 scf_plugin_kva_node_t *plugin_kva_ll_head;
1451 1455
1452 1456 if (!do_getpluginconfig_scf(plugin_str, &plugin_kva_ll)) {
1453 1457 exit_error(gettext("Could not get plugin configuration."));
1454 1458 }
1455 1459
1456 1460 plugin_kva_ll_head = plugin_kva_ll;
1457 1461
1458 1462 while (plugin_kva_ll != NULL) {
1459 1463 print_plugin(plugin_kva_ll->plugin_name,
1460 1464 plugin_kva_ll->plugin_kva);
1461 1465 plugin_kva_ll = plugin_kva_ll->next;
1462 1466 if (plugin_kva_ll != NULL) {
1463 1467 (void) printf("\n");
1464 1468 }
1465 1469 }
1466 1470 plugin_kva_ll_free(plugin_kva_ll_head);
1467 1471 }
1468 1472
1469 1473 /*
1470 1474 * do_getqbufsz() - print the active and configured audit queue write buffer
1471 1475 * size relative to the current zone.
1472 1476 */
1473 1477 static void
1474 1478 do_getqbufsz(void)
1475 1479 {
1476 1480 struct au_qctrl qctrl;
1477 1481
1478 1482 if (!temporary_set) {
1479 1483 if (!do_getqbufsz_scf(&qctrl.aq_bufsz)) {
1480 1484 exit_error(gettext("Could not get configured value."));
1481 1485 }
1482 1486
1483 1487 if (qctrl.aq_bufsz == 0) {
1484 1488 (void) printf(gettext(
1485 1489 "no configured audit queue buffer size\n"));
1486 1490 } else {
1487 1491 (void) printf(gettext("configured audit queue "
1488 1492 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz);
1489 1493 }
1490 1494 }
1491 1495
1492 1496 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1493 1497 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"),
1494 1498 qctrl.aq_bufsz);
1495 1499 }
1496 1500
1497 1501 /*
1498 1502 * do_getqctrl() - print the configured and active audit queue write buffer
1499 1503 * size, audit queue hiwater mark, audit queue lowater mark, audit queue prod
1500 1504 * interval (ticks) relative to the current zone.
1501 1505 */
1502 1506 static void
1503 1507 do_getqctrl(void)
1504 1508 {
1505 1509 struct au_qctrl qctrl;
1506 1510
1507 1511 if (!temporary_set) {
1508 1512 if (!do_getqctrl_scf(&qctrl)) {
1509 1513 exit_error(gettext("Could not get configured values."));
1510 1514 }
1511 1515
1512 1516 if (qctrl.aq_hiwater == 0) {
1513 1517 (void) printf(gettext(
1514 1518 "no configured audit queue hiwater mark\n"));
1515 1519 } else {
1516 1520 (void) printf(gettext("configured audit queue "
1517 1521 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater);
1518 1522 }
1519 1523 if (qctrl.aq_lowater == 0) {
1520 1524 (void) printf(gettext(
1521 1525 "no configured audit queue lowater mark\n"));
1522 1526 } else {
1523 1527 (void) printf(gettext("configured audit queue "
1524 1528 "lowater mark (records) = %d\n"), qctrl.aq_lowater);
1525 1529 }
1526 1530 if (qctrl.aq_bufsz == 0) {
1527 1531 (void) printf(gettext(
1528 1532 "no configured audit queue buffer size\n"));
1529 1533 } else {
1530 1534 (void) printf(gettext("configured audit queue "
1531 1535 "buffer size (bytes) = %d\n"), qctrl.aq_bufsz);
1532 1536 }
1533 1537 if (qctrl.aq_delay == 0) {
1534 1538 (void) printf(gettext(
1535 1539 "no configured audit queue delay\n"));
1536 1540 } else {
1537 1541 (void) printf(gettext("configured audit queue "
1538 1542 "delay (ticks) = %ld\n"), qctrl.aq_delay);
1539 1543 }
1540 1544 }
1541 1545
1542 1546 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1543 1547 (void) printf(gettext("active audit queue hiwater mark "
1544 1548 "(records) = %d\n"), qctrl.aq_hiwater);
1545 1549 (void) printf(gettext("active audit queue lowater mark "
1546 1550 "(records) = %d\n"), qctrl.aq_lowater);
1547 1551 (void) printf(gettext("active audit queue buffer size (bytes) = %d\n"),
1548 1552 qctrl.aq_bufsz);
1549 1553 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1550 1554 qctrl.aq_delay);
1551 1555 }
1552 1556
1553 1557 /*
1554 1558 * do_getqdelay() - print, relative to the current zone, the configured and
1555 1559 * active interval at which audit queue is prodded to start output.
1556 1560 */
1557 1561 static void
1558 1562 do_getqdelay(void)
1559 1563 {
1560 1564 struct au_qctrl qctrl;
1561 1565
1562 1566 if (!temporary_set) {
1563 1567 if (!do_getqdelay_scf(&qctrl.aq_delay)) {
1564 1568 exit_error(gettext("Could not get configured value."));
1565 1569 }
1566 1570
1567 1571 if (qctrl.aq_delay == 0) {
1568 1572 (void) printf(gettext(
1569 1573 "no configured audit queue delay\n"));
1570 1574 } else {
1571 1575 (void) printf(gettext("configured audit queue "
1572 1576 "delay (ticks) = %ld\n"), qctrl.aq_delay);
1573 1577 }
1574 1578 }
1575 1579
1576 1580 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1577 1581 (void) printf(gettext("active audit queue delay (ticks) = %ld\n"),
1578 1582 qctrl.aq_delay);
1579 1583 }
1580 1584
1581 1585 /*
1582 1586 * do_getqhiwater() - print, relative to the current zone, the high water
1583 1587 * point in undelivered audit records when audit generation will block.
1584 1588 */
1585 1589 static void
1586 1590 do_getqhiwater(void)
1587 1591 {
1588 1592 struct au_qctrl qctrl;
1589 1593
1590 1594 if (!temporary_set) {
1591 1595 if (!do_getqhiwater_scf(&qctrl.aq_hiwater)) {
1592 1596 exit_error(gettext("Could not get configured value."));
1593 1597 }
1594 1598
1595 1599 if (qctrl.aq_hiwater == 0) {
1596 1600 (void) printf(gettext(
1597 1601 "no configured audit queue hiwater mark\n"));
1598 1602 } else {
1599 1603 (void) printf(gettext("configured audit queue "
1600 1604 "hiwater mark (records) = %d\n"), qctrl.aq_hiwater);
1601 1605 }
1602 1606 }
1603 1607
1604 1608 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1605 1609 (void) printf(gettext("active audit queue hiwater mark "
1606 1610 "(records) = %d\n"), qctrl.aq_hiwater);
1607 1611 }
1608 1612
1609 1613 /*
1610 1614 * do_getqlowater() - print, relative to the current zone, the low water point
1611 1615 * in undelivered audit records where blocked processes will resume.
1612 1616 */
1613 1617 static void
1614 1618 do_getqlowater(void)
1615 1619 {
1616 1620 struct au_qctrl qctrl;
1617 1621
1618 1622 if (!temporary_set) {
1619 1623 if (!do_getqlowater_scf(&qctrl.aq_lowater)) {
1620 1624 exit_error(gettext("Could not get configured value."));
1621 1625 }
1622 1626
1623 1627 if (qctrl.aq_lowater == 0) {
1624 1628 (void) printf(gettext(
1625 1629 "no configured audit queue lowater mark\n"));
1626 1630 } else {
1627 1631 (void) printf(gettext("configured audit queue "
1628 1632 "lowater mark (records) = %d\n"), qctrl.aq_lowater);
1629 1633 }
1630 1634 }
1631 1635
1632 1636 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
1633 1637 (void) printf(gettext("active audit queue lowater mark "
1634 1638 "(records) = %d\n"), qctrl.aq_lowater);
1635 1639 }
1636 1640
1637 1641 /*
1638 1642 * do_getasid() - print out the audit session-ID.
1639 1643 */
1640 1644 static void
1641 1645 do_getasid(void)
1642 1646 {
1643 1647 auditinfo_addr_t ai;
1644 1648
1645 1649 if (getaudit_addr(&ai, sizeof (ai))) {
1646 1650 exit_error(gettext("getaudit_addr(2) failed"));
1647 1651 }
1648 1652 print_asid(ai.ai_asid);
1649 1653 }
1650 1654
1651 1655 /*
1652 1656 * do_getstat() - the printed statistics are for the entire system unless
1653 1657 * AUDIT_PERZONE is set.
1654 1658 */
1655 1659 static void
1656 1660 do_getstat(void)
1657 1661 {
1658 1662 au_stat_t as;
1659 1663 int offset[12]; /* used to line the header up correctly */
1660 1664 char buf[512];
1661 1665
1662 1666 eauditon(A_GETSTAT, (caddr_t)&as, 0);
1663 1667 (void) sprintf(buf, "%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu %n%4lu "
1664 1668 "%n%4lu %n%4lu %n%4lu %n%4lu %n%4lu%n",
1665 1669 (ulong_t)as.as_generated, &(offset[0]),
1666 1670 (ulong_t)as.as_nonattrib, &(offset[1]),
1667 1671 (ulong_t)as.as_kernel, &(offset[2]),
1668 1672 (ulong_t)as.as_audit, &(offset[3]),
1669 1673 (ulong_t)as.as_auditctl, &(offset[4]),
1670 1674 (ulong_t)as.as_enqueue, &(offset[5]),
1671 1675 (ulong_t)as.as_written, &(offset[6]),
1672 1676 (ulong_t)as.as_wblocked, &(offset[7]),
1673 1677 (ulong_t)as.as_rblocked, &(offset[8]),
1674 1678 (ulong_t)as.as_dropped, &(offset[9]),
1675 1679 (ulong_t)as.as_totalsize / ONEK, &(offset[10]),
1676 1680 (ulong_t)as.as_memused / ONEK, &(offset[11]));
1677 1681
1678 1682 /*
1679 1683 * TRANSLATION_NOTE
1680 1684 * Print a properly aligned header.
1681 1685 */
1682 1686 (void) printf("%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s\n",
1683 1687 offset[0] - 1, gettext("gen"),
1684 1688 offset[1] - offset[0] -1, gettext("nona"),
1685 1689 offset[2] - offset[1] -1, gettext("kern"),
1686 1690 offset[3] - offset[2] -1, gettext("aud"),
1687 1691 offset[4] - offset[3] -1, gettext("ctl"),
1688 1692 offset[5] - offset[4] -1, gettext("enq"),
1689 1693 offset[6] - offset[5] -1, gettext("wrtn"),
1690 1694 offset[7] - offset[6] -1, gettext("wblk"),
1691 1695 offset[8] - offset[7] -1, gettext("rblk"),
1692 1696 offset[9] - offset[8] -1, gettext("drop"),
1693 1697 offset[10] - offset[9] -1, gettext("tot"),
1694 1698 offset[11] - offset[10], gettext("mem"));
1695 1699
1696 1700 (void) printf("%s\n", buf);
1697 1701 }
1698 1702
1699 1703 /*
1700 1704 * do_gettermid() - print audit terminal ID for current process.
1701 1705 */
1702 1706 static void
1703 1707 do_gettermid(void)
1704 1708 {
1705 1709 auditinfo_addr_t ai;
1706 1710
1707 1711 if (getaudit_addr(&ai, sizeof (ai))) {
1708 1712 exit_error(gettext("getaudit_addr(2) failed"));
1709 1713 }
1710 1714 print_tid_ex(&ai.ai_termid);
1711 1715 }
1712 1716
1713 1717 /*
1714 1718 * do_lsevent() - display the active kernel and user level audit event
1715 1719 * information. The printed events are for the global zone unless AUDIT_PERZONE
1716 1720 * is set.
1717 1721 */
1718 1722 static void
1719 1723 do_lsevent(void)
1720 1724 {
1721 1725 register au_event_ent_t *evp;
1722 1726 au_mask_t pmask;
1723 1727 char auflags[256];
1724 1728
1725 1729 setauevent();
1726 1730 if (getauevent() == NULL) {
1727 1731 exit_error(gettext("NO AUDIT EVENTS: Could not read %s\n."),
1728 1732 AUDITEVENTFILE);
1729 1733 }
1730 1734
1731 1735 setauevent();
1732 1736 while ((evp = getauevent()) != NULL) {
1733 1737 pmask.am_success = pmask.am_failure = evp->ae_class;
1734 1738 if (getauditflagschar(auflags, &pmask, 0) == -1)
1735 1739 (void) strcpy(auflags, "unknown");
1736 1740 (void) printf("%-30s %5hu %s %s\n",
1737 1741 evp->ae_name, evp->ae_number, auflags, evp->ae_desc);
1738 1742 }
1739 1743 endauevent();
1740 1744 }
1741 1745
1742 1746 /*
1743 1747 * do_lspolicy() - display the kernel audit policies with a description of each
1744 1748 * policy. The printed value is for the global zone unless AUDIT_PERZONE is set.
1745 1749 */
1746 1750 static void
1747 1751 do_lspolicy(void)
1748 1752 {
1749 1753 int i;
1750 1754
1751 1755 /*
1752 1756 * TRANSLATION_NOTE
1753 1757 * Print a properly aligned header.
1754 1758 */
1755 1759 (void) printf(gettext("policy string description:\n"));
1756 1760 for (i = 0; i < POLICY_TBL_SZ; i++) {
1757 1761 (void) printf("%-17s%s\n", policy_table[i].policy_str,
1758 1762 gettext(policy_table[i].policy_desc));
1759 1763 }
1760 1764 }
1761 1765
1762 1766 /*
1763 1767 * do_setasid() - execute shell or cmd with specified session-ID.
1764 1768 */
1765 1769 static void
1766 1770 do_setasid(char *sid_str, char **argv)
1767 1771 {
1768 1772 struct auditinfo_addr ai;
1769 1773
1770 1774 if (getaudit_addr(&ai, sizeof (ai))) {
1771 1775 exit_error(gettext("getaudit_addr(2) failed"));
1772 1776 }
1773 1777 ai.ai_asid = (au_asid_t)atol(sid_str);
1774 1778 if (setaudit_addr(&ai, sizeof (ai))) {
1775 1779 exit_error(gettext("setaudit_addr(2) failed"));
1776 1780 }
1777 1781 execit(argv);
1778 1782 }
1779 1783
1780 1784 /*
1781 1785 * do_setaudit() - execute shell or cmd with specified audit characteristics.
1782 1786 */
1783 1787 static void
1784 1788 do_setaudit(char *user_str, char *mask_str, char *tid_str, char *sid_str,
1785 1789 char **argv)
1786 1790 {
1787 1791 auditinfo_addr_t ai;
1788 1792
1789 1793 ai.ai_auid = (au_id_t)get_user_id(user_str);
1790 1794 egetauditflagsbin(mask_str, &ai.ai_mask),
1791 1795 str2tid(tid_str, &ai.ai_termid);
1792 1796 ai.ai_asid = (au_asid_t)atol(sid_str);
1793 1797
1794 1798 esetaudit(&ai, sizeof (ai));
1795 1799 execit(argv);
1796 1800 }
1797 1801
1798 1802 /*
1799 1803 * do_setauid() - execute shell or cmd with specified audit-ID.
1800 1804 */
1801 1805 static void
1802 1806 do_setauid(char *user, char **argv)
1803 1807 {
1804 1808 au_id_t auid;
1805 1809
1806 1810 auid = get_user_id(user);
1807 1811 esetauid(&auid);
1808 1812 execit(argv);
1809 1813 }
1810 1814
1811 1815 /*
1812 1816 * do_setpmask() - set the preselection mask of the specified process; valid
1813 1817 * per zone if AUDIT_PERZONE is set, else only in global zone.
1814 1818 */
1815 1819 static void
1816 1820 do_setpmask(char *pid_str, au_mask_t *mask)
1817 1821 {
1818 1822 struct auditpinfo ap;
1819 1823
1820 1824 if (strisnum(pid_str)) {
1821 1825 ap.ap_pid = (pid_t)atoi(pid_str);
1822 1826 } else {
1823 1827 exit_usage(1);
1824 1828 }
1825 1829
1826 1830 ap.ap_mask.am_success = mask->am_success;
1827 1831 ap.ap_mask.am_failure = mask->am_failure;
1828 1832
1829 1833 eauditon(A_SETPMASK, (caddr_t)&ap, sizeof (ap));
1830 1834 }
1831 1835
1832 1836 /*
1833 1837 * do_setsmask() - set the preselection mask of all processes with the specified
1834 1838 * audit session-ID; valid per zone if AUDIT_PERZONE is set, else only in global
1835 1839 * zone.
1836 1840 */
1837 1841 static void
1838 1842 do_setsmask(char *asid_str, au_mask_t *mask)
1839 1843 {
1840 1844 struct auditinfo ainfo;
1841 1845
1842 1846 if (strisnum(asid_str)) {
1843 1847 ainfo.ai_asid = (au_asid_t)atoi(asid_str);
1844 1848 } else {
1845 1849 exit_usage(1);
1846 1850 }
1847 1851
1848 1852 ainfo.ai_mask.am_success = mask->am_success;
1849 1853 ainfo.ai_mask.am_failure = mask->am_failure;
1850 1854
1851 1855 eauditon(A_SETSMASK, (caddr_t)&ainfo, sizeof (ainfo));
1852 1856 }
1853 1857
1854 1858 /*
1855 1859 * do_setumask() - set the preselection mask of all processes with the
1856 1860 * specified audit-ID; valid per zone if AUDIT_PERZONE is set, else only in
1857 1861 * global zone.
1858 1862 */
1859 1863 static void
1860 1864 do_setumask(char *auid_str, au_mask_t *mask)
1861 1865 {
1862 1866 struct auditinfo ainfo;
1863 1867
1864 1868 if (strisnum(auid_str)) {
1865 1869 ainfo.ai_auid = (au_id_t)atoi(auid_str);
1866 1870 } else {
1867 1871 exit_usage(1);
1868 1872 }
1869 1873
1870 1874 ainfo.ai_mask.am_success = mask->am_success;
1871 1875 ainfo.ai_mask.am_failure = mask->am_failure;
1872 1876
1873 1877 eauditon(A_SETUMASK, (caddr_t)&ainfo, sizeof (ainfo));
1874 1878 }
1875 1879
1876 1880 /*
1877 1881 * do_setstat() - reset audit statistics counters; local zone use is valid if
1878 1882 * AUDIT_PERZONE is set, otherwise the syscall returns EPERM.
1879 1883 */
1880 1884 static void
1881 1885 do_setstat(void)
1882 1886 {
1883 1887 au_stat_t as;
1884 1888
1885 1889 as.as_audit = (uint_t)-1;
1886 1890 as.as_auditctl = (uint_t)-1;
1887 1891 as.as_dropped = (uint_t)-1;
1888 1892 as.as_enqueue = (uint_t)-1;
1889 1893 as.as_generated = (uint_t)-1;
1890 1894 as.as_kernel = (uint_t)-1;
1891 1895 as.as_nonattrib = (uint_t)-1;
1892 1896 as.as_rblocked = (uint_t)-1;
1893 1897 as.as_totalsize = (uint_t)-1;
1894 1898 as.as_wblocked = (uint_t)-1;
1895 1899 as.as_written = (uint_t)-1;
1896 1900
1897 1901 eauditon(A_SETSTAT, (caddr_t)&as, sizeof (as));
1898 1902 (void) printf("%s\n", gettext("audit stats reset"));
1899 1903 }
1900 1904
1901 1905 /*
1902 1906 * do_setclass() - map the kernel event event_str to the classes specified by
1903 1907 * audit flags (mask); valid per zone if AUDIT_PERZONE is set, else only in
1904 1908 * global zone.
1905 1909 */
1906 1910 static void
1907 1911 do_setclass(char *event_str, au_mask_t *mask)
1908 1912 {
1909 1913 au_event_t event;
1910 1914 au_evclass_map_t ec;
1911 1915 au_event_ent_t *evp;
1912 1916
1913 1917 if (strisnum(event_str)) {
1914 1918 event = (uint_t)atol(event_str);
1915 1919 } else {
1916 1920 if ((evp = egetauevnam(event_str)) != NULL) {
1917 1921 event = evp->ae_number;
1918 1922 }
1919 1923 }
1920 1924
1921 1925 ec.ec_number = event;
1922 1926 ec.ec_class = (mask->am_success | mask->am_failure);
1923 1927
1924 1928 eauditon(A_SETCLASS, (caddr_t)&ec, sizeof (ec));
1925 1929 }
1926 1930
1927 1931 /*
1928 1932 * do_setflags() - set configured and active default user preselection masks;
1929 1933 * valid per zone if AUDIT_PERZONE is set, else only in global zone.
1930 1934 */
1931 1935 static void
1932 1936 do_setflags(char *audit_flags, au_mask_t *amask)
1933 1937 {
1934 1938 eauditon(A_SETAMASK, (caddr_t)amask, sizeof (*amask));
1935 1939
1936 1940 if (!do_setflags_scf(audit_flags)) {
1937 1941 print_mask(gettext("active user default audit flags"), amask);
1938 1942 exit_error(gettext("Could not store configuration value."));
1939 1943 }
1940 1944 print_mask(gettext("user default audit flags"), amask);
1941 1945 }
1942 1946
1943 1947 /*
1944 1948 * do_setkmask() - set non-attributable audit flags of machine; valid per zone
1945 1949 * if AUDIT_PERZONE is set, else only in global zone.
1946 1950 */
1947 1951 static void
1948 1952 do_setkmask(au_mask_t *pmask)
1949 1953 {
1950 1954 eauditon(A_SETKMASK, (caddr_t)pmask, sizeof (*pmask));
1951 1955 print_mask(gettext("active non-attributable audit flags"), pmask);
1952 1956 }
1953 1957
1954 1958 /*
1955 1959 * do_setnaflags() - set configured and active non-attributable selection flags
1956 1960 * of machine; valid per zone if AUDIT_PERZONE is set, else only in global zone.
1957 1961 */
1958 1962 static void
1959 1963 do_setnaflags(char *audit_naflags, au_mask_t *namask)
1960 1964 {
1961 1965 eauditon(A_SETKMASK, (caddr_t)namask, sizeof (*namask));
1962 1966
1963 1967 if (!do_setnaflags_scf(audit_naflags)) {
1964 1968 print_mask(
1965 1969 gettext("active non-attributable audit flags"), namask);
1966 1970 exit_error(gettext("Could not store configuration value."));
1967 1971 }
1968 1972 print_mask(gettext("non-attributable audit flags"), namask);
1969 1973 }
1970 1974
1971 1975 /*
1972 1976 * do_setplugin() - set the given plugin plugin_str configuration values.
1973 1977 */
1974 1978 static void
1975 1979 do_setplugin(char *plugin_str, boolean_t plugin_state, char *plugin_attr,
1976 1980 int plugin_qsize)
1977 1981 {
1978 1982 if (!do_setpluginconfig_scf(plugin_str, plugin_state, plugin_attr,
1979 1983 plugin_qsize)) {
1980 1984 exit_error(gettext("Could not set plugin configuration."));
1981 1985 }
1982 1986 }
1983 1987
1984 1988 /*
1985 1989 * do_setpolicy() - set the active and configured kernel audit policy; active
1986 1990 * values can be changed per zone if AUDIT_PERZONE is set, else only in global
1987 1991 * zone.
1988 1992 *
1989 1993 * ahlt and perzone are global zone only. The kernel ensures that a local zone
1990 1994 * can't change ahlt and perzone (EINVAL).
1991 1995 */
1992 1996 static void
1993 1997 do_setpolicy(char *policy_str)
1994 1998 {
1995 1999 uint32_t policy = 0;
1996 2000
1997 2001 switch (str2policy(policy_str, &policy)) {
1998 2002 case 0:
1999 2003 if (!temporary_set) {
2000 2004 if (!do_getpolicy_scf(&policy)) {
2001 2005 exit_error(gettext("Unable to get current "
2002 2006 "policy values from the SMF repository"));
2003 2007 }
2004 2008 (void) str2policy(policy_str, &policy);
2005 2009
2006 2010 if (!do_setpolicy_scf(policy)) {
2007 2011 exit_error(gettext("Could not store "
2008 2012 "configuration values."));
2009 2013 }
2010 2014 }
2011 2015 eauditon(A_SETPOLICY, (caddr_t)&policy, 0);
2012 2016 break;
2013 2017 case 2:
2014 2018 exit_error(gettext("policy (%s) invalid in a local zone."),
2015 2019 policy_str);
2016 2020 break;
2017 2021 default:
2018 2022 exit_error(gettext("Invalid policy (%s) specified."),
2019 2023 policy_str);
2020 2024 break;
2021 2025 }
2022 2026 }
2023 2027
2024 2028 /*
2025 2029 * do_setqbufsz() - set the active and configured audit queue write buffer size
2026 2030 * (bytes); active values can be changed per zone if AUDIT_PERZONE is set, else
2027 2031 * only in global zone.
2028 2032 */
2029 2033 static void
2030 2034 do_setqbufsz(char *bufsz)
2031 2035 {
2032 2036 struct au_qctrl qctrl;
2033 2037
2034 2038 if (!temporary_set) {
2035 2039 qctrl.aq_bufsz = (size_t)atol(bufsz);
2036 2040 if (!do_setqbufsz_scf(&qctrl.aq_bufsz)) {
2037 2041 exit_error(gettext(
2038 2042 "Could not store configuration value."));
2039 2043 }
2040 2044 if (qctrl.aq_bufsz == 0) {
2041 2045 return;
2042 2046 }
2043 2047 }
2044 2048
2045 2049 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2046 2050 qctrl.aq_bufsz = (size_t)atol(bufsz);
2047 2051 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2048 2052 }
2049 2053
2050 2054 /*
2051 2055 * do_setqctrl() - set the active and configured audit queue write buffer size
2052 2056 * (bytes), hiwater audit record count, lowater audit record count, and wakeup
2053 2057 * interval (ticks); active values can be changed per zone if AUDIT_PERZONE is
2054 2058 * set, else only in global zone.
2055 2059 */
2056 2060 static void
2057 2061 do_setqctrl(char *hiwater, char *lowater, char *bufsz, char *delay)
2058 2062 {
2059 2063 struct au_qctrl qctrl;
2060 2064
2061 2065 qctrl.aq_hiwater = (size_t)atol(hiwater);
2062 2066 qctrl.aq_lowater = (size_t)atol(lowater);
2063 2067 qctrl.aq_bufsz = (size_t)atol(bufsz);
2064 2068 qctrl.aq_delay = (clock_t)atol(delay);
2065 2069
2066 2070 if (!temporary_set) {
2067 2071 struct au_qctrl qctrl_act;
2068 2072
2069 2073 if (!do_setqctrl_scf(&qctrl)) {
2070 2074 exit_error(gettext(
2071 2075 "Could not store configuration values."));
2072 2076 }
2073 2077
2074 2078 eauditon(A_GETQCTRL, (caddr_t)&qctrl_act, 0);
2075 2079 if (qctrl.aq_hiwater == 0) {
2076 2080 qctrl.aq_hiwater = qctrl_act.aq_hiwater;
2077 2081 }
2078 2082 if (qctrl.aq_lowater == 0) {
2079 2083 qctrl.aq_lowater = qctrl_act.aq_lowater;
2080 2084 }
2081 2085 if (qctrl.aq_bufsz == 0) {
2082 2086 qctrl.aq_bufsz = qctrl_act.aq_bufsz;
2083 2087 }
2084 2088 if (qctrl.aq_delay == 0) {
2085 2089 qctrl.aq_delay = qctrl_act.aq_delay;
2086 2090 }
2087 2091 }
2088 2092
2089 2093 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2090 2094 }
2091 2095
2092 2096 /*
2093 2097 * do_setqdelay() - set the active and configured audit queue wakeup interval
2094 2098 * (ticks); active values can be changed per zone if AUDIT_PERZONE is set, else
2095 2099 * only in global zone.
2096 2100 */
2097 2101 static void
2098 2102 do_setqdelay(char *delay)
2099 2103 {
2100 2104 struct au_qctrl qctrl;
2101 2105
2102 2106 if (!temporary_set) {
2103 2107 qctrl.aq_delay = (clock_t)atol(delay);
2104 2108 if (!do_setqdelay_scf(&qctrl.aq_delay)) {
2105 2109 exit_error(gettext(
2106 2110 "Could not store configuration value."));
2107 2111 }
2108 2112 if (qctrl.aq_delay == 0) {
2109 2113 return;
2110 2114 }
2111 2115 }
2112 2116
2113 2117 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2114 2118 qctrl.aq_delay = (clock_t)atol(delay);
2115 2119 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2116 2120 }
2117 2121
2118 2122 /*
2119 2123 * do_setqhiwater() - sets the active and configured number of undelivered audit
2120 2124 * records in the audit queue at which audit record generation blocks; active
2121 2125 * values can be changed per zone if AUDIT_PERZONE is set, else only in global
2122 2126 * zone.
2123 2127 */
2124 2128 static void
2125 2129 do_setqhiwater(char *hiwater)
2126 2130 {
2127 2131 struct au_qctrl qctrl;
2128 2132
2129 2133 if (!temporary_set) {
2130 2134 qctrl.aq_hiwater = (size_t)atol(hiwater);
2131 2135 if (!do_setqhiwater_scf(&qctrl.aq_hiwater)) {
2132 2136 exit_error(gettext(
2133 2137 "Could not store configuration value."));
2134 2138 }
2135 2139 if (qctrl.aq_hiwater == 0) {
2136 2140 return;
2137 2141 }
2138 2142 }
2139 2143
2140 2144 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2141 2145 qctrl.aq_hiwater = (size_t)atol(hiwater);
2142 2146 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2143 2147 }
2144 2148
2145 2149 /*
2146 2150 * do_setqlowater() - set the active and configured number of undelivered audit
2147 2151 * records in the audit queue at which blocked auditing processes unblock;
2148 2152 * active values can be changed per zone if AUDIT_PERZONE is set, else only in
2149 2153 * global zone.
2150 2154 */
2151 2155 static void
2152 2156 do_setqlowater(char *lowater)
2153 2157 {
2154 2158 struct au_qctrl qctrl;
2155 2159
2156 2160 if (!temporary_set) {
2157 2161 qctrl.aq_lowater = (size_t)atol(lowater);
2158 2162 if (!do_setqlowater_scf(&qctrl.aq_lowater)) {
2159 2163 exit_error(gettext(
2160 2164 "Could not store configuration value."));
2161 2165 }
2162 2166 if (qctrl.aq_lowater == 0) {
2163 2167 return;
2164 2168 }
2165 2169 }
2166 2170
2167 2171 eauditon(A_GETQCTRL, (caddr_t)&qctrl, 0);
2168 2172 qctrl.aq_lowater = (size_t)atol(lowater);
2169 2173 eauditon(A_SETQCTRL, (caddr_t)&qctrl, 0);
2170 2174 }
2171 2175
2172 2176 static void
2173 2177 eauditon(int cmd, caddr_t data, int length)
2174 2178 {
2175 2179 if (auditon(cmd, data, length) == -1)
2176 2180 exit_error(gettext("auditon(2) failed."));
2177 2181 }
2178 2182
2179 2183 static void
2180 2184 egetauid(au_id_t *auid)
2181 2185 {
2182 2186 if (getauid(auid) == -1)
2183 2187 exit_error(gettext("getauid(2) failed."));
2184 2188 }
2185 2189
2186 2190 static void
2187 2191 egetaudit(auditinfo_addr_t *ai, int size)
2188 2192 {
2189 2193 if (getaudit_addr(ai, size) == -1)
2190 2194 exit_error(gettext("getaudit_addr(2) failed."));
2191 2195 }
2192 2196
2193 2197 static void
2194 2198 egetkaudit(auditinfo_addr_t *ai, int size)
2195 2199 {
2196 2200 if (auditon(A_GETKAUDIT, (char *)ai, size) < 0)
2197 2201 exit_error(gettext("auditon: A_GETKAUDIT failed."));
2198 2202 }
2199 2203
2200 2204 static void
2201 2205 esetkaudit(auditinfo_addr_t *ai, int size)
2202 2206 {
2203 2207 if (auditon(A_SETKAUDIT, (char *)ai, size) < 0)
2204 2208 exit_error(gettext("auditon: A_SETKAUDIT failed."));
2205 2209 }
2206 2210
2207 2211 static void
2208 2212 egetauditflagsbin(char *auditflags, au_mask_t *pmask)
2209 2213 {
2210 2214 if (strcmp(auditflags, "none") == 0) {
2211 2215 pmask->am_success = pmask->am_failure = 0;
2212 2216 return;
2213 2217 }
2214 2218
2215 2219 if (getauditflagsbin(auditflags, pmask) < 0) {
2216 2220 exit_error(gettext("Could not get audit flags (%s)"),
2217 2221 auditflags);
2218 2222 }
2219 2223 }
2220 2224
2221 2225 static void
2222 2226 echkflags(char *auditflags, au_mask_t *mask)
2223 2227 {
2224 2228 char *err = "";
2225 2229 char *err_ptr;
2226 2230
2227 2231 if (!__chkflags(auditflags, mask, B_FALSE, &err)) {
2228 2232 err_ptr = err;
2229 2233 while (*err_ptr != ',' && *err_ptr != '\0') {
2230 2234 err_ptr++;
2231 2235 }
2232 2236 *err_ptr = '\0';
2233 2237 exit_error(gettext("Unknown audit flags and/or prefixes "
2234 2238 "encountered: %s"), err);
2235 2239 }
2236 2240 }
2237 2241
2238 2242 static au_event_ent_t *
2239 2243 egetauevnum(au_event_t event_number)
2240 2244 {
2241 2245 au_event_ent_t *evp;
2242 2246
2243 2247 if ((evp = getauevnum(event_number)) == NULL) {
2244 2248 exit_error(gettext("Could not get audit event %hu"),
2245 2249 event_number);
2246 2250 }
2247 2251
2248 2252 return (evp);
2249 2253 }
2250 2254
2251 2255 static au_event_ent_t *
2252 2256 egetauevnam(char *event_name)
2253 2257 {
2254 2258 register au_event_ent_t *evp;
2255 2259
2256 2260 if ((evp = getauevnam(event_name)) == NULL)
2257 2261 exit_error(gettext("Could not get audit event %s"), event_name);
2258 2262
2259 2263 return (evp);
2260 2264 }
2261 2265
2262 2266 static void
2263 2267 esetauid(au_id_t *auid)
2264 2268 {
2265 2269 if (setauid(auid) == -1)
2266 2270 exit_error(gettext("setauid(2) failed."));
2267 2271 }
2268 2272
2269 2273 static void
2270 2274 esetaudit(auditinfo_addr_t *ai, int size)
2271 2275 {
2272 2276 if (setaudit_addr(ai, size) == -1)
2273 2277 exit_error(gettext("setaudit_addr(2) failed."));
2274 2278 }
2275 2279
2276 2280 static uid_t
2277 2281 get_user_id(char *user)
2278 2282 {
2279 2283 struct passwd *pwd;
2280 2284 uid_t uid;
2281 2285
2282 2286 if (isdigit(*user)) {
2283 2287 uid = atoi(user);
2284 2288 if ((pwd = getpwuid(uid)) == NULL) {
2285 2289 exit_error(gettext("Invalid user: %s"), user);
2286 2290 }
2287 2291 } else {
2288 2292 if ((pwd = getpwnam(user)) == NULL) {
2289 2293 exit_error(gettext("Invalid user: %s"), user);
2290 2294 }
2291 2295 }
2292 2296
2293 2297 return (pwd->pw_uid);
2294 2298 }
2295 2299
2296 2300 /*
2297 2301 * get_arg_ent()
2298 2302 * Inputs: command line argument string
2299 2303 * Returns ptr to struct arg_entry if found; null, if not found
2300 2304 */
2301 2305 static arg_entry_t *
2302 2306 get_arg_ent(char *arg_str)
2303 2307 {
2304 2308 arg_entry_t key;
2305 2309
2306 2310 key.arg_str = arg_str;
2307 2311
2308 2312 return ((arg_entry_t *)bsearch((char *)&key, (char *)arg_table,
2309 2313 ARG_TBL_SZ, sizeof (arg_entry_t), arg_ent_compare));
2310 2314 }
2311 2315
2312 2316 /*
2313 2317 * arg_ent_compare()
2314 2318 * Compares two command line arguments to determine which is
2315 2319 * lexicographically greater.
2316 2320 * Inputs: two argument map table entry pointers
2317 2321 * Returns: > 1: aep1->arg_str > aep2->arg_str
2318 2322 * < 1: aep1->arg_str < aep2->arg_str
2319 2323 * 0: aep1->arg_str = aep->arg_str2
2320 2324 */
2321 2325 static int
2322 2326 arg_ent_compare(const void *aep1, const void *aep2)
2323 2327 {
2324 2328 return (strcmp(((arg_entry_t *)aep1)->arg_str,
2325 2329 ((arg_entry_t *)aep2)->arg_str));
2326 2330 }
2327 2331
2328 2332 /*
2329 2333 * tid_str is major,minor,host -- host is a name or an ip address
2330 2334 */
2331 2335 static void
2332 2336 str2tid(char *tid_str, au_tid_addr_t *tp)
2333 2337 {
2334 2338 char *major_str;
2335 2339 char *minor_str;
2336 2340 char *host_str = NULL;
2337 2341 major_t major = 0;
2338 2342 major_t minor = 0;
2339 2343 dev_t dev = 0;
2340 2344 struct hostent *phe;
2341 2345 int err;
2342 2346 uint32_t ibuf;
2343 2347 uint32_t ibuf6[4];
2344 2348
2345 2349 tp->at_port = 0;
2346 2350 tp->at_type = 0;
2347 2351 bzero(tp->at_addr, 16);
2348 2352
2349 2353 major_str = tid_str;
2350 2354 if ((minor_str = strchr(tid_str, ',')) != NULL) {
2351 2355 *minor_str = '\0';
2352 2356 minor_str++;
2353 2357 }
2354 2358
2355 2359 if (minor_str) {
2356 2360 if ((host_str = strchr(minor_str, ',')) != NULL) {
2357 2361 *host_str = '\0';
2358 2362 host_str++;
2359 2363 }
2360 2364 }
2361 2365
2362 2366 if (major_str)
2363 2367 major = (major_t)atoi(major_str);
2364 2368
2365 2369 if (minor_str)
2366 2370 minor = (minor_t)atoi(minor_str);
2367 2371
2368 2372 if ((dev = makedev(major, minor)) != NODEV)
2369 2373 tp->at_port = dev;
2370 2374
2371 2375 if (host_str) {
2372 2376 if (strisipaddr(host_str)) {
2373 2377 if (inet_pton(AF_INET, host_str, &ibuf)) {
2374 2378 tp->at_addr[0] = ibuf;
2375 2379 tp->at_type = AU_IPv4;
2376 2380 } else if (inet_pton(AF_INET6, host_str, ibuf6)) {
2377 2381 tp->at_addr[0] = ibuf6[0];
2378 2382 tp->at_addr[1] = ibuf6[1];
2379 2383 tp->at_addr[2] = ibuf6[2];
2380 2384 tp->at_addr[3] = ibuf6[3];
2381 2385 tp->at_type = AU_IPv6;
2382 2386 }
2383 2387 } else {
2384 2388 phe = getipnodebyname((const void *)host_str,
2385 2389 AF_INET, 0, &err);
2386 2390 if (phe == 0) {
2387 2391 phe = getipnodebyname((const void *)host_str,
2388 2392 AF_INET6, 0, &err);
2389 2393 }
2390 2394
2391 2395 if (phe != NULL) {
2392 2396 if (phe->h_addrtype == AF_INET6) {
2393 2397 /* address is IPv6 (128 bits) */
2394 2398 (void) memcpy(&tp->at_addr[0],
2395 2399 phe->h_addr_list[0], 16);
2396 2400 tp->at_type = AU_IPv6;
2397 2401 } else {
2398 2402 /* address is IPv4 (32 bits) */
2399 2403 (void) memcpy(&tp->at_addr[0],
2400 2404 phe->h_addr_list[0], 4);
2401 2405 tp->at_type = AU_IPv4;
2402 2406 }
2403 2407 freehostent(phe);
2404 2408 }
2405 2409 }
2406 2410 }
2407 2411 }
2408 2412
2409 2413 static char *
2410 2414 cond2str(void)
2411 2415 {
2412 2416 uint_t cond;
2413 2417
2414 2418 eauditon(A_GETCOND, (caddr_t)&cond, sizeof (cond));
2415 2419
2416 2420 switch (cond) {
2417 2421
2418 2422 case AUC_AUDITING:
2419 2423 return ("auditing");
2420 2424
2421 2425 case AUC_NOAUDIT:
2422 2426 case AUC_INIT_AUDIT:
2423 2427 return ("noaudit");
2424 2428
2425 2429 case AUC_UNSET:
2426 2430 return ("unset");
2427 2431
2428 2432 case AUC_NOSPACE:
2429 2433 return ("nospace");
2430 2434
2431 2435 default:
2432 2436 return ("");
2433 2437 }
2434 2438 }
2435 2439
2436 2440 /*
2437 2441 * exit = 0, success
2438 2442 * 1, error
2439 2443 * 2, bad zone
2440 2444 */
2441 2445 static int
2442 2446 str2policy(char *policy_str, uint32_t *policy_mask)
2443 2447 {
2444 2448 char *buf;
2445 2449 char *tok;
2446 2450 char pfix;
2447 2451 boolean_t is_all = B_FALSE;
2448 2452 uint32_t pm = 0;
2449 2453 uint32_t curp;
2450 2454
2451 2455 pfix = *policy_str;
2452 2456
2453 2457 if (pfix == '-' || pfix == '+' || pfix == '=')
2454 2458 ++policy_str;
2455 2459
2456 2460 if ((buf = strdup(policy_str)) == NULL)
2457 2461 return (1);
2458 2462
2459 2463 for (tok = strtok(buf, ","); tok != NULL; tok = strtok(NULL, ",")) {
2460 2464 uint32_t tok_pm;
2461 2465 if (((tok_pm = get_policy(tok)) == 0) &&
2462 2466 ((strcasecmp(tok, "none") != 0))) {
2463 2467 free(buf);
2464 2468 return (1);
2465 2469 } else {
2466 2470 pm |= tok_pm;
2467 2471 if (tok_pm == ALL_POLICIES) {
2468 2472 is_all = B_TRUE;
2469 2473 }
2470 2474 }
2471 2475 }
2472 2476 free(buf);
2473 2477
2474 2478 /* reuse policy mask if already set to some value */
2475 2479 if (*policy_mask != 0) {
2476 2480 curp = *policy_mask;
2477 2481 } else {
2478 2482 (void) auditon(A_GETPOLICY, (caddr_t)&curp, 0);
2479 2483 }
2480 2484
2481 2485 if (pfix == '-') {
2482 2486 if (!is_all &&
2483 2487 (getzoneid() != GLOBAL_ZONEID) &&
2484 2488 (pm & ~AUDIT_LOCAL)) {
2485 2489 return (2);
2486 2490 }
2487 2491
2488 2492 if (getzoneid() != GLOBAL_ZONEID)
2489 2493 curp &= AUDIT_LOCAL;
2490 2494 *policy_mask = curp & ~pm;
2491 2495
2492 2496 } else if (pfix == '+') {
2493 2497 /*
2494 2498 * In a local zone, accept specifying "all", but not
2495 2499 * individually specifying global-zone only policies.
2496 2500 * Limit to all locally allowed, so system call doesn't
2497 2501 * fail.
2498 2502 */
2499 2503 if (!is_all &&
2500 2504 (getzoneid() != GLOBAL_ZONEID) &&
2501 2505 (pm & ~AUDIT_LOCAL)) {
2502 2506 return (2);
2503 2507 }
2504 2508
2505 2509 if (getzoneid() != GLOBAL_ZONEID) {
2506 2510 curp &= AUDIT_LOCAL;
2507 2511 if (is_all) {
2508 2512 pm &= AUDIT_LOCAL;
2509 2513 }
2510 2514 }
2511 2515 *policy_mask = curp | pm;
2512 2516
2513 2517 } else {
2514 2518 /*
2515 2519 * In a local zone, accept specifying "all", but not
2516 2520 * individually specifying global-zone only policies.
2517 2521 * Limit to all locally allowed, so system call doesn't
2518 2522 * fail.
2519 2523 */
2520 2524 if (!is_all &&
2521 2525 (getzoneid() != GLOBAL_ZONEID) &&
2522 2526 (pm & ~AUDIT_LOCAL)) {
2523 2527 return (2);
2524 2528 }
2525 2529
2526 2530 if (is_all && (getzoneid() != GLOBAL_ZONEID)) {
2527 2531 pm &= AUDIT_LOCAL;
2528 2532 }
2529 2533 *policy_mask = pm;
2530 2534 }
2531 2535 return (0);
2532 2536 }
2533 2537
2534 2538 static int
2535 2539 policy2str(uint32_t policy, char *policy_str, size_t len)
2536 2540 {
2537 2541 int i, j;
2538 2542
2539 2543 if (policy == ALL_POLICIES) {
2540 2544 (void) strcpy(policy_str, "all");
2541 2545 return (1);
2542 2546 }
2543 2547
2544 2548 if (policy == NO_POLICIES) {
2545 2549 (void) strcpy(policy_str, "none");
2546 2550 return (1);
2547 2551 }
2548 2552
2549 2553 *policy_str = '\0';
2550 2554
2551 2555 for (i = 0, j = 0; i < POLICY_TBL_SZ; i++) {
2552 2556 if (policy & policy_table[i].policy_mask &&
2553 2557 policy_table[i].policy_mask != ALL_POLICIES) {
2554 2558 if (j++) {
2555 2559 (void) strcat(policy_str, ",");
2556 2560 }
2557 2561 (void) strlcat(policy_str, policy_table[i].policy_str,
2558 2562 len);
2559 2563 }
2560 2564 }
2561 2565
2562 2566 if (*policy_str)
2563 2567 return (0);
2564 2568
|
↓ open down ↓ |
2529 lines elided |
↑ open up ↑ |
2565 2569 return (1);
2566 2570 }
2567 2571
2568 2572
2569 2573 static int
2570 2574 strisnum(char *s)
2571 2575 {
2572 2576 if (s == NULL || !*s)
2573 2577 return (0);
2574 2578
2575 - for (; *s == '-' || *s == '+'; s++)
2579 + for (; *s == '-' || *s == '+'; s++) {
2580 + if (!*s)
2581 + return (0);
2582 + }
2576 2583
2577 - if (!*s)
2578 - return (0);
2579 -
2580 - for (; *s; s++)
2584 + for (; *s; s++) {
2581 2585 if (!isdigit(*s))
2582 2586 return (0);
2587 + }
2583 2588
2584 2589 return (1);
2585 2590 }
2586 2591
2587 2592 static int
2588 2593 strisipaddr(char *s)
2589 2594 {
2590 2595 int dot = 0;
2591 2596 int colon = 0;
2592 2597
2593 2598 /* no string */
2594 2599 if ((s == NULL) || (!*s))
2595 2600 return (0);
2596 2601
2597 2602 for (; *s; s++) {
2598 2603 if (!(isxdigit(*s) || *s != '.' || *s != ':'))
2599 2604 return (0);
2600 2605 if (*s == '.')
2601 2606 dot++;
2602 2607 if (*s == ':')
2603 2608 colon++;
2604 2609 }
2605 2610
2606 2611 if (dot && colon)
2607 2612 return (0);
2608 2613
2609 2614 if (!dot && !colon)
2610 2615 return (0);
2611 2616
2612 2617 return (1);
2613 2618 }
2614 2619
2615 2620 static void
2616 2621 chk_arg_len(char *argv, uint_t len)
2617 2622 {
2618 2623 if ((strlen(argv) + 1) > len) {
2619 2624 *(argv + len - 1) = '\0';
2620 2625 exit_error(gettext("Argument too long (%s..)."), argv);
2621 2626 }
2622 2627 }
2623 2628
2624 2629 static void
2625 2630 chk_event_num(int etype, au_event_t event)
2626 2631 {
2627 2632 au_stat_t as;
2628 2633
2629 2634 eauditon(A_GETSTAT, (caddr_t)&as, 0);
2630 2635
2631 2636 if (etype == AC_KERN_EVENT) {
2632 2637 if (event > as.as_numevent) {
2633 2638 exit_error(gettext(
2634 2639 "Invalid kernel audit event number specified.\n"
2635 2640 "\t%hu is outside allowable range 0-%d."),
2636 2641 event, as.as_numevent);
2637 2642 }
2638 2643 } else {
2639 2644 /* user event */
2640 2645 if (event <= as.as_numevent) {
2641 2646 exit_error(gettext("Invalid user level audit event "
2642 2647 "number specified %hu."), event);
2643 2648 }
2644 2649 }
2645 2650 }
2646 2651
2647 2652 static void
2648 2653 chk_event_str(int etype, char *event_str)
2649 2654 {
2650 2655 au_event_ent_t *evp;
2651 2656 au_stat_t as;
2652 2657
2653 2658 eauditon(A_GETSTAT, (caddr_t)&as, 0);
2654 2659
2655 2660 evp = egetauevnam(event_str);
2656 2661 if (etype == AC_KERN_EVENT && (evp->ae_number > as.as_numevent)) {
2657 2662 exit_error(gettext(
2658 2663 "Invalid kernel audit event string specified.\n"
2659 2664 "\t\"%s\" appears to be a user level event. "
2660 2665 "Check configuration."), event_str);
2661 2666 } else if (etype == AC_USER_EVENT &&
2662 2667 (evp->ae_number < as.as_numevent)) {
2663 2668 exit_error(gettext(
2664 2669 "Invalid user audit event string specified.\n"
2665 2670 "\t\"%s\" appears to be a kernel event. "
2666 2671 "Check configuration."), event_str);
2667 2672 }
2668 2673 }
2669 2674
2670 2675 static void
2671 2676 chk_known_plugin(char *plugin_str)
2672 2677 {
2673 2678 if ((strlen(plugin_str) + 1) > PLUGIN_MAXBUF) {
2674 2679 exit_error(gettext("Plugin name too long.\n"));
2675 2680 }
2676 2681
2677 2682 if (!plugin_avail_scf(plugin_str)) {
2678 2683 exit_error(gettext("No such plugin configured: %s"),
2679 2684 plugin_str);
2680 2685 }
2681 2686 }
2682 2687
2683 2688 static void
2684 2689 chk_sorf(char *sorf_str)
2685 2690 {
2686 2691 if (!strisnum(sorf_str))
2687 2692 exit_error(gettext("Invalid sorf specified: %s"), sorf_str);
2688 2693 }
2689 2694
2690 2695 static void
2691 2696 chk_retval(char *retval_str)
2692 2697 {
2693 2698 if (!strisnum(retval_str))
2694 2699 exit_error(gettext("Invalid retval specified: %s"), retval_str);
2695 2700 }
2696 2701
2697 2702 static void
2698 2703 execit(char **argv)
2699 2704 {
2700 2705 char *args, *args_pos;
2701 2706 size_t len = 0;
2702 2707 size_t n = 0;
2703 2708 char **argv_pos;
2704 2709
2705 2710 if (*argv) {
2706 2711 /* concatenate argument array to be passed to sh -c "..." */
2707 2712 for (argv_pos = argv; *argv_pos; argv_pos++)
2708 2713 len += strlen(*argv_pos) + 1;
2709 2714
2710 2715 if ((args = malloc(len + 1)) == NULL)
2711 2716 exit_error(
2712 2717 gettext("Allocation for command/arguments failed"));
2713 2718
2714 2719 args_pos = args;
2715 2720 for (argv_pos = argv; *argv_pos; argv_pos++) {
2716 2721 n += snprintf(args_pos, len - n, "%s ", *argv_pos);
2717 2722 args_pos = args + n;
2718 2723 }
2719 2724 /* strip the last space */
2720 2725 args[strlen(args)] = '\0';
2721 2726
2722 2727 (void) execl("/bin/sh", "sh", "-c", args, NULL);
2723 2728 } else {
2724 2729 (void) execl("/bin/sh", "sh", NULL);
2725 2730 }
2726 2731
2727 2732 exit_error(gettext("exec(2) failed"));
2728 2733 }
2729 2734
2730 2735 static void
2731 2736 exit_usage(int status)
2732 2737 {
2733 2738 FILE *fp;
2734 2739 int i;
2735 2740
2736 2741 fp = (status ? stderr : stdout);
2737 2742 (void) fprintf(fp, gettext("usage: %s option ...\n"), progname);
2738 2743
2739 2744 for (i = 0; i < ARG_TBL_SZ; i++) {
2740 2745 /* skip the -t option; it's not a standalone option */
2741 2746 if (arg_table[i].auditconfig_cmd == AC_ARG_SET_TEMPORARY) {
2742 2747 continue;
2743 2748 }
2744 2749
2745 2750 (void) fprintf(fp, " %s%s%s\n",
2746 2751 arg_table[i].arg_str, arg_table[i].arg_opts,
2747 2752 (arg_table[i].temporary_allowed ? " [-t]" : ""));
2748 2753 }
2749 2754
2750 2755 exit(status);
2751 2756 }
2752 2757
2753 2758 static void
2754 2759 print_asid(au_asid_t asid)
2755 2760 {
2756 2761 (void) printf(gettext("audit session id = %u\n"), asid);
2757 2762 }
2758 2763
2759 2764 static void
2760 2765 print_auid(au_id_t auid)
2761 2766 {
2762 2767 struct passwd *pwd;
2763 2768 char *username;
2764 2769
2765 2770 if ((pwd = getpwuid((uid_t)auid)) != NULL)
2766 2771 username = pwd->pw_name;
2767 2772 else
2768 2773 username = gettext("unknown");
2769 2774
2770 2775 (void) printf(gettext("audit id = %s(%d)\n"), username, auid);
2771 2776 }
2772 2777
2773 2778 static void
2774 2779 print_mask(char *desc, au_mask_t *pmp)
2775 2780 {
2776 2781 char auflags[512];
2777 2782
2778 2783 if (getauditflagschar(auflags, pmp, 0) < 0)
2779 2784 (void) strlcpy(auflags, gettext("unknown"), sizeof (auflags));
2780 2785
2781 2786 (void) printf("%s = %s(0x%x,0x%x)\n",
2782 2787 desc, auflags, pmp->am_success, pmp->am_failure);
2783 2788 }
2784 2789
2785 2790 static void
2786 2791 print_plugin(char *plugin_name, kva_t *plugin_kva)
2787 2792 {
2788 2793 char att_str[PLUGIN_MAXATT];
2789 2794 boolean_t plugin_active;
2790 2795 char *active_str;
2791 2796 char *qsize_ptr;
2792 2797 int qsize;
2793 2798
2794 2799 if ((active_str = kva_match(plugin_kva, "active")) == NULL) {
2795 2800 (void) printf(gettext("Audit service configuration error: "
2796 2801 "\"active\" property not found\n"));
2797 2802 return;
2798 2803 }
2799 2804
2800 2805 plugin_active = (boolean_t)atoi(active_str);
2801 2806 qsize_ptr = kva_match(plugin_kva, "qsize");
2802 2807 qsize = atoi(qsize_ptr == NULL ? "-1" : qsize_ptr);
2803 2808
2804 2809 (void) printf(gettext("Plugin: %s (%s)\n"), plugin_name,
2805 2810 plugin_active ? "active" : "inactive");
2806 2811
2807 2812 free_static_att_kva(plugin_kva);
2808 2813
2809 2814 switch (_kva2str(plugin_kva, att_str, PLUGIN_MAXATT, "=", ";")) {
2810 2815 case 0:
2811 2816 (void) printf(gettext("\tAttributes: %s\n"), att_str);
2812 2817 break;
2813 2818 case 1:
2814 2819 exit_error(gettext("Internal error - buffer size too small."));
2815 2820 break;
2816 2821 default:
2817 2822 exit_error(gettext("Internal error."));
2818 2823 break;
2819 2824 }
2820 2825
2821 2826 if (qsize != 0) {
2822 2827 (void) printf(gettext("\tQueue size: %d %s\n"), qsize,
2823 2828 qsize == -1 ? "(internal error: value not available)" : "");
2824 2829 }
2825 2830 }
2826 2831
2827 2832 static void
2828 2833 print_tid_ex(au_tid_addr_t *tidp)
2829 2834 {
2830 2835 struct hostent *phe;
2831 2836 char *hostname;
2832 2837 struct in_addr ia;
2833 2838 uint32_t *addr;
2834 2839 int err;
2835 2840 char buf[INET6_ADDRSTRLEN];
2836 2841 char *bufp;
2837 2842
2838 2843
2839 2844 /* IPV6 or IPV4 address */
2840 2845 if (tidp->at_type == AU_IPv4) {
2841 2846 if ((phe = gethostbyaddr((char *)&tidp->at_addr[0],
2842 2847 sizeof (tidp->at_addr[0]), AF_INET)) != NULL) {
2843 2848 hostname = phe->h_name;
2844 2849 } else {
2845 2850 hostname = gettext("unknown");
2846 2851 }
2847 2852
2848 2853 ia.s_addr = tidp->at_addr[0];
2849 2854
2850 2855 (void) printf(gettext(
2851 2856 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2852 2857 major(tidp->at_port), minor(tidp->at_port),
2853 2858 hostname, inet_ntoa(ia));
2854 2859 } else {
2855 2860 addr = &tidp->at_addr[0];
2856 2861 phe = getipnodebyaddr((const void *)addr, 16, AF_INET6, &err);
2857 2862
2858 2863 bzero(buf, sizeof (buf));
2859 2864
2860 2865 (void) inet_ntop(AF_INET6, (void *)addr, buf, sizeof (buf));
2861 2866 if (phe == NULL) {
2862 2867 bufp = gettext("unknown");
2863 2868 } else {
2864 2869 bufp = phe->h_name;
2865 2870 }
2866 2871
2867 2872 (void) printf(gettext(
2868 2873 "terminal id (maj,min,host) = %lu,%lu,%s(%s)\n"),
2869 2874 major(tidp->at_port), minor(tidp->at_port),
2870 2875 bufp, buf);
2871 2876 if (phe) {
2872 2877 freehostent(phe);
2873 2878 }
2874 2879 }
2875 2880 }
2876 2881
2877 2882 static int
2878 2883 str2ipaddr(char *s, uint32_t *addr, uint32_t type)
2879 2884 {
2880 2885 int j, sl;
2881 2886 char *ss;
2882 2887 unsigned int v;
2883 2888
2884 2889 bzero(addr, 16);
2885 2890 if (strisipaddr(s)) {
2886 2891 if (type == AU_IPv4) {
2887 2892 if (inet_pton(AF_INET, s, addr)) {
2888 2893 return (0);
2889 2894 }
2890 2895 return (1);
2891 2896 } else if (type == AU_IPv6) {
2892 2897 if (inet_pton(AF_INET6, s, addr))
2893 2898 return (0);
2894 2899 return (1);
2895 2900 }
2896 2901 return (1);
2897 2902 } else {
2898 2903 if (type == AU_IPv4) {
2899 2904 (void) sscanf(s, "%x", &addr[0]);
2900 2905 return (0);
2901 2906 } else if (type == AU_IPv6) {
2902 2907 sl = strlen(s);
2903 2908 ss = s;
2904 2909 for (j = 3; j >= 0; j--) {
2905 2910 if ((sl - 8) <= 0) {
2906 2911 (void) sscanf(s, "%x", &v);
2907 2912 addr[j] = v;
2908 2913 return (0);
2909 2914 }
2910 2915 ss = &s[sl-8];
2911 2916 (void) sscanf(ss, "%x", &v);
2912 2917 addr[j] = v;
2913 2918 sl -= 8;
2914 2919 *ss = '\0';
2915 2920 }
2916 2921 }
2917 2922 return (0);
2918 2923 }
2919 2924 }
2920 2925
2921 2926 static int
2922 2927 str2type(char *s, uint_t *type)
2923 2928 {
2924 2929 if (strcmp(s, "ipv6") == 0) {
2925 2930 *type = AU_IPv6;
2926 2931 return (0);
2927 2932 }
2928 2933 if (strcmp(s, "ipv4") == 0) {
2929 2934 *type = AU_IPv4;
2930 2935 return (0);
2931 2936 }
2932 2937
2933 2938 return (1);
2934 2939 }
2935 2940
2936 2941 /*
2937 2942 * exit_error() - print an error message along with corresponding system error
2938 2943 * number and error message, then exit. Inputs - program error format and
2939 2944 * message.
2940 2945 */
2941 2946 /*PRINTFLIKE1*/
2942 2947 static void
2943 2948 exit_error(char *fmt, ...)
2944 2949 {
2945 2950 va_list args;
2946 2951
2947 2952 va_start(args, fmt);
2948 2953 prt_error_va(fmt, args);
2949 2954 va_end(args);
2950 2955
2951 2956 exit(1);
2952 2957 }
|
↓ open down ↓ |
360 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX