1 /*-
2 * Copyright (c) 2004-2009 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #ifdef __APPLE__
31 #define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */
32 #endif
33
34 #include <sys/param.h>
35 #include <sys/stat.h>
36
37 #ifdef __APPLE__
38 #include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */
39 #endif
40
41 #include <sys/sysctl.h>
42
43 #include <bsm/libbsm.h>
44
45 #include <unistd.h>
46 #include <syslog.h>
47 #include <stdarg.h>
48 #include <string.h>
49 #include <errno.h>
50 #include <sys/mach/message.h>
51
52 /* This is not advertised in libbsm.h */
53 int audit_set_terminal_port(dev_t *p);
54
55 /*
56 * General purpose audit submission mechanism for userspace.
57 */
58 int
audit_submit(short au_event,au_id_t auid,char status,int reterr,const char * fmt,...)59 audit_submit(short au_event, au_id_t auid, char status,
60 int reterr, const char *fmt, ...)
61 {
62 char text[MAX_AUDITSTRING_LEN];
63 token_t *token;
64 int acond;
65 va_list ap;
66 pid_t pid;
67 int error, afd, subj_ex;
68 struct auditinfo ai;
69 struct auditinfo_addr aia;
70 au_tid_t atid;
71
72 if (audit_get_cond(&acond) != 0) {
73 /*
74 * If auditon(2) returns ENOSYS, then audit has not been
75 * compiled into the kernel, so just return.
76 */
77 if (errno == ENOSYS)
78 return (0);
79 error = errno;
80 syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
81 strerror(errno));
82 errno = error;
83 return (-1);
84 }
85 if (acond == AUC_NOAUDIT)
86 return (0);
87 afd = au_open();
88 if (afd < 0) {
89 error = errno;
90 syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
91 strerror(errno));
92 errno = error;
93 return (-1);
94 }
95 /*
96 * Try to use getaudit_addr(2) first. If this kernel does not support
97 * it, then fall back on to getaudit(2).
98 */
99 subj_ex = 0;
100 error = getaudit_addr(&aia, sizeof(aia));
101 if (error < 0 && errno == ENOSYS) {
102 error = getaudit(&ai);
103 if (error < 0) {
104 error = errno;
105 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
106 strerror(errno));
107 errno = error;
108 return (-1);
109 }
110 /*
111 * Convert this auditinfo_t to an auditinfo_addr_t to make the
112 * following code less complicated wrt to preselection and
113 * subject token generation.
114 */
115 aia.ai_auid = ai.ai_auid;
116 aia.ai_mask = ai.ai_mask;
117 aia.ai_asid = ai.ai_asid;
118 aia.ai_termid.at_type = AU_IPv4;
119 aia.ai_termid.at_addr[0] = ai.ai_termid.machine;
120 aia.ai_termid.at_port = ai.ai_termid.port;
121 } else if (error < 0) {
122 error = errno;
123 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s",
124 strerror(errno));
125 errno = error;
126 return (-1);
127 }
128 /*
129 * NB: We should be performing pre-selection here now that we have the
130 * masks for this process.
131 */
132 if (aia.ai_termid.at_type == AU_IPv6)
133 subj_ex = 1;
134 pid = getpid();
135 if (subj_ex == 0) {
136 atid.port = aia.ai_termid.at_port;
137 atid.machine = aia.ai_termid.at_addr[0];
138 token = au_to_subject32(auid, geteuid(), getegid(),
139 getuid(), getgid(), pid, pid, &atid);
140 } else
141 token = au_to_subject_ex(auid, geteuid(), getegid(),
142 getuid(), getgid(), pid, pid, &aia.ai_termid);
143 if (token == NULL) {
144 syslog(LOG_AUTH | LOG_ERR,
145 "audit: unable to build subject token");
146 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
147 errno = EPERM;
148 return (-1);
149 }
150 if (au_write(afd, token) < 0) {
151 error = errno;
152 syslog(LOG_AUTH | LOG_ERR,
153 "audit: au_write failed: %s", strerror(errno));
154 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
155 errno = error;
156 return (-1);
157 }
158 if (fmt != NULL) {
159 va_start(ap, fmt);
160 (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
161 va_end(ap);
162 token = au_to_text(text);
163 if (token == NULL) {
164 syslog(LOG_AUTH | LOG_ERR,
165 "audit: failed to generate text token");
166 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
167 errno = EPERM;
168 return (-1);
169 }
170 if (au_write(afd, token) < 0) {
171 error = errno;
172 syslog(LOG_AUTH | LOG_ERR,
173 "audit: au_write failed: %s", strerror(errno));
174 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
175 errno = error;
176 return (-1);
177 }
178 }
179 token = au_to_return32(au_errno_to_bsm(status), reterr);
180 if (token == NULL) {
181 syslog(LOG_AUTH | LOG_ERR,
182 "audit: unable to build return token");
183 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
184 errno = EPERM;
185 return (-1);
186 }
187 if (au_write(afd, token) < 0) {
188 error = errno;
189 syslog(LOG_AUTH | LOG_ERR,
190 "audit: au_write failed: %s", strerror(errno));
191 (void) au_close(afd, AU_TO_NO_WRITE, au_event);
192 errno = error;
193 return (-1);
194 }
195 if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
196 error = errno;
197 syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
198 errno = error;
199 return (-1);
200 }
201 return (0);
202 }
203
204 int
audit_set_terminal_port(dev_t * p)205 audit_set_terminal_port(dev_t *p)
206 {
207 struct stat st;
208
209 if (p == NULL)
210 return (kAUBadParamErr);
211
212 #ifdef NODEV
213 *p = NODEV;
214 #else
215 *p = -1;
216 #endif
217
218 /* for /usr/bin/login, try fstat() first */
219 if (fstat(STDIN_FILENO, &st) != 0) {
220 if (errno != EBADF) {
221 syslog(LOG_ERR, "fstat() failed (%s)",
222 strerror(errno));
223 return (kAUStatErr);
224 }
225 if (stat("/dev/console", &st) != 0) {
226 syslog(LOG_ERR, "stat() failed (%s)",
227 strerror(errno));
228 return (kAUStatErr);
229 }
230 }
231 *p = st.st_rdev;
232 return (kAUNoErr);
233 }
234
235 int
audit_set_terminal_host(uint32_t * m)236 audit_set_terminal_host(uint32_t *m)
237 {
238
239 #ifdef KERN_HOSTID
240 int name[2] = { CTL_KERN, KERN_HOSTID };
241 size_t len;
242
243 if (m == NULL)
244 return (kAUBadParamErr);
245 *m = 0;
246 len = sizeof(*m);
247 if (sysctl(name, 2, m, &len, NULL, 0) != 0) {
248 syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno));
249 return (kAUSysctlErr);
250 }
251 return (kAUNoErr);
252 #else
253 *m = -1;
254 return (kAUNoErr);
255 #endif
256 }
257
258 int
audit_set_terminal_id(au_tid_t * tid)259 audit_set_terminal_id(au_tid_t *tid)
260 {
261 int ret;
262
263 if (tid == NULL)
264 return (kAUBadParamErr);
265 if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr)
266 return (ret);
267 return (audit_set_terminal_host(&tid->machine));
268 }
269
270 /*
271 * This is OK for those callers who have only one token to write. If you have
272 * multiple tokens that logically form part of the same audit record, you need
273 * to use the existing au_open()/au_write()/au_close() API:
274 *
275 * aufd = au_open();
276 * tok = au_to_random_token_1(...);
277 * au_write(aufd, tok);
278 * tok = au_to_random_token_2(...);
279 * au_write(aufd, tok);
280 * ...
281 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type);
282 *
283 * Assumes, like all wrapper calls, that the caller has previously checked
284 * that auditing is enabled via the audit_get_state() call.
285 *
286 * XXX: Should be more robust against bad arguments.
287 */
288 int
audit_write(short event_code,token_t * subject,token_t * misctok,char retval,int errcode)289 audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
290 int errcode)
291 {
292 int aufd;
293 char *func = "audit_write()";
294 token_t *rettok;
295
296 if ((aufd = au_open()) == -1) {
297 au_free_token(subject);
298 au_free_token(misctok);
299 syslog(LOG_ERR, "%s: au_open() failed", func);
300 return (kAUOpenErr);
301 }
302
303 /* Save subject. */
304 if (subject && au_write(aufd, subject) == -1) {
305 au_free_token(subject);
306 au_free_token(misctok);
307 (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
308 syslog(LOG_ERR, "%s: write of subject failed", func);
309 return (kAUWriteSubjectTokErr);
310 }
311
312 /* Save the event-specific token. */
313 if (misctok && au_write(aufd, misctok) == -1) {
314 au_free_token(misctok);
315 (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
316 syslog(LOG_ERR, "%s: write of caller token failed", func);
317 return (kAUWriteCallerTokErr);
318 }
319
320 /* Tokenize and save the return value. */
321 if ((rettok = au_to_return32(retval, errcode)) == NULL) {
322 (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
323 syslog(LOG_ERR, "%s: au_to_return32() failed", func);
324 return (kAUMakeReturnTokErr);
325 }
326
327 if (au_write(aufd, rettok) == -1) {
328 au_free_token(rettok);
329 (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
330 syslog(LOG_ERR, "%s: write of return code failed", func);
331 return (kAUWriteReturnTokErr);
332 }
333
334 /*
335 * We assume the caller wouldn't have bothered with this
336 * function if it hadn't already decided to keep the record.
337 */
338 if (au_close(aufd, AU_TO_WRITE, event_code) < 0) {
339 syslog(LOG_ERR, "%s: au_close() failed", func);
340 return (kAUCloseErr);
341 }
342
343 return (kAUNoErr);
344 }
345
346 /*
347 * Same caveats as audit_write(). In addition, this function explicitly
348 * assumes success; use audit_write_failure() on error.
349 */
350 int
audit_write_success(short event_code,token_t * tok,au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)351 audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,
352 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
353 au_tid_t *tid)
354 {
355 char *func = "audit_write_success()";
356 token_t *subject = NULL;
357
358 /* Tokenize and save subject. */
359 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,
360 tid);
361 if (subject == NULL) {
362 syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
363 return kAUMakeSubjectTokErr;
364 }
365
366 return (audit_write(event_code, subject, tok, 0, 0));
367 }
368
369 /*
370 * Same caveats as audit_write(). In addition, this function explicitly
371 * assumes success; use audit_write_failure_self() on error.
372 */
373 int
audit_write_success_self(short event_code,token_t * tok)374 audit_write_success_self(short event_code, token_t *tok)
375 {
376 token_t *subject;
377 char *func = "audit_write_success_self()";
378
379 if ((subject = au_to_me()) == NULL) {
380 syslog(LOG_ERR, "%s: au_to_me() failed", func);
381 return (kAUMakeSubjectTokErr);
382 }
383
384 return (audit_write(event_code, subject, tok, 0, 0));
385 }
386
387 /*
388 * Same caveats as audit_write(). In addition, this function explicitly
389 * assumes failure; use audit_write_success() otherwise.
390 *
391 * XXX This should let the caller pass an error return value rather than
392 * hard-coding -1.
393 */
394 int
audit_write_failure(short event_code,char * errmsg,int errcode,au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)395 audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,
396 uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
397 au_tid_t *tid)
398 {
399 char *func = "audit_write_failure()";
400 token_t *subject, *errtok;
401
402 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid);
403 if (subject == NULL) {
404 syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
405 return (kAUMakeSubjectTokErr);
406 }
407
408 /* tokenize and save the error message */
409 if ((errtok = au_to_text(errmsg)) == NULL) {
410 au_free_token(subject);
411 syslog(LOG_ERR, "%s: au_to_text() failed", func);
412 return (kAUMakeTextTokErr);
413 }
414
415 return (audit_write(event_code, subject, errtok, -1, errcode));
416 }
417
418 /*
419 * Same caveats as audit_write(). In addition, this function explicitly
420 * assumes failure; use audit_write_success_self() otherwise.
421 *
422 * XXX This should let the caller pass an error return value rather than
423 * hard-coding -1.
424 */
425 int
audit_write_failure_self(short event_code,char * errmsg,int errret)426 audit_write_failure_self(short event_code, char *errmsg, int errret)
427 {
428 char *func = "audit_write_failure_self()";
429 token_t *subject, *errtok;
430
431 if ((subject = au_to_me()) == NULL) {
432 syslog(LOG_ERR, "%s: au_to_me() failed", func);
433 return (kAUMakeSubjectTokErr);
434 }
435 /* tokenize and save the error message */
436 if ((errtok = au_to_text(errmsg)) == NULL) {
437 au_free_token(subject);
438 syslog(LOG_ERR, "%s: au_to_text() failed", func);
439 return (kAUMakeTextTokErr);
440 }
441 return (audit_write(event_code, subject, errtok, -1, errret));
442 }
443
444 /*
445 * For auditing errors during login. Such errors are implicitly
446 * non-attributable (i.e., not ascribable to any user).
447 *
448 * Assumes, like all wrapper calls, that the caller has previously checked
449 * that auditing is enabled via the audit_get_state() call.
450 */
451 int
audit_write_failure_na(short event_code,char * errmsg,int errret,uid_t euid,uid_t egid,pid_t pid,au_tid_t * tid)452 audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,
453 uid_t egid, pid_t pid, au_tid_t *tid)
454 {
455
456 return (audit_write_failure(event_code, errmsg, errret, -1, euid,
457 egid, -1, -1, pid, -1, tid));
458 }
459
460 /* END OF au_write() WRAPPERS */
461
462 void
audit_token_to_au32(audit_token_t atoken,uid_t * auidp,uid_t * euidp,gid_t * egidp,uid_t * ruidp,gid_t * rgidp,pid_t * pidp,au_asid_t * asidp,au_tid_t * tidp)463 audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp,
464 gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp,
465 au_tid_t *tidp)
466 {
467
468 if (auidp != NULL)
469 *auidp = (uid_t)atoken.val[0];
470 if (euidp != NULL)
471 *euidp = (uid_t)atoken.val[1];
472 if (egidp != NULL)
473 *egidp = (gid_t)atoken.val[2];
474 if (ruidp != NULL)
475 *ruidp = (uid_t)atoken.val[3];
476 if (rgidp != NULL)
477 *rgidp = (gid_t)atoken.val[4];
478 if (pidp != NULL)
479 *pidp = (pid_t)atoken.val[5];
480 if (asidp != NULL)
481 *asidp = (au_asid_t)atoken.val[6];
482 if (tidp != NULL) {
483 audit_set_terminal_host(&tidp->machine);
484 tidp->port = (dev_t)atoken.val[7];
485 }
486 }
487
488 int
audit_get_cond(int * cond)489 audit_get_cond(int *cond)
490 {
491 int ret;
492
493 ret = auditon(A_GETCOND, cond, sizeof(*cond));
494 #ifdef A_OLDGETCOND
495 if ((0 != ret) && EINVAL == errno) {
496 long lcond = *cond;
497
498 ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond));
499 *cond = (int)lcond;
500 }
501 #endif
502 return (ret);
503 }
504
505 int
audit_set_cond(int * cond)506 audit_set_cond(int *cond)
507 {
508 int ret;
509
510 ret = auditon(A_SETCOND, cond, sizeof(*cond));
511 #ifdef A_OLDSETCOND
512 if ((0 != ret) && (EINVAL == errno)) {
513 long lcond = (long)*cond;
514
515 ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond));
516 *cond = (int)lcond;
517 }
518 #endif
519 return (ret);
520 }
521
522 int
audit_get_policy(int * policy)523 audit_get_policy(int *policy)
524 {
525 int ret;
526
527 ret = auditon(A_GETPOLICY, policy, sizeof(*policy));
528 #ifdef A_OLDGETPOLICY
529 if ((0 != ret) && (EINVAL == errno)){
530 long lpolicy = (long)*policy;
531
532 ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy));
533 *policy = (int)lpolicy;
534 }
535 #endif
536 return (ret);
537 }
538
539 int
audit_set_policy(int * policy)540 audit_set_policy(int *policy)
541 {
542 int ret;
543
544 ret = auditon(A_SETPOLICY, policy, sizeof(*policy));
545 #ifdef A_OLDSETPOLICY
546 if ((0 != ret) && (EINVAL == errno)){
547 long lpolicy = (long)*policy;
548
549 ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy));
550 *policy = (int)lpolicy;
551 }
552 #endif
553 return (ret);
554 }
555
556 int
audit_get_qctrl(au_qctrl_t * qctrl,size_t sz)557 audit_get_qctrl(au_qctrl_t *qctrl, size_t sz)
558 {
559 int ret;
560
561 if (sizeof(*qctrl) != sz) {
562 errno = EINVAL;
563 return (-1);
564 }
565
566 ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl));
567 #ifdef A_OLDGETQCTRL
568 if ((0 != ret) && (EINVAL == errno)){
569 struct old_qctrl {
570 size_t oq_hiwater;
571 size_t oq_lowater;
572 size_t oq_bufsz;
573 clock_t oq_delay;
574 int oq_minfree;
575 } oq;
576
577 oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
578 oq.oq_lowater = (size_t)qctrl->aq_lowater;
579 oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
580 oq.oq_delay = (clock_t)qctrl->aq_delay;
581 oq.oq_minfree = qctrl->aq_minfree;
582
583 ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq));
584
585 qctrl->aq_hiwater = (int)oq.oq_hiwater;
586 qctrl->aq_lowater = (int)oq.oq_lowater;
587 qctrl->aq_bufsz = (int)oq.oq_bufsz;
588 qctrl->aq_delay = (int)oq.oq_delay;
589 qctrl->aq_minfree = oq.oq_minfree;
590 }
591 #endif /* A_OLDGETQCTRL */
592 return (ret);
593 }
594
595 int
audit_set_qctrl(au_qctrl_t * qctrl,size_t sz)596 audit_set_qctrl(au_qctrl_t *qctrl, size_t sz)
597 {
598 int ret;
599
600 if (sizeof(*qctrl) != sz) {
601 errno = EINVAL;
602 return (-1);
603 }
604
605 ret = auditon(A_SETQCTRL, qctrl, sz);
606 #ifdef A_OLDSETQCTRL
607 if ((0 != ret) && (EINVAL == errno)) {
608 struct old_qctrl {
609 size_t oq_hiwater;
610 size_t oq_lowater;
611 size_t oq_bufsz;
612 clock_t oq_delay;
613 int oq_minfree;
614 } oq;
615
616 oq.oq_hiwater = (size_t)qctrl->aq_hiwater;
617 oq.oq_lowater = (size_t)qctrl->aq_lowater;
618 oq.oq_bufsz = (size_t)qctrl->aq_bufsz;
619 oq.oq_delay = (clock_t)qctrl->aq_delay;
620 oq.oq_minfree = qctrl->aq_minfree;
621
622 ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq));
623
624 qctrl->aq_hiwater = (int)oq.oq_hiwater;
625 qctrl->aq_lowater = (int)oq.oq_lowater;
626 qctrl->aq_bufsz = (int)oq.oq_bufsz;
627 qctrl->aq_delay = (int)oq.oq_delay;
628 qctrl->aq_minfree = oq.oq_minfree;
629 }
630 #endif /* A_OLDSETQCTRL */
631 return (ret);
632 }
633
634 int
audit_send_trigger(int * trigger)635 audit_send_trigger(int *trigger)
636 {
637
638 return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger)));
639 }
640
641 int
audit_get_kaudit(auditinfo_addr_t * aia,size_t sz)642 audit_get_kaudit(auditinfo_addr_t *aia, size_t sz)
643 {
644
645 if (sizeof(*aia) != sz) {
646 errno = EINVAL;
647 return (-1);
648 }
649
650 return (auditon(A_GETKAUDIT, aia, sz));
651 }
652
653 int
audit_set_kaudit(auditinfo_addr_t * aia,size_t sz)654 audit_set_kaudit(auditinfo_addr_t *aia, size_t sz)
655 {
656
657 if (sizeof(*aia) != sz) {
658 errno = EINVAL;
659 return (-1);
660 }
661
662 return (auditon(A_SETKAUDIT, aia, sz));
663 }
664
665 int
audit_get_class(au_evclass_map_t * evc_map,size_t sz)666 audit_get_class(au_evclass_map_t *evc_map, size_t sz)
667 {
668
669 if (sizeof(*evc_map) != sz) {
670 errno = EINVAL;
671 return (-1);
672 }
673
674 return (auditon(A_GETCLASS, evc_map, sz));
675 }
676
677 int
audit_set_class(au_evclass_map_t * evc_map,size_t sz)678 audit_set_class(au_evclass_map_t *evc_map, size_t sz)
679 {
680
681 if (sizeof(*evc_map) != sz) {
682 errno = EINVAL;
683 return (-1);
684 }
685
686 return (auditon(A_SETCLASS, evc_map, sz));
687 }
688
689 int
audit_get_kmask(au_mask_t * kmask,size_t sz)690 audit_get_kmask(au_mask_t *kmask, size_t sz)
691 {
692 if (sizeof(*kmask) != sz) {
693 errno = EINVAL;
694 return (-1);
695 }
696
697 return (auditon(A_GETKMASK, kmask, sz));
698 }
699
700 int
audit_set_kmask(au_mask_t * kmask,size_t sz)701 audit_set_kmask(au_mask_t *kmask, size_t sz)
702 {
703 if (sizeof(*kmask) != sz) {
704 errno = EINVAL;
705 return (-1);
706 }
707
708 return (auditon(A_SETKMASK, kmask, sz));
709 }
710
711 int
audit_get_fsize(au_fstat_t * fstat,size_t sz)712 audit_get_fsize(au_fstat_t *fstat, size_t sz)
713 {
714
715 if (sizeof(*fstat) != sz) {
716 errno = EINVAL;
717 return (-1);
718 }
719
720 return (auditon(A_GETFSIZE, fstat, sz));
721 }
722
723 int
audit_set_fsize(au_fstat_t * fstat,size_t sz)724 audit_set_fsize(au_fstat_t *fstat, size_t sz)
725 {
726
727 if (sizeof(*fstat) != sz) {
728 errno = EINVAL;
729 return (-1);
730 }
731
732 return (auditon(A_SETFSIZE, fstat, sz));
733 }
734
735 int
audit_set_pmask(auditpinfo_t * api,size_t sz)736 audit_set_pmask(auditpinfo_t *api, size_t sz)
737 {
738
739 if (sizeof(*api) != sz) {
740 errno = EINVAL;
741 return (-1);
742 }
743
744 return (auditon(A_SETPMASK, api, sz));
745 }
746
747 int
audit_get_pinfo(auditpinfo_t * api,size_t sz)748 audit_get_pinfo(auditpinfo_t *api, size_t sz)
749 {
750
751 if (sizeof(*api) != sz) {
752 errno = EINVAL;
753 return (-1);
754 }
755
756 return (auditon(A_GETPINFO, api, sz));
757 }
758
759 int
audit_get_pinfo_addr(auditpinfo_addr_t * apia,size_t sz)760 audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz)
761 {
762
763 if (sizeof(*apia) != sz) {
764 errno = EINVAL;
765 return (-1);
766 }
767
768 return (auditon(A_GETPINFO_ADDR, apia, sz));
769 }
770
771 int
audit_get_sinfo_addr(auditinfo_addr_t * aia,size_t sz)772 audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz)
773 {
774
775 if (sizeof(*aia) != sz) {
776 errno = EINVAL;
777 return (-1);
778 }
779
780 return (auditon(A_GETSINFO_ADDR, aia, sz));
781 }
782
783 int
audit_get_stat(au_stat_t * stats,size_t sz)784 audit_get_stat(au_stat_t *stats, size_t sz)
785 {
786
787 if (sizeof(*stats) != sz) {
788 errno = EINVAL;
789 return (-1);
790 }
791
792 return (auditon(A_GETSTAT, stats, sz));
793 }
794
795 int
audit_set_stat(au_stat_t * stats,size_t sz)796 audit_set_stat(au_stat_t *stats, size_t sz)
797 {
798
799 if (sizeof(*stats) != sz) {
800 errno = EINVAL;
801 return (-1);
802 }
803
804 return (auditon(A_GETSTAT, stats, sz));
805 }
806
807 int
audit_get_cwd(char * path,size_t sz)808 audit_get_cwd(char *path, size_t sz)
809 {
810
811 return (auditon(A_GETCWD, path, sz));
812 }
813
814 int
audit_get_car(char * path,size_t sz)815 audit_get_car(char *path, size_t sz)
816 {
817
818 return (auditon(A_GETCAR, path, sz));
819 }
820