/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/* auditd smf(5)/libscf(3LIB) interface - set and display audit parameters */
#include <audit_scf.h>
#include <audit_policy.h>
/* propvec array must be NULL terminated */
/*
* prt_error() - prt_error_va() wrapper; see prt_error_va() for more contextual
* information. Note, that the function disregards errno; if you need to print
* out strerror()/errno use directly prt_error_va().
* Inputs - program error format and message.
*/
/*PRINTFLIKE1*/
static void
{
errno = 0;
}
/*
* prt_error_va() - prints an error message along with corresponding system
* error number. Inputs - program error format and the va_list already prepared
* by the preceding functions.
*
*/
/*PRINTFLIKE1*/
void
{
if (errno)
}
/*
* prt_scf_err() - scf_error()/scf_strerror() wrapper.
*/
static void
prt_scf_err(void)
{
}
/*
* add_prop_vect_scf() - adds vector to the array of vectors later passed to
* get_/set_val_scf(). The first argument (vector) points to particular position
* in the vector of properties.
*/
static void
{
}
/*
* get_val_scf() - get a property values from the audit service
*
* Arguments: vector = pointers to the head end of array of property vectors
* pgroup_str = property group of property in AUDITD_FMRI
*
*/
static boolean_t
{
/*
* Get the property vector from the editing snapshot (B_FALSE).
* For documentation on property vectors see <libscf_priv.h>.
*/
&bad_prop_vec) != SCF_SUCCESS) {
prt_scf_err();
if (bad_prop_vec != NULL) {
}
return (B_FALSE);
}
return (B_TRUE);
}
/*
* set_val_scf() - set property values of the audit service.
*
* arguments: vector = pointers to the head end of array of property vectors
* pgroup_str = property group of property in AUDITD_FMRI
*
*/
static boolean_t
{
/* for documentation on property vectors see <libscf_priv.h> */
&bad_prop_vec) != SCF_SUCCESS) {
prt_scf_err();
if (bad_prop_vec != NULL) {
}
return (B_FALSE);
}
return (B_TRUE);
}
/*
* free_prop_vect() - deallocate heap memory used for propvect values.
*/
static void
free_prop_vect(void)
{
}
}
}
/*
* chk_prop_vect() - check for prop_vect boundaries and possibly process
* (typically) full prop_vect.
*/
static boolean_t
{
if (*prop_vect_ptr < prop_vect ||
return (B_FALSE);
}
}
return (B_TRUE);
}
/*
* get_props_kva_all() - get all properties and fill in the plugin_kva.
*/
static boolean_t
kva_t **plugin_kva)
{
int len = 0;
attr_string[0] = 0;
attr_buf[0] = 0;
PLUGIN_MAXKEY) == -1) {
prt_scf_err();
return (B_FALSE);
}
/*
* We do not fully support multi-valued properties.
* scf_property_get_value() only supports single-valued
* properties. It returns SCF_ERROR_CONSTRAINT_VIOLATED and one
* of the property values. The audit service configuration
* values are all single-valued properties. The authorizations
* to configure and read the audit service properties may be
* multi-valued, these may safely be ignored here as not an
* error.
*/
handle_iter->prop_val) != 0 &&
prt_scf_err();
return (B_FALSE);
}
prt_scf_err();
return (B_FALSE);
}
switch (prop_type) {
case SCF_TYPE_BOOLEAN: {
&pval_bool) == -1) {
prt_scf_err();
return (B_FALSE);
}
key_buf);
return (B_FALSE);
}
"%s\n"), key_buf);
return (B_FALSE);
}
break;
}
case SCF_TYPE_ASTRING: {
prt_scf_err();
return (B_FALSE);
}
key_buf);
return (B_FALSE);
}
"%s\n"), key_buf);
return (B_FALSE);
}
break;
}
case SCF_TYPE_COUNT: {
&pval_count) == -1) {
prt_scf_err();
return (B_FALSE);
}
key_buf);
return (B_FALSE);
}
"%s\n"), key_buf);
return (B_FALSE);
}
break;
}
default:
(void) printf("Unsupported value type %s [%d]\n",
break;
}
}
if (*attr_string == '\0' ||
return (B_FALSE);
}
return (B_TRUE);
}
/*
* get_plugin_kva() - get and save config attributes of given plugin plugin_str
* (or all plugins in case plugin_str == NULL) into scf_plugin_kva_node_t.
*/
static boolean_t
{
(const char *)"plugin") == -1) {
prt_scf_err();
return (B_FALSE);
}
PLUGIN_MAXBUF) == -1) {
prt_scf_err();
return (B_FALSE);
}
if (plugin_str != NULL &&
continue;
}
if ((node =
return (B_FALSE);
}
}
}
prt_scf_err();
return (B_FALSE);
}
&(node->plugin_kva))) {
return (B_FALSE);
}
}
#if DEBUG
{
while (node_debug != NULL) {
} else {
}
}
}
#endif
return (B_TRUE);
}
/*
* scf_free() - free scf handles
*/
static void
{
return;
}
}
}
}
prt_scf_err();
}
}
}
/*
* scf_init() - initiate scf handles
*/
static boolean_t
{
goto err_out;
}
goto err_out;
}
goto err_out;
}
goto err_out;
}
return (B_TRUE);
prt_scf_err();
return (B_FALSE);
}
/*
* scf_free_iter() - free scf iter handles
*/
static void
{
if (handle_iter == NULL) {
return;
}
}
}
}
}
/*
* scf_init_iter() - initiate scf iter handles
*/
static boolean_t
{
goto err_out;
}
goto err_out;
}
goto err_out;
}
return (B_TRUE);
prt_scf_err();
return (B_FALSE);
}
/*
* chk_policy_context() - does some policy based checks, checks the context
* (zone, smf) in which the policy could make some sense.
*/
static boolean_t
{
/*
* "all" and "none" policy flags, since they represent
* AUDITD_FMRI service instance configuration.
*/
return (B_FALSE);
}
/*
* In the local zone (!= GLOBAL_ZONEID) we do not touch
* "ahlt" and "perzone" policy flags, since these are
* relevant only in the global zone.
*/
if ((getzoneid() != GLOBAL_ZONEID) &&
return (B_FALSE);
}
return (B_TRUE);
}
/*
* pairs) from the kva plugin structure.
*/
void
{
}
/*
* do_getqctrl_scf() - get the values of qctrl properties of the audit service
*/
{
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getqbufsz_scf() - get the qbufsz audit service property value
*/
{
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getqdelay_scf() - get the qdelay audit service property value
*/
{
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getqhiwater_scf() - get the qhiwater audit service property value
*/
{
&cval_l);
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getqlowater_scf() - get the qlowater audit service property value
*/
{
&cval_l);
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getpolicy_scf() - get the audit policy flags from service
*/
{
int i;
char *cur_policy_str;
/* prepare the smf(5) query */
for (i = 0; i < POLICY_TBL_SZ; i++) {
/* Do some basic policy dependent checks */
if (!chk_policy_context(cur_policy_str)) {
continue;
}
}
return (B_FALSE);
}
/* set the policy mask */
*policy_mask = 0;
if (policy_arr_ptr->flag) {
}
}
return (B_TRUE);
}
/*
* do_setpolicy_scf() - sets the policy flags in audit service configuration
*/
{
int i;
char *cur_policy_str;
for (i = 0; i < POLICY_TBL_SZ; i++) {
/* Do some basic policy dependent checks */
if (!chk_policy_context(cur_policy_str)) {
continue;
}
*bool_arr_ptr = B_TRUE;
} else {
*bool_arr_ptr = B_FALSE;
}
}
}
/*
* do_setqctrl_scf() - set the values of qctrl properties of the audit service
*/
{
cval->aq_hiwater != 0) {
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
cval->aq_lowater != 0) {
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
}
/*
* do_setqbufsz_scf() - set the qbufsz property value of the audit service
*/
{
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
}
/*
* do_setqdelay_scf() - set the qdelay property value of the audit service
*/
{
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
}
/*
* do_setqhiwater_scf() - set the qhiwater property value of the audit service
*/
{
if (!do_getqlowater_scf(&cval_lowater)) {
"queue lowater mark.\n"));
return (B_FALSE);
}
if (cval_lowater == 0) {
}
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
&cval_l);
}
/*
* do_setqlowater_scf() - set the qlowater property value of the audit service
*/
{
if (!do_getqhiwater_scf(&cval_hiwater)) {
"queue hiwater mark.\n"));
return (B_FALSE);
}
if (cval_hiwater == 0) {
}
"outside of allowed boundaries.\n"));
return (B_FALSE);
}
&cval_l);
}
/*
* do_getflags_scf() - get the audit attributable flags from service
*/
{
flags);
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getnaflags_scf() - get the audit non-attributable flags from service
*/
{
naflags);
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_setflags_scf() - set the attributable mask property value of the audit
* service
*/
{
flags);
}
/*
* do_setnaflags_scf() - set the attributable mask property value of the audit
* service
*/
{
naflags);
}
/*
* plugin_avail_scf() - look for the plugin in the audit service configuration
*/
{
return (B_FALSE);
}
scf_strerror(scf_error())));
return (B_FALSE);
}
return (B_TRUE);
}
/*
* do_getpluginconfig_scf() - get plugin configuration from the audit service
* configuration.
*/
{
char *asi_fmri;
return (B_FALSE);
}
plugin_all = B_TRUE;
} else {
return (B_FALSE);
}
}
return (B_FALSE);
}
SCF_DECODE_FMRI_EXACT) == -1) {
prt_scf_err();
return (B_FALSE);
}
return (B_FALSE);
}
if (plugin_all) {
} else {
}
return (rv);
}
/*
* do_setpluginconfig_scf() - set plugin configuration in the audit service
* configuration.
*/
char *plugin_att, int plugin_qsize)
{
int cnt = 0;
"state=%d (%s)\n\tattributes=%s\n\tqsize=%d%s\n", plugin_str,
if (plugin_att != NULL) {
/* get rid of white-space chars */
if (*plugin_att_ptr != '\0') {
while (*plugin_att_ptr != '\0') {
if (isspace(*plugin_att_ptr) == 0) {
*plugin_att_clr_ptr++ = *plugin_att_ptr;
}
}
*plugin_att_clr_ptr = '\0';
}
/* allow empty plugin_att */
if (*plugin_att == '\0') {
cnt = 0;
} else {
if (plugin_att_kva == NULL) {
"attributes."));
return (B_FALSE);
}
}
}
/* set state */
&plugin_state);
/* set attributes */
while (cnt) {
cnt--;
data++;
continue;
}
goto err_out;
}
prt_scf_err();
goto err_out;
}
== -1) {
prt_scf_err();
goto err_out;
}
switch (plugin_prop_type) {
case SCF_TYPE_BOOLEAN: {
goto err_out;
}
break;
}
case SCF_TYPE_ASTRING: {
char *pval_str;
goto err_out;
}
break;
}
case SCF_TYPE_COUNT: {
if (pval_count == NULL) {
goto err_out;
}
break;
}
default:
break;
}
data++;
cnt--;
}
goto err_out;
}
/* set qsize */
if (plugin_qsize != -1) {
}
}
return (rval);
}
/*
* plugin_kva_ll_free() - free the memory used by plugin kva linked list.
*/
void
{
return;
}
}
}
}
/*
* get_policy() - get policy mask entry
*/
{
int i;
for (i = 0; i < POLICY_TBL_SZ; i++) {
return (policy_table[i].policy_mask);
}
}
return (0);
}