static void print_profile_privs(kva_t *attr) { char *privs; if (attr) { privs = kva_match(attr, PROFATTR_PRIVS_KW); if (privs) (void) printf(" privs=%s", privs); } }
/* ARGSUSED */ static int attr(const char *name, kva_t *kva, void *ctxt, void *pres) { char *val; if ((val = kva_match(kva, attr_name)) != NULL) { if (verbose) { char *prof_name = "user_attr"; if (name != NULL) { prof_name = (char *)name; } (void) printf("%s : %s\n", prof_name, val); } else { (void) printf("%s\n", val); } exit(0); } return (0); /* no match */ }
/* * Verifies the provided list of role names are valid. * * Returns NULL if all role names are valid. * Otherwise, returns the invalid role name * */ static const char * check_role(const char *roles) { char *rolename; userattr_t *result; char *utype; char *tmp; tmp = strdup(roles); if (tmp == NULL) { errmsg(M_NOSPACE); exit(EX_FAILURE); } rolename = strtok(tmp, ROLE_SEP); while (rolename != NULL) { result = getusernam(rolename); if (result == NULL) { /* can't find the rolename */ return (rolename); } /* Now, make sure it is a role */ utype = kva_match(result->attr, USERATTR_TYPE_KW); if (utype == NULL) { /* no user type defined. not a role */ free_userattr(result); return (rolename); } if (strcmp(utype, USERATTR_TYPE_NONADMIN_KW) != 0) { free_userattr(result); return (rolename); } free_userattr(result); rolename = strtok(NULL, ROLE_SEP); } free(tmp); return (NULL); }
static boolean_t is_audit_config_ok() { int state = B_TRUE; /* B_TRUE/B_FALSE = ok/not_ok */ char *cval_str; int cval_int; kva_t *kvlist; scf_plugin_kva_node_t *plugin_kva_ll; scf_plugin_kva_node_t *plugin_kva_ll_head; boolean_t one_plugin_enabled = B_FALSE; /* * There must be at least one active plugin configured; if the * configured plugin is audit_binfile(5), then the p_dir must not be * empty. */ if (!do_getpluginconfig_scf(NULL, &plugin_kva_ll)) { (void) fprintf(stderr, gettext("Could not get plugin configuration.\n")); exit(1); } plugin_kva_ll_head = plugin_kva_ll; while (plugin_kva_ll != NULL) { kvlist = plugin_kva_ll->plugin_kva; if (!one_plugin_enabled) { cval_str = kva_match(kvlist, "active"); if (atoi(cval_str) == 1) { one_plugin_enabled = B_TRUE; } } if (strcmp((char *)&(*plugin_kva_ll).plugin_name, "audit_binfile") == 0) { cval_str = kva_match(kvlist, "p_dir"); if (*cval_str == '\0' || cval_str == NULL) { (void) fprintf(stderr, gettext("%s: audit_binfile(5) \"p_dir:\" " "attribute empty\n"), progname); state = B_FALSE; } else if (!contains_valid_dirs(cval_str)) { (void) fprintf(stderr, gettext("%s: audit_binfile(5) \"p_dir:\" " "attribute invalid\n"), progname); state = B_FALSE; } cval_str = kva_match(kvlist, "p_minfree"); cval_int = atoi(cval_str); if (cval_int < 0 || cval_int > 100) { (void) fprintf(stderr, gettext("%s: audit_binfile(5) " "\"p_minfree:\" attribute invalid\n"), progname); state = B_FALSE; } } plugin_kva_ll = plugin_kva_ll->next; } plugin_kva_ll_free(plugin_kva_ll_head); if (!one_plugin_enabled) { (void) fprintf(stderr, gettext("%s: no active plugin found\n"), progname); state = B_FALSE; } return (state); }
/* * auditd_plugin_open() may be called multiple times; on initial open or * `audit -s`, then kvlist != NULL; on `audit -n`, then kvlist == NULL. * For more information see audit(1M). * * Note, that space on stack allocated for any error message returned along * with AUDITD_RETRY is subsequently freed by auditd. * */ auditd_rc_t auditd_plugin_open(const kva_t *kvlist, char **ret_list, char **error) { kva_t *kv; char *val_str; int val; long val_l; int rc = 0; *error = NULL; *ret_list = NULL; kv = (kva_t *)kvlist; #if DEBUG dfile = __auditd_debug_file_open(); #endif /* initial open or audit -s */ if (kvlist != NULL) { DPRINT((dfile, "Action: initial open or `audit -s`\n")); val_str = kva_match(kv, "p_timeout"); if (val_str == NULL) { *error = strdup( gettext("p_timeout attribute not found")); return (AUDITD_RETRY); } DPRINT((dfile, "val_str=%s\n", val_str)); errno = 0; val = atoi(val_str); if (errno == 0 && val >= 1) { timeout_p_timeout = val; timeout = val; } else { timeout_p_timeout = DEFAULT_TIMEOUT; timeout = timeout_p_timeout; DPRINT((dfile, "p_timeout set to default value: %d\n", timeout)); } val_str = kva_match(kv, "p_retries"); if (val_str == NULL) { *error = strdup( gettext("p_retries attribute not found")); return (AUDITD_RETRY); } DPRINT((dfile, "val_str=%s\n", val_str)); errno = 0; val = atoi(val_str); if (errno == 0 && val >= 0) { retries = val; } val_str = kva_match(kv, "qsize"); if (val_str == NULL) { *error = strdup(gettext("qsize attribute not found")); return (AUDITD_RETRY); } DPRINT((dfile, "qsize=%s\n", val_str)); errno = 0; val_l = atol(val_str); if (errno == 0 && val_l >= 0) { transq_count_max = val_l; } if (transq_count_max == 0 && (rc = set_transq_count_max()) != AUDITD_SUCCESS) { *error = strdup(gettext("cannot get kernel " "auditd queue high water mark\n")); return (rc); } DPRINT((dfile, "timeout=%d, retries=%d, transq_count_max=%ld\n", timeout, retries, transq_count_max)); val_str = kva_match(kv, "p_hosts"); if (val_str == NULL) { *error = strdup(gettext("no hosts configured")); return (AUDITD_RETRY); } if ((rc = parsehosts(val_str, error)) != AUDITD_SUCCESS) { return (rc); } /* create the notification pipe towards the receiving thread */ if (!notify_pipe_ready) { if (create_notify_pipe(notify_pipe, error)) { notify_pipe_ready = B_TRUE; } else { return (AUDITD_RETRY); } } #if DEBUG } else { /* audit -n */ DPRINT((dfile, "Action: `audit -n`\n")); #endif } return (AUDITD_SUCCESS); }
/* * da_interpret - * parses val and initializes pointers in devalloc_t. * returns pointer to parsed devalloc_t entry, else returns NULL on error. */ static devalloc_t * da_interpret(char *val) { struct _dabuff *_da = _daalloc(); char *opts; int i; kva_t *kvap; kv_t *kvp; if (_da == NULL) return (NULL); (void) strcpy(interpdaline, val); interpdevalloc.da_devname = getdadmfield(interpdaline, KV_DELIMITER); interpdevalloc.da_devtype = getdadmfield(NULL, KV_DELIMITER); opts = getdadmfield(NULL, KV_DELIMITER); (void) getdadmfield(NULL, KV_DELIMITER); /* reserved field */ interpdevalloc.da_devauth = getdadmfield(NULL, KV_DELIMITER); interpdevalloc.da_devexec = getdadmfield(NULL, KV_DELIMITER); interpdevalloc.da_devopts = NULL; if (interpdevalloc.da_devname == NULL || interpdevalloc.da_devtype == NULL) return (NULL); if ((opts != NULL) && (strncmp(opts, DA_RESERVED, strlen(DA_RESERVED)) != 0)) { interpdevalloc.da_devopts = _str2kva(opts, KV_ASSIGN, KV_TOKEN_DELIMIT); } /* remove any extraneous whitespace in the options */ if ((kvap = interpdevalloc.da_devopts) != NULL) { for (i = 0, kvp = kvap->data; i < kvap->length; i++, kvp++) { (void) pack_white(kvp->key); (void) pack_white(kvp->value); } } if (system_labeled) { /* if label range is not defined, use the default range. */ int i = 0, nlen = 0; char *minstr = NULL, *maxstr = NULL; kva_t *nkvap = NULL; kv_t *ndata = NULL, *odata = NULL; if (kvap == NULL) { nlen = 2; /* minlabel, maxlabel */ } else { nlen += kvap->length; if ((minstr = kva_match(kvap, DAOPT_MINLABEL)) == NULL) nlen++; if ((maxstr = kva_match(kvap, DAOPT_MAXLABEL)) == NULL) nlen++; } if ((minstr != NULL) && (maxstr != NULL)) /* * label range provided; we don't need to construct * default range. */ goto out; nkvap = _new_kva(nlen); ndata = nkvap->data; if (kvap != NULL) { for (i = 0; i < kvap->length; i++) { odata = kvap->data; ndata[i].key = _strdup_null(odata[i].key); ndata[i].value = _strdup_null(odata[i].value); nkvap->length++; } } if (minstr == NULL) { ndata[i].key = strdup(DAOPT_MINLABEL); ndata[i].value = strdup(DA_DEFAULT_MIN); nkvap->length++; i++; } if (maxstr == NULL) { ndata[i].key = strdup(DAOPT_MAXLABEL); ndata[i].value = strdup(DA_DEFAULT_MAX); nkvap->length++; } interpdevalloc.da_devopts = nkvap; } out: return (&interpdevalloc); }