10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
50Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
60Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
70Sstevel@tonic-gate * with the License.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
100Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
110Sstevel@tonic-gate * See the License for the specific language governing permissions
120Sstevel@tonic-gate * and limitations under the License.
130Sstevel@tonic-gate *
140Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
150Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
160Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
170Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
180Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
190Sstevel@tonic-gate *
200Sstevel@tonic-gate * CDDL HEADER END
210Sstevel@tonic-gate */
220Sstevel@tonic-gate /*
230Sstevel@tonic-gate * Copyright 1992 Sun Microsystems, Inc. All rights reserved.
240Sstevel@tonic-gate * Use is subject to license terms.
250Sstevel@tonic-gate */
260Sstevel@tonic-gate
27*722Smuffin #pragma ident "%Z%%M% %I% %E% SMI"
280Sstevel@tonic-gate
290Sstevel@tonic-gate #include <stdio.h>
300Sstevel@tonic-gate #include <string.h>
310Sstevel@tonic-gate #include <sys/types.h>
320Sstevel@tonic-gate #include <sys/label.h>
330Sstevel@tonic-gate #include <sys/audit.h>
340Sstevel@tonic-gate #include <auevents.h>
350Sstevel@tonic-gate
360Sstevel@tonic-gate #define ON 1
370Sstevel@tonic-gate #define OK 0
380Sstevel@tonic-gate #define OFF -1
390Sstevel@tonic-gate #define COMMA ','
400Sstevel@tonic-gate #define COMMASTR ","
410Sstevel@tonic-gate
420Sstevel@tonic-gate #define COMMON 0
430Sstevel@tonic-gate #define SUCCESS 1
440Sstevel@tonic-gate #define FAILURE 2
450Sstevel@tonic-gate
460Sstevel@tonic-gate #define MAXFLDLEN 25
470Sstevel@tonic-gate #define MAXSTRLEN 360
480Sstevel@tonic-gate #define MAXEVENT 11
490Sstevel@tonic-gate
500Sstevel@tonic-gate /* GLOBALS */
510Sstevel@tonic-gate
520Sstevel@tonic-gate static int length;
530Sstevel@tonic-gate static int pos = 0;
540Sstevel@tonic-gate
550Sstevel@tonic-gate struct list {
560Sstevel@tonic-gate short count;
570Sstevel@tonic-gate short on[MAXEVENT+1];
580Sstevel@tonic-gate short off;
590Sstevel@tonic-gate };
600Sstevel@tonic-gate typedef struct list list_t;
610Sstevel@tonic-gate
620Sstevel@tonic-gate struct exception {
630Sstevel@tonic-gate short type;
640Sstevel@tonic-gate short exception;
650Sstevel@tonic-gate };
660Sstevel@tonic-gate typedef struct exception except_t;
670Sstevel@tonic-gate
68*722Smuffin static int stringcopy(char *, char *, int);
69*722Smuffin
700Sstevel@tonic-gate /*
710Sstevel@tonic-gate * getauditflagschar() - convert bit flag to character string
720Sstevel@tonic-gate *
730Sstevel@tonic-gate * input: masks->as_success - audit on success
740Sstevel@tonic-gate * masks->as_failure - audit on failure
750Sstevel@tonic-gate * verbose - string format. 0 if short name; 1 if long name;
760Sstevel@tonic-gate *
770Sstevel@tonic-gate * output: auditstring - resultant audit string
780Sstevel@tonic-gate *
790Sstevel@tonic-gate * returns: 0 - entry read ok
800Sstevel@tonic-gate * -1 - error
810Sstevel@tonic-gate */
820Sstevel@tonic-gate
83*722Smuffin int
getauditflagschar(char * auditstring,audit_state_t * masks,int verbose)84*722Smuffin getauditflagschar(char *auditstring, audit_state_t *masks, int verbose)
850Sstevel@tonic-gate {
860Sstevel@tonic-gate int i, j, k, mask_num;
870Sstevel@tonic-gate int list = -1, retstat = 0;
880Sstevel@tonic-gate int except_list[3];
890Sstevel@tonic-gate char *prefix = " ";
900Sstevel@tonic-gate except_t except[2];
910Sstevel@tonic-gate list_t lists[3];
920Sstevel@tonic-gate
930Sstevel@tonic-gate /*
940Sstevel@tonic-gate * initialize input buffer
950Sstevel@tonic-gate */
960Sstevel@tonic-gate strcpy(auditstring, "");
970Sstevel@tonic-gate /*
980Sstevel@tonic-gate * initialize lists struct
990Sstevel@tonic-gate */
1000Sstevel@tonic-gate for (mask_num = COMMON; mask_num <= FAILURE; mask_num++) {
1010Sstevel@tonic-gate lists[mask_num].count = 0;
1020Sstevel@tonic-gate lists[mask_num].off = -1;
1030Sstevel@tonic-gate for (i=0;i<MAXEVENT+1;i++)
1040Sstevel@tonic-gate lists[mask_num].on[i] = -1;
1050Sstevel@tonic-gate }
1060Sstevel@tonic-gate /*
1070Sstevel@tonic-gate * initialize exception lists
1080Sstevel@tonic-gate */
1090Sstevel@tonic-gate for (i = 0; i < 2; i++) {
1100Sstevel@tonic-gate except[i].type = -1;
1110Sstevel@tonic-gate except[i].exception = -1;
1120Sstevel@tonic-gate }
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate for (i = 0; i < 3; i++)
1150Sstevel@tonic-gate except_list[i] = 0;
1160Sstevel@tonic-gate
1170Sstevel@tonic-gate /*
1180Sstevel@tonic-gate * set length global
1190Sstevel@tonic-gate */
1200Sstevel@tonic-gate length = verbose;
1210Sstevel@tonic-gate pos = 0;
1220Sstevel@tonic-gate
1230Sstevel@tonic-gate /*
1240Sstevel@tonic-gate * find turned-on events - if on, store index of event
1250Sstevel@tonic-gate * in one of the three event lists, common, success, failure.
1260Sstevel@tonic-gate */
1270Sstevel@tonic-gate for ( i = 0; i < MAXEVENT; i++) {
1280Sstevel@tonic-gate if (((event_class[i].event_mask & masks->as_success) > 0) ||
1290Sstevel@tonic-gate ((event_class[i].event_mask & masks->as_failure) > 0)) {
1300Sstevel@tonic-gate
1310Sstevel@tonic-gate /*
1320Sstevel@tonic-gate * check for events in common
1330Sstevel@tonic-gate */
1340Sstevel@tonic-gate if (((event_class[i].event_mask & masks->as_success) >
1350Sstevel@tonic-gate 0) &&
1360Sstevel@tonic-gate ((event_class[i].event_mask & masks->as_failure) > 0))
1370Sstevel@tonic-gate lists[COMMON].on[lists[COMMON].count++] = i;
1380Sstevel@tonic-gate
1390Sstevel@tonic-gate /*
1400Sstevel@tonic-gate * check for success events
1410Sstevel@tonic-gate */
1420Sstevel@tonic-gate if ((event_class[i].event_mask & masks->as_success) > 0)
1430Sstevel@tonic-gate lists[SUCCESS].on[lists[SUCCESS].count++] = i;
1440Sstevel@tonic-gate else {
1450Sstevel@tonic-gate except_list[SUCCESS]++;
1460Sstevel@tonic-gate if (lists[SUCCESS].off == -1)
1470Sstevel@tonic-gate lists[SUCCESS].off = i;
1480Sstevel@tonic-gate }
1490Sstevel@tonic-gate /*
1500Sstevel@tonic-gate * check for failure events
1510Sstevel@tonic-gate */
1520Sstevel@tonic-gate if ((event_class[i].event_mask & masks->as_failure) > 0)
1530Sstevel@tonic-gate lists[FAILURE].on[lists[FAILURE].count++] = i;
1540Sstevel@tonic-gate else {
1550Sstevel@tonic-gate except_list[FAILURE]++;
1560Sstevel@tonic-gate if (lists[FAILURE].off == -1)
1570Sstevel@tonic-gate lists[FAILURE].off = i;
1580Sstevel@tonic-gate }
1590Sstevel@tonic-gate } else {
1600Sstevel@tonic-gate except_list[COMMON]++;
1610Sstevel@tonic-gate if (lists[COMMON].off == -1)
1620Sstevel@tonic-gate lists[COMMON].off = i;
1630Sstevel@tonic-gate }
1640Sstevel@tonic-gate }
1650Sstevel@tonic-gate /*
1660Sstevel@tonic-gate * check for all set or all-1 set - output all and common exceptions.
1670Sstevel@tonic-gate * the all or common state is exclusive; only one of the
1680Sstevel@tonic-gate * three, (+-)all, allowed
1690Sstevel@tonic-gate */
1700Sstevel@tonic-gate /*
1710Sstevel@tonic-gate * no exceptions
1720Sstevel@tonic-gate */
1730Sstevel@tonic-gate if (lists[COMMON].count >= MAXEVENT-2) {
1740Sstevel@tonic-gate if (lists[COMMON].count == MAXEVENT)
1750Sstevel@tonic-gate list = COMMON;
1760Sstevel@tonic-gate
1770Sstevel@tonic-gate /*
1780Sstevel@tonic-gate * one exception
1790Sstevel@tonic-gate */
1800Sstevel@tonic-gate else if (lists[COMMON].count == MAXEVENT-1) {
1810Sstevel@tonic-gate for (i=COMMON;i<=FAILURE && (list == -1);i++) {
1820Sstevel@tonic-gate if (except_list[i] == 1) {
1830Sstevel@tonic-gate list = COMMON;
1840Sstevel@tonic-gate except[0].type = i;
1850Sstevel@tonic-gate except[0].exception = lists[i].off;
1860Sstevel@tonic-gate }
1870Sstevel@tonic-gate }
1880Sstevel@tonic-gate }
1890Sstevel@tonic-gate /*
1900Sstevel@tonic-gate * two exceptions
1910Sstevel@tonic-gate */
1920Sstevel@tonic-gate else if (lists[COMMON].count == MAXEVENT-2) {
1930Sstevel@tonic-gate if (except_list[COMMON] == 1) {
1940Sstevel@tonic-gate list = COMMON;
1950Sstevel@tonic-gate except[0].type = COMMON;
1960Sstevel@tonic-gate except[0].exception = lists[COMMON].off;
1970Sstevel@tonic-gate for (i=SUCCESS;i<=FAILURE;i++) {
1980Sstevel@tonic-gate if (except_list[i] == 1) {
1990Sstevel@tonic-gate except[1].type = i;
2000Sstevel@tonic-gate except[1].exception = lists[i].off;
2010Sstevel@tonic-gate }
2020Sstevel@tonic-gate }
2030Sstevel@tonic-gate
2040Sstevel@tonic-gate } else if (except_list[COMMON] == 0) {
2050Sstevel@tonic-gate for (i=SUCCESS,j=0;i<=FAILURE;i++) {
2060Sstevel@tonic-gate if (except_list[i] == 1) {
2070Sstevel@tonic-gate list = COMMON;
2080Sstevel@tonic-gate except[j].type = i;
2090Sstevel@tonic-gate except[j++].exception = lists[i].off;
2100Sstevel@tonic-gate }
2110Sstevel@tonic-gate }
2120Sstevel@tonic-gate }
2130Sstevel@tonic-gate }
2140Sstevel@tonic-gate } else {
2150Sstevel@tonic-gate /*
2160Sstevel@tonic-gate * check for +all or -all
2170Sstevel@tonic-gate */
2180Sstevel@tonic-gate for (i=SUCCESS,j=0;i<=FAILURE;i++) {
2190Sstevel@tonic-gate if (lists[i].count >= MAXEVENT-1) {
2200Sstevel@tonic-gate list = i;
2210Sstevel@tonic-gate except[j].type = i;
2220Sstevel@tonic-gate if (lists[i].count != MAXEVENT) {
2230Sstevel@tonic-gate if (lists[i].off != -1)
2240Sstevel@tonic-gate except[j++].exception =
2250Sstevel@tonic-gate lists[i].off;
2260Sstevel@tonic-gate else
2270Sstevel@tonic-gate except[j++].exception =
2280Sstevel@tonic-gate lists[COMMON].off;
2290Sstevel@tonic-gate }
2300Sstevel@tonic-gate }
2310Sstevel@tonic-gate }
2320Sstevel@tonic-gate }
2330Sstevel@tonic-gate /*
2340Sstevel@tonic-gate * output all and exceptions
2350Sstevel@tonic-gate */
2360Sstevel@tonic-gate if (list != -1) {
2370Sstevel@tonic-gate if(list==SUCCESS) {
2380Sstevel@tonic-gate if ((stringcopy(auditstring, "+", 0)) == -1)
2390Sstevel@tonic-gate retstat = -1;
2400Sstevel@tonic-gate }
2410Sstevel@tonic-gate if(list==FAILURE) {
2420Sstevel@tonic-gate if ((stringcopy(auditstring, "-", 0)) == -1)
2430Sstevel@tonic-gate retstat = -1;
2440Sstevel@tonic-gate }
2450Sstevel@tonic-gate
2460Sstevel@tonic-gate if (retstat == 0) {
2470Sstevel@tonic-gate if (length) {
2480Sstevel@tonic-gate if
2490Sstevel@tonic-gate ((stringcopy(auditstring,event_class[11].event_lname,1)) == -1)
2500Sstevel@tonic-gate retstat = -1;
2510Sstevel@tonic-gate } else
2520Sstevel@tonic-gate if ((stringcopy(auditstring, event_class[11].event_sname,1)) == -1)
2530Sstevel@tonic-gate retstat = -1;
2540Sstevel@tonic-gate }
2550Sstevel@tonic-gate
2560Sstevel@tonic-gate if (retstat == 0) {
2570Sstevel@tonic-gate /*
2580Sstevel@tonic-gate * output exceptions
2590Sstevel@tonic-gate */
2600Sstevel@tonic-gate for (i=0;i<2 && except[i].exception != -1; i++) {
2610Sstevel@tonic-gate if ((stringcopy(auditstring, "^", 0)) == -1)
2620Sstevel@tonic-gate retstat = -1;
2630Sstevel@tonic-gate if(except[i].type==SUCCESS) {
2640Sstevel@tonic-gate if ((stringcopy(auditstring, "+", 0)) == -1)
2650Sstevel@tonic-gate retstat = -1;
2660Sstevel@tonic-gate }
2670Sstevel@tonic-gate if (except[i].type==FAILURE) {
2680Sstevel@tonic-gate if ((stringcopy(auditstring, "-", 0)) == -1)
2690Sstevel@tonic-gate retstat = -1;
2700Sstevel@tonic-gate }
2710Sstevel@tonic-gate if (length == 1 && retstat == 0) {
2720Sstevel@tonic-gate if ((stringcopy(auditstring,
2730Sstevel@tonic-gate event_class[except[i].exception].event_lname, 1))==-1)
2740Sstevel@tonic-gate retstat = -1;
2750Sstevel@tonic-gate } else if (retstat == 0) {
2760Sstevel@tonic-gate if ((stringcopy(auditstring,
2770Sstevel@tonic-gate event_class[except[i].exception].event_sname, 1))==-1)
2780Sstevel@tonic-gate retstat = -1;
2790Sstevel@tonic-gate }
2800Sstevel@tonic-gate }
2810Sstevel@tonic-gate }
2820Sstevel@tonic-gate } /* end of " all " processing */
2830Sstevel@tonic-gate
2840Sstevel@tonic-gate /*
2850Sstevel@tonic-gate * process common events if no "all" was output
2860Sstevel@tonic-gate */
2870Sstevel@tonic-gate if (list == -1 && (lists[COMMON].count > 0) && retstat == 0) {
2880Sstevel@tonic-gate /*
2890Sstevel@tonic-gate * output common events first
2900Sstevel@tonic-gate */
2910Sstevel@tonic-gate for (j=0;j<lists[COMMON].count;j++) {
2920Sstevel@tonic-gate if (length == 1) {
2930Sstevel@tonic-gate if ((stringcopy(auditstring,
2940Sstevel@tonic-gate event_class[lists[COMMON].on[j]].event_lname, 1)) == -1)
2950Sstevel@tonic-gate retstat = -1;
2960Sstevel@tonic-gate } else if ((stringcopy(auditstring,
2970Sstevel@tonic-gate event_class[lists[COMMON].on[j]].event_sname, 1)) == -1)
2980Sstevel@tonic-gate retstat = -1;
2990Sstevel@tonic-gate }
3000Sstevel@tonic-gate /*
3010Sstevel@tonic-gate * remove common events from individual lists
3020Sstevel@tonic-gate */
3030Sstevel@tonic-gate if (retstat == 0) {
3040Sstevel@tonic-gate for (i=SUCCESS;i<=FAILURE;i++) {
3050Sstevel@tonic-gate for(j=0;j<lists[COMMON].count;j++) {
3060Sstevel@tonic-gate for(k=0;k < lists[i].count;k++) {
3070Sstevel@tonic-gate if (lists[COMMON].on[j] ==
3080Sstevel@tonic-gate lists[i].on[k])
3090Sstevel@tonic-gate lists[i].on[k] = -1;
3100Sstevel@tonic-gate }
3110Sstevel@tonic-gate }
3120Sstevel@tonic-gate }
3130Sstevel@tonic-gate }
3140Sstevel@tonic-gate }
3150Sstevel@tonic-gate
3160Sstevel@tonic-gate /*
3170Sstevel@tonic-gate * start processing individual event flags in success
3180Sstevel@tonic-gate * and failure lists
3190Sstevel@tonic-gate */
3200Sstevel@tonic-gate if (list != COMMON && retstat == 0) {
3210Sstevel@tonic-gate for (i=SUCCESS;i<=FAILURE;i++) {
3220Sstevel@tonic-gate if(list != i) {
3230Sstevel@tonic-gate if (i==SUCCESS) strcpy(prefix, "+");
3240Sstevel@tonic-gate if (i==FAILURE) strcpy(prefix, "-");
3250Sstevel@tonic-gate for (j=0;j<MAXEVENT && j<lists[i].count;j++) {
3260Sstevel@tonic-gate if (lists[i].on[j] != -1) {
3270Sstevel@tonic-gate if ((stringcopy(auditstring, prefix, 0)) == -1)
3280Sstevel@tonic-gate retstat = -1;
3290Sstevel@tonic-gate if (length == 1 &&
3300Sstevel@tonic-gate retstat == 0) {
3310Sstevel@tonic-gate if ((stringcopy(auditstring,
3320Sstevel@tonic-gate event_class[lists[i].on[j]].event_lname, 1))==-1)
3330Sstevel@tonic-gate retstat = -1;
3340Sstevel@tonic-gate } else if (retstat == 0) {
3350Sstevel@tonic-gate if ((stringcopy(auditstring,
3360Sstevel@tonic-gate event_class[lists[i].on[j]].event_sname, 1))==-1)
3370Sstevel@tonic-gate retstat = -1;
3380Sstevel@tonic-gate }
3390Sstevel@tonic-gate }
3400Sstevel@tonic-gate }
3410Sstevel@tonic-gate }
3420Sstevel@tonic-gate }
3430Sstevel@tonic-gate }
3440Sstevel@tonic-gate if ((stringcopy(auditstring, "\0", 2)) == -1)
3450Sstevel@tonic-gate retstat = -1;
3460Sstevel@tonic-gate
3470Sstevel@tonic-gate return (retstat);
3480Sstevel@tonic-gate }
3490Sstevel@tonic-gate
350*722Smuffin static int
stringcopy(char * auditstring,char * event,int flag)351*722Smuffin stringcopy(char *auditstring, char *event,
352*722Smuffin int flag) /* if set, output comma after event */
3530Sstevel@tonic-gate {
3540Sstevel@tonic-gate int retstat = 0;
3550Sstevel@tonic-gate
3560Sstevel@tonic-gate /*
3570Sstevel@tonic-gate * check size
3580Sstevel@tonic-gate */
3590Sstevel@tonic-gate if (pos >= MAXSTRLEN) {
3600Sstevel@tonic-gate fprintf(stderr,"getauditflagschar: Inputted buffer too small.\n");
3610Sstevel@tonic-gate retstat = -1;
3620Sstevel@tonic-gate } else if (flag != 2) {
3630Sstevel@tonic-gate strcpy(auditstring+pos, event);
3640Sstevel@tonic-gate pos += strlen(event);
3650Sstevel@tonic-gate if(flag) {
3660Sstevel@tonic-gate strcpy(auditstring+pos, COMMASTR);
3670Sstevel@tonic-gate pos += strlen(COMMASTR);
3680Sstevel@tonic-gate }
3690Sstevel@tonic-gate } else {
3700Sstevel@tonic-gate /*
3710Sstevel@tonic-gate * add null terminator only
3720Sstevel@tonic-gate */
3730Sstevel@tonic-gate if (pos)
3740Sstevel@tonic-gate strcpy(auditstring+(pos-1), event);
3750Sstevel@tonic-gate
3760Sstevel@tonic-gate }
3770Sstevel@tonic-gate return (retstat);
3780Sstevel@tonic-gate }
3790Sstevel@tonic-gate
3800Sstevel@tonic-gate /*
3810Sstevel@tonic-gate * getauditflagsbin() - converts character string to success and
3820Sstevel@tonic-gate * failure bit masks
3830Sstevel@tonic-gate *
3840Sstevel@tonic-gate * input: auditstring - audit string
3850Sstevel@tonic-gate * cnt - number of elements in the masks array
3860Sstevel@tonic-gate *
3870Sstevel@tonic-gate * output: masks->as_success - audit on success
3880Sstevel@tonic-gate * masks->as_failure - audit on failure
3890Sstevel@tonic-gate *
3900Sstevel@tonic-gate * returns: 0 - ok
3910Sstevel@tonic-gate * -1 - error - string contains characters which do
3920Sstevel@tonic-gate * not match event flag names
3930Sstevel@tonic-gate */
3940Sstevel@tonic-gate
395*722Smuffin int
getauditflagsbin(char * auditstring,audit_state_t * masks)396*722Smuffin getauditflagsbin(char *auditstring, audit_state_t *masks)
3970Sstevel@tonic-gate {
3980Sstevel@tonic-gate int i, gotone, done = 0, invert = 0, tryagain;
3990Sstevel@tonic-gate int retstat = 0, succ_event, fail_event;
4000Sstevel@tonic-gate char *ptr, tmp_buff[MAXFLDLEN];
4010Sstevel@tonic-gate
4020Sstevel@tonic-gate /*
4030Sstevel@tonic-gate * process character string
4040Sstevel@tonic-gate */
4050Sstevel@tonic-gate do {
4060Sstevel@tonic-gate gotone = 0;
4070Sstevel@tonic-gate /*
4080Sstevel@tonic-gate * read through string storing chars. until a comma
4090Sstevel@tonic-gate */
4100Sstevel@tonic-gate for (ptr=tmp_buff; !gotone;) {
4110Sstevel@tonic-gate if(*auditstring!=COMMA && *auditstring!='\0' &&
4120Sstevel@tonic-gate *auditstring!='\n' && *auditstring!=' ')
4130Sstevel@tonic-gate *ptr++ = *auditstring++;
4140Sstevel@tonic-gate else if (*auditstring == ' ')
4150Sstevel@tonic-gate *auditstring++;
4160Sstevel@tonic-gate else {
4170Sstevel@tonic-gate if (*auditstring == '\0' ||
4180Sstevel@tonic-gate *auditstring == '\n') {
4190Sstevel@tonic-gate done = 1;
4200Sstevel@tonic-gate if (ptr == tmp_buff)
4210Sstevel@tonic-gate done = 2;
4220Sstevel@tonic-gate }
4230Sstevel@tonic-gate gotone = 1;
4240Sstevel@tonic-gate }
4250Sstevel@tonic-gate }
4260Sstevel@tonic-gate /*
4270Sstevel@tonic-gate * process audit state
4280Sstevel@tonic-gate */
4290Sstevel@tonic-gate if(gotone && done != 2) {
4300Sstevel@tonic-gate if(!done) auditstring++;
4310Sstevel@tonic-gate *ptr++ = '\0';
4320Sstevel@tonic-gate ptr = tmp_buff;
4330Sstevel@tonic-gate gotone = 0;
4340Sstevel@tonic-gate succ_event = ON;
4350Sstevel@tonic-gate fail_event = ON;
4360Sstevel@tonic-gate tryagain = 1;
4370Sstevel@tonic-gate invert = 0;
4380Sstevel@tonic-gate
4390Sstevel@tonic-gate /*
4400Sstevel@tonic-gate * get flags
4410Sstevel@tonic-gate */
4420Sstevel@tonic-gate do {
4430Sstevel@tonic-gate switch (*ptr++) {
4440Sstevel@tonic-gate case '^':
4450Sstevel@tonic-gate invert = 1;
4460Sstevel@tonic-gate succ_event = OFF;
4470Sstevel@tonic-gate fail_event = OFF;
4480Sstevel@tonic-gate break;
4490Sstevel@tonic-gate case '+':
4500Sstevel@tonic-gate if (invert)
4510Sstevel@tonic-gate fail_event = OK;
4520Sstevel@tonic-gate else {
4530Sstevel@tonic-gate succ_event = ON;
4540Sstevel@tonic-gate fail_event = OK;
4550Sstevel@tonic-gate }
4560Sstevel@tonic-gate break;
4570Sstevel@tonic-gate case '-':
4580Sstevel@tonic-gate if (invert)
4590Sstevel@tonic-gate succ_event = OK;
4600Sstevel@tonic-gate else {
4610Sstevel@tonic-gate fail_event = ON;
4620Sstevel@tonic-gate succ_event = OK;
4630Sstevel@tonic-gate }
4640Sstevel@tonic-gate break;
4650Sstevel@tonic-gate default:
4660Sstevel@tonic-gate tryagain = 0;
4670Sstevel@tonic-gate ptr--;
4680Sstevel@tonic-gate break;
4690Sstevel@tonic-gate }
4700Sstevel@tonic-gate } while(tryagain);
4710Sstevel@tonic-gate
4720Sstevel@tonic-gate /* add audit state to mask */
4730Sstevel@tonic-gate for (i=0;i<MAXEVENT+1 && !gotone;i++) {
4740Sstevel@tonic-gate if ((!(strcmp(ptr, event_class[i].event_sname))) ||
4750Sstevel@tonic-gate (!(strcmp(ptr, event_class[i].event_lname)))) {
4760Sstevel@tonic-gate if (succ_event == ON)
4770Sstevel@tonic-gate masks->as_success |= event_class[i].event_mask;
4780Sstevel@tonic-gate else if (succ_event == OFF)
4790Sstevel@tonic-gate masks->as_success &= ~(event_class[i].event_mask);
4800Sstevel@tonic-gate if (fail_event == ON)
4810Sstevel@tonic-gate masks->as_failure |= event_class[i].event_mask;
4820Sstevel@tonic-gate else if (fail_event == OFF)
4830Sstevel@tonic-gate masks->as_failure &= ~(event_class[i].event_mask);
4840Sstevel@tonic-gate gotone = 1;
4850Sstevel@tonic-gate }
4860Sstevel@tonic-gate }
4870Sstevel@tonic-gate if(!gotone) {
4880Sstevel@tonic-gate retstat = -1;
4890Sstevel@tonic-gate done = 1;
4900Sstevel@tonic-gate }
4910Sstevel@tonic-gate }
4920Sstevel@tonic-gate } while (!done);
4930Sstevel@tonic-gate
4940Sstevel@tonic-gate return (retstat);
4950Sstevel@tonic-gate }
496