Deleted Added
sdiff udiff text old ( 186647 ) new ( 189279 )
full compact
audit_warn.c (186647) audit_warn.c (189279)
1/*-
1/*-
2 * Copyright (c) 2005 Apple Inc.
2 * Copyright (c) 2005-2009 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#10 $
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#11 $
30 */
31
32#include <sys/types.h>
33
34#include <stdio.h>
35#include <stdlib.h>
36#include <unistd.h>
37
38#include "auditd.h"
39
40/*
41 * Write an audit-related error to the system log via syslog(3).
42 */
43static int
44auditwarnlog(char *args[])
45{
46 char *loc_args[9];
47 pid_t pid;
48 int i;
49
50 loc_args[0] = AUDITWARN_SCRIPT;
51 for (i = 0; args[i] != NULL && i < 8; i++)
52 loc_args[i+1] = args[i];
53 loc_args[i+1] = NULL;
54
55 pid = fork();
56 if (pid == -1)
57 return (-1);
58 if (pid == 0) {
59 /*
60 * Child.
61 */
62 execv(AUDITWARN_SCRIPT, loc_args);
63 syslog(LOG_ERR, "Could not exec %s (%m)\n",
64 AUDITWARN_SCRIPT);
65 exit(1);
66 }
67 /*
68 * Parent.
69 */
70 return (0);
71}
72
73/*
74 * Indicates that the hard limit for all filesystems has been exceeded.
75 */
76int
77audit_warn_allhard(void)
78{
79 char *args[2];
80
81 args[0] = HARDLIM_ALL_WARN;
82 args[1] = NULL;
83
84 return (auditwarnlog(args));
85}
86
87/*
88 * Indicates that the soft limit for all filesystems has been exceeded.
89 */
90int
91audit_warn_allsoft(void)
92{
93 char *args[2];
94
95 args[0] = SOFTLIM_ALL_WARN;
96 args[1] = NULL;
97
98 return (auditwarnlog(args));
99}
100
101/*
102 * Indicates that someone other than the audit daemon turned off auditing.
103 * XXX Its not clear at this point how this function will be invoked.
104 *
105 * XXXRW: This function is not used.
106 */
107int
108audit_warn_auditoff(void)
109{
110 char *args[2];
111
112 args[0] = AUDITOFF_WARN;
113 args[1] = NULL;
114
115 return (auditwarnlog(args));
116}
117
118/*
119 * Indicate that a trail file has been closed, so can now be post-processed.
120 */
121int
122audit_warn_closefile(char *filename)
123{
124 char *args[3];
125
126 args[0] = CLOSEFILE_WARN;
127 args[1] = filename;
128 args[2] = NULL;
129
130 return (auditwarnlog(args));
131}
132
133/*
134 * Indicates that the audit deammn is already running
135 */
136int
137audit_warn_ebusy(void)
138{
139 char *args[2];
140
141 args[0] = EBUSY_WARN;
142 args[1] = NULL;
143
144 return (auditwarnlog(args));
145}
146
147/*
148 * Indicates that there is a problem getting the directory from
149 * audit_control.
150 *
151 * XXX Note that we take the filename instead of a count as the argument here
152 * (different from BSM).
153 */
154int
155audit_warn_getacdir(char *filename)
156{
157 char *args[3];
158
159 args[0] = GETACDIR_WARN;
160 args[1] = filename;
161 args[2] = NULL;
162
163 return (auditwarnlog(args));
164}
165
166/*
167 * Indicates that the hard limit for this file has been exceeded.
168 */
169int
170audit_warn_hard(char *filename)
171{
172 char *args[3];
173
174 args[0] = HARDLIM_WARN;
175 args[1] = filename;
176 args[2] = NULL;
177
178 return (auditwarnlog(args));
179}
180
181/*
182 * Indicates that auditing could not be started.
183 */
184int
185audit_warn_nostart(void)
186{
187 char *args[2];
188
189 args[0] = NOSTART_WARN;
190 args[1] = NULL;
191
192 return (auditwarnlog(args));
193}
194
195/*
196 * Indicaes that an error occrred during the orderly shutdown of the audit
197 * daemon.
198 */
199int
200audit_warn_postsigterm(void)
201{
202 char *args[2];
203
204 args[0] = POSTSIGTERM_WARN;
205 args[1] = NULL;
206
207 return (auditwarnlog(args));
208}
209
210/*
211 * Indicates that the soft limit for this file has been exceeded.
212 */
213int
214audit_warn_soft(char *filename)
215{
216 char *args[3];
217
218 args[0] = SOFTLIM_WARN;
219 args[1] = filename;
220 args[2] = NULL;
221
222 return (auditwarnlog(args));
223}
224
225/*
226 * Indicates that the temporary audit file already exists indicating a fatal
227 * error.
228 */
229int
230audit_warn_tmpfile(void)
231{
232 char *args[2];
233
234 args[0] = TMPFILE_WARN;
235 args[1] = NULL;
236
237 return (auditwarnlog(args));
238}
30 */
31
32#include <sys/types.h>
33
34#include <stdio.h>
35#include <stdlib.h>
36#include <unistd.h>
37
38#include "auditd.h"
39
40/*
41 * Write an audit-related error to the system log via syslog(3).
42 */
43static int
44auditwarnlog(char *args[])
45{
46 char *loc_args[9];
47 pid_t pid;
48 int i;
49
50 loc_args[0] = AUDITWARN_SCRIPT;
51 for (i = 0; args[i] != NULL && i < 8; i++)
52 loc_args[i+1] = args[i];
53 loc_args[i+1] = NULL;
54
55 pid = fork();
56 if (pid == -1)
57 return (-1);
58 if (pid == 0) {
59 /*
60 * Child.
61 */
62 execv(AUDITWARN_SCRIPT, loc_args);
63 syslog(LOG_ERR, "Could not exec %s (%m)\n",
64 AUDITWARN_SCRIPT);
65 exit(1);
66 }
67 /*
68 * Parent.
69 */
70 return (0);
71}
72
73/*
74 * Indicates that the hard limit for all filesystems has been exceeded.
75 */
76int
77audit_warn_allhard(void)
78{
79 char *args[2];
80
81 args[0] = HARDLIM_ALL_WARN;
82 args[1] = NULL;
83
84 return (auditwarnlog(args));
85}
86
87/*
88 * Indicates that the soft limit for all filesystems has been exceeded.
89 */
90int
91audit_warn_allsoft(void)
92{
93 char *args[2];
94
95 args[0] = SOFTLIM_ALL_WARN;
96 args[1] = NULL;
97
98 return (auditwarnlog(args));
99}
100
101/*
102 * Indicates that someone other than the audit daemon turned off auditing.
103 * XXX Its not clear at this point how this function will be invoked.
104 *
105 * XXXRW: This function is not used.
106 */
107int
108audit_warn_auditoff(void)
109{
110 char *args[2];
111
112 args[0] = AUDITOFF_WARN;
113 args[1] = NULL;
114
115 return (auditwarnlog(args));
116}
117
118/*
119 * Indicate that a trail file has been closed, so can now be post-processed.
120 */
121int
122audit_warn_closefile(char *filename)
123{
124 char *args[3];
125
126 args[0] = CLOSEFILE_WARN;
127 args[1] = filename;
128 args[2] = NULL;
129
130 return (auditwarnlog(args));
131}
132
133/*
134 * Indicates that the audit deammn is already running
135 */
136int
137audit_warn_ebusy(void)
138{
139 char *args[2];
140
141 args[0] = EBUSY_WARN;
142 args[1] = NULL;
143
144 return (auditwarnlog(args));
145}
146
147/*
148 * Indicates that there is a problem getting the directory from
149 * audit_control.
150 *
151 * XXX Note that we take the filename instead of a count as the argument here
152 * (different from BSM).
153 */
154int
155audit_warn_getacdir(char *filename)
156{
157 char *args[3];
158
159 args[0] = GETACDIR_WARN;
160 args[1] = filename;
161 args[2] = NULL;
162
163 return (auditwarnlog(args));
164}
165
166/*
167 * Indicates that the hard limit for this file has been exceeded.
168 */
169int
170audit_warn_hard(char *filename)
171{
172 char *args[3];
173
174 args[0] = HARDLIM_WARN;
175 args[1] = filename;
176 args[2] = NULL;
177
178 return (auditwarnlog(args));
179}
180
181/*
182 * Indicates that auditing could not be started.
183 */
184int
185audit_warn_nostart(void)
186{
187 char *args[2];
188
189 args[0] = NOSTART_WARN;
190 args[1] = NULL;
191
192 return (auditwarnlog(args));
193}
194
195/*
196 * Indicaes that an error occrred during the orderly shutdown of the audit
197 * daemon.
198 */
199int
200audit_warn_postsigterm(void)
201{
202 char *args[2];
203
204 args[0] = POSTSIGTERM_WARN;
205 args[1] = NULL;
206
207 return (auditwarnlog(args));
208}
209
210/*
211 * Indicates that the soft limit for this file has been exceeded.
212 */
213int
214audit_warn_soft(char *filename)
215{
216 char *args[3];
217
218 args[0] = SOFTLIM_WARN;
219 args[1] = filename;
220 args[2] = NULL;
221
222 return (auditwarnlog(args));
223}
224
225/*
226 * Indicates that the temporary audit file already exists indicating a fatal
227 * error.
228 */
229int
230audit_warn_tmpfile(void)
231{
232 char *args[2];
233
234 args[0] = TMPFILE_WARN;
235 args[1] = NULL;
236
237 return (auditwarnlog(args));
238}
239
240/*
241 * Indicates that this trail file has expired and was removed.
242 */
243int
244audit_warn_expired(char *filename)
245{
246 char *args[3];
247
248 args[0] = EXPIRED_WARN;
249 args[1] = filename;
250 args[2] = NULL;
251
252 return (auditwarnlog(args));
253}