1/*-
2 * Copyright (c) 2004-2008 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
--- 10 unchanged lines hidden (view full) ---
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#41 $
30 */
31
32#include <sys/types.h>
33
34#include <config/config.h>
35
36#include <sys/dirent.h>
37#ifdef HAVE_FULL_QUEUE_H
--- 24 unchanged lines hidden (view full) ---
62
63#include "auditd.h"
64
65#ifndef HAVE_STRLCPY
66#include <compat/strlcpy.h>
67#endif
68
69/*
70 * XXX the following is temporary until this can be added to the kernel
71 * audit.h header.
72 */
73#ifndef AUDIT_TRIGGER_INITIALIZE
74#define AUDIT_TRIGGER_INITIALIZE 7
75#endif
76
77/*
78 * LaunchD flag (Mac OS X and, maybe, FreeBSD only.) See launchd(8) and
79 * http://wiki.freebsd.org/launchd for more information.
80 *
81 * In order for auditd to work "on demand" with launchd(8) it can't:
82 * call daemon(3)
83 * call fork and having the parent process exit
84 * change uids or gids.
--- 76 unchanged lines hidden (view full) ---
161 len = strlen(lastfile) + 1;
162 oldname = (char *)malloc(len);
163 if (oldname == NULL)
164 return (-1);
165 strlcpy(oldname, lastfile, len);
166
167 /* Rename the last file -- append timestamp. */
168 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
169 strlcpy(ptr, TS, TIMESTAMP_LEN);
170 if (rename(oldname, lastfile) != 0)
171 auditd_log_err(
172 "Could not rename %s to %s: %m", oldname,
173 lastfile);
174 else {
175 /*
176 * Remove the 'current' symlink since the link
177 * is now invalid.
--- 92 unchanged lines hidden (view full) ---
270 /*
271 * XXX Faulty directory listing? - user should be given
272 * XXX an opportunity to change the audit_control file
273 * XXX switch to a reduced mode of auditing?
274 */
275 return (-1);
276 }
277
278 return (0);
279}
280
281/*
282 * Start up auditing.
283 */
284static void
285audit_setup(void)
--- 259 unchanged lines hidden (view full) ---
545 break;
546
547 case AUDIT_TRIGGER_INITIALIZE:
548 auditd_log_info("Got audit initialize trigger");
549 if (au_state == AUD_STATE_DISABLED)
550 audit_setup();
551 break;
552
553 default:
554 auditd_log_err("Got unknown trigger %d", trigger);
555 break;
556 }
557}
558
559/*
560 * Reap our children.
--- 103 unchanged lines hidden (view full) ---
664 auditd_log_debug(
665 "Set audit trail min free percent in kernel.");
666
667 /*
668 * Configure host address in the audit kernel information.
669 */
670 err = auditd_set_host();
671 if (err) {
672 auditd_log_err("auditd_set_host() %s: %m",
673 auditd_strerror(err));
674 ret = -1;
675 } else
676 auditd_log_debug(
677 "Set audit host address information in kernel.");
678
679 return (ret);
680}
681
682/*
683 * Setup and initialize auditd.
684 */
685static void
686setup(void)
--- 111 unchanged lines hidden ---
2 * Copyright (c) 2004-2008 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
--- 10 unchanged lines hidden (view full) ---
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#41 $
30 */
31
32#include <sys/types.h>
33
34#include <config/config.h>
35
36#include <sys/dirent.h>
37#ifdef HAVE_FULL_QUEUE_H
--- 24 unchanged lines hidden (view full) ---
62
63#include "auditd.h"
64
65#ifndef HAVE_STRLCPY
66#include <compat/strlcpy.h>
67#endif
68
69/*
70 * XXX the following is temporary until this can be added to the kernel
71 * audit.h header.
72 */
73#ifndef AUDIT_TRIGGER_INITIALIZE
74#define AUDIT_TRIGGER_INITIALIZE 7
75#endif
76
77/*
78 * LaunchD flag (Mac OS X and, maybe, FreeBSD only.) See launchd(8) and
79 * http://wiki.freebsd.org/launchd for more information.
80 *
81 * In order for auditd to work "on demand" with launchd(8) it can't:
82 * call daemon(3)
83 * call fork and having the parent process exit
84 * change uids or gids.
--- 76 unchanged lines hidden (view full) ---
161 len = strlen(lastfile) + 1;
162 oldname = (char *)malloc(len);
163 if (oldname == NULL)
164 return (-1);
165 strlcpy(oldname, lastfile, len);
166
167 /* Rename the last file -- append timestamp. */
168 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
169 strlcpy(ptr, TS, TIMESTAMP_LEN);
170 if (rename(oldname, lastfile) != 0)
171 auditd_log_err(
172 "Could not rename %s to %s: %m", oldname,
173 lastfile);
174 else {
175 /*
176 * Remove the 'current' symlink since the link
177 * is now invalid.
--- 92 unchanged lines hidden (view full) ---
270 /*
271 * XXX Faulty directory listing? - user should be given
272 * XXX an opportunity to change the audit_control file
273 * XXX switch to a reduced mode of auditing?
274 */
275 return (-1);
276 }
277
278 return (0);
279}
280
281/*
282 * Start up auditing.
283 */
284static void
285audit_setup(void)
--- 259 unchanged lines hidden (view full) ---
545 break;
546
547 case AUDIT_TRIGGER_INITIALIZE:
548 auditd_log_info("Got audit initialize trigger");
549 if (au_state == AUD_STATE_DISABLED)
550 audit_setup();
551 break;
552
553 default:
554 auditd_log_err("Got unknown trigger %d", trigger);
555 break;
556 }
557}
558
559/*
560 * Reap our children.
--- 103 unchanged lines hidden (view full) ---
664 auditd_log_debug(
665 "Set audit trail min free percent in kernel.");
666
667 /*
668 * Configure host address in the audit kernel information.
669 */
670 err = auditd_set_host();
671 if (err) {
672 auditd_log_err("auditd_set_host() %s: %m",
673 auditd_strerror(err));
674 ret = -1;
675 } else
676 auditd_log_debug(
677 "Set audit host address information in kernel.");
678
679 return (ret);
680}
681
682/*
683 * Setup and initialize auditd.
684 */
685static void
686setup(void)
--- 111 unchanged lines hidden ---