1/*-
2 * Copyright (c) 2004 Apple Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
--- 11 unchanged lines hidden (view full) ---
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $
31 */
32
33#include <config/config.h>
34
35#include <bsm/libbsm.h>
36
37#include <errno.h>
38#include <string.h>
39#ifdef HAVE_PTHREAD_MUTEX_LOCK
40#include <pthread.h>
41#endif
42#include <stdio.h>
43#include <stdlib.h>
44
--- 15 unchanged lines hidden (view full) ---
60static char inacdir = 0;
61static char ptrmoved = 0;
62
63#ifdef HAVE_PTHREAD_MUTEX_LOCK
64static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
65#endif
66
67/*
68 * Returns the string value corresponding to the given label from the
69 * configuration file.
70 *
71 * Must be called with mutex held.
72 */
73static int
74getstrfromtype_locked(char *name, char **str)
75{
--- 31 unchanged lines hidden (view full) ---
107 }
108 return (0); /* Success */
109 }
110 }
111 }
112}
113
114/*
115 * Convert a policy to a string. Return -1 on failure, or >= 0 representing
116 * the actual size of the string placed in the buffer (excluding terminating
117 * nul).
118 */
119ssize_t
120au_poltostr(long policy, size_t maxsize, char *buf)
121{
122 int first;
123
124 if (maxsize < 1)
125 return (-1);
126 first = 1;
127 buf[0] = '\0';
128
129 if (policy & AUDIT_CNT) {
130 if (strlcat(buf, "cnt", maxsize) >= maxsize)
131 return (-1);
132 first = 0;
133 }
134 if (policy & AUDIT_AHLT) {
135 if (!first) {
136 if (strlcat(buf, ",", maxsize) >= maxsize)
137 return (-1);
138 }
139 if (strlcat(buf, "ahlt", maxsize) >= maxsize)
140 return (-1);
141 first = 0;
142 }
143 if (policy & AUDIT_ARGV) {
144 if (!first) {
145 if (strlcat(buf, ",", maxsize) >= maxsize)
146 return (-1);
147 }
148 if (strlcat(buf, "argv", maxsize) >= maxsize)
149 return (-1);
150 first = 0;
151 }
152 if (policy & AUDIT_ARGE) {
153 if (!first) {
154 if (strlcat(buf, ",", maxsize) >= maxsize)
155 return (-1);
156 }
157 if (strlcat(buf, "arge", maxsize) >= maxsize)
158 return (-1);
159 first = 0;
160 }
161 if (policy & AUDIT_SEQ) {
162 if (!first) {
163 if (strlcat(buf, ",", maxsize) >= maxsize)
164 return (-1);
165 }
166 if (strlcat(buf, "seq", maxsize) >= maxsize)
167 return (-1);
168 first = 0;
169 }
170 if (policy & AUDIT_WINDATA) {
171 if (!first) {
172 if (strlcat(buf, ",", maxsize) >= maxsize)
173 return (-1);
174 }
175 if (strlcat(buf, "windata", maxsize) >= maxsize)
176 return (-1);
177 first = 0;
178 }
179 if (policy & AUDIT_USER) {
180 if (!first) {
181 if (strlcat(buf, ",", maxsize) >= maxsize)
182 return (-1);
183 }
184 if (strlcat(buf, "user", maxsize) >= maxsize)
185 return (-1);
186 first = 0;
187 }
188 if (policy & AUDIT_GROUP) {
189 if (!first) {
190 if (strlcat(buf, ",", maxsize) >= maxsize)
191 return (-1);
192 }
193 if (strlcat(buf, "group", maxsize) >= maxsize)
194 return (-1);
195 first = 0;
196 }
197 if (policy & AUDIT_TRAIL) {
198 if (!first) {
199 if (strlcat(buf, ",", maxsize) >= maxsize)
200 return (-1);
201 }
202 if (strlcat(buf, "trail", maxsize) >= maxsize)
203 return (-1);
204 first = 0;
205 }
206 if (policy & AUDIT_PATH) {
207 if (!first) {
208 if (strlcat(buf, ",", maxsize) >= maxsize)
209 return (-1);
210 }
211 if (strlcat(buf, "path", maxsize) >= maxsize)
212 return (-1);
213 first = 0;
214 }
215 if (policy & AUDIT_SCNT) {
216 if (!first) {
217 if (strlcat(buf, ",", maxsize) >= maxsize)
218 return (-1);
219 }
220 if (strlcat(buf, "scnt", maxsize) >= maxsize)
221 return (-1);
222 first = 0;
223 }
224 if (policy & AUDIT_PUBLIC) {
225 if (!first) {
226 if (strlcat(buf, ",", maxsize) >= maxsize)
227 return (-1);
228 }
229 if (strlcat(buf, "public", maxsize) >= maxsize)
230 return (-1);
231 first = 0;
232 }
233 if (policy & AUDIT_ZONENAME) {
234 if (!first) {
235 if (strlcat(buf, ",", maxsize) >= maxsize)
236 return (-1);
237 }
238 if (strlcat(buf, "zonename", maxsize) >= maxsize)
239 return (-1);
240 first = 0;
241 }
242 if (policy & AUDIT_PERZONE) {
243 if (!first) {
244 if (strlcat(buf, ",", maxsize) >= maxsize)
245 return (-1);
246 }
247 if (strlcat(buf, "perzone", maxsize) >= maxsize)
248 return (-1);
249 first = 0;
250 }
251 return (strlen(buf));
252}
253
254/*
255 * Convert a string to a policy. Return -1 on failure (with errno EINVAL,
256 * ENOMEM) or 0 on success.
257 */
258int
259au_strtopol(const char *polstr, long *policy)
260{
261 char *bufp, *string;
262 char *buffer;
263
264 *policy = 0;
265 buffer = strdup(polstr);
266 if (buffer == NULL)
267 return (-1);
268
269 bufp = buffer;
270 while ((string = strsep(&bufp, ",")) != NULL) {
271 if (strcmp(string, "cnt") == 0)
272 *policy |= AUDIT_CNT;
273 else if (strcmp(string, "ahlt") == 0)
274 *policy |= AUDIT_AHLT;
275 else if (strcmp(string, "argv") == 0)
276 *policy |= AUDIT_ARGV;
277 else if (strcmp(string, "arge") == 0)
278 *policy |= AUDIT_ARGE;
279 else if (strcmp(string, "seq") == 0)
280 *policy |= AUDIT_SEQ;
281 else if (strcmp(string, "winau_fstat") == 0)
282 *policy |= AUDIT_WINDATA;
283 else if (strcmp(string, "user") == 0)
284 *policy |= AUDIT_USER;
285 else if (strcmp(string, "group") == 0)
286 *policy |= AUDIT_GROUP;
287 else if (strcmp(string, "trail") == 0)
288 *policy |= AUDIT_TRAIL;
289 else if (strcmp(string, "path") == 0)
290 *policy |= AUDIT_PATH;
291 else if (strcmp(string, "scnt") == 0)
292 *policy |= AUDIT_SCNT;
293 else if (strcmp(string, "public") == 0)
294 *policy |= AUDIT_PUBLIC;
295 else if (strcmp(string, "zonename") == 0)
296 *policy |= AUDIT_ZONENAME;
297 else if (strcmp(string, "perzone") == 0)
298 *policy |= AUDIT_PERZONE;
299 else {
300 free(buffer);
301 errno = EINVAL;
302 return (-1);
303 }
304 }
305 free(buffer);
306 return (0);
307}
--- 122 unchanged lines hidden (view full) ---
430}
431
432/*
433 * Return the desired trail rotation size from the audit control file.
434 */
435int
436getacfilesz(size_t *filesz_val)
437{
438 char *filesz, *dummy;
439 long long ll;
440
441#ifdef HAVE_PTHREAD_MUTEX_LOCK
442 pthread_mutex_lock(&mutex);
443#endif
444 setac_locked();
445 if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
446#ifdef HAVE_PTHREAD_MUTEX_LOCK
447 pthread_mutex_unlock(&mutex);
448#endif
449 return (-2);
450 }
451 if (filesz == NULL) {
452#ifdef HAVE_PTHREAD_MUTEX_LOCK
453 pthread_mutex_unlock(&mutex);
454#endif
455 errno = EINVAL;
456 return (1);
457 }
458 ll = strtoll(filesz, &dummy, 10);
459 if (*dummy != '\0') {
460#ifdef HAVE_PTHREAD_MUTEX_LOCK
461 pthread_mutex_unlock(&mutex);
462#endif
463 errno = EINVAL;
464 return (-1);
465 }
466 /*
467 * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0
468 * indicates no rotation size.
469 */
470 if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
471#ifdef HAVE_PTHREAD_MUTEX_LOCK
472 pthread_mutex_unlock(&mutex);
473#endif
474 errno = EINVAL;
475 return (-1);
476 }
477 *filesz_val = ll;
478#ifdef HAVE_PTHREAD_MUTEX_LOCK
479 pthread_mutex_unlock(&mutex);
480#endif
481 return (0);
482}
483
484/*
485 * Return the system audit value from the audit contol file.
--- 128 unchanged lines hidden (view full) ---
614 return (1);
615 }
616 if (strlen(str) >= len) {
617#ifdef HAVE_PTHREAD_MUTEX_LOCK
618 pthread_mutex_unlock(&mutex);
619#endif
620 return (-3);
621 }
622 strcpy(auditstr, str);
623#ifdef HAVE_PTHREAD_MUTEX_LOCK
624 pthread_mutex_unlock(&mutex);
625#endif
626 return (0);
627}
2 * Copyright (c) 2004 Apple Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
--- 11 unchanged lines hidden (view full) ---
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $
31 */
32
33#include <config/config.h>
34
35#include <bsm/libbsm.h>
36
37#include <errno.h>
38#include <string.h>
39#ifdef HAVE_PTHREAD_MUTEX_LOCK
40#include <pthread.h>
41#endif
42#include <stdio.h>
43#include <stdlib.h>
44
--- 15 unchanged lines hidden (view full) ---
60static char inacdir = 0;
61static char ptrmoved = 0;
62
63#ifdef HAVE_PTHREAD_MUTEX_LOCK
64static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
65#endif
66
67/*
68 * Returns the string value corresponding to the given label from the
69 * configuration file.
70 *
71 * Must be called with mutex held.
72 */
73static int
74getstrfromtype_locked(char *name, char **str)
75{
--- 31 unchanged lines hidden (view full) ---
107 }
108 return (0); /* Success */
109 }
110 }
111 }
112}
113
114/*
115 * Convert a policy to a string. Return -1 on failure, or >= 0 representing
116 * the actual size of the string placed in the buffer (excluding terminating
117 * nul).
118 */
119ssize_t
120au_poltostr(long policy, size_t maxsize, char *buf)
121{
122 int first;
123
124 if (maxsize < 1)
125 return (-1);
126 first = 1;
127 buf[0] = '\0';
128
129 if (policy & AUDIT_CNT) {
130 if (strlcat(buf, "cnt", maxsize) >= maxsize)
131 return (-1);
132 first = 0;
133 }
134 if (policy & AUDIT_AHLT) {
135 if (!first) {
136 if (strlcat(buf, ",", maxsize) >= maxsize)
137 return (-1);
138 }
139 if (strlcat(buf, "ahlt", maxsize) >= maxsize)
140 return (-1);
141 first = 0;
142 }
143 if (policy & AUDIT_ARGV) {
144 if (!first) {
145 if (strlcat(buf, ",", maxsize) >= maxsize)
146 return (-1);
147 }
148 if (strlcat(buf, "argv", maxsize) >= maxsize)
149 return (-1);
150 first = 0;
151 }
152 if (policy & AUDIT_ARGE) {
153 if (!first) {
154 if (strlcat(buf, ",", maxsize) >= maxsize)
155 return (-1);
156 }
157 if (strlcat(buf, "arge", maxsize) >= maxsize)
158 return (-1);
159 first = 0;
160 }
161 if (policy & AUDIT_SEQ) {
162 if (!first) {
163 if (strlcat(buf, ",", maxsize) >= maxsize)
164 return (-1);
165 }
166 if (strlcat(buf, "seq", maxsize) >= maxsize)
167 return (-1);
168 first = 0;
169 }
170 if (policy & AUDIT_WINDATA) {
171 if (!first) {
172 if (strlcat(buf, ",", maxsize) >= maxsize)
173 return (-1);
174 }
175 if (strlcat(buf, "windata", maxsize) >= maxsize)
176 return (-1);
177 first = 0;
178 }
179 if (policy & AUDIT_USER) {
180 if (!first) {
181 if (strlcat(buf, ",", maxsize) >= maxsize)
182 return (-1);
183 }
184 if (strlcat(buf, "user", maxsize) >= maxsize)
185 return (-1);
186 first = 0;
187 }
188 if (policy & AUDIT_GROUP) {
189 if (!first) {
190 if (strlcat(buf, ",", maxsize) >= maxsize)
191 return (-1);
192 }
193 if (strlcat(buf, "group", maxsize) >= maxsize)
194 return (-1);
195 first = 0;
196 }
197 if (policy & AUDIT_TRAIL) {
198 if (!first) {
199 if (strlcat(buf, ",", maxsize) >= maxsize)
200 return (-1);
201 }
202 if (strlcat(buf, "trail", maxsize) >= maxsize)
203 return (-1);
204 first = 0;
205 }
206 if (policy & AUDIT_PATH) {
207 if (!first) {
208 if (strlcat(buf, ",", maxsize) >= maxsize)
209 return (-1);
210 }
211 if (strlcat(buf, "path", maxsize) >= maxsize)
212 return (-1);
213 first = 0;
214 }
215 if (policy & AUDIT_SCNT) {
216 if (!first) {
217 if (strlcat(buf, ",", maxsize) >= maxsize)
218 return (-1);
219 }
220 if (strlcat(buf, "scnt", maxsize) >= maxsize)
221 return (-1);
222 first = 0;
223 }
224 if (policy & AUDIT_PUBLIC) {
225 if (!first) {
226 if (strlcat(buf, ",", maxsize) >= maxsize)
227 return (-1);
228 }
229 if (strlcat(buf, "public", maxsize) >= maxsize)
230 return (-1);
231 first = 0;
232 }
233 if (policy & AUDIT_ZONENAME) {
234 if (!first) {
235 if (strlcat(buf, ",", maxsize) >= maxsize)
236 return (-1);
237 }
238 if (strlcat(buf, "zonename", maxsize) >= maxsize)
239 return (-1);
240 first = 0;
241 }
242 if (policy & AUDIT_PERZONE) {
243 if (!first) {
244 if (strlcat(buf, ",", maxsize) >= maxsize)
245 return (-1);
246 }
247 if (strlcat(buf, "perzone", maxsize) >= maxsize)
248 return (-1);
249 first = 0;
250 }
251 return (strlen(buf));
252}
253
254/*
255 * Convert a string to a policy. Return -1 on failure (with errno EINVAL,
256 * ENOMEM) or 0 on success.
257 */
258int
259au_strtopol(const char *polstr, long *policy)
260{
261 char *bufp, *string;
262 char *buffer;
263
264 *policy = 0;
265 buffer = strdup(polstr);
266 if (buffer == NULL)
267 return (-1);
268
269 bufp = buffer;
270 while ((string = strsep(&bufp, ",")) != NULL) {
271 if (strcmp(string, "cnt") == 0)
272 *policy |= AUDIT_CNT;
273 else if (strcmp(string, "ahlt") == 0)
274 *policy |= AUDIT_AHLT;
275 else if (strcmp(string, "argv") == 0)
276 *policy |= AUDIT_ARGV;
277 else if (strcmp(string, "arge") == 0)
278 *policy |= AUDIT_ARGE;
279 else if (strcmp(string, "seq") == 0)
280 *policy |= AUDIT_SEQ;
281 else if (strcmp(string, "winau_fstat") == 0)
282 *policy |= AUDIT_WINDATA;
283 else if (strcmp(string, "user") == 0)
284 *policy |= AUDIT_USER;
285 else if (strcmp(string, "group") == 0)
286 *policy |= AUDIT_GROUP;
287 else if (strcmp(string, "trail") == 0)
288 *policy |= AUDIT_TRAIL;
289 else if (strcmp(string, "path") == 0)
290 *policy |= AUDIT_PATH;
291 else if (strcmp(string, "scnt") == 0)
292 *policy |= AUDIT_SCNT;
293 else if (strcmp(string, "public") == 0)
294 *policy |= AUDIT_PUBLIC;
295 else if (strcmp(string, "zonename") == 0)
296 *policy |= AUDIT_ZONENAME;
297 else if (strcmp(string, "perzone") == 0)
298 *policy |= AUDIT_PERZONE;
299 else {
300 free(buffer);
301 errno = EINVAL;
302 return (-1);
303 }
304 }
305 free(buffer);
306 return (0);
307}
--- 122 unchanged lines hidden (view full) ---
430}
431
432/*
433 * Return the desired trail rotation size from the audit control file.
434 */
435int
436getacfilesz(size_t *filesz_val)
437{
438 char *filesz, *dummy;
439 long long ll;
440
441#ifdef HAVE_PTHREAD_MUTEX_LOCK
442 pthread_mutex_lock(&mutex);
443#endif
444 setac_locked();
445 if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
446#ifdef HAVE_PTHREAD_MUTEX_LOCK
447 pthread_mutex_unlock(&mutex);
448#endif
449 return (-2);
450 }
451 if (filesz == NULL) {
452#ifdef HAVE_PTHREAD_MUTEX_LOCK
453 pthread_mutex_unlock(&mutex);
454#endif
455 errno = EINVAL;
456 return (1);
457 }
458 ll = strtoll(filesz, &dummy, 10);
459 if (*dummy != '\0') {
460#ifdef HAVE_PTHREAD_MUTEX_LOCK
461 pthread_mutex_unlock(&mutex);
462#endif
463 errno = EINVAL;
464 return (-1);
465 }
466 /*
467 * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0
468 * indicates no rotation size.
469 */
470 if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
471#ifdef HAVE_PTHREAD_MUTEX_LOCK
472 pthread_mutex_unlock(&mutex);
473#endif
474 errno = EINVAL;
475 return (-1);
476 }
477 *filesz_val = ll;
478#ifdef HAVE_PTHREAD_MUTEX_LOCK
479 pthread_mutex_unlock(&mutex);
480#endif
481 return (0);
482}
483
484/*
485 * Return the system audit value from the audit contol file.
--- 128 unchanged lines hidden (view full) ---
614 return (1);
615 }
616 if (strlen(str) >= len) {
617#ifdef HAVE_PTHREAD_MUTEX_LOCK
618 pthread_mutex_unlock(&mutex);
619#endif
620 return (-3);
621 }
622 strcpy(auditstr, str);
623#ifdef HAVE_PTHREAD_MUTEX_LOCK
624 pthread_mutex_unlock(&mutex);
625#endif
626 return (0);
627}