1/* 2 * Copyright (c) 2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 17 * its contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 *
| 1/* 2 * Copyright (c) 2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 17 * its contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 *
|
34 */ 35 36#include <sys/types.h> 37 38#include <stdio.h> 39#include <stdlib.h> 40#include <unistd.h> 41 42#include "auditd.h" 43 44/* 45 * Write an audit-related error to the system log via syslog(3). 46 */ 47static int 48auditwarnlog(char *args[]) 49{ 50 char *loc_args[9]; 51 pid_t pid; 52 int i; 53 54 loc_args[0] = AUDITWARN_SCRIPT; 55 for (i = 0; args[i] != NULL && i < 8; i++) 56 loc_args[i+1] = args[i]; 57 loc_args[i+1] = NULL; 58 59 pid = fork(); 60 if (pid == -1) 61 return (-1); 62 if (pid == 0) { 63 /* 64 * Child. 65 */ 66 execv(AUDITWARN_SCRIPT, loc_args); 67 syslog(LOG_ERR, "Could not exec %s (%m)\n", 68 AUDITWARN_SCRIPT); 69 exit(1); 70 } 71 /* 72 * Parent. 73 */ 74 return (0); 75} 76 77/* 78 * Indicates that the hard limit for all filesystems has been exceeded count 79 * times. 80 */ 81int 82audit_warn_allhard(int count) 83{ 84 char intstr[12]; 85 char *args[3]; 86 87 snprintf(intstr, 12, "%d", count); 88 89 args[0] = HARDLIM_ALL_WARN; 90 args[1] = intstr; 91 args[2] = NULL; 92 93 return (auditwarnlog(args)); 94} 95 96/* 97 * Indicates that the soft limit for all filesystems has been exceeded. 98 */ 99int 100audit_warn_allsoft(void) 101{ 102 char *args[2]; 103 104 args[0] = SOFTLIM_ALL_WARN; 105 args[1] = NULL; 106 107 return (auditwarnlog(args)); 108} 109 110/* 111 * Indicates that someone other than the audit daemon turned off auditing. 112 * XXX Its not clear at this point how this function will be invoked. 113 * 114 * XXXRW: This function is not used. 115 */ 116int 117audit_warn_auditoff(void) 118{ 119 char *args[2]; 120 121 args[0] = AUDITOFF_WARN; 122 args[1] = NULL; 123 124 return (auditwarnlog(args)); 125} 126 127/*
| 34 */ 35 36#include <sys/types.h> 37 38#include <stdio.h> 39#include <stdlib.h> 40#include <unistd.h> 41 42#include "auditd.h" 43 44/* 45 * Write an audit-related error to the system log via syslog(3). 46 */ 47static int 48auditwarnlog(char *args[]) 49{ 50 char *loc_args[9]; 51 pid_t pid; 52 int i; 53 54 loc_args[0] = AUDITWARN_SCRIPT; 55 for (i = 0; args[i] != NULL && i < 8; i++) 56 loc_args[i+1] = args[i]; 57 loc_args[i+1] = NULL; 58 59 pid = fork(); 60 if (pid == -1) 61 return (-1); 62 if (pid == 0) { 63 /* 64 * Child. 65 */ 66 execv(AUDITWARN_SCRIPT, loc_args); 67 syslog(LOG_ERR, "Could not exec %s (%m)\n", 68 AUDITWARN_SCRIPT); 69 exit(1); 70 } 71 /* 72 * Parent. 73 */ 74 return (0); 75} 76 77/* 78 * Indicates that the hard limit for all filesystems has been exceeded count 79 * times. 80 */ 81int 82audit_warn_allhard(int count) 83{ 84 char intstr[12]; 85 char *args[3]; 86 87 snprintf(intstr, 12, "%d", count); 88 89 args[0] = HARDLIM_ALL_WARN; 90 args[1] = intstr; 91 args[2] = NULL; 92 93 return (auditwarnlog(args)); 94} 95 96/* 97 * Indicates that the soft limit for all filesystems has been exceeded. 98 */ 99int 100audit_warn_allsoft(void) 101{ 102 char *args[2]; 103 104 args[0] = SOFTLIM_ALL_WARN; 105 args[1] = NULL; 106 107 return (auditwarnlog(args)); 108} 109 110/* 111 * Indicates that someone other than the audit daemon turned off auditing. 112 * XXX Its not clear at this point how this function will be invoked. 113 * 114 * XXXRW: This function is not used. 115 */ 116int 117audit_warn_auditoff(void) 118{ 119 char *args[2]; 120 121 args[0] = AUDITOFF_WARN; 122 args[1] = NULL; 123 124 return (auditwarnlog(args)); 125} 126 127/*
|