Deleted Added
sdiff udiff text old ( 156283 ) new ( 162621 )
full compact
audit_warn.c (156283) audit_warn.c (162621)
1/*
2 * Copyright (c) 2005 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * @APPLE_BSD_LICENSE_HEADER_START@
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * @APPLE_BSD_LICENSE_HEADER_END@
32 *
1/*
2 * Copyright (c) 2005 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * @APPLE_BSD_LICENSE_HEADER_START@
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * @APPLE_BSD_LICENSE_HEADER_END@
32 *
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
34 */
35
36#include <sys/types.h>
37
38#include <stdio.h>
39#include <stdlib.h>
40#include <unistd.h>
41
42#include "auditd.h"
43
44/*
45 * Write an audit-related error to the system log via syslog(3).
46 */
47static int
48auditwarnlog(char *args[])
49{
50 char *loc_args[9];
51 pid_t pid;
52 int i;
53
54 loc_args[0] = AUDITWARN_SCRIPT;
55 for (i = 0; args[i] != NULL && i < 8; i++)
56 loc_args[i+1] = args[i];
57 loc_args[i+1] = NULL;
58
59 pid = fork();
60 if (pid == -1)
61 return (-1);
62 if (pid == 0) {
63 /*
64 * Child.
65 */
66 execv(AUDITWARN_SCRIPT, loc_args);
67 syslog(LOG_ERR, "Could not exec %s (%m)\n",
68 AUDITWARN_SCRIPT);
69 exit(1);
70 }
71 /*
72 * Parent.
73 */
74 return (0);
75}
76
77/*
78 * Indicates that the hard limit for all filesystems has been exceeded count
79 * times.
80 */
81int
82audit_warn_allhard(int count)
83{
84 char intstr[12];
85 char *args[3];
86
87 snprintf(intstr, 12, "%d", count);
88
89 args[0] = HARDLIM_ALL_WARN;
90 args[1] = intstr;
91 args[2] = NULL;
92
93 return (auditwarnlog(args));
94}
95
96/*
97 * Indicates that the soft limit for all filesystems has been exceeded.
98 */
99int
100audit_warn_allsoft(void)
101{
102 char *args[2];
103
104 args[0] = SOFTLIM_ALL_WARN;
105 args[1] = NULL;
106
107 return (auditwarnlog(args));
108}
109
110/*
111 * Indicates that someone other than the audit daemon turned off auditing.
112 * XXX Its not clear at this point how this function will be invoked.
113 *
114 * XXXRW: This function is not used.
115 */
116int
117audit_warn_auditoff(void)
118{
119 char *args[2];
120
121 args[0] = AUDITOFF_WARN;
122 args[1] = NULL;
123
124 return (auditwarnlog(args));
125}
126
127/*
34 */
35
36#include <sys/types.h>
37
38#include <stdio.h>
39#include <stdlib.h>
40#include <unistd.h>
41
42#include "auditd.h"
43
44/*
45 * Write an audit-related error to the system log via syslog(3).
46 */
47static int
48auditwarnlog(char *args[])
49{
50 char *loc_args[9];
51 pid_t pid;
52 int i;
53
54 loc_args[0] = AUDITWARN_SCRIPT;
55 for (i = 0; args[i] != NULL && i < 8; i++)
56 loc_args[i+1] = args[i];
57 loc_args[i+1] = NULL;
58
59 pid = fork();
60 if (pid == -1)
61 return (-1);
62 if (pid == 0) {
63 /*
64 * Child.
65 */
66 execv(AUDITWARN_SCRIPT, loc_args);
67 syslog(LOG_ERR, "Could not exec %s (%m)\n",
68 AUDITWARN_SCRIPT);
69 exit(1);
70 }
71 /*
72 * Parent.
73 */
74 return (0);
75}
76
77/*
78 * Indicates that the hard limit for all filesystems has been exceeded count
79 * times.
80 */
81int
82audit_warn_allhard(int count)
83{
84 char intstr[12];
85 char *args[3];
86
87 snprintf(intstr, 12, "%d", count);
88
89 args[0] = HARDLIM_ALL_WARN;
90 args[1] = intstr;
91 args[2] = NULL;
92
93 return (auditwarnlog(args));
94}
95
96/*
97 * Indicates that the soft limit for all filesystems has been exceeded.
98 */
99int
100audit_warn_allsoft(void)
101{
102 char *args[2];
103
104 args[0] = SOFTLIM_ALL_WARN;
105 args[1] = NULL;
106
107 return (auditwarnlog(args));
108}
109
110/*
111 * Indicates that someone other than the audit daemon turned off auditing.
112 * XXX Its not clear at this point how this function will be invoked.
113 *
114 * XXXRW: This function is not used.
115 */
116int
117audit_warn_auditoff(void)
118{
119 char *args[2];
120
121 args[0] = AUDITOFF_WARN;
122 args[1] = NULL;
123
124 return (auditwarnlog(args));
125}
126
127/*
128 * Indicate that a trail file has been closed, so can now be post-processed.
129 */
130int
131audit_warn_closefile(char *filename)
132{
133 char *args[3];
134
135 args[0] = CLOSEFILE_WARN;
136 args[1] = filename;
137 args[2] = NULL;
138
139 return (auditwarnlog(args));
140}
141
142/*
128 * Indicates that the audit deammn is already running
129 */
130int
131audit_warn_ebusy(void)
132{
133 char *args[2];
134
135 args[0] = EBUSY_WARN;
136 args[1] = NULL;
137
138 return (auditwarnlog(args));
139}
140
141/*
142 * Indicates that there is a problem getting the directory from
143 * audit_control.
144 *
145 * XXX Note that we take the filename instead of a count as the argument here
146 * (different from BSM).
147 */
148int
149audit_warn_getacdir(char *filename)
150{
151 char *args[3];
152
153 args[0] = GETACDIR_WARN;
154 args[1] = filename;
155 args[2] = NULL;
156
157 return (auditwarnlog(args));
158}
159
160/*
161 * Indicates that the hard limit for this file has been exceeded.
162 */
163int
164audit_warn_hard(char *filename)
165{
166 char *args[3];
167
168 args[0] = HARDLIM_WARN;
169 args[1] = filename;
170 args[2] = NULL;
171
172 return (auditwarnlog(args));
173}
174
175/*
176 * Indicates that auditing could not be started.
177 */
178int
179audit_warn_nostart(void)
180{
181 char *args[2];
182
183 args[0] = NOSTART_WARN;
184 args[1] = NULL;
185
186 return (auditwarnlog(args));
187}
188
189/*
190 * Indicaes that an error occrred during the orderly shutdown of the audit
191 * daemon.
192 */
193int
194audit_warn_postsigterm(void)
195{
196 char *args[2];
197
198 args[0] = POSTSIGTERM_WARN;
199 args[1] = NULL;
200
201 return (auditwarnlog(args));
202}
203
204/*
205 * Indicates that the soft limit for this file has been exceeded.
206 */
207int
208audit_warn_soft(char *filename)
209{
210 char *args[3];
211
212 args[0] = SOFTLIM_WARN;
213 args[1] = filename;
214 args[2] = NULL;
215
216 return (auditwarnlog(args));
217}
218
219/*
220 * Indicates that the temporary audit file already exists indicating a fatal
221 * error.
222 */
223int
224audit_warn_tmpfile(void)
225{
226 char *args[2];
227
228 args[0] = TMPFILE_WARN;
229 args[1] = NULL;
230
231 return (auditwarnlog(args));
232}
143 * Indicates that the audit deammn is already running
144 */
145int
146audit_warn_ebusy(void)
147{
148 char *args[2];
149
150 args[0] = EBUSY_WARN;
151 args[1] = NULL;
152
153 return (auditwarnlog(args));
154}
155
156/*
157 * Indicates that there is a problem getting the directory from
158 * audit_control.
159 *
160 * XXX Note that we take the filename instead of a count as the argument here
161 * (different from BSM).
162 */
163int
164audit_warn_getacdir(char *filename)
165{
166 char *args[3];
167
168 args[0] = GETACDIR_WARN;
169 args[1] = filename;
170 args[2] = NULL;
171
172 return (auditwarnlog(args));
173}
174
175/*
176 * Indicates that the hard limit for this file has been exceeded.
177 */
178int
179audit_warn_hard(char *filename)
180{
181 char *args[3];
182
183 args[0] = HARDLIM_WARN;
184 args[1] = filename;
185 args[2] = NULL;
186
187 return (auditwarnlog(args));
188}
189
190/*
191 * Indicates that auditing could not be started.
192 */
193int
194audit_warn_nostart(void)
195{
196 char *args[2];
197
198 args[0] = NOSTART_WARN;
199 args[1] = NULL;
200
201 return (auditwarnlog(args));
202}
203
204/*
205 * Indicaes that an error occrred during the orderly shutdown of the audit
206 * daemon.
207 */
208int
209audit_warn_postsigterm(void)
210{
211 char *args[2];
212
213 args[0] = POSTSIGTERM_WARN;
214 args[1] = NULL;
215
216 return (auditwarnlog(args));
217}
218
219/*
220 * Indicates that the soft limit for this file has been exceeded.
221 */
222int
223audit_warn_soft(char *filename)
224{
225 char *args[3];
226
227 args[0] = SOFTLIM_WARN;
228 args[1] = filename;
229 args[2] = NULL;
230
231 return (auditwarnlog(args));
232}
233
234/*
235 * Indicates that the temporary audit file already exists indicating a fatal
236 * error.
237 */
238int
239audit_warn_tmpfile(void)
240{
241 char *args[2];
242
243 args[0] = TMPFILE_WARN;
244 args[1] = NULL;
245
246 return (auditwarnlog(args));
247}