7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 17 * its contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 *
| 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 15 * its contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 *
|
34 */ 35 36#include <sys/types.h> 37 38#include <stdio.h> 39#include <stdlib.h> 40#include <unistd.h> 41 42#include "auditd.h" 43 44/* 45 * Write an audit-related error to the system log via syslog(3). 46 */ 47static int 48auditwarnlog(char *args[]) 49{ 50 char *loc_args[9]; 51 pid_t pid; 52 int i; 53 54 loc_args[0] = AUDITWARN_SCRIPT; 55 for (i = 0; args[i] != NULL && i < 8; i++) 56 loc_args[i+1] = args[i]; 57 loc_args[i+1] = NULL; 58 59 pid = fork(); 60 if (pid == -1) 61 return (-1); 62 if (pid == 0) { 63 /* 64 * Child. 65 */ 66 execv(AUDITWARN_SCRIPT, loc_args); 67 syslog(LOG_ERR, "Could not exec %s (%m)\n", 68 AUDITWARN_SCRIPT); 69 exit(1); 70 } 71 /* 72 * Parent. 73 */ 74 return (0); 75} 76 77/* 78 * Indicates that the hard limit for all filesystems has been exceeded count 79 * times. 80 */ 81int 82audit_warn_allhard(int count) 83{ 84 char intstr[12]; 85 char *args[3]; 86 87 snprintf(intstr, 12, "%d", count); 88 89 args[0] = HARDLIM_ALL_WARN; 90 args[1] = intstr; 91 args[2] = NULL; 92 93 return (auditwarnlog(args)); 94} 95 96/* 97 * Indicates that the soft limit for all filesystems has been exceeded. 98 */ 99int 100audit_warn_allsoft(void) 101{ 102 char *args[2]; 103 104 args[0] = SOFTLIM_ALL_WARN; 105 args[1] = NULL; 106 107 return (auditwarnlog(args)); 108} 109 110/* 111 * Indicates that someone other than the audit daemon turned off auditing. 112 * XXX Its not clear at this point how this function will be invoked. 113 * 114 * XXXRW: This function is not used. 115 */ 116int 117audit_warn_auditoff(void) 118{ 119 char *args[2]; 120 121 args[0] = AUDITOFF_WARN; 122 args[1] = NULL; 123 124 return (auditwarnlog(args)); 125} 126 127/* 128 * Indicate that a trail file has been closed, so can now be post-processed. 129 */ 130int 131audit_warn_closefile(char *filename) 132{ 133 char *args[3]; 134 135 args[0] = CLOSEFILE_WARN; 136 args[1] = filename; 137 args[2] = NULL; 138 139 return (auditwarnlog(args)); 140} 141 142/* 143 * Indicates that the audit deammn is already running 144 */ 145int 146audit_warn_ebusy(void) 147{ 148 char *args[2]; 149 150 args[0] = EBUSY_WARN; 151 args[1] = NULL; 152 153 return (auditwarnlog(args)); 154} 155 156/* 157 * Indicates that there is a problem getting the directory from 158 * audit_control. 159 * 160 * XXX Note that we take the filename instead of a count as the argument here 161 * (different from BSM). 162 */ 163int 164audit_warn_getacdir(char *filename) 165{ 166 char *args[3]; 167 168 args[0] = GETACDIR_WARN; 169 args[1] = filename; 170 args[2] = NULL; 171 172 return (auditwarnlog(args)); 173} 174 175/* 176 * Indicates that the hard limit for this file has been exceeded. 177 */ 178int 179audit_warn_hard(char *filename) 180{ 181 char *args[3]; 182 183 args[0] = HARDLIM_WARN; 184 args[1] = filename; 185 args[2] = NULL; 186 187 return (auditwarnlog(args)); 188} 189 190/* 191 * Indicates that auditing could not be started. 192 */ 193int 194audit_warn_nostart(void) 195{ 196 char *args[2]; 197 198 args[0] = NOSTART_WARN; 199 args[1] = NULL; 200 201 return (auditwarnlog(args)); 202} 203 204/* 205 * Indicaes that an error occrred during the orderly shutdown of the audit 206 * daemon. 207 */ 208int 209audit_warn_postsigterm(void) 210{ 211 char *args[2]; 212 213 args[0] = POSTSIGTERM_WARN; 214 args[1] = NULL; 215 216 return (auditwarnlog(args)); 217} 218 219/* 220 * Indicates that the soft limit for this file has been exceeded. 221 */ 222int 223audit_warn_soft(char *filename) 224{ 225 char *args[3]; 226 227 args[0] = SOFTLIM_WARN; 228 args[1] = filename; 229 args[2] = NULL; 230 231 return (auditwarnlog(args)); 232} 233 234/* 235 * Indicates that the temporary audit file already exists indicating a fatal 236 * error. 237 */ 238int 239audit_warn_tmpfile(void) 240{ 241 char *args[2]; 242 243 args[0] = TMPFILE_WARN; 244 args[1] = NULL; 245 246 return (auditwarnlog(args)); 247}
| 30 */ 31 32#include <sys/types.h> 33 34#include <stdio.h> 35#include <stdlib.h> 36#include <unistd.h> 37 38#include "auditd.h" 39 40/* 41 * Write an audit-related error to the system log via syslog(3). 42 */ 43static int 44auditwarnlog(char *args[]) 45{ 46 char *loc_args[9]; 47 pid_t pid; 48 int i; 49 50 loc_args[0] = AUDITWARN_SCRIPT; 51 for (i = 0; args[i] != NULL && i < 8; i++) 52 loc_args[i+1] = args[i]; 53 loc_args[i+1] = NULL; 54 55 pid = fork(); 56 if (pid == -1) 57 return (-1); 58 if (pid == 0) { 59 /* 60 * Child. 61 */ 62 execv(AUDITWARN_SCRIPT, loc_args); 63 syslog(LOG_ERR, "Could not exec %s (%m)\n", 64 AUDITWARN_SCRIPT); 65 exit(1); 66 } 67 /* 68 * Parent. 69 */ 70 return (0); 71} 72 73/* 74 * Indicates that the hard limit for all filesystems has been exceeded count 75 * times. 76 */ 77int 78audit_warn_allhard(int count) 79{ 80 char intstr[12]; 81 char *args[3]; 82 83 snprintf(intstr, 12, "%d", count); 84 85 args[0] = HARDLIM_ALL_WARN; 86 args[1] = intstr; 87 args[2] = NULL; 88 89 return (auditwarnlog(args)); 90} 91 92/* 93 * Indicates that the soft limit for all filesystems has been exceeded. 94 */ 95int 96audit_warn_allsoft(void) 97{ 98 char *args[2]; 99 100 args[0] = SOFTLIM_ALL_WARN; 101 args[1] = NULL; 102 103 return (auditwarnlog(args)); 104} 105 106/* 107 * Indicates that someone other than the audit daemon turned off auditing. 108 * XXX Its not clear at this point how this function will be invoked. 109 * 110 * XXXRW: This function is not used. 111 */ 112int 113audit_warn_auditoff(void) 114{ 115 char *args[2]; 116 117 args[0] = AUDITOFF_WARN; 118 args[1] = NULL; 119 120 return (auditwarnlog(args)); 121} 122 123/* 124 * Indicate that a trail file has been closed, so can now be post-processed. 125 */ 126int 127audit_warn_closefile(char *filename) 128{ 129 char *args[3]; 130 131 args[0] = CLOSEFILE_WARN; 132 args[1] = filename; 133 args[2] = NULL; 134 135 return (auditwarnlog(args)); 136} 137 138/* 139 * Indicates that the audit deammn is already running 140 */ 141int 142audit_warn_ebusy(void) 143{ 144 char *args[2]; 145 146 args[0] = EBUSY_WARN; 147 args[1] = NULL; 148 149 return (auditwarnlog(args)); 150} 151 152/* 153 * Indicates that there is a problem getting the directory from 154 * audit_control. 155 * 156 * XXX Note that we take the filename instead of a count as the argument here 157 * (different from BSM). 158 */ 159int 160audit_warn_getacdir(char *filename) 161{ 162 char *args[3]; 163 164 args[0] = GETACDIR_WARN; 165 args[1] = filename; 166 args[2] = NULL; 167 168 return (auditwarnlog(args)); 169} 170 171/* 172 * Indicates that the hard limit for this file has been exceeded. 173 */ 174int 175audit_warn_hard(char *filename) 176{ 177 char *args[3]; 178 179 args[0] = HARDLIM_WARN; 180 args[1] = filename; 181 args[2] = NULL; 182 183 return (auditwarnlog(args)); 184} 185 186/* 187 * Indicates that auditing could not be started. 188 */ 189int 190audit_warn_nostart(void) 191{ 192 char *args[2]; 193 194 args[0] = NOSTART_WARN; 195 args[1] = NULL; 196 197 return (auditwarnlog(args)); 198} 199 200/* 201 * Indicaes that an error occrred during the orderly shutdown of the audit 202 * daemon. 203 */ 204int 205audit_warn_postsigterm(void) 206{ 207 char *args[2]; 208 209 args[0] = POSTSIGTERM_WARN; 210 args[1] = NULL; 211 212 return (auditwarnlog(args)); 213} 214 215/* 216 * Indicates that the soft limit for this file has been exceeded. 217 */ 218int 219audit_warn_soft(char *filename) 220{ 221 char *args[3]; 222 223 args[0] = SOFTLIM_WARN; 224 args[1] = filename; 225 args[2] = NULL; 226 227 return (auditwarnlog(args)); 228} 229 230/* 231 * Indicates that the temporary audit file already exists indicating a fatal 232 * error. 233 */ 234int 235audit_warn_tmpfile(void) 236{ 237 char *args[2]; 238 239 args[0] = TMPFILE_WARN; 240 args[1] = NULL; 241 242 return (auditwarnlog(args)); 243}
|