Deleted Added
sdiff udiff text old ( 162621 ) new ( 171537 )
full compact
audit_warn.c (162621) audit_warn.c (171537)
1/*
2 * Copyright (c) 2005 Apple Computer, Inc.
3 * All rights reserved.
4 *
1/*
2 * Copyright (c) 2005 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * @APPLE_BSD_LICENSE_HEADER_START@
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
31 * @APPLE_BSD_LICENSE_HEADER_END@
32 *
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#8 $
34 */
35
36#include <sys/types.h>
37
38#include <stdio.h>
39#include <stdlib.h>
40#include <unistd.h>
41
42#include "auditd.h"
43
44/*
45 * Write an audit-related error to the system log via syslog(3).
46 */
47static int
48auditwarnlog(char *args[])
49{
50 char *loc_args[9];
51 pid_t pid;
52 int i;
53
54 loc_args[0] = AUDITWARN_SCRIPT;
55 for (i = 0; args[i] != NULL && i < 8; i++)
56 loc_args[i+1] = args[i];
57 loc_args[i+1] = NULL;
58
59 pid = fork();
60 if (pid == -1)
61 return (-1);
62 if (pid == 0) {
63 /*
64 * Child.
65 */
66 execv(AUDITWARN_SCRIPT, loc_args);
67 syslog(LOG_ERR, "Could not exec %s (%m)\n",
68 AUDITWARN_SCRIPT);
69 exit(1);
70 }
71 /*
72 * Parent.
73 */
74 return (0);
75}
76
77/*
78 * Indicates that the hard limit for all filesystems has been exceeded count
79 * times.
80 */
81int
82audit_warn_allhard(int count)
83{
84 char intstr[12];
85 char *args[3];
86
87 snprintf(intstr, 12, "%d", count);
88
89 args[0] = HARDLIM_ALL_WARN;
90 args[1] = intstr;
91 args[2] = NULL;
92
93 return (auditwarnlog(args));
94}
95
96/*
97 * Indicates that the soft limit for all filesystems has been exceeded.
98 */
99int
100audit_warn_allsoft(void)
101{
102 char *args[2];
103
104 args[0] = SOFTLIM_ALL_WARN;
105 args[1] = NULL;
106
107 return (auditwarnlog(args));
108}
109
110/*
111 * Indicates that someone other than the audit daemon turned off auditing.
112 * XXX Its not clear at this point how this function will be invoked.
113 *
114 * XXXRW: This function is not used.
115 */
116int
117audit_warn_auditoff(void)
118{
119 char *args[2];
120
121 args[0] = AUDITOFF_WARN;
122 args[1] = NULL;
123
124 return (auditwarnlog(args));
125}
126
127/*
128 * Indicate that a trail file has been closed, so can now be post-processed.
129 */
130int
131audit_warn_closefile(char *filename)
132{
133 char *args[3];
134
135 args[0] = CLOSEFILE_WARN;
136 args[1] = filename;
137 args[2] = NULL;
138
139 return (auditwarnlog(args));
140}
141
142/*
143 * Indicates that the audit deammn is already running
144 */
145int
146audit_warn_ebusy(void)
147{
148 char *args[2];
149
150 args[0] = EBUSY_WARN;
151 args[1] = NULL;
152
153 return (auditwarnlog(args));
154}
155
156/*
157 * Indicates that there is a problem getting the directory from
158 * audit_control.
159 *
160 * XXX Note that we take the filename instead of a count as the argument here
161 * (different from BSM).
162 */
163int
164audit_warn_getacdir(char *filename)
165{
166 char *args[3];
167
168 args[0] = GETACDIR_WARN;
169 args[1] = filename;
170 args[2] = NULL;
171
172 return (auditwarnlog(args));
173}
174
175/*
176 * Indicates that the hard limit for this file has been exceeded.
177 */
178int
179audit_warn_hard(char *filename)
180{
181 char *args[3];
182
183 args[0] = HARDLIM_WARN;
184 args[1] = filename;
185 args[2] = NULL;
186
187 return (auditwarnlog(args));
188}
189
190/*
191 * Indicates that auditing could not be started.
192 */
193int
194audit_warn_nostart(void)
195{
196 char *args[2];
197
198 args[0] = NOSTART_WARN;
199 args[1] = NULL;
200
201 return (auditwarnlog(args));
202}
203
204/*
205 * Indicaes that an error occrred during the orderly shutdown of the audit
206 * daemon.
207 */
208int
209audit_warn_postsigterm(void)
210{
211 char *args[2];
212
213 args[0] = POSTSIGTERM_WARN;
214 args[1] = NULL;
215
216 return (auditwarnlog(args));
217}
218
219/*
220 * Indicates that the soft limit for this file has been exceeded.
221 */
222int
223audit_warn_soft(char *filename)
224{
225 char *args[3];
226
227 args[0] = SOFTLIM_WARN;
228 args[1] = filename;
229 args[2] = NULL;
230
231 return (auditwarnlog(args));
232}
233
234/*
235 * Indicates that the temporary audit file already exists indicating a fatal
236 * error.
237 */
238int
239audit_warn_tmpfile(void)
240{
241 char *args[2];
242
243 args[0] = TMPFILE_WARN;
244 args[1] = NULL;
245
246 return (auditwarnlog(args));
247}
30 */
31
32#include <sys/types.h>
33
34#include <stdio.h>
35#include <stdlib.h>
36#include <unistd.h>
37
38#include "auditd.h"
39
40/*
41 * Write an audit-related error to the system log via syslog(3).
42 */
43static int
44auditwarnlog(char *args[])
45{
46 char *loc_args[9];
47 pid_t pid;
48 int i;
49
50 loc_args[0] = AUDITWARN_SCRIPT;
51 for (i = 0; args[i] != NULL && i < 8; i++)
52 loc_args[i+1] = args[i];
53 loc_args[i+1] = NULL;
54
55 pid = fork();
56 if (pid == -1)
57 return (-1);
58 if (pid == 0) {
59 /*
60 * Child.
61 */
62 execv(AUDITWARN_SCRIPT, loc_args);
63 syslog(LOG_ERR, "Could not exec %s (%m)\n",
64 AUDITWARN_SCRIPT);
65 exit(1);
66 }
67 /*
68 * Parent.
69 */
70 return (0);
71}
72
73/*
74 * Indicates that the hard limit for all filesystems has been exceeded count
75 * times.
76 */
77int
78audit_warn_allhard(int count)
79{
80 char intstr[12];
81 char *args[3];
82
83 snprintf(intstr, 12, "%d", count);
84
85 args[0] = HARDLIM_ALL_WARN;
86 args[1] = intstr;
87 args[2] = NULL;
88
89 return (auditwarnlog(args));
90}
91
92/*
93 * Indicates that the soft limit for all filesystems has been exceeded.
94 */
95int
96audit_warn_allsoft(void)
97{
98 char *args[2];
99
100 args[0] = SOFTLIM_ALL_WARN;
101 args[1] = NULL;
102
103 return (auditwarnlog(args));
104}
105
106/*
107 * Indicates that someone other than the audit daemon turned off auditing.
108 * XXX Its not clear at this point how this function will be invoked.
109 *
110 * XXXRW: This function is not used.
111 */
112int
113audit_warn_auditoff(void)
114{
115 char *args[2];
116
117 args[0] = AUDITOFF_WARN;
118 args[1] = NULL;
119
120 return (auditwarnlog(args));
121}
122
123/*
124 * Indicate that a trail file has been closed, so can now be post-processed.
125 */
126int
127audit_warn_closefile(char *filename)
128{
129 char *args[3];
130
131 args[0] = CLOSEFILE_WARN;
132 args[1] = filename;
133 args[2] = NULL;
134
135 return (auditwarnlog(args));
136}
137
138/*
139 * Indicates that the audit deammn is already running
140 */
141int
142audit_warn_ebusy(void)
143{
144 char *args[2];
145
146 args[0] = EBUSY_WARN;
147 args[1] = NULL;
148
149 return (auditwarnlog(args));
150}
151
152/*
153 * Indicates that there is a problem getting the directory from
154 * audit_control.
155 *
156 * XXX Note that we take the filename instead of a count as the argument here
157 * (different from BSM).
158 */
159int
160audit_warn_getacdir(char *filename)
161{
162 char *args[3];
163
164 args[0] = GETACDIR_WARN;
165 args[1] = filename;
166 args[2] = NULL;
167
168 return (auditwarnlog(args));
169}
170
171/*
172 * Indicates that the hard limit for this file has been exceeded.
173 */
174int
175audit_warn_hard(char *filename)
176{
177 char *args[3];
178
179 args[0] = HARDLIM_WARN;
180 args[1] = filename;
181 args[2] = NULL;
182
183 return (auditwarnlog(args));
184}
185
186/*
187 * Indicates that auditing could not be started.
188 */
189int
190audit_warn_nostart(void)
191{
192 char *args[2];
193
194 args[0] = NOSTART_WARN;
195 args[1] = NULL;
196
197 return (auditwarnlog(args));
198}
199
200/*
201 * Indicaes that an error occrred during the orderly shutdown of the audit
202 * daemon.
203 */
204int
205audit_warn_postsigterm(void)
206{
207 char *args[2];
208
209 args[0] = POSTSIGTERM_WARN;
210 args[1] = NULL;
211
212 return (auditwarnlog(args));
213}
214
215/*
216 * Indicates that the soft limit for this file has been exceeded.
217 */
218int
219audit_warn_soft(char *filename)
220{
221 char *args[3];
222
223 args[0] = SOFTLIM_WARN;
224 args[1] = filename;
225 args[2] = NULL;
226
227 return (auditwarnlog(args));
228}
229
230/*
231 * Indicates that the temporary audit file already exists indicating a fatal
232 * error.
233 */
234int
235audit_warn_tmpfile(void)
236{
237 char *args[2];
238
239 args[0] = TMPFILE_WARN;
240 args[1] = NULL;
241
242 return (auditwarnlog(args));
243}