| auditd.c (155131) | auditd.c (155364) |
|---|---|
| 1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 * | 1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 * |
| 33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#8 $ | 33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#11 $ |
| 34 */ 35 36#include <sys/dirent.h> 37#include <sys/mman.h> 38#include <sys/queue.h> 39#include <sys/stat.h> 40#include <sys/types.h> 41#include <sys/wait.h> 42 43#include <bsm/audit.h> 44#include <bsm/audit_uevents.h> 45#include <bsm/libbsm.h> 46 47#include <errno.h> 48#include <fcntl.h> | 34 */ 35 36#include <sys/dirent.h> 37#include <sys/mman.h> 38#include <sys/queue.h> 39#include <sys/stat.h> 40#include <sys/types.h> 41#include <sys/wait.h> 42 43#include <bsm/audit.h> 44#include <bsm/audit_uevents.h> 45#include <bsm/libbsm.h> 46 47#include <errno.h> 48#include <fcntl.h> |
| 49#include <grp.h> |
|
| 49#include <stdio.h> 50#include <stdlib.h> 51#include <time.h> 52#include <unistd.h> 53#include <signal.h> 54#include <string.h> 55#include <syslog.h> 56 --- 109 unchanged lines hidden (view full) --- 166 free(lastfile); 167 free(oldname); 168 lastfile = NULL; 169 } 170 return (0); 171} 172 173/* | 50#include <stdio.h> 51#include <stdlib.h> 52#include <time.h> 53#include <unistd.h> 54#include <signal.h> 55#include <string.h> 56#include <syslog.h> 57 --- 109 unchanged lines hidden (view full) --- 167 free(lastfile); 168 free(oldname); 169 lastfile = NULL; 170 } 171 return (0); 172} 173 174/* |
| 175 * Create the new audit file with appropriate permissions and ownership. Try 176 * to clean up if something goes wrong. 177 */ 178static int 179#ifdef AUDIT_REVIEW_GROUP 180open_trail(const char *fname, uid_t uid, gid_t gid) 181#else 182open_trail(const char *fname) 183#endif 184{ 185 int error, fd; 186 187 fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP); 188 if (fd < 0) 189 return (-1); 190#ifdef AUDIT_REVIEW_GROUP 191 if (fchown(fd, uid, gid) < 0) { 192 error = errno; 193 close(fd); 194 (void)unlink(fname); 195 errno = error; 196 return (-1); 197 } 198#endif 199 return (fd); 200} 201 202/* |
|
| 174 * Create the new file name, swap with existing audit file. 175 */ 176static int 177swap_audit_file(void) 178{ 179 char timestr[2 * POSTFIX_LEN]; 180 char *fn; 181 char TS[POSTFIX_LEN]; 182 struct dir_ent *dirent; | 203 * Create the new file name, swap with existing audit file. 204 */ 205static int 206swap_audit_file(void) 207{ 208 char timestr[2 * POSTFIX_LEN]; 209 char *fn; 210 char TS[POSTFIX_LEN]; 211 struct dir_ent *dirent; |
| 183 int fd; | 212#ifdef AUDIT_REVIEW_GROUP 213 struct group *grp; 214 gid_t gid; 215 uid_t uid; 216#endif 217 int error, fd; |
| 184 185 if (getTSstr(TS, POSTFIX_LEN) != 0) 186 return (-1); 187 188 strcpy(timestr, TS); 189 strcat(timestr, NOT_TERMINATED); 190 | 218 219 if (getTSstr(TS, POSTFIX_LEN) != 0) 220 return (-1); 221 222 strcpy(timestr, TS); 223 strcat(timestr, NOT_TERMINATED); 224 |
| 225#ifdef AUDIT_REVIEW_GROUP 226 /* 227 * XXXRW: Currently, this code falls back to the daemon gid, which is 228 * likely the wheel group. Is there a better way to deal with this? 229 */ 230 grp = getgrnam(AUDIT_REVIEW_GROUP); 231 if (grp == NULL) { 232 syslog(LOG_INFO, 233 "Audit review group '%s' not available, using daemon gid", 234 AUDIT_REVIEW_GROUP); 235 gid = -1; 236 } else 237 gid = grp->gr_gid; 238 uid = getuid(); 239#endif 240 |
|
| 191 /* Try until we succeed. */ 192 while ((dirent = TAILQ_FIRST(&dir_q))) { 193 if ((fn = affixdir(timestr, dirent)) == NULL) { 194 syslog(LOG_INFO, "Failed to swap log at time %s\n", 195 timestr); 196 return (-1); 197 } 198 199 /* 200 * Create and open the file; then close and pass to the 201 * kernel if all went well. 202 */ 203 syslog(LOG_INFO, "New audit file is %s\n", fn); | 241 /* Try until we succeed. */ 242 while ((dirent = TAILQ_FIRST(&dir_q))) { 243 if ((fn = affixdir(timestr, dirent)) == NULL) { 244 syslog(LOG_INFO, "Failed to swap log at time %s\n", 245 timestr); 246 return (-1); 247 } 248 249 /* 250 * Create and open the file; then close and pass to the 251 * kernel if all went well. 252 */ 253 syslog(LOG_INFO, "New audit file is %s\n", fn); |
| 204 fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP); | 254#ifdef AUDIT_REVIEW_GROUP 255 fd = open_trail(fn, uid, gid); 256#else 257 fd = open_trail(fn); 258#endif |
| 205 if (fd < 0) | 259 if (fd < 0) |
| 206 perror("File open"); 207 else if (auditctl(fn) != 0) { 208 syslog(LOG_ERR, 209 "auditctl failed setting log file! : %s\n", 210 strerror(errno)); 211 close(fd); 212 } else { 213 /* Success. */ 214 close_lastfile(TS); 215 lastfile = fn; 216 close(fd); 217 return (0); | 260 warn("open(%s)", fn); 261 if (fd >= 0) { 262 error = auditctl(fn); 263 if (error) { 264 syslog(LOG_ERR, 265 "auditctl failed setting log file! : %s\n", 266 strerror(errno)); 267 close(fd); 268 } else { 269 /* Success. */ 270 close_lastfile(TS); 271 lastfile = fn; 272 close(fd); 273 return (0); 274 } |
| 218 } 219 220 /* 221 * Tell the administrator about lack of permissions for dir. 222 */ 223 audit_warn_getacdir(dirent->dirname); 224 225 /* Try again with a different directory. */ --- 477 unchanged lines hidden (view full) --- 703 syslog(LOG_INFO, "Audit controls init successful\n"); 704 else 705 syslog(LOG_INFO, "Audit controls init failed\n"); 706} 707 708int 709main(int argc, char **argv) 710{ | 275 } 276 277 /* 278 * Tell the administrator about lack of permissions for dir. 279 */ 280 audit_warn_getacdir(dirent->dirname); 281 282 /* Try again with a different directory. */ --- 477 unchanged lines hidden (view full) --- 760 syslog(LOG_INFO, "Audit controls init successful\n"); 761 else 762 syslog(LOG_INFO, "Audit controls init failed\n"); 763} 764 765int 766main(int argc, char **argv) 767{ |
| 711 char ch; | 768 int ch; |
| 712 int debug = 0; 713 int rc; 714 715 global_flags |= AUDIT_CNT; 716 while ((ch = getopt(argc, argv, "dhs")) != -1) { 717 switch(ch) { 718 case 'd': 719 /* Debug option. */ --- 41 unchanged lines hidden --- | 769 int debug = 0; 770 int rc; 771 772 global_flags |= AUDIT_CNT; 773 while ((ch = getopt(argc, argv, "dhs")) != -1) { 774 switch(ch) { 775 case 'd': 776 /* Debug option. */ --- 41 unchanged lines hidden --- |