1185573Srwatson/*-
2189279Srwatson * Copyright (c) 2005-2009 Apple Inc.
3155131Srwatson * All rights reserved.
4155131Srwatson *
5155131Srwatson * Redistribution and use in source and binary forms, with or without
6155131Srwatson * modification, are permitted provided that the following conditions
7155131Srwatson * are met:
8155131Srwatson *
9155131Srwatson * 1.  Redistributions of source code must retain the above copyright
10155131Srwatson *     notice, this list of conditions and the following disclaimer.
11155131Srwatson * 2.  Redistributions in binary form must reproduce the above copyright
12155131Srwatson *     notice, this list of conditions and the following disclaimer in the
13155131Srwatson *     documentation and/or other materials provided with the distribution.
14185573Srwatson * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
15155131Srwatson *     its contributors may be used to endorse or promote products derived
16155131Srwatson *     from this software without specific prior written permission.
17155131Srwatson *
18155131Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19155131Srwatson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20155131Srwatson * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21155131Srwatson * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22155131Srwatson * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23155131Srwatson * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24155131Srwatson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25155131Srwatson * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26155131Srwatson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27155131Srwatson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28155131Srwatson *
29191273Srwatson * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#15 $
30155131Srwatson */
31155131Srwatson/*
32155131Srwatson * Program to trigger the audit daemon with a message that is either:
33155131Srwatson *    - Open a new audit log file
34155131Srwatson *    - Read the audit control file and take action on it
35155131Srwatson *    - Close the audit log file and exit
36155131Srwatson *
37155131Srwatson */
38155131Srwatson
39155518Srwatson#include <sys/types.h>
40185573Srwatson#include <config/config.h>
41185573Srwatson#ifdef HAVE_FULL_QUEUE_H
42155131Srwatson#include <sys/queue.h>
43185573Srwatson#else /* !HAVE_FULL_QUEUE_H */
44185573Srwatson#include <compat/queue.h>
45185573Srwatson#endif /* !HAVE_FULL_QUEUE_H */
46155131Srwatson#include <sys/uio.h>
47155131Srwatson
48156283Srwatson#include <bsm/libbsm.h>
49155131Srwatson
50186647Srwatson#include <errno.h>
51155131Srwatson#include <fcntl.h>
52155131Srwatson#include <stdio.h>
53155131Srwatson#include <stdlib.h>
54155131Srwatson#include <unistd.h>
55155131Srwatson
56185573Srwatson
57191273Srwatsonstatic int send_trigger(int);
58185573Srwatson
59185573Srwatson#ifdef USE_MACH_IPC
60185573Srwatson#include <mach/mach.h>
61185573Srwatson#include <servers/netname.h>
62185573Srwatson#include <mach/message.h>
63185573Srwatson#include <mach/port.h>
64185573Srwatson#include <mach/mach_error.h>
65185573Srwatson#include <mach/host_special_ports.h>
66185573Srwatson#include <servers/bootstrap.h>
67185573Srwatson
68186647Srwatson#include "auditd_control.h"
69185573Srwatson
70186647Srwatson/*
71189279Srwatson * XXX The following are temporary until these can be added to the kernel
72186647Srwatson * audit.h header.
73186647Srwatson */
74186647Srwatson#ifndef AUDIT_TRIGGER_INITIALIZE
75186647Srwatson#define	AUDIT_TRIGGER_INITIALIZE	7
76186647Srwatson#endif
77189279Srwatson#ifndef AUDIT_TRIGGER_EXPIRE_TRAILS
78189279Srwatson#define	AUDIT_TRIGGER_EXPIRE_TRAILS	8
79189279Srwatson#endif
80186647Srwatson
81185573Srwatsonstatic int
82191273Srwatsonsend_trigger(int trigger)
83185573Srwatson{
84185573Srwatson	mach_port_t     serverPort;
85185573Srwatson	kern_return_t	error;
86185573Srwatson
87185573Srwatson	error = host_get_audit_control_port(mach_host_self(), &serverPort);
88185573Srwatson	if (error != KERN_SUCCESS) {
89186647Srwatson		if (geteuid() != 0) {
90186647Srwatson			errno = EPERM;
91186647Srwatson			perror("audit requires root privileges");
92186647Srwatson		} else
93186647Srwatson			mach_error("Cannot get auditd_control Mach port:",
94186647Srwatson			    error);
95185573Srwatson		return (-1);
96185573Srwatson	}
97185573Srwatson
98185573Srwatson	error = auditd_control(serverPort, trigger);
99185573Srwatson	if (error != KERN_SUCCESS) {
100185573Srwatson		mach_error("Error sending trigger: ", error);
101185573Srwatson		return (-1);
102185573Srwatson	}
103185573Srwatson
104185573Srwatson	return (0);
105185573Srwatson}
106185573Srwatson
107185573Srwatson#else /* ! USE_MACH_IPC */
108185573Srwatson
109185573Srwatsonstatic int
110191273Srwatsonsend_trigger(int trigger)
111185573Srwatson{
112185573Srwatson	int error;
113185573Srwatson
114191273Srwatson	error = audit_send_trigger(&trigger);
115185573Srwatson	if (error != 0) {
116186647Srwatson		if (error == EPERM)
117186647Srwatson			perror("audit requires root privileges");
118186647Srwatson		else
119186647Srwatson			perror("Error sending trigger");
120185573Srwatson		return (-1);
121185573Srwatson	}
122185573Srwatson
123185573Srwatson	return (0);
124185573Srwatson}
125185573Srwatson#endif /* ! USE_MACH_IPC */
126185573Srwatson
127155131Srwatsonstatic void
128155131Srwatsonusage(void)
129155131Srwatson{
130155131Srwatson
131189279Srwatson	(void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n");
132155131Srwatson	exit(-1);
133155131Srwatson}
134155131Srwatson
135155131Srwatson/*
136155131Srwatson * Main routine to process command line options.
137155131Srwatson */
138155131Srwatsonint
139155131Srwatsonmain(int argc, char **argv)
140155131Srwatson{
141155364Srwatson	int ch;
142155131Srwatson	unsigned int trigger = 0;
143155131Srwatson
144155131Srwatson	if (argc != 2)
145155131Srwatson		usage();
146155131Srwatson
147189279Srwatson	while ((ch = getopt(argc, argv, "einst")) != -1) {
148155131Srwatson		switch(ch) {
149155131Srwatson
150189279Srwatson		case 'e':
151189279Srwatson			trigger = AUDIT_TRIGGER_EXPIRE_TRAILS;
152189279Srwatson			break;
153189279Srwatson
154186647Srwatson		case 'i':
155186647Srwatson			trigger = AUDIT_TRIGGER_INITIALIZE;
156186647Srwatson			break;
157186647Srwatson
158155131Srwatson		case 'n':
159162503Srwatson			trigger = AUDIT_TRIGGER_ROTATE_USER;
160155131Srwatson			break;
161155131Srwatson
162155131Srwatson		case 's':
163155131Srwatson			trigger = AUDIT_TRIGGER_READ_FILE;
164155131Srwatson			break;
165155131Srwatson
166155131Srwatson		case 't':
167155131Srwatson			trigger = AUDIT_TRIGGER_CLOSE_AND_DIE;
168155131Srwatson			break;
169155131Srwatson
170155131Srwatson		case '?':
171155131Srwatson		default:
172155131Srwatson			usage();
173155131Srwatson			break;
174155131Srwatson		}
175155131Srwatson	}
176185573Srwatson	if (send_trigger(trigger) < 0)
177155131Srwatson		exit(-1);
178185573Srwatson
179185573Srwatson	printf("Trigger sent.\n");
180185573Srwatson	exit (0);
181155131Srwatson}
182