1185573Srwatson/*- 2189279Srwatson * Copyright (c) 2005-2009 Apple Inc. 3155131Srwatson * All rights reserved. 4155131Srwatson * 5155131Srwatson * Redistribution and use in source and binary forms, with or without 6155131Srwatson * modification, are permitted provided that the following conditions 7155131Srwatson * are met: 8155131Srwatson * 9155131Srwatson * 1. Redistributions of source code must retain the above copyright 10155131Srwatson * notice, this list of conditions and the following disclaimer. 11155131Srwatson * 2. Redistributions in binary form must reproduce the above copyright 12155131Srwatson * notice, this list of conditions and the following disclaimer in the 13155131Srwatson * documentation and/or other materials provided with the distribution. 14185573Srwatson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15155131Srwatson * its contributors may be used to endorse or promote products derived 16155131Srwatson * from this software without specific prior written permission. 17155131Srwatson * 18155131Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19155131Srwatson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20155131Srwatson * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21155131Srwatson * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22155131Srwatson * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23155131Srwatson * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24155131Srwatson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25155131Srwatson * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26155131Srwatson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27155131Srwatson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28155131Srwatson * 29191273Srwatson * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#15 $ 30155131Srwatson */ 31155131Srwatson/* 32155131Srwatson * Program to trigger the audit daemon with a message that is either: 33155131Srwatson * - Open a new audit log file 34155131Srwatson * - Read the audit control file and take action on it 35155131Srwatson * - Close the audit log file and exit 36155131Srwatson * 37155131Srwatson */ 38155131Srwatson 39155518Srwatson#include <sys/types.h> 40185573Srwatson#include <config/config.h> 41185573Srwatson#ifdef HAVE_FULL_QUEUE_H 42155131Srwatson#include <sys/queue.h> 43185573Srwatson#else /* !HAVE_FULL_QUEUE_H */ 44185573Srwatson#include <compat/queue.h> 45185573Srwatson#endif /* !HAVE_FULL_QUEUE_H */ 46155131Srwatson#include <sys/uio.h> 47155131Srwatson 48156283Srwatson#include <bsm/libbsm.h> 49155131Srwatson 50186647Srwatson#include <errno.h> 51155131Srwatson#include <fcntl.h> 52155131Srwatson#include <stdio.h> 53155131Srwatson#include <stdlib.h> 54155131Srwatson#include <unistd.h> 55155131Srwatson 56185573Srwatson 57191273Srwatsonstatic int send_trigger(int); 58185573Srwatson 59185573Srwatson#ifdef USE_MACH_IPC 60185573Srwatson#include <mach/mach.h> 61185573Srwatson#include <servers/netname.h> 62185573Srwatson#include <mach/message.h> 63185573Srwatson#include <mach/port.h> 64185573Srwatson#include <mach/mach_error.h> 65185573Srwatson#include <mach/host_special_ports.h> 66185573Srwatson#include <servers/bootstrap.h> 67185573Srwatson 68186647Srwatson#include "auditd_control.h" 69185573Srwatson 70186647Srwatson/* 71189279Srwatson * XXX The following are temporary until these can be added to the kernel 72186647Srwatson * audit.h header. 73186647Srwatson */ 74186647Srwatson#ifndef AUDIT_TRIGGER_INITIALIZE 75186647Srwatson#define AUDIT_TRIGGER_INITIALIZE 7 76186647Srwatson#endif 77189279Srwatson#ifndef AUDIT_TRIGGER_EXPIRE_TRAILS 78189279Srwatson#define AUDIT_TRIGGER_EXPIRE_TRAILS 8 79189279Srwatson#endif 80186647Srwatson 81185573Srwatsonstatic int 82191273Srwatsonsend_trigger(int trigger) 83185573Srwatson{ 84185573Srwatson mach_port_t serverPort; 85185573Srwatson kern_return_t error; 86185573Srwatson 87185573Srwatson error = host_get_audit_control_port(mach_host_self(), &serverPort); 88185573Srwatson if (error != KERN_SUCCESS) { 89186647Srwatson if (geteuid() != 0) { 90186647Srwatson errno = EPERM; 91186647Srwatson perror("audit requires root privileges"); 92186647Srwatson } else 93186647Srwatson mach_error("Cannot get auditd_control Mach port:", 94186647Srwatson error); 95185573Srwatson return (-1); 96185573Srwatson } 97185573Srwatson 98185573Srwatson error = auditd_control(serverPort, trigger); 99185573Srwatson if (error != KERN_SUCCESS) { 100185573Srwatson mach_error("Error sending trigger: ", error); 101185573Srwatson return (-1); 102185573Srwatson } 103185573Srwatson 104185573Srwatson return (0); 105185573Srwatson} 106185573Srwatson 107185573Srwatson#else /* ! USE_MACH_IPC */ 108185573Srwatson 109185573Srwatsonstatic int 110191273Srwatsonsend_trigger(int trigger) 111185573Srwatson{ 112185573Srwatson int error; 113185573Srwatson 114191273Srwatson error = audit_send_trigger(&trigger); 115185573Srwatson if (error != 0) { 116186647Srwatson if (error == EPERM) 117186647Srwatson perror("audit requires root privileges"); 118186647Srwatson else 119186647Srwatson perror("Error sending trigger"); 120185573Srwatson return (-1); 121185573Srwatson } 122185573Srwatson 123185573Srwatson return (0); 124185573Srwatson} 125185573Srwatson#endif /* ! USE_MACH_IPC */ 126185573Srwatson 127155131Srwatsonstatic void 128155131Srwatsonusage(void) 129155131Srwatson{ 130155131Srwatson 131189279Srwatson (void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n"); 132155131Srwatson exit(-1); 133155131Srwatson} 134155131Srwatson 135155131Srwatson/* 136155131Srwatson * Main routine to process command line options. 137155131Srwatson */ 138155131Srwatsonint 139155131Srwatsonmain(int argc, char **argv) 140155131Srwatson{ 141155364Srwatson int ch; 142155131Srwatson unsigned int trigger = 0; 143155131Srwatson 144155131Srwatson if (argc != 2) 145155131Srwatson usage(); 146155131Srwatson 147189279Srwatson while ((ch = getopt(argc, argv, "einst")) != -1) { 148155131Srwatson switch(ch) { 149155131Srwatson 150189279Srwatson case 'e': 151189279Srwatson trigger = AUDIT_TRIGGER_EXPIRE_TRAILS; 152189279Srwatson break; 153189279Srwatson 154186647Srwatson case 'i': 155186647Srwatson trigger = AUDIT_TRIGGER_INITIALIZE; 156186647Srwatson break; 157186647Srwatson 158155131Srwatson case 'n': 159162503Srwatson trigger = AUDIT_TRIGGER_ROTATE_USER; 160155131Srwatson break; 161155131Srwatson 162155131Srwatson case 's': 163155131Srwatson trigger = AUDIT_TRIGGER_READ_FILE; 164155131Srwatson break; 165155131Srwatson 166155131Srwatson case 't': 167155131Srwatson trigger = AUDIT_TRIGGER_CLOSE_AND_DIE; 168155131Srwatson break; 169155131Srwatson 170155131Srwatson case '?': 171155131Srwatson default: 172155131Srwatson usage(); 173155131Srwatson break; 174155131Srwatson } 175155131Srwatson } 176185573Srwatson if (send_trigger(trigger) < 0) 177155131Srwatson exit(-1); 178185573Srwatson 179185573Srwatson printf("Trigger sent.\n"); 180185573Srwatson exit (0); 181155131Srwatson} 182