audit.c revision 185573
1/*- 2 * Copyright (c) 2005-2008 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15 * its contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#11 $ 30 */ 31/* 32 * Program to trigger the audit daemon with a message that is either: 33 * - Open a new audit log file 34 * - Read the audit control file and take action on it 35 * - Close the audit log file and exit 36 * 37 */ 38 39#include <sys/types.h> 40#include <config/config.h> 41#ifdef HAVE_FULL_QUEUE_H 42#include <sys/queue.h> 43#else /* !HAVE_FULL_QUEUE_H */ 44#include <compat/queue.h> 45#endif /* !HAVE_FULL_QUEUE_H */ 46#include <sys/uio.h> 47 48#include <bsm/libbsm.h> 49 50#include <fcntl.h> 51#include <stdio.h> 52#include <stdlib.h> 53#include <unistd.h> 54 55 56static int send_trigger(unsigned int); 57 58#ifdef USE_MACH_IPC 59#include <mach/mach.h> 60#include <servers/netname.h> 61#include <mach/message.h> 62#include <mach/port.h> 63#include <mach/mach_error.h> 64#include <mach/host_special_ports.h> 65#include <servers/bootstrap.h> 66 67#include "auditd_control_user.h" 68 69static int 70send_trigger(unsigned int trigger) 71{ 72 mach_port_t serverPort; 73 kern_return_t error; 74 75 error = host_get_audit_control_port(mach_host_self(), &serverPort); 76 if (error != KERN_SUCCESS) { 77 mach_error("Cannot get auditd_control Mach port: ", error); 78 return (-1); 79 } 80 81 error = auditd_control(serverPort, trigger); 82 if (error != KERN_SUCCESS) { 83 mach_error("Error sending trigger: ", error); 84 return (-1); 85 } 86 87 return (0); 88} 89 90#else /* ! USE_MACH_IPC */ 91 92static int 93send_trigger(unsigned int trigger) 94{ 95 int error; 96 97 error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)); 98 if (error != 0) { 99 perror("Error sending trigger"); 100 return (-1); 101 } 102 103 return (0); 104} 105#endif /* ! USE_MACH_IPC */ 106 107static void 108usage(void) 109{ 110 111 (void)fprintf(stderr, "Usage: audit -n | -s | -t \n"); 112 exit(-1); 113} 114 115/* 116 * Main routine to process command line options. 117 */ 118int 119main(int argc, char **argv) 120{ 121 int ch; 122 unsigned int trigger = 0; 123 124 if (argc != 2) 125 usage(); 126 127 while ((ch = getopt(argc, argv, "nst")) != -1) { 128 switch(ch) { 129 130 case 'n': 131 trigger = AUDIT_TRIGGER_ROTATE_USER; 132 break; 133 134 case 's': 135 trigger = AUDIT_TRIGGER_READ_FILE; 136 break; 137 138 case 't': 139 trigger = AUDIT_TRIGGER_CLOSE_AND_DIE; 140 break; 141 142 case '?': 143 default: 144 usage(); 145 break; 146 } 147 } 148 if (send_trigger(trigger) < 0) 149 exit(-1); 150 151 printf("Trigger sent.\n"); 152 exit (0); 153} 154