audit.c revision 189279
1/*- 2 * Copyright (c) 2005-2009 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 15 * its contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#14 $ 30 */ 31/* 32 * Program to trigger the audit daemon with a message that is either: 33 * - Open a new audit log file 34 * - Read the audit control file and take action on it 35 * - Close the audit log file and exit 36 * 37 */ 38 39#include <sys/types.h> 40#include <config/config.h> 41#ifdef HAVE_FULL_QUEUE_H 42#include <sys/queue.h> 43#else /* !HAVE_FULL_QUEUE_H */ 44#include <compat/queue.h> 45#endif /* !HAVE_FULL_QUEUE_H */ 46#include <sys/uio.h> 47 48#include <bsm/libbsm.h> 49 50#include <errno.h> 51#include <fcntl.h> 52#include <stdio.h> 53#include <stdlib.h> 54#include <unistd.h> 55 56 57static int send_trigger(unsigned int); 58 59#ifdef USE_MACH_IPC 60#include <mach/mach.h> 61#include <servers/netname.h> 62#include <mach/message.h> 63#include <mach/port.h> 64#include <mach/mach_error.h> 65#include <mach/host_special_ports.h> 66#include <servers/bootstrap.h> 67 68#include "auditd_control.h" 69 70/* 71 * XXX The following are temporary until these can be added to the kernel 72 * audit.h header. 73 */ 74#ifndef AUDIT_TRIGGER_INITIALIZE 75#define AUDIT_TRIGGER_INITIALIZE 7 76#endif 77#ifndef AUDIT_TRIGGER_EXPIRE_TRAILS 78#define AUDIT_TRIGGER_EXPIRE_TRAILS 8 79#endif 80 81static int 82send_trigger(unsigned int trigger) 83{ 84 mach_port_t serverPort; 85 kern_return_t error; 86 87 error = host_get_audit_control_port(mach_host_self(), &serverPort); 88 if (error != KERN_SUCCESS) { 89 if (geteuid() != 0) { 90 errno = EPERM; 91 perror("audit requires root privileges"); 92 } else 93 mach_error("Cannot get auditd_control Mach port:", 94 error); 95 return (-1); 96 } 97 98 error = auditd_control(serverPort, trigger); 99 if (error != KERN_SUCCESS) { 100 mach_error("Error sending trigger: ", error); 101 return (-1); 102 } 103 104 return (0); 105} 106 107#else /* ! USE_MACH_IPC */ 108 109static int 110send_trigger(unsigned int trigger) 111{ 112 int error; 113 114 error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)); 115 if (error != 0) { 116 if (error == EPERM) 117 perror("audit requires root privileges"); 118 else 119 perror("Error sending trigger"); 120 return (-1); 121 } 122 123 return (0); 124} 125#endif /* ! USE_MACH_IPC */ 126 127static void 128usage(void) 129{ 130 131 (void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n"); 132 exit(-1); 133} 134 135/* 136 * Main routine to process command line options. 137 */ 138int 139main(int argc, char **argv) 140{ 141 int ch; 142 unsigned int trigger = 0; 143 144 if (argc != 2) 145 usage(); 146 147 while ((ch = getopt(argc, argv, "einst")) != -1) { 148 switch(ch) { 149 150 case 'e': 151 trigger = AUDIT_TRIGGER_EXPIRE_TRAILS; 152 break; 153 154 case 'i': 155 trigger = AUDIT_TRIGGER_INITIALIZE; 156 break; 157 158 case 'n': 159 trigger = AUDIT_TRIGGER_ROTATE_USER; 160 break; 161 162 case 's': 163 trigger = AUDIT_TRIGGER_READ_FILE; 164 break; 165 166 case 't': 167 trigger = AUDIT_TRIGGER_CLOSE_AND_DIE; 168 break; 169 170 case '?': 171 default: 172 usage(); 173 break; 174 } 175 } 176 if (send_trigger(trigger) < 0) 177 exit(-1); 178 179 printf("Trigger sent.\n"); 180 exit (0); 181} 182