audit_halt.c revision 11706:cd830a066051
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#include <sys/types.h> 27#include <stdio.h> 28#include <unistd.h> 29#include <sys/fcntl.h> 30#include <bsm/audit.h> 31#include <bsm/audit_record.h> 32#include <bsm/audit_uevents.h> 33#include <bsm/libbsm.h> 34#include <bsm/audit_private.h> 35#include <stdlib.h> 36#include <string.h> 37#include <syslog.h> 38#include <netinet/in.h> 39#include <libgen.h> 40#include <generic.h> 41 42#ifdef C2_DEBUG 43#define dprintf(x) { (void) printf x; } 44#else 45#define dprintf(x) 46#endif 47 48static int audit_halt_generic(int); 49 50/* ARGSUSED */ 51int 52audit_halt_setup(int argc, char **argv) 53{ 54 char *cmdname; 55 56 dprintf(("audit_halt_setup()\n")); 57 58 if (cannot_audit(0)) { 59 return (0); 60 } 61 62 cmdname = basename(*argv); 63 64 aug_init(); 65 66 if (strcmp(cmdname, "halt") == 0) 67 aug_save_event(AUE_halt_solaris); 68 else if (strcmp(cmdname, "poweroff") == 0) 69 aug_save_event(AUE_poweroff_solaris); 70 else 71 exit(1); 72 (void) aug_save_me(); 73 return (0); 74} 75 76int 77audit_halt_fail() 78{ 79 return (audit_halt_generic(-1)); 80} 81 82int 83audit_halt_success() 84{ 85 int res = 0; 86 87 (void) audit_halt_generic(0); 88 89 /* wait for audit daemon to put halt message onto audit trail */ 90 if (!cannot_audit(0)) { 91 int cond = AUC_NOAUDIT; 92 int canaudit; 93 94 (void) sleep(1); 95 96 /* find out if audit daemon is running */ 97 (void) auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond)); 98 canaudit = ((cond == AUC_AUDITING) || (cond == AUC_NOSPACE)); 99 100 /* turn off audit daemon and try to flush audit queue */ 101 if (canaudit && system("/usr/sbin/audit -t")) 102 res = -1; 103 else 104 /* give a chance for syslogd to do the job */ 105 (void) sleep(5); 106 } 107 108 return (res); 109} 110 111int 112audit_halt_generic(sorf) 113 int sorf; 114{ 115 int r; 116 117 dprintf(("audit_halt_generic(%d)\n", sorf)); 118 119 if (cannot_audit(0)) { 120 return (0); 121 } 122 123 aug_save_sorf(sorf); 124 r = aug_audit(); 125 126 return (r); 127} 128