audit_halt.c revision 12160:f00ea86e54a6
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25#include <sys/types.h> 26#include <stdio.h> 27#include <unistd.h> 28#include <sys/fcntl.h> 29#include <bsm/audit.h> 30#include <bsm/audit_record.h> 31#include <bsm/audit_uevents.h> 32#include <bsm/libbsm.h> 33#include <bsm/audit_private.h> 34#include <stdlib.h> 35#include <string.h> 36#include <syslog.h> 37#include <netinet/in.h> 38#include <libgen.h> 39#include <generic.h> 40 41#ifdef C2_DEBUG 42#define dprintf(x) { (void) printf x; } 43#else 44#define dprintf(x) 45#endif 46 47static int audit_halt_generic(int); 48 49/* ARGSUSED */ 50int 51audit_halt_setup(int argc, char **argv) 52{ 53 char *cmdname; 54 55 dprintf(("audit_halt_setup()\n")); 56 57 if (cannot_audit(0)) { 58 return (0); 59 } 60 61 cmdname = basename(*argv); 62 63 aug_init(); 64 65 if (strcmp(cmdname, "halt") == 0) 66 aug_save_event(AUE_halt_solaris); 67 else if (strcmp(cmdname, "poweroff") == 0) 68 aug_save_event(AUE_poweroff_solaris); 69 else 70 exit(1); 71 (void) aug_save_me(); 72 return (0); 73} 74 75int 76audit_halt_fail() 77{ 78 return (audit_halt_generic(-1)); 79} 80 81int 82audit_halt_success() 83{ 84 int res = 0; 85 86 (void) audit_halt_generic(0); 87 88 /* wait for audit daemon to put halt message onto audit trail */ 89 if (!cannot_audit(0)) { 90 int cond = AUC_NOAUDIT; 91 int canaudit; 92 93 (void) sleep(1); 94 95 /* find out if audit daemon is running */ 96 (void) auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond)); 97 canaudit = ((cond == AUC_AUDITING) || (cond == AUC_NOSPACE)); 98 99 /* turn off audit daemon and try to flush audit queue */ 100 if (canaudit && system("/usr/sbin/audit -T")) 101 res = -1; 102 else 103 /* give a chance for syslogd to do the job */ 104 (void) sleep(5); 105 } 106 107 return (res); 108} 109 110int 111audit_halt_generic(sorf) 112 int sorf; 113{ 114 int r; 115 116 dprintf(("audit_halt_generic(%d)\n", sorf)); 117 118 if (cannot_audit(0)) { 119 return (0); 120 } 121 122 aug_save_sorf(sorf); 123 r = aug_audit(); 124 125 return (r); 126} 127