summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/bin/auditd/audit_warn.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/bin/auditd/audit_warn.c')
-rw-r--r--contrib/openbsm/bin/auditd/audit_warn.c230
1 files changed, 230 insertions, 0 deletions
diff --git a/contrib/openbsm/bin/auditd/audit_warn.c b/contrib/openbsm/bin/auditd/audit_warn.c
new file mode 100644
index 0000000..4a19984
--- /dev/null
+++ b/contrib/openbsm/bin/auditd/audit_warn.c
@@ -0,0 +1,230 @@
+/*
+ * Copyright (c) 2005 Apple Computer, Inc.
+ * All rights reserved.
+ *
+ * @APPLE_BSD_LICENSE_HEADER_START@
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * its contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * @APPLE_BSD_LICENSE_HEADER_END@
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#5 $
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#include "auditd.h"
+
+/*
+ * Write an audit-related error to the system log via syslog(3).
+ */
+static int
+auditwarnlog(char *args[])
+{
+ char *loc_args[9];
+ pid_t pid;
+ int i;
+
+ loc_args[0] = AUDITWARN_SCRIPT;
+ for (i = 0; args[i] != NULL && i < 8; i++)
+ loc_args[i+1] = args[i];
+ loc_args[i+1] = NULL;
+
+ pid = fork();
+ if (pid == -1)
+ return (-1);
+ if (pid == 0) {
+ /*
+ * Child.
+ */
+ execv(AUDITWARN_SCRIPT, loc_args);
+ syslog(LOG_ERR, "Could not exec %s (%m)\n",
+ AUDITWARN_SCRIPT);
+ exit(1);
+ }
+ /*
+ * Parent.
+ */
+ return (0);
+}
+
+/*
+ * Indicates that the hard limit for all filesystems has been exceeded count
+ * times.
+ */
+int
+audit_warn_allhard(int count)
+{
+ char intstr[12];
+ char *args[3];
+
+ snprintf(intstr, 12, "%d", count);
+
+ args[0] = HARDLIM_ALL_WARN;
+ args[1] = intstr;
+ args[2] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that the soft limit for all filesystems has been exceeded.
+ */
+int
+audit_warn_allsoft(void)
+{
+ char *args[2];
+
+ args[0] = SOFTLIM_ALL_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that someone other than the audit daemon turned off auditing.
+ * XXX Its not clear at this point how this function will be invoked.
+ *
+ * XXXRW: This function is not used.
+ */
+int
+audit_warn_auditoff(void)
+{
+ char *args[2];
+
+ args[0] = AUDITOFF_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that the audit deammn is already running
+ */
+int
+audit_warn_ebusy(void)
+{
+ char *args[2];
+
+ args[0] = EBUSY_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that there is a problem getting the directory from
+ * audit_control.
+ *
+ * XXX Note that we take the filename instead of a count as the argument here
+ * (different from BSM).
+ */
+int
+audit_warn_getacdir(char *filename)
+{
+ char *args[3];
+
+ args[0] = GETACDIR_WARN;
+ args[1] = filename;
+ args[2] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that the hard limit for this file has been exceeded.
+ */
+int
+audit_warn_hard(char *filename)
+{
+ char *args[3];
+
+ args[0] = HARDLIM_WARN;
+ args[1] = filename;
+ args[2] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that auditing could not be started.
+ */
+int
+audit_warn_nostart(void)
+{
+ char *args[2];
+
+ args[0] = NOSTART_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicaes that an error occrred during the orderly shutdown of the audit
+ * daemon.
+ */
+int
+audit_warn_postsigterm(void)
+{
+ char *args[2];
+
+ args[0] = POSTSIGTERM_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that the soft limit for this file has been exceeded.
+ */
+int
+audit_warn_soft(char *filename)
+{
+ char *args[3];
+
+ args[0] = SOFTLIM_WARN;
+ args[1] = filename;
+ args[2] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
+ * Indicates that the temporary audit file already exists indicating a fatal
+ * error.
+ */
+int
+audit_warn_tmpfile(void)
+{
+ char *args[2];
+
+ args[0] = TMPFILE_WARN;
+ args[1] = NULL;
+
+ return (auditwarnlog(args));
+}
OpenPOWER on IntegriCloud