audit.c revision f89940742f5d14dde79b69b98a414dd7b7f585c7
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <fcntl.h>
#include <libscf.h>
#include <secdb.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <locale.h>
#include <zone.h>
#include <audit_scf.h>
#if !defined(TEXT_DOMAIN)
#define TEXT_DOMAIN "SUNW_OST_OSCMD"
#endif
#define VERIFY -1
/* GLOBALS */
static char *progname = "audit";
static char *usage = "audit [-n] | [-s] | [-t] | [-v]";
static int silent = 0;
static void display_smf_error();
static void start_auditd(); /* start audit daemon */
static int sig_auditd(int); /* send signal to auditd */
/*
* audit() - This program serves as a general administrator's interface to
* the audit trail. Only one option is valid at a time.
*
* input:
* audit -s
* - signal audit daemon to read audit configuration and
* start auditd if needed.
* audit -n
* - signal audit daemon to use next audit_binfile directory.
* audit -t
* - signal audit daemon to disable auditing.
* audit -T
* - signal audit daemon to temporarily disable auditing reporting
* no errors.
* audit -v
* - validate audit configuration parameters;
* Print errors or "configuration ok".
*
*
* output:
*
* returns: 0 - command successful
* >0 - command failed
*/
int
{
int c;
/* Internationalization */
(void) textdomain(TEXT_DOMAIN);
/* second or more options not allowed; please pick one */
if (argc > 2) {
exit(1);
}
/* first option required */
exit(1);
}
switch (c) {
case 'n':
exit(1);
if (sig_auditd(SIGUSR1) != 0)
exit(1);
break;
case 's':
exit(1);
else if (!is_audit_config_ok())
exit(1);
start_auditd();
return (0);
case 't':
if (!is_valid_zone(0)) /* 0 == no error message display */
exit(1);
if (smf_disable_instance(AUDITD_FMRI, 0) != 0) {
exit(1);
}
break;
case 'T':
silent = 1;
if (!is_valid_zone(0)) /* 0 == no error message display */
exit(1);
exit(1);
}
break;
case 'v':
if (is_audit_config_ok()) {
exit(0);
} else {
exit(1);
}
break;
default:
exit(1);
}
return (0);
}
/*
* sig_auditd(sig)
*
* send a signal to auditd service
*
* returns: 0 - successful
* 1 - error
*/
static int
sig_auditd(int sig)
{
SCF_PROPERTY_CONTRACT)) == NULL) {
return (1);
}
if ((scf_simple_prop_numvalues(prop) < 0) ||
return (1);
}
perror("audit: can't signal auditd");
return (1);
}
return (0);
}
/*
* perform reasonableness check on audit configuration
*/
static boolean_t
char *cval_str;
int cval_int;
/*
* There must be at least one active plugin configured; if the
* configured plugin is audit_binfile(5), then the p_dir must not be
* empty.
*/
gettext("Could not get plugin configuration.\n"));
exit(1);
}
while (plugin_kva_ll != NULL) {
if (!one_plugin_enabled) {
}
}
"audit_binfile") == 0) {
gettext("%s: audit_binfile(5) \"p_dir:\" "
"attribute empty\n"), progname);
} else if (!contains_valid_dirs(cval_str)) {
gettext("%s: audit_binfile(5) \"p_dir:\" "
"attribute invalid\n"), progname);
}
gettext("%s: audit_binfile(5) "
"\"p_minfree:\" attribute invalid\n"),
progname);
}
}
}
if (!one_plugin_enabled) {
progname);
}
return (state);
}
/*
* The operations that call this function are only valid in the global
* zone unless the perzone audit policy is set.
*
* "!silent" and "show_err" are slightly different; silent is from
* -T for which no error messages should be displayed and show_err
* applies to more options (including -T)
*
*/
static boolean_t
{
if (!silent) {
"%s: Cannot read audit policy: %s\n"),
}
return (0);
}
if (policy & AUDIT_PERZONE)
return (1);
if (getzoneid() != GLOBAL_ZONEID) {
if (show_err)
gettext("%s: Not valid in a local zone.\n"),
progname);
return (0);
} else {
return (1);
}
}
/*
* Verify, whether the dirs_str contains at least one currently valid path to
* the directory. All invalid paths are reported. In case no valid directory
* path is found function returns B_FALSE, otherwise B_TRUE.
*/
static boolean_t
contains_valid_dirs(char *dirs_str)
{
char *tok_ptr;
char *tok_lasts;
return (rc);
}
if (validate_path(tok_ptr)) {
} else {
}
if (validate_path(tok_ptr)) {
} else {
}
}
}
if (rc && !rc_validate_path) {
"directory path found\n"), progname);
}
return (rc);
}
/*
* Verify, that the dir_path is path to a directory.
*/
static boolean_t
validate_path(char *dir_path)
{
return (rc);
}
} else {
}
return (rc);
}
/*
* if auditd isn't running, start it. Otherwise refresh.
* First check to see if c2audit is loaded via the auditon()
* system call, then check SMF state.
*/
static void
{
int audit_state;
char *state;
sizeof (audit_state)) != 0)
exit(1);
exit(1);
}
if (smf_enable_instance(AUDITD_FMRI, 0) != 0) {
exit(1);
}
} else {
if (smf_refresh_instance(AUDITD_FMRI) != 0) {
exit(1);
}
}
}
static void
{
switch (rc) {
case SCF_ERROR_NOT_FOUND:
"SMF error: \"%s\" not found.\n",
break;
default:
break;
}
}