1 /* 2 * Copyright (c) 2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 17 * its contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 * 33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#5 $ 34 */ 35 36 #include <sys/types.h> 37 #include <unistd.h> 38 #include <stdio.h> 39 40 #include "auditd.h" 41 42 /* 43 * Write an audit-related error to the system log via syslog(3). 44 */ 45 static int 46 auditwarnlog(char *args[]) 47 { 48 char *loc_args[9]; 49 pid_t pid; 50 int i; 51 52 loc_args[0] = AUDITWARN_SCRIPT; 53 for (i = 0; args[i] != NULL && i < 8; i++) 54 loc_args[i+1] = args[i]; 55 loc_args[i+1] = NULL; 56 57 pid = fork(); 58 if (pid == -1) 59 return (-1); 60 if (pid == 0) { 61 /* 62 * Child. 63 */ 64 execv(AUDITWARN_SCRIPT, loc_args); 65 syslog(LOG_ERR, "Could not exec %s (%m)\n", 66 AUDITWARN_SCRIPT); 67 exit(1); 68 } 69 /* 70 * Parent. 71 */ 72 return (0); 73 } 74 75 /* 76 * Indicates that the hard limit for all filesystems has been exceeded count 77 * times. 78 */ 79 int 80 audit_warn_allhard(int count) 81 { 82 char intstr[12]; 83 char *args[3]; 84 85 snprintf(intstr, 12, "%d", count); 86 87 args[0] = HARDLIM_ALL_WARN; 88 args[1] = intstr; 89 args[2] = NULL; 90 91 return (auditwarnlog(args)); 92 } 93 94 /* 95 * Indicates that the soft limit for all filesystems has been exceeded. 96 */ 97 int 98 audit_warn_allsoft(void) 99 { 100 char *args[2]; 101 102 args[0] = SOFTLIM_ALL_WARN; 103 args[1] = NULL; 104 105 return (auditwarnlog(args)); 106 } 107 108 /* 109 * Indicates that someone other than the audit daemon turned off auditing. 110 * XXX Its not clear at this point how this function will be invoked. 111 * 112 * XXXRW: This function is not used. 113 */ 114 int 115 audit_warn_auditoff(void) 116 { 117 char *args[2]; 118 119 args[0] = AUDITOFF_WARN; 120 args[1] = NULL; 121 122 return (auditwarnlog(args)); 123 } 124 125 /* 126 * Indicates that the audit deammn is already running 127 */ 128 int 129 audit_warn_ebusy(void) 130 { 131 char *args[2]; 132 133 args[0] = EBUSY_WARN; 134 args[1] = NULL; 135 136 return (auditwarnlog(args)); 137 } 138 139 /* 140 * Indicates that there is a problem getting the directory from 141 * audit_control. 142 * 143 * XXX Note that we take the filename instead of a count as the argument here 144 * (different from BSM). 145 */ 146 int 147 audit_warn_getacdir(char *filename) 148 { 149 char *args[3]; 150 151 args[0] = GETACDIR_WARN; 152 args[1] = filename; 153 args[2] = NULL; 154 155 return (auditwarnlog(args)); 156 } 157 158 /* 159 * Indicates that the hard limit for this file has been exceeded. 160 */ 161 int 162 audit_warn_hard(char *filename) 163 { 164 char *args[3]; 165 166 args[0] = HARDLIM_WARN; 167 args[1] = filename; 168 args[2] = NULL; 169 170 return (auditwarnlog(args)); 171 } 172 173 /* 174 * Indicates that auditing could not be started. 175 */ 176 int 177 audit_warn_nostart(void) 178 { 179 char *args[2]; 180 181 args[0] = NOSTART_WARN; 182 args[1] = NULL; 183 184 return (auditwarnlog(args)); 185 } 186 187 /* 188 * Indicaes that an error occrred during the orderly shutdown of the audit 189 * daemon. 190 */ 191 int 192 audit_warn_postsigterm(void) 193 { 194 char *args[2]; 195 196 args[0] = POSTSIGTERM_WARN; 197 args[1] = NULL; 198 199 return (auditwarnlog(args)); 200 } 201 202 /* 203 * Indicates that the soft limit for this file has been exceeded. 204 */ 205 int 206 audit_warn_soft(char *filename) 207 { 208 char *args[3]; 209 210 args[0] = SOFTLIM_WARN; 211 args[1] = filename; 212 args[2] = NULL; 213 214 return (auditwarnlog(args)); 215 } 216 217 /* 218 * Indicates that the temporary audit file already exists indicating a fatal 219 * error. 220 */ 221 int 222 audit_warn_tmpfile(void) 223 { 224 char *args[2]; 225 226 args[0] = TMPFILE_WARN; 227 args[1] = NULL; 228 229 return (auditwarnlog(args)); 230 } 231