auditd.tproj/audit_warn.c

   1 /*
   2  * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * "Portions Copyright (c) 2004 Apple Computer, Inc.  All Rights
   7  * Reserved.  This file contains Original Code and/or Modifications of
   8  * Original Code as defined in and that are subject to the Apple Public
   9  * Source License Version 1.0 (the 'License').  You may not use this file
  10  * except in compliance with the License.  Please obtain a copy of the
  11  * License at http://www.apple.com/publicsource and read it before using
  12  * this file.
  13  *
  14  * The Original Code and all software distributed under the License are
  15  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  16  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  17  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  18  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  19  * License for the specific language governing rights and limitations
  20  * under the License."
  21  *
  22  * @APPLE_LICENSE_HEADER_END@
  23  */
  24
  25 #include <sys/types.h>
  26 #include <unistd.h>
  27 #include <stdio.h>
  28
  29 #include <auditd.h>
  30
  31 /* Write to the audit log. */
  32 static int auditwarnlog(char *args[])
  33 {
  34         char *loc_args[9];
  35         int i;
  36         pid_t pid;
  37         loc_args[0] = AUDITWARN_SCRIPT;
  38         for (i = 0; args[i] != NULL && i < 8; i++) {
  39                 loc_args[i+1] = args[i];
  40         }
  41         loc_args[i+1] = NULL;
  42
  43         pid = fork();
  44         if (pid == 0) {
  45         return execv(AUDITWARN_SCRIPT, loc_args);
  46                 /* not reached */
  47                 exit(1);
  48         } else if (pid == -1) {
  49                 return -1;
  50         } else {
  51                 return 0;
  52         }
  53 }
  54
  55 /*
  56  * Indicates that the hard limit for all filesystems
  57  * has been exceeded count times
  58  */
  59 int audit_warn_allhard(int count)
  60 {
  61         char intstr[12];
  62         char *args[3];
  63
  64         snprintf(intstr, 12, "%d", count);
  65
  66         args[0] = HARDLIM_ALL_WARN;
  67         args[1] = intstr;
  68         args[2] = NULL;
  69
  70         return auditwarnlog(args);
  71 }
  72
  73 /*
  74  * Indicates that the soft limit for all filesystems
  75  * has been exceeded
  76  */
  77 int audit_warn_allsoft()
  78 {
  79         char *args[2];
  80
  81         args[0] = SOFTLIM_ALL_WARN;
  82         args[1] = NULL;
  83
  84         return auditwarnlog(args);
  85 }
  86
  87 /*
  88  * Indicates that someone other than the audit daemon
  89  * turned off auditing
  90  * XXX Its not clear at this point how this function will
  91  * XXX be invoked
  92  */
  93 int audit_warn_auditoff()
  94 {
  95         char *args[2];
  96
  97         args[0] = AUDITOFF_WARN;
  98         args[1] = NULL;
  99
 100         return auditwarnlog(args);
 101 }
 102
 103 /*
 104  * Indicates that the audit deammn is already running
 105  */
 106 int audit_warn_ebusy()
 107 {
 108         char *args[2];
 109
 110         args[0] = EBUSY_WARN;
 111         args[1] = NULL;
 112
 113         return auditwarnlog(args);
 114
 115 }
 116
 117 /*
 118  * Indicates that there is a problem getting the directory
 119  * from audit_control
 120  *
 121  * XXX Note that we take the filename instead of a count
 122  * XXX as the argument here (different from BSM)
 123  */
 124 int audit_warn_getacdir(char *filename)
 125 {
 126         char *args[3];
 127
 128         args[0] = GETACDIR_WARN;
 129         args[1] = filename;
 130         args[2] = NULL;
 131
 132         return auditwarnlog(args);
 133 }
 134
 135
 136 /*
 137  * Indicates that the hard limit for this file has been
 138  * exceeded
 139  */
 140 int audit_warn_hard(char *filename)
 141 {
 142         char *args[3];
 143
 144         args[0] = HARDLIM_WARN;
 145         args[1] = filename;
 146         args[2] = NULL;
 147
 148         return auditwarnlog(args);
 149
 150 }
 151
 152 /*
 153  * Indicates that auditing could not be started
 154  */
 155 int audit_warn_nostart()
 156 {
 157         char *args[2];
 158
 159         args[0] = NOSTART_WARN;
 160         args[1] = NULL;
 161
 162         return auditwarnlog(args);
 163 }
 164
 165 /*
 166  * Indicaes that an error occrred during the orderly shutdown
 167  * of the audit daemon
 168  */
 169 int audit_warn_postsigterm()
 170 {
 171         char *args[2];
 172
 173         args[0] = POSTSIGTERM_WARN;
 174         args[1] = NULL;
 175
 176         return auditwarnlog(args);
 177 }
 178
 179 /*
 180  * Indicates that the soft limit for this file has been
 181  * exceeded
 182  */
 183 int audit_warn_soft(char *filename)
 184 {
 185         char *args[3];
 186
 187         args[0] = SOFTLIM_WARN;
 188         args[1] = filename;
 189         args[2] = NULL;
 190
 191         return auditwarnlog(args);
 192
 193 }
 194
 195 /*
 196  * Indicates that the temporary audit file already exists
 197  * indicating a fatal error
 198  */
 199 int audit_warn_tmpfile()
 200 {
 201         char *args[2];
 202
 203         args[0] = TMPFILE_WARN;
 204         args[1] = NULL;
 205
 206         return auditwarnlog(args);
 207 }