upstream/oracle/onnv-gate-zfscrypto: usr/src/cmd/audit/audit.c@707ff18f9994 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	5	* Common Development and Distribution License (the "License").
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	/*
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	22	* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	23	* Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	#pragma ident "%Z%%M% %I% %E% SMI"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27	#include <fcntl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	#include <libscf.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	#include <secdb.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	#include <stdlib.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	#include <stdio.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	#include <string.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#include <sys/file.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	#include <sys/types.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	#include <sys/wait.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	#include <signal.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	#include <sys/param.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	#include <unistd.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	#include <bsm/audit.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	#include <bsm/libbsm.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	#include <locale.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	#include <audit_sig_infc.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	#include <zone.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	#if !defined(TEXT_DOMAIN)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	#define TEXT_DOMAIN "SUNW_OST_OSCMD"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	#define VERIFY -1
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	/* GLOBALS */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	static char *auditdatafile = AUDITDATAFILE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	static char *progname = "audit";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	static char *usage = "audit [-n] \| [-s] \| [-t] \| [-v filepath]";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	static int silent = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	static char *instance_name = "svc:/system/auditd:default";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	static int get_auditd_pid();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	static void display_smf_error();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	static boolean_t is_audit_control_ok(char ); / file validation */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	static boolean_t is_valid_zone(boolean_t); /* operation ok in this zone? */
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	63	static int start_auditd(); /* start audit daemon */
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	* audit() - This program serves as a general administrator's interface to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	* the audit trail. Only one option is valid at a time.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	* input:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	* audit -s
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	* - signal audit daemon to read audit_control file and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	* start auditd if needed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	* audit -n
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	* - signal audit daemon to use next audit_control audit directory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	* audit -t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	* - signal audit daemon to disable auditing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	* audit -T
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* - signal audit daemon to disable auditing report no errors.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	* audit -v filepath
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	* - validate audit_control parameters but use filepath for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* the name. Emit errors or "syntax ok"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	* output:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	* returns: 0 - command successful
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	* >0 - command failed
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89
394 619122fcc9cd 6268943 cmd/allocate and gcc don't get along paulson parents: 0 diff changeset	90	int
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	main(int argc, char *argv[])
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	pid_t pid; /* process id of auditd read from auditdatafile */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94	int sig = 0; /* signal to send auditd */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	char c;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96	char *first_option;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98	/* Internationalization */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	(void) setlocale(LC_ALL, "");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	(void) textdomain(TEXT_DOMAIN);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	if (getuid() != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	(void) fprintf(stderr, gettext("%s: not super-user\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	exit(2);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	/* first option required */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	if ((c = getopt(argc, argv, "nstTv:")) == -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109	(void) fprintf(stderr, gettext("usage: %s\n"), usage);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	exit(3);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	first_option = optarg;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	/* second or more options not allowed; please pick one */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114	if (getopt(argc, argv, "nstTv:") != -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	(void) fprintf(stderr, gettext("usage: %s\n"), usage);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	exit(5);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	switch (c) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	case 'n':
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	if (!is_valid_zone(1)) /* 1 == display error if any */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	exit(10);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	sig = AU_SIG_NEXT_DIR;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	case 's':
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	if (!is_valid_zone(1)) /* 1 == display error if any */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	exit(10);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	else if (!is_audit_control_ok(NULL))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	exit(7);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	131	return (start_auditd());
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	case 't':
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	if (!is_valid_zone(0)) /* 0 == no error message display */
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	134	exit(10);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	135	/* use bmsunconv to permanently disable, -t for temporary */
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	136	if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	display_smf_error();
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	138	exit(11);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	139	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	case 'T':
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	142	silent = 1;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	if (!is_valid_zone(0)) /* 0 == no error message display */
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	144	exit(10);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	146	if (smf_disable_instance(instance_name, SMF_TEMPORARY) != 0) {
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	147	exit(11);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	148	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150	case 'v':
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151	if (is_audit_control_ok(first_option)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	(void) fprintf(stderr, gettext("syntax ok\n"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153	exit(0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	exit(8);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	(void) fprintf(stderr, gettext("usage: %s\n"), usage);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160	exit(6);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	162
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	163	if (sig != 0) {
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	164	if (get_auditd_pid(&pid) != 0) {
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	165	(void) fprintf(stderr, "%s: %s\n", progname,
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	166	gettext("can't get process id of auditd from "
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	167	"audit_data(4)"));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168	exit(4);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	169	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	170
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	171	if (kill(pid, sig) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	perror(progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	gettext("%s: cannot signal auditd\n"), progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	exit(1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	* get_auditd_pid(&pid):
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185	* reads PID from audit_data
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187	* returns: 0 - successful
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188	* 1 - error
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	get_auditd_pid(pid_t *p_pid)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194	FILE adp; / audit_data file pointer */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	int retstat;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	if ((adp = fopen(auditdatafile, "r")) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198	if (!silent)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	perror(progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	return (1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	retstat = (fscanf(adp, "%ld", p_pid) != 1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	(void) fclose(adp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204	return (retstat);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208	* perform reasonableness check on audit_control or its standin; goal
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	* is that "audit -s" (1) not crash the system and (2) c2audit/auditd
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	* actually generates data.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	* A NULL input is ok -- it is used to tell _openac() to use the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213	* real audit_control file, not a substitute.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	#define TRADITIONAL_MAX 1024
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217	static boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	is_audit_control_ok(char *filename) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219	char buf[TRADITIONAL_MAX];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	int outputs = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	int state = 1; /* 1 is ok, 0 is not */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222	int rc;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	int min;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	kva_t *kvlist;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225	char *value;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	au_acinfo_t *ach;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228	ach = _openac(filename); /* open audit_control */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229	if (ach == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	perror(progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	231	exit(9);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	233	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	* There must be at least one directory or one plugin
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	* defined.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	236	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	237	if ((rc = _getacdir(ach, buf, TRADITIONAL_MAX)) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	238	outputs++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239	} else if (rc < -1) { /* -1 is not found, others are errors */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	240	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	gettext("%s: audit_control \"dir:\" spec invalid\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	* _getacplug -- all that is of interest is the return code.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	_rewindac(ach); /* rewind audit_control */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	if ((rc = _getacplug(ach, &kvlist)) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251	value = kva_match(kvlist, "name");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	if (value == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	(void) fprintf(stderr, gettext("%s: audit_control "
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254	"\"plugin:\" missing name\n"), progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258	outputs++;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260	_kva_free(kvlist);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	} else if (rc < -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	gettext("%s: audit_control \"plugin:\" spec invalid\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267	if (outputs == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	gettext("%s: audit_control must have either a "
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270	"\"dir:\" or a \"plugin:\" specified.\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	/* minfree is not required */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275	_rewindac(ach);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	if ((rc = _getacmin(ach, &min)) < -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278	gettext(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279	"%s: audit_control \"minfree:\" spec invalid\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283	/* flags is not required */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	_rewindac(ach);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	if ((rc = _getacflg(ach, buf, TRADITIONAL_MAX)) < -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287	gettext("%s: audit_control \"flags:\" spec invalid\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	/* naflags is not required */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292	_rewindac(ach);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	if ((rc = _getacna(ach, buf, TRADITIONAL_MAX)) < -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295	gettext(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	"%s: audit_control \"naflags:\" spec invalid\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	state = 0; /* is_not_ok */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	_endac(ach);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301	return (state);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	* The operations that call this function are only valid in the global
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	* zone unless the perzone audit policy is set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308	* "!silent" and "show_err" are slightly different; silent is from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309	* -T for which no error messages should be displayed and show_err
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310	* applies to more options (including -T)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	314	static boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	is_valid_zone(boolean_t show_err)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317	long policy;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319	if (auditon(A_GETPOLICY, (char *)&policy, 0) == -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320	if (!silent)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321	(void) fprintf(stderr, gettext(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	322	"%s: Cannot read audit policy: %s\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	323	progname, strerror(errno));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	324	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	325	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	326	if (policy & AUDIT_PERZONE)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	327	return (1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	328
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	329	if (getzoneid() != GLOBAL_ZONEID) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	330	if (show_err)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	332	gettext("%s: Not valid in a local zone.\n"),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	333	progname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	334	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	335	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	336	return (1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	337	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	339
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	340	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	341	* if auditd isn't running, start it. Otherwise refresh.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	342	* First check to see if c2audit is loaded via the auditon()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343	* system call, then check SMF state.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	344	*/
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	345	static int
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	346	start_auditd()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	347	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348	int audit_state;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	349	char *state;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	350
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	351	if (auditon(A_GETCOND, (caddr_t)&audit_state,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	352	sizeof (audit_state)) != 0)
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	353	return (12);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	354
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	355	if ((state = smf_get_state(instance_name)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	356	display_smf_error();
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	357	return (13);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	358	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	359	if (strcmp(SCF_STATE_STRING_ONLINE, state) != 0) {
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	360	if (smf_enable_instance(instance_name, 0) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	display_smf_error();
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	362	free(state);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	363	return (14);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	364	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	365	} else {
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	366	if (smf_refresh_instance(instance_name) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	display_smf_error();
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	368	free(state);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	369	return (15);
707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	370	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	free(state);
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	373	return (0);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	375
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	376	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	display_smf_error()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379	int rc = scf_error();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	switch (rc) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	case SCF_ERROR_NOT_FOUND:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	(void) fprintf(stderr,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384	"SMF error: \"%s\" not found.\n",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	instance_name);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387	default:
2481 707ff18f9994 6370615 audit(1M) should call scf_strerror(3SCF) in display_smf_error() paulson parents: 394 diff changeset	388	(void) fprintf(stderr, "SMF error: %s\n", scf_strerror(rc));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	}

author	paulson
	Tue, 01 Aug 2006 15:39:54 -0700
changeset 2481	707ff18f9994
parent 394	619122fcc9cd
child 3100	50bae443cce5
permissions	-rw-r--r--