xref: /freebsd/contrib/openbsm/bin/audit/audit.c (revision f4b37ed0f8b307b1f3f0f630ca725d68f1dff30d)
1 /*-
2  * Copyright (c) 2005-2009 Apple Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1.  Redistributions of source code must retain the above copyright
10  *     notice, this list of conditions and the following disclaimer.
11  * 2.  Redistributions in binary form must reproduce the above copyright
12  *     notice, this list of conditions and the following disclaimer in the
13  *     documentation and/or other materials provided with the distribution.
14  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
15  *     its contributors may be used to endorse or promote products derived
16  *     from this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#15 $
30  */
31 /*
32  * Program to trigger the audit daemon with a message that is either:
33  *    - Open a new audit log file
34  *    - Read the audit control file and take action on it
35  *    - Close the audit log file and exit
36  *
37  */
38 
39 #include <sys/types.h>
40 #include <config/config.h>
41 #ifdef HAVE_FULL_QUEUE_H
42 #include <sys/queue.h>
43 #else /* !HAVE_FULL_QUEUE_H */
44 #include <compat/queue.h>
45 #endif /* !HAVE_FULL_QUEUE_H */
46 #include <sys/uio.h>
47 
48 #include <bsm/libbsm.h>
49 
50 #include <errno.h>
51 #include <fcntl.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <unistd.h>
55 
56 
57 static int send_trigger(int);
58 
59 #ifdef USE_MACH_IPC
60 #include <mach/mach.h>
61 #include <servers/netname.h>
62 #include <mach/message.h>
63 #include <mach/port.h>
64 #include <mach/mach_error.h>
65 #include <mach/host_special_ports.h>
66 #include <servers/bootstrap.h>
67 
68 #include "auditd_control.h"
69 
70 /*
71  * XXX The following are temporary until these can be added to the kernel
72  * audit.h header.
73  */
74 #ifndef AUDIT_TRIGGER_INITIALIZE
75 #define	AUDIT_TRIGGER_INITIALIZE	7
76 #endif
77 #ifndef AUDIT_TRIGGER_EXPIRE_TRAILS
78 #define	AUDIT_TRIGGER_EXPIRE_TRAILS	8
79 #endif
80 
81 static int
82 send_trigger(int trigger)
83 {
84 	mach_port_t     serverPort;
85 	kern_return_t	error;
86 
87 	error = host_get_audit_control_port(mach_host_self(), &serverPort);
88 	if (error != KERN_SUCCESS) {
89 		if (geteuid() != 0) {
90 			errno = EPERM;
91 			perror("audit requires root privileges");
92 		} else
93 			mach_error("Cannot get auditd_control Mach port:",
94 			    error);
95 		return (-1);
96 	}
97 
98 	error = auditd_control(serverPort, trigger);
99 	if (error != KERN_SUCCESS) {
100 		mach_error("Error sending trigger: ", error);
101 		return (-1);
102 	}
103 
104 	return (0);
105 }
106 
107 #else /* ! USE_MACH_IPC */
108 
109 static int
110 send_trigger(int trigger)
111 {
112 	int error;
113 
114 	error = audit_send_trigger(&trigger);
115 	if (error != 0) {
116 		if (error == EPERM)
117 			perror("audit requires root privileges");
118 		else
119 			perror("Error sending trigger");
120 		return (-1);
121 	}
122 
123 	return (0);
124 }
125 #endif /* ! USE_MACH_IPC */
126 
127 static void
128 usage(void)
129 {
130 
131 	(void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n");
132 	exit(-1);
133 }
134 
135 /*
136  * Main routine to process command line options.
137  */
138 int
139 main(int argc, char **argv)
140 {
141 	int ch;
142 	unsigned int trigger = 0;
143 
144 	if (argc != 2)
145 		usage();
146 
147 	while ((ch = getopt(argc, argv, "einst")) != -1) {
148 		switch(ch) {
149 
150 		case 'e':
151 			trigger = AUDIT_TRIGGER_EXPIRE_TRAILS;
152 			break;
153 
154 		case 'i':
155 			trigger = AUDIT_TRIGGER_INITIALIZE;
156 			break;
157 
158 		case 'n':
159 			trigger = AUDIT_TRIGGER_ROTATE_USER;
160 			break;
161 
162 		case 's':
163 			trigger = AUDIT_TRIGGER_READ_FILE;
164 			break;
165 
166 		case 't':
167 			trigger = AUDIT_TRIGGER_CLOSE_AND_DIE;
168 			break;
169 
170 		case '?':
171 		default:
172 			usage();
173 			break;
174 		}
175 	}
176 	if (send_trigger(trigger) < 0)
177 		exit(-1);
178 
179 	printf("Trigger sent.\n");
180 	exit (0);
181 }
182