Mercurial > illumos > illumos-gate
changeset 11700:2329cb77b47a
PSARC/2002/665 auditd interface reclassification
6647954 implement the removal of audit_data(4) as noted in PSARC/2002/665
author | gww <gww@eng.sun.com> |
---|---|
date | Thu, 18 Feb 2010 22:15:23 -0800 |
parents | 7c68095b05ac |
children | 6f890435df16 |
files | usr/src/cmd/audit_warn/audit_warn.sh usr/src/cmd/auditd/auditd.c usr/src/lib/auditd_plugins/binfile/binfile.c usr/src/lib/libbsm/common/audit_plugin.c usr/src/lib/libbsm/common/audit_plugin.h usr/src/lib/libbsm/common/libbsm.h |
diffstat | 6 files changed, 56 insertions(+), 58 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/audit_warn/audit_warn.sh Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/cmd/audit_warn/audit_warn.sh Thu Feb 18 22:15:23 2010 -0800 @@ -20,9 +20,7 @@ # CDDL HEADER END # # -# ident "%Z%%M% %I% %E% SMI" -# -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -171,14 +169,22 @@ break ;; - "tmpfile" ) # Check tempfile arg - # The tempfile used by the audit daemon could not - # be opened even though it was unlinked. - # This error will cause the audit daemon to exit. + "tmpfile" ) # Check tmpfile arg + # The tmpfile used by the audit daemon (binfile) could + # not be opened even unlinked or symlinked. + # This error will cause the audit daemon to exit at + # start. If it occurs later the audit daemon will + # attempt to carry on. + if [ ! -n "$2" ] + then + $DEBUG_OUT "$0: Need error string arg with 'tmpfile'!" + exit 1 + else + ERROR=$2 + fi # Set message - MESSAGE="The audit daemon can not open audit_tmp.\ - This implies a serious problem. The audit daemon has exited!" + MESSAGE="The audit daemon is unable to update /var/run, error=$ERROR.\n This implies a serious problem." send_msg
--- a/usr/src/cmd/auditd/auditd.c Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/cmd/auditd/auditd.c Thu Feb 18 22:15:23 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -280,7 +280,7 @@ */ (void) umask(007); - if (__logpost("")) { /* Open the audit_data file. */ + if (__logpost("")) { /* Cannot unlink pointer to audit.log file. */ DPRINT((dbfp, "logpost failed\n")); auditd_exit(4); }
--- a/usr/src/lib/auditd_plugins/binfile/binfile.c Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/lib/auditd_plugins/binfile/binfile.c Thu Feb 18 22:15:23 2010 -0800 @@ -18,9 +18,8 @@ * * CDDL HEADER END */ - /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * write binary audit records directly to a file. @@ -68,7 +67,6 @@ #define AUDIT_DATE_SZ 14 #define AUDIT_FNAME_SZ 2 * AUDIT_DATE_SZ + 2 + MAXHOSTNAMELEN -#define AUDIT_BAK_SZ 50 /* size of name of audit_data back-up file */ /* per-directory status */ #define SOFT_SPACE 0 /* minfree or less space available */ @@ -269,7 +267,7 @@ acresult == 2 || acresult == -3) { /* * loop if the result is 0 (success), 2 (a warning - * that the audit_data file has been rewound), + * that the audit_control file has been rewound), * or -3 (a directory entry was found, but it * was badly formatted. */ @@ -1057,6 +1055,8 @@ DPRINT((dbfp, "binfile: closed\n")); + (void) __logpost(""); + if (binfile_is_open) { (void) pthread_mutex_destroy(&log_mutex); binfile_is_open = 0;
--- a/usr/src/lib/libbsm/common/audit_plugin.c Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/lib/libbsm/common/audit_plugin.c Thu Feb 18 22:15:23 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * private interfaces for auditd plugins and auditd. @@ -65,12 +65,8 @@ * the previous, the app_name hasn't changed. */ void -__audit_syslog( - const char *app_name, - int flags, - int facility, - int severity, - const char *message) +__audit_syslog(const char *app_name, int flags, int facility, int severity, + const char *message) { static pthread_once_t once_control = PTHREAD_ONCE_INIT; static int logopen = 0; @@ -216,43 +212,41 @@ } /* - * logpost - post the new audit log file name to audit_data. + * logpost - post the new audit log file name. * - * This is not re-entrant code; it is called from auditd.c when - * audit_binfile.so is not running and from binfile after auditd - * is done. + * Entry name = active audit.log file name + * NULL, if checking writability (auditd), + * changing audit log files, error, or exiting (binfile). + * + * Exit 0 = success + * 1 = system error -- errno + * audit_warn called with the specific error + * */ int __logpost(char *name) { - char buffer[MAXPATHLEN]; - char empty[] = ""; + int lerrno; - static int first = 1; - static char auditdata[] = AUDITDATAFILE; - static int audit_data_fd; /* file descriptor of audit_data */ + if (unlink(BINFILE_FILE) != 0 && + errno != ENOENT) { - if (first) { - first = 0; - /* - * Open the audit_data file. Use O_APPEND so that the contents - * are not destroyed if there is another auditd running. - */ - if ((audit_data_fd = open(auditdata, - O_RDWR | O_APPEND | O_CREAT, 0660)) < 0) { - __audit_dowarn("tmpfile", "", 0); - return (1); - } + lerrno = errno; + __audit_dowarn("tmpfile", strerror(errno), 0); + errno = lerrno; + return (1); } - if (name == NULL) - name = empty; + if (name == NULL || *name == '\0') { + /* audit_binfile not active, no file pointer */ + return (0); + } + if (symlink(name, BINFILE_FILE) != 0) { - (void) snprintf(buffer, sizeof (buffer), "%d:%s\n", - (int)getpid(), name); - - (void) ftruncate(audit_data_fd, (off_t)0); - (void) write(audit_data_fd, buffer, strlen(buffer)); - (void) fsync(audit_data_fd); + lerrno = errno; + __audit_dowarn("tmpfile", strerror(errno), 0); + errno = lerrno; + return (1); + } return (0); }
--- a/usr/src/lib/libbsm/common/audit_plugin.h Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/lib/libbsm/common/audit_plugin.h Thu Feb 18 22:15:23 2010 -0800 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * This is an unstable interface; changes may be made without @@ -30,14 +29,14 @@ #ifndef _AUDIT_PLUGIN_H #define _AUDIT_PLUGIN_H -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdio.h> #ifdef __cplusplus extern "C" { #endif +#define BINFILE_FILE "/var/run/.audit.log" + void __audit_syslog(const char *, int, int, int, const char *); void __audit_dowarn(char *, char *, int); void __audit_dowarn2(char *, char *, char *, char *, int);
--- a/usr/src/lib/libbsm/common/libbsm.h Thu Feb 18 20:13:39 2010 -0800 +++ b/usr/src/lib/libbsm/common/libbsm.h Thu Feb 18 22:15:23 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -264,7 +264,6 @@ /* system audit files for auditd */ #define AUDITCLASSFILE "/etc/security/audit_class" #define AUDITCONTROLFILE "/etc/security/audit_control" -#define AUDITDATAFILE "/etc/security/audit_data" #define AUDITEVENTFILE "/etc/security/audit_event" #define AUDITUSERFILE "/etc/security/audit_user"