summaryrefslogtreecommitdiffstats
path: root/framework/src/audit/audisp/plugins/zos-remote
diff options
context:
space:
mode:
authorAshlee Young <ashlee@wildernessvoice.com>2016-01-20 01:10:01 +0000
committerAshlee Young <ashlee@wildernessvoice.com>2016-01-20 01:10:11 +0000
commit19d701ddf07d855128ded0cf2b573ce468e3bdd6 (patch)
tree0edcd3461ca903c76e431bb7c6348c42a0f12488 /framework/src/audit/audisp/plugins/zos-remote
parentfac6fbefbfad1cf837ddd88bc0d330559c8eb6f9 (diff)
Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls.
Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/audit/audisp/plugins/zos-remote')
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/Makefile.am52
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/audispd-zos-remote.conf14
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.c443
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.h48
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.c608
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.h312
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.c109
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.h58
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-plugin.c580
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.c144
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.h38
-rw-r--r--framework/src/audit/audisp/plugins/zos-remote/zos-remote.conf10
12 files changed, 0 insertions, 2416 deletions
diff --git a/framework/src/audit/audisp/plugins/zos-remote/Makefile.am b/framework/src/audit/audisp/plugins/zos-remote/Makefile.am
deleted file mode 100644
index ac83a74d..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/Makefile.am
+++ /dev/null
@@ -1,52 +0,0 @@
-# Makefile.am--
-# Copyright (C) 2007,2008 International Business Machines Corp.
-# Copyright (C) 2011, 2015 Red Hat., Durham, North Carolina.
-# All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Authors:
-# Klaus Heinrich Kiwi <klausk@br.ibm.com>
-#
-
-AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/auparse
-CONFIG_CLEAN_FILES = *.rej *.orig
-AUTOMAKE_OPTIONS = no-dependencies
-EXTRA_DIST = zos-remote.conf audispd-zos-remote.conf
-LIBS = -L${top_builddir}/auparse -lauparse
-LDADD = -lpthread -lldap -llber $(CAPNG_LDADD)
-dispatcher_confdir = $(sysconfdir)/audisp
-plugin_confdir=$(dispatcher_confdir)/plugins.d
-plugin_conf = zos-remote.conf
-dispatcher_conf = audispd-zos-remote.conf
-sbin_PROGRAMS = audispd-zos-remote
-
-noinst_HEADERS = zos-remote-log.h zos-remote-ldap.h zos-remote-config.h \
- zos-remote-queue.h
-audispd_zos_remote_SOURCES = zos-remote-plugin.c zos-remote-log.c \
- zos-remote-ldap.c zos-remote-config.c zos-remote-queue.c
-audispd_zos_remote_CFLAGS = -W -Wall -Wundef -D_GNU_SOURCE -fPIE -DPIE
-audispd_zos_remote_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
-
-install-data-hook:
- mkdir -p -m 0750 ${DESTDIR}${plugin_confdir}
- $(INSTALL_DATA) -D -m 640 ${srcdir}/$(plugin_conf) \
- ${DESTDIR}${dispatcher_confdir}
- $(INSTALL_DATA) -D -m 640 ${srcdir}/$(dispatcher_conf) \
- ${DESTDIR}${plugin_confdir}
-
-uninstall-hook:
- rm ${DESTDIR}${plugin_confdir}/$(dispatcher_conf)
- rm ${DESTDIR}${dispatcher_confdir}/$(plugin_conf)
diff --git a/framework/src/audit/audisp/plugins/zos-remote/audispd-zos-remote.conf b/framework/src/audit/audisp/plugins/zos-remote/audispd-zos-remote.conf
deleted file mode 100644
index 13aef2ce..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/audispd-zos-remote.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# This is the configuration for the audispd-zos-remote
-# audit dispatcher plugin - See audispd(8)
-#
-# Note that this specific plugin has a configuration file of
-# its own. The complete path for this file must be entered as
-# the argument for the plugin in the 'args' field below
-# See audispd-zos-remote(8)
-
-active = no
-direction = out
-path = /sbin/audispd-zos-remote
-type = always
-args = /etc/audisp/zos-remote.conf
-format = string
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.c b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.c
deleted file mode 100644
index b92dc778..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- * based on code by Steve Grubb <sgrubb@redhat.com> *
- ***************************************************************************/
-
-#include "zos-remote-config.h"
-
-#include <string.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include "zos-remote-log.h"
-
-/* Local prototypes */
-struct nv_pair
-{
- const char *name;
- const char *value;
- const char *option;
-};
-
-struct kw_pair
-{
- const char *name;
- int (*parser) (struct nv_pair *, int, plugin_conf_t *);
- int max_options;
-};
-
-struct nv_list
-{
- const char *name;
- int option;
-};
-
-static char *get_line(FILE *, char *);
-static int nv_split(char *, struct nv_pair *);
-static const struct kw_pair *kw_lookup(const char *);
-static int server_parser(struct nv_pair *, int, plugin_conf_t *);
-static int port_parser(struct nv_pair *, int, plugin_conf_t *);
-static int timeout_parser(struct nv_pair *, int, plugin_conf_t *);
-static int user_parser(struct nv_pair *, int, plugin_conf_t *);
-static int password_parser(struct nv_pair *, int, plugin_conf_t *);
-static int q_depth_parser(struct nv_pair *, int, plugin_conf_t *);
-static int sanity_check(plugin_conf_t *);
-
-static const struct kw_pair keywords[] = {
- {"server", server_parser, 0},
- {"port", port_parser, 0},
- {"timeout", timeout_parser, 0},
- {"user", user_parser, 0},
- {"password", password_parser, 0},
- {"q_depth", q_depth_parser, 0},
- {NULL, NULL, 0}
-};
-
-#define UNUSED(x) (void)(x)
-
-/*
- * Set everything to its default value
-*/
-void plugin_clear_config(plugin_conf_t * c)
-{
- c->server = NULL;
- c->port = 0;
- c->user = NULL;
- c->password = NULL;
- c->timeout = 15;
- c->q_depth = 64;
- /* not re-setting counter */
-}
-
-int plugin_load_config(plugin_conf_t * c, const char *file)
-{
- int fd, rc, mode, lineno = 1;
- struct stat st;
- FILE *f;
- char buf[128];
-
- plugin_clear_config(c);
-
- /* open the file */
- mode = O_RDONLY;
- rc = open(file, mode);
- if (rc < 0) {
- if (errno != ENOENT) {
- log_err("Error opening %s (%s)", file,
- strerror(errno));
- return 1;
- }
- log_warn("Config file %s doesn't exist, skipping", file);
- return 1;
- }
- fd = rc;
-
- /* check the file's permissions: owned by root, not world anything,
- * not symlink.
- */
- if (fstat(fd, &st) < 0) {
- log_err("Error fstat'ing config file (%s)",
- strerror(errno));
- close(fd);
- return 1;
- }
- if (st.st_uid != 0) {
- log_err("Error - %s isn't owned by root", file);
- close(fd);
- return 1;
- }
- if ((st.st_mode & (S_IRUSR | S_IWUSR | S_IRGRP)) !=
- (S_IRUSR | S_IWUSR | S_IRGRP)) {
- log_err("%s permissions should be 0640", file);
- close(fd);
- return 1;
- }
- if (!S_ISREG(st.st_mode)) {
- log_err("Error - %s is not a regular file", file);
- close(fd);
- return 1;
- }
-
- /* it's ok, read line by line */
- f = fdopen(fd, "r");
- if (f == NULL) {
- log_err("Error - fdopen failed (%s)", strerror(errno));
- close(fd);
- return 1;
- }
-
- while (get_line(f, buf)) {
- /* convert line into name-value pair */
- const struct kw_pair *kw;
- struct nv_pair nv;
-
- rc = nv_split(buf, &nv);
- switch (rc) {
- case 0: /* fine */
- break;
- case 1: /* not the right number of tokens. */
- log_err("Wrong number of arguments for line %d in %s", lineno, file);
- break;
- case 2: /* no '=' sign */
- log_err("Missing equal sign for line %d in %s",
- lineno, file);
- break;
- default: /* something else went wrong... */
- log_err("Unknown error for line %d in %s",
- lineno, file);
- break;
- }
- if (nv.name == NULL) {
- lineno++;
- continue;
- }
- if (nv.value == NULL) {
- fclose(f);
- return 1;
- }
-
- /* identify keyword or error */
- kw = kw_lookup(nv.name);
- if (kw->name == NULL) {
- log_err("Unknown keyword \"%s\" in line %d of %s",
- nv.name, lineno, file);
- fclose(f);
- return 1;
- }
-
- /* Check number of options */
- if (kw->max_options == 0 && nv.option != NULL) {
- log_err("Keyword \"%s\" has invalid option "
- "\"%s\" in line %d of %s",
- nv.name, nv.option, lineno, file);
- fclose(f);
- return 1;
- }
-
- /* dispatch to keyword's local parser */
- rc = kw->parser(&nv, lineno, c);
- if (rc != 0) {
- fclose(f);
- return 1; /* local parser puts message out */
- }
-
- lineno++;
- }
-
- fclose(f);
- c->name = strdup(basename(file));
- if (lineno > 1)
- return sanity_check(c);
- return 0;
-}
-
-static char *get_line(FILE * f, char *buf)
-{
- if (fgets_unlocked(buf, 128, f)) {
- /* remove newline */
- char *ptr = strchr(buf, 0x0a);
-
- if (ptr)
- *ptr = 0;
- return buf;
- }
- return NULL;
-}
-
-static int nv_split(char *buf, struct nv_pair *nv)
-{
- /* Get the name part */
- char *ptr, *saved;
-
- nv->name = NULL;
- nv->value = NULL;
- nv->option = NULL;
- ptr = strtok_r(buf, " ", &saved);
- if (ptr == NULL)
- return 0; /* If there's nothing, go to next line */
- if (ptr[0] == '#')
- return 0; /* If there's a comment, go to next line */
- nv->name = ptr;
-
- /* Check for a '=' */
- ptr = strtok_r(NULL, " ", &saved);
- if (ptr == NULL)
- return 1;
- if (strcmp(ptr, "=") != 0)
- return 2;
-
- /* get the value */
- ptr = strtok_r(NULL, " ", &saved);
- if (ptr == NULL)
- return 1;
- nv->value = ptr;
-
- /* See if there's an option */
- ptr = strtok_r(NULL, " ", &saved);
- if (ptr) {
- nv->option = ptr;
-
- /* Make sure there's nothing else */
- ptr = strtok_r(NULL, " ", &saved);
- if (ptr)
- return 1;
- }
-
- /* Everything is OK */
- return 0;
-}
-
-static const struct kw_pair *kw_lookup(const char *val)
-{
- int i = 0;
-
- while (keywords[i].name != NULL) {
- if (strcasecmp(keywords[i].name, val) == 0)
- break;
- i++;
- }
- return &keywords[i];
-}
-
-
-static int server_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- UNUSED(line);
- if (nv->value == NULL)
- c->server = NULL;
- else
- c->server = strdup(nv->value);
-
- return 0;
-}
-
-static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- /* check that all chars are numbers */
- for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- log_err("Value %s should only be numbers - line %d", nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- log_err("Error converting string to a number (%s) - line %d", strerror(errno), line);
- return 1;
- }
-
- c->port = i;
- return 0;
-
-}
-
-static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- /* check that all chars are numbers */
- for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- log_err("Value %s should only be numbers - line %d", nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- log_err("Error converting string to a number (%s) - line %d", strerror(errno), line);
- return 1;
- }
-
- c->timeout = i;
- return 0;
-
-}
-
-
-static int user_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- UNUSED(line);
- if (nv->value == NULL)
- c->user = NULL;
- else
- c->user = strdup(nv->value);
-
- return 0;
-}
-
-static int password_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- UNUSED(line);
- if (nv->value == NULL)
- c->password = NULL;
- else
- c->password = strdup(nv->value);
-
- return 0;
-}
-
-static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- /* check that all chars are numbers */
- for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- log_err("Value %s should only be numbers - line %d", nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- log_err("Error converting string to a number (%s) - line %d", strerror(errno), line);
- return 1;
- }
-
- if (i < 16 || i > 99999) {
- log_err("q_depth must be between 16 and 99999");
- return 1;
- }
-
- c->q_depth = i;
- return 0;
-
-}
-
-
-/*
- * Check configuration.At this point, all fields have been read.
- * Returns 0 if no problems and 1 if problems detected.
- */
-static int sanity_check(plugin_conf_t * c)
-{
- /* Error checking */
- if (!c->server) {
- log_err("Error - no server hostname given");
- return 1;
- }
-
- if (!c->user) {
- log_err("Error - no bind user given");
- return 1;
- }
-
- if (!c->password) {
- log_err("Error - no password given");
- return 1;
- }
-
- if (!c->timeout) {
- log_err("Error - timeout can't be zero");
- return 1;
- }
- return 0;
-}
-
-void plugin_free_config(plugin_conf_t * c)
-{
-
- if (c == NULL)
- return;
-
- free((void *) c->server);
- free((void *) c->user);
- free((void *) c->password);
- free((void *) c->name);
-}
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.h b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.h
deleted file mode 100644
index 82bf365f..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-config.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- * based on code by Steve Grubb <sgrubb@redhat.com> *
- ***************************************************************************/
-
-#ifndef _ZOS_REMOTE_CONFIG_H
-#define _ZOS_REMOTE_CONFIG_H
-
-
-/***************************************************************************
- * z/OS Remote-services Plugin configuration *
- ***************************************************************************/
-typedef struct plugin_conf
-{
- char *name;
- char *server;
- unsigned int port;
- char *user;
- char *password;
- long timeout;
- unsigned int q_depth;
- unsigned int counter;
-} plugin_conf_t;
-
-void plugin_clear_config(plugin_conf_t *);
-int plugin_load_config(plugin_conf_t *, const char *);
-void plugin_free_config(plugin_conf_t *);
-
-#endif /* _ZOS_REMOTE_CONFIG_H */
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.c b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.c
deleted file mode 100644
index 209743f3..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- ***************************************************************************/
-
-#include "zos-remote-ldap.h"
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "zos-remote-log.h"
-
-/***************************************************************************
- * Audit response struct *
- ***************************************************************************/
-typedef struct audit_resp_item
-{
- ber_int_t version; /* Version of Response data itself */
- ber_int_t itemTag; /* Copy of itemTag from Operation */
- ber_int_t majorCode; /* Majorcode. Main return code of this Outcome */
- ber_int_t minorCode1; /* minorCode1. SAFRc or other Rc */
- ber_int_t minorCode2; /* minorCode2. RacfRc or other Rc */
- ber_int_t minorCode3; /* minorCode3. RacfRsn or other Rc */
-} audit_resp_item_t;
-
-typedef struct audit_response
-{
- ber_int_t respVersion; /* Overall version */
- ber_int_t respMajor; /* Overall major code */
- unsigned int numItems; /* Number of response items */
- audit_resp_item_t **itemList; /* response ItemList */
-} audit_response_t;
-
-
-/***************************************************************************
- * z/OS Remote-services Major return code handling *
- ***************************************************************************/
-struct zos_remote_error
-{
- int code;
- char *str;
-};
-
-static struct zos_remote_error zos_remote_errlist[] = {
- {ZOS_REMOTE_MAJOR_SUCCESS, "Success"},
- {ZOS_REMOTE_MAJOR_WARNINGMODE, "WARNINGMODE - Event was logged, with warnings"},
- {ZOS_REMOTE_MAJOR_NOTREQ, "NOTREQ - No logging required"},
- {ZOS_REMOTE_MAJOR_UNDETERMINED, "UNDETERMINED - Undetermined result"},
- {ZOS_REMOTE_MAJOR_UNAUTHORIZED, "UNAUTHORIZED - The user does not have authority the R_auditx service"},
- {ZOS_REMOTE_MAJOR_RACROUTE, "RACROUTE - The R_auditx service returned an unexpected error"},
- {ZOS_REMOTE_MAJOR_VAL_ERR, "VAL_ERR - Value error in request"},
- {ZOS_REMOTE_MAJOR_ENC_ERR, "ENC_ERR - DER decoding error in request"},
- {ZOS_REMOTE_MAJOR_UNSUF_AUTH, "UNSUF_AUTH - The user has unsuficient authority for the requested function"},
- {ZOS_REMOTE_MAJOR_EMPTY, "EMPTY - Empty request received - No items found within the ItemList"},
- {ZOS_REMOTE_MAJOR_INVALID_VER, "INVALID_VER - Invalid RequestVersion"},
- {ZOS_REMOTE_MAJOR_INTERNAL_ERR, "INTERNAL_ERR - An internal error was encountered within the ICTX component"},
- {-1, NULL}
-};
-
-/***************************************************************************
- * Internal functions prototypes *
- ***************************************************************************/
-static int _zos_remote_init(ZOS_REMOTE *);
-static void _zos_remote_destroy(ZOS_REMOTE *);
-static int zos_remote_connect(ZOS_REMOTE *);
-static void zos_remote_disconnect(ZOS_REMOTE *);
-static int submit_xop_s(ZOS_REMOTE *, struct berval *);
-static int decode_response(audit_response_t *, struct berval *);
-
-/***************************************************************************
- * Exported functions *
- ***************************************************************************/
-int submit_request_s(ZOS_REMOTE *zos_remote, BerElement *ber)
-{
- int rc, retry = 1; /* retry once and give up */
- struct berval bv;
-
- rc = ber_flatten2(ber, &bv, 0); /* 0 = Use ber's buffer */
- if (rc == -1) {
- log_err("Error flattening BER element");
- return ICTX_E_ABORT;
- }
-
-retry:
- rc = submit_xop_s(zos_remote, &bv);
- switch (rc) {
- case ICTX_SUCCESS:
- break;
- case ICTX_E_TRYAGAIN:
- /*
- * Usually means that the server connection timed-out
- * So we flush the LDAP connection by unsetting the
- * 'connected' flag and trying again.
- */
- if (retry > 0) {
- log_debug("Connection seems down - retrying");
- retry--;
- _zos_remote_destroy(zos_remote);
- rc = _zos_remote_init(zos_remote);
- if (rc != ICTX_SUCCESS)
- log_err("Error - failed to re-initialize LDAP session");
- else
- goto retry; /* go to submit_xop_s once more */
- }
- log_err("Can't establish connection");
- break;
- case ICTX_E_ABORT:
- break;
- default:
- log_err("Event resulted failure, code: 0x%x", rc);
- }
-
- return rc;
-}
-
-int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port,
- const char *user, const char *password, int timeout)
-{
- zos_remote->server = strdup(server);
- zos_remote->port = port;
- zos_remote->user = strdup(user);
- zos_remote->password = strdup(password);
- zos_remote->timeout = timeout;
- zos_remote->connected = 0;
-
- if (!zos_remote->server || !zos_remote->user || !zos_remote->password) {
- log_err("Error allocating memory for session members");
- return ICTX_E_FATAL;
- }
-
- return _zos_remote_init(zos_remote);
-}
-
-void zos_remote_destroy(ZOS_REMOTE *zos_remote)
-{
- _zos_remote_destroy(zos_remote);
-
- free(zos_remote->server);
- free(zos_remote->user);
- free(zos_remote->password);
-}
-
-char *zos_remote_err2string(int err)
-{
- int i;
-
- for (i = 0; zos_remote_errlist[i].str != NULL; i++) {
- if (err == zos_remote_errlist[i].code)
- return zos_remote_errlist[i].str;
- }
- return "Unknown error";
-}
-
-/***************************************************************************
- * Internal Functions *
- ***************************************************************************/
-static int _zos_remote_init(ZOS_REMOTE *zos_remote)
-{
- int version, rc;
- char *uri = NULL;
-
-#ifdef LDAP_DEPRECATED
-
- log_debug("Initializing z/OS Remote-services LDAP connection at ldap://%s:%d",
- zos_remote->server, zos_remote->port);
- zos_remote->ld = ldap_init(zos_remote->server
- zos_remote->port ? zos_remote->port : LDAP_PORT);
- if (zos_remote->ld == NULL) {
- log_err("Error initializing LDAP session: %s",
- strerror(errno));
- rc = ICTX_E_FATAL;
- goto end;
- }
-#else
- /* build ldap URI */
- if (zos_remote->port == 0 || zos_remote->port == LDAP_PORT)
- rc = asprintf(&uri, "ldap://%s", zos_remote->server);
- else
- rc = asprintf(&uri, "ldap://%s:%d", zos_remote->server,
- zos_remote->port);
-
- if (rc == -1) {
- log_err("Out of memory building LDAP server URI");
- rc = ICTX_E_FATAL;
- uri = NULL;
- goto end;
- }
-
- log_debug("Initializing z/OS Remote-services LDAP connection at %s", uri);
- /* Get a handle to an LDAP connection */
- rc = ldap_initialize(&zos_remote->ld, uri);
- if (rc != LDAP_SUCCESS) {
- log_err("Error initializing LDAP session: %s",
- ldap_err2string(rc));
- rc = ICTX_E_FATAL;
- goto free_uri;
- }
-#endif
-
- /*
- * Ensure the LDAP protocol version supported by the client
- * to 3. (Extended operations are part of version 3).
- */
- rc = ldap_get_option(zos_remote->ld, LDAP_OPT_PROTOCOL_VERSION,
- &version);
- if (rc != LDAP_OPT_SUCCESS) {
- log_err("Error getting LDAP session options");
- rc = ICTX_E_FATAL;
- goto unbind;
- }
-
- if (version < LDAP_VERSION3) {
- log_debug("Setting LDAP session version to %d",
- LDAP_VERSION3);
- version = LDAP_VERSION3;
- rc = ldap_set_option(zos_remote->ld, LDAP_OPT_PROTOCOL_VERSION,
- &version);
- if (rc != LDAP_OPT_SUCCESS) {
- log_err("Error setting LDAP session version");
- rc = ICTX_E_FATAL;
- goto unbind;
- }
- }
-
- goto free_uri;
-
-unbind:
- ldap_unbind_ext_s(zos_remote->ld, NULL, NULL);
- zos_remote->ld = NULL;
-
-free_uri:
- free(uri);
-
-end:
- return rc;
-}
-
-static void _zos_remote_destroy(ZOS_REMOTE *zos_remote)
-{
- zos_remote_disconnect(zos_remote);
- zos_remote->ld = NULL;
-}
-
-static int zos_remote_connect(ZOS_REMOTE *zos_remote)
-{
- struct berval cred;
- int rc;
- char bindusr[255];
-
- snprintf(bindusr, 255, "racfid=%s,cn=ictx", zos_remote->user);
-
- log_debug("Attempting BIND. User '%s', password '<not shown>'",
- bindusr);
-
- cred.bv_val = (char *) zos_remote->password;
- cred.bv_len = strlen(zos_remote->password);
-
- rc = ldap_sasl_bind_s(zos_remote->ld, bindusr,
- LDAP_SASL_SIMPLE, &cred,
- NULL, NULL, NULL);
-
-
- switch (rc) {
- case LDAP_SUCCESS:
- log_debug("LDAP BIND succeeded");
- zos_remote->connected = 1;
- rc = ICTX_SUCCESS;
- break;
- case LDAP_SERVER_DOWN:
- case LDAP_BUSY:
- case LDAP_UNAVAILABLE:
- case LDAP_TIMEOUT:
- case LDAP_CONNECT_ERROR:
- log_warn("z/OS Remote-services connection failed: %s",
- ldap_err2string(rc));
- rc = ICTX_E_TRYAGAIN;
- break;
- default:
- log_err("Error - z/OS Remote-services initialization failed: %s",
- ldap_err2string(rc));
- rc = ICTX_E_FATAL;
- }
-
- return rc;
-}
-
-
-static void zos_remote_disconnect(ZOS_REMOTE *zos_remote)
-{
- if (zos_remote->ld) {
- log_debug("Unbinding LDAP session");
-
-#ifdef LDAP_DEPRECATED
- ldap_unbind(zos_remote->ld);
-#else
- ldap_unbind_ext_s(zos_remote->ld, NULL, NULL);
-#endif
- }
- zos_remote->connected = 0;
-
-}
-
-/*
- * Sync-submit extended operation given in *bv
- * return ICTX_SUCCESS if submission (and response)
- * succeeded.
- * Log errors using log_err() functions
- */
-int submit_xop_s(ZOS_REMOTE *zos_remote, struct berval *bv)
-{
- LDAPMessage *result;
- audit_response_t response;
- int rc, errcode, msgId;
- unsigned int i;
- char *errmsg, *oid;
- struct berval *bv_response;
- struct timeval t;
-
- if (zos_remote->connected == 0) {
- rc = zos_remote_connect(zos_remote);
- if (rc != ICTX_SUCCESS)
- return rc;
- }
-
- /* call LDAP - won't block */
- rc = ldap_extended_operation(zos_remote->ld, ICTX_OIDAUDITREQUEST,
- bv, NULL, NULL, &msgId);
- if (rc == LDAP_SERVER_DOWN) {
- zos_remote->connected = 0;
- return ICTX_E_TRYAGAIN;
- } else if (rc != LDAP_SUCCESS) {
- log_err("LDAP extended operation submission failure: %s",
- ldap_err2string(rc));
- return ICTX_E_ABORT;
- } else {
- log_debug("Sent LDAP extended operation request, msgId=0x%x",
- msgId);
- }
-
- /* call blocking ldap_result with specified timeout */
- t.tv_sec = zos_remote->timeout;
- t.tv_usec = 0;
- rc = ldap_result(zos_remote->ld, msgId, 1, &t, &result);
-
- if (rc == -1) {
- /* error in ldap operation */
- ldap_get_option(zos_remote->ld, LDAP_OPT_ERROR_NUMBER, &errcode);
- switch (errcode) {
- case LDAP_SERVER_DOWN:
- /* Connection may have timed out, let's retry */
- zos_remote->connected = 0;
- rc = ICTX_E_TRYAGAIN;
- break;
- default:
- log_err("ldap_result unexpected failure: %s (0x%x)",
- ldap_err2string(rc), rc);
- rc = ICTX_E_ABORT;
- }
- goto end;
- } else if (rc == 0) {
- /* timeout reached */
- log_warn("LDAP extended operation timed out");
- rc = ICTX_E_ABORT;
- goto end;
- } else if (rc != LDAP_RES_EXTENDED) {
- /* not an extended operation response! */
- log_err("LDAP extended operation resulted in unexpected answer: 0x%x", rc);
- rc = ICTX_E_ABORT;
- goto free_result;
- }
-
- log_debug("Got LDAP Extended result");
- /*
- * we have an extended operation result
- * first parse_result will check for errcode, later
- * parse_extended_result will give us the oid and the BER value
- */
- rc = ldap_parse_result(zos_remote->ld, result, &errcode, NULL,
- &errmsg, NULL, NULL, 0);
- if (rc != LDAP_SUCCESS) {
- log_err("LDAP parse result internal failure (code 0x%x)",
- rc);
- rc = ICTX_E_ABORT;
- goto free_result;
- }
-
- if (errcode != LDAP_SUCCESS) {
- log_err("LDAP extended operation failed: %s", errmsg);
- rc = ICTX_E_ABORT;
- goto free_errmsg;
- }
-
- rc = ldap_parse_extended_result(zos_remote->ld, result, &oid,
- &bv_response, 0);
- if (rc != LDAP_SUCCESS) {
- log_err("Failed to parse ldap extended result (code 0x%x)",
- rc);
- rc = ICTX_E_ABORT;
- goto free_errmsg;
- }
-
- if (oid && strcmp(oid, ICTX_OIDAUDITRESPONSE) != 0) {
- /* oid == null shouldn't be a problem to log_err */
- log_err("LDAP extended operation returned an invalid oid: %s", oid);
- rc = ICTX_E_ABORT;
- goto free_bv;
- }
-
- rc = decode_response(&response, bv_response);
- if (rc != ICTX_SUCCESS) {
- log_err("Error decoding extended operation response");
- goto free_bv;
- }
-
- if (response.respMajor == ZOS_REMOTE_MAJOR_SUCCESS) {
- /* submission was successful, no further processing needed */
- log_debug("Successfully submited Remote audit Request");
- rc = ICTX_SUCCESS;
- goto free_response;
- } else if (response.respMajor == ZOS_REMOTE_MAJOR_EMPTY) {
- /* something is going on. Set error and stop processing */
- log_warn("Warning - LDAP extended operation returned empty result");
- rc = ICTX_E_ABORT;
- goto free_response;
- } else if (response.respMajor == ZOS_REMOTE_MAJOR_WARNINGMODE ||
- response.respMajor == ZOS_REMOTE_MAJOR_NOTREQ)
- rc = ICTX_SUCCESS; /* don't fail, but continue processing */
- else
- rc = ICTX_E_ABORT; /* set return code and continue processing */
-
- /* If it's not success nor empty, let's check for errors in the response */
- for (i = 0; i < response.numItems; i++) {
- switch ((response.itemList[i])->majorCode) {
- /* 0 <= Major Code <= 14 */
- case ZOS_REMOTE_MAJOR_SUCCESS:
- break;
- case ZOS_REMOTE_MAJOR_WARNINGMODE:
- case ZOS_REMOTE_MAJOR_NOTREQ:
- log_debug("Warning - LDAP extended operation returned '%s' for item %d",
- zos_remote_err2string((response.itemList[i])->majorCode),
- (response.itemList[i])->itemTag);
- log_debug("SAF code: 0x%x, RACF code: 0x%x, RACF reason: 0x%x",
- (response.itemList[i])->minorCode1,
- (response.itemList[i])->minorCode2,
- (response.itemList[i])->minorCode3);
- break;
- case ZOS_REMOTE_MAJOR_UNDETERMINED:
- case ZOS_REMOTE_MAJOR_UNAUTHORIZED:
- case ZOS_REMOTE_MAJOR_RACROUTE:
- log_err("Error - LDAP extended operation returned '%s' for item %d",
- zos_remote_err2string((response.itemList[i])->majorCode),
- (response.itemList[i])->itemTag);
- log_err("SAF code: 0x%x, RACF code: 0x%x, RACF reason: 0x%x",
- (response.itemList[i])->minorCode1,
- (response.itemList[i])->minorCode2,
- (response.itemList[i])->minorCode3);
- break;
- /* 16 <= Major Code <= 20 */
- case ZOS_REMOTE_MAJOR_VAL_ERR:
- case ZOS_REMOTE_MAJOR_ENC_ERR:
- log_err("Error - LDAP extended operation returned '%s' for item %d",
- zos_remote_err2string((response.itemList[i])->majorCode),
- (response.itemList[i])->itemTag);
- log_err("Item field: %d, reson %d",
- (response.itemList[i])->
- minorCode1,
- (response.itemList[i])->minorCode2);
- break;
- /* 24 <= Major code <= 100 */
- case ZOS_REMOTE_MAJOR_UNSUF_AUTH:
- case ZOS_REMOTE_MAJOR_EMPTY:
- case ZOS_REMOTE_MAJOR_INVALID_VER:
- case ZOS_REMOTE_MAJOR_INTERNAL_ERR:
- log_err("Error - LDAP extended operation returned '%s' for item %d",
- zos_remote_err2string((response.itemList[i])->majorCode),
- (response.itemList[i])->itemTag);
- break;
- default:
- log_err("Error - LDAP extended operation returned an unknown Major code for item %d",
- (response.itemList[i])->majorCode);
- }
- }
-
-free_response:
- for (; response.numItems > 0; response.numItems--)
- free(response.itemList[response.numItems - 1]);
- free(response.itemList);
-
-free_bv:
- if (bv_response)
- ber_bvfree(bv_response);
- if (oid)
- ldap_memfree(oid);
-
-free_errmsg:
- ldap_memfree(errmsg);
-
-free_result:
- ldap_msgfree(result);
-
-end:
- return rc;
-}
-
-static int decode_response(audit_response_t * r, struct berval *bv)
-{
- BerElement *ber;
- ber_len_t len;
- int rc;
-
- if (!bv) {
- log_err("LDAP extended operation returned NULL message");
- return ICTX_E_ABORT;
- } else if ((ber = ber_init(bv)) == NULL) {
- log_err("Error initializing BER response data");
- return ICTX_E_ABORT;
- }
-
- log_debug("---Got an encoded request response:");
- debug_bv(bv);
-
- r->respVersion = 0;
- r->respMajor = 0;
- r->numItems = 0;
- r->itemList = NULL;
-
- rc = ber_scanf(ber, "{ii", &r->respVersion, &r->respMajor);
- if (r->respVersion != ICTX_REQUESTVER) {
- log_err("Invalid version returned by z/OS Remote-services server");
- log_err("Should be %d, got %d", ICTX_REQUESTVER,
- r->respVersion);
- rc = ICTX_E_ABORT;
- goto free_ber;
- }
-
- if (r->respMajor == ZOS_REMOTE_MAJOR_SUCCESS ||
- r->respMajor == ZOS_REMOTE_MAJOR_EMPTY) {
- rc = ICTX_SUCCESS;
- /* No further processing required */
- goto free_ber;
- }
-
- /* Inspect ber response otherwise */
- while (ber_peek_tag(ber, &len) == LBER_SEQUENCE) {
- r->numItems++;
- r->itemList = (audit_resp_item_t **) realloc(r->itemList,
- r->numItems *
- sizeof
- (audit_resp_item_t
- *));
- if (errno == ENOMEM) {
- if (r->itemList)
- free(r->itemList);
- rc = ICTX_E_FATAL;
- goto free_ber;
- }
-
- audit_resp_item_t *item = (audit_resp_item_t *)
- malloc(sizeof(audit_resp_item_t));
-
- if (!item) {
- rc = ICTX_E_FATAL;
- goto free_ber;
- }
-
- rc |= ber_scanf(ber, "{{iiiiii}}",
- &item->version,
- &item->itemTag,
- &item->majorCode,
- &item->minorCode1, &item->minorCode2,
- &item->minorCode3);
- r->itemList[r->numItems - 1] = item;
- }
- rc |= ber_scanf(ber, "}");
-
- if (rc == -1) {
- for (; r->numItems > 0; r->numItems--)
- free(r->itemList[r->numItems - 1]);
- free(r->itemList);
- rc = ICTX_E_ABORT;
- }
- else
- rc = ICTX_SUCCESS;
-
-free_ber:
- ber_free(ber, 1);
-
- return rc;
-}
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.h b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.h
deleted file mode 100644
index 5767b96e..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-ldap.h
+++ /dev/null
@@ -1,312 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- ***************************************************************************/
-
-#ifndef _ZOS_REMOTE_LDAP_H
-#define _ZOS_REMOTE_LDAP_H
-
-#include <lber.h>
-#include <ldap.h>
-
-
-/***************************************************************************
- * LDAP Extended Op OID for ICTX Audit *
- ***************************************************************************/
-/* ICTX EIM component AUDIT Request OID */
-#define ICTX_OIDAUDITREQUEST "1.3.18.0.2.12.68"
-
-/* The AUDIT Response OID */
-#define ICTX_OIDAUDITRESPONSE "1.3.18.0.2.12.69"
-
-/* This implementation version
- Request and response must match this */
-#define ICTX_REQUESTVER 0x1
-
-/* Needed for BER-encoding */
-#define ASN1_IA5STRING_TAG 0x16
-
-/***************************************************************************
- * the ASN.1 struct for the remote audit request and response: *
- * *
- * RequestValue ::= SEQUENCE { *
- * RequestVersion INTEGER, *
- * ItemList SEQUENCE OF *
- * Item SEQUENCE { *
- * ItemVersion INTEGER, *
- * ItemTag INTEGER, *
- * LinkValue OCTET STRING SIZE(8), *
- * Violation BOOLEAN, *
- * Event INTEGER, *
- * Qualifier INTEGER, *
- * Class IA5String, *
- * Resource IA5String, *
- * LogString IA5String, *
- * DatafieldList SEQUENCE OF *
- * DataField SEQUENCE { *
- * TYPE INTEGER, *
- * VALUE IA5STRING *
- * } *
- * } *
- * } *
- * *
- * Response ::= SEQUENCE { *
- * Version INTEGER, *
- * ResponseCode INTEGER, *
- * ItemList SEQUENCE OF *
- * Item SEQUENCE { *
- * ItemVersion INTEGER, *
- * ItemTag INTEGER, *
- * MajorCode INTEGER, *
- * MinorCode1 INTEGER, *
- * MinorCode2 INTEGER, *
- * MinorCode3 INTEGER *
- * } *
- * } *
- ***************************************************************************/
-
-/***************************************************************************
- * z/OS Remote-services Audit Minor return codes meaning
-
-Major Code Meaning
----------- ---------------------------------------------------------
-0-14 - MinorCode1 is the SAF return code
- - MinorCode2 is the RACF return code
- - MinorCode3 is the RACF reason code
-
-16-20 - MinorCode1 identifies the extended operation request
- parameter number (see audit request ASN.1 definition):
- 0 - Item
- 1 - ItemVersion
- 2 - ItemTag
- 3 - LinkValue
- 4 - Violation
- 5 - Event
- 6 - Qualifier
- 7 - Class
- 8 - Resource
- 9 - LogString
- 10 - DataFieldList
- 11 - DataField *
- 12 - TYPE *
- 13 - VALUE *
- - MinorCode2 indicates one of the Following:
- 32 - incorrect length
- 36 - incorrect value
- 40 - encoding error
- - MinorCode3 has no defined meaning
-
-24-100 - MinorCode1 has no defined meaning
- - MinorCode2 has no defined meaning
- - MinorCode3 has no defined meaning
-
-* There can be multiple DataField, TYPEs and VALUEs in a request. If any of them is bad
- you get the same 11, 12 or 13 MinorCode1. There is no further breakdown of which one
- is bad.
-
- ***************************************************************************/
-
-/***************************************************************************
- * Audit Request 'event' field meaning *
- ***************************************************************************/
-#define ZOS_REMOTE_EVENT_AUTHENTICATION 0x1
-#define ZOS_REMOTE_EVENT_AUTHORIZATION 0x2
-#define ZOS_REMOTE_EVENT_AUTHORIZATION_MAPPING 0x3
-#define ZOS_REMOTE_EVENT_KEY_MGMT 0x4
-#define ZOS_REMOTE_EVENT_POLICY_MGMT 0x5
-#define ZOS_REMOTE_EVENT_ADMIN_CONFIG 0x6
-#define ZOS_REMOTE_EVENT_ADMIN_ACTION 0x7
-
-/***************************************************************************
- * Audit Request 'qualifier' field meaning *
- ***************************************************************************/
-#define ZOS_REMOTE_QUALIF_SUCCESS 0x0
-#define ZOS_REMOTE_QUALIF_INFO 0x1
-#define ZOS_REMOTE_QUALIF_WARN 0x2
-#define ZOS_REMOTE_QUALIF_FAIL 0x3
-
-/***************************************************************************
- * Relocate types for Audit Request *
- ***************************************************************************/
-/* SAF identifier for bind user */
-#define ZOS_REMOTE_RELOC_SAF_BIND_USER 100
-
-/* Reguestor's bind user identifier */
-#define ZOS_REMOTE_RELOC_REQ_BIND_USER 101
-
-/* Originating security domain */
-#define ZOS_REMOTE_RELOC_ORIG_SECURITY 102
-
-/* Originating registry / realm */
-#define ZOS_REMOTE_RELOC_ORIG_REALM 103
-
-/* Originating user name */
-#define ZOS_REMOTE_RELOC_ORIG_USER 104
-
-/* Mapped security domain */
-#define ZOS_REMOTE_RELOC_MAPPED_SECURITY 105
-
-/* Mapped registry / realm */
-#define ZOS_REMOTE_RELOC_MAPPED_REALM 106
-
-/* Mapped user name */
-#define ZOS_REMOTE_RELOC_MAPPED_USER 107
-
-/* Operation performed */
-#define ZOS_REMOTE_RELOC_OPERATION 108
-
-/* Mechanism / object name */
-#define ZOS_REMOTE_RELOC_OBJECT 109
-
-/* Method / function used */
-#define ZOS_REMOTE_RELOC_FUNCTION 110
-
-/* Key / certificate name */
-#define ZOS_REMOTE_RELOC_CERTIFICATE 111
-
-/* Caller subject initiating security event */
-#define ZOS_REMOTE_RELOC_INITIATING_EVENT 112
-
-/* Date and time security event occurred */
-#define ZOS_REMOTE_RELOC_TIMESTAMP 113
-
-/* Application specific data. (i.e. Other) */
-#define ZOS_REMOTE_RELOC_OTHER 114
-
-/***************************************************************************
- * z/OS Remote-services Audit Major return codes *
- ***************************************************************************/
-#define ZOS_REMOTE_MAJOR_SUCCESS 0
-
-/* Event was logged, with warnings */
-#define ZOS_REMOTE_MAJOR_WARNINGMODE 2
-
-/* No logging required
- No audit controls are set to require it */
-#define ZOS_REMOTE_MAJOR_NOTREQ 3
-
-/* Class not active/ractlisted,
- covering profile not found or
- RACF is not installed */
-#define ZOS_REMOTE_MAJOR_UNDETERMINED 4
-
-/* The user does not have authority the R_auditx service.
- The userid associated with the LDAP server must have
- at least READ access to the FACILITY class profile IRR.RAUDITX. */
-#define ZOS_REMOTE_MAJOR_UNAUTHORIZED 8
-
-
-/* The R_auditx service returned an unexpected error.
- Compare the returned minor codes with the SAF RACF codes
- documented in Security Server Callable Services */
-#define ZOS_REMOTE_MAJOR_RACROUTE 12
-
-/* A value specified in the extended operation request is
- incorrect or unsupported. Check the returned minor codes
- to narrow the reason */
-#define ZOS_REMOTE_MAJOR_VAL_ERR 16
-
-/* A DER decoding error was encountered in an item.
- Processing Terminated. Partial results may be returned */
-#define ZOS_REMOTE_MAJOR_ENC_ERR 20
-
-/* The requestor does not have sufficient authority for the
- requested function. The userid associated with the LDAP bind
- user must have at least READ access to the FACILITY class
- profile IRR.LDAP.REMOTE.AUDIT. */
-#define ZOS_REMOTE_MAJOR_UNSUF_AUTH 24
-
-/* No items are found within the ItemList sequence of the extended
- operation request, so no response items are returned */
-#define ZOS_REMOTE_MAJOR_EMPTY 28
-
-/* Invalid RequestVersion */
-#define ZOS_REMOTE_MAJOR_INVALID_VER 61
-
-/* An internal error was encountered within the ICTX component */
-#define ZOS_REMOTE_MAJOR_INTERNAL_ERR 100
-
-/***************************************************************************
- * Some standard sizes for remote audit request items *
- ***************************************************************************/
-#define ZOS_REMOTE_LINK_VALUE_SIZE 8
-#define ZOS_REMOTE_CLASS_SIZE 8
-#define ZOS_REMOTE_RESOURCE_SIZE 240
-#define ZOS_REMOTE_LOGSTRING_SIZE 200
-
-
-/***************************************************************************
- * Some standard Error defines *
- ***************************************************************************/
-#define ICTX_SUCCESS 0x00
-
-/* maybe a temporary failure? */
-#define ICTX_E_TRYAGAIN 0x01
-
-/* permanent failure - abort event submission */
-#define ICTX_E_ABORT 0x02
-
-/* Fatal failure - abort program */
-#define ICTX_E_FATAL 0x03
-
-/* generic error */
-#define ICTX_E_ERROR 0x10
-
-/***************************************************************************
- * structure representing an z/OS Remote-services session *
- ***************************************************************************/
-typedef struct opaque
-{
- char *server;
- unsigned int port;
- char *user;
- char *password;
- unsigned int timeout;
- LDAP *ld;
- int connected;
-} ZOS_REMOTE;
-
-/***************************************************************************
- * LDAP XOP operations *
- ***************************************************************************/
-/*
- * Initializes z/OS Remote-services (LDAP to ITDS) connection,
- * binds to ITDS Server using configured RACF ID
- * Args are:
- * server, bind user, bind password, server port, timeout
- * Caller must call zos_remote_destroy() to free memory allocation
- */
-int zos_remote_init(ZOS_REMOTE *, const char *, int, const char *,
- const char *, int);
-
-/*
- * Uninitializes z/OS Remote-services (LDAP) connection
- */
-void zos_remote_destroy(ZOS_REMOTE *);
-
-/*
- * sync submit request - possibly reconnect to server
- * if the connection if found to be dead
- */
-int submit_request_s(ZOS_REMOTE *, BerElement *);
-
-
-#endif /* _ZOS_REMOTE_LDAP_H */
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.c b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.c
deleted file mode 100644
index a272078e..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- ***************************************************************************/
-#include "zos-remote-log.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "auparse.h"
-
-
-static void vlog_prio(int prio, const char *fmt, va_list ap)
-{
- char *str;
-
- if (asprintf(&str, "pid=%d: %s", mypid, fmt) != -1) {
- vsyslog(LOG_DAEMON | prio, str, ap);
- free(str);
- }
-}
-
-void log_err(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vlog_prio(LOG_ERR, fmt, ap);
- va_end(ap);
-}
-
-void log_warn(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vlog_prio(LOG_WARNING, fmt, ap);
- va_end(ap);
-}
-
-void log_info(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vlog_prio(LOG_INFO, fmt, ap);
- va_end(ap);
-}
-
-void _log_debug(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vlog_prio(LOG_INFO, fmt, ap);
- va_end(ap);
-}
-
-void _debug_ber(BerElement * ber)
-{
- struct berval bv;
-
- if (ber_flatten2(ber, &bv, 0) != -1) {
- debug_bv(&bv);
- }
-}
-
-void _debug_bv(struct berval *bv)
-{
- char *out;
- char octet[4];
- ber_len_t i;
-
- log_debug("---BER value HEX dump (size %u bytes)",
- (unsigned int) bv->bv_len);
-
- if (bv->bv_len > 0) {
- out = (char *) calloc((3 * (bv->bv_len)) + 1, sizeof(char));
- if (!out) return;
-
- for (i = 1; i <= bv->bv_len; i++) {
- snprintf(octet, 4, "%02x ",
- (unsigned char) bv->bv_val[i - 1]);
- strcat(out, octet);
- }
- log_debug(out);
- free(out);
- }
-}
-
-
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.h b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.h
deleted file mode 100644
index c5722cbe..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-log.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- ***************************************************************************/
-
-#ifndef _ZOS_REMOTE_LOG_H
-#define _ZOS_REMOTE_LOG_H
-
-#include "zos-remote-ldap.h"
-
-#include <syslog.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <lber.h>
-
-extern pid_t mypid;
-
-void log_err(const char *, ...);
-void log_warn(const char *, ...);
-void log_info(const char *, ...);
-void _log_debug(const char *, ...);
-void _debug_bv(struct berval *);
-void _debug_ber(BerElement *);
-
-#ifdef DEBUG
-
-#define log_debug(fmt, ...) _log_debug(fmt, ## __VA_ARGS__)
-#define debug_bv(bv) _debug_bv(bv)
-#define debug_ber(ber) _debug_ber(ber)
-
-#else
-
-#define log_debug(fmt, ...)
-#define debug_bv(bv)
-#define debug_ber(ber)
-
-#endif /* DEBUG */
-
-
-#endif /* _ZOS_REMOTE_LOG_H */
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-plugin.c b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-plugin.c
deleted file mode 100644
index 8234a273..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-plugin.c
+++ /dev/null
@@ -1,580 +0,0 @@
-/***************************************************************************
-* Copyright (C) 2007 International Business Machines Corp. *
-* All Rights Reserved. *
-* *
-* This program is free software; you can redistribute it and/or modify *
-* it under the terms of the GNU General Public License as published by *
-* the Free Software Foundation; either version 2 of the License, or *
-* (at your option) any later version. *
-* *
-* This program is distributed in the hope that it will be useful, *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
-* GNU General Public License for more details. *
-* *
-* You should have received a copy of the GNU General Public License *
-* along with this program; if not, write to the *
-* Free Software Foundation, Inc., *
-* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
-* *
-* Authors: *
-* Klaus Heinrich Kiwi <klausk@br.ibm.com> *
-***************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <limits.h>
-#include <string.h>
-#include <time.h>
-#include <errno.h>
-#include <string.h>
-#include <pthread.h>
-#include <lber.h>
-#include <netinet/in.h>
-#ifdef HAVE_LIBCAP_NG
-#include <cap-ng.h>
-#endif
-#include "auparse.h"
-#include "zos-remote-log.h"
-#include "zos-remote-ldap.h"
-#include "zos-remote-config.h"
-#include "zos-remote-queue.h"
-
-#define UNUSED(x) (void)(x)
-
-/*
- * Global vars
- */
-volatile int stop = 0;
-volatile int hup = 0;
-volatile ZOS_REMOTE zos_remote_inst;
-static plugin_conf_t conf;
-static const char *def_config_file = "/etc/audisp/zos-remote.conf";
-static pthread_t submission_thread;
-pid_t mypid = 0;
-
-/*
- * SIGTERM handler
- */
-static void term_handler(int sig)
-{
- UNUSED(sig);
- log_info("Got Termination signal - shutting down plugin");
- stop = 1;
- nudge_queue();
-}
-
-/*
- * SIGHUP handler - re-read config, reconnect to ITDS
- */
-static void hup_handler(int sig)
-{
- UNUSED(sig);
- log_info("Got Hangup signal - flushing plugin configuration");
- hup = 1;
- nudge_queue();
-}
-
-/*
- * SIGALRM handler - help force exit when terminating daemon
- */
-static void alarm_handler(int sig)
-{
- UNUSED(sig);
- log_err("Timeout waiting for submission thread - Aborting (some events may have been dropped)");
- pthread_cancel(submission_thread);
-}
-
-/*
- * The submission thread
- * It's job is to dequeue the events from the queue
- * and sync submit them to ITDS
- */
-static void *submission_thread_main(void *arg)
-{
- int rc;
-
- UNUSED(arg);
- log_debug("Starting event submission thread");
-
- rc = zos_remote_init(&zos_remote_inst, conf.server,
- conf.port, conf.user,
- conf.password,
- conf.timeout);
-
- if (rc != ICTX_SUCCESS) {
- log_err("Error - Failed to initialize session to z/OS ITDS Server");
- stop = 1;
- return 0;
- }
-
- while (stop == 0) {
- /* block until we have an event */
- BerElement *ber = dequeue();
-
- if (ber == NULL) {
- if (hup) {
- break;
- }
- continue;
- }
- debug_ber(ber);
- rc = submit_request_s(&zos_remote_inst, ber);
- if (rc == ICTX_E_FATAL) {
- log_err("Error - Fatal error in event submission. Aborting");
- stop = 1;
- } else if (rc != ICTX_SUCCESS) {
- log_warn("Warning - Event submission failure - event dropped");
- }
- else {
- log_debug("Event submission success");
- }
- ber_free(ber, 1); /* also free BER buffer */
- }
- log_debug("Stopping event submission thread");
- zos_remote_destroy(&zos_remote_inst);
-
- return 0;
-}
-
-
-/*
- * auparse library callback that's called when an event is ready
- */
-void
-push_event(auparse_state_t * au, auparse_cb_event_t cb_event_type,
- void *user_data)
-{
- int rc;
- BerElement *ber;
- int qualifier;
- char timestamp[26];
- char linkValue[ZOS_REMOTE_LINK_VALUE_SIZE];
- char logString[ZOS_REMOTE_LOGSTRING_SIZE];
- unsigned long linkValue_tmp;
-
- UNUSED(user_data);
- if (cb_event_type != AUPARSE_CB_EVENT_READY)
- return;
-
- const au_event_t *e = auparse_get_timestamp(au);
- if (e == NULL)
- return;
- /*
- * we have an event. Each record will result in a different 'Item'
- * (refer ASN.1 definition in zos-remote-ldap.h)
- */
-
- /*
- * Create a new BER element to encode the request
- */
- ber = ber_alloc_t(LBER_USE_DER);
- if (ber == NULL) {
- log_err("Error allocating memory for BER element");
- goto fatal;
- }
-
- /*
- * Collect some information to fill in every item
- */
- const char *node = auparse_get_node(au);
- const char *orig_type = auparse_find_field(au, "type");
- /* roll back event to get 'success' */
- auparse_first_record(au);
- const char *success = auparse_find_field(au, "success");
- /* roll back event to get 'res' */
- auparse_first_record(au);
- const char *res = auparse_find_field(au, "res");
-
- /* check if this event is a success or failure one */
- if (success) {
- if (strncmp(success, "0", 1) == 0 ||
- strncmp(success, "no", 2) == 0)
- qualifier = ZOS_REMOTE_QUALIF_FAIL;
- else
- qualifier = ZOS_REMOTE_QUALIF_SUCCESS;
- } else if (res) {
- if (strncmp(res, "0", 1) == 0
- || strncmp(res, "failed", 6) == 0)
- qualifier = ZOS_REMOTE_QUALIF_FAIL;
- else
- qualifier = ZOS_REMOTE_QUALIF_SUCCESS;
- } else
- qualifier = ZOS_REMOTE_QUALIF_INFO;
-
- /* get timestamp text */
- ctime_r(&e->sec, timestamp);
- timestamp[24] = '\0'; /* strip \n' */
-
- /* prepare linkValue which will be used for every item */
- linkValue_tmp = htonl(e->serial); /* padronize to use network
- * byte order
- */
- memset(&linkValue, 0, ZOS_REMOTE_LINK_VALUE_SIZE);
- memcpy(&linkValue, &linkValue_tmp, sizeof(unsigned long));
-
- /*
- * Prepare the logString with some meaningful text
- * We assume the first record type found is the
- * 'originating' audit record
- */
- sprintf(logString, "Linux (%s): type: %s", node, orig_type);
- free((void *)node);
-
- /*
- * Start writing to BER element.
- * There's only one field (version) out of the item sequence.
- * Also open item sequence
- */
- rc = ber_printf(ber, "{i{", ICTX_REQUESTVER);
- if (rc < 0)
- goto skip_event;
-
- /*
- * Roll back to first record and iterate through all records
- */
- auparse_first_record(au);
- do {
- const char *type = auparse_find_field(au, "type");
- if (type == NULL)
- goto skip_event;
-
- log_debug("got record: %s", auparse_get_record_text(au));
-
- /*
- * First field is item Version, same as global version
- */
- rc = ber_printf(ber, "{i", ICTX_REQUESTVER);
-
- /*
- * Second field is the itemTag
- * use our internal event counter, increasing it
- */
- rc |= ber_printf(ber, "i", conf.counter++);
-
- /*
- * Third field is the linkValue
- * using ber_put_ostring since it is not null-terminated
- */
- rc |= ber_put_ostring(ber, linkValue,
- ZOS_REMOTE_LINK_VALUE_SIZE,
- LBER_OCTETSTRING);
- /*
- * Fourth field is the violation
- * Don't have anything better yet to put here
- */
- rc |= ber_printf(ber, "b", 0);
-
- /*
- * Fifth field is the event.
- * FIXME: this might be the place to switch on the
- * audit record type and map to a more meaningful
- * SMF type 83, subtype 4 event here
- */
- rc |= ber_printf(ber, "i", ZOS_REMOTE_EVENT_AUTHORIZATION);
-
- /*
- * Sixth field is the qualifier. We map 'success' or
- * 'res' to this field
- */
- rc |= ber_printf(ber, "i", qualifier);
-
- /*
- * Seventh field is the Class
- * always use '@LINUX' for this version
- * max size ZOS_REMOTE_CLASS_SIZE
- */
- rc |= ber_printf(ber, "t", ASN1_IA5STRING_TAG);
- rc |= ber_printf(ber, "s", "@LINUX");
-
- /*
- * Eighth field is the resource
- * use the record type (name) as the resource
- * max size ZOS_REMOTE_RESOURCE_SIZE
- */
- rc |= ber_printf(ber, "t", ASN1_IA5STRING_TAG);
- rc |= ber_printf(ber, "s", type);
-
- /*
- * Nineth field is the LogString
- * we try to put something meaningful here
- * we also start the relocations sequence
- */
- rc |= ber_printf(ber, "t", ASN1_IA5STRING_TAG);
- rc |= ber_printf(ber, "s{", logString);
-
- /*
- * Now we start adding the relocations.
- * Let's add the timestamp as the first one
- * so it's out of the field loop
- */
- rc |= ber_printf(ber, "{i", ZOS_REMOTE_RELOC_TIMESTAMP);
- rc |= ber_printf(ber, "t", ASN1_IA5STRING_TAG);
- rc |= ber_printf(ber, "s}", timestamp);
-
- /*
- * Check that encoding is going OK until now
- */
- if (rc < 0)
- goto skip_event;
-
- /*
- * Now go to first field,
- * and iterate through all fields
- */
- auparse_first_field(au);
- do {
- /*
- * we set a maximum of 1024 chars for
- * relocation data (field=value pairs)
- * Hopefuly this wont overflow too often
- */
- char data[1024];
- const char *name = auparse_get_field_name(au);
- const char *value = auparse_interpret_field(au);
- if (name == NULL || value == NULL)
- goto skip_event;
-
- /*
- * First reloc field is the Relocation type
- * We use 'OTHER' here since we don't have
- * anything better
- */
- rc |= ber_printf(ber, "{i", ZOS_REMOTE_RELOC_OTHER);
-
- /*
- * Second field is the relocation data
- * We use a 'name=value' pair here
- * Use up to 1023 chars (one char left for '\0')
- */
- snprintf(data, 1023, "%s=%s", name, value);
- rc |= ber_printf(ber, "t", ASN1_IA5STRING_TAG);
- rc |= ber_printf(ber, "s}", data);
-
- /*
- * Check encoding status
- */
- if (rc < 0)
- goto skip_event;
- } while (auparse_next_field(au) > 0);
-
- /*
- * After adding all relocations we are done with
- * this item - finalize relocs and item
- */
- rc |= ber_printf(ber, "}}");
-
- /*
- * Check if we are doing well with encoding
- */
- if (rc < 0)
- goto skip_event;
-
- } while (auparse_next_record(au) > 0);
-
- /*
- * We have all items in - finalize item sequence & request
- */
- rc |= ber_printf(ber, "}}");
-
- /*
- * Check if everything went alright with encoding
- */
- if (rc < 0)
- goto skip_event;
-
- /*
- * finally, enqueue request and let the other
- * thread process it
- */
- log_debug("Encoding done, enqueuing event");
- enqueue(ber);
-
- return;
-
-skip_event:
- log_warn("Warning - error encoding request, skipping event");
- ber_free(ber, 1); /* free it since we're not enqueuing it */
- return;
-
-fatal:
- log_err("Error - Fatal error while encoding request. Aborting");
- stop = 1;
-}
-
-int main(int argc, char *argv[])
-{
- int rc;
- const char *cpath;
- char buf[1024];
- struct sigaction sa;
- sigset_t ss;
- auparse_state_t *au;
- ssize_t len;
-
- mypid = getpid();
-
- log_info("starting with pid=%d", mypid);
-
- /*
- * install signal handlers
- */
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- sa.sa_handler = term_handler;
- sigaction(SIGTERM, &sa, NULL);
- sa.sa_handler = hup_handler;
- sigaction(SIGHUP, &sa, NULL);
- sa.sa_handler = alarm_handler;
- sigaction(SIGALRM, &sa, NULL);
-
- /*
- * the main program accepts a single (optional) argument:
- * it's configuration file (this is NOT the plugin configuration
- * usually located at /etc/audisp/plugin.d)
- * We use the default (def_config_file) if no arguments are given
- */
- if (argc == 1) {
- cpath = def_config_file;
- log_warn("No configuration file specified - using default (%s)", cpath);
- } else if (argc == 2) {
- cpath = argv[1];
- log_info("Using configuration file: %s", cpath);
- } else {
- log_err("Error - invalid number of parameters passed. Aborting");
- return 1;
- }
-
- /* initialize record counter */
- conf.counter = 1;
-
- /* initialize configuration with default values */
- plugin_clear_config(&conf);
-
- /* initialize the submission queue */
- if (init_queue(conf.q_depth) != 0) {
- log_err("Error - Can't initialize event queue. Aborting");
- return -1;
- }
-
-#ifdef HAVE_LIBCAP_NG
- // Drop all capabilities
- capng_clear(CAPNG_SELECT_BOTH);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif
-
- /* set stdin to O_NONBLOCK */
- if (fcntl(0, F_SETFL, O_NONBLOCK) == -1) {
- log_err("Error - Can't set input to Non-blocking mode: %s. Aborting",
- strerror(errno));
- return -1;
- }
-
- do {
-
- hup = 0; /* don't flush unless hup == 1 */
-
- /*
- * initialization is done in 4 steps:
- */
-
- /*
- * load configuration and
- * increase queue depth if needed
- */
- rc = plugin_load_config(&conf, cpath);
- if (rc != 0) {
- log_err("Error - Can't load configuration. Aborting");
- return -1;
- }
- increase_queue_depth(conf.q_depth); /* 1 */
-
- /* initialize auparse */
- au = auparse_init(AUSOURCE_FEED, 0); /* 2 */
- if (au == NULL) {
- log_err("Error - exiting due to auparse init errors");
- return -1;
- }
-
- /*
- * Block signals for everyone,
- * Initialize submission thread, and
- * Unblock signals for this thread
- */
- sigfillset(&ss);
- pthread_sigmask(SIG_BLOCK, &ss, NULL);
- pthread_create(&submission_thread, NULL,
- submission_thread_main, NULL);
- pthread_sigmask(SIG_UNBLOCK, &ss, NULL); /* 3 */
-
- /* add our event consumer callback */
- auparse_add_callback(au, push_event, NULL, NULL); /* 4 */
-
- /* main loop */
- while (hup == 0 && stop == 0) {
- fd_set rfds;
- struct timeval tv;
-
- FD_ZERO(&rfds);
- FD_SET(0, &rfds);
- tv.tv_sec = 5;
- tv.tv_usec = 0;
- rc = select(1, &rfds, NULL, NULL, &tv);
- if (rc == -1) {
- if (errno == EINTR) {
- log_debug("Select call interrupted");
- continue;
- }
- else {
- log_err("Error - Fatal error while monitoring input: %s. Aborting",
- strerror(errno));
- stop = 1;
- }
- }
- else if (rc) {
- len = read(0, buf, 1024);
- if (len > 0)
- /* let our callback know of the new data */
- auparse_feed(au, buf, len);
- else if (len == 0) {
- log_debug("End of input - Exiting");
- stop = 1;
- }
- else {
- /* ignore interrupted call or empty pipe */
- if (errno != EINTR && errno != EAGAIN) {
- log_err("Error - Fatal error while reading input: %s. Aborting",
- strerror(errno));
- stop = 1;
- }
- else {
- log_debug("Ignoring read interruption: %s",
- strerror(errno));
- }
- }
- }
- }
- /* flush everything, in order */
- auparse_flush_feed(au); /* 4 */
- alarm(10); /* 10 seconds to clear the queue */
- pthread_join(submission_thread, NULL); /* 3 */
- alarm(0); /* cancel any pending alarm */
- auparse_destroy(au); /* 2 */
- plugin_free_config(&conf); /* 1 */
- }
- while (hup && stop == 0);
-
- /* destroy queue before leaving */
- destroy_queue();
-
- log_info("Exiting");
-
- return 0;
-}
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.c b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.c
deleted file mode 100644
index 8071dca4..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- * based on code by Steve Grubb <sgrubb@redhat.com> *
- ***************************************************************************/
-
-#include "zos-remote-queue.h"
-
-#include <stdlib.h>
-#include <pthread.h>
-#include <syslog.h>
-#include "zos-remote-log.h"
-
-static volatile BerElement **q;
-static pthread_mutex_t queue_lock;
-static pthread_cond_t queue_nonempty;
-static unsigned int q_next, q_last, q_depth;
-
-
-int init_queue(unsigned int size)
-{
- unsigned int i;
-
- q_next = 0;
- q_last = 0;
- q_depth = size;
- q = malloc(q_depth * sizeof(BerElement *));
- if (q == NULL)
- return -1;
-
- for (i=0; i<q_depth; i++)
- q[i] = NULL;
-
- /* Setup IPC mechanisms */
- pthread_mutex_init(&queue_lock, NULL);
- pthread_cond_init(&queue_nonempty, NULL);
-
- return 0;
-}
-
-void enqueue(BerElement *ber)
-{
- unsigned int n, retry_cnt = 0;
-
-retry:
- /* We allow 3 retries and then its over */
- if (retry_cnt > 3) {
- log_err("queue is full - dropping event");
- return;
- }
- pthread_mutex_lock(&queue_lock);
-
- /* OK, have lock add event */
- n = q_next%q_depth;
- if (q[n] == NULL) {
- q[n] = ber;
- q_next = (n+1) % q_depth;
- pthread_cond_signal(&queue_nonempty);
- pthread_mutex_unlock(&queue_lock);
- } else {
- pthread_mutex_unlock(&queue_lock);
- pthread_yield(); /* Let dequeue thread run to clear queue */
- retry_cnt++;
- goto retry;
- }
-}
-
-BerElement *dequeue(void)
-{
- BerElement *ber;
- unsigned int n;
-
- /* Wait until its got something in it */
- pthread_mutex_lock(&queue_lock);
- n = q_last%q_depth;
- if (q[n] == NULL) {
- pthread_cond_wait(&queue_nonempty, &queue_lock);
- n = q_last%q_depth;
- }
-
- /* OK, grab the next event */
- if (q[n] != NULL) {
- ber = (BerElement *) q[n];
- q[n] = NULL;
- q_last = (n+1) % q_depth;
- } else
- ber = NULL;
-
- pthread_mutex_unlock(&queue_lock);
-
- /* Process the event */
- return ber;
-}
-
-void nudge_queue(void)
-{
- pthread_cond_signal(&queue_nonempty);
-}
-
-void increase_queue_depth(unsigned int size)
-{
- pthread_mutex_lock(&queue_lock);
- if (size > q_depth) {
- unsigned int i;
- void *tmp_q;
-
- tmp_q = realloc(q, size * sizeof(BerElement *));
- q = tmp_q;
- for (i=q_depth; i<size; i++)
- q[i] = NULL;
- q_depth = size;
- }
- pthread_mutex_unlock(&queue_lock);
-}
-
-void destroy_queue(void)
-{
- unsigned int i;
-
- for (i=0; i<q_depth; i++) {
- ber_free(q[i], 1);
- }
-
- free(q);
-}
-
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.h b/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.h
deleted file mode 100644
index c653747a..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote-queue.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2007 International Business Machines Corp. *
- * All Rights Reserved. *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- * *
- * Authors: *
- * Klaus Heinrich Kiwi <klausk@br.ibm.com> *
- * based on code by Steve Grubb <sgrubb@redhat.com> *
- ***************************************************************************/
-
-#ifndef _ZOS_REMOTE_QUEUE_H
-#define _ZOS_REMOTE_QUEUE_H
-
-#include <lber.h>
-
-int init_queue(unsigned int size);
-void enqueue(BerElement *);
-BerElement *dequeue(void);
-void nudge_queue(void);
-void increase_queue_depth(unsigned int size);
-void destroy_queue(void);
-
-#endif /* _ZOS_REMOTE_QUEUE_H */
-
diff --git a/framework/src/audit/audisp/plugins/zos-remote/zos-remote.conf b/framework/src/audit/audisp/plugins/zos-remote/zos-remote.conf
deleted file mode 100644
index 8cf85f71..00000000
--- a/framework/src/audit/audisp/plugins/zos-remote/zos-remote.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-## This is the configuration file for the audispd-zos-remote
-## Audit dispatcher plugin.
-## See zos-remote.conf(5) for more information
-
-server = zos_server.localdomain
-port = 389
-user = RACF_ID
-password = racf_password
-timeout = 15
-q_depth = 64