summaryrefslogtreecommitdiffstats
path: root/framework/src/audit/auparse/auditd-config.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/auparse/auditd-config.c')
-rw-r--r--framework/src/audit/auparse/auditd-config.c445
1 files changed, 445 insertions, 0 deletions
diff --git a/framework/src/audit/auparse/auditd-config.c b/framework/src/audit/auparse/auditd-config.c
new file mode 100644
index 00000000..5964538f
--- /dev/null
+++ b/framework/src/audit/auparse/auditd-config.c
@@ -0,0 +1,445 @@
+/* auditd-config.c --
+ * Copyright 2007,2014 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Steve Grubb <sgrubb@redhat.com>
+ *
+ */
+
+#include "config.h"
+#include "internal.h"
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <libgen.h>
+#include <dirent.h>
+#include <ctype.h>
+
+/* Local prototypes */
+struct _pair
+{
+ const char *name;
+ const char *value;
+};
+
+struct kw_pair
+{
+ const char *name;
+ int (*parser)(const char *, int, struct daemon_conf *);
+};
+
+struct nv_list
+{
+ const char *name;
+ int option;
+};
+
+static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
+ const char *file);
+static int nv_split(char *buf, struct _pair *nv);
+static const struct kw_pair *kw_lookup(const char *val);
+static int log_file_parser(const char *val, int line,
+ struct daemon_conf *config);
+static int num_logs_parser(const char *val, int line,
+ struct daemon_conf *config);
+static int log_format_parser(const char *val, int line,
+ struct daemon_conf *config);
+
+static const struct kw_pair keywords[] =
+{
+ {"log_file", log_file_parser },
+ {"log_format", log_format_parser },
+ {"num_logs", num_logs_parser },
+ { NULL, NULL }
+};
+
+static const struct nv_list log_formats[] =
+{
+ {"raw", LF_RAW },
+ {"nolog", LF_NOLOG },
+ { NULL, 0 }
+};
+
+
+/*
+ * Set everything to its default value
+*/
+void clear_config(struct daemon_conf *config)
+{
+ config->qos = QOS_NON_BLOCKING;
+ config->sender_uid = 0;
+ config->sender_pid = 0;
+ config->sender_ctx = NULL;
+ config->log_file = strdup("/var/log/audit/audit.log");
+ config->log_format = LF_RAW;
+ config->log_group = 0;
+ config->priority_boost = 3;
+ config->flush = FT_NONE;
+ config->freq = 0;
+ config->num_logs = 0L;
+ config->dispatcher = NULL;
+ config->node_name_format = N_NONE;
+ config->node_name = NULL;
+ config->max_log_size = 0L;
+ config->max_log_size_action = SZ_IGNORE;
+ config->space_left = 0L;
+ config->space_left_action = FA_IGNORE;
+ config->space_left_exe = NULL;
+ config->action_mail_acct = strdup("root");
+ config->admin_space_left= 0L;
+ config->admin_space_left_action = FA_IGNORE;
+ config->admin_space_left_exe = NULL;
+ config->disk_full_action = FA_IGNORE;
+ config->disk_full_exe = NULL;
+ config->disk_error_action = FA_SYSLOG;
+ config->disk_error_exe = NULL;
+}
+
+int load_config(struct daemon_conf *config, log_test_t lt)
+{
+ int fd, rc, lineno = 1;
+ struct stat st;
+ FILE *f;
+ char buf[160];
+
+ clear_config(config);
+ lt = lt;
+
+ /* open the file */
+ rc = open(CONFIG_FILE, O_RDONLY|O_NOFOLLOW);
+ if (rc < 0) {
+ if (errno != ENOENT) {
+ audit_msg(LOG_ERR, "Error opening config file (%s)",
+ strerror(errno));
+ return 1;
+ }
+ audit_msg(LOG_WARNING,
+ "Config file %s doesn't exist, skipping", CONFIG_FILE);
+ return 0;
+ }
+ fd = rc;
+
+ /* check the file's permissions: owned by root, not world writable,
+ * not symlink.
+ */
+ if (fstat(fd, &st) < 0) {
+ audit_msg(LOG_ERR, "Error fstat'ing config file (%s)",
+ strerror(errno));
+ close(fd);
+ return 1;
+ }
+ if (st.st_uid != 0) {
+ audit_msg(LOG_ERR, "Error - %s isn't owned by root",
+ CONFIG_FILE);
+ close(fd);
+ return 1;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ audit_msg(LOG_ERR, "Error - %s is not a regular file",
+ CONFIG_FILE);
+ close(fd);
+ return 1;
+ }
+
+ /* it's ok, read line by line */
+ f = fdopen(fd, "rm");
+ if (f == NULL) {
+ audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
+ strerror(errno));
+ close(fd);
+ return 1;
+ }
+
+ while (get_line(f, buf, sizeof(buf), &lineno, CONFIG_FILE)) {
+ // convert line into name-value pair
+ const struct kw_pair *kw;
+ struct _pair nv;
+ rc = nv_split(buf, &nv);
+ switch (rc) {
+ case 0: // fine
+ break;
+ case 1: // not the right number of tokens.
+ audit_msg(LOG_ERR,
+ "Wrong number of arguments for line %d in %s",
+ lineno, CONFIG_FILE);
+ break;
+ case 2: // no '=' sign
+ audit_msg(LOG_ERR,
+ "Missing equal sign for line %d in %s",
+ lineno, CONFIG_FILE);
+ break;
+ default: // something else went wrong...
+ audit_msg(LOG_ERR,
+ "Unknown error for line %d in %s",
+ lineno, CONFIG_FILE);
+ break;
+ }
+ if (nv.name == NULL) {
+ lineno++;
+ continue;
+ }
+ if (nv.value == NULL) {
+ fclose(f);
+ audit_msg(LOG_ERR,
+ "Not processing any more lines in %s",
+ CONFIG_FILE);
+ return 1;
+ }
+
+ /* identify keyword or error */
+ kw = kw_lookup(nv.name);
+ if (kw->name) {
+ /* dispatch to keyword's local parser */
+ rc = kw->parser(nv.value, lineno, config);
+ if (rc != 0) {
+ fclose(f);
+ return 1; // local parser puts message out
+ }
+ }
+
+ lineno++;
+ }
+
+ fclose(f);
+ return 0;
+}
+
+static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
+ const char *file)
+{
+ int too_long = 0;
+
+ while (fgets_unlocked(buf, size, f)) {
+ /* remove newline */
+ char *ptr = strchr(buf, 0x0a);
+ if (ptr) {
+ if (!too_long) {
+ *ptr = 0;
+ return buf;
+ }
+ // Reset and start with the next line
+ too_long = 0;
+ *lineno = *lineno + 1;
+ } else {
+ // If a line is too long skip it.
+ // Only output 1 warning
+ if (!too_long)
+ audit_msg(LOG_ERR,
+ "Skipping line %d in %s: too long",
+ *lineno, file);
+ too_long = 1;
+ }
+ }
+ return NULL;
+}
+
+static int nv_split(char *buf, struct _pair *nv)
+{
+ /* Get the name part */
+ char *ptr;
+
+ nv->name = NULL;
+ nv->value = NULL;
+ ptr = audit_strsplit(buf);
+ if (ptr == NULL)
+ return 0; /* If there's nothing, go to next line */
+ if (ptr[0] == '#')
+ return 0; /* If there's a comment, go to next line */
+ nv->name = ptr;
+
+ /* Check for a '=' */
+ ptr = audit_strsplit(NULL);
+ if (ptr == NULL)
+ return 1;
+ if (strcmp(ptr, "=") != 0)
+ return 2;
+
+ /* get the value */
+ ptr = audit_strsplit(NULL);
+ if (ptr == NULL)
+ return 1;
+ nv->value = ptr;
+
+ /* Make sure there's nothing else */
+ ptr = audit_strsplit(NULL);
+ if (ptr) {
+ /* Allow one option, but check that there's not 2 */
+ ptr = audit_strsplit(NULL);
+ if (ptr)
+ return 1;
+ }
+
+ /* Everything is OK */
+ return 0;
+}
+
+static const struct kw_pair *kw_lookup(const char *val)
+{
+ int i = 0;
+ while (keywords[i].name != NULL) {
+ if (strcasecmp(keywords[i].name, val) == 0)
+ break;
+ i++;
+ }
+ return &keywords[i];
+}
+
+static int log_file_parser(const char *val, int line,struct daemon_conf *config)
+{
+ char *dir = NULL, *tdir, *base;
+ DIR *d;
+ int fd, mode;
+ struct stat buf;
+
+ /* split name into dir and basename. */
+ tdir = strdup(val);
+ if (tdir)
+ dir = dirname(tdir);
+ if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
+ audit_msg(LOG_ERR,
+ "The directory name: %s is too short - line %d",
+ dir, line);
+ free((void *)tdir);
+ return 1;
+ }
+
+ base = basename((char *)val);
+ if (base == 0 || strlen(base) == 0) {
+ audit_msg(LOG_ERR, "The file name: %s is too short - line %d",
+ base, line);
+ free((void *)tdir);
+ return 1;
+ }
+
+ /* verify the directory path exists */
+ d = opendir(dir);
+ if (d == NULL) {
+ audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
+ strerror(errno));
+ free((void *)tdir);
+ return 1;
+ }
+ free((void *)tdir);
+ closedir(d);
+
+ /* if the file exists, see that its regular, owned by root,
+ * and not world anything */
+ mode = O_RDONLY;
+
+ fd = open(val, mode);
+ if (fd < 0) {
+ audit_msg(LOG_ERR, "Unable to open %s (%s)", val,
+ strerror(errno));
+ return 1;
+ }
+ if (fstat(fd, &buf) < 0) {
+ audit_msg(LOG_ERR, "Unable to stat %s (%s)",
+ val, strerror(errno));
+ close(fd);
+ return 1;
+ }
+ close(fd);
+ if (!S_ISREG(buf.st_mode)) {
+ audit_msg(LOG_ERR, "%s is not a regular file", val);
+ return 1;
+ }
+ if (buf.st_uid != 0) {
+ audit_msg(LOG_ERR, "%s is not owned by root", val);
+ return 1;
+ }
+ if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
+ audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
+ val);
+ return 1;
+ }
+ if ( !(buf.st_mode & S_IWUSR) ) {
+ audit_msg(LOG_ERR, "audit log is not writable by owner");
+ return 1;
+ }
+
+ free((void *)config->log_file);
+ config->log_file = strdup(val);
+ if (config->log_file == NULL)
+ return 1;
+ return 0;
+}
+
+static int num_logs_parser(const char *val, int line,
+ struct daemon_conf *config)
+{
+ const char *ptr = val;
+ unsigned long i;
+
+ /* check that all chars are numbers */
+ for (i=0; ptr[i]; i++) {
+ if (!isdigit(ptr[i])) {
+ audit_msg(LOG_ERR,
+ "Value %s should only be numbers - line %d",
+ val, line);
+ return 1;
+ }
+ }
+
+ /* convert to unsigned long */
+ errno = 0;
+ i = strtoul(val, NULL, 10);
+ if (errno) {
+ audit_msg(LOG_ERR,
+ "Error converting string to a number (%s) - line %d",
+ strerror(errno), line);
+ return 1;
+ }
+ if (i > 99) {
+ audit_msg(LOG_ERR, "num_logs must be 99 or less");
+ return 1;
+ }
+ config->num_logs = i;
+ return 0;
+}
+
+static int log_format_parser(const char *val, int line,
+ struct daemon_conf *config)
+{
+ int i;
+
+ for (i=0; log_formats[i].name != NULL; i++) {
+ if (strcasecmp(val, log_formats[i].name) == 0) {
+ config->log_format = log_formats[i].option;
+ return 0;
+ }
+ }
+ audit_msg(LOG_ERR, "Option %s not found - line %d", val, line);
+ return 1;
+}
+
+void free_config(struct daemon_conf *config)
+{
+ free((void*)config->sender_ctx);
+ free((void*)config->log_file);
+ free((void*)config->dispatcher);
+ free((void *)config->node_name);
+ free((void *)config->action_mail_acct);
+ free((void *)config->space_left_exe);
+ free((void *)config->admin_space_left_exe);
+ free((void *)config->disk_full_exe);
+ free((void *)config->disk_error_exe);
+}
+