aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/src/auditd-config.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/src/auditd-config.c')
-rw-r--r--framework/src/audit/src/auditd-config.c1744
1 files changed, 0 insertions, 1744 deletions
diff --git a/framework/src/audit/src/auditd-config.c b/framework/src/audit/src/auditd-config.c
deleted file mode 100644
index 0a99ffe0..00000000
--- a/framework/src/audit/src/auditd-config.c
+++ /dev/null
@@ -1,1744 +0,0 @@
-/* auditd-config.c --
- * Copyright 2004-2011,2013-14 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Authors:
- * Steve Grubb <sgrubb@redhat.com>
- *
- */
-
-#include "config.h"
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <string.h>
-#include <dirent.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <netdb.h>
-#include <fcntl.h> /* O_NOFOLLOW needs gnu defined */
-#include <libgen.h>
-#include <arpa/inet.h>
-#include <limits.h> /* INT_MAX */
-#include "auditd-config.h"
-#include "libaudit.h"
-#include "private.h"
-
-#define TCP_PORT_MAX 65535
-
-/* Local prototypes */
-struct nv_pair
-{
- const char *name;
- const char *value;
- const char *option;
-};
-
-struct kw_pair
-{
- const char *name;
- int (*parser)(struct nv_pair *, int, struct daemon_conf *);
- int max_options;
-};
-
-struct nv_list
-{
- const char *name;
- int option;
-};
-
-static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
- const char *file);
-static int nv_split(char *buf, struct nv_pair *nv);
-static const struct kw_pair *kw_lookup(const char *val);
-static int log_file_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int num_logs_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int log_group_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int qos_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int dispatch_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int name_format_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int name_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int max_log_size_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int max_log_size_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int log_format_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int flush_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int freq_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int space_left_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int space_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int action_mail_acct_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int admin_space_left_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int admin_space_left_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int disk_full_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int disk_error_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int priority_boost_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int tcp_listen_port_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int tcp_listen_queue_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int tcp_max_per_addr_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int use_libwrap_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int tcp_client_ports_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int tcp_client_max_idle_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int enable_krb5_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int krb5_principal_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int krb5_key_file_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config);
-static int sanity_check(struct daemon_conf *config);
-
-static const struct kw_pair keywords[] =
-{
- {"log_file", log_file_parser, 0 },
- {"log_format", log_format_parser, 0 },
- {"log_group", log_group_parser, 0 },
- {"flush", flush_parser, 0 },
- {"freq", freq_parser, 0 },
- {"num_logs", num_logs_parser, 0 },
- {"dispatcher", dispatch_parser, 0 },
- {"name_format", name_format_parser, 0 },
- {"name", name_parser, 0 },
- {"disp_qos", qos_parser, 0 },
- {"max_log_file", max_log_size_parser, 0 },
- {"max_log_file_action", max_log_size_action_parser, 0 },
- {"space_left", space_left_parser, 0 },
- {"space_left_action", space_action_parser, 1 },
- {"action_mail_acct", action_mail_acct_parser, 0 },
- {"admin_space_left", admin_space_left_parser, 0 },
- {"admin_space_left_action", admin_space_left_action_parser, 1 },
- {"disk_full_action", disk_full_action_parser, 1 },
- {"disk_error_action", disk_error_action_parser, 1 },
- {"priority_boost", priority_boost_parser, 0 },
- {"tcp_listen_port", tcp_listen_port_parser, 0 },
- {"tcp_listen_queue", tcp_listen_queue_parser, 0 },
- {"tcp_max_per_addr", tcp_max_per_addr_parser, 0 },
- {"use_libwrap", use_libwrap_parser, 0 },
- {"tcp_client_ports", tcp_client_ports_parser, 0 },
- {"tcp_client_max_idle", tcp_client_max_idle_parser, 0 },
- {"enable_krb5", enable_krb5_parser, 0 },
- {"krb5_principal", krb5_principal_parser, 0 },
- {"krb5_key_file", krb5_key_file_parser, 0 },
- { NULL, NULL }
-};
-
-static const struct nv_list log_formats[] =
-{
- {"raw", LF_RAW },
- {"nolog", LF_NOLOG },
- { NULL, 0 }
-};
-
-static const struct nv_list flush_techniques[] =
-{
- {"none", FT_NONE },
- {"incremental", FT_INCREMENTAL },
- {"data", FT_DATA },
- {"sync", FT_SYNC },
- { NULL, 0 }
-};
-
-static const struct nv_list failure_actions[] =
-{
- {"ignore", FA_IGNORE },
- {"syslog", FA_SYSLOG },
- {"rotate", FA_ROTATE },
- {"email", FA_EMAIL },
- {"exec", FA_EXEC },
- {"suspend", FA_SUSPEND },
- {"single", FA_SINGLE },
- {"halt", FA_HALT },
- { NULL, 0 }
-};
-
-// Future ideas: e-mail, run command
-static const struct nv_list size_actions[] =
-{
- {"ignore", SZ_IGNORE },
- {"syslog", SZ_SYSLOG },
- {"suspend", SZ_SUSPEND },
- {"rotate", SZ_ROTATE },
- {"keep_logs", SZ_KEEP_LOGS},
- { NULL, 0 }
-};
-
-static const struct nv_list qos_options[] =
-{
- {"lossy", QOS_NON_BLOCKING },
- {"lossless", QOS_BLOCKING },
- { NULL, 0 }
-};
-
-static const struct nv_list node_name_formats[] =
-{
- {"none", N_NONE },
- {"hostname", N_HOSTNAME },
- {"fqd", N_FQD },
- {"numeric", N_NUMERIC },
- {"user", N_USER },
- { NULL, 0 }
-};
-
-static const struct nv_list yes_no_values[] =
-{
- {"yes", 1 },
- {"no", 0 },
- { NULL, 0 }
-};
-
-const char *email_command = "/usr/lib/sendmail";
-static int allow_links = 0;
-
-
-void set_allow_links(int allow)
-{
- allow_links = allow;
-}
-
-/*
- * Set everything to its default value
-*/
-void clear_config(struct daemon_conf *config)
-{
- config->qos = QOS_NON_BLOCKING;
- config->sender_uid = 0;
- config->sender_pid = 0;
- config->sender_ctx = NULL;
- config->log_file = strdup("/var/log/audit/audit.log");
- config->log_format = LF_RAW;
- config->log_group = 0;
- config->priority_boost = 4;
- config->flush = FT_NONE;
- config->freq = 0;
- config->num_logs = 0L;
- config->dispatcher = NULL;
- config->node_name_format = N_NONE;
- config->node_name = NULL;
- config->max_log_size = 0L;
- config->max_log_size_action = SZ_IGNORE;
- config->space_left = 0L;
- config->space_left_action = FA_IGNORE;
- config->space_left_exe = NULL;
- config->action_mail_acct = strdup("root");
- config->admin_space_left= 0L;
- config->admin_space_left_action = FA_IGNORE;
- config->admin_space_left_exe = NULL;
- config->disk_full_action = FA_IGNORE;
- config->disk_full_exe = NULL;
- config->disk_error_action = FA_SYSLOG;
- config->disk_error_exe = NULL;
- config->tcp_listen_port = 0;
- config->tcp_listen_queue = 5;
- config->tcp_max_per_addr = 1;
- config->use_libwrap = 1;
- config->tcp_client_min_port = 0;
- config->tcp_client_max_port = TCP_PORT_MAX;
- config->tcp_client_max_idle = 0;
- config->enable_krb5 = 0;
- config->krb5_principal = NULL;
- config->krb5_key_file = NULL;
-}
-
-static log_test_t log_test = TEST_AUDITD;
-int load_config(struct daemon_conf *config, log_test_t lt)
-{
- int fd, rc, mode, lineno = 1;
- struct stat st;
- FILE *f;
- char buf[160];
-
- clear_config(config);
- log_test = lt;
-
- /* open the file */
- mode = O_RDONLY;
- if (allow_links == 0)
- mode |= O_NOFOLLOW;
- rc = open(CONFIG_FILE, mode);
- if (rc < 0) {
- if (errno != ENOENT) {
- audit_msg(LOG_ERR, "Error opening config file (%s)",
- strerror(errno));
- return 1;
- }
- audit_msg(LOG_WARNING,
- "Config file %s doesn't exist, skipping", CONFIG_FILE);
- return 0;
- }
- fd = rc;
-
- /* check the file's permissions: owned by root, not world writable,
- * not symlink.
- */
- audit_msg(LOG_DEBUG, "Config file %s opened for parsing",
- CONFIG_FILE);
- if (fstat(fd, &st) < 0) {
- audit_msg(LOG_ERR, "Error fstat'ing config file (%s)",
- strerror(errno));
- close(fd);
- return 1;
- }
- if (st.st_uid != 0) {
- audit_msg(LOG_ERR, "Error - %s isn't owned by root",
- CONFIG_FILE);
- close(fd);
- return 1;
- }
- if ((st.st_mode & S_IWOTH) == S_IWOTH) {
- audit_msg(LOG_ERR, "Error - %s is world writable",
- CONFIG_FILE);
- close(fd);
- return 1;
- }
- if (!S_ISREG(st.st_mode)) {
- audit_msg(LOG_ERR, "Error - %s is not a regular file",
- CONFIG_FILE);
- close(fd);
- return 1;
- }
-
- /* it's ok, read line by line */
- f = fdopen(fd, "rm");
- if (f == NULL) {
- audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
- strerror(errno));
- close(fd);
- return 1;
- }
-
- while (get_line(f, buf, sizeof(buf), &lineno, CONFIG_FILE)) {
- // convert line into name-value pair
- const struct kw_pair *kw;
- struct nv_pair nv;
- rc = nv_split(buf, &nv);
- switch (rc) {
- case 0: // fine
- break;
- case 1: // not the right number of tokens.
- audit_msg(LOG_ERR,
- "Wrong number of arguments for line %d in %s",
- lineno, CONFIG_FILE);
- break;
- case 2: // no '=' sign
- audit_msg(LOG_ERR,
- "Missing equal sign for line %d in %s",
- lineno, CONFIG_FILE);
- break;
- default: // something else went wrong...
- audit_msg(LOG_ERR,
- "Unknown error for line %d in %s",
- lineno, CONFIG_FILE);
- break;
- }
- if (nv.name == NULL) {
- lineno++;
- continue;
- }
- if (nv.value == NULL) {
- fclose(f);
- audit_msg(LOG_ERR,
- "Not processing any more lines in %s",
- CONFIG_FILE);
- return 1;
- }
-
- /* identify keyword or error */
- kw = kw_lookup(nv.name);
- if (kw->name == NULL) {
- audit_msg(LOG_ERR,
- "Unknown keyword \"%s\" in line %d of %s",
- nv.name, lineno, CONFIG_FILE);
- fclose(f);
- return 1;
- }
-
- /* Check number of options */
- if (kw->max_options == 0 && nv.option != NULL) {
- audit_msg(LOG_ERR,
- "Keyword \"%s\" has invalid option "
- "\"%s\" in line %d of %s",
- nv.name, nv.option, lineno, CONFIG_FILE);
- fclose(f);
- return 1;
- }
-
- /* dispatch to keyword's local parser */
- rc = kw->parser(&nv, lineno, config);
- if (rc != 0) {
- fclose(f);
- return 1; // local parser puts message out
- }
-
- lineno++;
- }
-
- fclose(f);
- if (lineno > 1)
- return sanity_check(config);
- return 0;
-}
-
-static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
- const char *file)
-{
- int too_long = 0;
-
- while (fgets_unlocked(buf, size, f)) {
- /* remove newline */
- char *ptr = strchr(buf, 0x0a);
- if (ptr) {
- if (!too_long) {
- *ptr = 0;
- return buf;
- }
- // Reset and start with the next line
- too_long = 0;
- *lineno = *lineno + 1;
- } else {
- // If a line is too long skip it.
- // Only output 1 warning
- if (!too_long)
- audit_msg(LOG_ERR,
- "Skipping line %d in %s: too long",
- *lineno, file);
- too_long = 1;
- }
- }
- return NULL;
-}
-
-static int nv_split(char *buf, struct nv_pair *nv)
-{
- /* Get the name part */
- char *ptr;
-
- nv->name = NULL;
- nv->value = NULL;
- nv->option = NULL;
- ptr = audit_strsplit(buf);
- if (ptr == NULL)
- return 0; /* If there's nothing, go to next line */
- if (ptr[0] == '#')
- return 0; /* If there's a comment, go to next line */
- nv->name = ptr;
-
- /* Check for a '=' */
- ptr = audit_strsplit(NULL);
- if (ptr == NULL)
- return 1;
- if (strcmp(ptr, "=") != 0)
- return 2;
-
- /* get the value */
- ptr = audit_strsplit(NULL);
- if (ptr == NULL)
- return 1;
- nv->value = ptr;
-
- /* See if there's an option */
- ptr = audit_strsplit(NULL);
- if (ptr) {
- nv->option = ptr;
-
- /* Make sure there's nothing else */
- ptr = audit_strsplit(NULL);
- if (ptr)
- return 1;
- }
-
- /* Everything is OK */
- return 0;
-}
-
-static const struct kw_pair *kw_lookup(const char *val)
-{
- int i = 0;
- while (keywords[i].name != NULL) {
- if (strcasecmp(keywords[i].name, val) == 0)
- break;
- i++;
- }
- return &keywords[i];
-}
-
-static int log_file_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- char *dir = NULL, *tdir;
- DIR *d;
- int fd, mode;
- struct stat buf;
-
- audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);
-
- /* get dir from name. */
- tdir = strdup(nv->value);
- if (tdir)
- dir = dirname(tdir);
- if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
- audit_msg(LOG_ERR,
- "The directory name: %s is too short - line %d",
- dir, line);
- free((void *)tdir);
- return 1;
- }
-
- /* verify the directory path exists */
- d = opendir(dir);
- if (d == NULL) {
- audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
- strerror(errno));
- free((void *)tdir);
- return 1;
- }
- free((void *)tdir);
- closedir(d);
-
- /* if the file exists, see that its regular, owned by root,
- * and not world anything */
- if (log_test == TEST_AUDITD)
- mode = O_APPEND;
- else
- mode = O_RDONLY;
-
- fd = open(nv->value, mode);
- if (fd < 0) {
- if (errno == ENOENT) {
- fd = create_log_file(nv->value);
- if (fd < 0)
- return 1;
- } else {
- audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value,
- strerror(errno));
- return 1;
- }
- }
- if (fstat(fd, &buf) < 0) {
- audit_msg(LOG_ERR, "Unable to stat %s (%s)",
- nv->value, strerror(errno));
- close(fd);
- return 1;
- }
- close(fd);
- if (!S_ISREG(buf.st_mode)) {
- audit_msg(LOG_ERR, "%s is not a regular file", nv->value);
- return 1;
- }
- if (buf.st_uid != 0) {
- audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
- return 1;
- }
- if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
- audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
- nv->value);
- return 1;
- }
- if ( !(buf.st_mode & S_IWUSR) ) {
- audit_msg(LOG_ERR, "audit log is not writable by owner");
- return 1;
- }
-
- free((void *)config->log_file);
- config->log_file = strdup(nv->value);
- if (config->log_file == NULL)
- return 1;
- return 0;
-}
-
-static int num_logs_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "num_logs_parser called with: %s", nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- if (i > 99) {
- audit_msg(LOG_ERR, "num_logs must be 99 or less");
- return 1;
- }
- config->num_logs = i;
- return 0;
-}
-
-static int qos_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "qos_parser called with: %s", nv->value);
- for (i=0; qos_options[i].name != NULL; i++) {
- if (strcasecmp(nv->value, qos_options[i].name) == 0) {
- config->qos = qos_options[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int dispatch_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- char *dir = NULL, *tdir;
- int fd;
- struct stat buf;
-
- audit_msg(LOG_DEBUG, "dispatch_parser called with: %s", nv->value);
- if (nv->value == NULL) {
- config->dispatcher = NULL;
- return 0;
- }
-
- /* get dir from name. */
- tdir = strdup(nv->value);
- if (tdir)
- dir = dirname(tdir);
- if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
- audit_msg(LOG_ERR,
- "The directory name: %s is too short - line %d",
- dir, line);
- free(tdir);
- return 1;
- }
-
- free((void *)tdir);
-
- /* Bypass the perms check if group is not root since
- * this will fail under normal circumstances */
- if ((config->log_group != 0 && getuid() != 0) ||
- (log_test == TEST_SEARCH))
- goto bypass;
-
- /* if the file exists, see that its regular, owned by root,
- * and not world anything */
- fd = open(nv->value, O_RDONLY);
- if (fd < 0) {
- audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value,
- strerror(errno));
- return 1;
- }
- if (fstat(fd, &buf) < 0) {
- audit_msg(LOG_ERR, "Unable to stat %s (%s)", nv->value,
- strerror(errno));
- close(fd);
- return 1;
- }
- close(fd);
- if (!S_ISREG(buf.st_mode)) {
- audit_msg(LOG_ERR, "%s is not a regular file", nv->value);
- return 1;
- }
- if (buf.st_uid != 0) {
- audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
- return 1;
- }
- if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRWXU|S_IRGRP|S_IXGRP) &&
- (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) {
- audit_msg(LOG_ERR, "%s permissions should be 0750 or 0755",
- nv->value);
- return 1;
- }
-bypass:
- free((void *)config->dispatcher);
- config->dispatcher = strdup(nv->value);
- if (config->dispatcher == NULL)
- return 1;
- return 0;
-}
-
-static int name_format_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "name_format_parser called with: %s", nv->value);
- for (i=0; node_name_formats[i].name != NULL; i++) {
- if (strcasecmp(nv->value, node_name_formats[i].name) == 0) {
- config->node_name_format = node_name_formats[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int name_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- audit_msg(LOG_DEBUG, "name_parser called with: %s", nv->value);
- if (nv->value == NULL)
- config->node_name = NULL;
- else
- config->node_name = strdup(nv->value);
- return 0;
-}
-
-static int max_log_size_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "max_log_size_parser called with: %s", nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- config->max_log_size = i;
- return 0;
-}
-
-static int max_log_size_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "max_log_size_action_parser called with: %s",
- nv->value);
- for (i=0; size_actions[i].name != NULL; i++) {
- if (strcasecmp(nv->value, size_actions[i].name) == 0) {
- config->max_log_size_action = size_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int log_format_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "log_format_parser called with: %s", nv->value);
- for (i=0; log_formats[i].name != NULL; i++) {
- if (strcasecmp(nv->value, log_formats[i].name) == 0) {
- config->log_format = log_formats[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int log_group_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- gid_t gid = 0;
-
- audit_msg(LOG_DEBUG, "log_group_parser called with: %s",
- nv->value);
- if (isdigit(nv->value[0])) {
- errno = 0;
- gid = strtoul(nv->value,NULL,10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Numeric group ID conversion error (%s) for %s - line %d\n",
- strerror(errno), nv->value, line);
- return 1;
- }
- } else {
- struct group *gr ;
-
- gr = getgrnam(nv->value);
- if (gr == NULL) {
- audit_msg(LOG_ERR,
- "Group ID is non-numeric and unknown (%s) - line %d\n",
- nv->value, line);
- return 1;
- }
- gid = gr->gr_gid;
- }
- config->log_group = gid;
- return 0;
-}
-
-static int flush_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "flush_parser called with: %s", nv->value);
- for (i=0; flush_techniques[i].name != NULL; i++) {
- if (strcasecmp(nv->value, flush_techniques[i].name) == 0) {
- config->flush = flush_techniques[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int freq_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "freq_parser called with: %s", nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range */
- if (i > INT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- config->freq = (unsigned int)i;
- return 0;
-}
-
-static int space_left_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "space_left_parser called with: %s", nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- config->space_left = i;
- return 0;
-}
-
-static int check_exe_name(const char *val, int line)
-{
- struct stat buf;
-
- if (val == NULL) {
- audit_msg(LOG_ERR, "Executable path needed for line %d", line);
- return -1;
- }
-
- if (*val != '/') {
- audit_msg(LOG_ERR, "Absolute path needed for %s - line %d",
- val, line);
- return -1;
- }
-
- if (stat(val, &buf) < 0) {
- audit_msg(LOG_ERR, "Unable to stat %s (%s) - line %d", val,
- strerror(errno), line);
- return -1;
- }
- if (!S_ISREG(buf.st_mode)) {
- audit_msg(LOG_ERR, "%s is not a regular file - line %d", val,
- line);
- return -1;
- }
- if (buf.st_uid != 0) {
- audit_msg(LOG_ERR, "%s is not owned by root - line %d", val,
- line);
- return -1;
- }
- if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRWXU|S_IRGRP|S_IXGRP) &&
- (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) {
- audit_msg(LOG_ERR,
- "%s permissions should be 0750 or 0755 - line %d",
- val, line);
- return -1;
- }
- return 0;
-}
-
-static int space_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "space_action_parser called with: %s", nv->value);
- for (i=0; failure_actions[i].name != NULL; i++) {
- if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option == FA_EMAIL) {
- if (access(email_command, X_OK)) {
- audit_msg(LOG_ERR,
- "Email option is specified but %s doesn't seem executable.",
- email_command);
- }
- } else if (failure_actions[i].option == FA_EXEC) {
- if (check_exe_name(nv->option, line))
- return 1;
- config->space_left_exe = strdup(nv->option);
- }
- config->space_left_action = failure_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-// returns 0 if OK, 1 on temp error, 2 on permanent error
-static int validate_email(const char *acct)
-{
- int i, len;
- char *ptr1;
-
- if (acct == NULL)
- return 2;
-
- len = strlen(acct);
- if (len < 2) {
- audit_msg(LOG_ERR,
- "email: %s is too short, expecting at least 2 characters",
- acct);
- return 2;
- }
-
- // look for illegal char
- for (i=0; i<len; i++) {
- if (! (isalnum(acct[i]) || (acct[i] == '@') ||
- (acct[i]=='.') || (acct[i]=='-') ||
- (acct[i] == '_')) ) {
- audit_msg(LOG_ERR, "email: %s has illegal character",
- acct);
- return 2;
- }
- }
-
- if ((ptr1 = strchr(acct, '@'))) {
- char *ptr2;
- struct hostent *t_addr;
-
- ptr2 = strrchr(acct, '.'); // get last dot - sb after @
- if ((ptr2 == NULL) || (ptr1 > ptr2)) {
- audit_msg(LOG_ERR, "email: %s should have . after @",
- acct);
- return 2;
- }
-
- t_addr = gethostbyname(ptr1+1);
- if (t_addr == 0) {
- if ((h_errno == HOST_NOT_FOUND) ||
- (h_errno == NO_RECOVERY)) {
- audit_msg(LOG_ERR,
- "validate_email: failed looking up host for %s",
- ptr1+1);
- // FIXME: gethostbyname is having trouble
- // telling when we have a temporary vs permanent
- // dns failure. So, for now, treat all as temp
- return 1;
- }
- else if (h_errno == TRY_AGAIN)
- audit_msg(LOG_DEBUG,
- "validate_email: temporary failure looking up domain for %s",
- ptr1+1);
- return 1;
- }
- }
- return 0;
-}
-
-static int action_mail_acct_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- char *tmail;
-
- audit_msg(LOG_DEBUG, "action_mail_acct_parser called with: %s",
- nv->value);
- tmail = strdup(nv->value);
- if (tmail == NULL)
- return 1;
-
- if (validate_email(tmail) > 1) {
- free(tmail);
- return 1;
- }
-
-
- if (config->action_mail_acct)
- free((void *)config->action_mail_acct);
- config->action_mail_acct = tmail;
- return 0;
-}
-
-static int admin_space_left_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "admin_space_left_parser called with: %s",
- nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned long */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- config->admin_space_left = i;
- return 0;
-}
-
-static int admin_space_left_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "admin_space_left_action_parser called with: %s",
- nv->value);
- for (i=0; failure_actions[i].name != NULL; i++) {
- if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option == FA_EMAIL) {
- if (access(email_command, X_OK)) {
- audit_msg(LOG_ERR,
- "Email option is specified but %s doesn't seem executable.",
- email_command);
- }
- } else if (failure_actions[i].option == FA_EXEC) {
- if (check_exe_name(nv->option, line))
- return 1;
- config->admin_space_left_exe =
- strdup(nv->option);
- }
- config->admin_space_left_action =
- failure_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int disk_full_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "disk_full_action_parser called with: %s",
- nv->value);
- for (i=0; failure_actions[i].name != NULL; i++) {
- if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option == FA_EMAIL) {
- audit_msg(LOG_ERR,
- "Illegal option %s for disk_full_action - line %d",
- nv->value, line);
- return 1;
- } else if (failure_actions[i].option == FA_EXEC) {
- if (check_exe_name(nv->option, line))
- return 1;
- config->disk_full_exe = strdup(nv->option);
- }
- config->disk_full_action = failure_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int disk_error_action_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- int i;
-
- audit_msg(LOG_DEBUG, "disk_error_action_parser called with: %s",
- nv->value);
- for (i=0; failure_actions[i].name != NULL; i++) {
- if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option == FA_EMAIL ||
- failure_actions[i].option == FA_ROTATE) {
- audit_msg(LOG_ERR,
- "Illegal option %s for disk_error_action - line %d",
- nv->value, line);
- return 1;
- } else if (failure_actions[i].option == FA_EXEC) {
- if (check_exe_name(nv->option, line))
- return 1;
- config->disk_error_exe = strdup(nv->option);
- }
- config->disk_error_action = failure_actions[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int priority_boost_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",
- nv->value);
-
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range */
- if (i > INT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- config->priority_boost = (unsigned int)i;
- return 0;
-}
-
-static int tcp_listen_port_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "tcp_listen_port_parser called with: %s",
- nv->value);
-
-#ifndef USE_LISTENER
- audit_msg(LOG_DEBUG,
- "Listener support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range */
- if (i > TCP_PORT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- if (i < 1) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too small - line %d",
- nv->value, line);
- return 1;
- }
- config->tcp_listen_port = (unsigned int)i;
- return 0;
-#endif
-}
-
-static int tcp_listen_queue_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s",
- nv->value);
-
-#ifndef USE_LISTENER
- audit_msg(LOG_DEBUG,
- "Listener support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range. While this value is technically
- unlimited, it's limited by the kernel, and we limit it here
- for sanity. */
- if (i > TCP_PORT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- if (i < 1) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too small - line %d",
- nv->value, line);
- return 1;
- }
- config->tcp_listen_queue = (unsigned int)i;
- return 0;
-#endif
-}
-
-
-static int tcp_max_per_addr_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "tcp_max_per_addr_parser called with: %s",
- nv->value);
-
-#ifndef USE_LISTENER
- audit_msg(LOG_DEBUG,
- "Listener support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range. While this value is technically
- unlimited, it's limited by the kernel, and we limit it here
- for sanity. */
- if (i > 1024) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- if (i < 1) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too small - line %d",
- nv->value, line);
- return 1;
- }
- config->tcp_max_per_addr = (unsigned int)i;
- return 0;
-#endif
-}
-
-static int use_libwrap_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "use_libwrap_parser called with: %s",
- nv->value);
-
- for (i=0; yes_no_values[i].name != NULL; i++) {
- if (strcasecmp(nv->value, yes_no_values[i].name) == 0) {
- config->use_libwrap = yes_no_values[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-}
-
-static int tcp_client_ports_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i, minv, maxv;
- const char *saw_dash = NULL;
-
- audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s",
- nv->value);
-
-#ifndef USE_LISTENER
- audit_msg(LOG_DEBUG,
- "Listener support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- /* check that all chars are numbers, with an optional inclusive '-'. */
- for (i=0; ptr[i]; i++) {
- if (i > 0 && ptr[i] == '-' && ptr[i+1] != '\0') {
- saw_dash = ptr + i;
- continue;
- }
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers, or "
- "two numbers separated by a dash - line %d",
- nv->value, line);
- return 1;
- }
- }
- for (; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers, or "
- "two numbers separated by a dash - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- maxv = minv = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- if (saw_dash) {
- maxv = strtoul(saw_dash + 1, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- }
- /* Check their ranges. */
- if (minv > TCP_PORT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%ld) is too large - line %d",
- minv, line);
- return 1;
- }
- if (maxv > TCP_PORT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%ld) is too large - line %d",
- maxv, line);
- return 1;
- }
- if (minv > maxv) {
- audit_msg(LOG_ERR,
- "Error - converted range (%ld-%ld) is reversed - line %d",
- minv, maxv, line);
- return 1;
- }
- config->tcp_client_min_port = (unsigned int)minv;
- config->tcp_client_max_port = (unsigned int)maxv;
- return 0;
-#endif
-}
-
-static int tcp_client_max_idle_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- const char *ptr = nv->value;
- unsigned long i;
-
- audit_msg(LOG_DEBUG, "tcp_client_max_idle_parser called with: %s",
- nv->value);
-
-#ifndef USE_LISTENER
- audit_msg(LOG_DEBUG,
- "Listener support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- /* check that all chars are numbers */
- for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
- audit_msg(LOG_ERR,
- "Value %s should only be numbers - line %d",
- nv->value, line);
- return 1;
- }
- }
-
- /* convert to unsigned int */
- errno = 0;
- i = strtoul(nv->value, NULL, 10);
- if (errno) {
- audit_msg(LOG_ERR,
- "Error converting string to a number (%s) - line %d",
- strerror(errno), line);
- return 1;
- }
- /* Check its range. While this value is technically
- unlimited, it's limited by the kernel, and we limit it here
- for sanity. */
- if (i > INT_MAX) {
- audit_msg(LOG_ERR,
- "Error - converted number (%s) is too large - line %d",
- nv->value, line);
- return 1;
- }
- config->tcp_client_max_idle = (unsigned int)i;
- return 0;
-#endif
-}
-
-static int enable_krb5_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- audit_msg(LOG_DEBUG, "enable_krb5_parser called with: %s",
- nv->value);
-
-#ifndef USE_GSSAPI
- audit_msg(LOG_DEBUG,
- "GSSAPI support is not enabled, ignoring value at line %d",
- line);
- return 0;
-#else
- unsigned long i;
-
- for (i=0; yes_no_values[i].name != NULL; i++) {
- if (strcasecmp(nv->value, yes_no_values[i].name) == 0) {
- config->enable_krb5 = yes_no_values[i].option;
- return 0;
- }
- }
- audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
- return 1;
-#endif
-}
-
-static int krb5_principal_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- audit_msg(LOG_DEBUG,"krb5_principal_parser called with: %s",nv->value);
-#ifndef USE_GSSAPI
- audit_msg(LOG_DEBUG,
- "GSSAPI support is not enabled, ignoring value at line %d",
- line);
-#else
- config->krb5_principal = strdup(nv->value);
-#endif
- return 0;
-}
-
-static int krb5_key_file_parser(struct nv_pair *nv, int line,
- struct daemon_conf *config)
-{
- audit_msg(LOG_DEBUG, "krb5_key_file_parser called with: %s", nv->value);
-#ifndef USE_GSSAPI
- audit_msg(LOG_DEBUG,
- "GSSAPI support is not enabled, ignoring value at line %d",
- line);
-#else
- config->krb5_key_file = strdup(nv->value);
-#endif
- return 0;
-}
-
-/*
- * This function is where we do the integrated check of the audit config
- * options. At this point, all fields have been read. Returns 0 if no
- * problems and 1 if problems detected.
- */
-static int sanity_check(struct daemon_conf *config)
-{
- /* Error checking */
- if (config->space_left <= config->admin_space_left) {
- audit_msg(LOG_ERR,
- "Error - space_left(%lu) must be larger than admin_space_left(%lu)",
- config->space_left, config->admin_space_left);
- return 1;
- }
- if (config->flush == FT_INCREMENTAL && config->freq == 0) {
- audit_msg(LOG_ERR,
- "Error - incremental flushing chosen, but 0 selected for freq");
- return 1;
- }
- /* Warnings */
- if (config->flush > FT_INCREMENTAL && config->freq != 0) {
- audit_msg(LOG_WARNING,
- "Warning - freq is non-zero and incremental flushing not selected.");
- }
- return 0;
-}
-
-const char *audit_lookup_format(int fmt)
-{
- int i;
-
- for (i=0; log_formats[i].name != NULL; i++) {
- if (log_formats[i].option == fmt)
- return log_formats[i].name;
- }
- return NULL;
-}
-
-int create_log_file(const char *val)
-{
- int fd;
-
- umask(S_IRWXO);
- fd = open(val, O_CREAT|O_EXCL|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
- if (fd < 0)
- audit_msg(LOG_ERR, "Unable to create %s (%s)", val,
- strerror(errno));
- return fd;
-}
-
-void free_config(struct daemon_conf *config)
-{
- free((void *)config->sender_ctx);
- free((void *)config->log_file);
- free((void *)config->dispatcher);
- free((void *)config->node_name);
- free((void *)config->action_mail_acct);
- free((void *)config->space_left_exe);
- free((void *)config->admin_space_left_exe);
- free((void *)config->disk_full_exe);
- free((void *)config->disk_error_exe);
- free((void *)config->krb5_principal);
- free((void *)config->krb5_key_file);
-}
-
-int resolve_node(struct daemon_conf *config)
-{
- int rc = 0;
- char tmp_name[255];
-
- /* Get the host name representation */
- switch (config->node_name_format)
- {
- case N_NONE:
- break;
- case N_HOSTNAME:
- if (gethostname(tmp_name, sizeof(tmp_name))) {
- audit_msg(LOG_ERR,
- "Unable to get machine name");
- rc = -1;
- } else
- config->node_name = strdup(tmp_name);
- break;
- case N_USER:
- if (config->node_name == NULL) {
- audit_msg(LOG_ERR, "User defined name missing");
- rc = -1;
- }
- break;
- case N_FQD:
- if (gethostname(tmp_name, sizeof(tmp_name))) {
- audit_msg(LOG_ERR,
- "Unable to get machine name");
- rc = -1;
- } else {
- int rc2;
- struct addrinfo *ai;
- struct addrinfo hints;
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
- hints.ai_socktype = SOCK_STREAM;
-
- rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai);
- if (rc2 != 0) {
- audit_msg(LOG_ERR,
- "Cannot resolve hostname %s (%s)",
- tmp_name, gai_strerror(rc));
- rc = -1;
- break;
- }
- config->node_name = strdup(ai->ai_canonname);
- freeaddrinfo(ai);
- }
- break;
- case N_NUMERIC:
- if (gethostname(tmp_name, sizeof(tmp_name))) {
- audit_msg(LOG_ERR,
- "Unable to get machine name");
- rc = -1;
- } else {
- int rc2;
- struct addrinfo *ai;
- struct addrinfo hints;
-
- audit_msg(LOG_DEBUG,
- "Resolving numeric address for %s",
- tmp_name);
- memset(&hints, 0, sizeof(hints));
- hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;
- hints.ai_socktype = SOCK_STREAM;
-
- rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai);
- if (rc2) {
- audit_msg(LOG_ERR,
- "Cannot resolve hostname %s (%s)",
- tmp_name, gai_strerror(rc2));
- rc = -1;
- break;
- }
- inet_ntop(ai->ai_family,
- ai->ai_family == AF_INET ?
- (void *) &((struct sockaddr_in *)ai->ai_addr)->sin_addr :
- (void *) &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
- tmp_name, INET6_ADDRSTRLEN);
- freeaddrinfo(ai);
- config->node_name = strdup(tmp_name);
- }
- break;
- }
- if (rc == 0 && config->node_name)
- audit_msg(LOG_DEBUG, "Resolved node name: %s",
- config->node_name);
- return rc;
-}
-