1 /* audispd-pconfig.c --
2 * Copyright 2007,2010 Red Hat Inc., Durham, North Carolina.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Steve Grubb <sgrubb@redhat.com>
33 #include "audispd-pconfig.h"
36 /* Local prototypes */
47 int (*parser)(struct nv_pair *, int, plugin_conf_t *);
57 static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
59 static int nv_split(char *buf, struct nv_pair *nv);
60 static const struct kw_pair *kw_lookup(const char *val);
61 static int active_parser(struct nv_pair *nv, int line,
62 plugin_conf_t *config);
63 static int direction_parser(struct nv_pair *nv, int line,
64 plugin_conf_t *config);
65 static int path_parser(struct nv_pair *nv, int line,
66 plugin_conf_t *config);
67 static int service_type_parser(struct nv_pair *nv, int line,
68 plugin_conf_t *config);
69 static int args_parser(struct nv_pair *nv, int line,
70 plugin_conf_t *config);
71 static int format_parser(struct nv_pair *nv, int line,
72 plugin_conf_t *config);
73 static int sanity_check(plugin_conf_t *config, const char *file);
75 static const struct kw_pair keywords[] =
77 {"active", active_parser, 0 },
78 {"direction", direction_parser, 0 },
79 {"path", path_parser, 0 },
80 {"type", service_type_parser, 0 },
81 {"args", args_parser, 2 },
82 {"format", format_parser, 0 },
86 static const struct nv_list active[] =
93 static const struct nv_list directions[] =
95 // {"in", D_IN }, FIXME: not supported yet
100 static const struct nv_list service_type[] =
102 {"builtin", S_BUILTIN },
103 {"always", S_ALWAYS },
107 static const struct nv_list formats[] =
109 {"binary", F_BINARY },
110 {"string", F_STRING },
115 * Set everything to its default value
117 void clear_pconfig(plugin_conf_t *config)
121 config->active = A_NO;
122 config->direction = D_UNSET;
124 config->type = S_ALWAYS;
125 for (i=0; i< (MAX_PLUGIN_ARGS + 2); i++)
126 config->args[i] = NULL;
127 config->format = F_STRING;
128 config->plug_pipe[0] = -1;
129 config->plug_pipe[1] = -1;
134 config->restart_cnt = 0;
137 int load_pconfig(plugin_conf_t *config, char *file)
139 int fd, rc, mode, lineno = 1;
144 clear_pconfig(config);
148 rc = open(file, mode);
150 if (errno != ENOENT) {
151 audit_msg(LOG_ERR, "Error opening %s (%s)", file,
155 audit_msg(LOG_WARNING,
156 "Config file %s doesn't exist, skipping", file);
161 /* check the file's permissions: owned by root, not world writable,
164 if (fstat(fd, &st) < 0) {
165 audit_msg(LOG_ERR, "Error fstat'ing config file (%s)",
170 if (st.st_uid != 0) {
171 audit_msg(LOG_ERR, "Error - %s isn't owned by root",
176 if ((st.st_mode & S_IWOTH) == S_IWOTH) {
177 audit_msg(LOG_ERR, "Error - %s is world writable",
182 if (!S_ISREG(st.st_mode)) {
183 audit_msg(LOG_ERR, "Error - %s is not a regular file",
189 /* it's ok, read line by line */
190 f = fdopen(fd, "rm");
192 audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
198 while (get_line(f, buf, sizeof(buf), &lineno, file)) {
199 // convert line into name-value pair
200 const struct kw_pair *kw;
202 rc = nv_split(buf, &nv);
206 case 1: // not the right number of tokens.
208 "Wrong number of arguments for line %d in %s",
211 case 2: // no '=' sign
213 "Missing equal sign for line %d in %s",
216 default: // something else went wrong...
218 "Unknown error for line %d in %s",
222 if (nv.name == NULL) {
226 if (nv.value == NULL) {
231 /* identify keyword or error */
232 kw = kw_lookup(nv.name);
233 if (kw->name == NULL) {
235 "Unknown keyword \"%s\" in line %d of %s",
236 nv.name, lineno, file);
241 /* Check number of options */
242 if (kw->max_options == 0 && nv.option != NULL) {
244 "Keyword \"%s\" has invalid option "
245 "\"%s\" in line %d of %s",
246 nv.name, nv.option, lineno, file);
251 /* dispatch to keyword's local parser */
252 rc = kw->parser(&nv, lineno, config);
255 return 1; // local parser puts message out
262 config->name = strdup(basename(file));
264 return sanity_check(config, file);
268 static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
273 if (fgets_unlocked(buf, size, f)) {
275 char *ptr = strchr(buf, 0x0a);
281 // Reset and start with the next line
283 *lineno = *lineno + 1;
285 // If a line is too long skip it.
286 // Only output 1 warning
289 "Skipping line %d in %s: too long",
297 static int nv_split(char *buf, struct nv_pair *nv)
299 /* Get the name part */
300 char *ptr, *saved = NULL;
305 ptr = strtok_r(buf, " ", &saved);
307 return 0; /* If there's nothing, go to next line */
309 return 0; /* If there's a comment, go to next line */
312 /* Check for a '=' */
313 ptr = strtok_r(NULL, " ", &saved);
316 if (strcmp(ptr, "=") != 0)
320 ptr = strtok_r(NULL, " ", &saved);
325 /* See if there's an option */
326 ptr = strtok_r(NULL, " ", &saved);
330 /* Make sure there's nothing else */
331 ptr = strtok_r(NULL, " ", &saved);
336 /* Everything is OK */
340 static const struct kw_pair *kw_lookup(const char *val)
343 while (keywords[i].name != NULL) {
344 if (strcasecmp(keywords[i].name, val) == 0)
351 static int active_parser(struct nv_pair *nv, int line,
352 plugin_conf_t *config)
356 for (i=0; active[i].name != NULL; i++) {
357 if (strcasecmp(nv->value, active[i].name) == 0) {
358 config->active = active[i].option;
362 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
366 static int direction_parser(struct nv_pair *nv, int line,
367 plugin_conf_t *config)
371 for (i=0; directions[i].name != NULL; i++) {
372 if (strcasecmp(nv->value, directions[i].name) == 0) {
373 config->direction = directions[i].option;
377 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
381 static int path_parser(struct nv_pair *nv, int line,
382 plugin_conf_t *config)
384 char *dir = NULL, *tdir;
387 if (nv->value == NULL) {
392 if (strncasecmp(nv->value, "builtin_", 8) == 0) {
393 config->path = strdup(nv->value);
397 /* get dir form name. */
398 tdir = strdup(nv->value);
401 if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
403 "The directory name: %s is too short - line %d",
410 /* If the file exists, see that its regular, owned by root,
411 * and not world anything */
412 if (stat(nv->value, &buf) < 0) {
413 audit_msg(LOG_ERR, "Unable to stat %s (%s)", nv->value,
417 if (!S_ISREG(buf.st_mode)) {
418 audit_msg(LOG_ERR, "%s is not a regular file", nv->value);
421 if (buf.st_uid != 0) {
422 audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
425 if ((buf.st_mode & (S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP)) !=
426 (S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP)) {
427 audit_msg(LOG_ERR, "%s permissions should be 0750", nv->value);
430 free((void *)config->path);
431 config->path = strdup(nv->value);
432 config->inode = buf.st_ino;
433 if (config->path == NULL)
438 static int service_type_parser(struct nv_pair *nv, int line,
439 plugin_conf_t *config)
443 for (i=0; service_type[i].name != NULL; i++) {
444 if (strcasecmp(nv->value, service_type[i].name) == 0) {
445 config->type = service_type[i].option;
449 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
453 static int args_parser(struct nv_pair *nv, int line,
454 plugin_conf_t *config)
458 for (i=0; i < (MAX_PLUGIN_ARGS + 2); i++) {
459 free((void *)config->args[i]);
460 config->args[i] = NULL;
463 config->args[1] = strdup(nv->value);
465 config->args[2] = strdup(nv->option);
469 static int format_parser(struct nv_pair *nv, int line,
470 plugin_conf_t *config)
474 for (i=0; formats[i].name != NULL; i++) {
475 if (strcasecmp(nv->value, formats[i].name) == 0) {
476 config->format = formats[i].option;
480 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
485 * This function is where we do the integrated check of the audispd config
486 * options. At this point, all fields have been read. Returns 0 if no
487 * problems and 1 if problems detected.
489 static int sanity_check(plugin_conf_t *config, const char *file)
492 if (config->active == A_YES && config->path == NULL) {
494 "Error - plugin (%s) is active but no path given", file);
500 void free_pconfig(plugin_conf_t *config)
507 for (i=0; i < (MAX_PLUGIN_ARGS + 2); i++)
508 free(config->args[i]);
509 if (config->plug_pipe[0] >= 0)
510 close(config->plug_pipe[0]);
511 if (config->plug_pipe[1] >= 0)
512 close(config->plug_pipe[1]);
513 free((void *)config->path);
514 free((void *)config->name);