2 * Copyright 2004-2011,2013-14 Red Hat Inc., Durham, North Carolina.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Steve Grubb <sgrubb@redhat.com>
34 #include <fcntl.h> /* O_NOFOLLOW needs gnu defined */
36 #include <arpa/inet.h>
37 #include <limits.h> /* INT_MAX */
38 #include "auditd-config.h"
42 #define TCP_PORT_MAX 65535
44 /* Local prototypes */
55 int (*parser)(struct nv_pair *, int, struct daemon_conf *);
65 static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
67 static int nv_split(char *buf, struct nv_pair *nv);
68 static const struct kw_pair *kw_lookup(const char *val);
69 static int log_file_parser(struct nv_pair *nv, int line,
70 struct daemon_conf *config);
71 static int num_logs_parser(struct nv_pair *nv, int line,
72 struct daemon_conf *config);
73 static int log_group_parser(struct nv_pair *nv, int line,
74 struct daemon_conf *config);
75 static int qos_parser(struct nv_pair *nv, int line,
76 struct daemon_conf *config);
77 static int dispatch_parser(struct nv_pair *nv, int line,
78 struct daemon_conf *config);
79 static int name_format_parser(struct nv_pair *nv, int line,
80 struct daemon_conf *config);
81 static int name_parser(struct nv_pair *nv, int line,
82 struct daemon_conf *config);
83 static int max_log_size_parser(struct nv_pair *nv, int line,
84 struct daemon_conf *config);
85 static int max_log_size_action_parser(struct nv_pair *nv, int line,
86 struct daemon_conf *config);
87 static int log_format_parser(struct nv_pair *nv, int line,
88 struct daemon_conf *config);
89 static int flush_parser(struct nv_pair *nv, int line,
90 struct daemon_conf *config);
91 static int freq_parser(struct nv_pair *nv, int line,
92 struct daemon_conf *config);
93 static int space_left_parser(struct nv_pair *nv, int line,
94 struct daemon_conf *config);
95 static int space_action_parser(struct nv_pair *nv, int line,
96 struct daemon_conf *config);
97 static int action_mail_acct_parser(struct nv_pair *nv, int line,
98 struct daemon_conf *config);
99 static int admin_space_left_parser(struct nv_pair *nv, int line,
100 struct daemon_conf *config);
101 static int admin_space_left_action_parser(struct nv_pair *nv, int line,
102 struct daemon_conf *config);
103 static int disk_full_action_parser(struct nv_pair *nv, int line,
104 struct daemon_conf *config);
105 static int disk_error_action_parser(struct nv_pair *nv, int line,
106 struct daemon_conf *config);
107 static int priority_boost_parser(struct nv_pair *nv, int line,
108 struct daemon_conf *config);
109 static int tcp_listen_port_parser(struct nv_pair *nv, int line,
110 struct daemon_conf *config);
111 static int tcp_listen_queue_parser(struct nv_pair *nv, int line,
112 struct daemon_conf *config);
113 static int tcp_max_per_addr_parser(struct nv_pair *nv, int line,
114 struct daemon_conf *config);
115 static int use_libwrap_parser(struct nv_pair *nv, int line,
116 struct daemon_conf *config);
117 static int tcp_client_ports_parser(struct nv_pair *nv, int line,
118 struct daemon_conf *config);
119 static int tcp_client_max_idle_parser(struct nv_pair *nv, int line,
120 struct daemon_conf *config);
121 static int enable_krb5_parser(struct nv_pair *nv, int line,
122 struct daemon_conf *config);
123 static int krb5_principal_parser(struct nv_pair *nv, int line,
124 struct daemon_conf *config);
125 static int krb5_key_file_parser(struct nv_pair *nv, int line,
126 struct daemon_conf *config);
127 static int sanity_check(struct daemon_conf *config);
129 static const struct kw_pair keywords[] =
131 {"log_file", log_file_parser, 0 },
132 {"log_format", log_format_parser, 0 },
133 {"log_group", log_group_parser, 0 },
134 {"flush", flush_parser, 0 },
135 {"freq", freq_parser, 0 },
136 {"num_logs", num_logs_parser, 0 },
137 {"dispatcher", dispatch_parser, 0 },
138 {"name_format", name_format_parser, 0 },
139 {"name", name_parser, 0 },
140 {"disp_qos", qos_parser, 0 },
141 {"max_log_file", max_log_size_parser, 0 },
142 {"max_log_file_action", max_log_size_action_parser, 0 },
143 {"space_left", space_left_parser, 0 },
144 {"space_left_action", space_action_parser, 1 },
145 {"action_mail_acct", action_mail_acct_parser, 0 },
146 {"admin_space_left", admin_space_left_parser, 0 },
147 {"admin_space_left_action", admin_space_left_action_parser, 1 },
148 {"disk_full_action", disk_full_action_parser, 1 },
149 {"disk_error_action", disk_error_action_parser, 1 },
150 {"priority_boost", priority_boost_parser, 0 },
151 {"tcp_listen_port", tcp_listen_port_parser, 0 },
152 {"tcp_listen_queue", tcp_listen_queue_parser, 0 },
153 {"tcp_max_per_addr", tcp_max_per_addr_parser, 0 },
154 {"use_libwrap", use_libwrap_parser, 0 },
155 {"tcp_client_ports", tcp_client_ports_parser, 0 },
156 {"tcp_client_max_idle", tcp_client_max_idle_parser, 0 },
157 {"enable_krb5", enable_krb5_parser, 0 },
158 {"krb5_principal", krb5_principal_parser, 0 },
159 {"krb5_key_file", krb5_key_file_parser, 0 },
163 static const struct nv_list log_formats[] =
166 {"nolog", LF_NOLOG },
170 static const struct nv_list flush_techniques[] =
173 {"incremental", FT_INCREMENTAL },
179 static const struct nv_list failure_actions[] =
181 {"ignore", FA_IGNORE },
182 {"syslog", FA_SYSLOG },
183 {"rotate", FA_ROTATE },
184 {"email", FA_EMAIL },
186 {"suspend", FA_SUSPEND },
187 {"single", FA_SINGLE },
192 // Future ideas: e-mail, run command
193 static const struct nv_list size_actions[] =
195 {"ignore", SZ_IGNORE },
196 {"syslog", SZ_SYSLOG },
197 {"suspend", SZ_SUSPEND },
198 {"rotate", SZ_ROTATE },
199 {"keep_logs", SZ_KEEP_LOGS},
203 static const struct nv_list qos_options[] =
205 {"lossy", QOS_NON_BLOCKING },
206 {"lossless", QOS_BLOCKING },
210 static const struct nv_list node_name_formats[] =
213 {"hostname", N_HOSTNAME },
215 {"numeric", N_NUMERIC },
220 static const struct nv_list yes_no_values[] =
227 const char *email_command = "/usr/lib/sendmail";
228 static int allow_links = 0;
231 void set_allow_links(int allow)
237 * Set everything to its default value
239 void clear_config(struct daemon_conf *config)
241 config->qos = QOS_NON_BLOCKING;
242 config->sender_uid = 0;
243 config->sender_pid = 0;
244 config->sender_ctx = NULL;
245 config->log_file = strdup("/var/log/audit/audit.log");
246 config->log_format = LF_RAW;
247 config->log_group = 0;
248 config->priority_boost = 4;
249 config->flush = FT_NONE;
251 config->num_logs = 0L;
252 config->dispatcher = NULL;
253 config->node_name_format = N_NONE;
254 config->node_name = NULL;
255 config->max_log_size = 0L;
256 config->max_log_size_action = SZ_IGNORE;
257 config->space_left = 0L;
258 config->space_left_action = FA_IGNORE;
259 config->space_left_exe = NULL;
260 config->action_mail_acct = strdup("root");
261 config->admin_space_left= 0L;
262 config->admin_space_left_action = FA_IGNORE;
263 config->admin_space_left_exe = NULL;
264 config->disk_full_action = FA_IGNORE;
265 config->disk_full_exe = NULL;
266 config->disk_error_action = FA_SYSLOG;
267 config->disk_error_exe = NULL;
268 config->tcp_listen_port = 0;
269 config->tcp_listen_queue = 5;
270 config->tcp_max_per_addr = 1;
271 config->use_libwrap = 1;
272 config->tcp_client_min_port = 0;
273 config->tcp_client_max_port = TCP_PORT_MAX;
274 config->tcp_client_max_idle = 0;
275 config->enable_krb5 = 0;
276 config->krb5_principal = NULL;
277 config->krb5_key_file = NULL;
280 static log_test_t log_test = TEST_AUDITD;
281 int load_config(struct daemon_conf *config, log_test_t lt)
283 int fd, rc, mode, lineno = 1;
288 clear_config(config);
293 if (allow_links == 0)
295 rc = open(CONFIG_FILE, mode);
297 if (errno != ENOENT) {
298 audit_msg(LOG_ERR, "Error opening config file (%s)",
302 audit_msg(LOG_WARNING,
303 "Config file %s doesn't exist, skipping", CONFIG_FILE);
308 /* check the file's permissions: owned by root, not world writable,
311 audit_msg(LOG_DEBUG, "Config file %s opened for parsing",
313 if (fstat(fd, &st) < 0) {
314 audit_msg(LOG_ERR, "Error fstat'ing config file (%s)",
319 if (st.st_uid != 0) {
320 audit_msg(LOG_ERR, "Error - %s isn't owned by root",
325 if ((st.st_mode & S_IWOTH) == S_IWOTH) {
326 audit_msg(LOG_ERR, "Error - %s is world writable",
331 if (!S_ISREG(st.st_mode)) {
332 audit_msg(LOG_ERR, "Error - %s is not a regular file",
338 /* it's ok, read line by line */
339 f = fdopen(fd, "rm");
341 audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
347 while (get_line(f, buf, sizeof(buf), &lineno, CONFIG_FILE)) {
348 // convert line into name-value pair
349 const struct kw_pair *kw;
351 rc = nv_split(buf, &nv);
355 case 1: // not the right number of tokens.
357 "Wrong number of arguments for line %d in %s",
358 lineno, CONFIG_FILE);
360 case 2: // no '=' sign
362 "Missing equal sign for line %d in %s",
363 lineno, CONFIG_FILE);
365 default: // something else went wrong...
367 "Unknown error for line %d in %s",
368 lineno, CONFIG_FILE);
371 if (nv.name == NULL) {
375 if (nv.value == NULL) {
378 "Not processing any more lines in %s",
383 /* identify keyword or error */
384 kw = kw_lookup(nv.name);
385 if (kw->name == NULL) {
387 "Unknown keyword \"%s\" in line %d of %s",
388 nv.name, lineno, CONFIG_FILE);
393 /* Check number of options */
394 if (kw->max_options == 0 && nv.option != NULL) {
396 "Keyword \"%s\" has invalid option "
397 "\"%s\" in line %d of %s",
398 nv.name, nv.option, lineno, CONFIG_FILE);
403 /* dispatch to keyword's local parser */
404 rc = kw->parser(&nv, lineno, config);
407 return 1; // local parser puts message out
415 return sanity_check(config);
419 static char *get_line(FILE *f, char *buf, unsigned size, int *lineno,
424 while (fgets_unlocked(buf, size, f)) {
426 char *ptr = strchr(buf, 0x0a);
432 // Reset and start with the next line
434 *lineno = *lineno + 1;
436 // If a line is too long skip it.
437 // Only output 1 warning
440 "Skipping line %d in %s: too long",
448 static int nv_split(char *buf, struct nv_pair *nv)
450 /* Get the name part */
456 ptr = audit_strsplit(buf);
458 return 0; /* If there's nothing, go to next line */
460 return 0; /* If there's a comment, go to next line */
463 /* Check for a '=' */
464 ptr = audit_strsplit(NULL);
467 if (strcmp(ptr, "=") != 0)
471 ptr = audit_strsplit(NULL);
476 /* See if there's an option */
477 ptr = audit_strsplit(NULL);
481 /* Make sure there's nothing else */
482 ptr = audit_strsplit(NULL);
487 /* Everything is OK */
491 static const struct kw_pair *kw_lookup(const char *val)
494 while (keywords[i].name != NULL) {
495 if (strcasecmp(keywords[i].name, val) == 0)
502 static int log_file_parser(struct nv_pair *nv, int line,
503 struct daemon_conf *config)
505 char *dir = NULL, *tdir;
510 audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);
512 /* get dir from name. */
513 tdir = strdup(nv->value);
516 if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
518 "The directory name: %s is too short - line %d",
524 /* verify the directory path exists */
527 audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
535 /* if the file exists, see that its regular, owned by root,
536 * and not world anything */
537 if (log_test == TEST_AUDITD)
542 fd = open(nv->value, mode);
544 if (errno == ENOENT) {
545 fd = create_log_file(nv->value);
549 audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value,
554 if (fstat(fd, &buf) < 0) {
555 audit_msg(LOG_ERR, "Unable to stat %s (%s)",
556 nv->value, strerror(errno));
561 if (!S_ISREG(buf.st_mode)) {
562 audit_msg(LOG_ERR, "%s is not a regular file", nv->value);
565 if (buf.st_uid != 0) {
566 audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
569 if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
570 audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
574 if ( !(buf.st_mode & S_IWUSR) ) {
575 audit_msg(LOG_ERR, "audit log is not writable by owner");
579 free((void *)config->log_file);
580 config->log_file = strdup(nv->value);
581 if (config->log_file == NULL)
586 static int num_logs_parser(struct nv_pair *nv, int line,
587 struct daemon_conf *config)
589 const char *ptr = nv->value;
592 audit_msg(LOG_DEBUG, "num_logs_parser called with: %s", nv->value);
594 /* check that all chars are numbers */
595 for (i=0; ptr[i]; i++) {
596 if (!isdigit(ptr[i])) {
598 "Value %s should only be numbers - line %d",
604 /* convert to unsigned long */
606 i = strtoul(nv->value, NULL, 10);
609 "Error converting string to a number (%s) - line %d",
610 strerror(errno), line);
614 audit_msg(LOG_ERR, "num_logs must be 99 or less");
617 config->num_logs = i;
621 static int qos_parser(struct nv_pair *nv, int line,
622 struct daemon_conf *config)
626 audit_msg(LOG_DEBUG, "qos_parser called with: %s", nv->value);
627 for (i=0; qos_options[i].name != NULL; i++) {
628 if (strcasecmp(nv->value, qos_options[i].name) == 0) {
629 config->qos = qos_options[i].option;
633 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
637 static int dispatch_parser(struct nv_pair *nv, int line,
638 struct daemon_conf *config)
640 char *dir = NULL, *tdir;
644 audit_msg(LOG_DEBUG, "dispatch_parser called with: %s", nv->value);
645 if (nv->value == NULL) {
646 config->dispatcher = NULL;
650 /* get dir from name. */
651 tdir = strdup(nv->value);
654 if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
656 "The directory name: %s is too short - line %d",
664 /* Bypass the perms check if group is not root since
665 * this will fail under normal circumstances */
666 if ((config->log_group != 0 && getuid() != 0) ||
667 (log_test == TEST_SEARCH))
670 /* if the file exists, see that its regular, owned by root,
671 * and not world anything */
672 fd = open(nv->value, O_RDONLY);
674 audit_msg(LOG_ERR, "Unable to open %s (%s)", nv->value,
678 if (fstat(fd, &buf) < 0) {
679 audit_msg(LOG_ERR, "Unable to stat %s (%s)", nv->value,
685 if (!S_ISREG(buf.st_mode)) {
686 audit_msg(LOG_ERR, "%s is not a regular file", nv->value);
689 if (buf.st_uid != 0) {
690 audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
693 if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
694 (S_IRWXU|S_IRGRP|S_IXGRP) &&
695 (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
696 (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) {
697 audit_msg(LOG_ERR, "%s permissions should be 0750 or 0755",
702 free((void *)config->dispatcher);
703 config->dispatcher = strdup(nv->value);
704 if (config->dispatcher == NULL)
709 static int name_format_parser(struct nv_pair *nv, int line,
710 struct daemon_conf *config)
714 audit_msg(LOG_DEBUG, "name_format_parser called with: %s", nv->value);
715 for (i=0; node_name_formats[i].name != NULL; i++) {
716 if (strcasecmp(nv->value, node_name_formats[i].name) == 0) {
717 config->node_name_format = node_name_formats[i].option;
721 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
725 static int name_parser(struct nv_pair *nv, int line,
726 struct daemon_conf *config)
728 audit_msg(LOG_DEBUG, "name_parser called with: %s", nv->value);
729 if (nv->value == NULL)
730 config->node_name = NULL;
732 config->node_name = strdup(nv->value);
736 static int max_log_size_parser(struct nv_pair *nv, int line,
737 struct daemon_conf *config)
739 const char *ptr = nv->value;
742 audit_msg(LOG_DEBUG, "max_log_size_parser called with: %s", nv->value);
744 /* check that all chars are numbers */
745 for (i=0; ptr[i]; i++) {
746 if (!isdigit(ptr[i])) {
748 "Value %s should only be numbers - line %d",
754 /* convert to unsigned long */
756 i = strtoul(nv->value, NULL, 10);
759 "Error converting string to a number (%s) - line %d",
760 strerror(errno), line);
763 config->max_log_size = i;
767 static int max_log_size_action_parser(struct nv_pair *nv, int line,
768 struct daemon_conf *config)
772 audit_msg(LOG_DEBUG, "max_log_size_action_parser called with: %s",
774 for (i=0; size_actions[i].name != NULL; i++) {
775 if (strcasecmp(nv->value, size_actions[i].name) == 0) {
776 config->max_log_size_action = size_actions[i].option;
780 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
784 static int log_format_parser(struct nv_pair *nv, int line,
785 struct daemon_conf *config)
789 audit_msg(LOG_DEBUG, "log_format_parser called with: %s", nv->value);
790 for (i=0; log_formats[i].name != NULL; i++) {
791 if (strcasecmp(nv->value, log_formats[i].name) == 0) {
792 config->log_format = log_formats[i].option;
796 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
800 static int log_group_parser(struct nv_pair *nv, int line,
801 struct daemon_conf *config)
805 audit_msg(LOG_DEBUG, "log_group_parser called with: %s",
807 if (isdigit(nv->value[0])) {
809 gid = strtoul(nv->value,NULL,10);
812 "Numeric group ID conversion error (%s) for %s - line %d\n",
813 strerror(errno), nv->value, line);
819 gr = getgrnam(nv->value);
822 "Group ID is non-numeric and unknown (%s) - line %d\n",
828 config->log_group = gid;
832 static int flush_parser(struct nv_pair *nv, int line,
833 struct daemon_conf *config)
837 audit_msg(LOG_DEBUG, "flush_parser called with: %s", nv->value);
838 for (i=0; flush_techniques[i].name != NULL; i++) {
839 if (strcasecmp(nv->value, flush_techniques[i].name) == 0) {
840 config->flush = flush_techniques[i].option;
844 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
848 static int freq_parser(struct nv_pair *nv, int line,
849 struct daemon_conf *config)
851 const char *ptr = nv->value;
854 audit_msg(LOG_DEBUG, "freq_parser called with: %s", nv->value);
856 /* check that all chars are numbers */
857 for (i=0; ptr[i]; i++) {
858 if (!isdigit(ptr[i])) {
860 "Value %s should only be numbers - line %d",
866 /* convert to unsigned int */
868 i = strtoul(nv->value, NULL, 10);
871 "Error converting string to a number (%s) - line %d",
872 strerror(errno), line);
875 /* Check its range */
878 "Error - converted number (%s) is too large - line %d",
882 config->freq = (unsigned int)i;
886 static int space_left_parser(struct nv_pair *nv, int line,
887 struct daemon_conf *config)
889 const char *ptr = nv->value;
892 audit_msg(LOG_DEBUG, "space_left_parser called with: %s", nv->value);
894 /* check that all chars are numbers */
895 for (i=0; ptr[i]; i++) {
896 if (!isdigit(ptr[i])) {
898 "Value %s should only be numbers - line %d",
904 /* convert to unsigned long */
906 i = strtoul(nv->value, NULL, 10);
909 "Error converting string to a number (%s) - line %d",
910 strerror(errno), line);
913 config->space_left = i;
917 static int check_exe_name(const char *val, int line)
922 audit_msg(LOG_ERR, "Executable path needed for line %d", line);
927 audit_msg(LOG_ERR, "Absolute path needed for %s - line %d",
932 if (stat(val, &buf) < 0) {
933 audit_msg(LOG_ERR, "Unable to stat %s (%s) - line %d", val,
934 strerror(errno), line);
937 if (!S_ISREG(buf.st_mode)) {
938 audit_msg(LOG_ERR, "%s is not a regular file - line %d", val,
942 if (buf.st_uid != 0) {
943 audit_msg(LOG_ERR, "%s is not owned by root - line %d", val,
947 if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
948 (S_IRWXU|S_IRGRP|S_IXGRP) &&
949 (buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
950 (S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) {
952 "%s permissions should be 0750 or 0755 - line %d",
959 static int space_action_parser(struct nv_pair *nv, int line,
960 struct daemon_conf *config)
964 audit_msg(LOG_DEBUG, "space_action_parser called with: %s", nv->value);
965 for (i=0; failure_actions[i].name != NULL; i++) {
966 if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
967 if (failure_actions[i].option == FA_EMAIL) {
968 if (access(email_command, X_OK)) {
970 "Email option is specified but %s doesn't seem executable.",
973 } else if (failure_actions[i].option == FA_EXEC) {
974 if (check_exe_name(nv->option, line))
976 config->space_left_exe = strdup(nv->option);
978 config->space_left_action = failure_actions[i].option;
982 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
986 // returns 0 if OK, 1 on temp error, 2 on permanent error
987 static int validate_email(const char *acct)
998 "email: %s is too short, expecting at least 2 characters",
1003 // look for illegal char
1004 for (i=0; i<len; i++) {
1005 if (! (isalnum(acct[i]) || (acct[i] == '@') ||
1006 (acct[i]=='.') || (acct[i]=='-') ||
1007 (acct[i] == '_')) ) {
1008 audit_msg(LOG_ERR, "email: %s has illegal character",
1014 if ((ptr1 = strchr(acct, '@'))) {
1016 struct hostent *t_addr;
1018 ptr2 = strrchr(acct, '.'); // get last dot - sb after @
1019 if ((ptr2 == NULL) || (ptr1 > ptr2)) {
1020 audit_msg(LOG_ERR, "email: %s should have . after @",
1025 t_addr = gethostbyname(ptr1+1);
1027 if ((h_errno == HOST_NOT_FOUND) ||
1028 (h_errno == NO_RECOVERY)) {
1030 "validate_email: failed looking up host for %s",
1032 // FIXME: gethostbyname is having trouble
1033 // telling when we have a temporary vs permanent
1034 // dns failure. So, for now, treat all as temp
1037 else if (h_errno == TRY_AGAIN)
1038 audit_msg(LOG_DEBUG,
1039 "validate_email: temporary failure looking up domain for %s",
1047 static int action_mail_acct_parser(struct nv_pair *nv, int line,
1048 struct daemon_conf *config)
1052 audit_msg(LOG_DEBUG, "action_mail_acct_parser called with: %s",
1054 tmail = strdup(nv->value);
1058 if (validate_email(tmail) > 1) {
1064 if (config->action_mail_acct)
1065 free((void *)config->action_mail_acct);
1066 config->action_mail_acct = tmail;
1070 static int admin_space_left_parser(struct nv_pair *nv, int line,
1071 struct daemon_conf *config)
1073 const char *ptr = nv->value;
1076 audit_msg(LOG_DEBUG, "admin_space_left_parser called with: %s",
1079 /* check that all chars are numbers */
1080 for (i=0; ptr[i]; i++) {
1081 if (!isdigit(ptr[i])) {
1083 "Value %s should only be numbers - line %d",
1089 /* convert to unsigned long */
1091 i = strtoul(nv->value, NULL, 10);
1094 "Error converting string to a number (%s) - line %d",
1095 strerror(errno), line);
1098 config->admin_space_left = i;
1102 static int admin_space_left_action_parser(struct nv_pair *nv, int line,
1103 struct daemon_conf *config)
1107 audit_msg(LOG_DEBUG, "admin_space_left_action_parser called with: %s",
1109 for (i=0; failure_actions[i].name != NULL; i++) {
1110 if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
1111 if (failure_actions[i].option == FA_EMAIL) {
1112 if (access(email_command, X_OK)) {
1114 "Email option is specified but %s doesn't seem executable.",
1117 } else if (failure_actions[i].option == FA_EXEC) {
1118 if (check_exe_name(nv->option, line))
1120 config->admin_space_left_exe =
1123 config->admin_space_left_action =
1124 failure_actions[i].option;
1128 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
1132 static int disk_full_action_parser(struct nv_pair *nv, int line,
1133 struct daemon_conf *config)
1137 audit_msg(LOG_DEBUG, "disk_full_action_parser called with: %s",
1139 for (i=0; failure_actions[i].name != NULL; i++) {
1140 if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
1141 if (failure_actions[i].option == FA_EMAIL) {
1143 "Illegal option %s for disk_full_action - line %d",
1146 } else if (failure_actions[i].option == FA_EXEC) {
1147 if (check_exe_name(nv->option, line))
1149 config->disk_full_exe = strdup(nv->option);
1151 config->disk_full_action = failure_actions[i].option;
1155 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
1159 static int disk_error_action_parser(struct nv_pair *nv, int line,
1160 struct daemon_conf *config)
1164 audit_msg(LOG_DEBUG, "disk_error_action_parser called with: %s",
1166 for (i=0; failure_actions[i].name != NULL; i++) {
1167 if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
1168 if (failure_actions[i].option == FA_EMAIL ||
1169 failure_actions[i].option == FA_ROTATE) {
1171 "Illegal option %s for disk_error_action - line %d",
1174 } else if (failure_actions[i].option == FA_EXEC) {
1175 if (check_exe_name(nv->option, line))
1177 config->disk_error_exe = strdup(nv->option);
1179 config->disk_error_action = failure_actions[i].option;
1183 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
1187 static int priority_boost_parser(struct nv_pair *nv, int line,
1188 struct daemon_conf *config)
1190 const char *ptr = nv->value;
1193 audit_msg(LOG_DEBUG, "priority_boost_parser called with: %s",
1196 /* check that all chars are numbers */
1197 for (i=0; ptr[i]; i++) {
1198 if (!isdigit(ptr[i])) {
1200 "Value %s should only be numbers - line %d",
1206 /* convert to unsigned int */
1208 i = strtoul(nv->value, NULL, 10);
1211 "Error converting string to a number (%s) - line %d",
1212 strerror(errno), line);
1215 /* Check its range */
1218 "Error - converted number (%s) is too large - line %d",
1222 config->priority_boost = (unsigned int)i;
1226 static int tcp_listen_port_parser(struct nv_pair *nv, int line,
1227 struct daemon_conf *config)
1229 const char *ptr = nv->value;
1232 audit_msg(LOG_DEBUG, "tcp_listen_port_parser called with: %s",
1235 #ifndef USE_LISTENER
1236 audit_msg(LOG_DEBUG,
1237 "Listener support is not enabled, ignoring value at line %d",
1241 /* check that all chars are numbers */
1242 for (i=0; ptr[i]; i++) {
1243 if (!isdigit(ptr[i])) {
1245 "Value %s should only be numbers - line %d",
1251 /* convert to unsigned int */
1253 i = strtoul(nv->value, NULL, 10);
1256 "Error converting string to a number (%s) - line %d",
1257 strerror(errno), line);
1260 /* Check its range */
1261 if (i > TCP_PORT_MAX) {
1263 "Error - converted number (%s) is too large - line %d",
1269 "Error - converted number (%s) is too small - line %d",
1273 config->tcp_listen_port = (unsigned int)i;
1278 static int tcp_listen_queue_parser(struct nv_pair *nv, int line,
1279 struct daemon_conf *config)
1281 const char *ptr = nv->value;
1284 audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s",
1287 #ifndef USE_LISTENER
1288 audit_msg(LOG_DEBUG,
1289 "Listener support is not enabled, ignoring value at line %d",
1293 /* check that all chars are numbers */
1294 for (i=0; ptr[i]; i++) {
1295 if (!isdigit(ptr[i])) {
1297 "Value %s should only be numbers - line %d",
1303 /* convert to unsigned int */
1305 i = strtoul(nv->value, NULL, 10);
1308 "Error converting string to a number (%s) - line %d",
1309 strerror(errno), line);
1312 /* Check its range. While this value is technically
1313 unlimited, it's limited by the kernel, and we limit it here
1315 if (i > TCP_PORT_MAX) {
1317 "Error - converted number (%s) is too large - line %d",
1323 "Error - converted number (%s) is too small - line %d",
1327 config->tcp_listen_queue = (unsigned int)i;
1333 static int tcp_max_per_addr_parser(struct nv_pair *nv, int line,
1334 struct daemon_conf *config)
1336 const char *ptr = nv->value;
1339 audit_msg(LOG_DEBUG, "tcp_max_per_addr_parser called with: %s",
1342 #ifndef USE_LISTENER
1343 audit_msg(LOG_DEBUG,
1344 "Listener support is not enabled, ignoring value at line %d",
1348 /* check that all chars are numbers */
1349 for (i=0; ptr[i]; i++) {
1350 if (!isdigit(ptr[i])) {
1352 "Value %s should only be numbers - line %d",
1358 /* convert to unsigned int */
1360 i = strtoul(nv->value, NULL, 10);
1363 "Error converting string to a number (%s) - line %d",
1364 strerror(errno), line);
1367 /* Check its range. While this value is technically
1368 unlimited, it's limited by the kernel, and we limit it here
1372 "Error - converted number (%s) is too large - line %d",
1378 "Error - converted number (%s) is too small - line %d",
1382 config->tcp_max_per_addr = (unsigned int)i;
1387 static int use_libwrap_parser(struct nv_pair *nv, int line,
1388 struct daemon_conf *config)
1392 audit_msg(LOG_DEBUG, "use_libwrap_parser called with: %s",
1395 for (i=0; yes_no_values[i].name != NULL; i++) {
1396 if (strcasecmp(nv->value, yes_no_values[i].name) == 0) {
1397 config->use_libwrap = yes_no_values[i].option;
1401 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
1405 static int tcp_client_ports_parser(struct nv_pair *nv, int line,
1406 struct daemon_conf *config)
1408 const char *ptr = nv->value;
1409 unsigned long i, minv, maxv;
1410 const char *saw_dash = NULL;
1412 audit_msg(LOG_DEBUG, "tcp_listen_queue_parser called with: %s",
1415 #ifndef USE_LISTENER
1416 audit_msg(LOG_DEBUG,
1417 "Listener support is not enabled, ignoring value at line %d",
1421 /* check that all chars are numbers, with an optional inclusive '-'. */
1422 for (i=0; ptr[i]; i++) {
1423 if (i > 0 && ptr[i] == '-' && ptr[i+1] != '\0') {
1427 if (!isdigit(ptr[i])) {
1429 "Value %s should only be numbers, or "
1430 "two numbers separated by a dash - line %d",
1435 for (; ptr[i]; i++) {
1436 if (!isdigit(ptr[i])) {
1438 "Value %s should only be numbers, or "
1439 "two numbers separated by a dash - line %d",
1445 /* convert to unsigned int */
1447 maxv = minv = strtoul(nv->value, NULL, 10);
1450 "Error converting string to a number (%s) - line %d",
1451 strerror(errno), line);
1455 maxv = strtoul(saw_dash + 1, NULL, 10);
1458 "Error converting string to a number (%s) - line %d",
1459 strerror(errno), line);
1463 /* Check their ranges. */
1464 if (minv > TCP_PORT_MAX) {
1466 "Error - converted number (%ld) is too large - line %d",
1470 if (maxv > TCP_PORT_MAX) {
1472 "Error - converted number (%ld) is too large - line %d",
1478 "Error - converted range (%ld-%ld) is reversed - line %d",
1482 config->tcp_client_min_port = (unsigned int)minv;
1483 config->tcp_client_max_port = (unsigned int)maxv;
1488 static int tcp_client_max_idle_parser(struct nv_pair *nv, int line,
1489 struct daemon_conf *config)
1491 const char *ptr = nv->value;
1494 audit_msg(LOG_DEBUG, "tcp_client_max_idle_parser called with: %s",
1497 #ifndef USE_LISTENER
1498 audit_msg(LOG_DEBUG,
1499 "Listener support is not enabled, ignoring value at line %d",
1503 /* check that all chars are numbers */
1504 for (i=0; ptr[i]; i++) {
1505 if (!isdigit(ptr[i])) {
1507 "Value %s should only be numbers - line %d",
1513 /* convert to unsigned int */
1515 i = strtoul(nv->value, NULL, 10);
1518 "Error converting string to a number (%s) - line %d",
1519 strerror(errno), line);
1522 /* Check its range. While this value is technically
1523 unlimited, it's limited by the kernel, and we limit it here
1527 "Error - converted number (%s) is too large - line %d",
1531 config->tcp_client_max_idle = (unsigned int)i;
1536 static int enable_krb5_parser(struct nv_pair *nv, int line,
1537 struct daemon_conf *config)
1539 audit_msg(LOG_DEBUG, "enable_krb5_parser called with: %s",
1543 audit_msg(LOG_DEBUG,
1544 "GSSAPI support is not enabled, ignoring value at line %d",
1550 for (i=0; yes_no_values[i].name != NULL; i++) {
1551 if (strcasecmp(nv->value, yes_no_values[i].name) == 0) {
1552 config->enable_krb5 = yes_no_values[i].option;
1556 audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
1561 static int krb5_principal_parser(struct nv_pair *nv, int line,
1562 struct daemon_conf *config)
1564 audit_msg(LOG_DEBUG,"krb5_principal_parser called with: %s",nv->value);
1566 audit_msg(LOG_DEBUG,
1567 "GSSAPI support is not enabled, ignoring value at line %d",
1570 config->krb5_principal = strdup(nv->value);
1575 static int krb5_key_file_parser(struct nv_pair *nv, int line,
1576 struct daemon_conf *config)
1578 audit_msg(LOG_DEBUG, "krb5_key_file_parser called with: %s", nv->value);
1580 audit_msg(LOG_DEBUG,
1581 "GSSAPI support is not enabled, ignoring value at line %d",
1584 config->krb5_key_file = strdup(nv->value);
1590 * This function is where we do the integrated check of the audit config
1591 * options. At this point, all fields have been read. Returns 0 if no
1592 * problems and 1 if problems detected.
1594 static int sanity_check(struct daemon_conf *config)
1596 /* Error checking */
1597 if (config->space_left <= config->admin_space_left) {
1599 "Error - space_left(%lu) must be larger than admin_space_left(%lu)",
1600 config->space_left, config->admin_space_left);
1603 if (config->flush == FT_INCREMENTAL && config->freq == 0) {
1605 "Error - incremental flushing chosen, but 0 selected for freq");
1609 if (config->flush > FT_INCREMENTAL && config->freq != 0) {
1610 audit_msg(LOG_WARNING,
1611 "Warning - freq is non-zero and incremental flushing not selected.");
1616 const char *audit_lookup_format(int fmt)
1620 for (i=0; log_formats[i].name != NULL; i++) {
1621 if (log_formats[i].option == fmt)
1622 return log_formats[i].name;
1627 int create_log_file(const char *val)
1632 fd = open(val, O_CREAT|O_EXCL|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
1634 audit_msg(LOG_ERR, "Unable to create %s (%s)", val,
1639 void free_config(struct daemon_conf *config)
1641 free((void *)config->sender_ctx);
1642 free((void *)config->log_file);
1643 free((void *)config->dispatcher);
1644 free((void *)config->node_name);
1645 free((void *)config->action_mail_acct);
1646 free((void *)config->space_left_exe);
1647 free((void *)config->admin_space_left_exe);
1648 free((void *)config->disk_full_exe);
1649 free((void *)config->disk_error_exe);
1650 free((void *)config->krb5_principal);
1651 free((void *)config->krb5_key_file);
1654 int resolve_node(struct daemon_conf *config)
1659 /* Get the host name representation */
1660 switch (config->node_name_format)
1665 if (gethostname(tmp_name, sizeof(tmp_name))) {
1667 "Unable to get machine name");
1670 config->node_name = strdup(tmp_name);
1673 if (config->node_name == NULL) {
1674 audit_msg(LOG_ERR, "User defined name missing");
1679 if (gethostname(tmp_name, sizeof(tmp_name))) {
1681 "Unable to get machine name");
1685 struct addrinfo *ai;
1686 struct addrinfo hints;
1688 memset(&hints, 0, sizeof(hints));
1689 hints.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
1690 hints.ai_socktype = SOCK_STREAM;
1692 rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai);
1695 "Cannot resolve hostname %s (%s)",
1696 tmp_name, gai_strerror(rc));
1700 config->node_name = strdup(ai->ai_canonname);
1705 if (gethostname(tmp_name, sizeof(tmp_name))) {
1707 "Unable to get machine name");
1711 struct addrinfo *ai;
1712 struct addrinfo hints;
1714 audit_msg(LOG_DEBUG,
1715 "Resolving numeric address for %s",
1717 memset(&hints, 0, sizeof(hints));
1718 hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;
1719 hints.ai_socktype = SOCK_STREAM;
1721 rc2 = getaddrinfo(tmp_name, NULL, &hints, &ai);
1724 "Cannot resolve hostname %s (%s)",
1725 tmp_name, gai_strerror(rc2));
1729 inet_ntop(ai->ai_family,
1730 ai->ai_family == AF_INET ?
1731 (void *) &((struct sockaddr_in *)ai->ai_addr)->sin_addr :
1732 (void *) &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
1733 tmp_name, INET6_ADDRSTRLEN);
1735 config->node_name = strdup(tmp_name);
1739 if (rc == 0 && config->node_name)
1740 audit_msg(LOG_DEBUG, "Resolved node name: %s",