PERFORCE change 106504 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=106504

Change 106504 by rwatson at rwatson_fledge on 2006/09/22 13:15:35

	Add an audit_warn(5) event for the audit daemon closing a trail
	file.  This could be used, for example, to hook the close event and
	compress the trail file.  The event is never called for
	unterminated trail files left behind after, say, an improper
	shutdown.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
  */
 
 #include <sys/types.h>
@@ -125,6 +125,21 @@
 }
 
 /*
+ * Indicate that a trail file has been closed, so can now be post-processed.
+ */
+int
+audit_warn_closefile(char *filename)
+{
+	char *args[3];
+
+	args[0] = CLOSEFILE_WARN;
+	args[1] = filename;
+	args[2] = NULL;
+
+	return (auditwarnlog(args));
+}
+
+/*
  * Indicates that the audit deammn is already running
  */
 int

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#22 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $
  */
 
 #include <sys/types.h>
@@ -163,9 +163,11 @@
 				syslog(LOG_ERR,
 				    "Could not rename %s to %s: %m", oldname,
 				    lastfile);
-			else
+			else {
 				syslog(LOG_INFO, "renamed %s to %s",
 				    oldname, lastfile);
+				audit_warn_closefile(lastfile);
+			}
 		}
 		free(lastfile);
 		free(oldname);

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $
  */
 
 #ifndef _AUDITD_H_
@@ -62,6 +62,7 @@
 #define	HARDLIM_ALL_WARN	"allhard"
 #define	SOFTLIM_ALL_WARN	"allsoft"
 #define	AUDITOFF_WARN		"auditoff"
+#define	CLOSEFILE_WARN		"closefile"
 #define	EBUSY_WARN		"ebusy"
 #define	GETACDIR_WARN		"getacdir"
 #define	HARDLIM_WARN		"hard"
@@ -76,6 +77,7 @@
 int	audit_warn_allhard(int count);
 int	audit_warn_allsoft(void);
 int	audit_warn_auditoff(void);
+int	audit_warn_closefile(char *filename);
 int	audit_warn_ebusy(void);
 int	audit_warn_getacdir(char *filename);
 int	audit_warn_hard(char *filename);