AC_CHECK_HEADERS(netinet/in.h netdb.h sys/fcntl.h sys/mnttab.h sys/mntent.h)
AC_CHECK_HEADERS(mntent.h sys/vfs.h sys/param.h sys/fs_types.h sys/fstyp.h)
AC_CHECK_HEADERS(sys/mount.h strings.h termios.h signal.h poll.h sys/pag.h)
-AC_CHECK_HEADERS(windows.h malloc.h winsock2.h direct.h io.h sys/user.h)
+AC_CHECK_HEADERS(windows.h malloc.h winsock2.h direct.h io.h sys/user.h sys/ipc.h)
AC_CHECK_HEADERS(security/pam_modules.h siad.h usersec.h ucontext.h regex.h values.h sys/statvfs.h sys/statfs.h sys/bitypes.h)
AC_CHECK_HEADERS(linux/errqueue.h,,,[#include <linux/types.h>])
<div class="synopsis">
B<bosserver> [B<-noauth>] [B<-log>] [B<-enable_peer_stats>]
+ S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
[B<-enable_process_stats>] [B<-allow-dotted-principals>] [B<-help>]
=for html
successfully issue a privileged B<bos> command (one that requires being
listed in the F</usr/afs/etc/UserList> file).
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
=item B<-enable_peer_stats>
Activates the collection of Rx statistics and allocates memory for their
<div class="synopsis">
B<buserver> S<<< [B<-database> <I<database directory>>] >>>
+ S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
S<<< [B<-cellservdb> <I<cell configuration directory>>] >>> [B<-resetdb>]
[B<-noauth>] [B<-smallht>] [B<-servers> <I<list of ubik database servers>>+]
[B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-rxbind>]
files, ending in a final slash (C</>). If this argument is not provided,
the default is the F</usr/afs/db> directory.
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
=item B<-cellservdb> <I<cell configuration directory>>
Specifies the pathname of the directory from which the Backup Server reads
<div class="synopsis">
B<fileserver> S<<< [B<-auditlog> <I<path to log file>>] >>>
+ S<<< [B<-audit-interface> (file | sysvmq)] >>>
S<<< [B<-d> <I<debug level>>] >>>
S<<< [B<-p> <I<number of processes>>] >>>
S<<< [B<-spare> <I<number of spare blocks>>] >>>
Set and enable auditing.
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. The C<file> interface writes audit
+messages to the file passed to B<-auditlog>. The C<sysvmq> interface
+writes audit messages to a SYSV message (see L<msgget(2)> and
+L<msgrcv(2)>). The message queue the C<sysvmq> interface writes to has the
+key C<ftok(path, 1)>, where C<path> is the path specified in the
+B<-auditlog> option.
+
+Defaults to C<file>.
+
=item B<-d> <I<debug level>>
Sets the detail level for the debugging trace written to the
<div class="synopsis">
B<kaserver> [B<-noAuth>] [B<-fastKeys>] [B<-database> <I<dbpath>>]
+ S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
S<<< [B<-localfiles> <I<lclpath>>] >>> S<<< [B<-minhours> <I<n>>] >>>
S<<< [B<-servers> <I<serverlist>>] >>> [B<-enable_peer_stats>]
[B<-enable_process_stats>] [B<-help>]
B<-localfiles> argument is also set to the value of this argument, which
is probably inappropriate.
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
=item B<-localfiles> <I<lclpath>>
Specifies the pathname of an alternate directory in which the auxiliary
[B<-restricted>] [B<-enable_peer_stats>]
[B<-enable_process_stats>] [B<-allow-dotted-principals>]
[B<-rxbind>] S<<< [B<-auditlog> <I<file path>>] >>>
+ S<<< [B<-audit-interface> (file | sysvmq)] >>>
S<<< [B<-syslog>[=<I<FACILITY>>]] >>> S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
[B<-help>]
the log message should be sent. Logging message sent to syslog are tagged
with the string "ptserver".
-=item B<-auditlog> <I<file path>>
+=item B<-auditlog> <I<log path>>
-Specifies the full pathname for the B<AuditLog> file.
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
=item B<-rxmaxmtu> <I<bytes>>
B<vlserver> S<<< [B<-p> <I<number of threads>>] >>> [B<-nojumbo>] [B<-jumbo>] [B<-rxbind>] S<<< [B<-d> <I<debug level>>] >>>
[B<-allow-dotted-principals>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
+ S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
[B<-help>]
=for html
between principal names may disable this check by starting the server
with this option.
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
=item B<-rxbind>
Bind the Rx socket to the primary interface only. (If not specified, the
<div class="synopsis">
B<volserver> [B<-log>] S<<< [B<-p> <I<number of processes>>] >>>
+ S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
S<<< [B<-udpsize> <I<size of socket buffer in bytes>>] >>>
S<<< [B<-d> <I<debug level>>] >>>
[B<-nojumbo>] [B<-jumbo>]
Sets the number of server lightweight processes (LWPs) to run. Provide an
integer between C<4> and C<16>. The default is C<9>.
+=item B<-auditlog> <I<log path>>
+
+Turns on audit logging, and sets the path for the audit log.
+
+=item B<-audit-interface> (file | sysvmq)
+
+Specifies what audit interface to use. Defaults to C<file>. See
+L<fileserver(8)> for an explanation of each interface.
+
=item B<-udpsize> <I<size of socket buffer>>
Sets the size of the UDP buffer in bytes, which is 64 KB by
${TOP_INCDIR}/afs/audit.h: audit.h
${INSTALL_DATA} $? $@
-libaudit.a: audit.o AFS_component_version_number.o
+libaudit.a: audit.o audit-file.o audit-sysvmq.o AFS_component_version_number.o
$(RM) -f libaudit.a
- ar r libaudit.a audit.o AFS_component_version_number.o
+ ar r libaudit.a audit.o audit-file.o audit-sysvmq.o AFS_component_version_number.o
$(RANLIB) libaudit.a
-audit.o: audit.c audit.h
+audit.o: audit.c audit.h audit-api.h
${CC} ${CFLAGS} -c ${srcdir}/audit.c
+audit-file.o: audit-file.c audit.h audit-api.h
+ ${CC} ${CFLAGS} -c ${srcdir}/audit-file.c
+
+audit-sysvmq.o: audit-sysvmq.c audit.h audit-api.h
+ ${CC} ${CFLAGS} -c ${srcdir}/audit-sysvmq.c
+
# XXX-INST: where to install the AIX audit files?
install: audit.h libaudit.a
${INSTALL} -d ${DESTDIR}${libdir}/afs
--- /dev/null
+/*
+ * Copyright 2009, Sine Nomine Associates and others.
+ * All Rights Reserved.
+ *
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+
+#ifndef _AUDIT_API_H
+#define _AUDIT_API_H
+
+struct osi_audit_ops {
+ void (*send_msg)(void);
+ void (*append_msg)(const char *format, ...);
+ int (*open_file)(const char *fileName);
+ void (*print_interface_stats)(FILE *out);
+};
+
+#endif /* _AUDIT_API_H */
--- /dev/null
+/*
+ * Copyright 2000, International Business Machines Corporation and others.
+ * All Rights Reserved.
+ *
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <afs/afsutil.h>
+
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include "audit-api.h"
+
+static FILE *auditout;
+
+static void
+send_msg(void)
+{
+ fprintf(auditout, "\n");
+ fflush(auditout);
+}
+
+static void
+append_msg(const char *format, ...)
+{
+ va_list vaList;
+
+ va_start(vaList, format);
+ vfprintf(auditout, format, vaList);
+ va_end(vaList);
+}
+
+static int
+open_file(const char *fileName)
+{
+ int tempfd, flags;
+ char oldName[MAXPATHLEN];
+
+#ifndef AFS_NT40_ENV
+ struct stat statbuf;
+
+ if ((lstat(fileName, &statbuf) == 0)
+ && (S_ISFIFO(statbuf.st_mode))) {
+ flags = O_WRONLY | O_NONBLOCK;
+ } else
+#endif
+ {
+ strcpy(oldName, fileName);
+ strcat(oldName, ".old");
+ renamefile(fileName, oldName);
+ flags = O_WRONLY | O_TRUNC | O_CREAT;
+ }
+ tempfd = open(fileName, flags, 0666);
+ if (tempfd > -1) {
+ auditout = fdopen(tempfd, "a");
+ if (!auditout) {
+ printf("Warning: auditlog %s not writable, ignored.\n", fileName);
+ return 1;
+ }
+ } else {
+ printf("Warning: auditlog %s not writable, ignored.\n", fileName);
+ return 1;
+ }
+ return 0;
+}
+
+static void
+print_interface_stats(FILE *out)
+{
+ return;
+}
+
+const struct osi_audit_ops audit_file_ops = {
+ &send_msg,
+ &append_msg,
+ &open_file,
+ &print_interface_stats,
+};
--- /dev/null
+/*
+ * Copyright 2009, Sine Nomine Associates and others.
+ * All Rights Reserved.
+ *
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+
+#include <afsconfig.h>
+
+/* only build on platforms that have SysV IPC support; i.e., when we
+ * have sys/ipc.h */
+#ifdef HAVE_SYS_IPC_H
+
+#include <afs/param.h>
+
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ipc.h>
+#include <sys/msg.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include "audit-api.h"
+
+/* solaris default is 2048 */
+#define MAXMSG 2048
+
+/* message queue size will be increased to this value
+ if not already bigger */
+#define MSGMNB (2*1024*1024)
+
+static struct my_msgbuf {
+ long mtype;
+ char mtext[MAXMSG];
+} msgbuffer;
+
+static int mqid;
+
+static struct mqaudit_stats {
+ long all;
+ long truncated;
+ long lost;
+} myauditstats;
+
+static int truncated;
+
+static void
+send_msg(void)
+{
+ /* +1 to send the trailing '\0' in the message too so the
+ receiver doesn't need to bother with it */
+ if (msgsnd(mqid, &msgbuffer, strlen(msgbuffer.mtext)+1, IPC_NOWAIT) == -1) {
+ myauditstats.lost++;
+ } else if (truncated) {
+ myauditstats.truncated++;
+ }
+ myauditstats.all++;
+ msgbuffer.mtext[0] = 0;
+ truncated = 0;
+}
+
+static void
+append_msg(const char *format, ...)
+{
+ va_list vaList;
+ int size, printed;
+
+ size = MAXMSG - strlen(msgbuffer.mtext);
+
+ va_start(vaList, format);
+ printed = vsnprintf(&msgbuffer.mtext[strlen(msgbuffer.mtext)], size, format, vaList);
+ va_end(vaList);
+
+ /* A return value of size or more means that the output was truncated.
+ If an output error is encountered, a negative value is returned. */
+ if (size <= printed || printed == -1) {
+ truncated = 1;
+ }
+}
+
+static int
+open_file(const char *fileName)
+{
+ int tempfd;
+ struct msqid_ds msqdesc;
+
+ msgbuffer.mtext[0] = 0;
+ msgbuffer.mtype = 1;
+
+ truncated = 0;
+ myauditstats.all = 0;
+ myauditstats.lost = 0;
+ myauditstats.truncated = 0;
+
+ /* try to create file for ftok if it doesn't already exist */
+ tempfd = open(fileName, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+ if(tempfd != -1)
+ close(tempfd);
+
+ mqid = msgget(ftok(fileName, 1), S_IRUSR | S_IWUSR | IPC_CREAT);
+ if (mqid == -1) {
+ printf("Warning: auditlog message queue %s cannot be opened.\n", fileName);
+ return 1;
+ }
+
+ /* increase message queue size */
+ msgctl(mqid, IPC_STAT, &msqdesc);
+ if (msqdesc.msg_qbytes < MSGMNB) {
+ msqdesc.msg_qbytes = MSGMNB;
+ msgctl(mqid, IPC_SET, &msqdesc);
+ }
+
+ return 0;
+}
+
+static void
+print_interface_stats(FILE *out)
+{
+ fprintf(out, "audit statistics: %ld messages total, %ld truncated, %ld lost\n",
+ myauditstats.all, myauditstats.truncated, myauditstats.lost);
+}
+
+const struct osi_audit_ops audit_sysvmq_ops = {
+ &send_msg,
+ &append_msg,
+ &open_file,
+ &print_interface_stats,
+};
+
+#endif /* HAVE_SYS_IPC_H */
#include <rx/rx.h>
#include <rx/rxkad.h>
#include "audit.h"
+#include "audit-api.h"
#include "lock.h"
#ifdef AFS_AIX32_ENV
#include <sys/audit.h>
# endif
#endif
-char *bufferPtr;
-int bufferLen;
-int osi_audit_all = (-1); /* Not determined yet */
-int osi_echo_trail = (-1);
+extern struct osi_audit_ops audit_file_ops;
+#ifdef HAVE_SYS_IPC_H
+extern struct osi_audit_ops audit_sysvmq_ops;
+#endif
+
+static struct {
+ const char *name;
+ const struct osi_audit_ops *ops;
+} audit_interfaces[] = {
+
+ { "file", &audit_file_ops },
+#ifdef HAVE_SYS_IPC_H
+ { "sysvmq", &audit_sysvmq_ops },
+#endif
+};
-FILE *auditout = NULL;
+#define N_INTERFACES (sizeof(audit_interfaces) / sizeof(audit_interfaces[0]))
-int osi_audit_check(void);
+/* default to `file' audit interface */
+static const struct osi_audit_ops *audit_ops = &audit_file_ops;
+
+static int osi_audit_all = (-1); /* Not determined yet */
+static int osi_echo_trail = (-1);
+
+static int auditout_open = 0;
+
+static int osi_audit_check(void);
#ifdef AFS_AIX32_ENV
+static char *bufferPtr;
+static int bufferLen;
+
static void
audmakebuf(char *audEvent, va_list vaList)
{
-#ifdef AFS_AIX32_ENV
int code;
-#endif
int vaEntry;
int vaInt;
afs_int32 vaLong;
#endif
static void
-printbuf(FILE *out, int rec, char *audEvent, char *afsName, afs_int32 hostId,
+printbuf(int rec, char *audEvent, char *afsName, afs_int32 hostId,
afs_int32 errCode, va_list vaList)
{
int vaEntry;
timeStamp = afs_ctime(¤ttime, tbuffer,
sizeof(tbuffer));
timeStamp[24] = ' '; /* ts[24] is the newline, 25 is the null */
- fprintf(out, timeStamp);
+ audit_ops->append_msg(timeStamp);
if (num > -1)
- fprintf(out, "[%d] ", num);
+ audit_ops->append_msg("[%d] ", num);
}
- fprintf(out, "EVENT %s CODE %d ", audEvent, errCode);
+ audit_ops->append_msg("EVENT %s CODE %d ", audEvent, errCode);
if (afsName) {
hostAddr.s_addr = hostId;
- fprintf(out, "NAME %s HOST %s ", afsName, inet_ntoa(hostAddr));
+ audit_ops->append_msg("NAME %s HOST %s ", afsName, inet_ntoa(hostAddr));
}
vaEntry = va_arg(vaList, int);
case AUD_STR: /* String */
vaStr = (char *)va_arg(vaList, char *);
if (vaStr)
- fprintf(out, "STR %s ", vaStr);
+ audit_ops->append_msg("STR %s ", vaStr);
else
- fprintf(out, "STR <null>");
+ audit_ops->append_msg("STR <null>");
break;
case AUD_NAME: /* Name */
vaStr = (char *)va_arg(vaList, char *);
if (vaStr)
- fprintf(out, "NAME %s ", vaStr);
+ audit_ops->append_msg("NAME %s ", vaStr);
else
- fprintf(out, "NAME <null>");
+ audit_ops->append_msg("NAME <null>");
break;
case AUD_ACL: /* ACL */
vaStr = (char *)va_arg(vaList, char *);
if (vaStr)
- fprintf(out, "ACL %s ", vaStr);
+ audit_ops->append_msg("ACL %s ", vaStr);
else
- fprintf(out, "ACL <null>");
+ audit_ops->append_msg("ACL <null>");
break;
case AUD_INT: /* Integer */
vaInt = va_arg(vaList, int);
- fprintf(out, "INT %d ", vaInt);
+ audit_ops->append_msg("INT %d ", vaInt);
break;
case AUD_ID: /* ViceId */
vaInt = va_arg(vaList, int);
- fprintf(out, "ID %d ", vaInt);
+ audit_ops->append_msg("ID %d ", vaInt);
break;
case AUD_DATE: /* Date */
vaLong = va_arg(vaList, afs_int32);
- fprintf(out, "DATE %u ", vaLong);
+ audit_ops->append_msg("DATE %u ", vaLong);
break;
case AUD_HOST: /* Host ID */
vaLong = va_arg(vaList, afs_int32);
hostAddr.s_addr = vaLong;
- fprintf(out, "HOST %s ", inet_ntoa(hostAddr));
+ audit_ops->append_msg("HOST %s ", inet_ntoa(hostAddr));
break;
case AUD_LONG: /* afs_int32 */
vaLong = va_arg(vaList, afs_int32);
- fprintf(out, "LONG %d ", vaLong);
+ audit_ops->append_msg("LONG %d ", vaLong);
break;
case AUD_FID: /* AFSFid - contains 3 entries */
vaFid = va_arg(vaList, struct AFSFid *);
if (vaFid)
- fprintf(out, "FID %u:%u:%u ", vaFid->Volume, vaFid->Vnode,
+ audit_ops->append_msg("FID %u:%u:%u ", vaFid->Volume, vaFid->Vnode,
vaFid->Unique);
else
- fprintf(out, "FID %u:%u:%u ", 0, 0, 0);
+ audit_ops->append_msg("FID %u:%u:%u ", 0, 0, 0);
break;
case AUD_FIDS: /* array of Fids */
vaFids = va_arg(vaList, struct AFSCBFids *);
vaFid = vaFids->AFSCBFids_val;
if (vaFid) {
- fprintf(out, "FIDS %u FID %u:%u:%u ", vaFids->AFSCBFids_len, vaFid->Volume,
+ audit_ops->append_msg("FIDS %u FID %u:%u:%u ", vaFids->AFSCBFids_len, vaFid->Volume,
vaFid->Vnode, vaFid->Unique);
for ( i = 1; i < vaFids->AFSCBFids_len; i++, vaFid++ )
- fprintf(out, "FID %u:%u:%u ", vaFid->Volume,
+ audit_ops->append_msg("FID %u:%u:%u ", vaFid->Volume,
vaFid->Vnode, vaFid->Unique);
} else
- fprintf(out, "FIDS 0 FID 0:0:0 ");
+ audit_ops->append_msg("FIDS 0 FID 0:0:0 ");
}
break;
default:
- fprintf(out, "--badval-- ");
+ audit_ops->append_msg("--badval-- ");
break;
} /* end switch */
vaEntry = va_arg(vaList, int);
} /* end while */
- fprintf(out, "\n");
+ audit_ops->send_msg();
}
#ifdef AFS_PTHREAD_ENV
/* ************************************************************************** */
/* The routine that acually does the audit call.
* ************************************************************************** */
-int
+static int
osi_audit_internal(char *audEvent, /* Event name (15 chars or less) */
afs_int32 errCode, /* The error code */
char *afsName,
static char BUFFER[32768];
#endif
int result;
- va_list vaCopy;
#ifdef AFS_PTHREAD_ENV
/* i'm pretty sure all the server apps now call osi_audit_init(),
if ((osi_audit_all < 0) || (osi_echo_trail < 0))
osi_audit_check();
- if (!osi_audit_all && !auditout)
+ if (!osi_audit_all && !auditout_open)
return 0;
- va_copy(vaCopy, vaList);
-
switch (errCode) {
case 0:
result = AUDIT_OK;
audmakebuf(audEvent, vaList);
#endif
- if (osi_echo_trail) {
- printbuf(stdout, 0, audEvent, afsName, hostId, errCode, vaList);
- }
- va_end(vaCopy);
-
#ifdef AFS_AIX32_ENV
bufferLen = (int)((afs_int32) bufferPtr - (afs_int32) & BUFFER[0]);
code = auditlog(audEvent, result, BUFFER, bufferLen);
#else
- if (auditout) {
- printbuf(auditout, 0, audEvent, afsName, hostId, errCode, vaList);
- fflush(auditout);
+ if (auditout_open) {
+ printbuf(0, audEvent, afsName, hostId, errCode, vaList);
}
#endif
#ifdef AFS_PTHREAD_ENV
if ((osi_audit_all < 0) || (osi_echo_trail < 0))
osi_audit_check();
- if (!osi_audit_all && !auditout)
+ if (!osi_audit_all && !auditout_open)
return 0;
va_start(vaList, errCode);
if (osi_audit_all < 0)
osi_audit_check();
- if (!osi_audit_all && !auditout)
+ if (!osi_audit_all && !auditout_open)
return 0;
strcpy(afsName, "--Unknown--");
int i, lrealm_match;
if (num_lrealms == -1) {
- for (i=0; i<AFS_NUM_LREALMS; i++) {
+ for (i = 0; i < AFS_NUM_LREALMS; i++) {
if (afs_krb_get_lrealm(local_realms[i], i) != 0 /*KSUCCESS*/)
break;
}
/* Check to see if the ticket cell matches one of the local realms */
lrealm_match = 0;
- for ( i=0;i<num_lrealms;i++ ) {
+ for (i = 0; i < num_lrealms ; i++ ) {
if (!strcasecmp(local_realms[i], tcell)) {
lrealm_match = 1;
break;
}
int
-osi_audit_file(char *fileName)
+osi_audit_file(const char *fileName)
{
- int tempfd, flags;
- char oldName[MAXPATHLEN];
-
-#ifndef AFS_NT40_ENV
- struct stat statbuf;
-
- if ((lstat(fileName, &statbuf) == 0)
- && (S_ISFIFO(statbuf.st_mode))) {
- flags = O_WRONLY | O_NONBLOCK;
- } else
-#endif
- {
- strcpy(oldName, fileName);
- strcat(oldName, ".old");
- renamefile(fileName, oldName);
- flags = O_WRONLY | O_TRUNC | O_CREAT;
+ if(!audit_ops->open_file(fileName)) {
+ auditout_open = 1;
+ return 0;
}
- tempfd = open(fileName, flags, 0666);
- if (tempfd > -1) {
- auditout = fdopen(tempfd, "a");
- if (!auditout) {
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
- return 1;
- }
- } else {
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
- return 1;
+ return 1;
+}
+
+int
+osi_audit_interface(const char *interface)
+{
+ int i;
+ for (i = 0; i < N_INTERFACES; ++i) {
+ if (strcmp(interface, audit_interfaces[i].name) == 0) {
+ audit_ops = audit_interfaces[i].ops;
+ return 0;
+ }
}
- return 0;
+
+ return 1;
+}
+
+void
+audit_PrintStats(FILE *out)
+{
+ audit_ops->print_interface_stats(out);
}
/* prototypes for audit functions */
int osi_audit(char *audEvent, afs_int32 errCode, ...);
int osi_auditU(struct rx_call *call, char *audEvent, int errCode, ...);
-int osi_audit_file(char *filename);
+int osi_audit_file(const char *filename);
void osi_audit_init(void);
-
+int osi_audit_interface(const char *interface);
+void audit_PrintStats(FILE *out);
char namebuf[AFSDIR_PATH_MAX];
int rxMaxMTU = -1;
afs_uint32 host = htonl(INADDR_ANY);
+ char *auditFileName = NULL;
#ifndef AFS_NT40_ENV
int nofork = 0;
struct stat sb;
}
}
else if (strcmp(argv[code], "-auditlog") == 0) {
- char *fileName = argv[++code];
+ auditFileName = argv[++code];
- osi_audit_file(fileName);
+ } else if (strcmp(argv[code], "-audit-interface") == 0) {
+ char *interface = argv[++code];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ exit(1);
+ }
}
else {
#ifndef AFS_NT40_ENV
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
+ "[-audit-interafce <file|sysvmq> (default is file)] "
"[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals]"
"[-syslog[=FACILITY]] "
"[-enable_peer_stats] [-enable_process_stats] "
#else
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
+ "[-audit-interafce <file|sysvmq> (default is file)] "
"[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals]"
"[-enable_peer_stats] [-enable_process_stats] "
"[-help]\n");
exit(0);
}
}
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ }
#ifndef AFS_NT40_ENV
if (geteuid() != 0) {
cmd_AddParm(cptr, "-rxbind", CMD_FLAG, CMD_OPTIONAL,
"bind the Rx socket (primary interface only)");
+ cmd_AddParm(cptr, "-audit-interface", CMD_SINGLE, CMD_OPTIONAL,
+ "audit interface (file or sysvmq)");
}
int
else
ubik_nBuffers = 0;
- if (as->parms[7].items != 0) {
- char *fileName = as->parms[7].items->data;
-
- osi_audit_file(fileName);
- }
+ /* param 7 (-auditlog) handled below */
/* user provided the number of threads */
if (as->parms[8].items != 0) {
rxBind = 1;
}
+ /* -audit-interface */
+ if (as->parms[10].items != 0) {
+ char *interface = as->parms[10].items->data;
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ BUDB_EXIT(-1);
+ }
+ }
+
+ /* -auditlog */
+ /* needs to be after -audit-interface, so we osi_audit_interface
+ * before we osi_audit_file */
+ if (as->parms[7].items != 0) {
+ char *fileName = as->parms[7].items->data;
+
+ osi_audit_file(fileName);
+ }
+
return 0;
}
afs_int32 i;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
+ char *auditFileName = NULL;
struct rx_service *tservice;
struct rx_securityClass *sca[1];
if (argc == 0) {
usage:
printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
- "[-auditlog <log path>] [-rxbind] "
- "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
- "[-crossrealm]"
+ "[-auditlog <log path>] [-audit-interface <file|sysvmq>] "
+ "[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
+ "[-servers <serverlist>] [-crossrealm] "
/*" [-enable_peer_stats] [-enable_process_stats] " */
"[-help]\n");
exit(1);
lclpath = dbpath;
}
else if (strncmp(arg, "-auditlog", arglen) == 0) {
- char *fileName = argv[++a];
+ auditFileName = argv[++a];
+
+ } else if (strncmp(arg, "-audit-interface", arglen) == 0) {
+ char *interface = argv[++a];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ exit(1);
+ }
- osi_audit_file(fileName);
} else if (strcmp(arg, "-localfiles") == 0)
lclpath = argv[++a];
else if (strcmp(arg, "-servers") == 0)
goto usage;
}
}
+
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ }
+
if ((code = ka_CellConfig(cellservdb)))
goto abort;
cell = ka_LocalCell();
PTSERVER = ../ptserver
SYS = ../sys
-AUDITOBJS = audit.o
+AUDITOBJS = audit.o audit-file.o audit-sysvmq.o
AUTHOBJS = \
cellconfig.o \
audit.o: ${AUDIT}/audit.c
${CCRULE}
+audit-file.o: ${AUDIT}/audit-file.c
+ ${CCRULE}
+
+audit-sysvmq.o: ${AUDIT}/audit-sysvmq.c
+ ${CCRULE}
+
cellconfig.o: ${AUTH}/cellconfig.c
${CCRULE}
int a;
char arg[100];
+ char *auditFileName = NULL;
+
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
}
#endif
else if (strncmp(arg, "-auditlog", alen) == 0) {
- char *fileName = argv[++a];
+ auditFileName = argv[++a];
- osi_audit_file(fileName);
- osi_audit(PTS_StartEvent, 0, AUD_END);
+ } else if (strncmp(arg, "-audit-interface", alen) == 0) {
+ char *interface = argv[++a];
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ PT_EXIT(1);
+ }
}
else if (!strncmp(arg, "-rxmaxmtu", alen)) {
if ((a + 1) >= argc) {
#ifndef AFS_NT40_ENV
printf("Usage: ptserver [-database <db path>] "
"[-auditlog <log path>] "
+ "[-audit-interface <file|sysvmq> (default is file)] "
"[-syslog[=FACILITY]] [-d <debug level>] "
"[-p <number of processes>] [-rebuild] "
"[-groupdepth <depth>] "
"[-help]\n");
#else /* AFS_NT40_ENV */
printf("Usage: ptserver [-database <db path>] "
- "[-auditlog <log path>] [-d <debug level>] "
+ "[-auditlog <log path>] "
+ "[-audit-interface <file|sysvmq> (default is file)] "
+ "[-d <debug level>] "
"[-p <number of processes>] [-rebuild] [-rxbind] "
"[-allow-dotted-principals] "
"[-default_access default_user_access default_group_access] "
#else
#ifndef AFS_NT40_ENV
printf("Usage: ptserver [-database <db path>] "
- "[-auditlog <log path>] [-d <debug level>] "
+ "[-auditlog <log path>] "
+ "[-audit-interface <file|sysvmq> (default is file)] "
+ "[-d <debug level>] "
"[-syslog[=FACILITY]] "
"[-p <number of processes>] [-rebuild] "
"[-enable_peer_stats] [-enable_process_stats] "
#endif
}
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ osi_audit(PTS_StartEvent, 0, AUD_END);
+ }
+
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "ptserver";
#endif
("With %d directory buffers; %d reads resulted in %d read I/Os\n",
dirbuff, dircall, dirio));
rx_PrintStats(stderr);
+ audit_PrintStats(stderr);
h_PrintStats();
PrintCallBackStats();
#ifdef AFS_NT40_ENV
fputs("Usage: fileserver ", stdout);
fputs("[-auditlog <log path>] ", stdout);
+ fputs("[-audit-interface <file|sysvmq> (default is file)] ", stdout);
fputs("[-d <debug level>] ", stdout);
fputs("[-p <number of processes>] ", stdout);
fputs("[-spare <number of spare blocks>] ", stdout);
int Sawbusy = 0;
int i;
int bufSize = 0; /* temp variable to read in udp socket buf size */
+ char *auditFileName = NULL;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-d")) {
rx_enableProcessRPCStats();
}
else if (strcmp(argv[i], "-auditlog") == 0) {
- char *fileName = argv[++i];
+ auditFileName = argv[++i];
+ }
+ else if (strcmp(argv[i], "-audit-interface") == 0) {
+ char *interface = argv[++i];
- osi_audit_file(fileName);
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ return -1;
+ }
}
#ifndef AFS_NT40_ENV
else if (strcmp(argv[i], "-syslog") == 0) {
}
if (!Sawbusy)
busy_threshold = 3 * rxpackets / 2;
+ if (auditFileName)
+ osi_audit_file(auditFileName);
return (0);
int noAuth = 0, index, i;
char commandLine[150];
char clones[MAXHOSTSPERCELL];
+ char *auditFileName = NULL;
afs_uint32 host = ntohl(INADDR_ANY);
#ifdef AFS_AIX32_ENV
extern char rxi_tracename[80];
strcpy(rxi_tracename, argv[++index]);
- } else if (strcmp(argv[index], "-auditlog") == 0) {
- char *fileName = argv[++index];
+ } else if (strcmp(argv[index], "-auditlog") == 0) {
+ auditFileName = argv[++index];
+
+ } else if (strcmp(argv[index], "-audit-interface") == 0) {
+ char *interface = argv[++index];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ return -1;
+ }
- osi_audit_file(fileName);
} else if (strcmp(argv[index], "-enable_peer_stats") == 0) {
rx_enablePeerRPCStats();
} else if (strcmp(argv[index], "-enable_process_stats") == 0) {
}
}
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ }
+
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
int rxMaxMTU = -1;
int bufSize = 0; /* temp variable to read in udp socket buf size */
afs_uint32 host = ntohl(INADDR_ANY);
+ char *auditFileName = NULL;
#ifdef AFS_AIX32_ENV
/*
lwps = MAXLWP;
}
} else if (strcmp(argv[code], "-auditlog") == 0) {
- char *fileName = argv[++code];
+ auditFileName = argv[++code];
- osi_audit_file(fileName);
- osi_audit(VS_StartEvent, 0, AUD_END);
+ } else if (strcmp(argv[code], "-audit-interface") == 0) {
+ char *interface = argv[++code];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ return -1;
+ }
} else if (strcmp(argv[code], "-nojumbo") == 0) {
rxJumbograms = 0;
} else if (strcmp(argv[code], "-jumbo") == 0) {
VS_EXIT(1);
}
}
+
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ osi_audit(VS_StartEvent, 0, AUD_END);
+ }
#ifdef AFS_SGI_VNODE_GLUE
if (afs_init_kernel_config(-1) < 0) {
printf
projects / packages / o / openafs.git / commitdiff