[launchd-changes] [23765] branches/PR-6424345

source_changes at macosforge.org source_changes at macosforge.org
Thu Dec 18 14:10:28 PST 2008 

Revision: 23765
          http://trac.macosforge.org/projects/launchd/changeset/23765
Author:   nectar at apple.com
Date:     2008-12-18 14:10:27 -0800 (Thu, 18 Dec 2008)
Log Message:
-----------
Calls the libauditd (quick) start up and shutdown routines:
audit_quick_start() and audit_quick_stop().   Auditing is started if
auditd is enabled in the org.trustedbsd.auditd.plist launchd file and
shutdown before the root launchd terminates.   The "steady state"
maintenance of the audit trail files is handled by the auditd daemon
which is started by launchd when triggers are sent from the kernel on
its host special mach ipc port.  On shutdown launchd calls
audit_quick_stop() which will cleaning terminate auditing, if enabled.

Modified Paths:
--------------
    branches/PR-6424345/launchd/src/config.h
    branches/PR-6424345/launchd/src/launchctl.c
    branches/PR-6424345/launchd/src/launchd.c
    branches/PR-6424345/launchd.xcodeproj/project.pbxproj

Modified: branches/PR-6424345/launchd/src/config.h
===================================================================
--- branches/PR-6424345/launchd/src/config.h	2008-12-18 22:08:41 UTC (rev 23764)
+++ branches/PR-6424345/launchd/src/config.h	2008-12-18 22:10:27 UTC (rev 23765)
@@ -4,4 +4,5 @@
 #define HAVE_QUARANTINE TARGET_HAVE_QUARANTINE
 #define HAVE_SANDBOX TARGET_HAVE_SANDBOX
 #define HAVE_SECURITY !TARGET_HAVE_EMBEDDED_SECURITY
+#define HAVE_LIBAUDITD !TARGET_OS_EMBEDDED
 #endif /* __CONFIG_H__ */

Modified: branches/PR-6424345/launchd/src/launchctl.c
===================================================================
--- branches/PR-6424345/launchd/src/launchctl.c	2008-12-18 22:08:41 UTC (rev 23764)
+++ branches/PR-6424345/launchd/src/launchctl.c	2008-12-18 22:10:27 UTC (rev 23765)
@@ -20,6 +20,7 @@
 
 static const char *const __rcs_file_version__ = "$Revision$";
 
+#include "config.h"
 #include "launch.h"
 #include "launch_priv.h"
 #include "bootstrap.h"
@@ -81,6 +82,13 @@
 #include <spawn.h>
 #include <sys/syslimits.h>
 
+#if HAVE_LIBAUDITD
+#include <bsm/auditd_lib.h>
+#ifndef	AUDITD_PLIST_FILE
+#define	AUDITD_PLIST_FILE "/System/Library/LaunchDaemons/org.trustedbsd.auditd.plist"
+#endif
+#endif
+
 extern char **environ;
 
 
@@ -1413,6 +1421,9 @@
 	int hnmib[] = { CTL_KERN, KERN_HOSTNAME };
 	struct kevent kev;
 	int kq;
+#if HAVE_LIBAUDITD
+	launch_data_t lda, ldb;
+#endif
 
 	do_sysversion_sysctl();
 
@@ -1496,10 +1507,20 @@
 	assumes(touch_file(_PATH_UTMPX, DEFFILEMODE) != -1);
 	assumes(touch_file(_PATH_VARRUN "/.systemStarterRunning", DEFFILEMODE) != -1);
 
+#if HAVE_LIBAUDITD
+	/*
+	 * Only start auditing if not "Disabled" in auditd plist.
+	 */
+	if ((lda = read_plist_file(AUDITD_PLIST_FILE, false, false)) != NULL && 
+	    ((ldb = launch_data_dict_lookup(lda, LAUNCH_JOBKEY_DISABLED)) == NULL ||
+	    job_disabled_logic(ldb) == false))
+		assumes(audit_quick_start() == 0);
+#else
 	if (path_check("/etc/security/rc.audit")) {
 		const char *audit_tool[] = { _PATH_BSHELL, "/etc/security/rc.audit", NULL };
 		assumes(fwexec(audit_tool, NULL) != -1);
 	}
+#endif
 
 	do_BootCache_magic(BOOTCACHE_START);
 
@@ -1696,7 +1717,7 @@
 
 		if (strcasecmp(session_type, VPROCMGR_SESSION_BACKGROUND) == 0) {
 			read_launchd_conf();
-#if HAVE_SECURITY
+#if 0 /* XXX PR-6456403 */
 			assumes(SessionCreate(sessionKeepCurrentBootstrap, 0) == 0);
 #endif
 		}

Modified: branches/PR-6424345/launchd/src/launchd.c
===================================================================
--- branches/PR-6424345/launchd/src/launchd.c	2008-12-18 22:08:41 UTC (rev 23764)
+++ branches/PR-6424345/launchd/src/launchd.c	2008-12-18 22:10:27 UTC (rev 23765)
@@ -70,6 +70,10 @@
 #include <sched.h>
 #include <pthread.h>
 
+#if HAVE_LIBAUDITD
+#include <bsm/auditd_lib.h>
+#endif
+
 #include "bootstrap.h"
 #include "vproc.h"
 #include "vproc_priv.h"
@@ -340,6 +344,10 @@
 	runtime_syslog(LOG_NOTICE, "%s%s began at: %lld.%06llu", term_who, pid1_magic ? "" : g_username, now / USEC_PER_SEC, now % USEC_PER_SEC);
 
 	launchd_assert(jobmgr_shutdown(root_jobmgr) != NULL);
+
+#if HAVE_LIBAUDITD
+	launchd_assert(audit_quick_stop() == 0);
+#endif
 }
 
 void

Modified: branches/PR-6424345/launchd.xcodeproj/project.pbxproj
===================================================================
--- branches/PR-6424345/launchd.xcodeproj/project.pbxproj	2008-12-18 22:08:41 UTC (rev 23764)
+++ branches/PR-6424345/launchd.xcodeproj/project.pbxproj	2008-12-18 22:10:27 UTC (rev 23765)
@@ -51,9 +51,11 @@
 
 /* Begin PBXBuildFile section */
 		4B9EDCA20EAFC77E00A78496 /* DiskArbitration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4B9EDCA10EAFC77E00A78496 /* DiskArbitration.framework */; };
+		7215DE4C0EFAF2EC00ABD81E /* libauditd.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */; };
 		721FBEBC0EA7AE2F0057462B /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 721FBEBB0EA7AE2F0057462B /* Security.framework */; };
 		726055EC0EA7EC2400D65FE7 /* mach_exc.defs in Sources */ = {isa = PBXBuildFile; fileRef = FC36291F0E9349410054F1A3 /* mach_exc.defs */; settings = {ATTRIBUTES = (Server, ); }; };
 		726056090EA7FCF200D65FE7 /* launchd_ktrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72FDB15D0EA7D7B200B2AC84 /* launchd_ktrace.c */; };
+		72AFE8090EFAF3D9004BDA46 /* libauditd.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */; };
 		72FDB15F0EA7D7B200B2AC84 /* launchd_ktrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72FDB15D0EA7D7B200B2AC84 /* launchd_ktrace.c */; };
 		72FDB1C00EA7E21C00B2AC84 /* protocol_job_forward.defs in Sources */ = {isa = PBXBuildFile; fileRef = 72FDB1BF0EA7E21C00B2AC84 /* protocol_job_forward.defs */; };
 		FC3627BA0E9343220054F1A3 /* StartupItems.c in Sources */ = {isa = PBXBuildFile; fileRef = FC59A0FD0E8C8ADF00D41150 /* StartupItems.c */; };
@@ -288,6 +290,7 @@
 
 /* Begin PBXFileReference section */
 		4B9EDCA10EAFC77E00A78496 /* DiskArbitration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = DiskArbitration.framework; path = /System/Library/Frameworks/DiskArbitration.framework; sourceTree = "<absolute>"; };
+		7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libauditd.dylib; path = /usr/lib/libauditd.dylib; sourceTree = "<absolute>"; };
 		721FBEA50EA7ABC40057462B /* config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = config.h; path = launchd/src/config.h; sourceTree = "<group>"; };
 		721FBEBB0EA7AE2F0057462B /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = "<absolute>"; };
 		72FDB15D0EA7D7B200B2AC84 /* launchd_ktrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = launchd_ktrace.c; path = launchd/src/launchd_ktrace.c; sourceTree = "<group>"; };
@@ -363,6 +366,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				FC36292D0E934AA40054F1A3 /* libbsm.dylib in Frameworks */,
+				7215DE4C0EFAF2EC00ABD81E /* libauditd.dylib in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -380,6 +384,7 @@
 				FCC841CC0EA7138700C01666 /* IOKit.framework in Frameworks */,
 				FC3628080E9345E10054F1A3 /* CoreFoundation.framework in Frameworks */,
 				FCD713740E95DE49001B0111 /* libedit.dylib in Frameworks */,
+				72AFE8090EFAF3D9004BDA46 /* libauditd.dylib in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -471,6 +476,7 @@
 				4B9EDCA10EAFC77E00A78496 /* DiskArbitration.framework */,
 				721FBEBB0EA7AE2F0057462B /* Security.framework */,
 				FC36292C0E934AA40054F1A3 /* libbsm.dylib */,
+				7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */,
 				FCD713730E95DE49001B0111 /* libedit.dylib */,
 				FC3628070E9345E10054F1A3 /* CoreFoundation.framework */,
 				FC36283E0E93463C0054F1A3 /* IOKit.framework */,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/launchd-changes/attachments/20081218/89feda9f/attachment-0001.html>

More information about the launchd-changes mailing list