Add configuration for persistent queues

This only adds configuration handling, the configuration will
be used in later patches.
Index: audit/audisp/plugins/remote/audisp-remote.conf.5
===================================================================
--- audit.orig/audisp/plugins/remote/audisp-remote.conf.5
+++ audit/audisp/plugins/remote/audisp-remote.conf.5
@@ -1,4 +1,4 @@
-.TH AUDISP-REMOTE.CONF: "5" "Dec 2008" "Red Hat" "System Administration Utilities"
+.TH AUDISP-REMOTE.CONF: "5" "Mar 2011" "Red Hat" "System Administration Utilities"
 .SH NAME
 audisp-remote.conf \- the audisp-remote configuration file
 .SH DESCRIPTION
@@ -32,10 +32,15 @@ If set to
 .IR immediate ,
 the remote logging app will attempt to send events immediately after getting them.
 .I forward
-, which is not implemented yet, means that it will store the events to disk and then attempt to send the records. If the connection cannot be made, it will queue records until it can connection to the remote system. The depth of the queue is controlled by the
+means that it will store the events to disk and then attempt to send the records. If the connection cannot be made, it will queue records until it can connect to the remote system. The depth of the queue is controlled by the
 .I queue_depth
 option.
 .TP
+.I queue_file
+Path of a file used for the event queue if
+.I mode
+is set to \fIforward\fP.  The default is \fB/var/lib/auditd-remote/queue\fP.
+.TP
 .I queue_depth
 This option is an unsigned integer that determines how many records can be buffered to disk or in memory before considering it to be a failure sending. This parameter affects the
 .I forward
@@ -52,7 +57,11 @@ the remote end, and to receive status me
 If
 .I ascii
 is given instead, each message is a simple ASCII text line with no
-overhead at all.
+overhead at all.  If
+.I mode
+is set to \fIforward\fP,
+.I format
+must be \fImanaged\fP.
 .TP
 .I network_retry_time
 The time, in seconds, between retries when a network error is
@@ -127,6 +136,10 @@ Likewise, this parameter tells the syste
 remote end signals a warning we don't recognize.  The default is to
 log it to syslog.
 .TP
+.I queue_error_action
+Likewise, this parameter tells the system what action to take if there
+is a problem working with a local record queue.  The default is to exit.
+.TP
 .I overflow_action
 This parameter tells the system what action to take if the
 internal event queue overflows. Valid values are
Index: audit/audisp/plugins/remote/remote-config.c
===================================================================
--- audit.orig/audisp/plugins/remote/remote-config.c
+++ audit/audisp/plugins/remote/remote-config.c
@@ -68,6 +68,8 @@ static int transport_parser(struct nv_pa
 		remote_conf_t *config);
 static int mode_parser(struct nv_pair *nv, int line, 
 		remote_conf_t *config);
+static int queue_file_parser(struct nv_pair *nv, int line,
+		remote_conf_t *config);
 static int depth_parser(struct nv_pair *nv, int line, 
 		remote_conf_t *config);
 static int format_parser(struct nv_pair *nv, int line, 
@@ -96,6 +98,7 @@ AP(disk_full)
 AP(disk_error)
 AP(generic_error)
 AP(generic_warning)
+AP(queue_error)
 #undef AP
 static int remote_ending_action_parser(struct nv_pair *nv, int line,
                 remote_conf_t *config);
@@ -110,6 +113,7 @@ static const struct kw_pair keywords[] =
   {"local_port",       local_port_parser,	0 },
   {"transport",        transport_parser,	0 },
   {"mode",             mode_parser,		0 },
+  {"queue_file",       queue_file_parser,	0 },
   {"queue_depth",      depth_parser,		0 },
   {"format",           format_parser,		0 },
   {"network_retry_time",     network_retry_time_parser,         0 },
@@ -127,6 +131,7 @@ static const struct kw_pair keywords[] =
   {"remote_ending_action",   remote_ending_action_parser,	1 },
   {"generic_error_action",   generic_error_action_parser,	1 },
   {"generic_warning_action", generic_warning_action_parser,	1 },
+  {"queue_error_action",     queue_error_action_parser,		1 },
   {"overflow_action",        overflow_action_parser,		1 },
   { NULL,                    NULL,                              0 }
 };
@@ -140,7 +145,7 @@ static const struct nv_list transport_wo
 static const struct nv_list mode_words[] =
 {
   {"immediate",  M_IMMEDIATE },
-//  {"forward",    M_STORE_AND_FORWARD },
+  {"forward",    M_STORE_AND_FORWARD },
   { NULL,  0 }
 };
 
@@ -192,6 +197,7 @@ void clear_config(remote_conf_t *config)
 	config->local_port = 0;
 	config->transport = T_TCP;
 	config->mode = M_IMMEDIATE;
+	config->queue_file = NULL;
 	config->queue_depth = 200;
 	config->format = F_MANAGED;
 
@@ -208,6 +214,7 @@ void clear_config(remote_conf_t *config)
 	IA(remote_ending, FA_SUSPEND);
 	IA(generic_error, FA_SYSLOG);
 	IA(generic_warning, FA_SYSLOG);
+	IA(queue_error, FA_STOP);
 #undef IA
 	config->overflow_action = OA_SYSLOG;
 
@@ -543,6 +550,21 @@ static int mode_parser(struct nv_pair *n
 	return 1;
 }
 
+static int queue_file_parser(struct nv_pair *nv, int line,
+		remote_conf_t *config)
+{
+	if (nv->value) {
+		if (*nv->value != '/') {
+			syslog(LOG_ERR, "Absolute path needed for %s - line %d",
+			       nv->value, line);
+			return 1;
+		}
+		config->queue_file = strdup(nv->value);
+	} else
+		config->queue_file = NULL;
+	return 0;
+}
+
 static int depth_parser(struct nv_pair *nv, int line,
 		remote_conf_t *config)
 {
@@ -581,6 +603,7 @@ AP(disk_full)
 AP(disk_error)
 AP(generic_error)
 AP(generic_warning)
+AP(queue_error)
 #undef AP
 
 static int overflow_action_parser(struct nv_pair *nv, int line,
@@ -729,12 +752,19 @@ static int sanity_check(remote_conf_t *c
 // port should be less that 32k
 // queue_depth should be less than 100k
 // If fail_action is F_EXEC, fail_exec must exist
+	if (config->mode == M_STORE_AND_FORWARD
+	    && config->format != F_MANAGED) {
+		syslog(LOG_ERR, "\"mode=forward\" is valid only with "
+		       "\"format=managed\"");
+		return 1;
+	}
 	return 0;
 }
 
 void free_config(remote_conf_t *config)
 {
 	free((void *)config->remote_server);
+	free((void *)config->queue_file);
 	free((void *)config->network_failure_exe);
 	free((void *)config->disk_low_exe);
 	free((void *)config->disk_full_exe);
@@ -742,6 +772,7 @@ void free_config(remote_conf_t *config)
 	free((void *)config->remote_ending_exe);
 	free((void *)config->generic_error_exe);
 	free((void *)config->generic_warning_exe);
+	free((void *)config->queue_error_exe);
 	free((void *)config->krb5_principal);
 	free((void *)config->krb5_client_name);
 	free((void *)config->krb5_key_file);
Index: audit/audisp/plugins/remote/remote-config.h
===================================================================
--- audit.orig/audisp/plugins/remote/remote-config.h
+++ audit/audisp/plugins/remote/remote-config.h
@@ -39,6 +39,7 @@ typedef struct remote_conf
 	unsigned int local_port;
 	transport_t transport;
 	rmode_t mode;
+	const char *queue_file;
 	unsigned int queue_depth;
 	format_t format;
 	unsigned int network_retry_time;
@@ -64,6 +65,8 @@ typedef struct remote_conf
 	const char *generic_error_exe;
 	failure_action_t generic_warning_action;
 	const char *generic_warning_exe;
+	failure_action_t queue_error_action;
+	const char *queue_error_exe;
 	overflow_action_t overflow_action;
 } remote_conf_t;