From: "Chu Li" <chul@cn.fujitsu.com>
To: 'Steve Grubb' <sgrubb@redhat.com>
Cc: 'linux-audit' <linux-audit@redhat.com>
Subject: [PATCH]Fix me add subj
Date: Mon, 18 Aug 2008 18:04:25 +0800 [thread overview]
Message-ID: <006001c90119$cb3a5e20$958da70a@truly> (raw)
Hi Steve,
I have made a patch for "Fixme add subj" in auditd.c. This is for the latest
codes.
Signed-off-by: Chu Li <chul@cn.fujistu.com>
---
diff --git a/src/auditd.c b/src/auditd.c
index b74199f..3843245 100755
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -53,6 +53,7 @@
#define DMSG_SIZE (DEFAULT_BUF_SZ + 48)
#define SUCCESS 0
#define FAILURE 1
+#define SUBJ_LEN 4097
/* Global Data */
volatile int stop = 0;
@@ -65,11 +66,13 @@ static int init_pipe[2];
static int do_fork = 1;
static struct auditd_reply_list *rep = NULL;
static int hup_info_requested = 0, usr1_info_requested = 0;
+static char subj[SUBJ_LEN];
/* Local function prototypes */
static void close_down(void);
static void clean_exit(void);
static int get_reply(int fd, struct audit_reply *rep, int seq);
+static char *getsubj(char *subj);
enum startup_state {startup_disable=0, startup_enable, startup_nochange,
startup_INVALID};
static const char *startup_states[] = {"disable", "enable", "nochange"};
@@ -347,11 +350,15 @@ static void netlink_handler( struct ev_loop *loop, struct
ev_io *io, int revents
if (rep == NULL) {
if ((rep = malloc(sizeof(*rep))) == NULL) {
char emsg[DEFAULT_BUF_SZ];
- snprintf(emsg, sizeof(emsg),
- "auditd error halt, auid=%u pid=%d res=failed",
- audit_getloginuid(), getpid());
+ if(subj)
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d subj=%s res=failed",
+ audit_getloginuid(), getpid(), subj);
+ else
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d res=failed",
+ audit_getloginuid(), getpid());
EV_STOP ();
- //FIXME add subj
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
audit_msg(LOG_ERR,
"Cannot allocate audit reply, exiting");
@@ -579,12 +586,18 @@ int main(int argc, char *argv[])
tell_parent(FAILURE);
return 1;
}
-//FIXME add SUBJ
- snprintf(start, sizeof(start),
- "auditd start, ver=%s format=%s "
- "kernel=%.56s auid=%u pid=%d res=success",
- VERSION, fmt, ubuf.release,
- audit_getloginuid(), getpid());
+ if(getsubj(subj))
+ snprintf(start, sizeof(start),
+ "auditd start, ver=%s format=%s "
+ "kernel=%.56s auid=%u pid=%d subj=%s res=success",
+ VERSION, fmt, ubuf.release,
+ audit_getloginuid(), getpid(), subj);
+ else
+ snprintf(start, sizeof(start),
+ "auditd start, ver=%s format=%s "
+ "kernel=%.56s auid=%u pid=%d res=success",
+ VERSION, fmt, ubuf.release,
+ audit_getloginuid(), getpid());
if (send_audit_event(AUDIT_DAEMON_START, start)) {
audit_msg(LOG_ERR, "Cannot send start message");
if (pidfile)
@@ -604,11 +617,15 @@ int main(int argc, char *argv[])
/* Tell the kernel we are alive */
if (audit_set_pid(fd, getpid(), WAIT_YES) < 0) {
char emsg[DEFAULT_BUF_SZ];
- snprintf(emsg, sizeof(emsg),
- "auditd error halt, auid=%u pid=%d res=failed",
- audit_getloginuid(), getpid());
+ if(subj)
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d subj=%s res=failed",
+ audit_getloginuid(), getpid(), subj);
+ else
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d res=failed",
+ audit_getloginuid(), getpid());
stop = 1;
-//FIXME add subj
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
audit_msg(LOG_ERR, "Unable to set audit pid, exiting");
close_down();
@@ -626,11 +643,15 @@ int main(int argc, char *argv[])
if (opt_startup != startup_nochange &&
audit_set_enabled(fd, (int)opt_startup) < 0) {
char emsg[DEFAULT_BUF_SZ];
- snprintf(emsg, sizeof(emsg),
- "auditd error halt, auid=%u pid=%d res=failed",
- audit_getloginuid(), getpid());
+ if(subj)
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d subj=%s res=failed",
+ audit_getloginuid(), getpid(), subj);
+ else
+ snprintf(emsg, sizeof(emsg),
+ "auditd error halt, auid=%u pid=%d res=failed",
+ audit_getloginuid(), getpid());
stop = 1;
-//FIXME add subj
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
audit_msg(LOG_ERR,
"Unable to set intitial audit startup state to '%s', exiting",
@@ -780,3 +801,25 @@ static int get_reply(int fd, struct audit_reply *rep, int
seq)
return -1;
}
+//get the subj of the daemon
+static char *getsubj(char *subj)
+{
+ pid_t pid = getpid();
+ char filename[48];
+ ssize_t num_read;
+ int fd;
+
+ snprintf(filename, sizeof(filename), "/proc/%u/attr/current", pid);
+ fd = open(filename, O_RDONLY);
+ if(fd == -1)
+ return NULL;
+ do {
+ num_read = read(fd, subj, SUBJ_LEN-1);
+ } while (num_read < 0 && errno == EINTR);
+ close(fd);
+ if(num_read <= 0)
+ return NULL;
+ subj[num_read] = '\0';
+ return subj;
+}
+
Regards
Chu Li
next reply other threads:[~2008-08-18 10:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-18 10:04 Chu Li [this message]
2008-08-19 20:34 ` [PATCH]Fix me add subj Steve Grubb
2008-08-26 19:34 ` Steve Grubb
2008-08-26 19:55 ` Stephen Smalley
2008-08-26 20:08 ` Steve Grubb
2008-08-27 16:04 ` Matt Anderson
2008-08-27 16:53 ` Steve Grubb
2008-08-27 21:26 ` Casey Schaufler
2008-08-28 18:41 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='006001c90119$cb3a5e20$958da70a@truly' \
--to=chul@cn.fujitsu.com \
--cc=linux-audit@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox