From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Guy Briggs <rgb@redhat.com>
Subject: [userspace PATCH v2 3/3] Check sessionID* fields available in kernel
Date: Thu, 18 Aug 2016 14:47:34 -0400
Message-ID: <1471546054-4536-4-git-send-email-rgb@redhat.com>
References: <1471546054-4536-1-git-send-email-rgb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1471546054-4536-1-git-send-email-rgb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: Richard Guy Briggs <rgb@redhat.com>
List-Id: linux-audit@redhat.com

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 trunk/lib/libaudit.c |    8 ++++++--
 trunk/lib/libaudit.h |    3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/trunk/lib/libaudit.c b/trunk/lib/libaudit.c
index 5ffb720..a254a01 100644
--- a/trunk/lib/libaudit.c
+++ b/trunk/lib/libaudit.c
@@ -1647,11 +1647,13 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 			else 
 				return -21;
 			break;
+		case AUDIT_SESSIONID_SET:
+			if ((features & AUDIT_FEATURE_BITMAP_SESSIONID_FILTER) == 0)
+				return -30;
+			/* fallthrough */
 		case AUDIT_LOGINUID_SET:
 			if(!features)
 				return -30;
-			/* fallthrough */
-		case AUDIT_SESSIONID_SET:
 			if (flags != AUDIT_FILTER_EXCLUDE &&
 			    flags != AUDIT_FILTER_USER &&
 			    flags != AUDIT_FILTER_EXIT)
@@ -1666,6 +1668,8 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 				return -32;
 			break;
 		case AUDIT_SESSIONID:
+			if ((features & AUDIT_FEATURE_BITMAP_SESSIONID_FILTER) == 0)
+				return -30;
 			if (flags != AUDIT_FILTER_EXCLUDE &&
 			    flags != AUDIT_FILTER_USER &&
 			    flags != AUDIT_FILTER_EXIT)
diff --git a/trunk/lib/libaudit.h b/trunk/lib/libaudit.h
index f8007c1..14bbf2d 100644
--- a/trunk/lib/libaudit.h
+++ b/trunk/lib/libaudit.h
@@ -281,6 +281,9 @@ extern "C" {
 #ifndef AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND
 #define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND	0x00000008
 #endif
+#ifndef AUDIT_FEATURE_BITMAP_SESSIONID_FILTER
+#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x00000010
+#endif
 
 /* Defines for interfield comparison update */
 #ifndef AUDIT_OBJ_UID
-- 
1.7.1