From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Abhishek Gupta" Subject: some problem with my event dispatcher Date: Mon, 17 Dec 2007 13:40:46 +0530 Message-ID: <18436f8f0712170010k59a65102kaf1cffb7c4566d35@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1625603819==" Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lBH8BBQ2007009 for ; Mon, 17 Dec 2007 03:11:12 -0500 Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lBH8Ak1S018533 for ; Mon, 17 Dec 2007 03:10:49 -0500 Received: by rv-out-0910.google.com with SMTP id k15so1814539rvb.51 for ; Mon, 17 Dec 2007 00:10:46 -0800 (PST) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============1625603819== Content-Type: multipart/alternative; boundary="----=_Part_6622_8616119.1197879046496" ------=_Part_6622_8616119.1197879046496 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline This is a just a sample real time event dispatcher program from http://people.redhat.com/sgrubb/audit/audit-rt-events.txt. I am just trying to write the data coming from daemon in some regular file instead of syslog.But it seems that even the file is not getting created.Isthere some kind of restriction that we can't call functions like fopen(),open(),etc ? Please tell what's the problem and how it can be solved. And if possible just give an sample example so that i can understand it better. The added lines of code i have marked with "+". Here is the code.. #include #include #include #include #include #include #include #include #include #include #include "libaudit.h" // Local data static volatile int signaled = 0; static int pipe_fd; static const char *pgm = "skeleton"; // Local functions static int event_loop(void); // SIGTERM handler static void term_handler( int sig ) { signaled = 1; } /* * main is started by auditd. See dispatcher in auditd.conf */ int main(int argc, char *argv[]) { struct sigaction sa; setlocale (LC_ALL, ""); openlog(pgm, LOG_PID, LOG_DAEMON); syslog(LOG_NOTICE, "starting..."); #ifndef DEBUG // Make sure we are root if (getuid() != 0) { syslog(LOG_ERR, "You must be root to run this program."); return 4; } #endif // register sighandlers sa.sa_flags = 0 ; sa.sa_handler = term_handler; sigemptyset( &sa.sa_mask ) ; sigaction( SIGTERM, &sa, NULL ); sa.sa_handler = term_handler; sigemptyset( &sa.sa_mask ) ; sigaction( SIGCHLD, &sa, NULL ); sa.sa_handler = SIG_IGN; sigaction( SIGHUP, &sa, NULL ); (void)chdir("/"); // change over to pipe_fd pipe_fd = dup(0); close(0); open("/dev/null", O_RDONLY); fcntl(pipe_fd, F_SETFD, FD_CLOEXEC); // Start the program return event_loop(); } static int event_loop(void) { void* data; + FILE* fp=NULL; struct iovec vec[2]; struct audit_dispatcher_header hdr; // allocate data structures data = malloc(MAX_AUDIT_MESSAGE_LENGTH); if (data == NULL) { syslog(LOG_ERR, "Cannot allocate buffer"); return 1; } memset(data, 0, MAX_AUDIT_MESSAGE_LENGTH); memset(&hdr, 0, sizeof(hdr)); do { int rc; struct timeval tv; fd_set fd; tv.tv_sec = 1; tv.tv_usec = 0; FD_ZERO(&fd); FD_SET(pipe_fd, &fd); rc = select(pipe_fd+1, &fd, NULL, NULL, &tv); if (rc == 0) continue; else if (rc == -1) break; /* Get header first. it is fixed size */ vec[0].iov_base = (void*)&hdr; vec[0].iov_len = sizeof(hdr); // Next payload vec[1].iov_base = data; vec[1].iov_len = MAX_AUDIT_MESSAGE_LENGTH; rc = readv(pipe_fd, vec, 2); if (rc == 0 || rc == -1) { syslog(LOG_ERR, "rc == %d(%s)", rc, strerror(errno)); break; } // handle events here. Just for illustration, we print // to syslog, but you will want to do something else. + //I want to write the data in some regular file instead of syslog but in doing that it seems that even + // the file doesn't get created or open.Given below is just a simple code + fp=fopen("tempfile.txt","w+"); + fwrite((char*)data,sizeof(char),30,fp); + fclose(fp); syslog(LOG_NOTICE,"type=%d, payload size=%d", hdr.type, hdr.size); syslog(LOG_NOTICE,"data=\"%.*s\"", hdr.size, (char *)data); } while(!signaled); return 0; } ------=_Part_6622_8616119.1197879046496 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline This is a just a sample real time event dispatcher program from http://people.redhat.com/sgrubb/audit/audit-rt-events.txt.
I am just trying to write the data coming from daemon in some regular file instead of syslog.But it seems that even the file is not getting created.Is there some kind of restriction that we can't call functions like fopen(),open(),etc ?
Please tell what's the problem and how it can be solved.
And if possible just give an sample example so that i can understand it better.
The added lines of code i have marked with "+".

Here is the code..

#include <stdio.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <locale.h >
#include "libaudit.h"


// Local data
static volatile int signaled = 0;
static int pipe_fd;
static const char *pgm = "skeleton";

// Local functions
static int event_loop(void);

// SIGTERM handler
static void term_handler( int sig )
{
    signaled = 1;
}


/*
 * main is started by auditd. See dispatcher in auditd.conf
 */
int main(int argc, char *argv[])
{
    struct sigaction sa;

    setlocale (LC_ALL, "");
    openlog(pgm, LOG_PID, LOG_DAEMON);
    syslog(LOG_NOTICE, "starting...");

#ifndef DEBUG
    // Make sure we are root
    if (getuid() != 0) {
        syslog(LOG_ERR, "You must be root to run this program.");
        return 4;
    }
#endif

    // register sighandlers
    sa.sa_flags = 0 ;
    sa.sa_handler = term_handler;
    sigemptyset( &sa.sa_mask ) ;
    sigaction( SIGTERM, &sa, NULL );
    sa.sa_handler = term_handler;
    sigemptyset( &sa.sa_mask ) ;
    sigaction( SIGCHLD, &sa, NULL );
    sa.sa_handler = SIG_IGN;
    sigaction( SIGHUP, &sa, NULL );
    (void)chdir("/");

    // change over to pipe_fd
    pipe_fd = dup(0);
    close(0);
    open("/dev/null", O_RDONLY);
    fcntl(pipe_fd, F_SETFD, FD_CLOEXEC);

    // Start the program
    return event_loop();
}

static int event_loop(void)
{
    void* data;
+    FILE* fp=NULL;
    struct iovec vec[2];
    struct audit_dispatcher_header hdr;

    // allocate data structures
    data = malloc(MAX_AUDIT_MESSAGE_LENGTH);
    if (data == NULL) {
        syslog(LOG_ERR, "Cannot allocate buffer");
        return 1;
    }
    memset(data, 0, MAX_AUDIT_MESSAGE_LENGTH);
    memset(&hdr, 0, sizeof(hdr));

    do {
        int rc;
        struct timeval tv;
        fd_set fd;

        tv.tv_sec = 1;
        tv.tv_usec = 0;
        FD_ZERO(&fd);
        FD_SET(pipe_fd, &fd);
        rc = select(pipe_fd+1, &fd, NULL, NULL, &tv);
        if (rc == 0)
            continue;
         else if (rc == -1)
            break;

        /* Get header first. it is fixed size */
        vec[0].iov_base = (void*)&hdr;
        vec[0].iov_len = sizeof(hdr);

            // Next payload
        vec[1].iov_base = data;
        vec[1].iov_len = MAX_AUDIT_MESSAGE_LENGTH;

        rc = readv(pipe_fd, vec, 2);
        if (rc == 0 || rc == -1) {
            syslog(LOG_ERR, "rc == %d(%s)", rc, strerror(errno));
            break;
        }

        // handle events here. Just for illustration, we print
        // to syslog, but you will want to do something else.


+        //I want to write the data in some regular file instead of syslog but in doing that it seems that even
+        // the file doesn't get created or open.Given below is just a simple code
+        fp=fopen("tempfile.txt","w+");
+        fwrite((char*)data,sizeof(char),30,fp);
+        fclose(fp);

        syslog(LOG_NOTICE,"type=%d, payload size=%d",
            hdr.type, hdr.size);
        syslog(LOG_NOTICE,"data=\"%.*s\"", hdr.size,
            (char *)data);

    } while(!signaled);

    return 0;
}

------=_Part_6622_8616119.1197879046496-- --===============1625603819== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============1625603819==--