Annotation of embedaddon/sudo/plugins/sudoers/linux_audit.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: #include <config.h>
18:
19: #include <sys/types.h>
20: #include <stdio.h>
21: #ifdef STDC_HEADERS
22: # include <stdlib.h>
23: # include <stddef.h>
24: #else
25: # ifdef HAVE_STDLIB_H
26: # include <stdlib.h>
27: # endif
28: #endif /* STDC_HEADERS */
29: #include <errno.h>
30: #include <fcntl.h>
31: #include <string.h>
32: #include <libaudit.h>
33:
34: #include "missing.h"
35: #include "error.h"
36: #include "alloc.h"
37: #include "gettext.h"
38: #include "linux_audit.h"
39:
40: /*
41: * Open audit connection if possible.
42: * Returns audit fd on success and -1 on failure.
43: */
44: static int
45: linux_audit_open(void)
46: {
47: static int au_fd = -1;
48:
49: if (au_fd != -1)
50: return au_fd;
51: au_fd = audit_open();
52: if (au_fd == -1) {
53: /* Kernel may not have audit support. */
54: if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
55: error(1, _("unable to open audit system"));
56: } else {
57: (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
58: }
59: return au_fd;
60: }
61:
62: int
63: linux_audit_command(char *argv[], int result)
64: {
65: int au_fd, rc;
66: char *command, *cp, **av;
67: size_t size, n;
68:
69: if ((au_fd = linux_audit_open()) == -1)
70: return -1;
71:
72: /* Convert argv to a flat string. */
73: for (size = 0, av = argv; *av != NULL; av++)
74: size += strlen(*av) + 1;
75: command = cp = emalloc(size);
76: for (av = argv; *av != NULL; av++) {
77: n = strlcpy(cp, *av, size - (cp - command));
78: if (n >= size - (cp - command))
79: errorx(1, _("internal error, linux_audit_command() overflow"));
80: cp += n;
81: *cp++ = ' ';
82: }
83: *--cp = '\0';
84:
85: /* Log command, ignoring ECONNREFUSED on error. */
86: rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
87: if (rc <= 0 && errno != ECONNREFUSED)
88: warning(_("unable to send audit message"));
89:
90: efree(command);
91:
92: return rc;
93: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>