2
* Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
4
* Permission to use, copy, modify, and distribute this software for any
5
* purpose with or without fee is hereby granted, provided that the above
6
* copyright notice and this permission notice appear in all copies.
8
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
#include <sys/types.h>
28
#endif /* STDC_HEADERS */
38
#include "linux_audit.h"
41
* Open audit connection if possible.
42
* Returns audit fd on success and -1 on failure.
45
linux_audit_open(void)
47
static int au_fd = -1;
53
/* Kernel may not have audit support. */
54
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
55
error(1, "unable to open audit system");
57
(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
63
linux_audit_command(char *argv[], int result)
66
char *command, *cp, **av;
69
if ((au_fd = linux_audit_open()) == -1)
72
/* Convert argv to a flat string. */
73
for (size = 0, av = argv; *av != NULL; av++)
74
size += strlen(*av) + 1;
75
command = cp = emalloc(size);
76
for (av = argv; *av != NULL; av++) {
77
n = strlcpy(cp, *av, size - (cp - command));
78
if (n >= size - (cp - command))
79
errorx(1, "internal error, linux_audit_command() overflow");
85
/* Log command, ignoring ECONNREFUSED on error. */
86
rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
87
if (rc <= 0 && errno != ECONNREFUSED)
88
warning("unable to send audit message");
97
linux_audit_role_change(const char *old_context,
98
const char *new_context, const char *ttyn)
103
if ((au_fd = linux_audit_open()) == -1)
106
/* audit role change using the same format as newrole(1) */
107
easprintf(&message, "newrole: old-context=%s new-context=%s",
108
old_context, new_context);
109
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
110
message, NULL, NULL, ttyn, 1);
112
warning("unable to send audit message");
118
#endif /* HAVE_SELINUX */