~ubuntu-branches/ubuntu/utopic/audit/utopic

Viewing changes to src/auditd.c

Committer: Bazaar Package Importer
Author(s): Philipp Matthias Hahn
Date: 2009-04-07 00:03:54 UTC
mfrom: (1.2.6 upstream)
mto: This revision was merged to the branch mainline in revision 16.
Revision ID: james.westby@ubuntu.com-20090407000354-ny4m29eckoycogz5

Tags: 1.7.12-1

http://bugs.debian.org/522026

http://bugs.debian.org/513937

* New upstream release. (Closes: #522026)
* Fix "typo in long description: (Closes: #513937)
* debian/control:
- Bump Standards-Version: 3.8.0

files added:
audisp/plugins/remote/queue.c

audisp/plugins/remote/queue.h

files modified:
ChangeLog

TODO

audisp/plugins/prelude/audisp-prelude.c

audisp/plugins/remote/Makefile.am

audisp/plugins/remote/Makefile.in

audisp/plugins/remote/audisp-remote.c

audisp/plugins/remote/audisp-remote.conf

audisp/plugins/remote/audisp-remote.conf.5

audisp/plugins/remote/remote-config.c

audit.spec

auparse/interpret.c

auparse/test/Makefile.am

auparse/test/Makefile.in

auparse/tty_named_keys.h

bindings/python/auparse_python.c

config.h.in

configure

configure.ac

contrib/stig.rules

debian/changelog

debian/control

debian/patches/mode.diff

docs/auditd.conf.5

docs/ausearch.8

init.d/auditd.init

init.d/auditd.sysconfig

lib/audit_logging.c

lib/errormsg.h

lib/libaudit.h

lib/msg_typetab.h

lib/netlink.c

src/auditctl.c

src/auditd-config.c

src/auditd-config.h

src/auditd-event.c

src/auditd-listen.c

src/auditd.c

src/libev/ev.c

src/libev/ev.h

src/libev/ev_epoll.c

src/libev/ev_select.c

src/libev/ev_vars.h

src/libev/ev_wrap.h

src/libev/event.c

src/libev/event.h

src/libev/libev.m4

swig/Makefile.am

swig/Makefile.in

swig/audit.py

swig/auditswig.i

tools/aulast/aulast.c

tools/aulastlog/aulastlog.8

tools/aulastlog/aulastlog.c

Show diffs side-by-side

added added

removed removed

src/auditd.c

static int get_reply(int fd, struct audit_reply *rep, int seq);

static char *getsubj(char *subj);

enum startup_state {startup_disable=0, startup_enable, startup_nochange, startup_INVALID};

enum startup_state {startup_disable=0, startup_enable, startup_nochange,

startup_INVALID};

static const char *startup_states[] = {"disable", "enable", "nochange"};

* SIGTERM handler

100

static void term_handler( struct ev_loop *loop, struct ev_signal *sig, int revents )

101

static void term_handler(struct ev_loop *loop, struct ev_signal *sig,

102

int revents)

101

103

{

102

104

EV_STOP ();

103

105

}

128

130

129

131

* Used to force log rotation

130

132

131

static void user1_handler( struct ev_loop *loop, struct ev_signal *sig, int revents )

133

static void user1_handler(struct ev_loop *loop, struct ev_signal *sig,

134

int revents)

132

135

{

133

136

int rc;

134

137

153

156

154

157

* Used with email alerts to cleanup

155

158

156

static void child_handler( struct ev_loop *loop, struct ev_signal *sig, int revents )

159

static void child_handler(struct ev_loop *loop, struct ev_signal *sig,

160

int revents)

157

161

{

158

162

while (waitpid(-1, NULL, WNOHANG) > 0)

159

163

; /* empty */

177

181

struct timespec ts;

178

182

ts.tv_sec = 0;

179

183

ts.tv_nsec = 2 * 1000 * 1000; // 2 milliseconds

180

nanosleep(&ts, NULL); /* Let other thread try to log it. */

184

nanosleep(&ts, NULL); // Let other thread try to log it

181

185

}

182

186

} else

183

187

free(rep); // This function takes custody of the memory

353

357

} while (rc < 0 && errno == EINTR);

354

358

}

355

359

356

static void netlink_handler( struct ev_loop *loop, struct ev_io *io, int revents )

360

static void netlink_handler(struct ev_loop *loop, struct ev_io *io,

361

int revents)

357

362

{

358

363

if (rep == NULL) {

359

364

if ((rep = malloc(sizeof(*rep))) == NULL) {

360

365

char emsg[DEFAULT_BUF_SZ];

361

366

if (*subj)

362

367

snprintf(emsg, sizeof(emsg),

363

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

368

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

364

369

audit_getloginuid(), getpid(), subj);

365

370

else

366

371

snprintf(emsg, sizeof(emsg),

367

"auditd error halt, auid=%u pid=%d res=failed",

372

"auditd error halt, auid=%u pid=%d res=failed",

368

373

audit_getloginuid(), getpid());

369

374

EV_STOP ();

370

375

send_audit_event(AUDIT_DAEMON_ABORT, emsg);

392

397

case AUDIT_SIGNAL_INFO:

393

398

if (hup_info_requested) {

394

399

audit_msg(LOG_DEBUG,

395

"HUP detected, starting config manager");

400

"HUP detected, starting config manager");

396

401

if (start_config_manager(rep)) {

397

402

send_audit_event(

398

403

AUDIT_DAEMON_CONFIG,

399

"auditd error getting hup info - no change,"

400

" sending auid=? pid=? subj=? res=failed");

404

"auditd error getting hup info - no change,"

405

" sending auid=? pid=? subj=? res=failed");

401

406

}

402

407

rep = NULL;

403

408

hup_info_requested = 0;

406

411

if (rep->reply.len == 24) {

407

412

snprintf(usr1,

408

413

sizeof(usr1),

409

"auditd sending auid=? pid=? subj=?");

414

"auditd sending auid=? pid=? subj=?");

410

415

} else {

411

416

snprintf(usr1,

412

417

sizeof(usr1),

413

"auditd sending auid=%u pid=%d subj=%s",

418

"auditd sending auid=%u pid=%d subj=%s",

414

419

rep->reply.signal_info->uid,

415

420

rep->reply.signal_info->pid,

416

421

rep->reply.signal_info->ctx);

417

422

}

418

send_audit_event(

419

AUDIT_DAEMON_ROTATE,

420

usr1);

423

send_audit_event(AUDIT_DAEMON_ROTATE, usr1);

421

424

}

422

425

break;

423

426

default:

432

435

}

433

436

}

434

437

435

static void periodic_handler( struct ev_loop *loop, struct ev_periodic *per, int revents )

438

static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,

439

int revents )

436

440

{

437

441

if (config.tcp_client_max_idle)

438

442

auditd_tcp_listen_check_idle (loop);

614

618

if(getsubj(subj))

615

619

snprintf(start, sizeof(start),

616

620

"auditd start, ver=%s format=%s "

617

"kernel=%.56s auid=%u pid=%d subj=%s res=success",

621

"kernel=%.56s auid=%u pid=%d subj=%s res=success",

618

622

VERSION, fmt, ubuf.release,

619

623

audit_getloginuid(), getpid(), subj);

620

624

else

644

648

char emsg[DEFAULT_BUF_SZ];

645

649

if (*subj)

646

650

snprintf(emsg, sizeof(emsg),

647

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

651

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

648

652

audit_getloginuid(), getpid(), subj);

649

653

else

650

654

snprintf(emsg, sizeof(emsg),

670

674

char emsg[DEFAULT_BUF_SZ];

671

675

if (*subj)

672

676

snprintf(emsg, sizeof(emsg),

673

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

677

"auditd error halt, auid=%u pid=%d subj=%s res=failed",

674

678

audit_getloginuid(), getpid(), subj);

675

679

else

676

680

snprintf(emsg, sizeof(emsg),

679

683

stop = 1;

680

684

send_audit_event(AUDIT_DAEMON_ABORT, emsg);

681

685

audit_msg(LOG_ERR,

682

"Unable to set intitial audit startup state to '%s', exiting",

686

"Unable to set intitial audit startup state to '%s', exiting",

683

687

startup_states[opt_startup]);

684

688

close_down();

685

689

if (pidfile)

688

692

return 1;

689

693

}

690

694

audit_msg(LOG_NOTICE,

691

"Init complete, auditd %s listening for events (startup state %s)",

695

"Init complete, auditd %s listening for events (startup state %s)",

692

696

VERSION,

693

697

startup_states[opt_startup]);

694

698

731

735

732

736

auditd_tcp_listen_uninit (loop);

733

737

738

// Tear down IO watchers Part 1

739

ev_signal_stop (loop, &sighup_watcher);

740

ev_signal_stop (loop, &sigusr1_watcher);

741

ev_signal_stop (loop, &sigusr2_watcher);

742

ev_signal_stop (loop, &sigterm_watcher);

743

if (config.tcp_client_max_idle)

744

ev_periodic_stop (loop, &periodic_watcher);

745

734

746

/* Write message to log that we are going down */

735

736

747

rc = audit_request_signal_info(fd);

737

748

if (rc > 0) {

738

749

struct audit_reply trep;

741

752

if (rc > 0) {

742

753

char txt[MAX_AUDIT_MESSAGE_LENGTH];

743

754

snprintf(txt, sizeof(txt),

744

"auditd normal halt, sending auid=%u pid=%d subj=%s res=success",

755

"auditd normal halt, sending auid=%u "

756

"pid=%d subj=%s res=success",

745

757

trep.signal_info->uid,

746

758

trep.signal_info->pid,

747

759

trep.signal_info->ctx);

750

762

}

751

763

if (rc <= 0)

752

764

send_audit_event(AUDIT_DAEMON_END,

753

"auditd normal halt, sending auid=? pid=? subj=? res=success");

765

"auditd normal halt, sending auid=? "

766

"pid=? subj=? res=success");

754

767

free(rep);

755

768

shutdown_dispatcher();

756

769

770

// Tear down IO watchers Part 2

771

ev_io_stop (loop, &netlink_watcher);

772

ev_signal_stop (loop, &sigchld_watcher);

773

757

774

close_down();

758

775

free_config(&config);

776

ev_default_destroy();

759

777

760

778

return 0;

761

779

}

Older »