[PATCH]Fix me add subj

Chu Li chul at cn.fujitsu.com
Mon Aug 18 10:04:25 UTC 2008 

Hi Steve,
  I have made a patch for "Fixme add subj" in auditd.c. This is for the latest
codes.

Signed-off-by: Chu Li <chul at cn.fujistu.com>
---
diff --git a/src/auditd.c b/src/auditd.c
index b74199f..3843245 100755
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -53,6 +53,7 @@
 #define DMSG_SIZE (DEFAULT_BUF_SZ + 48)
 #define SUCCESS 0
 #define FAILURE 1
+#define SUBJ_LEN 4097

 /* Global Data */
 volatile int stop = 0;
@@ -65,11 +66,13 @@ static int init_pipe[2];
 static int do_fork = 1;
 static struct auditd_reply_list *rep = NULL;
 static int hup_info_requested = 0, usr1_info_requested = 0;
+static char subj[SUBJ_LEN];

 /* Local function prototypes */
 static void close_down(void);
 static void clean_exit(void);
 static int get_reply(int fd, struct audit_reply *rep, int seq);
+static char *getsubj(char *subj);

 enum startup_state {startup_disable=0, startup_enable, startup_nochange, 
startup_INVALID};
 static const char *startup_states[] = {"disable", "enable", "nochange"};
@@ -347,11 +350,15 @@ static void netlink_handler( struct ev_loop *loop, struct 
ev_io *io, int revents
 	if (rep == NULL) {
 		if ((rep = malloc(sizeof(*rep))) == NULL) {
 			char emsg[DEFAULT_BUF_SZ];
-			snprintf(emsg, sizeof(emsg),
-				 "auditd error halt, auid=%u pid=%d res=failed",
-				 audit_getloginuid(), getpid());
+			if(subj)
+				snprintf(emsg, sizeof(emsg),
+					"auditd error halt, auid=%u pid=%d subj=%s res=failed",
+					audit_getloginuid(), getpid(), subj);
+			else
+				snprintf(emsg, sizeof(emsg),
+					 "auditd error halt, auid=%u pid=%d res=failed",
+					 audit_getloginuid(), getpid());
 			EV_STOP ();
-			//FIXME add subj
 			send_audit_event(AUDIT_DAEMON_ABORT, emsg);
 			audit_msg(LOG_ERR,
 				  "Cannot allocate audit reply, exiting");
@@ -579,12 +586,18 @@ int main(int argc, char *argv[])
 			tell_parent(FAILURE);
 			return 1;
 		}
-//FIXME add SUBJ
-		snprintf(start, sizeof(start),
-		    "auditd start, ver=%s format=%s "
-		    "kernel=%.56s auid=%u pid=%d res=success",
-		     VERSION, fmt, ubuf.release,
-		     audit_getloginuid(), getpid());
+		if(getsubj(subj))
+			snprintf(start, sizeof(start),
+				"auditd start, ver=%s format=%s "
+				"kernel=%.56s auid=%u pid=%d subj=%s res=success",
+				VERSION, fmt, ubuf.release,
+				audit_getloginuid(), getpid(), subj);
+		else
+			snprintf(start, sizeof(start),
+				"auditd start, ver=%s format=%s "
+				"kernel=%.56s auid=%u pid=%d res=success",
+				VERSION, fmt, ubuf.release,
+				audit_getloginuid(), getpid());
 		if (send_audit_event(AUDIT_DAEMON_START, start)) {
         		audit_msg(LOG_ERR, "Cannot send start message");
 			if (pidfile)
@@ -604,11 +617,15 @@ int main(int argc, char *argv[])
 	/* Tell the kernel we are alive */
 	if (audit_set_pid(fd, getpid(), WAIT_YES) < 0) {
 		char emsg[DEFAULT_BUF_SZ];
-		snprintf(emsg, sizeof(emsg),
-			"auditd error halt, auid=%u pid=%d res=failed",
-			audit_getloginuid(), getpid());
+		if(subj)
+			snprintf(emsg, sizeof(emsg),
+				"auditd error halt, auid=%u pid=%d subj=%s res=failed",
+				audit_getloginuid(), getpid(), subj);
+		else
+			snprintf(emsg, sizeof(emsg),
+				"auditd error halt, auid=%u pid=%d res=failed",
+				audit_getloginuid(), getpid());
 		stop = 1;
-//FIXME add subj
 		send_audit_event(AUDIT_DAEMON_ABORT, emsg);
 		audit_msg(LOG_ERR, "Unable to set audit pid, exiting");
 		close_down();
@@ -626,11 +643,15 @@ int main(int argc, char *argv[])
 	if (opt_startup != startup_nochange &&
 	    audit_set_enabled(fd, (int)opt_startup) < 0) {
 		char emsg[DEFAULT_BUF_SZ];
-		snprintf(emsg, sizeof(emsg),
-			"auditd error halt, auid=%u pid=%d res=failed",
-			audit_getloginuid(), getpid());
+		if(subj)
+			snprintf(emsg, sizeof(emsg),
+				"auditd error halt, auid=%u pid=%d subj=%s res=failed",
+				audit_getloginuid(), getpid(), subj);
+		else
+			snprintf(emsg, sizeof(emsg),
+				"auditd error halt, auid=%u pid=%d res=failed",
+				audit_getloginuid(), getpid());
 		stop = 1;
-//FIXME add subj
 		send_audit_event(AUDIT_DAEMON_ABORT, emsg);
 		audit_msg(LOG_ERR,
 			"Unable to set intitial audit startup state to '%s', exiting",
@@ -780,3 +801,25 @@ static int get_reply(int fd, struct audit_reply *rep, int 
seq)
 	return -1;
 }

+//get the subj of the daemon
+static char *getsubj(char *subj)
+{
+	pid_t pid = getpid();
+	char filename[48];
+	ssize_t num_read;
+	int fd;
+
+	snprintf(filename, sizeof(filename), "/proc/%u/attr/current", pid);
+	fd = open(filename, O_RDONLY);
+	if(fd == -1)
+		return NULL;
+	do {
+		num_read = read(fd, subj, SUBJ_LEN-1);
+	} while (num_read < 0 && errno == EINTR);
+	close(fd);
+	if(num_read <= 0)
+		return NULL;
+	subj[num_read] = '\0';
+	return subj;
+}
+

Regards
Chu Li

More information about the Linux-audit mailing list