2 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
28 #endif /* STDC_HEADERS */
37 #include "linux_audit.h"
40 * Open audit connection if possible.
41 * Returns audit fd on success and -1 on failure.
44 linux_audit_open(void)
46 static int au_fd = -1;
52 /* Kernel may not have audit support. */
53 if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
54 error(1, "unable to open audit system");
56 (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
62 linux_audit_command(char *argv[], int result)
65 char *command, *cp, **av;
68 if ((au_fd = linux_audit_open()) == -1)
71 /* Convert argv to a flat string. */
72 for (size = 0, av = argv; *av != NULL; av++)
73 size += strlen(*av) + 1;
74 command = cp = emalloc(size);
75 for (av = argv; *av != NULL; av++) {
76 n = strlcpy(cp, *av, size - (cp - command));
77 if (n >= size - (cp - command))
78 errorx(1, "internal error, linux_audit_command() overflow");
84 /* Log command, ignoring ECONNREFUSED on error. */
85 rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
86 if (rc <= 0 && errno != ECONNREFUSED)
87 warning("unable to send audit message");