2 * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
28 #endif /* STDC_HEADERS */
38 #include "linux_audit.h"
41 * Open audit connection if possible.
42 * Returns audit fd on success and -1 on failure.
45 linux_audit_open(void)
47 static int au_fd = -1;
53 /* Kernel may not have audit support. */
54 if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
55 error(1, "unable to open audit system");
57 (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
63 linux_audit_command(char *argv[], int result)
66 char *command, *cp, **av;
69 if ((au_fd = linux_audit_open()) == -1)
72 /* Convert argv to a flat string. */
73 for (size = 0, av = argv; *av != NULL; av++)
74 size += strlen(*av) + 1;
75 command = cp = emalloc(size);
76 for (av = argv; *av != NULL; av++) {
77 n = strlcpy(cp, *av, size - (cp - command));
78 if (n >= size - (cp - command))
79 errorx(1, "internal error, linux_audit_command() overflow");
85 /* Log command, ignoring EPERM on error. */
86 rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
88 warning("unable to send audit message");
97 linux_audit_role_change(const char *old_context,
98 const char *new_context, const char *ttyn)
103 if ((au_fd = linux_audit_open()) == -1)
106 /* audit role change using the same format as newrole(1) */
107 easprintf(&message, "newrole: old-context=%s new-context=%s",
108 old_context, new_context);
109 rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
110 message, NULL, NULL, ttyn, 1);
112 warning("unable to send audit message");
118 #endif /* HAVE_SELINUX */