2 * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
28 #endif /* STDC_HEADERS */
38 #include "sudo_debug.h"
39 #include "linux_audit.h"
42 * Open audit connection if possible.
43 * Returns audit fd on success and -1 on failure.
46 static linux_audit_open(void)
48 static int au_fd = -1;
49 debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT)
52 debug_return_int(au_fd);
55 /* Kernel may not have audit support. */
56 if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
57 fatal(_("unable to open audit system"));
59 (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
61 debug_return_int(au_fd);
65 linux_audit_command(char *argv[], int result)
68 char *command, *cp, **av;
70 debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT)
72 if ((au_fd = linux_audit_open()) == -1)
75 /* Convert argv to a flat string. */
76 for (size = 0, av = argv; *av != NULL; av++)
77 size += strlen(*av) + 1;
78 command = cp = emalloc(size);
79 for (av = argv; *av != NULL; av++) {
80 n = strlcpy(cp, *av, size - (cp - command));
81 if (n >= size - (cp - command)) {
82 fatalx(_("internal error, %s overflow"),
83 "linux_audit_command()");
90 /* Log command, ignoring ECONNREFUSED on error. */
91 rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
92 if (rc <= 0 && errno != ECONNREFUSED)
93 warning(_("unable to send audit message"));