X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournald-audit.c;h=46eb82fa34ff4f34a8a24cdad9a075bfdf05f807;hb=cd556b6ca8aec8dd371806afedec45f852f8f724;hp=18235d9308043cfeadbbffce4c63c6f19ad43b4c;hpb=23bbb0de4e3f85d9704a5c12a5afa2dfa0159e41;p=elogind.git diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 18235d930..46eb82fa3 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -206,7 +206,7 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** return r; } -/* Kernel fields are those occuring in the audit string before +/* Kernel fields are those occurring in the audit string before * msg='. All of these fields are trusted, hence carry the "_" prefix. * We try to translate the fields we know into our native names. The * other's are generically mapped to _AUDIT_FIELD_XYZ= */ @@ -240,7 +240,7 @@ static const MapField map_fields_kernel[] = { {} }; -/* Userspace fields are thos occuring in the audit string after +/* Userspace fields are those occurring in the audit string after * msg='. All of these fields are untrusted, hence carry no "_" * prefix. We map the fields we don't know to AUDIT_FIELD_XYZ= */ static const MapField map_fields_userspace[] = { @@ -360,7 +360,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s if (!p) return; - if (sscanf(p, "(%" PRIi64 ".%" PRIi64 ":%" PRIi64 "):%n", + if (sscanf(p, "(%" PRIu64 ".%" PRIu64 ":%" PRIu64 "):%n", &seconds, &msec, &id, @@ -373,7 +373,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s if (isempty(p)) return; - n_iov_allocated = N_IOVEC_META_FIELDS + 5; + n_iov_allocated = N_IOVEC_META_FIELDS + 7; iov = new(struct iovec, n_iov_allocated); if (!iov) { log_oom(); @@ -392,6 +392,10 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s sprintf(id_field, "_AUDIT_ID=%" PRIu64, id); IOVEC_SET_STRING(iov[n_iov++], id_field); + assert_cc(32 == LOG_AUTH); + IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_FACILITY=32"); + IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_IDENTIFIER=audit"); + m = alloca(strlen("MESSAGE= ") + strlen(p) + 1); sprintf(m, "MESSAGE= %s", type, p); IOVEC_SET_STRING(iov[n_iov++], m); @@ -523,26 +527,22 @@ int server_open_audit(Server *s) { if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) log_debug("Audit not supported in the kernel."); else - log_warning("Failed to create audit socket, ignoring: %m"); + log_warning_errno(errno, "Failed to create audit socket, ignoring: %m"); return 0; } r = bind(s->audit_fd, &sa.sa, sizeof(sa.nl)); - if (r < 0) { - log_error("Failed to join audit multicast group: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to join audit multicast group: %m"); } else fd_nonblock(s->audit_fd, 1); r = setsockopt(s->audit_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); - if (r < 0) { - log_error("Failed to set SO_PASSCRED on audit socket: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to set SO_PASSCRED on audit socket: %m"); - r = sd_event_add_io(s->event, &s->audit_event_source, s->audit_fd, EPOLLIN, process_datagram, s); + r = sd_event_add_io(s->event, &s->audit_event_source, s->audit_fd, EPOLLIN, server_process_datagram, s); if (r < 0) return log_error_errno(r, "Failed to add audit fd to event loop: %m");