X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournald-audit.c;h=20936f4bed7109f58d90acf53f551674e0042442;hp=520d1cbb31186be895bb60c06b5f9618ef6de6ab;hb=f131770b1465fbf423881f16ba85523a05f846fe;hpb=5034c7bcdfc4493ed3c30722e9d897c8da78fede diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 520d1cbb3..20936f4be 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -172,7 +172,7 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** if (!((*e >= 'a' && *e <= 'z') || (*e >= 'A' && *e <= 'Z') || (*e >= '0' && *e <= '9') || - (*e == '_'))) + *e == '_' || *e == '-')) return 0; } @@ -182,8 +182,18 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** c = alloca(strlen(prefix) + (e - *p) + 2); t = stpcpy(c, prefix); - for (f = *p; f < e; f++) - *(t++) = *f >= 'a' && *f <= 'z' ? ((*f - 'a') + 'A') : *f; + for (f = *p; f < e; f++) { + char x; + + if (*f >= 'a' && *f <= 'z') + x = (*f - 'a') + 'A'; /* uppercase */ + else if (*f == '-') + x = '_'; /* dashes → underscores */ + else + x = *f; + + *(t++) = x; + } strcpy(t, "="); e ++; @@ -196,7 +206,7 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** return r; } -/* Kernel fields are those occuring in the audit string before +/* Kernel fields are those occurring in the audit string before * msg='. All of these fields are trusted, hence carry the "_" prefix. * We try to translate the fields we know into our native names. The * other's are generically mapped to _AUDIT_FIELD_XYZ= */ @@ -230,7 +240,7 @@ static const MapField map_fields_kernel[] = { {} }; -/* Userspace fields are thos occuring in the audit string after +/* Userspace fields are those occurring in the audit string after * msg='. All of these fields are untrusted, hence carry no "_" * prefix. We map the fields we don't know to AUDIT_FIELD_XYZ= */ static const MapField map_fields_userspace[] = { @@ -298,10 +308,8 @@ static int map_all_fields( continue; r = m->map(m->journal_field, &v, iov, n_iov_allocated, n_iov); - if (r < 0) { - log_debug("Failed to parse audit array: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to parse audit array: %m"); if (r > 0) { mapped = true; @@ -312,10 +320,8 @@ static int map_all_fields( if (!mapped) { r = map_generic_field(prefix, &p, iov, n_iov_allocated, n_iov); - if (r < 0) { - log_debug("Failed to parse audit array: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to parse audit array: %m"); if (r == 0) { /* Couldn't process as generic field, let's just skip over it */ @@ -325,7 +331,7 @@ static int map_all_fields( } } -static void process_audit_string(Server *s, int type, const char *data, size_t size, const struct timeval *tv) { +static void process_audit_string(Server *s, int type, const char *data, size_t size) { _cleanup_free_ struct iovec *iov = NULL; size_t n_iov_allocated = 0; unsigned n_iov = 0, k; @@ -335,7 +341,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s char id_field[sizeof("_AUDIT_ID=") + DECIMAL_STR_MAX(uint64_t)], type_field[sizeof("_AUDIT_TYPE=") + DECIMAL_STR_MAX(int)], source_time_field[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; - const char *m; + char *m; assert(s); @@ -386,7 +392,8 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s sprintf(id_field, "_AUDIT_ID=%" PRIu64, id); IOVEC_SET_STRING(iov[n_iov++], id_field); - m = strappenda("MESSAGE=audit: ", p); + m = alloca(strlen("MESSAGE= ") + strlen(p) + 1); + sprintf(m, "MESSAGE= %s", type, p); IOVEC_SET_STRING(iov[n_iov++], m); z = n_iov; @@ -398,7 +405,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s goto finish; } - server_dispatch_message(s, iov, n_iov, n_iov_allocated, NULL, tv, NULL, 0, NULL, LOG_NOTICE, 0); + server_dispatch_message(s, iov, n_iov, n_iov_allocated, NULL, NULL, NULL, 0, NULL, LOG_NOTICE, 0); finish: /* free() all entries that map_all_fields() added. All others @@ -413,7 +420,6 @@ void server_process_audit_message( const void *buffer, size_t buffer_size, const struct ucred *ucred, - const struct timeval *tv, const union sockaddr_union *sa, socklen_t salen) { @@ -453,7 +459,7 @@ void server_process_audit_message( if (nl->nlmsg_type < AUDIT_FIRST_USER_MSG) return; - process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv); + process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr))); } static int enable_audit(int fd, bool b) { @@ -517,35 +523,29 @@ int server_open_audit(Server *s) { if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) log_debug("Audit not supported in the kernel."); else - log_warning("Failed to create audit socket, ignoring: %m"); + log_warning_errno(errno, "Failed to create audit socket, ignoring: %m"); return 0; } r = bind(s->audit_fd, &sa.sa, sizeof(sa.nl)); - if (r < 0) { - log_error("Failed to join audit multicast group: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to join audit multicast group: %m"); } else fd_nonblock(s->audit_fd, 1); r = setsockopt(s->audit_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); - if (r < 0) { - log_error("Failed to set SO_PASSCRED on audit socket: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to set SO_PASSCRED on audit socket: %m"); r = sd_event_add_io(s->event, &s->audit_event_source, s->audit_fd, EPOLLIN, process_datagram, s); - if (r < 0) { - log_error("Failed to add audit fd to event loop: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to add audit fd to event loop: %m"); /* We are listening now, try to enable audit */ r = enable_audit(s->audit_fd, true); if (r < 0) - log_warning("Failed to issue audit enable call: %s", strerror(-r)); + log_warning_errno(r, "Failed to issue audit enable call: %m"); return 0; }