X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournald-audit.c;h=69742fa59cb1b20ab4788299a98f3981c9eca6f9;hb=ab31f6b8713d43354c3716ee4c37fe4460db9254;hp=520d1cbb31186be895bb60c06b5f9618ef6de6ab;hpb=5034c7bcdfc4493ed3c30722e9d897c8da78fede;p=elogind.git diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 520d1cbb3..69742fa59 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -172,7 +172,7 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** if (!((*e >= 'a' && *e <= 'z') || (*e >= 'A' && *e <= 'Z') || (*e >= '0' && *e <= '9') || - (*e == '_'))) + *e == '_' || *e == '-')) return 0; } @@ -182,8 +182,18 @@ static int map_generic_field(const char *prefix, const char **p, struct iovec ** c = alloca(strlen(prefix) + (e - *p) + 2); t = stpcpy(c, prefix); - for (f = *p; f < e; f++) - *(t++) = *f >= 'a' && *f <= 'z' ? ((*f - 'a') + 'A') : *f; + for (f = *p; f < e; f++) { + char x; + + if (*f >= 'a' && *f <= 'z') + x = (*f - 'a') + 'A'; /* uppercase */ + else if (*f == '-') + x = '_'; /* dashes → underscores */ + else + x = *f; + + *(t++) = x; + } strcpy(t, "="); e ++; @@ -298,10 +308,8 @@ static int map_all_fields( continue; r = m->map(m->journal_field, &v, iov, n_iov_allocated, n_iov); - if (r < 0) { - log_debug("Failed to parse audit array: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to parse audit array: %m"); if (r > 0) { mapped = true; @@ -312,10 +320,8 @@ static int map_all_fields( if (!mapped) { r = map_generic_field(prefix, &p, iov, n_iov_allocated, n_iov); - if (r < 0) { - log_debug("Failed to parse audit array: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_debug_errno(r, "Failed to parse audit array: %m"); if (r == 0) { /* Couldn't process as generic field, let's just skip over it */ @@ -325,7 +331,7 @@ static int map_all_fields( } } -static void process_audit_string(Server *s, int type, const char *data, size_t size, const struct timeval *tv) { +static void process_audit_string(Server *s, int type, const char *data, size_t size) { _cleanup_free_ struct iovec *iov = NULL; size_t n_iov_allocated = 0; unsigned n_iov = 0, k; @@ -335,7 +341,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s char id_field[sizeof("_AUDIT_ID=") + DECIMAL_STR_MAX(uint64_t)], type_field[sizeof("_AUDIT_TYPE=") + DECIMAL_STR_MAX(int)], source_time_field[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; - const char *m; + char *m; assert(s); @@ -386,7 +392,8 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s sprintf(id_field, "_AUDIT_ID=%" PRIu64, id); IOVEC_SET_STRING(iov[n_iov++], id_field); - m = strappenda("MESSAGE=audit: ", p); + m = alloca(strlen("MESSAGE= ") + strlen(p) + 1); + sprintf(m, "MESSAGE= %s", type, p); IOVEC_SET_STRING(iov[n_iov++], m); z = n_iov; @@ -398,7 +405,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s goto finish; } - server_dispatch_message(s, iov, n_iov, n_iov_allocated, NULL, tv, NULL, 0, NULL, LOG_NOTICE, 0); + server_dispatch_message(s, iov, n_iov, n_iov_allocated, NULL, NULL, NULL, 0, NULL, LOG_NOTICE, 0); finish: /* free() all entries that map_all_fields() added. All others @@ -413,7 +420,6 @@ void server_process_audit_message( const void *buffer, size_t buffer_size, const struct ucred *ucred, - const struct timeval *tv, const union sockaddr_union *sa, socklen_t salen) { @@ -453,7 +459,7 @@ void server_process_audit_message( if (nl->nlmsg_type < AUDIT_FIRST_USER_MSG) return; - process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv); + process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr))); } static int enable_audit(int fd, bool b) { @@ -517,35 +523,29 @@ int server_open_audit(Server *s) { if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) log_debug("Audit not supported in the kernel."); else - log_warning("Failed to create audit socket, ignoring: %m"); + log_warning_errno(errno, "Failed to create audit socket, ignoring: %m"); return 0; } r = bind(s->audit_fd, &sa.sa, sizeof(sa.nl)); - if (r < 0) { - log_error("Failed to join audit multicast group: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to join audit multicast group: %m"); } else fd_nonblock(s->audit_fd, 1); r = setsockopt(s->audit_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); - if (r < 0) { - log_error("Failed to set SO_PASSCRED on audit socket: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to set SO_PASSCRED on audit socket: %m"); r = sd_event_add_io(s->event, &s->audit_event_source, s->audit_fd, EPOLLIN, process_datagram, s); - if (r < 0) { - log_error("Failed to add audit fd to event loop: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to add audit fd to event loop: %m"); /* We are listening now, try to enable audit */ r = enable_audit(s->audit_fd, true); if (r < 0) - log_warning("Failed to issue audit enable call: %s", strerror(-r)); + log_warning_errno(r, "Failed to issue audit enable call: %m"); return 0; }