1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
* SPDX-FileCopyrightText: 2005 , Red Hat, Inc.
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
* SPDX-FileCopyrightText: 2008 , Nicolas François
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* Audit helper functions used throughout shadow
*
*/
#include "config.h"
#ifdef WITH_AUDIT
#include <stdlib.h>
#include <syslog.h>
#include <stdarg.h>
#include <libaudit.h>
#include <errno.h>
#include <stdio.h>
#include "attr.h"
#include "prototypes.h"
#include "shadowlog.h"
#include "string/sprintf/snprintf.h"
int audit_fd;
void audit_help_open (void)
{
audit_fd = audit_open ();
if (audit_fd < 0) {
/* You get these only when the kernel doesn't have
* audit compiled in. */
if ( (errno == EINVAL)
|| (errno == EPROTONOSUPPORT)
|| (errno == EAFNOSUPPORT)) {
return;
}
(void) fputs (_("Cannot open audit interface - aborting.\n"),
log_get_logfd());
exit (EXIT_FAILURE);
}
}
/*
* This function will log a message to the audit system using a predefined
* message format. For additional information on the user account lifecycle
* events check
* <https://github.com/linux-audit/audit-documentation/wiki/SPEC-User-Account-Lifecycle-Events>
*
* Parameter usage is as follows:
*
* type - type of message. A list of possible values is available in
* "audit-records.h" file.
* op - operation. "adding user", "changing finger info", "deleting group"
* name - user's account or group name. If not available use NULL.
* id - uid or gid that the operation is being performed on. This is used
* only when user is NULL.
*/
void audit_logger (int type, const char *op,
const char *name, unsigned int id,
shadow_audit_result result)
{
if (audit_fd < 0) {
return;
} else {
audit_log_acct_message (audit_fd, type, NULL, op, name, id,
NULL, NULL, NULL, result);
}
}
/*
* This function will log a message to the audit system using a predefined
* message format. For additional information on the group account lifecycle
* events check
* <https://github.com/linux-audit/audit-documentation/wiki/SPEC-User-Account-Lifecycle-Events>
*
* Parameter usage is as follows:
*
* type - type of message. A list of possible values is available in
* "audit-records.h" file.
* op - operation. "adding-user", "modify-group", "deleting-user-from-group"
* name - user's account or group name. If not available use NULL.
* id - uid or gid that the operation is being performed on. This is used
* only when user is NULL.
* grp_type - type of group: "grp" or "new_group"
* grp - group name associated with event
*/
void
audit_logger_with_group(int type, const char *op, const char *name,
id_t id, const char *grp_type, const char *grp,
shadow_audit_result result)
{
int len;
char enc_group[GROUP_NAME_MAX_LENGTH * 2 + 1];
char buf[countof(enc_group) + 100];
if (audit_fd < 0)
return;
len = strnlen(grp, sizeof(enc_group)/2);
if (audit_value_needs_encoding(grp, len)) {
stprintf_a(buf, "%s %s=%s", op, grp_type,
audit_encode_value(enc_group, grp, len));
} else {
stprintf_a(buf, "%s %s=\"%s\"", op, grp_type, grp);
}
audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
NULL, NULL, NULL, result);
}
void audit_logger_message (const char *message, shadow_audit_result result)
{
if (audit_fd < 0) {
return;
} else {
audit_log_user_message (audit_fd,
AUDIT_USYS_CONFIG,
message,
NULL, /* hostname */
NULL, /* addr */
NULL, /* tty */
result);
}
}
#else /* WITH_AUDIT */
extern int ISO_C_forbids_an_empty_translation_unit;
#endif /* WITH_AUDIT */
|
