static void create_new_session(auparse_state_t *au) { const char *tpid, *tses, *tauid; int pid = -1, auid = -1, ses = -1; lnode *cur; // Get pid tpid = auparse_find_field(au, "pid"); if (tpid) pid = auparse_get_field_int(au); // Get second auid field auparse_find_field(au, "auid"); auparse_next_field(au); tauid = auparse_find_field(au, "auid"); if (tauid) auid = auparse_get_field_int(au); // Get second ses field auparse_find_field(au, "ses"); auparse_next_field(au); tses = auparse_find_field(au, "ses"); if (tses) ses = auparse_get_field_int(au); // Check that they are valid if (pid == -1 || auid ==-1 || ses == -1) { if (debug) fprintf(stderr, "Bad login for event: %lu\n", auparse_get_serial(au)); return; } // See if this session is already open //cur = list_find_auid(&l, auid, pid, ses); cur = list_find_session(&l, ses); if (cur) { // This means we have an open session close it out cur->status = GONE; cur->end = auparse_get_time(au); report_session(cur); list_delete_cur(&l); } // If this is supposed to be limited to a specific // uid and we don't have that record, skip creating it if (cuid != -1 && cuid != auid) { if (debug) fprintf(stderr, "login reporting limited to %d for event: %lu\n", cuid, auparse_get_serial(au)); return; } list_create_session(&l, auid, pid, ses, auparse_get_serial(au)); }
static void process_bootup(auparse_state_t *au) { lnode *cur; int start; // See if we have unclosed boot up and make into CRASH record list_first(&l); cur = list_get_cur(&l); while (cur) { if (cur->name) { cur->user_end_proof = auparse_get_serial(au); cur->status = CRASH; cur->end = auparse_get_time(au); report_session(cur); } cur = list_next(&l); } // Logout and process anyone still left in the machine list_first(&l); cur = list_get_cur(&l); while (cur) { if (cur->status != CRASH) { cur->user_end_proof = auparse_get_serial(au); cur->status = DOWN; cur->end = auparse_get_time(au); report_session(cur); } cur = list_next(&l); } // Since this is a boot message, all old entries should be gone list_clear(&l); list_create(&l); // make reboot record - user:reboot, tty:system boot, host: kernel start = auparse_get_time(au); list_create_session(&l, 0, 0, 0, auparse_get_serial(au)); cur = list_get_cur(&l); cur->start = start; cur->name = strdup("reboot"); cur->term = strdup("system boot"); if (kernel) cur->host = strdup(kernel); cur->result = 0; }
static void process_bootup(auparse_state_t *au) { lnode *cur; int start; struct utsname ubuf; // See if we have unclosed boot up and make into CRASH record list_first(&l); cur = list_get_cur(&l); while(cur) { if (cur->name) { cur->user_end_proof = auparse_get_serial(au); cur->status = CRASH; cur->end = auparse_get_time(au); report_session(cur); } cur = list_next(&l); } // Logout and process anyone still left in the machine list_first(&l); cur = list_get_cur(&l); while(cur) { if (cur->status != CRASH) { cur->user_end_proof = auparse_get_serial(au); cur->status = DOWN; cur->end = auparse_get_time(au); report_session(cur); } cur = list_next(&l); } list_clear(&l); list_create(&l); // make reboot record - user:reboot, tty:system boot, host: uname -r uname(&ubuf); start = auparse_get_time(au); list_create_session(&l, 0, 0, 0, auparse_get_serial(au)); cur = list_get_cur(&l); cur->start = start; cur->name = strdup("reboot"); cur->term = strdup("system boot"); cur->host = strdup(ubuf.release); cur->result = 0; }