/* * This function is part of the directory auditing code */ int audit_make_equivalent(int fd, const char *mount_point, const char *subtree) { int rc; size_t len1 = strlen(mount_point); size_t len2 = strlen(subtree); struct { uint32_t sizes[2]; unsigned char buf[]; } *cmd = malloc(sizeof(*cmd) + len1 + len2); memset(cmd, 0, sizeof(*cmd) + len1 + len2); cmd->sizes[0] = len1; cmd->sizes[1] = len2; memcpy(&cmd->buf[0], mount_point, len1); memcpy(&cmd->buf[len1], subtree, len2); rc = audit_send(fd, AUDIT_MAKE_EQUIV, cmd, sizeof(*cmd) + len1 + len2); if (rc < 0) audit_msg(audit_priority(errno), "Error sending make_equivalent command (%s)", strerror(-rc)); free(cmd); return rc; }
/* * This function returns -1 on error and 1 on success. */ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode) { struct audit_status s; struct audit_reply rep; struct pollfd pfd[1]; int rc; memset(&s, 0, sizeof(s)); s.mask = AUDIT_STATUS_PID; s.pid = pid; rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); if (rc < 0) { audit_msg(audit_priority(errno), "Error setting audit daemon pid (%s)", strerror(-rc)); return rc; } if (wmode == WAIT_NO) return 1; /* Now we'll see if there's any reply message. This only happens on error. It is not fatal if there is no message. As a matter of fact, we don't do anything with the message besides gobble it. */ pfd[0].fd = fd; pfd[0].events = POLLIN; do { rc = poll(pfd, 1, 100); /* .1 second */ } while (rc < 0 && errno == EINTR); (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); return 1; }
int audit_request_status(int fd) { int rc = audit_send(fd, AUDIT_GET, NULL, 0); if (rc < 0) audit_msg(audit_priority(errno), "Error sending status request (%s)", strerror(-rc)); return rc; }
int audit_request_rules_list(int fd) { int rc = audit_send(fd, AUDIT_LIST, NULL, 0); if (rc < 0) audit_msg(audit_priority(errno), "Error sending rule list request (%s)", strerror(-rc)); return rc; }
/* * This function is part of the directory auditing code */ int audit_trim_subtrees(int fd) { int rc = audit_send(fd, AUDIT_TRIM, NULL, 0); if (rc < 0) audit_msg(audit_priority(errno), "Error sending trim subtrees command (%s)", strerror(-rc)); return rc; }
int audit_request_rules_list_data(int fd) { int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0); if (rc < 0 && rc != -EINVAL) audit_msg(audit_priority(errno), "Error sending rule list data request (%s)", strerror(-rc)); return rc; }
int audit_add_rule(int fd, struct audit_rule *rule, int flags, int action) { int rc; rule->flags = flags; rule->action = action; rc = audit_send(fd, AUDIT_ADD, rule, sizeof(struct audit_rule)); if (rc < 0) audit_msg(audit_priority(errno), "Error sending add rule request (%s)", errno == EEXIST ? "Rule exists" : strerror(-rc)); return rc; }
int audit_set_enabled(int fd, uint32_t enabled) { int rc; struct audit_status s; memset(&s, 0, sizeof(s)); s.mask = AUDIT_STATUS_ENABLED; s.enabled = enabled; rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); if (rc < 0) audit_msg(audit_priority(errno), "Error sending enable request (%s)", strerror(-rc)); return rc; }
int audit_set_backlog_limit(int fd, uint32_t limit) { int rc; struct audit_status s; memset(&s, 0, sizeof(s)); s.mask = AUDIT_STATUS_BACKLOG_LIMIT; s.backlog_limit = limit; rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); if (rc < 0) audit_msg(audit_priority(errno), "Error sending backlog limit request (%s)", strerror(-rc)); return rc; }
int audit_set_failure(int fd, uint32_t failure) { int rc; struct audit_status s; memset(&s, 0, sizeof(s)); s.mask = AUDIT_STATUS_FAILURE; s.failure = failure; rc = audit_send(fd, AUDIT_SET, &s, sizeof(s)); if (rc < 0) audit_msg(audit_priority(errno), "Error sending failure mode request (%s)", strerror(-rc)); return rc; }
int audit_delete_rule(int fd, struct audit_rule *rule, int flags, int action) { int rc; rule->flags = flags; rule->action = action; rc = audit_send(fd, AUDIT_DEL, rule, sizeof(struct audit_rule)); if (rc < 0) { if (rc == -ENOENT) audit_msg(LOG_WARNING, "Error sending delete rule request (No rule matches)"); else audit_msg(audit_priority(errno), "Error sending delete rule request (%s)", strerror(-rc)); } return rc; }
int audit_add_rule_data(int fd, struct audit_rule_data *rule, int flags, int action) { int rc; if (flags == AUDIT_FILTER_ENTRY) { audit_msg(LOG_WARNING, "Use of entry filter is deprecated"); return -2; } rule->flags = flags; rule->action = action; rc = audit_send(fd, AUDIT_ADD_RULE, rule, sizeof(struct audit_rule_data) + rule->buflen); if (rc < 0) audit_msg(audit_priority(errno), "Error sending add rule data request (%s)", errno == EEXIST ? "Rule exists" : strerror(-rc)); return rc; }
int audit_delete_rule_data(int fd, struct audit_rule_data *rule, int flags, int action) { int rc; if (flags == AUDIT_FILTER_ENTRY) { audit_msg(LOG_WARNING, "Use of entry filter is deprecated"); return -2; } rule->flags = flags; rule->action = action; rc = audit_send(fd, AUDIT_DEL_RULE, rule, sizeof(struct audit_rule_data) + rule->buflen); if (rc < 0) { if (rc == -ENOENT) audit_msg(LOG_WARNING, "Error sending delete rule request (No rule matches)"); else audit_msg(audit_priority(errno), "Error sending delete rule data request (%s)", strerror(-rc)); } return rc; }