/*
* This function is part of the directory auditing code
*/
int audit_make_equivalent(int fd, const char *mount_point,
const char *subtree)
{
int rc;
size_t len1 = strlen(mount_point);
size_t len2 = strlen(subtree);
struct {
uint32_t sizes[2];
unsigned char buf[];
} *cmd = malloc(sizeof(*cmd) + len1 + len2);
memset(cmd, 0, sizeof(*cmd) + len1 + len2);
cmd->sizes[0] = len1;
cmd->sizes[1] = len2;
memcpy(&cmd->buf[0], mount_point, len1);
memcpy(&cmd->buf[len1], subtree, len2);
rc = audit_send(fd, AUDIT_MAKE_EQUIV, cmd, sizeof(*cmd) + len1 + len2);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending make_equivalent command (%s)",
strerror(-rc));
free(cmd);
return rc;
}
/*
* This function returns -1 on error and 1 on success.
*/
int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
{
struct audit_status s;
struct audit_reply rep;
struct pollfd pfd[1];
int rc;
memset(&s, 0, sizeof(s));
s.mask = AUDIT_STATUS_PID;
s.pid = pid;
rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
if (rc < 0) {
audit_msg(audit_priority(errno),
"Error setting audit daemon pid (%s)",
strerror(-rc));
return rc;
}
if (wmode == WAIT_NO)
return 1;
/* Now we'll see if there's any reply message. This only
happens on error. It is not fatal if there is no message.
As a matter of fact, we don't do anything with the message
besides gobble it. */
pfd[0].fd = fd;
pfd[0].events = POLLIN;
do {
rc = poll(pfd, 1, 100); /* .1 second */
} while (rc < 0 && errno == EINTR);
(void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
return 1;
}
int audit_request_status(int fd)
{
int rc = audit_send(fd, AUDIT_GET, NULL, 0);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending status request (%s)", strerror(-rc));
return rc;
}
int audit_request_rules_list(int fd)
{
int rc = audit_send(fd, AUDIT_LIST, NULL, 0);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending rule list request (%s)",
strerror(-rc));
return rc;
}
/*
* This function is part of the directory auditing code
*/
int audit_trim_subtrees(int fd)
{
int rc = audit_send(fd, AUDIT_TRIM, NULL, 0);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending trim subtrees command (%s)",
strerror(-rc));
return rc;
}
int audit_request_rules_list_data(int fd)
{
int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0);
if (rc < 0 && rc != -EINVAL)
audit_msg(audit_priority(errno),
"Error sending rule list data request (%s)",
strerror(-rc));
return rc;
}
int audit_add_rule(int fd, struct audit_rule *rule, int flags, int action)
{
int rc;
rule->flags = flags;
rule->action = action;
rc = audit_send(fd, AUDIT_ADD, rule, sizeof(struct audit_rule));
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending add rule request (%s)",
errno == EEXIST ?
"Rule exists" : strerror(-rc));
return rc;
}
int audit_set_enabled(int fd, uint32_t enabled)
{
int rc;
struct audit_status s;
memset(&s, 0, sizeof(s));
s.mask = AUDIT_STATUS_ENABLED;
s.enabled = enabled;
rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending enable request (%s)", strerror(-rc));
return rc;
}
int audit_set_backlog_limit(int fd, uint32_t limit)
{
int rc;
struct audit_status s;
memset(&s, 0, sizeof(s));
s.mask = AUDIT_STATUS_BACKLOG_LIMIT;
s.backlog_limit = limit;
rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending backlog limit request (%s)",
strerror(-rc));
return rc;
}
int audit_set_failure(int fd, uint32_t failure)
{
int rc;
struct audit_status s;
memset(&s, 0, sizeof(s));
s.mask = AUDIT_STATUS_FAILURE;
s.failure = failure;
rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending failure mode request (%s)",
strerror(-rc));
return rc;
}
int audit_delete_rule(int fd, struct audit_rule *rule, int flags, int action)
{
int rc;
rule->flags = flags;
rule->action = action;
rc = audit_send(fd, AUDIT_DEL, rule, sizeof(struct audit_rule));
if (rc < 0) {
if (rc == -ENOENT)
audit_msg(LOG_WARNING,
"Error sending delete rule request (No rule matches)");
else
audit_msg(audit_priority(errno),
"Error sending delete rule request (%s)",
strerror(-rc));
}
return rc;
}
int audit_add_rule_data(int fd, struct audit_rule_data *rule,
int flags, int action)
{
int rc;
if (flags == AUDIT_FILTER_ENTRY) {
audit_msg(LOG_WARNING, "Use of entry filter is deprecated");
return -2;
}
rule->flags = flags;
rule->action = action;
rc = audit_send(fd, AUDIT_ADD_RULE, rule,
sizeof(struct audit_rule_data) + rule->buflen);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending add rule data request (%s)",
errno == EEXIST ?
"Rule exists" : strerror(-rc));
return rc;
}
int audit_delete_rule_data(int fd, struct audit_rule_data *rule,
int flags, int action)
{
int rc;
if (flags == AUDIT_FILTER_ENTRY) {
audit_msg(LOG_WARNING, "Use of entry filter is deprecated");
return -2;
}
rule->flags = flags;
rule->action = action;
rc = audit_send(fd, AUDIT_DEL_RULE, rule,
sizeof(struct audit_rule_data) + rule->buflen);
if (rc < 0) {
if (rc == -ENOENT)
audit_msg(LOG_WARNING,
"Error sending delete rule request (No rule matches)");
else
audit_msg(audit_priority(errno),
"Error sending delete rule data request (%s)",
strerror(-rc));
}
return rc;
}
