1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
/* auditd-dispatch.c --
* Copyright 2005-07,2013 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Authors:
* Steve Grubb <sgrubb@redhat.com>
* Junji Kanemaru <junji.kanemaru@linuon.com>
*/
#include "config.h"
#include <unistd.h>
#include <sys/uio.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include "libaudit.h"
#include "private.h"
#include "auditd-dispatch.h"
/* This is the communications channel between auditd & the dispatcher */
static int disp_pipe[2] = {-1, -1};
static pid_t pid = 0;
static int n_errs = 0;
#define REPORT_LIMIT 10
int dispatcher_pid(void)
{
return pid;
}
void dispatcher_reaped(void)
{
audit_msg(LOG_INFO, "dispatcher %d reaped\n", pid);
pid = 0;
shutdown_dispatcher();
}
/* set_flags: to set flags to file desc */
static int set_flags(int fn, int flags)
{
int fl;
if ((fl = fcntl(fn, F_GETFL, 0)) < 0) {
audit_msg(LOG_ERR, "fcntl failed. Cannot get flags (%s)\n",
strerror(errno));
return fl;
}
fl |= flags;
return fcntl(fn, F_SETFL, fl);
}
/* This function returns 1 on error & 0 on success */
int init_dispatcher(const struct daemon_conf *config)
{
struct sigaction sa;
if (config->dispatcher == NULL)
return 0;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, disp_pipe)) {
audit_msg(LOG_ERR, "Failed creating disp_pipe");
return 1;
}
/* Make both disp_pipe non-blocking */
if (config->qos == QOS_NON_BLOCKING) {
if (set_flags(disp_pipe[0], O_NONBLOCK) < 0 ||
set_flags(disp_pipe[1], O_NONBLOCK) < 0) {
audit_msg(LOG_ERR, "Failed to set O_NONBLOCK flag");
return 1;
}
}
// do the fork
pid = fork();
switch(pid) {
case 0: // child
dup2(disp_pipe[0], 0);
close(disp_pipe[0]);
close(disp_pipe[1]);
sigfillset (&sa.sa_mask);
sigprocmask (SIG_UNBLOCK, &sa.sa_mask, 0);
setsid();
execl(config->dispatcher, config->dispatcher, NULL);
audit_msg(LOG_ERR, "exec() failed");
exit(1);
break;
case -1: // error
return 1;
break;
default: // parent
close(disp_pipe[0]);
disp_pipe[0] = -1;
/* Avoid leaking this */
if (fcntl(disp_pipe[1], F_SETFD, FD_CLOEXEC) < 0) {
audit_msg(LOG_ERR,
"Failed to set FD_CLOEXEC flag");
return 1;
}
audit_msg(LOG_INFO, "Started dispatcher: %s pid: %u",
config->dispatcher, pid);
break;
}
return 0;
}
void shutdown_dispatcher(void)
{
// kill child
if (pid)
kill(pid, SIGTERM);
// wait for term
// if not in time, send sigkill
pid = 0;
// cleanup comm pipe
if (disp_pipe[0] >= 0) {
close(disp_pipe[0]);
disp_pipe[0] = -1;
}
if (disp_pipe[1] >= 0) {
close(disp_pipe[1]);
disp_pipe[1] = -1;
}
}
void reconfigure_dispatcher(const struct daemon_conf *config)
{
// signal child or start it so it can see if config changed
if (pid)
kill(pid, SIGHUP);
else
init_dispatcher(config);
}
/* Returns -1 on err, 0 on success, and 1 if eagain occurred and not an err */
int dispatch_event(const struct audit_reply *rep, int is_err)
{
int rc, count = 0;
struct iovec vec[2];
struct audit_dispatcher_header hdr;
if (disp_pipe[1] == -1)
return 0;
// Don't send reconfig or rotate as they are purely internal to daemon
if (rep->type == AUDIT_DAEMON_RECONFIG ||
rep->type == AUDIT_DAEMON_ROTATE)
return 0;
hdr.ver = AUDISP_PROTOCOL_VER; /* Hard-coded to current protocol */
hdr.hlen = sizeof(struct audit_dispatcher_header);
hdr.type = rep->type;
hdr.size = rep->len;
vec[0].iov_base = (void*)&hdr;
vec[0].iov_len = sizeof(hdr);
vec[1].iov_base = (void*)rep->message;
vec[1].iov_len = rep->len;
do {
rc = writev(disp_pipe[1], vec, 2);
} while (rc < 0 && errno == EAGAIN && count++ < 8);
// close pipe if no child or peer has been lost
if (rc <= 0) {
if (errno == EPIPE) {
shutdown_dispatcher();
n_errs = 0;
} else if (errno == EAGAIN && !is_err) {
return 1;
} else {
if (n_errs <= REPORT_LIMIT) {
audit_msg(LOG_ERR,
"dispatch err (%s) event lost",
errno == EAGAIN ? "pipe full" :
strerror(errno));
n_errs++;
}
if (n_errs == REPORT_LIMIT) {
audit_msg(LOG_ERR,
"dispatch error reporting limit"
" reached - ending report"
" notification.");
n_errs++;
}
return -1;
}
} else
n_errs = 0;
return 0;
}
|
