diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-04-14 10:29:03 -0400 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-04-23 23:54:21 -0400 |
commit | 8bb3626dac93c0157989fb87afe0212958d7dbb4 (patch) | |
tree | 3b56e100d88fde36759a88c6424e5fa7cf85b313 /src/journal | |
parent | 4733607eec54034d2083534ebff2dad89c28574e (diff) |
journal: use audit event names instead of numbers
<audit-1400> is replaced by AVC, etc.
A fallback mechanism is provided for unlisted event types.
Occasionally new types are added to the kernel, but not too often.
Add a simple "test", which simply prints the mapping.
Diffstat (limited to 'src/journal')
-rw-r--r-- | src/journal/audit-type.c | 1 | ||||
-rw-r--r-- | src/journal/audit-type.h | 13 | ||||
-rw-r--r-- | src/journal/journald-audit.c | 8 | ||||
-rw-r--r-- | src/journal/test-audit-type.c | 44 |
4 files changed, 63 insertions, 3 deletions
diff --git a/src/journal/audit-type.c b/src/journal/audit-type.c index b8c8ee531d..4888c7d05d 100644 --- a/src/journal/audit-type.c +++ b/src/journal/audit-type.c @@ -19,6 +19,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <stdio.h> #include <linux/audit.h> #ifdef HAVE_AUDIT # include <libaudit.h> diff --git a/src/journal/audit-type.h b/src/journal/audit-type.h index 9f37716cd6..fa5284e027 100644 --- a/src/journal/audit-type.h +++ b/src/journal/audit-type.h @@ -21,6 +21,19 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include "macro.h" const char *audit_type_to_string(int type); int audit_type_from_string(const char *s); + +/* This is inspired by DNS TYPEnnn formatting */ +#define audit_type_name_alloca(type) \ + ({ \ + const char *_s_; \ + _s_ = audit_type_to_string(type); \ + if (!_s_) { \ + _s_ = alloca(strlen("AUDIT") + DECIMAL_STR_MAX(int)); \ + sprintf((char*) _s_, "AUDIT%04i", type); \ + } \ + _s_; \ + }) diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 46eb82fa34..64395e1148 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -21,6 +21,7 @@ #include "missing.h" #include "journald-audit.h" +#include "audit-type.h" typedef struct MapField { const char *audit_field; @@ -336,7 +337,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s size_t n_iov_allocated = 0; unsigned n_iov = 0, k; uint64_t seconds, msec, id; - const char *p; + const char *p, *type_name; unsigned z; char id_field[sizeof("_AUDIT_ID=") + DECIMAL_STR_MAX(uint64_t)], type_field[sizeof("_AUDIT_TYPE=") + DECIMAL_STR_MAX(int)], @@ -396,8 +397,9 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_FACILITY=32"); IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_IDENTIFIER=audit"); - m = alloca(strlen("MESSAGE=<audit-") + DECIMAL_STR_MAX(int) + strlen("> ") + strlen(p) + 1); - sprintf(m, "MESSAGE=<audit-%i> %s", type, p); + type_name = audit_type_name_alloca(type); + + m = strjoina("MESSAGE=", type_name, " ", p); IOVEC_SET_STRING(iov[n_iov++], m); z = n_iov; diff --git a/src/journal/test-audit-type.c b/src/journal/test-audit-type.c new file mode 100644 index 0000000000..7946cf3c41 --- /dev/null +++ b/src/journal/test-audit-type.c @@ -0,0 +1,44 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2015 Zbigniew Jędrzejewski-Szmek + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdio.h> +#include <linux/audit.h> + +#include "audit-type.h" + +static void print_audit_label(int i) { + const char *name; + + name = audit_type_name_alloca(i); + /* This is a separate function only because of alloca */ + printf("%i → %s → %s\n", i, audit_type_to_string(i), name); +} + +static void test_audit_type(void) { + int i; + + for (i = 0; i <= AUDIT_KERNEL; i++) + print_audit_label(i); +} + +int main(int argc, char **argv) { + test_audit_type(); +} |