summaryrefslogtreecommitdiff
path: root/src/journal
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-04-14 10:29:03 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-04-23 23:54:21 -0400
commit8bb3626dac93c0157989fb87afe0212958d7dbb4 (patch)
tree3b56e100d88fde36759a88c6424e5fa7cf85b313 /src/journal
parent4733607eec54034d2083534ebff2dad89c28574e (diff)
journal: use audit event names instead of numbers
<audit-1400> is replaced by AVC, etc. A fallback mechanism is provided for unlisted event types. Occasionally new types are added to the kernel, but not too often. Add a simple "test", which simply prints the mapping.
Diffstat (limited to 'src/journal')
-rw-r--r--src/journal/audit-type.c1
-rw-r--r--src/journal/audit-type.h13
-rw-r--r--src/journal/journald-audit.c8
-rw-r--r--src/journal/test-audit-type.c44
4 files changed, 63 insertions, 3 deletions
diff --git a/src/journal/audit-type.c b/src/journal/audit-type.c
index b8c8ee531d..4888c7d05d 100644
--- a/src/journal/audit-type.c
+++ b/src/journal/audit-type.c
@@ -19,6 +19,7 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <stdio.h>
#include <linux/audit.h>
#ifdef HAVE_AUDIT
# include <libaudit.h>
diff --git a/src/journal/audit-type.h b/src/journal/audit-type.h
index 9f37716cd6..fa5284e027 100644
--- a/src/journal/audit-type.h
+++ b/src/journal/audit-type.h
@@ -21,6 +21,19 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include "macro.h"
const char *audit_type_to_string(int type);
int audit_type_from_string(const char *s);
+
+/* This is inspired by DNS TYPEnnn formatting */
+#define audit_type_name_alloca(type) \
+ ({ \
+ const char *_s_; \
+ _s_ = audit_type_to_string(type); \
+ if (!_s_) { \
+ _s_ = alloca(strlen("AUDIT") + DECIMAL_STR_MAX(int)); \
+ sprintf((char*) _s_, "AUDIT%04i", type); \
+ } \
+ _s_; \
+ })
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index 46eb82fa34..64395e1148 100644
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -21,6 +21,7 @@
#include "missing.h"
#include "journald-audit.h"
+#include "audit-type.h"
typedef struct MapField {
const char *audit_field;
@@ -336,7 +337,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s
size_t n_iov_allocated = 0;
unsigned n_iov = 0, k;
uint64_t seconds, msec, id;
- const char *p;
+ const char *p, *type_name;
unsigned z;
char id_field[sizeof("_AUDIT_ID=") + DECIMAL_STR_MAX(uint64_t)],
type_field[sizeof("_AUDIT_TYPE=") + DECIMAL_STR_MAX(int)],
@@ -396,8 +397,9 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s
IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_FACILITY=32");
IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_IDENTIFIER=audit");
- m = alloca(strlen("MESSAGE=<audit-") + DECIMAL_STR_MAX(int) + strlen("> ") + strlen(p) + 1);
- sprintf(m, "MESSAGE=<audit-%i> %s", type, p);
+ type_name = audit_type_name_alloca(type);
+
+ m = strjoina("MESSAGE=", type_name, " ", p);
IOVEC_SET_STRING(iov[n_iov++], m);
z = n_iov;
diff --git a/src/journal/test-audit-type.c b/src/journal/test-audit-type.c
new file mode 100644
index 0000000000..7946cf3c41
--- /dev/null
+++ b/src/journal/test-audit-type.c
@@ -0,0 +1,44 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2015 Zbigniew Jędrzejewski-Szmek
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdio.h>
+#include <linux/audit.h>
+
+#include "audit-type.h"
+
+static void print_audit_label(int i) {
+ const char *name;
+
+ name = audit_type_name_alloca(i);
+ /* This is a separate function only because of alloca */
+ printf("%i → %s → %s\n", i, audit_type_to_string(i), name);
+}
+
+static void test_audit_type(void) {
+ int i;
+
+ for (i = 0; i <= AUDIT_KERNEL; i++)
+ print_audit_label(i);
+}
+
+int main(int argc, char **argv) {
+ test_audit_type();
+}