audit/SOURCES/audit-3.0-af_unix-plugin.patch

245 lines
6.3 KiB
Diff
Raw Normal View History

diff -urp audit-3.0.orig/audisp/audispd-builtins.c audit-3.0/audisp/audispd-builtins.c
--- audit-3.0.orig/audisp/audispd-builtins.c 2018-08-31 17:05:48.000000000 -0400
+++ audit-3.0/audisp/audispd-builtins.c 2018-12-06 20:01:06.922443361 -0500
@@ -35,12 +35,17 @@
#include <sys/uio.h> // writev
#include <fcntl.h>
#include <stdio.h>
+#include "ev.h"
#include "audispd-pconfig.h"
#include "audispd-builtins.h"
+// Global data
+extern struct ev_loop *loop;
+
// Local data
static volatile int sock = -1, conn = -1;
static char *path = NULL;
+static struct ev_io af_unix_watcher;
// Local prototypes
static void init_af_unix(const plugin_conf_t *conf);
@@ -63,21 +68,37 @@ void stop_builtin(plugin_conf_t *conf)
syslog(LOG_ERR, "Unknown builtin %s", conf->path);
}
-static void af_unix_accept(int fd)
+static int watching = 0;
+static void stop_watching(void)
+{
+ if (watching) {
+ ev_io_stop(loop, &af_unix_watcher);
+ watching = 0;
+ }
+}
+
+static void af_unix_accept(struct ev_loop *l, struct ev_io *_io, int revents)
{
int cmd;
do {
- conn = accept(fd, NULL, NULL);
+ conn = accept(_io->fd, NULL, NULL);
} while (conn < 0 && errno == EINTR);
// De-register since this is intended to be one listener
if (conn >= 0)
- remove_event(fd);
+ stop_watching();
cmd = fcntl(conn, F_GETFD);
fcntl(conn, F_SETFD, cmd|FD_CLOEXEC);
}
+static void start_watching(void)
+{
+ ev_io_init(&af_unix_watcher, af_unix_accept, sock, EV_READ);
+ ev_io_start(loop, &af_unix_watcher);
+ watching = 1;
+}
+
static int create_af_unix_socket(const char *path, int mode)
{
struct sockaddr_un addr;
@@ -122,8 +143,8 @@ static int create_af_unix_socket(const c
// Make socket listening...won't block
(void)listen(sock, 5);
- // Register socket with poll
- add_event(sock, af_unix_accept);
+ // Register socket with libev
+ start_watching();
return 0;
}
@@ -213,7 +234,8 @@ void send_af_unix_string(const char *s,
if (rc < 0 && errno == EPIPE) {
close(conn);
conn = -1;
- add_event(sock, af_unix_accept);
+ stop_watching();
+ start_watching();
}
}
}
@@ -237,7 +259,8 @@ void send_af_unix_binary(event_t *e)
if (rc < 0 && errno == EPIPE) {
close(conn);
conn = -1;
- add_event(sock, af_unix_accept);
+ stop_watching();
+ start_watching();
}
}
}
@@ -250,10 +273,13 @@ void destroy_af_unix(void)
conn = -1;
did_something = 1;
}
+ stop_watching();
if (sock >= 0) {
+
close(sock);
sock = -1;
did_something = 1;
+
}
if (path) {
unlink(path);
diff -urp audit-3.0.orig/audisp/audispd-builtins.h audit-3.0/audisp/audispd-builtins.h
--- audit-3.0.orig/audisp/audispd-builtins.h 2018-08-31 17:05:48.000000000 -0400
+++ audit-3.0/audisp/audispd-builtins.h 2018-12-06 20:01:06.922443361 -0500
@@ -33,10 +33,5 @@ void send_af_unix_string(const char *s,
void send_af_unix_binary(event_t *e);
void destroy_af_unix(void);
-typedef void (*poll_callback_ptr)(int fd);
-int add_event(int fd, poll_callback_ptr cb);
-int remove_event(int fd);
-
-
#endif
diff -urp audit-3.0.orig/audisp/audispd.c audit-3.0/audisp/audispd.c
--- audit-3.0.orig/audisp/audispd.c 2018-08-31 17:05:48.000000000 -0400
+++ audit-3.0/audisp/audispd.c 2018-12-06 20:01:06.922443361 -0500
@@ -31,7 +31,6 @@
#include <pthread.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/poll.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <limits.h>
@@ -578,43 +577,6 @@ static int event_loop(void)
return 1;
}
-static struct pollfd pfd[4];
-static poll_callback_ptr pfd_cb[4];
-static volatile int pfd_cnt=0;
-int add_event(int fd, poll_callback_ptr cb)
-{
- if (pfd_cnt > 3)
- return -1;
-
- pfd[pfd_cnt].fd = fd;
- pfd[pfd_cnt].events = POLLIN;
- pfd[pfd_cnt].revents = 0;
- pfd_cb[pfd_cnt] = cb;
- pfd_cnt++;
- return 0;
-}
-
-int remove_event(int fd)
-{
- int start, i;
- if (pfd_cnt == 0)
- return -1;
-
- for (start=0; start < pfd_cnt; start++) {
- if (pfd[start].fd == fd)
- break;
- }
- for (i=start; i<(pfd_cnt-1); i++) {
- pfd[i].events = pfd[i+1].events;
- pfd[i].revents = pfd[i+1].revents;
- pfd[i].fd = pfd[i+1].fd;
- pfd_cb[i] = pfd_cb[i+1];
- }
-
- pfd_cnt--;
- return 0;
-}
-
/* returns > 0 if plugins and 0 if none */
int libdisp_active(void)
{
diff -urp audit-3.0.orig/audisp/Makefile.am audit-3.0/audisp/Makefile.am
--- audit-3.0.orig/audisp/Makefile.am 2018-08-31 17:05:48.000000000 -0400
+++ audit-3.0/audisp/Makefile.am 2018-12-06 20:01:06.922443361 -0500
@@ -22,7 +22,7 @@
SUBDIRS = plugins
CONFIG_CLEAN_FILES = *.rej *.orig
-AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src
+AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src -I${top_srcdir}/src/libev
LIBS = -L${top_builddir}/lib -laudit
LDADD = -lpthread
@@ -30,5 +30,6 @@ noinst_HEADERS = audispd-pconfig.h audis
queue.h audispd-builtins.h libdisp.h
libdisp_a_SOURCES = audispd.c audispd-pconfig.c queue.c \
audispd-llist.c audispd-builtins.c
+libdisp_a_CFLAGS = -fno-strict-aliasing
noinst_LIBRARIES = libdisp.a
diff -urp audit-3.0.orig/src/auditd.c audit-3.0/src/auditd.c
--- audit-3.0.orig/src/auditd.c 2018-12-06 19:41:21.076570614 -0500
+++ audit-3.0/src/auditd.c 2018-12-06 20:01:06.923443360 -0500
@@ -580,6 +580,7 @@ static void close_pipes(void)
close(pipefds[1]);
}
+struct ev_loop *loop;
int main(int argc, char *argv[])
{
struct sigaction sa;
@@ -597,7 +598,6 @@ int main(int argc, char *argv[])
enum startup_state opt_startup = startup_enable;
extern char *optarg;
extern int optind;
- struct ev_loop *loop;
struct ev_io netlink_watcher;
struct ev_io pipe_watcher;
struct ev_signal sigterm_watcher;
@@ -748,14 +748,6 @@ int main(int argc, char *argv[])
return 1;
}
- if (init_dispatcher(&config)) {
- if (pidfile)
- unlink(pidfile);
- tell_parent(FAILURE);
- free_config(&config);
- return 1;
- }
-
/* Get machine name ready for use */
if (resolve_node(&config)) {
if (pidfile)
@@ -891,6 +883,14 @@ int main(int argc, char *argv[])
/* Depending on value of opt_startup (-s) set initial audit state */
loop = ev_default_loop (EVFLAG_NOENV);
+ if (init_dispatcher(&config)) {
+ if (pidfile)
+ unlink(pidfile);
+ tell_parent(FAILURE);
+ free_config(&config);
+ return 1;
+ }
+
if (!opt_aggregate_only) {
ev_io_init (&netlink_watcher, netlink_handler, fd, EV_READ);
ev_io_start (loop, &netlink_watcher);