[userspace PATCH v2 2/2] Add user filter option loginuid_set from uapi macro AUDIT_LOGINUID_SET

Richard Guy Briggs rgb at redhat.com
Thu Aug 18 18:18:57 UTC 2016 

Add macro if not in headers, check for version or feature bitmap.
Check for user or exit list use, check for boolean.

See upstream kernel commits:
	780a7654cee8d61819512385e778e4827db4bfbc
	041d7b98ffe59c59fdd639931dea7d74f9aa9a59

Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
---
 trunk/lib/errormsg.h |    2 ++
 trunk/lib/fieldtab.h |    2 ++
 trunk/lib/libaudit.c |   15 +++++++++++++++
 trunk/lib/libaudit.h |    6 ++++++
 4 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/trunk/lib/errormsg.h b/trunk/lib/errormsg.h
index a4602d5..c678315 100644
--- a/trunk/lib/errormsg.h
+++ b/trunk/lib/errormsg.h
@@ -66,5 +66,7 @@ static const struct msg_tab err_msgtab[] = {
     { -28,    2,    "Too many fields in rule:" },
     { -29,    1,    "only takes = operator" },
     { -30,    2,    "Field option not supported by kernel:" },
+    { -31,    1,    "can only be used with exit and user filter lists" },
+    { -32,    2,    "-F value should be boolean 0 or 1 for" },
 };
 #endif
diff --git a/trunk/lib/fieldtab.h b/trunk/lib/fieldtab.h
index bf48c95..107157d 100644
--- a/trunk/lib/fieldtab.h
+++ b/trunk/lib/fieldtab.h
@@ -31,6 +31,8 @@ _S(AUDIT_SGID,         "sgid"         )
 _S(AUDIT_FSGID,        "fsgid"        )
 _S(AUDIT_LOGINUID,     "auid"         )
 _S(AUDIT_LOGINUID,     "loginuid"     )
+_S(AUDIT_LOGINUID_SET, "auid_set"     )
+_S(AUDIT_LOGINUID_SET, "loginuid_set" )
 _S(AUDIT_PERS,         "pers"         )
 _S(AUDIT_ARCH,         "arch"         )
 _S(AUDIT_MSGTYPE,      "msgtype"      )
diff --git a/trunk/lib/libaudit.c b/trunk/lib/libaudit.c
index 566b89e..236f8bc 100644
--- a/trunk/lib/libaudit.c
+++ b/trunk/lib/libaudit.c
@@ -1627,6 +1627,21 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 			else 
 				return -21;
 			break;
+		case AUDIT_LOGINUID_SET:
+			if(!features)
+				return -30;
+			if (flags != AUDIT_FILTER_USER &&
+			    flags != AUDIT_FILTER_EXIT)
+				return -31;
+			if (isdigit((char)*(v))) {
+				rule->values[rule->field_count] =
+					strtol(v, NULL, 0);
+				if (rule->values[rule->field_count] > 1)
+					return -32;
+			}
+			else
+				return -32;
+			break;
 		case AUDIT_DEVMAJOR...AUDIT_INODE:
 		case AUDIT_SUCCESS:
 			if (flags != AUDIT_FILTER_EXIT)
diff --git a/trunk/lib/libaudit.h b/trunk/lib/libaudit.h
index 9640f17..0852bcc 100644
--- a/trunk/lib/libaudit.h
+++ b/trunk/lib/libaudit.h
@@ -369,6 +369,12 @@ extern "C" {
 #define AUDIT_COMPARE_SGID_TO_FSGID    25
 #endif
 
+/* Rule fields */
+#ifndef AUDIT_LOGINUID_SET
+#define AUDIT_LOGINUID_SET		24
+#endif
+
+/* Architectures */
 #ifndef EM_ARM
 #define EM_ARM  40
 #endif
-- 
1.7.1

More information about the Linux-audit mailing list