Tree - rpms/audit - CentOS Git server

rpms / audit

Blame SOURCES/audit-3.0-avc.patch

Blob History Raw

		6bfa6d	`diff -urp audit-3.0.orig/src/ausearch-parse.c audit-3.0/src/ausearch-parse.c`
		6bfa6d	`--- audit-3.0.orig/src/ausearch-parse.c 2019-03-15 15:30:39.000000000 -0400`
		6bfa6d	`+++ audit-3.0/src/ausearch-parse.c 2019-04-16 16:08:52.862402589 -0400`
		6bfa6d	`@@ -49,7 +49,7 @@ static int parse_dir(const lnode *n, sea`
		6bfa6d	`static int common_path_parser(search_items s, char path);`
		6bfa6d	`static int avc_parse_path(const lnode n, search_items s);`
		6bfa6d	`static int parse_path(const lnode n, search_items s);`
		6bfa6d	`-static int parse_user(const lnode n, search_items s);`
		6bfa6d	`+static int parse_user(const lnode n, search_items s, anode *avc);`
		6bfa6d	`static int parse_obj(const lnode n, search_items s);`
		6bfa6d	`static int parse_login(const lnode n, search_items s);`
		6bfa6d	`static int parse_daemon1(const lnode n, search_items s);`
		6bfa6d	`@@ -105,7 +105,7 @@ int extract_search_items(llist *l)`
		6bfa6d	`case AUDIT_FIRST_USER_MSG...AUDIT_USER_END:`
		6bfa6d	`case AUDIT_USER_CHAUTHTOK...AUDIT_LAST_USER_MSG:`
		6bfa6d	`case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:`
		6bfa6d	`- ret = parse_user(n, s);`
		6bfa6d	`+ ret = parse_user(n, s, NULL);`
		6bfa6d	`break;`
		6bfa6d	`case AUDIT_SOCKADDR:`
		6bfa6d	`ret = parse_sockaddr(n, s);`
		6bfa6d	`@@ -830,7 +830,7 @@ static int parse_obj(const lnode *n, sea`
		6bfa6d	`return 0;`
		6bfa6d	`}`
		6bfa6d
		6bfa6d	`-static int parse_user(const lnode n, search_items s)`
		6bfa6d	`+static int parse_user(const lnode n, search_items s, anode *avc)`
		6bfa6d	`{`
		6bfa6d	`char ptr, str, term, saved, mptr;`
		6bfa6d
		6bfa6d	`@@ -915,7 +915,10 @@ static int parse_user(const lnode *n, se`
		6bfa6d	`if (term == NULL)`
		6bfa6d	`return 12;`
		6bfa6d	`*term = 0;`
		6bfa6d	`- if (audit_avc_init(s) == 0) {`
		6bfa6d	`+ if (avc) {`
		6bfa6d	`+ avc->scontext = strdup(str);`
		6bfa6d	`+ *term = ' ';`
		6bfa6d	`+ } else if (audit_avc_init(s) == 0) {`
		6bfa6d	`anode an;`
		6bfa6d
		6bfa6d	`anode_init(&an);`
		6bfa6d	`@@ -926,6 +929,31 @@ static int parse_user(const lnode *n, se`
		6bfa6d	`return 13;`
		6bfa6d	`}`
		6bfa6d	`}`
		6bfa6d	`+ // optionally get tcontext`
		6bfa6d	`+ if (avc && event_object) {`
		6bfa6d	`+ // USER_AVC tcontext`
		6bfa6d	`+ str = strstr(term, "tcontext=");`
		6bfa6d	`+ if (str != NULL) {`
		6bfa6d	`+ str += 9;`
		6bfa6d	`+ term = strchr(str, ' ');`
		6bfa6d	`+ if (term) {`
		6bfa6d	`+ *term = 0;`
		6bfa6d	`+ avc->tcontext = strdup(str);`
		6bfa6d	`+ *term = ' ';`
		6bfa6d	`+ }`
		6bfa6d	`+ }`
		6bfa6d	`+ // Grab tclass if it exists`
		6bfa6d	`+ str = strstr(term, "tclass=");`
		6bfa6d	`+ if (str) {`
		6bfa6d	`+ str += 7;`
		6bfa6d	`+ term = strchr(str, ' ');`
		6bfa6d	`+ if (term) {`
		6bfa6d	`+ *term = 0;`
		6bfa6d	`+ avc->avc_class = strdup(str);`
		6bfa6d	`+ *term = ' ';`
		6bfa6d	`+ }`
		6bfa6d	`+ }`
		6bfa6d	`+ }`
		6bfa6d	`// optionally get gid`
		6bfa6d	`if (event_gid != -1) {`
		6bfa6d	`if (n->type == AUDIT_ADD_GROUP \|\| n->type == AUDIT_DEL_GROUP \|\|`
		6bfa6d	`@@ -1880,7 +1908,7 @@ static int parse_avc(const lnode *n, sea`
		6bfa6d	`other_avc:`
		6bfa6d	`// User AVC's are not formatted like a kernel AVC`
		6bfa6d	`if (n->type == AUDIT_USER_AVC) {`
		6bfa6d	`- rc = parse_user(n, s);`
		6bfa6d	`+ rc = parse_user(n, s, &an);`
		6bfa6d	`if (rc > 20)`
		6bfa6d	`rc = 0;`
		6bfa6d	`if (audit_avc_init(s) == 0) {`
		6bfa6d	`diff -urp audit-3.0.orig/src/ausearch-string.c audit-3.0/src/ausearch-string.c`
		6bfa6d	`--- audit-3.0.orig/src/ausearch-string.c 2019-03-15 15:30:39.000000000 -0400`
		6bfa6d	`+++ audit-3.0/src/ausearch-string.c 2019-04-16 15:55:39.186487759 -0400`
		6bfa6d	`@@ -118,6 +118,9 @@ int slist_add_if_uniq(slist *l, const ch`
		6bfa6d	`snode sn;`
		6bfa6d	`register snode *cur;`
		6bfa6d
		6bfa6d	`+ if (str == NULL)`
		6bfa6d	`+ return -1;`
		6bfa6d	`+`
		6bfa6d	`cur = l->head;`
		6bfa6d	`while (cur) {`
		6bfa6d	`if (strcmp(str, cur->str) == 0) {`

rpms / audit

Source Code

Blame SOURCES/audit-3.0-avc.patch