|
 |
63d665 |
diff -urp audit-3.0.orig/audisp/plugins/remote/audisp-remote.c audit-3.0/audisp/plugins/remote/audisp-remote.c
|
|
|
63d665 |
--- audit-3.0.orig/audisp/plugins/remote/audisp-remote.c 2019-06-07 17:08:36.000000000 -0400
|
|
|
63d665 |
+++ audit-3.0/audisp/plugins/remote/audisp-remote.c 2019-07-13 11:37:45.000000000 -0400
|
|
|
63d665 |
@@ -1,5 +1,5 @@
|
|
|
63d665 |
/* audisp-remote.c --
|
|
|
63d665 |
- * Copyright 2008-2012,2016,2018 Red Hat Inc., Durham, North Carolina.
|
|
|
63d665 |
+ * Copyright 2008-2012,2016,2018,2019 Red Hat Inc., Durham, North Carolina.
|
|
|
63d665 |
* All Rights Reserved.
|
|
|
63d665 |
*
|
|
|
63d665 |
* This program is free software; you can redistribute it and/or modify
|
|
|
63d665 |
@@ -98,7 +98,7 @@ static int ar_write (int, const void *,
|
|
|
63d665 |
credentials. These are the ones we talk to the server with. */
|
|
|
63d665 |
gss_ctx_id_t my_context;
|
|
|
63d665 |
|
|
|
63d665 |
-#define KEYTAB_NAME "/etc/audisp/audisp-remote.key"
|
|
|
63d665 |
+#define KEYTAB_NAME "/etc/audit/audisp-remote.key"
|
|
|
63d665 |
#define CCACHE_NAME "MEMORY:audisp-remote"
|
|
|
63d665 |
|
|
|
63d665 |
#define REQ_FLAGS GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG
|
|
|
63d665 |
@@ -978,7 +989,14 @@ static int negotiate_credentials (void)
|
|
|
63d665 |
|
|
|
63d665 |
static int stop_sock(void)
|
|
|
63d665 |
{
|
|
|
63d665 |
+
|
|
|
63d665 |
if (sock >= 0) {
|
|
|
63d665 |
+ if (USE_GSS) {
|
|
|
63d665 |
+ OM_uint32 minor_status;
|
|
|
63d665 |
+ gss_delete_sec_context(&minor_status, &my_context,
|
|
|
63d665 |
+ GSS_C_NO_BUFFER);
|
|
|
63d665 |
+ my_context = GSS_C_NO_CONTEXT;
|
|
|
63d665 |
+ }
|
|
|
63d665 |
shutdown(sock, SHUT_RDWR);
|
|
|
63d665 |
close(sock);
|
|
|
63d665 |
}
|
|
|
63d665 |
@@ -995,11 +1013,8 @@ static int stop_transport(void)
|
|
|
63d665 |
switch (config.transport)
|
|
|
63d665 |
{
|
|
|
63d665 |
case T_TCP:
|
|
|
63d665 |
- rc = stop_sock();
|
|
|
63d665 |
- break;
|
|
|
63d665 |
case T_KRB5:
|
|
|
63d665 |
- // FIXME: shutdown kerberos
|
|
|
63d665 |
- rc = -1;
|
|
|
63d665 |
+ rc = stop_sock();
|
|
|
63d665 |
break;
|
|
|
63d665 |
default:
|
|
|
63d665 |
rc = -1;
|
|
|
63d665 |
@@ -1142,6 +1157,7 @@ static int init_transport(void)
|
|
|
63d665 |
switch (config.transport)
|
|
|
63d665 |
{
|
|
|
63d665 |
case T_TCP:
|
|
|
63d665 |
+ case T_KRB5:
|
|
|
63d665 |
rc = init_sock();
|
|
|
63d665 |
// We set this so that it will retry the connection
|
|
|
63d665 |
if (rc == ET_TEMPORARY)
|
|
|
63d665 |
@@ -1589,6 +1605,7 @@ static int relay_event(const char *s, si
|
|
|
63d665 |
switch (config.transport)
|
|
|
63d665 |
{
|
|
|
63d665 |
case T_TCP:
|
|
|
63d665 |
+ case T_KRB5:
|
|
|
63d665 |
rc = relay_sock(s, len);
|
|
|
63d665 |
break;
|
|
|
63d665 |
default:
|