58 lines
2.5 KiB
Diff
58 lines
2.5 KiB
Diff
|
Based on dec23413ecc90d4a547aa41f02af0482b4513495 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||
|
Date: Mon, 27 Oct 2014 21:31:29 -0400
|
||
|
Subject: [PATCH] selinux: make sure we do not try to print missing fields
|
||
|
|
||
|
UID or GID of 0 is valid, so we cannot use that to distinguish whether
|
||
|
calls to sd_bus_creds_get_* succeeded, and the return value from the
|
||
|
function is the only way to know about missing fields. Print "n/a" if
|
||
|
the fields are missing.
|
||
|
|
||
|
CID #1238779
|
||
|
---
|
||
|
src/core/selinux-access.c | 18 ++++++++++++------
|
||
|
1 file changed, 12 insertions(+), 6 deletions(-)
|
||
|
|
||
|
diff --git src/core/selinux-access.c src/core/selinux-access.c
|
||
|
index 08ea6ef..351d48f 100644
|
||
|
--- src/core/selinux-access.c
|
||
|
+++ src/core/selinux-access.c
|
||
|
@@ -53,7 +53,7 @@ struct audit_info {
|
||
|
|
||
|
/*
|
||
|
Any time an access gets denied this callback will be called
|
||
|
- with the aduit data. We then need to just copy the audit data into the msgbuf.
|
||
|
+ with the audit data. We then need to just copy the audit data into the msgbuf.
|
||
|
*/
|
||
|
static int audit_callback(
|
||
|
void *auditdata,
|
||
|
@@ -64,14 +64,20 @@ static int audit_callback(
|
||
|
const struct audit_info *audit = auditdata;
|
||
|
uid_t uid = 0, login_uid = 0;
|
||
|
gid_t gid = 0;
|
||
|
+ char login_uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
|
||
|
+ char uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
|
||
|
+ char gid_buf[DECIMAL_STR_MAX(gid_t)] = "n/a";
|
||
|
|
||
|
- sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid);
|
||
|
- sd_bus_creds_get_uid(audit->creds, &uid);
|
||
|
- sd_bus_creds_get_gid(audit->creds, &gid);
|
||
|
+ if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
|
||
|
+ snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
|
||
|
+ if (sd_bus_creds_get_uid(audit->creds, &uid) >= 0)
|
||
|
+ snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
|
||
|
+ if (sd_bus_creds_get_gid(audit->creds, &gid) >= 0)
|
||
|
+ snprintf(gid_buf, sizeof(gid_buf), "%lu", (unsigned long)gid);
|
||
|
|
||
|
snprintf(msgbuf, msgbufsize,
|
||
|
- "auid=%d uid=%d gid=%d%s%s%s%s%s%s",
|
||
|
- login_uid, uid, gid,
|
||
|
+ "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
|
||
|
+ login_uid_buf, uid_buf, gid_buf,
|
||
|
audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
|
||
|
audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
|
||
|
|
||
|
--
|
||
|
1.7.9.2
|
||
|
|