testing/audit
SHA256
3
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

Accepting request 1066163 from security

Browse Source 
Replace transitional %usrmerged macro

OBS-URL: https://build.opensuse.org/request/show/1066163
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=103
This commit is contained in:
Dominique Leuenberger 2023-02-19 17:18:35 +00:00 committed by Git OBS Bridge
commit c2d1b94dc4
15 changed files with 147 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
View File

@ -1,31 +0,0 @@
From b6c474b22f6e76969221138d0d9ec8d97cb217ee Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.com>
Date: Thu, 24 Mar 2022 23:38:24 -0300
Subject: [PATCH] audisp-remote: fix hang with disk_low_action=suspend (#254)
If auditd.conf has disk_low_action=suspend and the partition where the
log is triggers the disk_low_action, audisp-remote will hang in
infinite loop.
Fixes: 10dde069d1ac ("Dont look for stop on exit while draining the queue")
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
audisp/plugins/remote/audisp-remote.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/audisp/plugins/remote/audisp-remote.c b/audisp/plugins/remote/audisp-remote.c
index b7e610e8ca32..3be91b3d5190 100644
--- a/audisp/plugins/remote/audisp-remote.c
+++ b/audisp/plugins/remote/audisp-remote.c
@@ -619,7 +619,7 @@ int main(int argc, char *argv[])
// If stdin is a pipe, then flush the queue
if (is_pipe(0)) {
- while (q_queue_length(queue) && transport_ok)
+ while (q_queue_length(queue) && !suspend && transport_ok)
send_one(queue);
}
--
2.35.1

3
audit-3.0.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3e44d77513a42401d417dd0ceb203cf23886cb89402dea7b9494faa3f4fcc5e
size 1190011

BIN
audit-3.0.9.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

10
audit-allow-manual-stop.patch
View File

@ -11,13 +11,15 @@ SUSE since we lack the ability to use a custom stop/restart
init.d/auditd.service | 1 - init.d/auditd.service | 1 -
1 file changed, 1 deletion(-) 1 file changed, 1 deletion(-)
--- a/init.d/auditd.service Index: audit-3.0.9/init.d/auditd.service
+++ b/init.d/auditd.service ===================================================================
@@ -11,7 +11,6 @@ --- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s
Before=sysinit.target shutdown.target Before=sysinit.target shutdown.target
##Before=shutdown.target ##Before=shutdown.target
Conflicts=shutdown.target Conflicts=shutdown.target
-RefuseManualStop=yes -RefuseManualStop=yes
ConditionKernelCommandLine=!audit=0 ConditionKernelCommandLine=!audit=0
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation ConditionKernelCommandLine=!audit=off

8
audit-ausearch-do-not-require-tclass.patch
View File

@ -9,9 +9,11 @@ Signed-off-by: Tony Jones <tonyj@suse.de>
src/ausearch-parse.c | 18 ++++++++---------- src/ausearch-parse.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-) 1 file changed, 8 insertions(+), 10 deletions(-)
--- a/src/ausearch-parse.c Index: audit-3.0.9/src/ausearch-parse.c
+++ b/src/ausearch-parse.c ===================================================================
@@ -2061,17 +2061,15 @@ other_avc: --- audit-3.0.9.orig/src/ausearch-parse.c
+++ audit-3.0.9/src/ausearch-parse.c
@@ -2062,17 +2062,15 @@ other_avc:
// Now get the class...its at the end, so we do things different // Now get the class...its at the end, so we do things different
str = strstr(term, "tclass="); str = strstr(term, "tclass=");

8
audit-no-gss.patch
View File

@ -9,8 +9,10 @@ but need manual removal here.
init.d/auditd.conf | 3 --- init.d/auditd.conf | 3 ---
1 file changed, 3 deletions(-) 1 file changed, 3 deletions(-)
--- a/init.d/auditd.conf Index: audit-3.0.9/init.d/auditd.conf
+++ b/init.d/auditd.conf ===================================================================
--- audit-3.0.9.orig/init.d/auditd.conf
+++ audit-3.0.9/init.d/auditd.conf
@@ -30,8 +30,6 @@ tcp_max_per_addr = 1 @@ -30,8 +30,6 @@ tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535 ##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0 tcp_client_max_idle = 0
@ -18,5 +20,5 @@ but need manual removal here.
-krb5_principal = auditd -krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key -##krb5_key_file = /etc/audit/audit.key
distribute_network = no distribute_network = no
q_depth = 1200 q_depth = 2000
overflow_action = SYSLOG overflow_action = SYSLOG

43
audit-secondary.changes
View File

@ -1,3 +1,46 @@
-------------------------------------------------------------------
Tue Dec 27 10:21:56 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
- Replace transitional %usrmerged macro with regular version check (boo#1206798)
-------------------------------------------------------------------
Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsumiya@suse.de>
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 11 20:44:34 UTC 2022 - Jan Engelhardt <jengelh@inai.de> Mon Apr 11 20:44:34 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

13
audit-secondary.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package audit-secondary # spec file for package audit-secondary
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
# The seperation is required to minimize unnecessary build cycles. # The seperation is required to minimize unnecessary build cycles.
%define _name audit %define _name audit
Name: audit-secondary Name: audit-secondary
Version: 3.0.6 Version: 3.0.9
Release: 0 Release: 0
Summary: Linux kernel audit subsystem utilities Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later License: GPL-2.0-or-later
@ -42,8 +42,6 @@ Patch9: fix-hardened-service.patch
Patch10: enable-stop-rules.patch Patch10: enable-stop-rules.patch
Patch11: create-augenrules-service.patch Patch11: create-augenrules-service.patch
Patch12: audit-userspace-517-compat.patch Patch12: audit-userspace-517-compat.patch
Patch13: audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
Patch14: libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
BuildRequires: audit-devel = %{version} BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12 BuildRequires: autoconf >= 2.12
BuildRequires: kernel-headers >= 2.6.30 BuildRequires: kernel-headers >= 2.6.30
@ -146,6 +144,9 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \ %configure \
%ifarch aarch64 %ifarch aarch64
--with-aarch64 \ --with-aarch64 \
%endif
%ifarch arm
--with-arm \
%endif %endif
--enable-systemd \ --enable-systemd \
--libexecdir=%{_libexecdir}/%{_name} \ --libexecdir=%{_libexecdir}/%{_name} \
@ -198,7 +199,7 @@ rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5
rm -rf %{buildroot}/%{_mandir}/man3 rm -rf %{buildroot}/%{_mandir}/man3
# Cleanup plugins # Cleanup plugins
#USR-MERGE #USR-MERGE
%if !0%{?usrmerged} %if 0%{?suse_version} < 1550
mkdir %{buildroot}/sbin/ mkdir %{buildroot}/sbin/
for prog in auditctl auditd ausearch autrace aureport augenrules; do for prog in auditctl auditd ausearch autrace aureport augenrules; do
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
@ -257,7 +258,7 @@ fi
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%if !0%{?usrmerged} %if 0%{?suse_version} < 1550
/sbin/auditctl /sbin/auditctl
/sbin/auditd /sbin/auditd
/sbin/ausearch /sbin/ausearch

40
audit.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsumiya@suse.de>
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 11 20:45:33 UTC 2022 - Jan Engelhardt <jengelh@inai.de> Mon Apr 11 20:45:33 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
@ -1013,8 +1051,8 @@ Mon May 11 17:20:28 CEST 2009 - tonyj@suse.de
- Add --exit search option to ausearch - Add --exit search option to ausearch
- Fix parsing config file when kerberos is disabled - Fix parsing config file when kerberos is disabled
-------------------------------------------------------------------
-------------------------------------------------------------------
Tue Apr 14 14:52:39 CEST 2009 - dmueller@suse.de Tue Apr 14 14:52:39 CEST 2009 - dmueller@suse.de
- refresh patches - refresh patches

7
audit.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package audit # spec file for package audit
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: audit Name: audit
Version: 3.0.6 Version: 3.0.9
Release: 0 Release: 0
Summary: Linux kernel audit subsystem utilities Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later License: GPL-2.0-or-later
@ -85,6 +85,9 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
%configure \ %configure \
%ifarch aarch64 %ifarch aarch64
--with-aarch64 \ --with-aarch64 \
%endif
%ifarch arm
--with-arm \
%endif %endif
--enable-systemd \ --enable-systemd \
--libexecdir=%{_libexecdir}/%{name} \ --libexecdir=%{_libexecdir}/%{name} \

37
create-augenrules-service.patch
View File

@ -1,7 +1,7 @@
Index: audit-3.0.6/init.d/augenrules.service Index: audit-3.0.9/init.d/augenrules.service
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ audit-3.0.6/init.d/augenrules.service +++ audit-3.0.9/init.d/augenrules.service
@@ -0,0 +1,29 @@ @@ -0,0 +1,29 @@
+[Unit] +[Unit]
+Description=auditd rules generation +Description=auditd rules generation
@ -32,13 +32,13 @@ Index: audit-3.0.6/init.d/augenrules.service
+ProtectKernelTunables=true +ProtectKernelTunables=true
+ProtectKernelLogs=true +ProtectKernelLogs=true
+ReadWritePaths=/etc/audit +ReadWritePaths=/etc/audit
Index: audit-3.0.6/init.d/auditd.service Index: audit-3.0.9/init.d/auditd.service
=================================================================== ===================================================================
--- audit-3.0.6.orig/init.d/auditd.service --- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.6/init.d/auditd.service +++ audit-3.0.9/init.d/auditd.service
@@ -13,15 +13,16 @@ Before=sysinit.target shutdown.target @@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0
Conflicts=shutdown.target ConditionKernelCommandLine=!audit=off
ConditionKernelCommandLine=!audit=0
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
+Requires=augenrules.service +Requires=augenrules.service
+# This unit clears rules on stop, so make sure that augenrules runs again +# This unit clears rules on stop, so make sure that augenrules runs again
@ -57,7 +57,7 @@ Index: audit-3.0.6/init.d/auditd.service
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we clear the rules on exit. To disable this, comment # By default we clear the rules on exit. To disable this, comment
# the next line after copying the file to /etc/systemd/system/auditd.service # the next line after copying the file to /etc/systemd/system/auditd.service
@@ -45,7 +46,6 @@ ProtectClock=true @@ -46,7 +47,6 @@ ProtectClock=true
ProtectKernelTunables=true ProtectKernelTunables=true
ProtectKernelLogs=true ProtectKernelLogs=true
# end of automatic additions # end of automatic additions
@ -65,28 +65,29 @@ Index: audit-3.0.6/init.d/auditd.service
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
Index: audit-3.0.6/init.d/Makefile.am Index: audit-3.0.9/init.d/Makefile.am
=================================================================== ===================================================================
--- audit-3.0.6.orig/init.d/Makefile.am --- audit-3.0.9.orig/init.d/Makefile.am
+++ audit-3.0.6/init.d/Makefile.am +++ audit-3.0.9/init.d/Makefile.am
@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service @@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service
auditd.cron libaudit.conf auditd.condrestart \ auditd.cron libaudit.conf auditd.condrestart \
auditd.reload auditd.restart auditd.resume \ auditd.reload auditd.restart auditd.resume \
auditd.rotate auditd.state auditd.stop \ auditd.rotate auditd.state auditd.stop \
- audit-stop.rules augenrules - audit-stop.rules augenrules audit-functions
+ audit-stop.rules augenrules augenrules.service + audit-stop.rules augenrules audit-functions \
+ augenrules.service
libconfig = libaudit.conf libconfig = libaudit.conf
if ENABLE_SYSTEMD if ENABLE_SYSTEMD
initdir = /usr/lib/systemd/system initdir = /usr/lib/systemd/system
@@ -53,6 +53,7 @@ if ENABLE_SYSTEMD @@ -54,6 +55,7 @@ if ENABLE_SYSTEMD
mkdir -p ${DESTDIR}${initdir}
mkdir -p ${DESTDIR}${legacydir} mkdir -p ${DESTDIR}${legacydir}
mkdir -p ${DESTDIR}${libexecdir}
$(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service ${DESTDIR}${initdir} $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service ${DESTDIR}${initdir}
+ $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service ${DESTDIR}${initdir} + $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service ${DESTDIR}${initdir}
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload ${DESTDIR}${legacydir}/reload $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload ${DESTDIR}${legacydir}/reload
@@ -70,6 +71,7 @@ uninstall-hook: @@ -72,6 +74,7 @@ uninstall-hook:
rm ${DESTDIR}${sysconfdir}/${libconfig} rm ${DESTDIR}${sysconfdir}/${libconfig}
if ENABLE_SYSTEMD if ENABLE_SYSTEMD
rm ${DESTDIR}${initdir}/auditd.service rm ${DESTDIR}${initdir}/auditd.service

8
enable-stop-rules.patch
View File

@ -11,11 +11,11 @@ Disable audit when auditd.service stops, so kauditd stops logging/running.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de> Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Index: audit-3.0.6/init.d/auditd.service Index: audit-3.0.9/init.d/auditd.service
=================================================================== ===================================================================
--- audit-3.0.6.orig/init.d/auditd.service --- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.6/init.d/auditd.service +++ audit-3.0.9/init.d/auditd.service
@@ -23,9 +23,9 @@ ExecStart=/sbin/auditd @@ -25,9 +25,9 @@ ExecStart=/sbin/auditd
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
ExecStartPost=-/sbin/augenrules --load ExecStartPost=-/sbin/augenrules --load
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules

8
fix-hardened-service.patch
View File

@ -12,9 +12,11 @@ Also remove PrivateDevices=true so /dev/* are exposed to auditd.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de> Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
--- a/init.d/auditd.service Index: audit-3.0.9/init.d/auditd.service
+++ b/init.d/auditd.service ===================================================================
@@ -37,12 +37,12 @@ RestrictRealtime=true --- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
@@ -41,12 +41,12 @@ RestrictRealtime=true
# added automatically, for details please see # added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full ProtectSystem=full

10
harden_auditd.service.patch
View File

@ -1,8 +1,10 @@
--- a/init.d/auditd.service Index: audit-3.0.9/init.d/auditd.service
+++ b/init.d/auditd.service ===================================================================
@@ -34,6 +34,15 @@ ProtectControlGroups=true --- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
@@ -38,6 +38,15 @@ LockPersonality=true
ProtectControlGroups=true
ProtectKernelModules=true ProtectKernelModules=true
ProtectHome=true
RestrictRealtime=true RestrictRealtime=true
+# added automatically, for details please see +# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

64
libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
View File

@ -1,64 +0,0 @@
From 614edbe52180698c5b447ff4c3e7031ff0721683 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.com>
Date: Thu, 24 Mar 2022 23:36:53 -0300
Subject: [PATCH] libaudit: fix unhandled ECONNREFUSED from getpwnam() (#255)
From: Luis Galdos <luis.galdos@suse.com>
In some very specific scenarios with LDAP + network issues,
getpwnam() and getgrnam() might return ECONNREFUSED.
Up in the call chain to audit_name_to_uid()/audit_name_to_gid(),
ECONNREFUSED will be handled as kernel auditd is not running,
showing "The audit system is disabled" and stopping parsing rules.
This patch manually sets errno to ENOENT after those affected calls, in
case they fail, so rule parsing can continue cleanly.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
lib/libaudit.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 54e276156ef0..41303c244aee 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1830,9 +1830,17 @@ static int audit_name_to_uid(const char *name, uid_t *uid)
{
struct passwd *pw;
+ errno = 0;
pw = getpwnam(name);
- if (pw == NULL)
+ if (pw == NULL) {
+ /* getpwnam() might return ECONNREFUSED in some very
+ * specific cases when using LDAP.
+ * Manually set it to ENOENT so callers don't get confused
+ * with netlink's ECONNREFUSED */
+ if (errno == ECONNREFUSED)
+ errno = ENOENT;
return 1;
+ }
memset(pw->pw_passwd, ' ', strlen(pw->pw_passwd));
*uid = pw->pw_uid;
@@ -1843,9 +1851,14 @@ static int audit_name_to_gid(const char *name, gid_t *gid)
{
struct group *gr;
+ errno = 0;
gr = getgrnam(name);
- if (gr == NULL)
+ if (gr == NULL) {
+ /* See above for explanation. */
+ if (errno == ECONNREFUSED)
+ errno = ENOENT;
return 1;
+ }
*gid = gr->gr_gid;
return 0;
--
2.35.1