[userspace PATCH v2 1/3] Add userspace support for session ID user filter.

Thu, 18 Aug 2016 11:50:54 -0700 

Add support for the session ID user filter by adding the field name
"sessionid" using the kernel defined macro value AUDIT_SESSIONID.

https://github.com/linux-audit/audit-kernel/issues/4
RFE: add a session ID filter to the kernel's user filter

Signed-off-by: Richard Guy Briggs <[email protected]>
---
 trunk/lib/errormsg.h |    1 +
 trunk/lib/fieldtab.h |    1 +
 trunk/lib/libaudit.c |   11 +++++++++++
 trunk/lib/libaudit.h |    4 ++++
 4 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/trunk/lib/errormsg.h b/trunk/lib/errormsg.h
index 4a897be..2c6b9fa 100644
--- a/trunk/lib/errormsg.h
+++ b/trunk/lib/errormsg.h
@@ -68,5 +68,6 @@ static const struct msg_tab err_msgtab[] = {
     { -30,    2,    "Field option not supported by kernel:" },
     { -31,    1,    "can only be used with exit, user and exclude filter 
lists" },
     { -32,    2,    "-F value should be boolean 0 or 1 for" },
+    { -33,    2,    "-F value should be positive number for" },
 };
 #endif
diff --git a/trunk/lib/fieldtab.h b/trunk/lib/fieldtab.h
index 107157d..84acc08 100644
--- a/trunk/lib/fieldtab.h
+++ b/trunk/lib/fieldtab.h
@@ -33,6 +33,7 @@ _S(AUDIT_LOGINUID,     "auid"         )
 _S(AUDIT_LOGINUID,     "loginuid"     )
 _S(AUDIT_LOGINUID_SET, "auid_set"     )
 _S(AUDIT_LOGINUID_SET, "loginuid_set" )
+_S(AUDIT_SESSIONID,    "sessionid"    )
 _S(AUDIT_PERS,         "pers"         )
 _S(AUDIT_ARCH,         "arch"         )
 _S(AUDIT_MSGTYPE,      "msgtype"      )
diff --git a/trunk/lib/libaudit.c b/trunk/lib/libaudit.c
index 5ffc38c..38776f4 100644
--- a/trunk/lib/libaudit.c
+++ b/trunk/lib/libaudit.c
@@ -1663,6 +1663,17 @@ int audit_rule_fieldpair_data(struct audit_rule_data 
**rulep, const char *pair,
                        else
                                return -32;
                        break;
+               case AUDIT_SESSIONID:
+                       if (flags != AUDIT_FILTER_EXCLUDE &&
+                           flags != AUDIT_FILTER_USER &&
+                           flags != AUDIT_FILTER_EXIT)
+                               return -31;
+                       if (isdigit((char)*(v)))
+                               rule->values[rule->field_count] =
+                                       strtol(v, NULL, 0);
+                       else
+                               return -33;
+                       break;
                case AUDIT_DEVMAJOR...AUDIT_INODE:
                case AUDIT_SUCCESS:
                        if (flags != AUDIT_FILTER_EXIT)
diff --git a/trunk/lib/libaudit.h b/trunk/lib/libaudit.h
index f77691f..95b7a78 100644
--- a/trunk/lib/libaudit.h
+++ b/trunk/lib/libaudit.h
@@ -377,6 +377,10 @@ extern "C" {
 #define AUDIT_LOGINUID_SET             24
 #endif
 
+#ifndef AUDIT_SESSIONID
+#define AUDIT_SESSIONID                        25
+#endif
+
 /* Architectures */
 #ifndef EM_ARM
 #define EM_ARM  40
-- 
1.7.1

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to