lib/: audit function for groups

Link: https://github.com/linux-audit/audit-documentation/wiki/SPEC-User-Account-Lifecycle-Events
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/audit_help.c b/lib/audit_help.c
index 54109f04ff1da146bb9747e27ec95ced14796510..8b24025528c77b182157ec63f32ea008f74d8c83 100644 (file)
--- a/lib/audit_help.c
+++ b/lib/audit_help.c
@@ -25,6 +25,8 @@
 #include "attr.h"
 #include "prototypes.h"
 #include "shadowlog.h"
+#include "string/sprintf/snprintf.h"
+
 int audit_fd;
 
 void audit_help_open (void)
@@ -46,10 +48,14 @@ void audit_help_open (void)
 
 /*
  * This function will log a message to the audit system using a predefined
- * message format. Parameter usage is as follows:
+ * message format. For additional information on the user account lifecycle
+ * events check
+ * <https://github.com/linux-audit/audit-documentation/wiki/SPEC-User-Account-Lifecycle-Events>
+ *
+ * Parameter usage is as follows:
  *
- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
- *       attributes.
+ * type - type of message. A list of possible values is available in
+ *        "audit-records.h" file.
  * pgname - program's name
  * op  -  operation. "adding user", "changing finger info", "deleting group"
  * name - user's account or group name. If not available use NULL.
@@ -68,6 +74,47 @@ void audit_logger (int type, MAYBE_UNUSED const char *pgname, const char *op,
        }
 }
 
+/*
+ * This function will log a message to the audit system using a predefined
+ * message format. For additional information on the group account lifecycle
+ * events check
+ * <https://github.com/linux-audit/audit-documentation/wiki/SPEC-User-Account-Lifecycle-Events>
+ *
+ * Parameter usage is as follows:
+ *
+ * type - type of message. A list of possible values is available in
+ *        "audit-records.h" file.
+ * op  -  operation. "adding-user", "modify-group", "deleting-user-from-group"
+ * name - user's account or group name. If not available use NULL.
+ * id  -  uid or gid that the operation is being performed on. This is used
+ *       only when user is NULL.
+ * grp_type - type of group: "grp" or "new_group"
+ * grp - group name associated with event
+ */
+void
+audit_logger_with_group(int type, const char *op, const char *name,
+    id_t id, const char *grp_type, const char *grp,
+    shadow_audit_result result)
+{
+       int len;
+       char enc_group[GROUP_NAME_MAX_LENGTH * 2 + 1];
+       char buf[NITEMS(enc_group) + 100];
+
+       if (audit_fd < 0)
+               return;
+
+       len = strnlen(grp, sizeof(enc_group)/2);
+       if (audit_value_needs_encoding(grp, len)) {
+               SNPRINTF(buf, "%s %s=%s", op, grp_type,
+                       audit_encode_value(enc_group, grp, len));
+       } else {
+               SNPRINTF(buf, "%s %s=\"%s\"", op, grp_type, grp);
+       }
+
+       audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
+                              NULL, NULL, NULL, result);
+}
+
 void audit_logger_message (const char *message, shadow_audit_result result)
 {
        if (audit_fd < 0) {

diff --git a/lib/prototypes.h b/lib/prototypes.h
index 79bd0fdd684aaf20baa520d1fd63be9abc233a0c..003fef049d38df808543e4173b8dc564f65d11fd 100644 (file)
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -189,6 +189,9 @@ extern void audit_logger (int type, const char *pgname, const char *op,
                           const char *name, unsigned int id,
                           shadow_audit_result result);
 void audit_logger_message (const char *message, shadow_audit_result result);
+void audit_logger_with_group(int type, const char *op, const char *name,
+    id_t id, const char *grp_type, const char *grp,
+    shadow_audit_result result);
 #endif
 
 /* limits.c */