Add an option to require auditing.

author: Jeremy White <jwhite@codeweavers.com> 2016-10-31 10:15:41 -0500
committer: Jeremy White <jwhite@codeweavers.com> 2016-10-31 13:59:29 -0500
commit: 638b996881d6065f32212152509b08ac1b49880a (patch)
tree: a3655fa532215cb91ebbc0394a272b6f3996141b
parent: 49452f5e1967534bfe373ab711baed3a188e9454 (diff)
7 files changed, 94 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 2e1f83f..7832f97 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,6 +21,8 @@ AC_PROG_SED
 # and uncomment this line, and the matching one in src/Makefile.am.
 #AX_CODE_COVERAGE()
 
+AC_CHECK_HEADERS(libaudit.h)
+AC_CHECK_LIB(audit, audit_open)
 
 AC_PROG_CC
 AC_CONFIG_FILES(Makefile src/Makefile src/tests/Makefile)
diff --git a/src/options.c b/src/options.c
index 8a8a99e..647a10d 100644
--- a/src/options.c
+++ b/src/options.c
@@ -41,6 +41,10 @@
 #include "options.h"
 #include "x11spice.h"
 
+#if defined(HAVE_LIBAUDIT_H)
+#include <libaudit.h>
+#endif
+
 void options_init(options_t *options)
 {
     memset(options, 0, sizeof(*options));
@@ -375,6 +379,14 @@ void options_from_config(options_t *options)
     options->uinput_path = string_option(userkey, systemkey, "spice", "uinput-path");
     options->on_connect = string_option(userkey, systemkey, "spice", "on-connect");
     options->on_disconnect = string_option(userkey, systemkey, "spice", "on-disconnect");
+    options->audit = bool_option(userkey, systemkey, "spice", "audit");
+    options->audit_message_type = int_option(userkey, systemkey, "spice", "audit-message-type");
+
+#if defined(HAVE_LIBAUDIT_H)
+    /* Pick an arbitrary default in the user range.  CodeWeavers was founed in 1996, so 1196 it is... */
+    if (options->audit_message_type == 0)
+        options->audit_message_type = AUDIT_LAST_USER_MSG - 3;
+#endif
 
     options_handle_ssl_file_options(options, userkey, systemkey);
 
diff --git a/src/options.h b/src/options.h
index 5ce0482..6155984 100644
--- a/src/options.h
+++ b/src/options.h
@@ -60,6 +60,8 @@ typedef struct {
     char *uinput_path;
     char *on_connect;
     char *on_disconnect;
+    int audit;
+    int audit_message_type;
 
     /* file names of config files */
     char *user_config_file;
diff --git a/src/session.c b/src/session.c
index 2e3a278..2579bf2 100644
--- a/src/session.c
+++ b/src/session.c
@@ -30,6 +30,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <sched.h>
+#include <errno.h>
 
 #include <xcb/xcb.h>
 #include <xcb/xtest.h>
@@ -43,6 +44,9 @@
 #include "session.h"
 #include "scan.h"
 
+#if defined(HAVE_LIBAUDIT_H)
+#include <libaudit.h>
+#endif
 
 /*----------------------------------------------------------------------------
 ** I fought very hard to avoid global variables, but the spice channel_event
@@ -248,6 +252,44 @@ void session_end(session_t *s)
 
 }
 
+static int begin_audit(session_t *s)
+{
+    int rc = X11SPICE_ERR_NOAUDIT;
+#if defined(HAVE_LIBAUDIT) && defined(HAVE_LIBAUDIT_H)
+    s->audit_id = audit_open();
+    if (s->audit_id != -1)
+    {
+        rc = audit_log_user_message(s->audit_id, s->options.audit_message_type,
+            "x11spice begin", NULL, NULL, NULL, 1);
+        if (rc <= 0)
+        {
+            perror("audit_log_user_message");
+            rc = X11SPICE_ERR_NOAUDIT;
+        }
+        else
+            rc = 0;
+    }
+    else
+        perror("audit_open");
+#else
+    fprintf(stderr, "Error: audit requested, but not libaudit available.\n");
+#endif
+    return rc;
+}
+
+static void end_audit(session_t *s)
+{
+#if defined(HAVE_LIBAUDIT) && defined(HAVE_LIBAUDIT_H)
+    if (s->audit_id != -1)
+    {
+        audit_log_user_message(s->audit_id, s->options.audit_message_type,
+            "x11spice close", NULL, NULL, NULL, 1);
+        audit_close(s->audit_id);
+    }
+    s->audit_id = -1;
+#endif
+}
+
 int session_create(session_t *s)
 {
     int rc = 0;
@@ -264,6 +306,9 @@ int session_create(session_t *s)
     s->connect_pid = 0;
     s->disconnect_pid = 0;
 
+    if (s->options.audit)
+        rc = begin_audit(s);
+
     return rc;
 }
 
@@ -289,6 +334,9 @@ void session_destroy(session_t *s)
     if (s->disconnect_pid)
         cleanup_process(s->disconnect_pid);
     s->disconnect_pid = 0;
+
+    if (s->options.audit)
+        end_audit(s);
 }
 
 /* Important note - this is meant to be called from
@@ -472,6 +520,10 @@ void session_remote_connected(const char *from)
     }
     if (global_session->options.on_connect)
         invoke_on_connect(global_session, from);
+
+    if (global_session->options.audit && global_session->audit_id != -1)
+        audit_log_user_message(global_session->audit_id, global_session->options.audit_message_type,
+            "x11spice connect", NULL, NULL, NULL, 1);
 }
 
 void session_remote_disconnected(void)
@@ -483,4 +535,8 @@ void session_remote_disconnected(void)
     if (global_session->options.on_disconnect)
         invoke_on_disconnect(global_session);
     gui_remote_disconnected(&global_session->gui);
+
+    if (global_session->options.audit && global_session->audit_id != -1)
+        audit_log_user_message(global_session->audit_id, global_session->options.audit_message_type,
+            "x11spice disconnect", NULL, NULL, NULL, 1);
 }
diff --git a/src/session.h b/src/session.h
index edd387d..449ca7d 100644
--- a/src/session.h
+++ b/src/session.h
@@ -44,6 +44,10 @@ typedef struct session_struct {
     int connect_pid;
     int disconnect_pid;
 
+#if defined(HAVE_LIBAUDIT_H)
+    int audit_id;
+#endif
+
     GMutex *lock;
     int draw_command_in_progress;
 
diff --git a/src/x11spice.h b/src/x11spice.h
index a58fdf0..fbd3a08 100644
--- a/src/x11spice.h
+++ b/src/x11spice.h
@@ -42,5 +42,6 @@
 #define X11SPICE_ERR_BIND              15
 #define X11SPICE_ERR_LISTEN            16
 #define X11SPICE_ERR_OPEN              17
+#define X11SPICE_ERR_NOAUDIT           18
 
 #endif
diff --git a/src/xdg/x11spice/x11spice.conf b/src/xdg/x11spice/x11spice.conf
index e01521b..38fa4e8 100644
--- a/src/xdg/x11spice/x11spice.conf
+++ b/src/xdg/x11spice/x11spice.conf
@@ -69,6 +69,23 @@
 #timeout=0
 
 #-----------------------------------------------------------------------------
+# audit     Specify whether or not to audit events.  Default false.
+#           Note: this requires permission to connect to the audit
+#           system, which on most systems is limited to the root user.
+#           If true, and you do not have permission, x11spice will exit.
+#-----------------------------------------------------------------------------
+#audit=false
+
+#-----------------------------------------------------------------------------
+# audit-message-type
+#           If audit is on, specifies the message type to provide.
+#           Refer to audit_log_user_message and 'ausearch --message'
+#           for more information.
+#           Default: 1196
+#-----------------------------------------------------------------------------
+#audit-message-type=1196
+
+#-----------------------------------------------------------------------------
 # minimize  Starts the x11spice gui minimized.  Default false.
 #-----------------------------------------------------------------------------
 #minimize=false
author	Jeremy White <jwhite@codeweavers.com>	2016-10-31 10:15:41 -0500
committer	Jeremy White <jwhite@codeweavers.com>	2016-10-31 13:59:29 -0500
commit	638b996881d6065f32212152509b08ac1b49880a (patch)
tree	a3655fa532215cb91ebbc0394a272b6f3996141b
parent	49452f5e1967534bfe373ab711baed3a188e9454 (diff)