selinux: make sure we do not try to print missing fields

UID or GID of 0 is valid, so we cannot use that to distinguish whether calls to sd_bus_creds_get_* succeeded, and the return value from the function is the only way to know about missing fields. Print "n/a" if the fields are missing. CID #1238779
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2014-10-27 21:31:29 -0400
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2014-10-27 22:30:43 -0400
commit: dec23413ecc90d4a547aa41f02af0482b4513495 (patch)
tree: 7a910ad2e9a8fa182e3c2f15e75224f3ac1b4bf2 /src/core/selinux-access.c
parent: 3769415e6573da64fb80e31f4bb3f850cd99031e (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 08ea6efb7..351d48f8a 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -53,7 +53,7 @@ struct audit_info {
 
 /*
    Any time an access gets denied this callback will be called
-   with the aduit data.  We then need to just copy the audit data into the msgbuf.
+   with the audit data.  We then need to just copy the audit data into the msgbuf.
 */
 static int audit_callback(
                 void *auditdata,
@@ -64,14 +64,20 @@ static int audit_callback(
         const struct audit_info *audit = auditdata;
         uid_t uid = 0, login_uid = 0;
         gid_t gid = 0;
+        char login_uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
+        char uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
+        char gid_buf[DECIMAL_STR_MAX(gid_t)] = "n/a";
 
-        sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid);
-        sd_bus_creds_get_uid(audit->creds, &uid);
-        sd_bus_creds_get_gid(audit->creds, &gid);
+        if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
+                snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
+        if (sd_bus_creds_get_uid(audit->creds, &uid) >= 0)
+                snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
+        if (sd_bus_creds_get_gid(audit->creds, &gid) >= 0)
+                snprintf(gid_buf, sizeof(gid_buf), GID_FMT, gid);
 
         snprintf(msgbuf, msgbufsize,
-                 "auid=%d uid=%d gid=%d%s%s%s%s%s%s",
-                 login_uid, uid, gid,
+                 "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
+                 login_uid_buf, uid_buf, gid_buf,
                  audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
                  audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2014-10-27 21:31:29 -0400
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2014-10-27 22:30:43 -0400
commit	dec23413ecc90d4a547aa41f02af0482b4513495 (patch)
tree	7a910ad2e9a8fa182e3c2f15e75224f3ac1b4bf2 /src/core/selinux-access.c
parent	3769415e6573da64fb80e31f4bb3f850cd99031e (diff)