Consolidate change_runlevel to one

There are 3 copies that are identical. Move one to the common library
and delete the others. Need to move the get_progname to common also
so that the messages can be tailored to the exact program.

Author: stevegrubb

audisp/plugins/remote/audisp-remote.c

@@ -76,9 +76,6 @@ remote_conf_t config;
 static int warned = 0;
 
 /* Constants */
-static const char *SINGLE = "1";
-static const char *HALT = "0";
-static const char *INIT_PGM = "/sbin/init";
 static const char *SPOOL_FILE = "/var/spool/audit/remote.log";
 
 /* Local function declarations */
@@ -210,47 +207,6 @@ static int is_pipe(int fd)
 	return 0;
 }
 
-static void change_runlevel(const char *level)
-{
-	char *argv[3];
-	int pid;
-
-	// In case of halt, we need to log the message before we halt
-	if (strcmp(level, HALT) == 0) {
-		write_to_console("audit: will try to change runlevel to %s\n", level);
-	}
-
-	pid = fork();
-	if (pid < 0) {
-		syslog(LOG_ALERT,
-		       "audisp-remote failed to fork switching runlevels");
-		return;
-	}
-	if (pid) { /* Parent */
-		int status;
-
-		// Wait until child exits
-		if (waitpid(pid, &status, 0) < 0) {
-			return;
-		}
-
-		// Check if child exited normally, runlevel change was successful
-		if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-			write_to_console("audit: changed runlevel to %s\n", level);
-		}
-
-		return;
-	}
-
-	/* Child */
-	argv[0] = (char *)INIT_PGM;
-	argv[1] = (char *)level;
-	argv[2] = NULL;
-	execve(INIT_PGM, argv, NULL);
-	syslog(LOG_ALERT, "audisp-remote failed to exec %s", INIT_PGM);
-	exit(1);
-}
-
 static void safe_exec(const char *exe, const char *message)
 {
 	char *argv[3];

audisp/queue.c

@@ -29,7 +29,6 @@
 #include <syslog.h>
 #include <string.h>
 #include <fcntl.h>
-#include <sys/wait.h>
 #include "queue.h"
 #include "common.h"
 
@@ -63,8 +62,6 @@ extern volatile ATOMIC_INT disp_hup;
 #endif
 static unsigned int q_depth, processing_suspended, overflowed;
 static ATOMIC_UNSIGNED currently_used, max_used;
-static const char *SINGLE = "1";
-static const char *HALT = "0";
 static int queue_full_warning = 0;
 static int persist_fd = -1;
 static int persist_sync = 0;
@@ -171,48 +168,6 @@ int init_queue(unsigned int size)
 	return init_queue_extended(size, Q_IN_MEMORY, NULL);
 }
 
-static void change_runlevel(const char *level)
-{
-	char *argv[3];
-	int pid;
-	static const char *init_pgm = "/sbin/init";
-
-	// In case of halt, we need to log the message before we halt
-	if (strcmp(level, HALT) == 0) {
-		write_to_console("audit: will try to change runlevel to %s\n", level);
-	}
-
-	pid = fork();
-	if (pid < 0) {
-		syslog(LOG_ALERT, "Audispd failed to fork switching runlevels");
-		return;
-	}
-
-	if (pid) { /* Parent */
-		int status;
-
-		// Wait until child exits
-		if (waitpid(pid, &status, 0) < 0) {
-			return;
-		}
-
-		// Check if child exited normally, runlevel change was successful
-		if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-			write_to_console("audit: changed runlevel to %s\n", level);
-		}
-
-		return;
-	}
-
-	/* Child */
-	argv[0] = (char *)init_pgm;
-	argv[1] = (char *)level;
-	argv[2] = NULL;
-	execve(init_pgm, argv, NULL);
-	syslog(LOG_ALERT, "Audispd failed to exec %s", init_pgm);
-	exit(1);
-}
-
 static int do_overflow_action(struct disp_conf *config)
 {
 	int rc = -1;

common/common.c

@@ -20,30 +20,36 @@
  *      Steve Grubb <[email protected]>
  */
 
-#include "libaudit.h"
-#include "common.h"
+#include "config.h"
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <utmpx.h>
 #include <fcntl.h>
 #include <stdlib.h>	// strtol
 #include <errno.h>
+#include <string.h>
+#include <libgen.h>     // basename
+#include <signal.h>
+#include <sys/wait.h>
+#include "libaudit.h"
+#include "private.h"    // audit_msg
+#include "common.h"
 
 /*
  * This function returns 1 if it is the last record in an event.
  * It returns 0 otherwise.
  *
  * When processing an event stream we define the end of an event via
- *   record type = AUDIT_EOE (audit end of event type record), or
- *   record type = AUDIT_PROCTITLE   (we note the AUDIT_PROCTITLE is always
+ *  record type = AUDIT_EOE (audit end of event type record), or
+ *  record type = AUDIT_PROCTITLE   (we note the AUDIT_PROCTITLE is always
  *                                    the last record), or
- *   record type = AUDIT_KERNEL (kernel events are one record events), or
- *   record type < AUDIT_FIRST_EVENT (only single record events appear
+ *  record type = AUDIT_KERNEL (kernel events are one record events), or
+ *  record type < AUDIT_FIRST_EVENT (only single record events appear
  *                                    before this type), or
- *   record type >= AUDIT_FIRST_ANOM_MSG (only single record events appear
+ *  record type >= AUDIT_FIRST_ANOM_MSG (only single record events appear
  *                                      after this type), or
- *   record type >= AUDIT_MAC_UNLBL_ALLOW && record type <= AUDIT_MAC_CALIPSO_DEL
+ *  record type >= AUDIT_MAC_UNLBL_ALLOW && record type <= AUDIT_MAC_CALIPSO_DEL
  *                                       (these are also one record events)
  */
 int audit_is_last_record(int type)
@@ -72,9 +78,9 @@ int write_to_console(const char *fmt, ...)
 		return 0;
 
 	va_start(args, fmt);
-	if (vdprintf(fd, fmt, args) < 0) {
+	if (vdprintf(fd, fmt, args) < 0)
 		res = 0;
-	}
+
 	va_end(args);
 	close(fd);
 
@@ -100,7 +106,8 @@ void wall_message(const char* format, ...)
 		// Only active users have a valid terminal
 		if (entry->ut_type == USER_PROCESS) {
 			char tty_path[128];
-			snprintf(tty_path, sizeof(tty_path), "/dev/%s", entry->ut_line);
+			snprintf(tty_path, sizeof(tty_path), "/dev/%s",
+				 entry->ut_line);
 
 			fd = open(tty_path, O_WRONLY | O_NOCTTY);
 			if (fd != -1) {
@@ -125,40 +132,106 @@ long time_string_to_seconds(const char *time_string,
 	if (errno || time_string == end) {
 		if (subsystem)
 			syslog(LOG_ERR,
-			"%s: Error converting %s to a number - line %d",
-			subsystem, time_string, line);
+			       "%s: Error converting %s to a number - line %d",
+			       subsystem, time_string, line);
 		return -1;
 	}
 
 	if (*end && end[1]) {
 		if (subsystem)
 			syslog(LOG_ERR,
-			"%s: Unexpected characters in %s - line %d",
-			subsystem, time_string, line);
+			       "%s: Unexpected characters in %s - line %d",
+			       subsystem, time_string, line);
 		return -1;
 	}
 	switch (*end) {
-		case 'm':
-			i *= MINUTES;
-			break;
-		case 'h':
-			i *= HOURS;
-			break;
-		case 'd':
-			i *= DAYS;
-			break;
-		case 'M':
-			i *= MONTHS;
-			break;
-		case '\0':
-			break;
-		default:
-			if (subsystem)
-				syslog(LOG_ERR,
-				"%s: Unknown time unit in %s - line %d",
-				subsystem, time_string, line);
-			return -1;
+	case 'm':
+		i *= MINUTES;
+		break;
+	case 'h':
+		i *= HOURS;
+		break;
+	case 'd':
+		i *= DAYS;
+		break;
+	case 'M':
+		i *= MONTHS;
+		break;
+	case '\0':
+		break;
+	default:
+		if (subsystem)
+			syslog(LOG_ERR,
+			       "%s: Unknown time unit in %s - line %d",
+			       subsystem, time_string, line);
+		return -1;
 	}
 	return i;
 }
 
+const char *get_progname(void)
+{
+	static char progname[256];
+	if (progname[0] == 0) {
+		char tname[256];
+		ssize_t len = readlink("/proc/self/exe",tname,sizeof(tname)-1);
+		if (len != -1) {
+			tname[len] = '\0';
+			strcpy(progname, basename(progname));
+		} else
+			strcpy(progname, "unknown");
+	}
+	return progname;
+}
+
+const char *SINGLE = "1";
+const char *HALT = "0";
+void change_runlevel(const char *level)
+{
+	char *argv[3];
+	int pid;
+	struct sigaction sa;
+	static const char *init_pgm = "/sbin/init";
+
+	// In case of halt, we need to log the message before we halt
+	if (strcmp(level, HALT) == 0) {
+		write_to_console("%s: will try to change runlevel to %s\n",
+				 get_progname(), level);
+	}
+
+	pid = fork();
+	if (pid < 0) {
+		audit_msg(LOG_ALERT,
+			  "%s failed to fork switching runlevels",
+			  get_progname());
+		return;
+	}
+	if (pid) {      /* Parent */
+		int status;
+
+		// Wait until child exits
+		if (waitpid(pid, &status, 0) < 0) {
+			audit_msg(LOG_ALERT,
+				  "%s failed to wait for child",get_progname());
+			return;
+		}
+		// If child exited normally, runlevel change was successful
+		if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
+			write_to_console("%s: changed runlevel to %s\n",
+					 get_progname(), level);
+		}
+
+		return;
+	}
+	/* Child */
+	sigfillset (&sa.sa_mask);
+	sigprocmask (SIG_UNBLOCK, &sa.sa_mask, 0);
+
+	argv[0] = (char *)init_pgm;
+	argv[1] = (char *)level;
+	argv[2] = NULL;
+	execve(init_pgm, argv, NULL);
+	audit_msg(LOG_ALERT, "%s failed to exec %s", get_progname(), init_pgm);
+	exit(1);
+}
+

common/common.h

@@ -64,6 +64,10 @@ char *audit_strsplit_r(char *s, char **savedpp);
 char *audit_strsplit(char *s);
 int audit_is_last_record(int type);
 
+extern const char *SINGLE;
+extern const char *HALT;
+void change_runlevel(const char *level);
+const char *get_progname(void);
 
 #define MINUTES 60
 #define HOURS   60*MINUTES

lib/libaudit.c

@@ -40,7 +40,6 @@
 #include <limits.h>	/* for PATH_MAX */
 #include <sys/types.h>
 #include <sys/socket.h> /* AF_MAX */
-#include <libgen.h>	/* For basename */
 #ifdef HAVE_LIBCAP_NG
 #include <cap-ng.h>
 #endif
@@ -120,21 +119,6 @@ static int audit_priority(int xerrno)
 		return LOG_WARNING;
 }
 
-static const char *get_progname(void)
-{
-	static char progname[256];
-	if (progname[0] == 0) {
-		char tname[256];
-		ssize_t len = readlink("/proc/self/exe",tname,sizeof(tname)-1);
-		if (len != -1) {
-			tname[len] = '\0';
-			strcpy(progname, basename(progname));
-		} else
-			strcpy(progname, "unknown");
-	}
-	return progname;
-}
-
 int audit_request_status(int fd)
 {
 	int rc = audit_send(fd, AUDIT_GET, NULL, 0);