Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
X
x11spice
Project overview
Project overview
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Packages
Packages
Container Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
spice
x11spice
Commits
638b9968
Commit
638b9968
authored
Oct 31, 2016
by
Jeremy White
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add an option to require auditing.
parent
49452f5e
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
94 additions
and
0 deletions
+94
-0
configure.ac
configure.ac
+2
-0
src/options.c
src/options.c
+12
-0
src/options.h
src/options.h
+2
-0
src/session.c
src/session.c
+56
-0
src/session.h
src/session.h
+4
-0
src/x11spice.h
src/x11spice.h
+1
-0
src/xdg/x11spice/x11spice.conf
src/xdg/x11spice/x11spice.conf
+17
-0
No files found.
configure.ac
View file @
638b9968
...
...
@@ -21,6 +21,8 @@ AC_PROG_SED
# and uncomment this line, and the matching one in src/Makefile.am.
#AX_CODE_COVERAGE()
AC_CHECK_HEADERS(libaudit.h)
AC_CHECK_LIB(audit, audit_open)
AC_PROG_CC
AC_CONFIG_FILES(Makefile src/Makefile src/tests/Makefile)
...
...
src/options.c
View file @
638b9968
...
...
@@ -41,6 +41,10 @@
#include "options.h"
#include "x11spice.h"
#if defined(HAVE_LIBAUDIT_H)
#include <libaudit.h>
#endif
void
options_init
(
options_t
*
options
)
{
memset
(
options
,
0
,
sizeof
(
*
options
));
...
...
@@ -375,6 +379,14 @@ void options_from_config(options_t *options)
options
->
uinput_path
=
string_option
(
userkey
,
systemkey
,
"spice"
,
"uinput-path"
);
options
->
on_connect
=
string_option
(
userkey
,
systemkey
,
"spice"
,
"on-connect"
);
options
->
on_disconnect
=
string_option
(
userkey
,
systemkey
,
"spice"
,
"on-disconnect"
);
options
->
audit
=
bool_option
(
userkey
,
systemkey
,
"spice"
,
"audit"
);
options
->
audit_message_type
=
int_option
(
userkey
,
systemkey
,
"spice"
,
"audit-message-type"
);
#if defined(HAVE_LIBAUDIT_H)
/* Pick an arbitrary default in the user range. CodeWeavers was founed in 1996, so 1196 it is... */
if
(
options
->
audit_message_type
==
0
)
options
->
audit_message_type
=
AUDIT_LAST_USER_MSG
-
3
;
#endif
options_handle_ssl_file_options
(
options
,
userkey
,
systemkey
);
...
...
src/options.h
View file @
638b9968
...
...
@@ -60,6 +60,8 @@ typedef struct {
char
*
uinput_path
;
char
*
on_connect
;
char
*
on_disconnect
;
int
audit
;
int
audit_message_type
;
/* file names of config files */
char
*
user_config_file
;
...
...
src/session.c
View file @
638b9968
...
...
@@ -30,6 +30,7 @@
#include <string.h>
#include <stdlib.h>
#include <sched.h>
#include <errno.h>
#include <xcb/xcb.h>
#include <xcb/xtest.h>
...
...
@@ -43,6 +44,9 @@
#include "session.h"
#include "scan.h"
#if defined(HAVE_LIBAUDIT_H)
#include <libaudit.h>
#endif
/*----------------------------------------------------------------------------
** I fought very hard to avoid global variables, but the spice channel_event
...
...
@@ -248,6 +252,44 @@ void session_end(session_t *s)
}
static
int
begin_audit
(
session_t
*
s
)
{
int
rc
=
X11SPICE_ERR_NOAUDIT
;
#if defined(HAVE_LIBAUDIT) && defined(HAVE_LIBAUDIT_H)
s
->
audit_id
=
audit_open
();
if
(
s
->
audit_id
!=
-
1
)
{
rc
=
audit_log_user_message
(
s
->
audit_id
,
s
->
options
.
audit_message_type
,
"x11spice begin"
,
NULL
,
NULL
,
NULL
,
1
);
if
(
rc
<=
0
)
{
perror
(
"audit_log_user_message"
);
rc
=
X11SPICE_ERR_NOAUDIT
;
}
else
rc
=
0
;
}
else
perror
(
"audit_open"
);
#else
fprintf
(
stderr
,
"Error: audit requested, but not libaudit available.
\n
"
);
#endif
return
rc
;
}
static
void
end_audit
(
session_t
*
s
)
{
#if defined(HAVE_LIBAUDIT) && defined(HAVE_LIBAUDIT_H)
if
(
s
->
audit_id
!=
-
1
)
{
audit_log_user_message
(
s
->
audit_id
,
s
->
options
.
audit_message_type
,
"x11spice close"
,
NULL
,
NULL
,
NULL
,
1
);
audit_close
(
s
->
audit_id
);
}
s
->
audit_id
=
-
1
;
#endif
}
int
session_create
(
session_t
*
s
)
{
int
rc
=
0
;
...
...
@@ -264,6 +306,9 @@ int session_create(session_t *s)
s
->
connect_pid
=
0
;
s
->
disconnect_pid
=
0
;
if
(
s
->
options
.
audit
)
rc
=
begin_audit
(
s
);
return
rc
;
}
...
...
@@ -289,6 +334,9 @@ void session_destroy(session_t *s)
if
(
s
->
disconnect_pid
)
cleanup_process
(
s
->
disconnect_pid
);
s
->
disconnect_pid
=
0
;
if
(
s
->
options
.
audit
)
end_audit
(
s
);
}
/* Important note - this is meant to be called from
...
...
@@ -472,6 +520,10 @@ void session_remote_connected(const char *from)
}
if
(
global_session
->
options
.
on_connect
)
invoke_on_connect
(
global_session
,
from
);
if
(
global_session
->
options
.
audit
&&
global_session
->
audit_id
!=
-
1
)
audit_log_user_message
(
global_session
->
audit_id
,
global_session
->
options
.
audit_message_type
,
"x11spice connect"
,
NULL
,
NULL
,
NULL
,
1
);
}
void
session_remote_disconnected
(
void
)
...
...
@@ -483,4 +535,8 @@ void session_remote_disconnected(void)
if
(
global_session
->
options
.
on_disconnect
)
invoke_on_disconnect
(
global_session
);
gui_remote_disconnected
(
&
global_session
->
gui
);
if
(
global_session
->
options
.
audit
&&
global_session
->
audit_id
!=
-
1
)
audit_log_user_message
(
global_session
->
audit_id
,
global_session
->
options
.
audit_message_type
,
"x11spice disconnect"
,
NULL
,
NULL
,
NULL
,
1
);
}
src/session.h
View file @
638b9968
...
...
@@ -44,6 +44,10 @@ typedef struct session_struct {
int
connect_pid
;
int
disconnect_pid
;
#if defined(HAVE_LIBAUDIT_H)
int
audit_id
;
#endif
GMutex
*
lock
;
int
draw_command_in_progress
;
...
...
src/x11spice.h
View file @
638b9968
...
...
@@ -42,5 +42,6 @@
#define X11SPICE_ERR_BIND 15
#define X11SPICE_ERR_LISTEN 16
#define X11SPICE_ERR_OPEN 17
#define X11SPICE_ERR_NOAUDIT 18
#endif
src/xdg/x11spice/x11spice.conf
View file @
638b9968
...
...
@@ -68,6 +68,23 @@
#-----------------------------------------------------------------------------
#timeout=0
#-----------------------------------------------------------------------------
# audit Specify whether or not to audit events. Default false.
# Note: this requires permission to connect to the audit
# system, which on most systems is limited to the root user.
# If true, and you do not have permission, x11spice will exit.
#-----------------------------------------------------------------------------
#audit=false
#-----------------------------------------------------------------------------
# audit-message-type
# If audit is on, specifies the message type to provide.
# Refer to audit_log_user_message and 'ausearch --message'
# for more information.
# Default: 1196
#-----------------------------------------------------------------------------
#audit-message-type=1196
#-----------------------------------------------------------------------------
# minimize Starts the x11spice gui minimized. Default false.
#-----------------------------------------------------------------------------
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment