1 /* auditd-sendmail.c --
2 * Copyright 2005 Red Hat Inc., Durham, North Carolina.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Steve Grubb <sgrubb@redhat.com>
26 #include <unistd.h> // for access()
32 #include "auditd-config.h"
34 extern const char *email_command;
35 static int safe_popen(pid_t *pid, const char *mail_acct);
37 // returns 1 on error & 0 if OK
38 int sendmail(const char *subject, const char *content, const char *mail_acct)
42 if (access(email_command, 01) == 0)
47 fd = safe_popen(&pid, mail_acct);
50 mail = fdopen(fd, "w");
54 audit_msg(LOG_ERR, "Error - starting mail");
58 fprintf(mail, "To: %s\n", mail_acct);
59 fprintf(mail, "From: root\n");
60 // fprintf(mail, "X-Sender: %s\n", mail_acct);
61 fprintf(mail, "Subject: %s\n\n", subject); // End of Header
62 fprintf(mail, "%s\n", content);
63 fprintf(mail, ".\n\n"); // Close it up...
67 audit_msg(LOG_ERR, "Error - %s isn't executable",
72 static int safe_popen(pid_t *pid, const char *mail_acct)
81 "Audit daemon failed to create pipe while sending email alert");
90 "Audit daemon failed to fork while sending email alert");
93 if (*pid) { /* Parent */
94 close(pipe_fd[0]); // adjust pipe
98 sigfillset (&sa.sa_mask);
99 sigprocmask (SIG_UNBLOCK, &sa.sa_mask, 0);
101 close(pipe_fd[1]); // adjust pipe
104 /* Make email acct param */
105 snprintf(acct, sizeof(acct), "-f%s", mail_acct);
108 argv[0] = (char *)email_command;
109 argv[1] = (char *)"-t";
112 execve(email_command, argv, NULL);
113 audit_msg(LOG_ALERT, "Audit daemon failed to exec %s", email_command);