- Fix python bindings to correctly handle passing files to auparse

stevegrubb · stevegrubb · commit db2e02777051 · 2026-02-01T16:01:52.000-05:00
diff --git a/ChangeLog b/ChangeLog
@@ -4,6 +4,7 @@
 - Code cleanups
 - Improve auplugin_fgets performance
 - Update syscalls and io_uring tables for the 6.19 kernel
+- Fix python bindings to correctly handle passing files to auparse
 
 4.1.2
 - Use runstatedir to guide the whole audit project to the run directory
diff --git a/auparse/test/auparse_test.py b/auparse/test/auparse_test.py
@@ -275,8 +275,44 @@ def feed_callback(au, cb_event_type, event_cnt, interpret=False):
           (FIELDS_EXPECTED, walked_fields))
 print("Test 11 Done\n")
 
+print("Starting Test 12, descriptor source...")
+fd = os.open(srcdir + "/test.log", os.O_RDONLY)
+au = auparse.AuParser(auparse.AUSOURCE_DESCRIPTOR, fd)
+if not au.parse_next_event():
+    print("Error parsing descriptor")
+else:
+    if not au.first_record():
+        print("Error getting first record")
+    else:
+        print("descriptor type=%d(%s)" % (au.get_type(),
+              au.get_type_name()))
+au = None
+os.lseek(fd, 0, os.SEEK_SET)
+print("descriptor fd open=%s" % (os.read(fd, 4) != b""))
+os.close(fd)
+print("Test 12 Done\n")
+
+print("Starting Test 13, file pointer source...")
+f = open(srcdir + "/test.log")
+au = auparse.AuParser(auparse.AUSOURCE_FILE_POINTER, f)
+if not au.parse_next_event():
+    print("Error parsing file pointer")
+else:
+    if not au.first_record():
+        print("Error getting first record")
+    else:
+        print("file pointer type=%d(%s)" % (au.get_type(),
+              au.get_type_name()))
+au = None
+if f.closed:
+    print("file pointer open=0")
+else:
+    f.seek(0)
+    print("file pointer open=%s" % (f.read(4) != ""))
+f.close()
+print("Test 13 Done\n")
+
 print("Finished non-admin tests\n")
 
 au = None
 sys.exit(0)
-
diff --git a/auparse/test/auparse_test.ref.py b/auparse/test/auparse_test.ref.py
@@ -1417,5 +1417,15 @@
 
 Test 11 Done
 
+Starting Test 12, descriptor source...
+descriptor type=1400(AVC)
+descriptor fd open=True
+Test 12 Done
+
+Starting Test 13, file pointer source...
+file pointer type=1400(AVC)
+file pointer open=True
+Test 13 Done
+
 Finished non-admin tests
 
diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
@@ -4,6 +4,8 @@
 
 #include <errno.h>
 #include <time.h>
+#include <stdint.h>
+#include <unistd.h>
 #include "auparse.h"
 
 /*
@@ -442,31 +444,52 @@ AuParser_init(AuParser *self, PyObject *args, PyObject *kwds)
     } break;
     case AUSOURCE_DESCRIPTOR: {
         long fd;
+        int dup_fd;
+
         fd = PyObject_AsFileDescriptor(source);
         if (fd < 0) {
             PyErr_SetString(PyExc_ValueError, "source must be resolvable to a file descriptor when source_type is AUSOURCE_DESCRIPTOR");
             return -1;
         }
-        if ((self->au = auparse_init(source_type, (const void *)fd)) == NULL) {
+        dup_fd = dup(fd);
+        if (dup_fd < 0) {
+            PyErr_SetFromErrno(PyExc_EnvironmentError);
+            return -1;
+        }
+        if ((self->au = auparse_init(source_type,
+				     (const void *)(intptr_t)dup_fd)) == NULL) {
+            close(dup_fd);
             PyErr_SetFromErrno(PyExc_EnvironmentError);
             return -1;
         }
     } break;
     case AUSOURCE_FILE_POINTER: {
         FILE* fp;
+        int fd;
+        int dup_fd;
 
         if (!PyFile_Check(source)) {
             PyErr_SetString(PyExc_ValueError, "source must be a file object when source_type is AUSOURCE_FILE_POINTER");
             return -1;
         }
-	if ((fp = PYFILE_ASFILE(source)) == NULL) {
+        fd = PyObject_AsFileDescriptor(source);
+        if (fd < 0) {
             PyErr_SetString(PyExc_TypeError, "source must be open file when source_type is AUSOURCE_FILE_POINTER");
             return -1;
-	}
+        }
+        dup_fd = dup(fd);
+        if (dup_fd < 0) {
+            PyErr_SetFromErrno(PyExc_EnvironmentError);
+            return -1;
+        }
+        fp = fdopen(dup_fd, "r");
+        if (fp == NULL) {
+            close(dup_fd);
+            PyErr_SetFromErrno(PyExc_EnvironmentError);
+            return -1;
+        }
 	const char *filename = NULL;
 #if PY_MAJOR_VERSION < 3
-        int fd = fileno(fp);
-        fp = fdopen(fd, "r");
         /* PyFile_Name is available in Python 2 */
         filename = PYSTR_ASSTRING(PyFile_Name(source));
 #else
@@ -481,6 +504,7 @@ AuParser_init(AuParser *self, PyObject *args, PyObject *kwds)
                 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
             else
                 PyErr_SetFromErrno(PyExc_IOError);
+            fclose(fp);
             return -1;
         }
     } break;
@@ -2535,4 +2559,3 @@ PyInit_auparse(void)
 
     return m;
 }
-
