[thirdparty/systemd.git] / src / core / audit-fd.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  This file is part of systemd.

  Copyright 2012 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/


#include <errno.h>

#include "audit-fd.h"

#if HAVE_AUDIT

#include <libaudit.h>
#include <stdbool.h>

#include "capability-util.h"
#include "fd-util.h"
#include "log.h"
#include "util.h"

static bool initialized = false;
static int audit_fd;

int get_audit_fd(void) {

        if (!initialized) {
                if (have_effective_cap(CAP_AUDIT_WRITE) == 0) {
                        audit_fd = -EPERM;
                        initialized = true;

                        return audit_fd;
                }

                audit_fd = audit_open();

                if (audit_fd < 0) {
                        if (!IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT))
                                log_error_errno(errno, "Failed to connect to audit log: %m");

                        audit_fd = errno ? -errno : -EINVAL;
                }

                initialized = true;
        }

        return audit_fd;
}

void close_audit_fd(void) {

        if (initialized && audit_fd >= 0)
                safe_close(audit_fd);

        initialized = true;
        audit_fd = -ECONNRESET;
}

#else

int get_audit_fd(void) {
        return -EAFNOSUPPORT;
}

void close_audit_fd(void) {
}

#endif
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
c1165f82 LP	2	/***
	3	This file is part of systemd.
	4
	5	Copyright 2012 Lennart Poettering
	6
	7	systemd is free software; you can redistribute it and/or modify it
	8	under the terms of the GNU Lesser General Public License as published by
	9	the Free Software Foundation; either version 2.1 of the License, or
	10	(at your option) any later version.
	11
	12	systemd is distributed in the hope that it will be useful, but
	13	WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	Lesser General Public License for more details.
	16
	17	You should have received a copy of the GNU Lesser General Public License
	18	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	19	***/
	20
c1165f82	21
ffc227c9	22	#include <errno.h>
cf0fbc49	23
c1165f82	24	#include "audit-fd.h"
c1165f82	25
349cc4a5	26	#if HAVE_AUDIT
c1165f82 LP	27
c1165f82 LP	28	#include <libaudit.h>
cf0fbc49	29	#include <stdbool.h>
c1165f82	30
b3fb3c01	31	#include "capability-util.h"
cf0fbc49	32	#include "fd-util.h"
ffc227c9 LP	33	#include "log.h"
	34	#include "util.h"
	35
c1165f82 LP	36	static bool initialized = false;
	37	static int audit_fd;
	38
	39	int get_audit_fd(void) {
	40
	41	if (!initialized) {
b3fb3c01 GT	42	if (have_effective_cap(CAP_AUDIT_WRITE) == 0) {
	43	audit_fd = -EPERM;
	44	initialized = true;
	45
	46	return audit_fd;
	47	}
	48
c1165f82 LP	49	audit_fd = audit_open();
	50
	51	if (audit_fd < 0) {
ec2ce0c5	52	if (!IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT))
56f64d95	53	log_error_errno(errno, "Failed to connect to audit log: %m");
c1165f82 LP	54
	55	audit_fd = errno ? -errno : -EINVAL;
	56	}
	57
	58	initialized = true;
	59	}
	60
	61	return audit_fd;
	62	}
	63
	64	void close_audit_fd(void) {
	65
	66	if (initialized && audit_fd >= 0)
03e334a1	67	safe_close(audit_fd);
c1165f82 LP	68
	69	initialized = true;
	70	audit_fd = -ECONNRESET;
	71	}
	72
	73	#else
	74
	75	int get_audit_fd(void) {
	76	return -EAFNOSUPPORT;
	77	}
	78
	79	void close_audit_fd(void) {
	80	}
	81
	82	#endif