src/basic/audit-util.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2010 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <errno.h>
  21 #include <linux/netlink.h>
  22 #include <stdio.h>
  23 #include <sys/socket.h>
  24
  25 #include "alloc-util.h"
  26 #include "audit-util.h"
  27 #include "fd-util.h"
  28 #include "fileio.h"
  29 #include "macro.h"
  30 #include "parse-util.h"
  31 #include "process-util.h"
  32 #include "user-util.h"
  33
  34 int audit_session_from_pid(pid_t pid, uint32_t *id) {
  35         _cleanup_free_ char *s = NULL;
  36         const char *p;
  37         uint32_t u;
  38         int r;
  39
  40         assert(id);
  41
  42         /* We don't convert ENOENT to ESRCH here, since we can't
  43          * really distuingish between "audit is not available in the
  44          * kernel" and "the process does not exist", both which will
  45          * result in ENOENT. */
  46
  47         p = procfs_file_alloca(pid, "sessionid");
  48
  49         r = read_one_line_file(p, &s);
  50         if (r < 0)
  51                 return r;
  52
  53         r = safe_atou32(s, &u);
  54         if (r < 0)
  55                 return r;
  56
  57         if (!audit_session_is_valid(u))
  58                 return -ENODATA;
  59
  60         *id = u;
  61         return 0;
  62 }
  63
  64 int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
  65         _cleanup_free_ char *s = NULL;
  66         const char *p;
  67         uid_t u;
  68         int r;
  69
  70         assert(uid);
  71
  72         p = procfs_file_alloca(pid, "loginuid");
  73
  74         r = read_one_line_file(p, &s);
  75         if (r < 0)
  76                 return r;
  77
  78         r = parse_uid(s, &u);
  79         if (r == -ENXIO) /* the UID was -1 */
  80                 return -ENODATA;
  81         if (r < 0)
  82                 return r;
  83
  84         *uid = u;
  85         return 0;
  86 }
  87
  88 bool use_audit(void) {
  89         static int cached_use = -1;
  90
  91         if (cached_use < 0) {
  92                 int fd;
  93
  94                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
  95                 if (fd < 0) {
  96                         cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
  97                         if (errno == EPERM)
  98                                 log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
  99                 }
 100                 else {
 101                         cached_use = true;
 102                         safe_close(fd);
 103                 }
 104         }
 105
 106         return cached_use;
 107 }