projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
| d7832d2c KS |
2 | /*** |
| 3 | This file is part of systemd. | |
| 4 | ||
| 5 | Copyright 2010 Lennart Poettering | |
| 6 | ||
| 7 | systemd is free software; you can redistribute it and/or modify it | |
| 5430f7f2 LP |
8 | under the terms of the GNU Lesser General Public License as published by |
| 9 | the Free Software Foundation; either version 2.1 of the License, or | |
| d7832d2c KS |
10 | (at your option) any later version. |
| 11 | ||
| 12 | systemd is distributed in the hope that it will be useful, but | |
| 13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 5430f7f2 | 15 | Lesser General Public License for more details. |
| d7832d2c | 16 | |
| 5430f7f2 | 17 | You should have received a copy of the GNU Lesser General Public License |
| d7832d2c KS |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| 19 | ***/ | |
| 20 | ||
| d7832d2c | 21 | #include <errno.h> |
| 11c3a366 | 22 | #include <linux/netlink.h> |
| d7832d2c | 23 | #include <stdio.h> |
| 11c3a366 | 24 | #include <sys/socket.h> |
| d7832d2c | 25 | |
| b5efdb8a | 26 | #include "alloc-util.h" |
| 430f0182 | 27 | #include "audit-util.h" |
| 3ffd4af2 | 28 | #include "fd-util.h" |
| a5c32cff | 29 | #include "fileio.h" |
| 3ffd4af2 | 30 | #include "macro.h" |
| 6bedfcbb | 31 | #include "parse-util.h" |
| 3ffd4af2 | 32 | #include "process-util.h" |
| b1d4f8e1 | 33 | #include "user-util.h" |
| d7832d2c KS |
34 | |
| 35 | int audit_session_from_pid(pid_t pid, uint32_t *id) { | |
| 5b12334d LP |
36 | _cleanup_free_ char *s = NULL; |
| 37 | const char *p; | |
| d7832d2c KS |
38 | uint32_t u; |
| 39 | int r; | |
| 40 | ||
| 41 | assert(id); | |
| 42 | ||
| d7e46e01 LP |
43 | /* We don't convert ENOENT to ESRCH here, since we can't |
| 44 | * really distuingish between "audit is not available in the | |
| 45 | * kernel" and "the process does not exist", both which will | |
| 46 | * result in ENOENT. */ | |
| 47 | ||
| b68fa010 | 48 | p = procfs_file_alloca(pid, "sessionid"); |
| d7832d2c | 49 | |
| 5b12334d | 50 | r = read_one_line_file(p, &s); |
| d7832d2c KS |
51 | if (r < 0) |
| 52 | return r; | |
| 53 | ||
| 54 | r = safe_atou32(s, &u); | |
| d7832d2c KS |
55 | if (r < 0) |
| 56 | return r; | |
| 57 | ||
| 3a87a86e | 58 | if (!audit_session_is_valid(u)) |
| d7e46e01 | 59 | return -ENODATA; |
| d7832d2c KS |
60 | |
| 61 | *id = u; | |
| 62 | return 0; | |
| 63 | } | |
| 64 | ||
| 65 | int audit_loginuid_from_pid(pid_t pid, uid_t *uid) { | |
| 5b12334d LP |
66 | _cleanup_free_ char *s = NULL; |
| 67 | const char *p; | |
| d7832d2c KS |
68 | uid_t u; |
| 69 | int r; | |
| 70 | ||
| 71 | assert(uid); | |
| 72 | ||
| b68fa010 | 73 | p = procfs_file_alloca(pid, "loginuid"); |
| d7832d2c | 74 | |
| 5b12334d | 75 | r = read_one_line_file(p, &s); |
| d7832d2c KS |
76 | if (r < 0) |
| 77 | return r; | |
| 78 | ||
| 79 | r = parse_uid(s, &u); | |
| d7e46e01 LP |
80 | if (r == -ENXIO) /* the UID was -1 */ |
| 81 | return -ENODATA; | |
| d7832d2c KS |
82 | if (r < 0) |
| 83 | return r; | |
| 84 | ||
| 3a87a86e | 85 | *uid = u; |
| d7832d2c KS |
86 | return 0; |
| 87 | } | |
| cfb1f5df LP |
88 | |
| 89 | bool use_audit(void) { | |
| 90 | static int cached_use = -1; | |
| 91 | ||
| 92 | if (cached_use < 0) { | |
| 93 | int fd; | |
| 94 | ||
| 95 | fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT); | |
| f006b30b GS |
96 | if (fd < 0) { |
| 97 | cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM); | |
| 98 | if (errno == EPERM) | |
| 99 | log_debug_errno(errno, "Audit access prohibited, won't talk to audit"); | |
| 100 | } | |
| cfb1f5df LP |
101 | else { |
| 102 | cached_use = true; | |
| 103 | safe_close(fd); | |
| 104 | } | |
| 105 | } | |
| 106 | ||
| 107 | return cached_use; | |
| 108 | } |