]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ | |
2 | /*** | |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2010 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
21 | #include <errno.h> | |
22 | #include <linux/netlink.h> | |
23 | #include <stdio.h> | |
24 | #include <sys/socket.h> | |
25 | ||
26 | #include "alloc-util.h" | |
27 | #include "audit-util.h" | |
28 | #include "fd-util.h" | |
29 | #include "fileio.h" | |
30 | #include "macro.h" | |
31 | #include "parse-util.h" | |
32 | #include "process-util.h" | |
33 | #include "user-util.h" | |
34 | ||
35 | int audit_session_from_pid(pid_t pid, uint32_t *id) { | |
36 | _cleanup_free_ char *s = NULL; | |
37 | const char *p; | |
38 | uint32_t u; | |
39 | int r; | |
40 | ||
41 | assert(id); | |
42 | ||
43 | /* We don't convert ENOENT to ESRCH here, since we can't | |
44 | * really distuingish between "audit is not available in the | |
45 | * kernel" and "the process does not exist", both which will | |
46 | * result in ENOENT. */ | |
47 | ||
48 | p = procfs_file_alloca(pid, "sessionid"); | |
49 | ||
50 | r = read_one_line_file(p, &s); | |
51 | if (r < 0) | |
52 | return r; | |
53 | ||
54 | r = safe_atou32(s, &u); | |
55 | if (r < 0) | |
56 | return r; | |
57 | ||
58 | if (!audit_session_is_valid(u)) | |
59 | return -ENODATA; | |
60 | ||
61 | *id = u; | |
62 | return 0; | |
63 | } | |
64 | ||
65 | int audit_loginuid_from_pid(pid_t pid, uid_t *uid) { | |
66 | _cleanup_free_ char *s = NULL; | |
67 | const char *p; | |
68 | uid_t u; | |
69 | int r; | |
70 | ||
71 | assert(uid); | |
72 | ||
73 | p = procfs_file_alloca(pid, "loginuid"); | |
74 | ||
75 | r = read_one_line_file(p, &s); | |
76 | if (r < 0) | |
77 | return r; | |
78 | ||
79 | r = parse_uid(s, &u); | |
80 | if (r == -ENXIO) /* the UID was -1 */ | |
81 | return -ENODATA; | |
82 | if (r < 0) | |
83 | return r; | |
84 | ||
85 | *uid = u; | |
86 | return 0; | |
87 | } | |
88 | ||
89 | bool use_audit(void) { | |
90 | static int cached_use = -1; | |
91 | ||
92 | if (cached_use < 0) { | |
93 | int fd; | |
94 | ||
95 | fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT); | |
96 | if (fd < 0) { | |
97 | cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM); | |
98 | if (errno == EPERM) | |
99 | log_debug_errno(errno, "Audit access prohibited, won't talk to audit"); | |
100 | } | |
101 | else { | |
102 | cached_use = true; | |
103 | safe_close(fd); | |
104 | } | |
105 | } | |
106 | ||
107 | return cached_use; | |
108 | } |