src/basic/audit-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   This file is part of systemd.
   4
   5   Copyright 2010 Lennart Poettering
   6
   7   systemd is free software; you can redistribute it and/or modify it
   8   under the terms of the GNU Lesser General Public License as published by
   9   the Free Software Foundation; either version 2.1 of the License, or
  10   (at your option) any later version.
  11
  12   systemd is distributed in the hope that it will be useful, but
  13   WITHOUT ANY WARRANTY; without even the implied warranty of
  14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15   Lesser General Public License for more details.
  16
  17   You should have received a copy of the GNU Lesser General Public License
  18   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  19 ***/
  20
  21 #include <errno.h>
  22 #include <linux/netlink.h>
  23 #include <stdio.h>
  24 #include <sys/socket.h>
  25
  26 #include "alloc-util.h"
  27 #include "audit-util.h"
  28 #include "fd-util.h"
  29 #include "fileio.h"
  30 #include "macro.h"
  31 #include "parse-util.h"
  32 #include "process-util.h"
  33 #include "user-util.h"
  34
  35 int audit_session_from_pid(pid_t pid, uint32_t *id) {
  36         _cleanup_free_ char *s = NULL;
  37         const char *p;
  38         uint32_t u;
  39         int r;
  40
  41         assert(id);
  42
  43         /* We don't convert ENOENT to ESRCH here, since we can't
  44          * really distuingish between "audit is not available in the
  45          * kernel" and "the process does not exist", both which will
  46          * result in ENOENT. */
  47
  48         p = procfs_file_alloca(pid, "sessionid");
  49
  50         r = read_one_line_file(p, &s);
  51         if (r < 0)
  52                 return r;
  53
  54         r = safe_atou32(s, &u);
  55         if (r < 0)
  56                 return r;
  57
  58         if (!audit_session_is_valid(u))
  59                 return -ENODATA;
  60
  61         *id = u;
  62         return 0;
  63 }
  64
  65 int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
  66         _cleanup_free_ char *s = NULL;
  67         const char *p;
  68         uid_t u;
  69         int r;
  70
  71         assert(uid);
  72
  73         p = procfs_file_alloca(pid, "loginuid");
  74
  75         r = read_one_line_file(p, &s);
  76         if (r < 0)
  77                 return r;
  78
  79         r = parse_uid(s, &u);
  80         if (r == -ENXIO) /* the UID was -1 */
  81                 return -ENODATA;
  82         if (r < 0)
  83                 return r;
  84
  85         *uid = u;
  86         return 0;
  87 }
  88
  89 bool use_audit(void) {
  90         static int cached_use = -1;
  91
  92         if (cached_use < 0) {
  93                 int fd;
  94
  95                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
  96                 if (fd < 0) {
  97                         cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
  98                         if (errno == EPERM)
  99                                 log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
 100                 }
 101                 else {
 102                         cached_use = true;
 103                         safe_close(fd);
 104                 }
 105         }
 106
 107         return cached_use;
 108 }