/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
+#if HAVE_AUDIT
+# include <libaudit.h>
+#endif
+
#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
+#include "errno-util.h"
+#include "log.h"
#include "pidref.h"
#define AUDIT_SESSION_INVALID UINT32_MAX
static inline bool audit_session_is_valid(uint32_t id) {
return id > 0 && id != AUDIT_SESSION_INVALID;
}
+
+/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious
+ * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very
+ * short functions. */
+
+static inline int close_audit_fd(int fd) {
+#if HAVE_AUDIT
+ if (fd >= 0)
+ audit_close(fd);
+#else
+ assert(fd < 0);
+#endif
+ return -EBADF;
+}
+
+static inline int open_audit_fd_or_warn(void) {
+ int fd = -EBADF;
+
+#if HAVE_AUDIT
+ /* If the kernel lacks netlink or audit support, don't worry about it. */
+ fd = audit_open();
+ if (fd < 0)
+ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
+ errno, "Failed to connect to audit log, ignoring: %m");
+#endif
+ return fd;
+}
#include <getopt.h>
#include "alloc-util.h"
+#include "audit-util.h"
#include "build.h"
#include "chase.h"
#include "conf-files.h"
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
typedef struct Context {
+ int audit_fd;
+
OrderedHashmap *users, *groups;
OrderedHashmap *todo_uids, *todo_gids;
OrderedHashmap *members;
static void context_done(Context *c) {
assert(c);
+ c->audit_fd = close_audit_fd(c->audit_fd);
+
ordered_hashmap_free(c->groups);
ordered_hashmap_free(c->users);
ordered_hashmap_free(c->members);
c->login_defs_need_warning = false;
}
+static void log_audit_accounts(Context *c, ItemType what) {
+#if HAVE_AUDIT
+ assert(c);
+ assert(IN_SET(what, ADD_USER, ADD_GROUP));
+
+ if (arg_dry_run || c->audit_fd < 0)
+ return;
+
+ Item *i;
+ int type = what == ADD_USER ? AUDIT_ADD_USER : AUDIT_ADD_GROUP;
+ const char *op = what == ADD_USER ? "adding-user" : "adding-group";
+
+ /* Notes:
+ *
+ * The op must not contain whitespace. The format with a dash matches what Fedora shadow-utils uses.
+ *
+ * We send id == -1, even though we know the number, in particular on success. This is because if we
+ * send the id, the generated audit message will not contain the name. The name seems more useful
+ * than the number, hence send just the name:
+ *
+ * type=ADD_USER msg=audit(01/10/2025 16:02:00.639:3854) :
+ * pid=3846380 uid=root auid=zbyszek ses=2 msg='op=adding-user id=unknown(952) exe=systemd-sysusers ... res=success'
+ * vs.
+ * type=ADD_USER msg=audit(01/10/2025 16:03:15.457:3908) :
+ * pid=3846607 uid=root auid=zbyszek ses=2 msg='op=adding-user acct=foo5 exe=systemd-sysusers ... res=success'
+ */
+
+ ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids)
+ audit_log_acct_message(
+ c->audit_fd,
+ type,
+ program_invocation_short_name,
+ op,
+ i->name,
+ /* id= */ (unsigned) -1,
+ /* host= */ NULL,
+ /* addr= */ NULL,
+ /* tty= */ NULL,
+ /* success= */ 1);
+#endif
+}
+
static int load_user_database(Context *c) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
group_tmp, group_path);
group_tmp = mfree(group_tmp);
}
+ /* OK, we have written the group entries successfully */
+ log_audit_accounts(c, ADD_GROUP);
if (gshadow) {
r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path);
if (r < 0)
passwd_tmp = mfree(passwd_tmp);
}
+ /* OK, we have written the user entries successfully */
+ log_audit_accounts(c, ADD_USER);
if (shadow) {
r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path);
if (r < 0)
#endif
_cleanup_close_ int lock = -EBADF;
_cleanup_(context_done) Context c = {
+ .audit_fd = -EBADF,
.search_uid = UID_INVALID,
};
assert(!arg_image);
#endif
+ /* Prepare to emit audit events, but only if we're operating on the host system. */
+ if (!arg_root)
+ c.audit_fd = open_audit_fd_or_warn();
+
/* If command line arguments are specified along with --replace, read all configuration files and
* insert the positional arguments at the specified place. Otherwise, if command line arguments are
* specified, execute just them, and finally, without --replace= or any positional arguments, just
#include <sys/types.h>
#include <unistd.h>
-#if HAVE_AUDIT
-#include <libaudit.h>
-#endif
-
#include "sd-bus.h"
+#include "audit-util.h"
#include "alloc-util.h"
#include "bus-error.h"
#include "bus-locator.h"
typedef struct Context {
sd_bus *bus;
-#if HAVE_AUDIT
int audit_fd;
-#endif
} Context;
static void context_clear(Context *c) {
assert(c);
c->bus = sd_bus_flush_close_unref(c->bus);
-#if HAVE_AUDIT
- if (c->audit_fd >= 0)
- audit_close(c->audit_fd);
- c->audit_fd = -EBADF;
-#endif
+ c->audit_fd = close_audit_fd(c->audit_fd);
}
static int get_startup_monotonic_time(Context *c, usec_t *ret) {
};
_cleanup_(context_clear) Context c = {
-#if HAVE_AUDIT
.audit_fd = -EBADF,
-#endif
};
log_setup();
umask(0022);
-#if HAVE_AUDIT
- /* If the kernel lacks netlink or audit support, don't worry about it. */
- c.audit_fd = audit_open();
- if (c.audit_fd < 0)
- log_full_errno(IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT) ? LOG_DEBUG : LOG_WARNING,
- errno, "Failed to connect to audit log, ignoring: %m");
-#endif
+ c.audit_fd = open_audit_fd_or_warn();
return dispatch_verb(argc, argv, verbs, &c);
}
projects / thirdparty / systemd.git / commitdiff
