src/basic/audit-util.c - systemd-stable - Rivoreo Source Code Repositories

 /***
   This file is part of systemd.

   Copyright 2010 Lennart Poettering

   systemd is free software; you can redistribute it and/or modify it
   under the terms of the GNU Lesser General Public License as published by
   the Free Software Foundation; either version 2.1 of the License, or
   (at your option) any later version.

   systemd is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public License
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/

 #include <errno.h>
 #include <linux/netlink.h>
 #include <stdio.h>
 #include <sys/socket.h>

 #include "alloc-util.h"
 #include "audit-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "process-util.h"
 #include "user-util.h"

 int audit_session_from_pid(pid_t pid, uint32_t *id) {
         _cleanup_free_ char *s = NULL;
         const char *p;
         uint32_t u;
         int r;

         assert(id);

         /* We don't convert ENOENT to ESRCH here, since we can't
          * really distuingish between "audit is not available in the
          * kernel" and "the process does not exist", both which will
          * result in ENOENT. */

         p = procfs_file_alloca(pid, "sessionid");

         r = read_one_line_file(p, &s);
         if (r < 0)
                 return r;

         r = safe_atou32(s, &u);
         if (r < 0)
                 return r;

         if (u == AUDIT_SESSION_INVALID || u <= 0)
                 return -ENODATA;

         *id = u;
         return 0;
 }

 int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
         _cleanup_free_ char *s = NULL;
         const char *p;
         uid_t u;
         int r;

         assert(uid);

         p = procfs_file_alloca(pid, "loginuid");

         r = read_one_line_file(p, &s);
         if (r < 0)
                 return r;

         r = parse_uid(s, &u);
         if (r == -ENXIO) /* the UID was -1 */
                 return -ENODATA;
         if (r < 0)
                 return r;

         *uid = (uid_t) u;
         return 0;
 }

 bool use_audit(void) {
         static int cached_use = -1;

         if (cached_use < 0) {
                 int fd;

                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
                 if (fd < 0) {
                         cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
                         if (errno == EPERM)
                                 log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
                 }
                 else {
                         cached_use = true;
                         safe_close(fd);
                 }
         }

         return cached_use;
 }
	/***
	This file is part of systemd.

	Copyright 2010 Lennart Poettering

	systemd is free software; you can redistribute it and/or modify it
	under the terms of the GNU Lesser General Public License as published by
	the Free Software Foundation; either version 2.1 of the License, or
	(at your option) any later version.

	systemd is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	Lesser General Public License for more details.

	You should have received a copy of the GNU Lesser General Public License
	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	***/

	#include <errno.h>
	#include <linux/netlink.h>
	#include <stdio.h>
	#include <sys/socket.h>

	#include "alloc-util.h"
	#include "audit-util.h"
	#include "fd-util.h"
	#include "fileio.h"
	#include "macro.h"
	#include "parse-util.h"
	#include "process-util.h"
	#include "user-util.h"

	int audit_session_from_pid(pid_t pid, uint32_t *id) {
	_cleanup_free_ char *s = NULL;
	const char *p;
	uint32_t u;
	int r;

	assert(id);

	/* We don't convert ENOENT to ESRCH here, since we can't
	* really distuingish between "audit is not available in the
	* kernel" and "the process does not exist", both which will
	* result in ENOENT. */

	p = procfs_file_alloca(pid, "sessionid");

	r = read_one_line_file(p, &s);
	if (r < 0)
	return r;

	r = safe_atou32(s, &u);
	if (r < 0)
	return r;

	if (u == AUDIT_SESSION_INVALID \|\| u <= 0)
	return -ENODATA;

	*id = u;
	return 0;
	}

	int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
	_cleanup_free_ char *s = NULL;
	const char *p;
	uid_t u;
	int r;

	assert(uid);

	p = procfs_file_alloca(pid, "loginuid");

	r = read_one_line_file(p, &s);
	if (r < 0)
	return r;

	r = parse_uid(s, &u);
	if (r == -ENXIO) /* the UID was -1 */
	return -ENODATA;
	if (r < 0)
	return r;

	*uid = (uid_t) u;
	return 0;
	}

	bool use_audit(void) {
	static int cached_use = -1;

	if (cached_use < 0) {
	int fd;

	fd = socket(AF_NETLINK, SOCK_RAW\|SOCK_CLOEXEC\|SOCK_NONBLOCK, NETLINK_AUDIT);
	if (fd < 0) {
	cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
	if (errno == EPERM)
	log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
	}
	else {
	cached_use = true;
	safe_close(fd);
	}
	}

	return cached_use;
	}