2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2012-04-10 13:39:02 +02:00
|
|
|
|
|
|
|
#include <errno.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <linux/netlink.h>
|
2012-04-10 13:39:02 +02:00
|
|
|
#include <stdio.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <sys/socket.h>
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2013-02-14 12:26:13 +01:00
|
|
|
#include "fileio.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "macro.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "process-util.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "user-util.h"
|
2012-04-10 13:39:02 +02:00
|
|
|
|
|
|
|
int audit_session_from_pid(pid_t pid, uint32_t *id) {
|
2013-11-28 17:50:02 +01:00
|
|
|
_cleanup_free_ char *s = NULL;
|
|
|
|
const char *p;
|
2012-04-10 13:39:02 +02:00
|
|
|
uint32_t u;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(id);
|
|
|
|
|
2015-09-03 18:24:57 +02:00
|
|
|
/* We don't convert ENOENT to ESRCH here, since we can't
|
2019-04-27 02:22:40 +02:00
|
|
|
* really distinguish between "audit is not available in the
|
2015-09-03 18:24:57 +02:00
|
|
|
* kernel" and "the process does not exist", both which will
|
|
|
|
* result in ENOENT. */
|
|
|
|
|
2014-01-04 02:35:23 +01:00
|
|
|
p = procfs_file_alloca(pid, "sessionid");
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2013-11-28 17:50:02 +01:00
|
|
|
r = read_one_line_file(p, &s);
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = safe_atou32(s, &u);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-07-14 18:42:17 +02:00
|
|
|
if (!audit_session_is_valid(u))
|
2015-09-03 18:24:57 +02:00
|
|
|
return -ENODATA;
|
2012-04-10 13:39:02 +02:00
|
|
|
|
|
|
|
*id = u;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
|
2013-11-28 17:50:02 +01:00
|
|
|
_cleanup_free_ char *s = NULL;
|
|
|
|
const char *p;
|
2012-04-10 13:39:02 +02:00
|
|
|
uid_t u;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(uid);
|
|
|
|
|
2014-01-04 02:35:23 +01:00
|
|
|
p = procfs_file_alloca(pid, "loginuid");
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2013-11-28 17:50:02 +01:00
|
|
|
r = read_one_line_file(p, &s);
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = parse_uid(s, &u);
|
2015-09-03 18:24:57 +02:00
|
|
|
if (r == -ENXIO) /* the UID was -1 */
|
|
|
|
return -ENODATA;
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-07-14 18:42:17 +02:00
|
|
|
*uid = u;
|
2012-04-10 13:39:02 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2014-11-03 21:09:38 +01:00
|
|
|
|
|
|
|
bool use_audit(void) {
|
|
|
|
static int cached_use = -1;
|
|
|
|
|
|
|
|
if (cached_use < 0) {
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
|
2016-09-28 18:26:25 +02:00
|
|
|
if (fd < 0) {
|
|
|
|
cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
|
2018-04-24 13:46:58 +02:00
|
|
|
if (!cached_use)
|
|
|
|
log_debug_errno(errno, "Won't talk to audit: %m");
|
|
|
|
} else {
|
2014-11-03 21:09:38 +01:00
|
|
|
cached_use = true;
|
|
|
|
safe_close(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return cached_use;
|
|
|
|
}
|