2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2012-04-10 13:39:02 +02:00
|
|
|
/***
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
***/
|
|
|
|
|
|
|
|
#include <errno.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <linux/netlink.h>
|
2012-04-10 13:39:02 +02:00
|
|
|
#include <stdio.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <sys/socket.h>
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2013-02-14 12:26:13 +01:00
|
|
|
#include "fileio.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "macro.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "process-util.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "user-util.h"
|
2012-04-10 13:39:02 +02:00
|
|
|
|
|
|
|
int audit_session_from_pid(pid_t pid, uint32_t *id) {
|
2013-11-28 17:50:02 +01:00
|
|
|
_cleanup_free_ char *s = NULL;
|
|
|
|
const char *p;
|
2012-04-10 13:39:02 +02:00
|
|
|
uint32_t u;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(id);
|
|
|
|
|
2015-09-03 18:24:57 +02:00
|
|
|
/* We don't convert ENOENT to ESRCH here, since we can't
|
|
|
|
* really distuingish between "audit is not available in the
|
|
|
|
* kernel" and "the process does not exist", both which will
|
|
|
|
* result in ENOENT. */
|
|
|
|
|
2014-01-04 02:35:23 +01:00
|
|
|
p = procfs_file_alloca(pid, "sessionid");
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2013-11-28 17:50:02 +01:00
|
|
|
r = read_one_line_file(p, &s);
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = safe_atou32(s, &u);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-07-14 18:42:17 +02:00
|
|
|
if (!audit_session_is_valid(u))
|
2015-09-03 18:24:57 +02:00
|
|
|
return -ENODATA;
|
2012-04-10 13:39:02 +02:00
|
|
|
|
|
|
|
*id = u;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
|
2013-11-28 17:50:02 +01:00
|
|
|
_cleanup_free_ char *s = NULL;
|
|
|
|
const char *p;
|
2012-04-10 13:39:02 +02:00
|
|
|
uid_t u;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(uid);
|
|
|
|
|
2014-01-04 02:35:23 +01:00
|
|
|
p = procfs_file_alloca(pid, "loginuid");
|
2012-04-10 13:39:02 +02:00
|
|
|
|
2013-11-28 17:50:02 +01:00
|
|
|
r = read_one_line_file(p, &s);
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = parse_uid(s, &u);
|
2015-09-03 18:24:57 +02:00
|
|
|
if (r == -ENXIO) /* the UID was -1 */
|
|
|
|
return -ENODATA;
|
2012-04-10 13:39:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-07-14 18:42:17 +02:00
|
|
|
*uid = u;
|
2012-04-10 13:39:02 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2014-11-03 21:09:38 +01:00
|
|
|
|
|
|
|
bool use_audit(void) {
|
|
|
|
static int cached_use = -1;
|
|
|
|
|
|
|
|
if (cached_use < 0) {
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
|
2016-09-28 18:26:25 +02:00
|
|
|
if (fd < 0) {
|
|
|
|
cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
|
|
|
|
if (errno == EPERM)
|
|
|
|
log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
|
|
|
|
}
|
2014-11-03 21:09:38 +01:00
|
|
|
else {
|
|
|
|
cached_use = true;
|
|
|
|
safe_close(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return cached_use;
|
|
|
|
}
|