Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| /* SPDX-License-Identifier: LGPL-2.1+ */ | |
| /*** | |
| This file is part of systemd. | |
| Copyright 2010 Lennart Poettering | |
| systemd is free software; you can redistribute it and/or modify it | |
| under the terms of the GNU Lesser General Public License as published by | |
| the Free Software Foundation; either version 2.1 of the License, or | |
| (at your option) any later version. | |
| systemd is distributed in the hope that it will be useful, but | |
| WITHOUT ANY WARRANTY; without even the implied warranty of | |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| Lesser General Public License for more details. | |
| You should have received a copy of the GNU Lesser General Public License | |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
| ***/ | |
| #include <errno.h> | |
| #include <linux/netlink.h> | |
| #include <stdio.h> | |
| #include <sys/socket.h> | |
| #include "alloc-util.h" | |
| #include "audit-util.h" | |
| #include "fd-util.h" | |
| #include "fileio.h" | |
| #include "macro.h" | |
| #include "parse-util.h" | |
| #include "process-util.h" | |
| #include "user-util.h" | |
| int audit_session_from_pid(pid_t pid, uint32_t *id) { | |
| _cleanup_free_ char *s = NULL; | |
| const char *p; | |
| uint32_t u; | |
| int r; | |
| assert(id); | |
| /* We don't convert ENOENT to ESRCH here, since we can't | |
| * really distuingish between "audit is not available in the | |
| * kernel" and "the process does not exist", both which will | |
| * result in ENOENT. */ | |
| p = procfs_file_alloca(pid, "sessionid"); | |
| r = read_one_line_file(p, &s); | |
| if (r < 0) | |
| return r; | |
| r = safe_atou32(s, &u); | |
| if (r < 0) | |
| return r; | |
| if (!audit_session_is_valid(u)) | |
| return -ENODATA; | |
| *id = u; | |
| return 0; | |
| } | |
| int audit_loginuid_from_pid(pid_t pid, uid_t *uid) { | |
| _cleanup_free_ char *s = NULL; | |
| const char *p; | |
| uid_t u; | |
| int r; | |
| assert(uid); | |
| p = procfs_file_alloca(pid, "loginuid"); | |
| r = read_one_line_file(p, &s); | |
| if (r < 0) | |
| return r; | |
| r = parse_uid(s, &u); | |
| if (r == -ENXIO) /* the UID was -1 */ | |
| return -ENODATA; | |
| if (r < 0) | |
| return r; | |
| *uid = u; | |
| return 0; | |
| } | |
| bool use_audit(void) { | |
| static int cached_use = -1; | |
| if (cached_use < 0) { | |
| int fd; | |
| fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT); | |
| if (fd < 0) { | |
| cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM); | |
| if (errno == EPERM) | |
| log_debug_errno(errno, "Audit access prohibited, won't talk to audit"); | |
| } | |
| else { | |
| cached_use = true; | |
| safe_close(fd); | |
| } | |
| } | |
| return cached_use; | |
| } |