morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
bde994efcc45d4e612a15fbd61de42b3149dea20
systemd/src/basic/audit-util.h
Zbigniew Jędrzejewski-Szmek 9c6afab6b6 sysusers: emit audit events for user and group creation 
Background: Fedora/RHEL are switching to sysusers.d metadata for creation of
users and groups for system users defined by packages
(https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers).
Packages carry sysusers files. During package installation, rpm calls an
program to execute on this config. This program may either be
/usr/lib/rpm/sysusers.sh which calls useradd/groupadd, or
/usr/bin/systemd-sysusers. To match the functionality provided by
useradd/groupadd from the shadow-utils project, systemd-sysusers must emit
audit events so that it provides a drop-in replacement.

systemd-sysuers will emit audit events AUDIT_ADD_USER/AUDIT_ADD_GROUP when
adding users and groups. The operation "names" are copied from shadow-utils in
Fedora (which has a patch to change them from the upstream version), so the
format of the events that is generated on success should be identical.

The helper code is shared between sysusers and utmp-wtmp. I changed the
audit_fd variable to be unconditional. This way we can avoid ugly iffdefery
every time the variable would be used. The cost is that 4 bytes of unused
storage might be present. This is negligible, and the compiler might even be
able to optimize that away if it inlines things.
2025-01-15 10:35:28 +01:00

53 lines
1.4 KiB
C
Raw Blame History

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#if HAVE_AUDIT
# include <libaudit.h>
#endif
#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
#include "errno-util.h"
#include "log.h"
#include "pidref.h"
#define AUDIT_SESSION_INVALID UINT32_MAX
int audit_session_from_pid(const PidRef *pid, uint32_t *ret_id);
int audit_loginuid_from_pid(const PidRef *pid, uid_t *ret_uid);
bool use_audit(void);
static inline bool audit_session_is_valid(uint32_t id) {
return id > 0 && id != AUDIT_SESSION_INVALID;
}
/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious
* linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very
* short functions. */
static inline int close_audit_fd(int fd) {
#if HAVE_AUDIT
if (fd >= 0)
audit_close(fd);
#else
assert(fd < 0);
#endif
return -EBADF;
}
static inline int open_audit_fd_or_warn(void) {
int fd = -EBADF;
#if HAVE_AUDIT
/* If the kernel lacks netlink or audit support, don't worry about it. */
fd = audit_open();
if (fd < 0)
return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
errno, "Failed to connect to audit log, ignoring: %m");
#endif
return fd;
}
Reference in New Issue View Git Blame Copy Permalink