diff options
| author | Lennart Poettering <lennart@poettering.net> | 2010-08-11 01:43:23 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2010-08-11 01:44:38 +0200 |
| commit | 4927fcae48de061393b3ce9c12d49f80d73fbf1d (patch) | |
| tree | 4034f6843ab1ed8ca8e3d9acf87897a9fd592c5e /src/manager.c | |
| parent | b95cf3629e8d78a0d28e71b0f5559fa9a8c038b5 (diff) | |
audit,utmp: implement audit logic and rip utmp stuff out of the main daemon and into a helper binary
Diffstat (limited to 'src/manager.c')
| -rw-r--r-- | src/manager.c | 82 |
1 files changed, 23 insertions, 59 deletions
diff --git a/src/manager.c b/src/manager.c index ddb253ae4e..25eb4e70be 100644 --- a/src/manager.c +++ b/src/manager.c @@ -37,6 +37,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <dirent.h> +#include <libaudit.h> #include "manager.h" #include "hashmap.h" @@ -202,6 +203,10 @@ int manager_new(ManagerRunningAs running_as, Manager **_m) { m->exit_code = _MANAGER_EXIT_CODE_INVALID; m->pin_cgroupfs_fd = -1; +#ifdef HAVE_AUDIT + m->audit_fd = -1; +#endif + m->signal_watch.fd = m->mount_watch.fd = m->udev_watch.fd = m->epoll_fd = m->dev_autofs_fd = -1; m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */ @@ -245,6 +250,9 @@ int manager_new(ManagerRunningAs running_as, Manager **_m) { if ((r = bus_init(m)) < 0) goto fail; + if ((m->audit_fd = audit_open()) < 0) + log_error("Failed to connect to audit log: %m"); + *_m = m; return 0; @@ -429,6 +437,11 @@ void manager_free(Manager *m) { if (m->notify_watch.fd >= 0) close_nointr_nofail(m->notify_watch.fd); +#ifdef HAVE_AUDIT + if (m->audit_fd >= 0) + audit_close(m->audit_fd); +#endif + free(m->notify_socket); lookup_paths_free(&m->lookup_paths); @@ -567,10 +580,6 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { m->n_deserializing --; } - /* Now that the initial devices are available, let's see if we - * can write the utmp file */ - manager_write_utmp_reboot(m); - return r; } @@ -2234,70 +2243,25 @@ int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j) { return 0; } -static bool manager_utmp_good(Manager *m) { - int r; - - assert(m); - - if ((r = mount_path_is_mounted(m, _PATH_UTMPX)) <= 0) { - - if (r < 0) - log_warning("Failed to determine whether " _PATH_UTMPX " is mounted: %s", strerror(-r)); - - return false; - } - - return true; -} - -void manager_write_utmp_reboot(Manager *m) { - int r; - - assert(m); - - if (m->utmp_reboot_written) - return; +void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) { - if (m->running_as != MANAGER_SYSTEM) - return; +#ifdef HAVE_AUDIT + char *p; - if (!manager_utmp_good(m)) + if (m->audit_fd < 0) return; - if ((r = utmp_put_reboot(m->startup_timestamp.realtime)) < 0) { - - if (r != -ENOENT && r != -EROFS) - log_warning("Failed to write utmp/wtmp: %s", strerror(-r)); - + if (!(p = unit_name_to_prefix_and_instance(u->meta.id))) { + log_error("Failed to allocate unit name for audit message: %s", strerror(ENOMEM)); return; } - m->utmp_reboot_written = true; -} - -void manager_write_utmp_runlevel(Manager *m, Unit *u) { - int runlevel, r; - - assert(m); - assert(u); - - if (u->meta.type != UNIT_TARGET) - return; + if (audit_log_user_comm_message(m->audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) + log_error("Failed to send audit message: %m"); - if (m->running_as != MANAGER_SYSTEM) - return; - - if (!manager_utmp_good(m)) - return; + free(p); +#endif - if ((runlevel = target_get_runlevel(TARGET(u))) <= 0) - return; - - if ((r = utmp_put_runlevel(0, runlevel, 0)) < 0) { - - if (r != -ENOENT && r != -EROFS) - log_warning("Failed to write utmp/wtmp: %s", strerror(-r)); - } } void manager_dispatch_bus_name_owner_changed( |