Commit c93407fa authored by David Zeuthen's avatar David Zeuthen

Bug 25594 – System logging

For now we log the following events

1. Daemon startup -> /var/log/messages
--------------------------------------

Dec 11 15:12:56 localhost polkitd[3035]: started daemon version 0.95 using authority implementation `local' version `0.95'

2. Authentication agent -> /var/log/secure
------------------------------------------

Dec 11 15:14:00 localhost polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.903 [./polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Dec 11 15:16:18 localhost polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.903, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

3. Authorization checks
-----------------------

Dec 11 15:17:57 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.905 [pkexec /usr/bin/pk-example-frobnicate])

Dec 11 15:18:10 localhost polkitd(authority=local): ALLOWING action org.freedesktop.udisks.filesystem-mount-system-internal for system-bus-name::1.902 [palimpsest] owned by unix-user:davidz (check requested by system-bus-name::1.380 [/usr/libexec/udisks-daemon])

4. Authorizations through authentication (both success and
   failures) -> /var/log/secure
----------------------------------------------------------

Dec 11 15:19:01 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:davidz to gain TEMPORARY authorization for action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
Dec 11 15:19:01 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.906 [pkexec /usr/bin/pk-example-frobnicate])

Dec 11 15:19:10 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:davidz to gain ONE-SHOT authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
Dec 11 15:19:10 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.908 [pkexec bash])

Dec 11 15:19:10 localhost pkexec: pam_unix(polkit-1:session): session opened for user root by davidz(uid=500)
Dec 11 15:19:22 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
Dec 11 15:19:22 localhost polkitd(authority=local): DENYING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.910 [pkexec bash])

Dec 11 15:20:06 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:bateman to gain ONE-SHOT authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
Dec 11 15:20:06 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.913 [pkexec bash])
Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
parent 8b6bd9c6
......@@ -23,6 +23,8 @@
#include <errno.h>
#include <pwd.h>
#include <string.h>
#include <syslog.h>
#include <stdarg.h>
#include <polkit/polkit.h>
#include <polkit/polkitprivate.h>
......@@ -1510,6 +1512,7 @@ polkit_backend_authority_get (void)
GList *authority_implementations;
GType authority_type;
PolkitBackendAuthority *authority;
gchar *s;
/* define extension points */
if (ep == NULL)
......@@ -1545,5 +1548,39 @@ polkit_backend_authority_get (void)
g_list_foreach (modules, (GFunc) g_type_module_unuse, NULL);
g_list_free (modules);
/* First announce that we've started in the generic log */
openlog ("polkitd",
LOG_PID,
LOG_DAEMON); /* system daemons without separate facility value */
syslog (LOG_INFO,
"started daemon version %s using authority implementation `%s' version `%s'",
VERSION,
polkit_backend_authority_get_name (authority),
polkit_backend_authority_get_version (authority));
closelog ();
/* and then log to the secure log */
s = g_strdup_printf ("polkitd(authority=%s)", polkit_backend_authority_get_name (authority));
openlog (s,
0,
LOG_AUTHPRIV); /* security/authorization messages (private) */
/* Ugh, can't free the string - gah, thanks openlog(3) */
/*g_free (s);*/
return authority;
}
void
polkit_backend_authority_log (PolkitBackendAuthority *authority,
const gchar *format,
...)
{
va_list var_args;
g_return_if_fail (POLKIT_BACKEND_IS_AUTHORITY (authority));
va_start (var_args, format);
vsyslog (LOG_NOTICE, format, var_args);
va_end (var_args);
}
......@@ -243,6 +243,10 @@ const gchar *polkit_backend_authority_get_name (PolkitBackendAut
const gchar *polkit_backend_authority_get_version (PolkitBackendAuthority *authority);
PolkitAuthorityFeatures polkit_backend_authority_get_features (PolkitBackendAuthority *authority);
void polkit_backend_authority_log (PolkitBackendAuthority *authority,
const gchar *format,
...);
void polkit_backend_authority_system_bus_name_owner_changed (PolkitBackendAuthority *authority,
const gchar *name,
const gchar *old_owner,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment