]>
Commit | Line | Data |
---|---|---|
d7832d2c KS |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2010 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
9 | under the terms of the GNU Lesser General Public License as published by |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
d7832d2c KS |
11 | (at your option) any later version. |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 16 | Lesser General Public License for more details. |
d7832d2c | 17 | |
5430f7f2 | 18 | You should have received a copy of the GNU Lesser General Public License |
d7832d2c KS |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
20 | ***/ | |
21 | ||
22 | #include <assert.h> | |
23 | #include <string.h> | |
24 | #include <unistd.h> | |
25 | #include <errno.h> | |
26 | #include <stdlib.h> | |
27 | #include <stdio.h> | |
28 | #include <ctype.h> | |
29 | #include <sys/prctl.h> | |
30 | #include <sys/capability.h> | |
31 | ||
32 | #include "macro.h" | |
33 | #include "audit.h" | |
34 | #include "util.h" | |
35 | #include "log.h" | |
a5c32cff | 36 | #include "fileio.h" |
9a3ef988 | 37 | #include "virt.h" |
d7832d2c KS |
38 | |
39 | int audit_session_from_pid(pid_t pid, uint32_t *id) { | |
40 | char *s; | |
41 | uint32_t u; | |
42 | int r; | |
43 | ||
44 | assert(id); | |
45 | ||
46 | if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0) | |
47 | return -ENOENT; | |
48 | ||
9a3ef988 LP |
49 | /* Audit doesn't support containers right now */ |
50 | if (detect_container(NULL) > 0) | |
51 | return -ENOTSUP; | |
52 | ||
d7832d2c KS |
53 | if (pid == 0) |
54 | r = read_one_line_file("/proc/self/sessionid", &s); | |
55 | else { | |
56 | char *p; | |
57 | ||
58 | if (asprintf(&p, "/proc/%lu/sessionid", (unsigned long) pid) < 0) | |
59 | return -ENOMEM; | |
60 | ||
61 | r = read_one_line_file(p, &s); | |
62 | free(p); | |
63 | } | |
64 | ||
65 | if (r < 0) | |
66 | return r; | |
67 | ||
68 | r = safe_atou32(s, &u); | |
69 | free(s); | |
70 | ||
71 | if (r < 0) | |
72 | return r; | |
73 | ||
74 | if (u == (uint32_t) -1 || u <= 0) | |
75 | return -ENOENT; | |
76 | ||
77 | *id = u; | |
78 | return 0; | |
79 | } | |
80 | ||
81 | int audit_loginuid_from_pid(pid_t pid, uid_t *uid) { | |
82 | char *s; | |
83 | uid_t u; | |
84 | int r; | |
85 | ||
86 | assert(uid); | |
87 | ||
88 | /* Only use audit login uid if we are executed with sufficient | |
89 | * capabilities so that pam_loginuid could do its job. If we | |
90 | * are lacking the CAP_AUDIT_CONTROL capabality we most likely | |
91 | * are being run in a container and /proc/self/loginuid is | |
92 | * useless since it probably contains a uid of the host | |
93 | * system. */ | |
94 | ||
95 | if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0) | |
96 | return -ENOENT; | |
97 | ||
9a3ef988 LP |
98 | /* Audit doesn't support containers right now */ |
99 | if (detect_container(NULL) > 0) | |
100 | return -ENOTSUP; | |
101 | ||
d7832d2c KS |
102 | if (pid == 0) |
103 | r = read_one_line_file("/proc/self/loginuid", &s); | |
104 | else { | |
105 | char *p; | |
106 | ||
107 | if (asprintf(&p, "/proc/%lu/loginuid", (unsigned long) pid) < 0) | |
108 | return -ENOMEM; | |
109 | ||
110 | r = read_one_line_file(p, &s); | |
111 | free(p); | |
112 | } | |
113 | ||
114 | if (r < 0) | |
115 | return r; | |
116 | ||
117 | r = parse_uid(s, &u); | |
118 | free(s); | |
119 | ||
120 | if (r < 0) | |
121 | return r; | |
122 | ||
123 | if (u == (uid_t) -1) | |
124 | return -ENOENT; | |
125 | ||
126 | *uid = (uid_t) u; | |
127 | return 0; | |
128 | } |