]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/audit.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
util: fix handling of trailing whitespace in split_quoted()
[thirdparty/systemd.git] / src / shared / audit.c
CommitLineData
d7832d2c
KS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
d7832d2c
KS		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
d7832d2c 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
d7832d2c
KS		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <assert.h>
23#include <string.h>
24#include <unistd.h>
25#include <errno.h>
26#include <stdlib.h>
27#include <stdio.h>
28#include <ctype.h>
29#include <sys/prctl.h>
30#include <sys/capability.h>
31
32#include "macro.h"
33#include "audit.h"
34#include "util.h"
35#include "log.h"
a5c32cff 36#include "fileio.h"
9a3ef988 37#include "virt.h"
d7832d2c
KS		 38
39int audit_session_from_pid(pid_t pid, uint32_t *id) {
40 char *s;
41 uint32_t u;
42 int r;
43
44 assert(id);
45
46 if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
47 return -ENOENT;
48
9a3ef988
LP		 49 /* Audit doesn't support containers right now */
50 if (detect_container(NULL) > 0)
51 return -ENOTSUP;
52
d7832d2c
KS		 53 if (pid == 0)
54 r = read_one_line_file("/proc/self/sessionid", &s);
55 else {
56 char *p;
57
58 if (asprintf(&p, "/proc/%lu/sessionid", (unsigned long) pid) < 0)
59 return -ENOMEM;
60
61 r = read_one_line_file(p, &s);
62 free(p);
63 }
64
65 if (r < 0)
66 return r;
67
68 r = safe_atou32(s, &u);
69 free(s);
70
71 if (r < 0)
72 return r;
73
74 if (u == (uint32_t) -1 || u <= 0)
75 return -ENOENT;
76
77 *id = u;
78 return 0;
79}
80
81int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
82 char *s;
83 uid_t u;
84 int r;
85
86 assert(uid);
87
88 /* Only use audit login uid if we are executed with sufficient
89 * capabilities so that pam_loginuid could do its job. If we
90 * are lacking the CAP_AUDIT_CONTROL capabality we most likely
91 * are being run in a container and /proc/self/loginuid is
92 * useless since it probably contains a uid of the host
93 * system. */
94
95 if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
96 return -ENOENT;
97
9a3ef988
LP		 98 /* Audit doesn't support containers right now */
99 if (detect_container(NULL) > 0)
100 return -ENOTSUP;
101
d7832d2c
KS		 102 if (pid == 0)
103 r = read_one_line_file("/proc/self/loginuid", &s);
104 else {
105 char *p;
106
107 if (asprintf(&p, "/proc/%lu/loginuid", (unsigned long) pid) < 0)
108 return -ENOMEM;
109
110 r = read_one_line_file(p, &s);
111 free(p);
112 }
113
114 if (r < 0)
115 return r;
116
117 r = parse_uid(s, &u);
118 free(s);
119
120 if (r < 0)
121 return r;
122
123 if (u == (uid_t) -1)
124 return -ENOENT;
125
126 *uid = (uid_t) u;
127 return 0;
128}
Unnamed repository; edit this file 'description' to name the repository.