summaryrefslogtreecommitdiff
path: root/src/shared/audit.c
blob: e5c483ab084a91622b2f44e845cd1e13778f32d9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <assert.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <ctype.h>
#include <sys/prctl.h>
#include <sys/capability.h>

#include "macro.h"
#include "audit.h"
#include "util.h"
#include "log.h"

int audit_session_from_pid(pid_t pid, uint32_t *id) {
        char *s;
        uint32_t u;
        int r;

        assert(id);

        if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
                return -ENOENT;

        if (pid == 0)
                r = read_one_line_file("/proc/self/sessionid", &s);
        else {
                char *p;

                if (asprintf(&p, "/proc/%lu/sessionid", (unsigned long) pid) < 0)
                        return -ENOMEM;

                r = read_one_line_file(p, &s);
                free(p);
        }

        if (r < 0)
                return r;

        r = safe_atou32(s, &u);
        free(s);

        if (r < 0)
                return r;

        if (u == (uint32_t) -1 || u <= 0)
                return -ENOENT;

        *id = u;
        return 0;
}

int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
        char *s;
        uid_t u;
        int r;

        assert(uid);

        /* Only use audit login uid if we are executed with sufficient
         * capabilities so that pam_loginuid could do its job. If we
         * are lacking the CAP_AUDIT_CONTROL capabality we most likely
         * are being run in a container and /proc/self/loginuid is
         * useless since it probably contains a uid of the host
         * system. */

        if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
                return -ENOENT;

        if (pid == 0)
                r = read_one_line_file("/proc/self/loginuid", &s);
        else {
                char *p;

                if (asprintf(&p, "/proc/%lu/loginuid", (unsigned long) pid) < 0)
                        return -ENOMEM;

                r = read_one_line_file(p, &s);
                free(p);
        }

        if (r < 0)
                return r;

        r = parse_uid(s, &u);
        free(s);

        if (r < 0)
                return r;

        if (u == (uid_t) -1)
                return -ENOENT;

        *uid = (uid_t) u;
        return 0;
}