5430f7f2bc
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
119 lines
2.9 KiB
C
119 lines
2.9 KiB
C
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
|
|
|
|
/***
|
|
This file is part of systemd.
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
***/
|
|
|
|
#include <assert.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <ctype.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/capability.h>
|
|
|
|
#include "macro.h"
|
|
#include "audit.h"
|
|
#include "util.h"
|
|
#include "log.h"
|
|
|
|
int audit_session_from_pid(pid_t pid, uint32_t *id) {
|
|
char *s;
|
|
uint32_t u;
|
|
int r;
|
|
|
|
assert(id);
|
|
|
|
if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
|
|
return -ENOENT;
|
|
|
|
if (pid == 0)
|
|
r = read_one_line_file("/proc/self/sessionid", &s);
|
|
else {
|
|
char *p;
|
|
|
|
if (asprintf(&p, "/proc/%lu/sessionid", (unsigned long) pid) < 0)
|
|
return -ENOMEM;
|
|
|
|
r = read_one_line_file(p, &s);
|
|
free(p);
|
|
}
|
|
|
|
if (r < 0)
|
|
return r;
|
|
|
|
r = safe_atou32(s, &u);
|
|
free(s);
|
|
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (u == (uint32_t) -1 || u <= 0)
|
|
return -ENOENT;
|
|
|
|
*id = u;
|
|
return 0;
|
|
}
|
|
|
|
int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
|
|
char *s;
|
|
uid_t u;
|
|
int r;
|
|
|
|
assert(uid);
|
|
|
|
/* Only use audit login uid if we are executed with sufficient
|
|
* capabilities so that pam_loginuid could do its job. If we
|
|
* are lacking the CAP_AUDIT_CONTROL capabality we most likely
|
|
* are being run in a container and /proc/self/loginuid is
|
|
* useless since it probably contains a uid of the host
|
|
* system. */
|
|
|
|
if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
|
|
return -ENOENT;
|
|
|
|
if (pid == 0)
|
|
r = read_one_line_file("/proc/self/loginuid", &s);
|
|
else {
|
|
char *p;
|
|
|
|
if (asprintf(&p, "/proc/%lu/loginuid", (unsigned long) pid) < 0)
|
|
return -ENOMEM;
|
|
|
|
r = read_one_line_file(p, &s);
|
|
free(p);
|
|
}
|
|
|
|
if (r < 0)
|
|
return r;
|
|
|
|
r = parse_uid(s, &u);
|
|
free(s);
|
|
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (u == (uid_t) -1)
|
|
return -ENOENT;
|
|
|
|
*uid = (uid_t) u;
|
|
return 0;
|
|
}
|