diff options
author | Colin Walters <walters@verbum.org> | 2008-12-17 16:01:28 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2008-12-18 15:18:22 -0500 |
commit | 9bc79bc768defaa779fae45845a42301b557a908 (patch) | |
tree | bb996629add7e00f501f5e1f2b29052394207129 /dbus | |
parent | 5e83f17f0c9566b5dd2a0ad1b41752f2e0c1eb9d (diff) |
Add uid, pid, and command to security logs
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
Diffstat (limited to 'dbus')
-rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 96 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.h | 5 |
2 files changed, 101 insertions, 0 deletions
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 3f2a2330..6ca662b2 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -1132,3 +1132,99 @@ _dbus_string_get_dirname (const DBusString *filename, } /** @} */ /* DBusString stuff */ +static void +string_squash_nonprintable (DBusString *str) +{ + char *buf; + int i, len; + + buf = _dbus_string_get_data (str); + len = _dbus_string_get_length (str); + + for (i = 0; i < len; i++) + if (buf[i] == '\0') + buf[i] = ' '; + else if (buf[i] < 0x20 || buf[i] > 127) + buf[i] = '?'; +} + +/** + * Get a printable string describing the command used to execute + * the process with pid. This string should only be used for + * informative purposes such as logging; it may not be trusted. + * + * The command is guaranteed to be printable ASCII and no longer + * than max_len. + * + * @param pid Process id + * @param str Append command to this string + * @param max_len Maximum length of returned command + * @param error return location for errors + * @returns #FALSE on error + */ +dbus_bool_t +_dbus_command_for_pid (unsigned long pid, + DBusString *str, + int max_len, + DBusError *error) +{ + /* This is all Linux-specific for now */ + DBusString path; + DBusString cmdline; + int fd; + + if (!_dbus_string_init (&path)) + { + _DBUS_SET_OOM (error); + return FALSE; + } + + if (!_dbus_string_init (&cmdline)) + { + _DBUS_SET_OOM (error); + _dbus_string_free (&path); + return FALSE; + } + + if (!_dbus_string_append_printf (&path, "/proc/%ld/cmdline", pid)) + goto oom; + + fd = open (_dbus_string_get_const_data (&path), O_RDONLY); + if (fd < 0) + { + dbus_set_error (error, + _dbus_error_from_errno (errno), + "Failed to open \"%s\": %s", + _dbus_string_get_const_data (&path), + _dbus_strerror (errno)); + goto fail; + } + + if (!_dbus_read (fd, &cmdline, max_len)) + { + dbus_set_error (error, + _dbus_error_from_errno (errno), + "Failed to read from \"%s\": %s", + _dbus_string_get_const_data (&path), + _dbus_strerror (errno)); + goto fail; + } + + if (!_dbus_close (fd, error)) + goto fail; + + string_squash_nonprintable (&cmdline); + + if (!_dbus_string_copy (&cmdline, 0, str, _dbus_string_get_length (str))) + goto oom; + + _dbus_string_free (&cmdline); + _dbus_string_free (&path); + return TRUE; +oom: + _DBUS_SET_OOM (error); +fail: + _dbus_string_free (&cmdline); + _dbus_string_free (&path); + return FALSE; +}
\ No newline at end of file diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 5f4b00e1..2662b270 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -411,6 +411,11 @@ dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, dbus_pid_t pid_to_write, DBusError *error); +dbus_bool_t _dbus_command_for_pid (unsigned long pid, + DBusString *str, + int max_len, + DBusError *error); + /** A UNIX signal handler */ typedef void (* DBusSignalHandler) (int sig); |