journald: drop splitting-by-audit entirely

[elogind.git] / src / journal / journald-server.c

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 545760726e0d47cab0002e5463a2cff3c23b09de..c1ec0fad32f4ea23e407b159473c0b85dd1a3c7e 100644 (file)
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -515,9 +515,8 @@ static void dispatch_message_real(
         sd_id128_t id;
         int r;
         char *t;
-        uid_t loginuid = 0, realuid = 0;
-        uid_t journal_uid;
-        bool loginuid_valid = false;
+        uid_t realuid = 0, owner = 0, journal_uid;
+        bool owner_valid = false;
 
         assert(s);
         assert(iovec);
@@ -526,9 +525,7 @@ static void dispatch_message_real(
 
         if (ucred) {
                 uint32_t audit;
-#ifdef HAVE_LOGIND
-                uid_t owner;
-#endif
+                uid_t loginuid;
 
                 realuid = ucred->uid;
 
@@ -574,11 +571,9 @@ static void dispatch_message_real(
                                 IOVEC_SET_STRING(iovec[n++], audit_session);
 
                 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
-                if (r >= 0) {
-                        loginuid_valid = true;
+                if (r >= 0)
                         if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
                                 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
-                }
 
                 t = shortened_cgroup_path(ucred->pid);
                 if (t) {
@@ -598,9 +593,11 @@ static void dispatch_message_real(
                                 IOVEC_SET_STRING(iovec[n++], session);
                 }
 
-                if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
+                if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) {
+                        owner_valid = true;
                         if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
                                 IOVEC_SET_STRING(iovec[n++], owner_uid);
+                }
 #endif
 
                 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
@@ -672,9 +669,16 @@ static void dispatch_message_real(
         assert(n <= m);
 
         if (s->split_mode == SPLIT_UID && realuid > 0)
+                /* Split up strictly by any UID */
                 journal_uid = realuid;
-        else if (s->split_mode == SPLIT_LOGIN && loginuid > 0 && loginuid_valid)
-                journal_uid = loginuid;
+        else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
+                /* Split up by login UIDs, this avoids creation of
+                 * individual journals for system UIDs.  We do this
+                 * only if the realuid is not root, in order not to
+                 * accidentally leak privileged information to the
+                 * user that is logged by a privileged process that is
+                 * part of an unprivileged session.*/
+                journal_uid = owner;
         else
                 journal_uid = 0;