1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <linux/capability.h>
26 #include "formats-util.h"
27 #include "capability.h"
28 #include "cgroup-util.h"
31 #include "bus-message.h"
34 #include "bus-creds.h"
35 #include "bus-label.h"
38 CAP_OFFSET_INHERITABLE = 0,
39 CAP_OFFSET_PERMITTED = 1,
40 CAP_OFFSET_EFFECTIVE = 2,
41 CAP_OFFSET_BOUNDING = 3
44 void bus_creds_done(sd_bus_creds *c) {
47 /* For internal bus cred structures that are allocated by
54 free(c->unescaped_description);
55 free(c->supplementary_gids);
57 free(c->well_known_names); /* note that this is an strv, but
58 * we only free the array, not the
59 * strings the array points to. The
60 * full strv we only free if
61 * c->allocated is set, see
64 strv_free(c->cmdline_array);
67 _public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
68 assert_return(c, NULL);
76 /* If this is an embedded creds structure, then
77 * forward ref counting to the message */
78 m = container_of(c, sd_bus_message, creds);
79 sd_bus_message_ref(m);
85 _public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) {
102 free(c->unique_name);
103 free(c->cgroup_root);
104 free(c->description);
106 free(c->supplementary_gids);
107 c->supplementary_gids = NULL;
109 strv_free(c->well_known_names);
110 c->well_known_names = NULL;
119 m = container_of(c, sd_bus_message, creds);
120 sd_bus_message_unref(m);
127 _public_ uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c) {
133 _public_ uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds *c) {
139 sd_bus_creds* bus_creds_new(void) {
142 c = new0(sd_bus_creds, 1);
151 _public_ int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t mask) {
155 assert_return(pid >= 0, -EINVAL);
156 assert_return(mask <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
157 assert_return(ret, -EINVAL);
166 r = bus_creds_add_more(c, mask | SD_BUS_CREDS_AUGMENT, pid, 0);
168 sd_bus_creds_unref(c);
172 /* Check if the process existed at all, in case we haven't
173 * figured that out already */
174 if (!pid_is_alive(pid)) {
175 sd_bus_creds_unref(c);
183 _public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
184 assert_return(c, -EINVAL);
185 assert_return(uid, -EINVAL);
187 if (!(c->mask & SD_BUS_CREDS_UID))
194 _public_ int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid) {
195 assert_return(c, -EINVAL);
196 assert_return(euid, -EINVAL);
198 if (!(c->mask & SD_BUS_CREDS_EUID))
205 _public_ int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid) {
206 assert_return(c, -EINVAL);
207 assert_return(suid, -EINVAL);
209 if (!(c->mask & SD_BUS_CREDS_SUID))
217 _public_ int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid) {
218 assert_return(c, -EINVAL);
219 assert_return(fsuid, -EINVAL);
221 if (!(c->mask & SD_BUS_CREDS_FSUID))
228 _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
229 assert_return(c, -EINVAL);
230 assert_return(gid, -EINVAL);
232 if (!(c->mask & SD_BUS_CREDS_GID))
239 _public_ int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid) {
240 assert_return(c, -EINVAL);
241 assert_return(egid, -EINVAL);
243 if (!(c->mask & SD_BUS_CREDS_EGID))
250 _public_ int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid) {
251 assert_return(c, -EINVAL);
252 assert_return(sgid, -EINVAL);
254 if (!(c->mask & SD_BUS_CREDS_SGID))
261 _public_ int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid) {
262 assert_return(c, -EINVAL);
263 assert_return(fsgid, -EINVAL);
265 if (!(c->mask & SD_BUS_CREDS_FSGID))
272 _public_ int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids) {
273 assert_return(c, -EINVAL);
274 assert_return(gids, -EINVAL);
276 if (!(c->mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS))
279 *gids = c->supplementary_gids;
280 return (int) c->n_supplementary_gids;
283 _public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
284 assert_return(c, -EINVAL);
285 assert_return(pid, -EINVAL);
287 if (!(c->mask & SD_BUS_CREDS_PID))
295 _public_ int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid) {
296 assert_return(c, -EINVAL);
297 assert_return(ppid, -EINVAL);
299 if (!(c->mask & SD_BUS_CREDS_PPID))
306 _public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
307 assert_return(c, -EINVAL);
308 assert_return(tid, -EINVAL);
310 if (!(c->mask & SD_BUS_CREDS_TID))
318 _public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret) {
319 assert_return(c, -EINVAL);
321 if (!(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
329 _public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
330 assert_return(c, -EINVAL);
331 assert_return(ret, -EINVAL);
333 if (!(c->mask & SD_BUS_CREDS_COMM))
341 _public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
342 assert_return(c, -EINVAL);
343 assert_return(ret, -EINVAL);
345 if (!(c->mask & SD_BUS_CREDS_TID_COMM))
353 _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
354 assert_return(c, -EINVAL);
355 assert_return(ret, -EINVAL);
357 if (!(c->mask & SD_BUS_CREDS_EXE))
365 _public_ int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **ret) {
366 assert_return(c, -EINVAL);
367 assert_return(ret, -EINVAL);
369 if (!(c->mask & SD_BUS_CREDS_CGROUP))
377 _public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
378 assert_return(c, -EINVAL);
379 assert_return(ret, -EINVAL);
381 if (!(c->mask & SD_BUS_CREDS_UNIT))
393 _public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
394 assert_return(c, -EINVAL);
395 assert_return(ret, -EINVAL);
397 if (!(c->mask & SD_BUS_CREDS_USER_UNIT))
409 _public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
410 assert_return(c, -EINVAL);
411 assert_return(ret, -EINVAL);
413 if (!(c->mask & SD_BUS_CREDS_SLICE))
425 _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
428 assert_return(c, -EINVAL);
429 assert_return(ret, -EINVAL);
431 if (!(c->mask & SD_BUS_CREDS_SESSION))
439 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
443 r = cg_path_get_session(shifted, (char**) &c->session);
452 _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
456 assert_return(c, -EINVAL);
457 assert_return(uid, -EINVAL);
459 if (!(c->mask & SD_BUS_CREDS_OWNER_UID))
464 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
471 _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
472 assert_return(c, -EINVAL);
474 if (!(c->mask & SD_BUS_CREDS_CMDLINE))
477 assert_return(c->cmdline, -ESRCH);
480 if (!c->cmdline_array) {
481 c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
482 if (!c->cmdline_array)
486 *cmdline = c->cmdline_array;
490 _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid) {
491 assert_return(c, -EINVAL);
492 assert_return(sessionid, -EINVAL);
494 if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
497 *sessionid = c->audit_session_id;
501 _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
502 assert_return(c, -EINVAL);
503 assert_return(uid, -EINVAL);
505 if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
508 *uid = c->audit_login_uid;
512 _public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
513 assert_return(c, -EINVAL);
514 assert_return(unique_name, -EINVAL);
516 if (!(c->mask & SD_BUS_CREDS_UNIQUE_NAME))
519 *unique_name = c->unique_name;
523 _public_ int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***well_known_names) {
524 assert_return(c, -EINVAL);
525 assert_return(well_known_names, -EINVAL);
527 if (!(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES))
530 /* As a special hack we return the bus driver as well-known
531 * names list when this is requested. */
532 if (c->well_known_names_driver) {
533 static const char* const wkn[] = {
534 "org.freedesktop.DBus",
538 *well_known_names = (char**) wkn;
542 if (c->well_known_names_local) {
543 static const char* const wkn[] = {
544 "org.freedesktop.DBus.Local",
548 *well_known_names = (char**) wkn;
552 *well_known_names = c->well_known_names;
556 _public_ int sd_bus_creds_get_description(sd_bus_creds *c, const char **ret) {
557 assert_return(c, -EINVAL);
558 assert_return(ret, -EINVAL);
560 if (!(c->mask & SD_BUS_CREDS_DESCRIPTION))
563 assert(c->description);
565 if (!c->unescaped_description) {
566 c->unescaped_description = bus_label_unescape(c->description);
567 if (!c->unescaped_description)
571 *ret = c->unescaped_description;
575 static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
579 assert(capability >= 0);
580 assert(c->capability);
582 if ((unsigned) capability > cap_last_cap())
585 sz = DIV_ROUND_UP(cap_last_cap(), 32U);
587 return !!(c->capability[offset * sz + CAP_TO_INDEX(capability)] & CAP_TO_MASK(capability));
590 _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
591 assert_return(c, -EINVAL);
592 assert_return(capability >= 0, -EINVAL);
594 if (!(c->mask & SD_BUS_CREDS_EFFECTIVE_CAPS))
597 return has_cap(c, CAP_OFFSET_EFFECTIVE, capability);
600 _public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
601 assert_return(c, -EINVAL);
602 assert_return(capability >= 0, -EINVAL);
604 if (!(c->mask & SD_BUS_CREDS_PERMITTED_CAPS))
607 return has_cap(c, CAP_OFFSET_PERMITTED, capability);
610 _public_ int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability) {
611 assert_return(c, -EINVAL);
612 assert_return(capability >= 0, -EINVAL);
614 if (!(c->mask & SD_BUS_CREDS_INHERITABLE_CAPS))
617 return has_cap(c, CAP_OFFSET_INHERITABLE, capability);
620 _public_ int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability) {
621 assert_return(c, -EINVAL);
622 assert_return(capability >= 0, -EINVAL);
624 if (!(c->mask & SD_BUS_CREDS_BOUNDING_CAPS))
627 return has_cap(c, CAP_OFFSET_BOUNDING, capability);
630 static int parse_caps(sd_bus_creds *c, unsigned offset, const char *p) {
637 max = DIV_ROUND_UP(cap_last_cap(), 32U);
638 p += strspn(p, WHITESPACE);
648 if (!c->capability) {
649 c->capability = new0(uint32_t, max * 4);
654 for (i = 0; i < sz; i ++) {
657 for (j = 0; j < 8; ++j) {
667 c->capability[offset * max + (sz - i - 1)] = v;
673 int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
678 assert(c->allocated);
680 if (!(mask & SD_BUS_CREDS_AUGMENT))
683 /* Try to retrieve PID from creds if it wasn't passed to us */
684 if (pid <= 0 && (c->mask & SD_BUS_CREDS_PID))
687 /* Without pid we cannot do much... */
691 /* Try to retrieve TID from creds if it wasn't passed to us */
692 if (tid <= 0 && (c->mask & SD_BUS_CREDS_TID))
695 /* Calculate what we shall and can add */
696 missing = mask & ~(c->mask|SD_BUS_CREDS_PID|SD_BUS_CREDS_TID|SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_DESCRIPTION|SD_BUS_CREDS_AUGMENT);
701 c->mask |= SD_BUS_CREDS_PID;
705 c->mask |= SD_BUS_CREDS_TID;
708 if (missing & (SD_BUS_CREDS_PPID |
709 SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_SUID | SD_BUS_CREDS_FSUID |
710 SD_BUS_CREDS_GID | SD_BUS_CREDS_EGID | SD_BUS_CREDS_SGID | SD_BUS_CREDS_FSGID |
711 SD_BUS_CREDS_SUPPLEMENTARY_GIDS |
712 SD_BUS_CREDS_EFFECTIVE_CAPS | SD_BUS_CREDS_INHERITABLE_CAPS |
713 SD_BUS_CREDS_PERMITTED_CAPS | SD_BUS_CREDS_BOUNDING_CAPS)) {
715 _cleanup_fclose_ FILE *f = NULL;
718 p = procfs_file_alloca(pid, "status");
724 else if (errno != EPERM && errno != EACCES)
729 FOREACH_LINE(line, f, return -errno) {
732 if (missing & SD_BUS_CREDS_PPID) {
733 p = startswith(line, "PPid:");
735 p += strspn(p, WHITESPACE);
737 r = parse_pid(p, &c->ppid);
741 c->mask |= SD_BUS_CREDS_PPID;
746 if (missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID)) {
747 p = startswith(line, "Uid:");
749 unsigned long uid, euid, suid, fsuid;
751 p += strspn(p, WHITESPACE);
752 if (sscanf(p, "%lu %lu %lu %lu", &uid, &euid, &suid, &fsuid) != 4)
755 if (missing & SD_BUS_CREDS_UID)
756 c->uid = (uid_t) uid;
757 if (missing & SD_BUS_CREDS_EUID)
758 c->euid = (uid_t) euid;
759 if (missing & SD_BUS_CREDS_SUID)
760 c->suid = (uid_t) suid;
761 if (missing & SD_BUS_CREDS_FSUID)
762 c->fsuid = (uid_t) fsuid;
764 c->mask |= missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID);
769 if (missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID)) {
770 p = startswith(line, "Gid:");
772 unsigned long gid, egid, sgid, fsgid;
774 p += strspn(p, WHITESPACE);
775 if (sscanf(p, "%lu %lu %lu %lu", &gid, &egid, &sgid, &fsgid) != 4)
778 if (missing & SD_BUS_CREDS_GID)
779 c->gid = (gid_t) gid;
780 if (missing & SD_BUS_CREDS_EGID)
781 c->egid = (gid_t) egid;
782 if (missing & SD_BUS_CREDS_SGID)
783 c->sgid = (gid_t) sgid;
784 if (missing & SD_BUS_CREDS_FSGID)
785 c->fsgid = (gid_t) fsgid;
787 c->mask |= missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID);
792 if (missing & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
793 p = startswith(line, "Groups:");
795 size_t allocated = 0;
801 p += strspn(p, WHITESPACE);
805 if (sscanf(p, "%lu%n", &g, &n) != 1)
808 if (!GREEDY_REALLOC(c->supplementary_gids, allocated, c->n_supplementary_gids+1))
811 c->supplementary_gids[c->n_supplementary_gids++] = (gid_t) g;
815 c->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
820 if (missing & SD_BUS_CREDS_EFFECTIVE_CAPS) {
821 p = startswith(line, "CapEff:");
823 r = parse_caps(c, CAP_OFFSET_EFFECTIVE, p);
827 c->mask |= SD_BUS_CREDS_EFFECTIVE_CAPS;
832 if (missing & SD_BUS_CREDS_PERMITTED_CAPS) {
833 p = startswith(line, "CapPrm:");
835 r = parse_caps(c, CAP_OFFSET_PERMITTED, p);
839 c->mask |= SD_BUS_CREDS_PERMITTED_CAPS;
844 if (missing & SD_BUS_CREDS_INHERITABLE_CAPS) {
845 p = startswith(line, "CapInh:");
847 r = parse_caps(c, CAP_OFFSET_INHERITABLE, p);
851 c->mask |= SD_BUS_CREDS_INHERITABLE_CAPS;
856 if (missing & SD_BUS_CREDS_BOUNDING_CAPS) {
857 p = startswith(line, "CapBnd:");
859 r = parse_caps(c, CAP_OFFSET_BOUNDING, p);
863 c->mask |= SD_BUS_CREDS_BOUNDING_CAPS;
871 if (missing & SD_BUS_CREDS_SELINUX_CONTEXT) {
874 p = procfs_file_alloca(pid, "attr/current");
875 r = read_one_line_file(p, &c->label);
877 if (r != -ENOENT && r != -EINVAL && r != -EPERM && r != -EACCES)
880 c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
883 if (missing & SD_BUS_CREDS_COMM) {
884 r = get_process_comm(pid, &c->comm);
886 if (r != -EPERM && r != -EACCES)
889 c->mask |= SD_BUS_CREDS_COMM;
892 if (missing & SD_BUS_CREDS_EXE) {
893 r = get_process_exe(pid, &c->exe);
895 if (r != -EPERM && r != -EACCES)
898 c->mask |= SD_BUS_CREDS_EXE;
901 if (missing & SD_BUS_CREDS_CMDLINE) {
904 p = procfs_file_alloca(pid, "cmdline");
905 r = read_full_file(p, &c->cmdline, &c->cmdline_size);
909 if (r != -EPERM && r != -EACCES)
912 if (c->cmdline_size == 0) {
916 c->mask |= SD_BUS_CREDS_CMDLINE;
920 if (tid > 0 && (missing & SD_BUS_CREDS_TID_COMM)) {
921 _cleanup_free_ char *p = NULL;
923 if (asprintf(&p, "/proc/"PID_FMT"/task/"PID_FMT"/comm", pid, tid) < 0)
926 r = read_one_line_file(p, &c->tid_comm);
930 if (r != -EPERM && r != -EACCES)
933 c->mask |= SD_BUS_CREDS_TID_COMM;
936 if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
939 r = cg_pid_get_path(NULL, pid, &c->cgroup);
941 if (r != -EPERM && r != -EACCES)
946 if (!c->cgroup_root) {
947 r = cg_get_root_path(&c->cgroup_root);
953 c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
956 if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
957 r = audit_session_from_pid(pid, &c->audit_session_id);
959 if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
962 c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
965 if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
966 r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
968 if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
971 c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
974 c->augmented = missing & c->mask;
979 int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret) {
980 _cleanup_bus_creds_unref_ sd_bus_creds *n = NULL;
986 if ((mask & ~c->mask) == 0 || (!(mask & SD_BUS_CREDS_AUGMENT))) {
987 /* There's already all data we need, or augmentation
988 * wasn't turned on. */
990 *ret = sd_bus_creds_ref(c);
998 /* Copy the original data over */
1000 if (c->mask & mask & SD_BUS_CREDS_PID) {
1002 n->mask |= SD_BUS_CREDS_PID;
1005 if (c->mask & mask & SD_BUS_CREDS_TID) {
1007 n->mask |= SD_BUS_CREDS_TID;
1010 if (c->mask & mask & SD_BUS_CREDS_PPID) {
1012 n->mask |= SD_BUS_CREDS_PPID;
1015 if (c->mask & mask & SD_BUS_CREDS_UID) {
1017 n->mask |= SD_BUS_CREDS_UID;
1020 if (c->mask & mask & SD_BUS_CREDS_EUID) {
1022 n->mask |= SD_BUS_CREDS_EUID;
1025 if (c->mask & mask & SD_BUS_CREDS_SUID) {
1027 n->mask |= SD_BUS_CREDS_SUID;
1030 if (c->mask & mask & SD_BUS_CREDS_FSUID) {
1031 n->fsuid = c->fsuid;
1032 n->mask |= SD_BUS_CREDS_FSUID;
1035 if (c->mask & mask & SD_BUS_CREDS_GID) {
1037 n->mask |= SD_BUS_CREDS_GID;
1040 if (c->mask & mask & SD_BUS_CREDS_EGID) {
1042 n->mask |= SD_BUS_CREDS_EGID;
1045 if (c->mask & mask & SD_BUS_CREDS_SGID) {
1047 n->mask |= SD_BUS_CREDS_SGID;
1050 if (c->mask & mask & SD_BUS_CREDS_FSGID) {
1051 n->fsgid = c->fsgid;
1052 n->mask |= SD_BUS_CREDS_FSGID;
1055 if (c->mask & mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
1056 n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
1057 if (!n->supplementary_gids)
1059 n->n_supplementary_gids = c->n_supplementary_gids;
1060 n->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
1063 if (c->mask & mask & SD_BUS_CREDS_COMM) {
1064 n->comm = strdup(c->comm);
1068 n->mask |= SD_BUS_CREDS_COMM;
1071 if (c->mask & mask & SD_BUS_CREDS_TID_COMM) {
1072 n->tid_comm = strdup(c->tid_comm);
1076 n->mask |= SD_BUS_CREDS_TID_COMM;
1079 if (c->mask & mask & SD_BUS_CREDS_EXE) {
1080 n->exe = strdup(c->exe);
1084 n->mask |= SD_BUS_CREDS_EXE;
1087 if (c->mask & mask & SD_BUS_CREDS_CMDLINE) {
1088 n->cmdline = memdup(c->cmdline, c->cmdline_size);
1092 n->cmdline_size = c->cmdline_size;
1093 n->mask |= SD_BUS_CREDS_CMDLINE;
1096 if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID)) {
1097 n->cgroup = strdup(c->cgroup);
1101 n->cgroup_root = strdup(c->cgroup_root);
1102 if (!n->cgroup_root)
1105 n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID);
1108 if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
1109 n->capability = memdup(c->capability, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
1113 n->mask |= c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS);
1116 if (c->mask & mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
1117 n->label = strdup(c->label);
1120 n->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
1123 if (c->mask & mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
1124 n->audit_session_id = c->audit_session_id;
1125 n->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1127 if (c->mask & mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
1128 n->audit_login_uid = c->audit_login_uid;
1129 n->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1132 if (c->mask & mask & SD_BUS_CREDS_UNIQUE_NAME) {
1133 n->unique_name = strdup(c->unique_name);
1134 if (!n->unique_name)
1136 n->mask |= SD_BUS_CREDS_UNIQUE_NAME;
1139 if (c->mask & mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) {
1140 n->well_known_names = strv_copy(c->well_known_names);
1141 if (!n->well_known_names)
1143 n->well_known_names_driver = c->well_known_names_driver;
1144 n->well_known_names_local = c->well_known_names_local;
1145 n->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
1148 if (c->mask & mask & SD_BUS_CREDS_DESCRIPTION) {
1149 n->description = strdup(c->description);
1150 if (!n->description)
1152 n->mask |= SD_BUS_CREDS_DESCRIPTION;
1155 n->augmented = c->augmented & n->mask;
1159 r = bus_creds_add_more(n, mask, 0, 0);
~ianmdlvl / elogind.git / blob