sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers

[elogind.git] / src / login / sd-login.c

diff --git a/src/login/sd-login.c b/src/login/sd-login.c
index 7ae3db0397db8df7a9d62204b992f81c0048f85e..d24b2ed1fdd698f1b62bc04d5cdbe54b89c20df4 100644 (file)
--- a/src/login/sd-login.c
+++ b/src/login/sd-login.c
@@ -28,10 +28,10 @@
 #include "util.h"
 #include "cgroup-util.h"
 #include "macro.h"
-#include "sd-login.h"
 #include "strv.h"
 #include "fileio.h"
 #include "login-shared.h"
+#include "sd-login.h"
 
 _public_ int sd_pid_get_session(pid_t pid, char **session) {
 
@@ -81,8 +81,93 @@ _public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) {
         return cg_pid_get_owner_uid(pid, uid);
 }
 
+_public_ int sd_peer_get_session(int fd, char **session) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(session, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_session(ucred.pid, session);
+}
+
+_public_ int sd_peer_get_owner_uid(int fd, uid_t *uid) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(uid, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_owner_uid(ucred.pid, uid);
+}
+
+_public_ int sd_peer_get_unit(int fd, char **unit) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(unit, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_unit(ucred.pid, unit);
+}
+
+_public_ int sd_peer_get_user_unit(int fd, char **unit) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(unit, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_user_unit(ucred.pid, unit);
+}
+
+_public_ int sd_peer_get_machine_name(int fd, char **machine) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(machine, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_machine_name(ucred.pid, machine);
+}
+
+_public_ int sd_peer_get_slice(int fd, char **slice) {
+        struct ucred ucred;
+        int r;
+
+        assert_return(fd >= 0, -EINVAL);
+        assert_return(slice, -EINVAL);
+
+        r = getpeercred(fd, &ucred);
+        if (r < 0)
+                return r;
+
+        return cg_pid_get_slice(ucred.pid, slice);
+}
+
 _public_ int sd_uid_get_state(uid_t uid, char**state) {
-        char *p, *s = NULL;
+        _cleanup_free_ char *p = NULL;
+        char *s = NULL;
         int r;
 
         assert_return(state, -EINVAL);
@@ -91,16 +176,12 @@ _public_ int sd_uid_get_state(uid_t uid, char**state) {
                 return -ENOMEM;
 
         r = parse_env_file(p, NEWLINE, "STATE", &s, NULL);
-        free(p);
-
         if (r == -ENOENT) {
                 free(s);
                 s = strdup("offline");
                 if (!s)
                         return -ENOMEM;
 
-                *state = s;
-                return 0;
         } else if (r < 0) {
                 free(s);
                 return r;
@@ -249,9 +330,25 @@ _public_ int sd_session_is_active(const char *session) {
         if (!s)
                 return -EIO;
 
-        r = parse_boolean(s);
+        return parse_boolean(s);
+}
 
-        return r;
+_public_ int sd_session_is_remote(const char *session) {
+        int r;
+        _cleanup_free_ char *p = NULL, *s = NULL;
+
+        r = file_of_session(session, &p);
+        if (r < 0)
+                return r;
+
+        r = parse_env_file(p, NEWLINE, "REMOTE", &s, NULL);
+        if (r < 0)
+                return r;
+
+        if (!s)
+                return -EIO;
+
+        return parse_boolean(s);
 }
 
 _public_ int sd_session_get_state(const char *session, char **state) {
@@ -288,16 +385,13 @@ _public_ int sd_session_get_uid(const char *session, uid_t *uid) {
                 return r;
 
         r = parse_env_file(p, NEWLINE, "UID", &s, NULL);
-
         if (r < 0)
                 return r;
 
         if (!s)
                 return -EIO;
 
-        r = parse_uid(s, uid);
-
-        return r;
+        return parse_uid(s, uid);
 }
 
 static int session_get_string(const char *session, const char *field, char **value) {
@@ -364,6 +458,14 @@ _public_ int sd_session_get_display(const char *session, char **display) {
         return session_get_string(session, "DISPLAY", display);
 }
 
+_public_ int sd_session_get_remote_user(const char *session, char **remote_user) {
+        return session_get_string(session, "REMOTE_USER", remote_user);
+}
+
+_public_ int sd_session_get_remote_host(const char *session, char **remote_host) {
+        return session_get_string(session, "REMOTE_HOST", remote_host);
+}
+
 static int file_of_seat(const char *seat, char **_p) {
         char *p;
         int r;
@@ -505,6 +607,8 @@ static int seat_get_can(const char *seat, const char *variable) {
         _cleanup_free_ char *p = NULL, *s = NULL;
         int r;
 
+        assert_return(variable, -EINVAL);
+
         r = file_of_seat(seat, &p);
         if (r < 0)
                 return r;
@@ -514,13 +618,10 @@ static int seat_get_can(const char *seat, const char *variable) {
                            NULL);
         if (r < 0)
                 return r;
+        if (!s)
+                return 0;
 
-        if (s)
-                r = parse_boolean(s);
-        else
-                r = 0;
-
-        return r;
+        return parse_boolean(s);
 }
 
 _public_ int sd_seat_can_multi_session(const char *seat) {
@@ -555,13 +656,13 @@ _public_ int sd_get_uids(uid_t **users) {
 
         for (;;) {
                 struct dirent *de;
-                union dirent_storage buf;
                 int k;
                 uid_t uid;
 
-                k = readdir_r(d, &buf.de, &de);
-                if (k != 0)
-                        return -k;
+                errno = 0;
+                de = readdir(d);
+                if (!de && errno != 0)
+                        return -errno;
 
                 if (!de)
                         break;
@@ -602,7 +703,55 @@ _public_ int sd_get_uids(uid_t **users) {
 }
 
 _public_ int sd_get_machine_names(char ***machines) {
-        return get_files_in_directory("/run/systemd/machines/", machines);
+        char **l = NULL, **a, **b;
+        int r;
+
+        assert_return(machines, -EINVAL);
+
+        r = get_files_in_directory("/run/systemd/machines/", &l);
+        if (r < 0)
+                return r;
+
+        if (l) {
+                r = 0;
+
+                /* Filter out the unit: symlinks */
+                for (a = l, b = l; *a; a++) {
+                        if (startswith(*a, "unit:"))
+                                free(*a);
+                        else {
+                                *b = *a;
+                                b++;
+                                r++;
+                        }
+                }
+
+                *b = NULL;
+        }
+
+        *machines = l;
+        return r;
+}
+
+_public_ int sd_machine_get_class(const char *machine, char **class) {
+        _cleanup_free_ char *c = NULL;
+        const char *p;
+        int r;
+
+        assert_return(filename_is_safe(machine), -EINVAL);
+        assert_return(class, -EINVAL);
+
+        p = strappenda("/run/systemd/machines/", machine);
+        r = parse_env_file(p, NEWLINE, "CLASS", &c, NULL);
+        if (r < 0)
+                return r;
+        if (!c)
+                return -EIO;
+
+        *class = c;
+        c = NULL;
+
+        return 0;
 }
 
 static inline int MONITOR_TO_FD(sd_login_monitor *m) {