-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
+/* SPDX-License-Identifier: LGPL-2.1+ */
/***
- This file is part of systemd.
-
- Copyright 2013 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-#include <stdlib.h>
#include <linux/capability.h>
+#include <stdlib.h>
-#include "util.h"
-#include "formats-util.h"
-#include "capability.h"
-#include "cgroup-util.h"
-#include "fileio.h"
-#include "audit.h"
+#include "alloc-util.h"
+#include "audit-util.h"
+#include "bus-creds.h"
+#include "bus-label.h"
#include "bus-message.h"
#include "bus-util.h"
+#include "capability-util.h"
+#include "cgroup-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "format-util.h"
+#include "hexdecoct.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "string-util.h"
#include "strv.h"
-#include "bus-creds.h"
-#include "bus-label.h"
+#include "terminal-util.h"
+#include "user-util.h"
+#include "util.h"
enum {
CAP_OFFSET_INHERITABLE = 0,
free(c->unit);
free(c->user_unit);
free(c->slice);
+ free(c->user_slice);
free(c->unescaped_description);
free(c->supplementary_gids);
+ free(c->tty);
free(c->well_known_names); /* note that this is an strv, but
* we only free the array, not the
}
_public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
- assert_return(c, NULL);
+
+ if (!c)
+ return NULL;
if (c->allocated) {
assert(c->n_ref > 0);
free(c->cgroup_root);
free(c->description);
- free(c->supplementary_gids);
- c->supplementary_gids = NULL;
+ c->supplementary_gids = mfree(c->supplementary_gids);
- strv_free(c->well_known_names);
- c->well_known_names = NULL;
+ c->well_known_names = strv_free(c->well_known_names);
bus_creds_done(c);
sd_bus_message_unref(m);
}
-
return NULL;
}
assert_return(ret, -EINVAL);
if (pid == 0)
- pid = getpid();
+ pid = getpid_cached();
c = bus_creds_new();
if (!c)
return 0;
}
-
_public_ int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid) {
assert_return(c, -EINVAL);
assert_return(fsuid, -EINVAL);
if (!(c->mask & SD_BUS_CREDS_PPID))
return -ENODATA;
+ /* PID 1 has no parent process. Let's distinguish the case of
+ * not knowing and not having a parent process by the returned
+ * error code. */
+ if (c->ppid == 0)
+ return -ENXIO;
+
*ppid = c->ppid;
return 0;
}
if (!(c->mask & SD_BUS_CREDS_EXE))
return -ENODATA;
- assert(c->exe);
+ if (!c->exe)
+ return -ENXIO;
+
*ret = c->exe;
return 0;
}
return 0;
}
+#if 0 /// UNNEEDED by elogind
_public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
+ int r;
+
assert_return(c, -EINVAL);
assert_return(ret, -EINVAL);
assert(c->cgroup);
- if (!c->unit)
- return -ESRCH;
+ if (!c->unit) {
+ const char *shifted;
+
+ r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
+ if (r < 0)
+ return r;
+
+ r = cg_path_get_unit(shifted, (char**) &c->unit);
+ if (r < 0)
+ return r;
+ }
*ret = c->unit;
return 0;
}
_public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
+ int r;
+
assert_return(c, -EINVAL);
assert_return(ret, -EINVAL);
assert(c->cgroup);
- if (!c->user_unit)
- return -ESRCH;
+ if (!c->user_unit) {
+ const char *shifted;
+
+ r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
+ if (r < 0)
+ return r;
+
+ r = cg_path_get_user_unit(shifted, (char**) &c->user_unit);
+ if (r < 0)
+ return r;
+ }
*ret = c->user_unit;
return 0;
}
+#endif // 0
_public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
+ int r;
+
assert_return(c, -EINVAL);
assert_return(ret, -EINVAL);
assert(c->cgroup);
- if (!c->slice)
- return -ESRCH;
+ if (!c->slice) {
+ const char *shifted;
+
+ r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
+ if (r < 0)
+ return r;
+
+ r = cg_path_get_slice(shifted, (char**) &c->slice);
+ if (r < 0)
+ return r;
+ }
*ret = c->slice;
return 0;
}
+_public_ int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **ret) {
+ int r;
+
+ assert_return(c, -EINVAL);
+ assert_return(ret, -EINVAL);
+
+ if (!(c->mask & SD_BUS_CREDS_USER_SLICE))
+ return -ENODATA;
+
+ assert(c->cgroup);
+
+ if (!c->user_slice) {
+ const char *shifted;
+
+ r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
+ if (r < 0)
+ return r;
+
+ r = cg_path_get_user_slice(shifted, (char**) &c->user_slice);
+ if (r < 0)
+ return r;
+ }
+
+ *ret = c->user_slice;
+ return 0;
+}
+
_public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
int r;
if (!c->session) {
const char *shifted;
+ log_debug_elogind("Shifting cgroup \"%s\", root \"%s\"",
+ c->cgroup, c->cgroup_root ? c->cgroup_root : "NULL");
r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
if (r < 0)
return r;
+ log_debug_elogind("Shifted: \"%s\"", shifted);
r = cg_path_get_session(shifted, (char**) &c->session);
if (r < 0)
return r;
assert(c->cgroup);
r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
+ log_debug_elogind("Shifted to %s from %s/%s for c->uid %u (result %d)",
+ shifted, c->cgroup_root, c->cgroup, c->uid, r);
if (r < 0)
return r;
- return -ESRCH;
+ return cg_path_get_owner_uid(shifted, uid);
}
_public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
if (!(c->mask & SD_BUS_CREDS_CMDLINE))
return -ENODATA;
- assert_return(c->cmdline, -ESRCH);
- assert(c->cmdline);
+ if (!c->cmdline)
+ return -ENXIO;
if (!c->cmdline_array) {
c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
return -ENODATA;
+ if (!audit_session_is_valid(c->audit_session_id))
+ return -ENXIO;
+
*sessionid = c->audit_session_id;
return 0;
}
if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
return -ENODATA;
+ if (!uid_is_valid(c->audit_login_uid))
+ return -ENXIO;
+
*uid = c->audit_login_uid;
return 0;
}
+_public_ int sd_bus_creds_get_tty(sd_bus_creds *c, const char **ret) {
+ assert_return(c, -EINVAL);
+ assert_return(ret, -EINVAL);
+
+ if (!(c->mask & SD_BUS_CREDS_TTY))
+ return -ENODATA;
+
+ if (!c->tty)
+ return -ENXIO;
+
+ *ret = c->tty;
+ return 0;
+}
+
_public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
assert_return(c, -EINVAL);
assert_return(unique_name, -EINVAL);
return 0;
/* Try to retrieve PID from creds if it wasn't passed to us */
- if (pid <= 0 && (c->mask & SD_BUS_CREDS_PID))
+ if (pid > 0) {
+ c->pid = pid;
+ c->mask |= SD_BUS_CREDS_PID;
+ } else if (c->mask & SD_BUS_CREDS_PID)
pid = c->pid;
-
- /* Without pid we cannot do much... */
- if (pid <= 0)
+ else
+ /* Without pid we cannot do much... */
return 0;
/* Try to retrieve TID from creds if it wasn't passed to us */
if (missing == 0)
return 0;
- c->pid = pid;
- c->mask |= SD_BUS_CREDS_PID;
-
if (tid > 0) {
c->tid = tid;
c->mask |= SD_BUS_CREDS_TID;
if (!f) {
if (errno == ENOENT)
return -ESRCH;
- else if (errno != EPERM && errno != EACCES)
+ else if (!IN_SET(errno, EPERM, EACCES))
return -errno;
} else {
char line[LINE_MAX];
if (p) {
p += strspn(p, WHITESPACE);
- r = parse_pid(p, &c->ppid);
- if (r < 0)
- return r;
+ /* Explicitly check for PPID 0 (which is the case for PID 1) */
+ if (!streq(p, "0")) {
+ r = parse_pid(p, &c->ppid);
+ if (r < 0)
+ return r;
+
+ } else
+ c->ppid = 0;
c->mask |= SD_BUS_CREDS_PPID;
continue;
p = procfs_file_alloca(pid, "attr/current");
r = read_one_line_file(p, &c->label);
if (r < 0) {
- if (r != -ENOENT && r != -EINVAL && r != -EPERM && r != -EACCES)
+ if (!IN_SET(r, -ENOENT, -EINVAL, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
if (missing & SD_BUS_CREDS_COMM) {
r = get_process_comm(pid, &c->comm);
if (r < 0) {
- if (r != -EPERM && r != -EACCES)
+ if (!IN_SET(r, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_COMM;
if (missing & SD_BUS_CREDS_EXE) {
r = get_process_exe(pid, &c->exe);
- if (r < 0) {
- if (r != -EPERM && r != -EACCES)
+ if (r == -ESRCH) {
+ /* Unfortunately we cannot really distinguish
+ * the case here where the process does not
+ * exist, and /proc/$PID/exe being unreadable
+ * because $PID is a kernel thread. Hence,
+ * assume it is a kernel thread, and rely on
+ * that this case is caught with a later
+ * call. */
+ c->exe = NULL;
+ c->mask |= SD_BUS_CREDS_EXE;
+ } else if (r < 0) {
+ if (!IN_SET(r, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_EXE;
p = procfs_file_alloca(pid, "cmdline");
r = read_full_file(p, &c->cmdline, &c->cmdline_size);
+ if (r == -ENOENT)
+ return -ESRCH;
if (r < 0) {
- if (r == -ENOENT)
- return -ESRCH;
- if (r != -EPERM && r != -EACCES)
+ if (!IN_SET(r, -EPERM, -EACCES))
return r;
} else {
- if (c->cmdline_size == 0) {
- free(c->cmdline);
- c->cmdline = NULL;
- } else
- c->mask |= SD_BUS_CREDS_CMDLINE;
+ if (c->cmdline_size == 0)
+ c->cmdline = mfree(c->cmdline);
+
+ c->mask |= SD_BUS_CREDS_CMDLINE;
}
}
return -ENOMEM;
r = read_one_line_file(p, &c->tid_comm);
+ if (r == -ENOENT)
+ return -ESRCH;
if (r < 0) {
- if (r == -ENOENT)
- return -ESRCH;
- if (r != -EPERM && r != -EACCES)
+ if (!IN_SET(r, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_TID_COMM;
}
- if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
+ if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
if (!c->cgroup) {
r = cg_pid_get_path(NULL, pid, &c->cgroup);
if (r < 0) {
- if (r != -EPERM && r != -EACCES)
+ if (!IN_SET(r, -EPERM, -EACCES))
return r;
}
}
}
if (c->cgroup)
- c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
+ c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
}
if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
r = audit_session_from_pid(pid, &c->audit_session_id);
- if (r < 0) {
- if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+ if (r == -ENODATA) {
+ /* ENODATA means: no audit session id assigned */
+ c->audit_session_id = AUDIT_SESSION_INVALID;
+ c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
+ } else if (r < 0) {
+ if (!IN_SET(r, -EOPNOTSUPP, -ENOENT, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
- if (r < 0) {
- if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+ if (r == -ENODATA) {
+ /* ENODATA means: no audit login uid assigned */
+ c->audit_login_uid = UID_INVALID;
+ c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
+ } else if (r < 0) {
+ if (!IN_SET(r, -EOPNOTSUPP, -ENOENT, -EPERM, -EACCES))
return r;
} else
c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
}
+ if (missing & SD_BUS_CREDS_TTY) {
+ r = get_ctty(pid, NULL, &c->tty);
+ if (r == -ENXIO) {
+ /* ENXIO means: process has no controlling TTY */
+ c->tty = NULL;
+ c->mask |= SD_BUS_CREDS_TTY;
+ } else if (r < 0) {
+ if (!IN_SET(r, -EPERM, -EACCES, -ENOENT))
+ return r;
+ } else
+ c->mask |= SD_BUS_CREDS_TTY;
+ }
+
+ /* In case only the exe path was to be read we cannot
+ * distinguish the case where the exe path was unreadable
+ * because the process was a kernel thread, or when the
+ * process didn't exist at all. Hence, let's do a final check,
+ * to be sure. */
+ if (!pid_is_alive(pid))
+ return -ESRCH;
+
+ if (tid > 0 && tid != pid && !pid_is_unwaited(tid))
+ return -ESRCH;
+
c->augmented = missing & c->mask;
return 0;
}
int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret) {
- _cleanup_bus_creds_unref_ sd_bus_creds *n = NULL;
+ _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *n = NULL;
int r;
assert(c);
}
if (c->mask & mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
- n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
- if (!n->supplementary_gids)
- return -ENOMEM;
- n->n_supplementary_gids = c->n_supplementary_gids;
+ if (c->supplementary_gids) {
+ n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
+ if (!n->supplementary_gids)
+ return -ENOMEM;
+ n->n_supplementary_gids = c->n_supplementary_gids;
+ } else {
+ n->supplementary_gids = NULL;
+ n->n_supplementary_gids = 0;
+ }
+
n->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
}
if (c->mask & mask & SD_BUS_CREDS_COMM) {
+ assert(c->comm);
+
n->comm = strdup(c->comm);
if (!n->comm)
return -ENOMEM;
}
if (c->mask & mask & SD_BUS_CREDS_TID_COMM) {
+ assert(c->tid_comm);
+
n->tid_comm = strdup(c->tid_comm);
if (!n->tid_comm)
return -ENOMEM;
}
if (c->mask & mask & SD_BUS_CREDS_EXE) {
- n->exe = strdup(c->exe);
- if (!n->exe)
- return -ENOMEM;
+ if (c->exe) {
+ n->exe = strdup(c->exe);
+ if (!n->exe)
+ return -ENOMEM;
+ } else
+ n->exe = NULL;
n->mask |= SD_BUS_CREDS_EXE;
}
if (c->mask & mask & SD_BUS_CREDS_CMDLINE) {
- n->cmdline = memdup(c->cmdline, c->cmdline_size);
- if (!n->cmdline)
- return -ENOMEM;
+ if (c->cmdline) {
+ n->cmdline = memdup(c->cmdline, c->cmdline_size);
+ if (!n->cmdline)
+ return -ENOMEM;
+
+ n->cmdline_size = c->cmdline_size;
+ } else {
+ n->cmdline = NULL;
+ n->cmdline_size = 0;
+ }
- n->cmdline_size = c->cmdline_size;
n->mask |= SD_BUS_CREDS_CMDLINE;
}
- if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID)) {
+ if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID)) {
+ assert(c->cgroup);
+
n->cgroup = strdup(c->cgroup);
if (!n->cgroup)
return -ENOMEM;
if (!n->cgroup_root)
return -ENOMEM;
- n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID);
+ n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID);
}
if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
+ assert(c->capability);
+
n->capability = memdup(c->capability, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
if (!n->capability)
return -ENOMEM;
}
if (c->mask & mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
+ assert(c->label);
+
n->label = strdup(c->label);
if (!n->label)
return -ENOMEM;
n->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
}
+ if (c->mask & mask & SD_BUS_CREDS_TTY) {
+ if (c->tty) {
+ n->tty = strdup(c->tty);
+ if (!n->tty)
+ return -ENOMEM;
+ } else
+ n->tty = NULL;
+ n->mask |= SD_BUS_CREDS_TTY;
+ }
+
if (c->mask & mask & SD_BUS_CREDS_UNIQUE_NAME) {
+ assert(c->unique_name);
+
n->unique_name = strdup(c->unique_name);
if (!n->unique_name)
return -ENOMEM;
}
if (c->mask & mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) {
- n->well_known_names = strv_copy(c->well_known_names);
- if (!n->well_known_names)
- return -ENOMEM;
+ if (strv_isempty(c->well_known_names))
+ n->well_known_names = NULL;
+ else {
+ n->well_known_names = strv_copy(c->well_known_names);
+ if (!n->well_known_names)
+ return -ENOMEM;
+ }
n->well_known_names_driver = c->well_known_names_driver;
n->well_known_names_local = c->well_known_names_local;
n->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
}
if (c->mask & mask & SD_BUS_CREDS_DESCRIPTION) {
+ assert(c->description);
n->description = strdup(c->description);
if (!n->description)
return -ENOMEM;
if (r < 0)
return r;
- *ret = n;
- n = NULL;
+ *ret = TAKE_PTR(n);
+
return 0;
}
~ianmdlvl / elogind.git / blobdiff