1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <linux/capability.h>
26 #include "formats-util.h"
27 #include "process-util.h"
28 #include "terminal-util.h"
29 #include "capability.h"
30 #include "cgroup-util.h"
33 #include "bus-message.h"
36 #include "bus-creds.h"
37 #include "bus-label.h"
40 CAP_OFFSET_INHERITABLE = 0,
41 CAP_OFFSET_PERMITTED = 1,
42 CAP_OFFSET_EFFECTIVE = 2,
43 CAP_OFFSET_BOUNDING = 3
46 void bus_creds_done(sd_bus_creds *c) {
49 /* For internal bus cred structures that are allocated by
57 free(c->unescaped_description);
58 free(c->supplementary_gids);
61 free(c->well_known_names); /* note that this is an strv, but
62 * we only free the array, not the
63 * strings the array points to. The
64 * full strv we only free if
65 * c->allocated is set, see
68 strv_free(c->cmdline_array);
71 _public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
72 assert_return(c, NULL);
80 /* If this is an embedded creds structure, then
81 * forward ref counting to the message */
82 m = container_of(c, sd_bus_message, creds);
83 sd_bus_message_ref(m);
89 _public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) {
106 free(c->unique_name);
107 free(c->cgroup_root);
108 free(c->description);
110 free(c->supplementary_gids);
111 c->supplementary_gids = NULL;
113 strv_free(c->well_known_names);
114 c->well_known_names = NULL;
123 m = container_of(c, sd_bus_message, creds);
124 sd_bus_message_unref(m);
131 _public_ uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c) {
137 _public_ uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds *c) {
143 sd_bus_creds* bus_creds_new(void) {
146 c = new0(sd_bus_creds, 1);
155 _public_ int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t mask) {
159 assert_return(pid >= 0, -EINVAL);
160 assert_return(mask <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
161 assert_return(ret, -EINVAL);
170 r = bus_creds_add_more(c, mask | SD_BUS_CREDS_AUGMENT, pid, 0);
172 sd_bus_creds_unref(c);
176 /* Check if the process existed at all, in case we haven't
177 * figured that out already */
178 if (!pid_is_alive(pid)) {
179 sd_bus_creds_unref(c);
187 _public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
188 assert_return(c, -EINVAL);
189 assert_return(uid, -EINVAL);
191 if (!(c->mask & SD_BUS_CREDS_UID))
198 _public_ int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid) {
199 assert_return(c, -EINVAL);
200 assert_return(euid, -EINVAL);
202 if (!(c->mask & SD_BUS_CREDS_EUID))
209 _public_ int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid) {
210 assert_return(c, -EINVAL);
211 assert_return(suid, -EINVAL);
213 if (!(c->mask & SD_BUS_CREDS_SUID))
221 _public_ int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid) {
222 assert_return(c, -EINVAL);
223 assert_return(fsuid, -EINVAL);
225 if (!(c->mask & SD_BUS_CREDS_FSUID))
232 _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
233 assert_return(c, -EINVAL);
234 assert_return(gid, -EINVAL);
236 if (!(c->mask & SD_BUS_CREDS_GID))
243 _public_ int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid) {
244 assert_return(c, -EINVAL);
245 assert_return(egid, -EINVAL);
247 if (!(c->mask & SD_BUS_CREDS_EGID))
254 _public_ int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid) {
255 assert_return(c, -EINVAL);
256 assert_return(sgid, -EINVAL);
258 if (!(c->mask & SD_BUS_CREDS_SGID))
265 _public_ int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid) {
266 assert_return(c, -EINVAL);
267 assert_return(fsgid, -EINVAL);
269 if (!(c->mask & SD_BUS_CREDS_FSGID))
276 _public_ int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids) {
277 assert_return(c, -EINVAL);
278 assert_return(gids, -EINVAL);
280 if (!(c->mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS))
283 *gids = c->supplementary_gids;
284 return (int) c->n_supplementary_gids;
287 _public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
288 assert_return(c, -EINVAL);
289 assert_return(pid, -EINVAL);
291 if (!(c->mask & SD_BUS_CREDS_PID))
299 _public_ int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid) {
300 assert_return(c, -EINVAL);
301 assert_return(ppid, -EINVAL);
303 if (!(c->mask & SD_BUS_CREDS_PPID))
306 /* PID 1 has no parent process. Let's distinguish the case of
307 * not knowing and not having a parent process by the returned
316 _public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
317 assert_return(c, -EINVAL);
318 assert_return(tid, -EINVAL);
320 if (!(c->mask & SD_BUS_CREDS_TID))
328 _public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret) {
329 assert_return(c, -EINVAL);
331 if (!(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
339 _public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
340 assert_return(c, -EINVAL);
341 assert_return(ret, -EINVAL);
343 if (!(c->mask & SD_BUS_CREDS_COMM))
351 _public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
352 assert_return(c, -EINVAL);
353 assert_return(ret, -EINVAL);
355 if (!(c->mask & SD_BUS_CREDS_TID_COMM))
363 _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
364 assert_return(c, -EINVAL);
365 assert_return(ret, -EINVAL);
367 if (!(c->mask & SD_BUS_CREDS_EXE))
377 _public_ int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **ret) {
378 assert_return(c, -EINVAL);
379 assert_return(ret, -EINVAL);
381 if (!(c->mask & SD_BUS_CREDS_CGROUP))
389 _public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
390 assert_return(c, -EINVAL);
391 assert_return(ret, -EINVAL);
393 if (!(c->mask & SD_BUS_CREDS_UNIT))
405 _public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
406 assert_return(c, -EINVAL);
407 assert_return(ret, -EINVAL);
409 if (!(c->mask & SD_BUS_CREDS_USER_UNIT))
421 _public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
422 assert_return(c, -EINVAL);
423 assert_return(ret, -EINVAL);
425 if (!(c->mask & SD_BUS_CREDS_SLICE))
437 _public_ int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **ret) {
440 assert_return(c, -EINVAL);
441 assert_return(ret, -EINVAL);
443 if (!(c->mask & SD_BUS_CREDS_USER_SLICE))
448 if (!c->user_slice) {
451 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
455 r = cg_path_get_user_slice(shifted, (char**) &c->user_slice);
460 *ret = c->user_slice;
464 _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
467 assert_return(c, -EINVAL);
468 assert_return(ret, -EINVAL);
470 if (!(c->mask & SD_BUS_CREDS_SESSION))
478 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
482 r = cg_path_get_session(shifted, (char**) &c->session);
491 _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
495 assert_return(c, -EINVAL);
496 assert_return(uid, -EINVAL);
498 if (!(c->mask & SD_BUS_CREDS_OWNER_UID))
503 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
510 _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
511 assert_return(c, -EINVAL);
513 if (!(c->mask & SD_BUS_CREDS_CMDLINE))
519 if (!c->cmdline_array) {
520 c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
521 if (!c->cmdline_array)
525 *cmdline = c->cmdline_array;
529 _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid) {
530 assert_return(c, -EINVAL);
531 assert_return(sessionid, -EINVAL);
533 if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
536 if (c->audit_session_id == AUDIT_SESSION_INVALID)
539 *sessionid = c->audit_session_id;
543 _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
544 assert_return(c, -EINVAL);
545 assert_return(uid, -EINVAL);
547 if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
550 if (c->audit_login_uid == UID_INVALID)
553 *uid = c->audit_login_uid;
557 _public_ int sd_bus_creds_get_tty(sd_bus_creds *c, const char **ret) {
558 assert_return(c, -EINVAL);
559 assert_return(ret, -EINVAL);
561 if (!(c->mask & SD_BUS_CREDS_TTY))
571 _public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
572 assert_return(c, -EINVAL);
573 assert_return(unique_name, -EINVAL);
575 if (!(c->mask & SD_BUS_CREDS_UNIQUE_NAME))
578 *unique_name = c->unique_name;
582 _public_ int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***well_known_names) {
583 assert_return(c, -EINVAL);
584 assert_return(well_known_names, -EINVAL);
586 if (!(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES))
589 /* As a special hack we return the bus driver as well-known
590 * names list when this is requested. */
591 if (c->well_known_names_driver) {
592 static const char* const wkn[] = {
593 "org.freedesktop.DBus",
597 *well_known_names = (char**) wkn;
601 if (c->well_known_names_local) {
602 static const char* const wkn[] = {
603 "org.freedesktop.DBus.Local",
607 *well_known_names = (char**) wkn;
611 *well_known_names = c->well_known_names;
615 _public_ int sd_bus_creds_get_description(sd_bus_creds *c, const char **ret) {
616 assert_return(c, -EINVAL);
617 assert_return(ret, -EINVAL);
619 if (!(c->mask & SD_BUS_CREDS_DESCRIPTION))
622 assert(c->description);
624 if (!c->unescaped_description) {
625 c->unescaped_description = bus_label_unescape(c->description);
626 if (!c->unescaped_description)
630 *ret = c->unescaped_description;
634 static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
638 assert(capability >= 0);
639 assert(c->capability);
641 if ((unsigned) capability > cap_last_cap())
644 sz = DIV_ROUND_UP(cap_last_cap(), 32U);
646 return !!(c->capability[offset * sz + CAP_TO_INDEX(capability)] & CAP_TO_MASK(capability));
649 _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
650 assert_return(c, -EINVAL);
651 assert_return(capability >= 0, -EINVAL);
653 if (!(c->mask & SD_BUS_CREDS_EFFECTIVE_CAPS))
656 return has_cap(c, CAP_OFFSET_EFFECTIVE, capability);
659 _public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
660 assert_return(c, -EINVAL);
661 assert_return(capability >= 0, -EINVAL);
663 if (!(c->mask & SD_BUS_CREDS_PERMITTED_CAPS))
666 return has_cap(c, CAP_OFFSET_PERMITTED, capability);
669 _public_ int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability) {
670 assert_return(c, -EINVAL);
671 assert_return(capability >= 0, -EINVAL);
673 if (!(c->mask & SD_BUS_CREDS_INHERITABLE_CAPS))
676 return has_cap(c, CAP_OFFSET_INHERITABLE, capability);
679 _public_ int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability) {
680 assert_return(c, -EINVAL);
681 assert_return(capability >= 0, -EINVAL);
683 if (!(c->mask & SD_BUS_CREDS_BOUNDING_CAPS))
686 return has_cap(c, CAP_OFFSET_BOUNDING, capability);
689 static int parse_caps(sd_bus_creds *c, unsigned offset, const char *p) {
696 max = DIV_ROUND_UP(cap_last_cap(), 32U);
697 p += strspn(p, WHITESPACE);
707 if (!c->capability) {
708 c->capability = new0(uint32_t, max * 4);
713 for (i = 0; i < sz; i ++) {
716 for (j = 0; j < 8; ++j) {
726 c->capability[offset * max + (sz - i - 1)] = v;
732 int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
737 assert(c->allocated);
739 if (!(mask & SD_BUS_CREDS_AUGMENT))
742 /* Try to retrieve PID from creds if it wasn't passed to us */
745 c->mask |= SD_BUS_CREDS_PID;
746 } else if (c->mask & SD_BUS_CREDS_PID)
749 /* Without pid we cannot do much... */
752 /* Try to retrieve TID from creds if it wasn't passed to us */
753 if (tid <= 0 && (c->mask & SD_BUS_CREDS_TID))
756 /* Calculate what we shall and can add */
757 missing = mask & ~(c->mask|SD_BUS_CREDS_PID|SD_BUS_CREDS_TID|SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_DESCRIPTION|SD_BUS_CREDS_AUGMENT);
763 c->mask |= SD_BUS_CREDS_TID;
766 if (missing & (SD_BUS_CREDS_PPID |
767 SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_SUID | SD_BUS_CREDS_FSUID |
768 SD_BUS_CREDS_GID | SD_BUS_CREDS_EGID | SD_BUS_CREDS_SGID | SD_BUS_CREDS_FSGID |
769 SD_BUS_CREDS_SUPPLEMENTARY_GIDS |
770 SD_BUS_CREDS_EFFECTIVE_CAPS | SD_BUS_CREDS_INHERITABLE_CAPS |
771 SD_BUS_CREDS_PERMITTED_CAPS | SD_BUS_CREDS_BOUNDING_CAPS)) {
773 _cleanup_fclose_ FILE *f = NULL;
776 p = procfs_file_alloca(pid, "status");
782 else if (errno != EPERM && errno != EACCES)
787 FOREACH_LINE(line, f, return -errno) {
790 if (missing & SD_BUS_CREDS_PPID) {
791 p = startswith(line, "PPid:");
793 p += strspn(p, WHITESPACE);
795 /* Explicitly check for PPID 0 (which is the case for PID 1) */
796 if (!streq(p, "0")) {
797 r = parse_pid(p, &c->ppid);
804 c->mask |= SD_BUS_CREDS_PPID;
809 if (missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID)) {
810 p = startswith(line, "Uid:");
812 unsigned long uid, euid, suid, fsuid;
814 p += strspn(p, WHITESPACE);
815 if (sscanf(p, "%lu %lu %lu %lu", &uid, &euid, &suid, &fsuid) != 4)
818 if (missing & SD_BUS_CREDS_UID)
819 c->uid = (uid_t) uid;
820 if (missing & SD_BUS_CREDS_EUID)
821 c->euid = (uid_t) euid;
822 if (missing & SD_BUS_CREDS_SUID)
823 c->suid = (uid_t) suid;
824 if (missing & SD_BUS_CREDS_FSUID)
825 c->fsuid = (uid_t) fsuid;
827 c->mask |= missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID);
832 if (missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID)) {
833 p = startswith(line, "Gid:");
835 unsigned long gid, egid, sgid, fsgid;
837 p += strspn(p, WHITESPACE);
838 if (sscanf(p, "%lu %lu %lu %lu", &gid, &egid, &sgid, &fsgid) != 4)
841 if (missing & SD_BUS_CREDS_GID)
842 c->gid = (gid_t) gid;
843 if (missing & SD_BUS_CREDS_EGID)
844 c->egid = (gid_t) egid;
845 if (missing & SD_BUS_CREDS_SGID)
846 c->sgid = (gid_t) sgid;
847 if (missing & SD_BUS_CREDS_FSGID)
848 c->fsgid = (gid_t) fsgid;
850 c->mask |= missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID);
855 if (missing & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
856 p = startswith(line, "Groups:");
858 size_t allocated = 0;
864 p += strspn(p, WHITESPACE);
868 if (sscanf(p, "%lu%n", &g, &n) != 1)
871 if (!GREEDY_REALLOC(c->supplementary_gids, allocated, c->n_supplementary_gids+1))
874 c->supplementary_gids[c->n_supplementary_gids++] = (gid_t) g;
878 c->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
883 if (missing & SD_BUS_CREDS_EFFECTIVE_CAPS) {
884 p = startswith(line, "CapEff:");
886 r = parse_caps(c, CAP_OFFSET_EFFECTIVE, p);
890 c->mask |= SD_BUS_CREDS_EFFECTIVE_CAPS;
895 if (missing & SD_BUS_CREDS_PERMITTED_CAPS) {
896 p = startswith(line, "CapPrm:");
898 r = parse_caps(c, CAP_OFFSET_PERMITTED, p);
902 c->mask |= SD_BUS_CREDS_PERMITTED_CAPS;
907 if (missing & SD_BUS_CREDS_INHERITABLE_CAPS) {
908 p = startswith(line, "CapInh:");
910 r = parse_caps(c, CAP_OFFSET_INHERITABLE, p);
914 c->mask |= SD_BUS_CREDS_INHERITABLE_CAPS;
919 if (missing & SD_BUS_CREDS_BOUNDING_CAPS) {
920 p = startswith(line, "CapBnd:");
922 r = parse_caps(c, CAP_OFFSET_BOUNDING, p);
926 c->mask |= SD_BUS_CREDS_BOUNDING_CAPS;
934 if (missing & SD_BUS_CREDS_SELINUX_CONTEXT) {
937 p = procfs_file_alloca(pid, "attr/current");
938 r = read_one_line_file(p, &c->label);
940 if (r != -ENOENT && r != -EINVAL && r != -EPERM && r != -EACCES)
943 c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
946 if (missing & SD_BUS_CREDS_COMM) {
947 r = get_process_comm(pid, &c->comm);
949 if (r != -EPERM && r != -EACCES)
952 c->mask |= SD_BUS_CREDS_COMM;
955 if (missing & SD_BUS_CREDS_EXE) {
956 r = get_process_exe(pid, &c->exe);
958 /* Unfortunately we cannot really distinguish
959 * the case here where the process does not
960 * exist, and /proc/$PID/exe being unreadable
961 * because $PID is a kernel thread. Hence,
962 * assume it is a kernel thread, and rely on
963 * that this case is caught with a later
966 c->mask |= SD_BUS_CREDS_EXE;
968 if (r != -EPERM && r != -EACCES)
971 c->mask |= SD_BUS_CREDS_EXE;
974 if (missing & SD_BUS_CREDS_CMDLINE) {
977 p = procfs_file_alloca(pid, "cmdline");
978 r = read_full_file(p, &c->cmdline, &c->cmdline_size);
982 if (r != -EPERM && r != -EACCES)
985 if (c->cmdline_size == 0) {
990 c->mask |= SD_BUS_CREDS_CMDLINE;
994 if (tid > 0 && (missing & SD_BUS_CREDS_TID_COMM)) {
995 _cleanup_free_ char *p = NULL;
997 if (asprintf(&p, "/proc/"PID_FMT"/task/"PID_FMT"/comm", pid, tid) < 0)
1000 r = read_one_line_file(p, &c->tid_comm);
1004 if (r != -EPERM && r != -EACCES)
1007 c->mask |= SD_BUS_CREDS_TID_COMM;
1010 if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
1013 r = cg_pid_get_path(NULL, pid, &c->cgroup);
1015 if (r != -EPERM && r != -EACCES)
1020 if (!c->cgroup_root) {
1021 r = cg_get_root_path(&c->cgroup_root);
1027 c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
1030 if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
1031 r = audit_session_from_pid(pid, &c->audit_session_id);
1033 /* ENXIO means: no audit session id assigned */
1034 c->audit_session_id = AUDIT_SESSION_INVALID;
1035 c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1037 if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
1040 c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1043 if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
1044 r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
1046 /* ENXIO means: no audit login uid assigned */
1047 c->audit_login_uid = UID_INVALID;
1048 c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1050 if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
1053 c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1056 if (missing & SD_BUS_CREDS_TTY) {
1057 r = get_ctty(pid, NULL, &c->tty);
1059 /* ENXIO means: process has no controlling TTY */
1061 c->mask |= SD_BUS_CREDS_TTY;
1063 if (r != -EPERM && r != -EACCES && r != -ENOENT)
1066 c->mask |= SD_BUS_CREDS_TTY;
1069 /* In case only the exe path was to be read we cannot
1070 * distinguish the case where the exe path was unreadable
1071 * because the process was a kernel thread, or when the
1072 * process didn't exist at all. Hence, let's do a final check,
1074 if (!pid_is_alive(pid))
1077 if (tid > 0 && tid != pid && !pid_is_unwaited(tid))
1080 c->augmented = missing & c->mask;
1085 int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret) {
1086 _cleanup_bus_creds_unref_ sd_bus_creds *n = NULL;
1092 if ((mask & ~c->mask) == 0 || (!(mask & SD_BUS_CREDS_AUGMENT))) {
1093 /* There's already all data we need, or augmentation
1094 * wasn't turned on. */
1096 *ret = sd_bus_creds_ref(c);
1100 n = bus_creds_new();
1104 /* Copy the original data over */
1106 if (c->mask & mask & SD_BUS_CREDS_PID) {
1108 n->mask |= SD_BUS_CREDS_PID;
1111 if (c->mask & mask & SD_BUS_CREDS_TID) {
1113 n->mask |= SD_BUS_CREDS_TID;
1116 if (c->mask & mask & SD_BUS_CREDS_PPID) {
1118 n->mask |= SD_BUS_CREDS_PPID;
1121 if (c->mask & mask & SD_BUS_CREDS_UID) {
1123 n->mask |= SD_BUS_CREDS_UID;
1126 if (c->mask & mask & SD_BUS_CREDS_EUID) {
1128 n->mask |= SD_BUS_CREDS_EUID;
1131 if (c->mask & mask & SD_BUS_CREDS_SUID) {
1133 n->mask |= SD_BUS_CREDS_SUID;
1136 if (c->mask & mask & SD_BUS_CREDS_FSUID) {
1137 n->fsuid = c->fsuid;
1138 n->mask |= SD_BUS_CREDS_FSUID;
1141 if (c->mask & mask & SD_BUS_CREDS_GID) {
1143 n->mask |= SD_BUS_CREDS_GID;
1146 if (c->mask & mask & SD_BUS_CREDS_EGID) {
1148 n->mask |= SD_BUS_CREDS_EGID;
1151 if (c->mask & mask & SD_BUS_CREDS_SGID) {
1153 n->mask |= SD_BUS_CREDS_SGID;
1156 if (c->mask & mask & SD_BUS_CREDS_FSGID) {
1157 n->fsgid = c->fsgid;
1158 n->mask |= SD_BUS_CREDS_FSGID;
1161 if (c->mask & mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
1162 if (c->supplementary_gids) {
1163 n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
1164 if (!n->supplementary_gids)
1166 n->n_supplementary_gids = c->n_supplementary_gids;
1168 n->supplementary_gids = NULL;
1169 n->n_supplementary_gids = 0;
1172 n->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
1175 if (c->mask & mask & SD_BUS_CREDS_COMM) {
1178 n->comm = strdup(c->comm);
1182 n->mask |= SD_BUS_CREDS_COMM;
1185 if (c->mask & mask & SD_BUS_CREDS_TID_COMM) {
1186 assert(c->tid_comm);
1188 n->tid_comm = strdup(c->tid_comm);
1192 n->mask |= SD_BUS_CREDS_TID_COMM;
1195 if (c->mask & mask & SD_BUS_CREDS_EXE) {
1197 n->exe = strdup(c->exe);
1203 n->mask |= SD_BUS_CREDS_EXE;
1206 if (c->mask & mask & SD_BUS_CREDS_CMDLINE) {
1208 n->cmdline = memdup(c->cmdline, c->cmdline_size);
1212 n->cmdline_size = c->cmdline_size;
1215 n->cmdline_size = 0;
1218 n->mask |= SD_BUS_CREDS_CMDLINE;
1221 if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID)) {
1224 n->cgroup = strdup(c->cgroup);
1228 n->cgroup_root = strdup(c->cgroup_root);
1229 if (!n->cgroup_root)
1232 n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID);
1235 if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
1236 assert(c->capability);
1238 n->capability = memdup(c->capability, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
1242 n->mask |= c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS);
1245 if (c->mask & mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
1248 n->label = strdup(c->label);
1251 n->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
1254 if (c->mask & mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
1255 n->audit_session_id = c->audit_session_id;
1256 n->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1258 if (c->mask & mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
1259 n->audit_login_uid = c->audit_login_uid;
1260 n->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1263 if (c->mask & mask & SD_BUS_CREDS_TTY) {
1265 n->tty = strdup(c->tty);
1270 n->mask |= SD_BUS_CREDS_TTY;
1273 if (c->mask & mask & SD_BUS_CREDS_UNIQUE_NAME) {
1274 assert(c->unique_name);
1276 n->unique_name = strdup(c->unique_name);
1277 if (!n->unique_name)
1279 n->mask |= SD_BUS_CREDS_UNIQUE_NAME;
1282 if (c->mask & mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) {
1283 if (strv_isempty(c->well_known_names))
1284 n->well_known_names = NULL;
1286 n->well_known_names = strv_copy(c->well_known_names);
1287 if (!n->well_known_names)
1290 n->well_known_names_driver = c->well_known_names_driver;
1291 n->well_known_names_local = c->well_known_names_local;
1292 n->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
1295 if (c->mask & mask & SD_BUS_CREDS_DESCRIPTION) {
1296 assert(c->description);
1297 n->description = strdup(c->description);
1298 if (!n->description)
1300 n->mask |= SD_BUS_CREDS_DESCRIPTION;
1303 n->augmented = c->augmented & n->mask;
1307 r = bus_creds_add_more(n, mask, 0, 0);
~ianmdlvl / elogind.git / blob