1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 #include <linux/capability.h>
26 #include "formats-util.h"
27 #include "process-util.h"
28 #include "terminal-util.h"
29 #include "capability.h"
30 #include "cgroup-util.h"
33 #include "bus-message.h"
36 #include "bus-creds.h"
37 #include "bus-label.h"
40 CAP_OFFSET_INHERITABLE = 0,
41 CAP_OFFSET_PERMITTED = 1,
42 CAP_OFFSET_EFFECTIVE = 2,
43 CAP_OFFSET_BOUNDING = 3
46 void bus_creds_done(sd_bus_creds *c) {
49 /* For internal bus cred structures that are allocated by
57 free(c->unescaped_description);
58 free(c->supplementary_gids);
61 free(c->well_known_names); /* note that this is an strv, but
62 * we only free the array, not the
63 * strings the array points to. The
64 * full strv we only free if
65 * c->allocated is set, see
68 strv_free(c->cmdline_array);
71 _public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
72 assert_return(c, NULL);
80 /* If this is an embedded creds structure, then
81 * forward ref counting to the message */
82 m = container_of(c, sd_bus_message, creds);
83 sd_bus_message_ref(m);
89 _public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) {
106 free(c->unique_name);
107 free(c->cgroup_root);
108 free(c->description);
110 free(c->supplementary_gids);
111 c->supplementary_gids = NULL;
113 strv_free(c->well_known_names);
114 c->well_known_names = NULL;
123 m = container_of(c, sd_bus_message, creds);
124 sd_bus_message_unref(m);
131 _public_ uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c) {
137 _public_ uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds *c) {
143 sd_bus_creds* bus_creds_new(void) {
146 c = new0(sd_bus_creds, 1);
155 _public_ int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t mask) {
159 assert_return(pid >= 0, -EINVAL);
160 assert_return(mask <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
161 assert_return(ret, -EINVAL);
170 r = bus_creds_add_more(c, mask | SD_BUS_CREDS_AUGMENT, pid, 0);
172 sd_bus_creds_unref(c);
176 /* Check if the process existed at all, in case we haven't
177 * figured that out already */
178 if (!pid_is_alive(pid)) {
179 sd_bus_creds_unref(c);
187 _public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
188 assert_return(c, -EINVAL);
189 assert_return(uid, -EINVAL);
191 if (!(c->mask & SD_BUS_CREDS_UID))
198 _public_ int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid) {
199 assert_return(c, -EINVAL);
200 assert_return(euid, -EINVAL);
202 if (!(c->mask & SD_BUS_CREDS_EUID))
209 _public_ int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid) {
210 assert_return(c, -EINVAL);
211 assert_return(suid, -EINVAL);
213 if (!(c->mask & SD_BUS_CREDS_SUID))
221 _public_ int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid) {
222 assert_return(c, -EINVAL);
223 assert_return(fsuid, -EINVAL);
225 if (!(c->mask & SD_BUS_CREDS_FSUID))
232 _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
233 assert_return(c, -EINVAL);
234 assert_return(gid, -EINVAL);
236 if (!(c->mask & SD_BUS_CREDS_GID))
243 _public_ int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid) {
244 assert_return(c, -EINVAL);
245 assert_return(egid, -EINVAL);
247 if (!(c->mask & SD_BUS_CREDS_EGID))
254 _public_ int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid) {
255 assert_return(c, -EINVAL);
256 assert_return(sgid, -EINVAL);
258 if (!(c->mask & SD_BUS_CREDS_SGID))
265 _public_ int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid) {
266 assert_return(c, -EINVAL);
267 assert_return(fsgid, -EINVAL);
269 if (!(c->mask & SD_BUS_CREDS_FSGID))
276 _public_ int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids) {
277 assert_return(c, -EINVAL);
278 assert_return(gids, -EINVAL);
280 if (!(c->mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS))
283 *gids = c->supplementary_gids;
284 return (int) c->n_supplementary_gids;
287 _public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
288 assert_return(c, -EINVAL);
289 assert_return(pid, -EINVAL);
291 if (!(c->mask & SD_BUS_CREDS_PID))
299 _public_ int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid) {
300 assert_return(c, -EINVAL);
301 assert_return(ppid, -EINVAL);
303 if (!(c->mask & SD_BUS_CREDS_PPID))
306 /* PID 1 has no parent process. Let's distinguish the case of
307 * not knowing and not having a parent process by the returned
316 _public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
317 assert_return(c, -EINVAL);
318 assert_return(tid, -EINVAL);
320 if (!(c->mask & SD_BUS_CREDS_TID))
328 _public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret) {
329 assert_return(c, -EINVAL);
331 if (!(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
339 _public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
340 assert_return(c, -EINVAL);
341 assert_return(ret, -EINVAL);
343 if (!(c->mask & SD_BUS_CREDS_COMM))
351 _public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
352 assert_return(c, -EINVAL);
353 assert_return(ret, -EINVAL);
355 if (!(c->mask & SD_BUS_CREDS_TID_COMM))
363 _public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
364 assert_return(c, -EINVAL);
365 assert_return(ret, -EINVAL);
367 if (!(c->mask & SD_BUS_CREDS_EXE))
377 _public_ int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **ret) {
378 assert_return(c, -EINVAL);
379 assert_return(ret, -EINVAL);
381 if (!(c->mask & SD_BUS_CREDS_CGROUP))
389 _public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
392 assert_return(c, -EINVAL);
393 assert_return(ret, -EINVAL);
395 if (!(c->mask & SD_BUS_CREDS_UNIT))
403 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
407 r = cg_path_get_unit(shifted, (char**) &c->unit);
416 _public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
419 assert_return(c, -EINVAL);
420 assert_return(ret, -EINVAL);
422 if (!(c->mask & SD_BUS_CREDS_USER_UNIT))
430 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
434 r = cg_path_get_user_unit(shifted, (char**) &c->user_unit);
443 _public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
446 assert_return(c, -EINVAL);
447 assert_return(ret, -EINVAL);
449 if (!(c->mask & SD_BUS_CREDS_SLICE))
457 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
461 r = cg_path_get_slice(shifted, (char**) &c->slice);
470 _public_ int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **ret) {
473 assert_return(c, -EINVAL);
474 assert_return(ret, -EINVAL);
476 if (!(c->mask & SD_BUS_CREDS_USER_SLICE))
481 if (!c->user_slice) {
484 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
488 r = cg_path_get_user_slice(shifted, (char**) &c->user_slice);
493 *ret = c->user_slice;
497 _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
500 assert_return(c, -EINVAL);
501 assert_return(ret, -EINVAL);
503 if (!(c->mask & SD_BUS_CREDS_SESSION))
511 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
515 r = cg_path_get_session(shifted, (char**) &c->session);
524 _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
528 assert_return(c, -EINVAL);
529 assert_return(uid, -EINVAL);
531 if (!(c->mask & SD_BUS_CREDS_OWNER_UID))
536 r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
540 return cg_path_get_owner_uid(shifted, uid);
543 _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
544 assert_return(c, -EINVAL);
546 if (!(c->mask & SD_BUS_CREDS_CMDLINE))
552 if (!c->cmdline_array) {
553 c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
554 if (!c->cmdline_array)
558 *cmdline = c->cmdline_array;
562 _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid) {
563 assert_return(c, -EINVAL);
564 assert_return(sessionid, -EINVAL);
566 if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
569 if (c->audit_session_id == AUDIT_SESSION_INVALID)
572 *sessionid = c->audit_session_id;
576 _public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
577 assert_return(c, -EINVAL);
578 assert_return(uid, -EINVAL);
580 if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
583 if (c->audit_login_uid == UID_INVALID)
586 *uid = c->audit_login_uid;
590 _public_ int sd_bus_creds_get_tty(sd_bus_creds *c, const char **ret) {
591 assert_return(c, -EINVAL);
592 assert_return(ret, -EINVAL);
594 if (!(c->mask & SD_BUS_CREDS_TTY))
604 _public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
605 assert_return(c, -EINVAL);
606 assert_return(unique_name, -EINVAL);
608 if (!(c->mask & SD_BUS_CREDS_UNIQUE_NAME))
611 *unique_name = c->unique_name;
615 _public_ int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***well_known_names) {
616 assert_return(c, -EINVAL);
617 assert_return(well_known_names, -EINVAL);
619 if (!(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES))
622 /* As a special hack we return the bus driver as well-known
623 * names list when this is requested. */
624 if (c->well_known_names_driver) {
625 static const char* const wkn[] = {
626 "org.freedesktop.DBus",
630 *well_known_names = (char**) wkn;
634 if (c->well_known_names_local) {
635 static const char* const wkn[] = {
636 "org.freedesktop.DBus.Local",
640 *well_known_names = (char**) wkn;
644 *well_known_names = c->well_known_names;
648 _public_ int sd_bus_creds_get_description(sd_bus_creds *c, const char **ret) {
649 assert_return(c, -EINVAL);
650 assert_return(ret, -EINVAL);
652 if (!(c->mask & SD_BUS_CREDS_DESCRIPTION))
655 assert(c->description);
657 if (!c->unescaped_description) {
658 c->unescaped_description = bus_label_unescape(c->description);
659 if (!c->unescaped_description)
663 *ret = c->unescaped_description;
667 static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
671 assert(capability >= 0);
672 assert(c->capability);
674 if ((unsigned) capability > cap_last_cap())
677 sz = DIV_ROUND_UP(cap_last_cap(), 32U);
679 return !!(c->capability[offset * sz + CAP_TO_INDEX(capability)] & CAP_TO_MASK(capability));
682 _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
683 assert_return(c, -EINVAL);
684 assert_return(capability >= 0, -EINVAL);
686 if (!(c->mask & SD_BUS_CREDS_EFFECTIVE_CAPS))
689 return has_cap(c, CAP_OFFSET_EFFECTIVE, capability);
692 _public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
693 assert_return(c, -EINVAL);
694 assert_return(capability >= 0, -EINVAL);
696 if (!(c->mask & SD_BUS_CREDS_PERMITTED_CAPS))
699 return has_cap(c, CAP_OFFSET_PERMITTED, capability);
702 _public_ int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability) {
703 assert_return(c, -EINVAL);
704 assert_return(capability >= 0, -EINVAL);
706 if (!(c->mask & SD_BUS_CREDS_INHERITABLE_CAPS))
709 return has_cap(c, CAP_OFFSET_INHERITABLE, capability);
712 _public_ int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability) {
713 assert_return(c, -EINVAL);
714 assert_return(capability >= 0, -EINVAL);
716 if (!(c->mask & SD_BUS_CREDS_BOUNDING_CAPS))
719 return has_cap(c, CAP_OFFSET_BOUNDING, capability);
722 static int parse_caps(sd_bus_creds *c, unsigned offset, const char *p) {
729 max = DIV_ROUND_UP(cap_last_cap(), 32U);
730 p += strspn(p, WHITESPACE);
740 if (!c->capability) {
741 c->capability = new0(uint32_t, max * 4);
746 for (i = 0; i < sz; i ++) {
749 for (j = 0; j < 8; ++j) {
759 c->capability[offset * max + (sz - i - 1)] = v;
765 int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
770 assert(c->allocated);
772 if (!(mask & SD_BUS_CREDS_AUGMENT))
775 /* Try to retrieve PID from creds if it wasn't passed to us */
778 c->mask |= SD_BUS_CREDS_PID;
779 } else if (c->mask & SD_BUS_CREDS_PID)
782 /* Without pid we cannot do much... */
785 /* Try to retrieve TID from creds if it wasn't passed to us */
786 if (tid <= 0 && (c->mask & SD_BUS_CREDS_TID))
789 /* Calculate what we shall and can add */
790 missing = mask & ~(c->mask|SD_BUS_CREDS_PID|SD_BUS_CREDS_TID|SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_DESCRIPTION|SD_BUS_CREDS_AUGMENT);
796 c->mask |= SD_BUS_CREDS_TID;
799 if (missing & (SD_BUS_CREDS_PPID |
800 SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_SUID | SD_BUS_CREDS_FSUID |
801 SD_BUS_CREDS_GID | SD_BUS_CREDS_EGID | SD_BUS_CREDS_SGID | SD_BUS_CREDS_FSGID |
802 SD_BUS_CREDS_SUPPLEMENTARY_GIDS |
803 SD_BUS_CREDS_EFFECTIVE_CAPS | SD_BUS_CREDS_INHERITABLE_CAPS |
804 SD_BUS_CREDS_PERMITTED_CAPS | SD_BUS_CREDS_BOUNDING_CAPS)) {
806 _cleanup_fclose_ FILE *f = NULL;
809 p = procfs_file_alloca(pid, "status");
815 else if (errno != EPERM && errno != EACCES)
820 FOREACH_LINE(line, f, return -errno) {
823 if (missing & SD_BUS_CREDS_PPID) {
824 p = startswith(line, "PPid:");
826 p += strspn(p, WHITESPACE);
828 /* Explicitly check for PPID 0 (which is the case for PID 1) */
829 if (!streq(p, "0")) {
830 r = parse_pid(p, &c->ppid);
837 c->mask |= SD_BUS_CREDS_PPID;
842 if (missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID)) {
843 p = startswith(line, "Uid:");
845 unsigned long uid, euid, suid, fsuid;
847 p += strspn(p, WHITESPACE);
848 if (sscanf(p, "%lu %lu %lu %lu", &uid, &euid, &suid, &fsuid) != 4)
851 if (missing & SD_BUS_CREDS_UID)
852 c->uid = (uid_t) uid;
853 if (missing & SD_BUS_CREDS_EUID)
854 c->euid = (uid_t) euid;
855 if (missing & SD_BUS_CREDS_SUID)
856 c->suid = (uid_t) suid;
857 if (missing & SD_BUS_CREDS_FSUID)
858 c->fsuid = (uid_t) fsuid;
860 c->mask |= missing & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID);
865 if (missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID)) {
866 p = startswith(line, "Gid:");
868 unsigned long gid, egid, sgid, fsgid;
870 p += strspn(p, WHITESPACE);
871 if (sscanf(p, "%lu %lu %lu %lu", &gid, &egid, &sgid, &fsgid) != 4)
874 if (missing & SD_BUS_CREDS_GID)
875 c->gid = (gid_t) gid;
876 if (missing & SD_BUS_CREDS_EGID)
877 c->egid = (gid_t) egid;
878 if (missing & SD_BUS_CREDS_SGID)
879 c->sgid = (gid_t) sgid;
880 if (missing & SD_BUS_CREDS_FSGID)
881 c->fsgid = (gid_t) fsgid;
883 c->mask |= missing & (SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID);
888 if (missing & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
889 p = startswith(line, "Groups:");
891 size_t allocated = 0;
897 p += strspn(p, WHITESPACE);
901 if (sscanf(p, "%lu%n", &g, &n) != 1)
904 if (!GREEDY_REALLOC(c->supplementary_gids, allocated, c->n_supplementary_gids+1))
907 c->supplementary_gids[c->n_supplementary_gids++] = (gid_t) g;
911 c->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
916 if (missing & SD_BUS_CREDS_EFFECTIVE_CAPS) {
917 p = startswith(line, "CapEff:");
919 r = parse_caps(c, CAP_OFFSET_EFFECTIVE, p);
923 c->mask |= SD_BUS_CREDS_EFFECTIVE_CAPS;
928 if (missing & SD_BUS_CREDS_PERMITTED_CAPS) {
929 p = startswith(line, "CapPrm:");
931 r = parse_caps(c, CAP_OFFSET_PERMITTED, p);
935 c->mask |= SD_BUS_CREDS_PERMITTED_CAPS;
940 if (missing & SD_BUS_CREDS_INHERITABLE_CAPS) {
941 p = startswith(line, "CapInh:");
943 r = parse_caps(c, CAP_OFFSET_INHERITABLE, p);
947 c->mask |= SD_BUS_CREDS_INHERITABLE_CAPS;
952 if (missing & SD_BUS_CREDS_BOUNDING_CAPS) {
953 p = startswith(line, "CapBnd:");
955 r = parse_caps(c, CAP_OFFSET_BOUNDING, p);
959 c->mask |= SD_BUS_CREDS_BOUNDING_CAPS;
967 if (missing & SD_BUS_CREDS_SELINUX_CONTEXT) {
970 p = procfs_file_alloca(pid, "attr/current");
971 r = read_one_line_file(p, &c->label);
973 if (r != -ENOENT && r != -EINVAL && r != -EPERM && r != -EACCES)
976 c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
979 if (missing & SD_BUS_CREDS_COMM) {
980 r = get_process_comm(pid, &c->comm);
982 if (r != -EPERM && r != -EACCES)
985 c->mask |= SD_BUS_CREDS_COMM;
988 if (missing & SD_BUS_CREDS_EXE) {
989 r = get_process_exe(pid, &c->exe);
991 /* Unfortunately we cannot really distinguish
992 * the case here where the process does not
993 * exist, and /proc/$PID/exe being unreadable
994 * because $PID is a kernel thread. Hence,
995 * assume it is a kernel thread, and rely on
996 * that this case is caught with a later
999 c->mask |= SD_BUS_CREDS_EXE;
1001 if (r != -EPERM && r != -EACCES)
1004 c->mask |= SD_BUS_CREDS_EXE;
1007 if (missing & SD_BUS_CREDS_CMDLINE) {
1010 p = procfs_file_alloca(pid, "cmdline");
1011 r = read_full_file(p, &c->cmdline, &c->cmdline_size);
1015 if (r != -EPERM && r != -EACCES)
1018 if (c->cmdline_size == 0) {
1023 c->mask |= SD_BUS_CREDS_CMDLINE;
1027 if (tid > 0 && (missing & SD_BUS_CREDS_TID_COMM)) {
1028 _cleanup_free_ char *p = NULL;
1030 if (asprintf(&p, "/proc/"PID_FMT"/task/"PID_FMT"/comm", pid, tid) < 0)
1033 r = read_one_line_file(p, &c->tid_comm);
1037 if (r != -EPERM && r != -EACCES)
1040 c->mask |= SD_BUS_CREDS_TID_COMM;
1043 if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
1046 r = cg_pid_get_path(NULL, pid, &c->cgroup);
1048 if (r != -EPERM && r != -EACCES)
1053 if (!c->cgroup_root) {
1054 r = cg_get_root_path(&c->cgroup_root);
1060 c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
1063 if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
1064 r = audit_session_from_pid(pid, &c->audit_session_id);
1066 /* ENXIO means: no audit session id assigned */
1067 c->audit_session_id = AUDIT_SESSION_INVALID;
1068 c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1070 if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
1073 c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1076 if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
1077 r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
1079 /* ENXIO means: no audit login uid assigned */
1080 c->audit_login_uid = UID_INVALID;
1081 c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1083 if (r != -EOPNOTSUPP && r != -ENOENT && r != -EPERM && r != -EACCES)
1086 c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1089 if (missing & SD_BUS_CREDS_TTY) {
1090 r = get_ctty(pid, NULL, &c->tty);
1092 /* ENXIO means: process has no controlling TTY */
1094 c->mask |= SD_BUS_CREDS_TTY;
1096 if (r != -EPERM && r != -EACCES && r != -ENOENT)
1099 c->mask |= SD_BUS_CREDS_TTY;
1102 /* In case only the exe path was to be read we cannot
1103 * distinguish the case where the exe path was unreadable
1104 * because the process was a kernel thread, or when the
1105 * process didn't exist at all. Hence, let's do a final check,
1107 if (!pid_is_alive(pid))
1110 if (tid > 0 && tid != pid && !pid_is_unwaited(tid))
1113 c->augmented = missing & c->mask;
1118 int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret) {
1119 _cleanup_bus_creds_unref_ sd_bus_creds *n = NULL;
1125 if ((mask & ~c->mask) == 0 || (!(mask & SD_BUS_CREDS_AUGMENT))) {
1126 /* There's already all data we need, or augmentation
1127 * wasn't turned on. */
1129 *ret = sd_bus_creds_ref(c);
1133 n = bus_creds_new();
1137 /* Copy the original data over */
1139 if (c->mask & mask & SD_BUS_CREDS_PID) {
1141 n->mask |= SD_BUS_CREDS_PID;
1144 if (c->mask & mask & SD_BUS_CREDS_TID) {
1146 n->mask |= SD_BUS_CREDS_TID;
1149 if (c->mask & mask & SD_BUS_CREDS_PPID) {
1151 n->mask |= SD_BUS_CREDS_PPID;
1154 if (c->mask & mask & SD_BUS_CREDS_UID) {
1156 n->mask |= SD_BUS_CREDS_UID;
1159 if (c->mask & mask & SD_BUS_CREDS_EUID) {
1161 n->mask |= SD_BUS_CREDS_EUID;
1164 if (c->mask & mask & SD_BUS_CREDS_SUID) {
1166 n->mask |= SD_BUS_CREDS_SUID;
1169 if (c->mask & mask & SD_BUS_CREDS_FSUID) {
1170 n->fsuid = c->fsuid;
1171 n->mask |= SD_BUS_CREDS_FSUID;
1174 if (c->mask & mask & SD_BUS_CREDS_GID) {
1176 n->mask |= SD_BUS_CREDS_GID;
1179 if (c->mask & mask & SD_BUS_CREDS_EGID) {
1181 n->mask |= SD_BUS_CREDS_EGID;
1184 if (c->mask & mask & SD_BUS_CREDS_SGID) {
1186 n->mask |= SD_BUS_CREDS_SGID;
1189 if (c->mask & mask & SD_BUS_CREDS_FSGID) {
1190 n->fsgid = c->fsgid;
1191 n->mask |= SD_BUS_CREDS_FSGID;
1194 if (c->mask & mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS) {
1195 if (c->supplementary_gids) {
1196 n->supplementary_gids = newdup(gid_t, c->supplementary_gids, c->n_supplementary_gids);
1197 if (!n->supplementary_gids)
1199 n->n_supplementary_gids = c->n_supplementary_gids;
1201 n->supplementary_gids = NULL;
1202 n->n_supplementary_gids = 0;
1205 n->mask |= SD_BUS_CREDS_SUPPLEMENTARY_GIDS;
1208 if (c->mask & mask & SD_BUS_CREDS_COMM) {
1211 n->comm = strdup(c->comm);
1215 n->mask |= SD_BUS_CREDS_COMM;
1218 if (c->mask & mask & SD_BUS_CREDS_TID_COMM) {
1219 assert(c->tid_comm);
1221 n->tid_comm = strdup(c->tid_comm);
1225 n->mask |= SD_BUS_CREDS_TID_COMM;
1228 if (c->mask & mask & SD_BUS_CREDS_EXE) {
1230 n->exe = strdup(c->exe);
1236 n->mask |= SD_BUS_CREDS_EXE;
1239 if (c->mask & mask & SD_BUS_CREDS_CMDLINE) {
1241 n->cmdline = memdup(c->cmdline, c->cmdline_size);
1245 n->cmdline_size = c->cmdline_size;
1248 n->cmdline_size = 0;
1251 n->mask |= SD_BUS_CREDS_CMDLINE;
1254 if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID)) {
1257 n->cgroup = strdup(c->cgroup);
1261 n->cgroup_root = strdup(c->cgroup_root);
1262 if (!n->cgroup_root)
1265 n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_USER_SLICE|SD_BUS_CREDS_OWNER_UID);
1268 if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
1269 assert(c->capability);
1271 n->capability = memdup(c->capability, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
1275 n->mask |= c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS);
1278 if (c->mask & mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
1281 n->label = strdup(c->label);
1284 n->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
1287 if (c->mask & mask & SD_BUS_CREDS_AUDIT_SESSION_ID) {
1288 n->audit_session_id = c->audit_session_id;
1289 n->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
1291 if (c->mask & mask & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
1292 n->audit_login_uid = c->audit_login_uid;
1293 n->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
1296 if (c->mask & mask & SD_BUS_CREDS_TTY) {
1298 n->tty = strdup(c->tty);
1303 n->mask |= SD_BUS_CREDS_TTY;
1306 if (c->mask & mask & SD_BUS_CREDS_UNIQUE_NAME) {
1307 assert(c->unique_name);
1309 n->unique_name = strdup(c->unique_name);
1310 if (!n->unique_name)
1312 n->mask |= SD_BUS_CREDS_UNIQUE_NAME;
1315 if (c->mask & mask & SD_BUS_CREDS_WELL_KNOWN_NAMES) {
1316 if (strv_isempty(c->well_known_names))
1317 n->well_known_names = NULL;
1319 n->well_known_names = strv_copy(c->well_known_names);
1320 if (!n->well_known_names)
1323 n->well_known_names_driver = c->well_known_names_driver;
1324 n->well_known_names_local = c->well_known_names_local;
1325 n->mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES;
1328 if (c->mask & mask & SD_BUS_CREDS_DESCRIPTION) {
1329 assert(c->description);
1330 n->description = strdup(c->description);
1331 if (!n->description)
1333 n->mask |= SD_BUS_CREDS_DESCRIPTION;
1336 n->augmented = c->augmented & n->mask;
1340 r = bus_creds_add_more(n, mask, 0, 0);
~ianmdlvl / elogind.git / blob