Fix: relayd: erroneous rundir permission logging message
[lttng-tools.git] / src / common / runas.cpp
1 /*
2 * Copyright (C) 2011 David Goulet <david.goulet@polymtl.ca>
3 * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
4 * Copyright (C) 2019 Jérémie Galarneau <jeremie.galarneau@efficios.com>
5 *
6 * SPDX-License-Identifier: GPL-2.0-only
7 *
8 */
9
10 #define _LGPL_SOURCE
11 #include <fcntl.h>
12 #include <grp.h>
13 #include <limits.h>
14 #include <pwd.h>
15 #include <sched.h>
16 #include <signal.h>
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <sys/stat.h>
21 #include <sys/types.h>
22 #include <sys/wait.h>
23 #include <unistd.h>
24
25 #include <common/bytecode/bytecode.h>
26 #include <common/lttng-kernel.h>
27 #include <common/common.h>
28 #include <common/utils.h>
29 #include <common/compat/errno.h>
30 #include <common/compat/getenv.h>
31 #include <common/compat/string.h>
32 #include <common/unix.h>
33 #include <common/defaults.h>
34 #include <common/lttng-elf.h>
35 #include <common/thread.h>
36
37 #include <lttng/constant.h>
38
39 #include <common/sessiond-comm/sessiond-comm.h>
40 #include <common/filter/filter-ast.h>
41
42 #include "runas.h"
43
44 #define GETPW_BUFFER_FALLBACK_SIZE 4096
45
46 struct run_as_data;
47 struct run_as_ret;
48 typedef int (*run_as_fct)(struct run_as_data *data, struct run_as_ret *ret_value);
49
50 enum run_as_cmd {
51 RUN_AS_MKDIR,
52 RUN_AS_MKDIRAT,
53 RUN_AS_MKDIR_RECURSIVE,
54 RUN_AS_MKDIRAT_RECURSIVE,
55 RUN_AS_OPEN,
56 RUN_AS_OPENAT,
57 RUN_AS_UNLINK,
58 RUN_AS_UNLINKAT,
59 RUN_AS_RMDIR,
60 RUN_AS_RMDIRAT,
61 RUN_AS_RMDIR_RECURSIVE,
62 RUN_AS_RMDIRAT_RECURSIVE,
63 RUN_AS_RENAME,
64 RUN_AS_RENAMEAT,
65 RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET,
66 RUN_AS_EXTRACT_SDT_PROBE_OFFSETS,
67 RUN_AS_GENERATE_FILTER_BYTECODE,
68 };
69
70 struct run_as_mkdir_data {
71 int dirfd;
72 char path[LTTNG_PATH_MAX];
73 mode_t mode;
74 } LTTNG_PACKED;
75
76 struct run_as_open_data {
77 int dirfd;
78 char path[LTTNG_PATH_MAX];
79 int flags;
80 mode_t mode;
81 } LTTNG_PACKED;
82
83 struct run_as_unlink_data {
84 int dirfd;
85 char path[LTTNG_PATH_MAX];
86 } LTTNG_PACKED;
87
88 struct run_as_rmdir_data {
89 int dirfd;
90 char path[LTTNG_PATH_MAX];
91 int flags; /* enum lttng_directory_handle_rmdir_recursive_flags. */
92 } LTTNG_PACKED;
93
94 struct run_as_extract_elf_symbol_offset_data {
95 int fd;
96 char function[LTTNG_SYMBOL_NAME_LEN];
97 } LTTNG_PACKED;
98
99 struct run_as_extract_sdt_probe_offsets_data {
100 int fd;
101 char probe_name[LTTNG_SYMBOL_NAME_LEN];
102 char provider_name[LTTNG_SYMBOL_NAME_LEN];
103 } LTTNG_PACKED;
104
105 struct run_as_generate_filter_bytecode_data {
106 char filter_expression[LTTNG_FILTER_MAX_LEN];
107 } LTTNG_PACKED;
108
109 struct run_as_rename_data {
110 /*
111 * [0] = old_dirfd
112 * [1] = new_dirfd
113 */
114 int dirfds[2];
115 char old_path[LTTNG_PATH_MAX];
116 char new_path[LTTNG_PATH_MAX];
117 } LTTNG_PACKED;
118
119 struct run_as_open_ret {
120 int fd;
121 } LTTNG_PACKED;
122
123 struct run_as_extract_elf_symbol_offset_ret {
124 uint64_t offset;
125 } LTTNG_PACKED;
126
127 struct run_as_extract_sdt_probe_offsets_ret {
128 uint32_t num_offset;
129 uint64_t offsets[LTTNG_KERNEL_ABI_MAX_UPROBE_NUM];
130 } LTTNG_PACKED;
131
132 struct run_as_generate_filter_bytecode_ret {
133 /* A lttng_bytecode_filter struct with 'dynamic' payload. */
134 char bytecode[LTTNG_FILTER_MAX_LEN];
135 } LTTNG_PACKED;
136
137 struct run_as_data {
138 enum run_as_cmd cmd;
139 union {
140 struct run_as_mkdir_data mkdir;
141 struct run_as_open_data open;
142 struct run_as_unlink_data unlink;
143 struct run_as_rmdir_data rmdir;
144 struct run_as_rename_data rename;
145 struct run_as_extract_elf_symbol_offset_data extract_elf_symbol_offset;
146 struct run_as_extract_sdt_probe_offsets_data extract_sdt_probe_offsets;
147 struct run_as_generate_filter_bytecode_data generate_filter_bytecode;
148 } u;
149 uid_t uid;
150 gid_t gid;
151 } LTTNG_PACKED;
152
153 /*
154 * The run_as_ret structure holds the returned value and status of the command.
155 *
156 * The `u` union field holds the return value of the command; in most cases it
157 * represents the success or the failure of the command. In more complex
158 * commands, it holds a computed value.
159 *
160 * The _errno field is the errno recorded after the execution of the command.
161 *
162 * The _error fields is used the signify that return status of the command. For
163 * simple commands returning `int` the _error field will be the same as the
164 * ret_int field. In complex commands, it signify the success or failure of the
165 * command.
166 *
167 */
168 struct run_as_ret {
169 union {
170 int ret;
171 struct run_as_open_ret open;
172 struct run_as_extract_elf_symbol_offset_ret extract_elf_symbol_offset;
173 struct run_as_extract_sdt_probe_offsets_ret extract_sdt_probe_offsets;
174 struct run_as_generate_filter_bytecode_ret generate_filter_bytecode;
175 } u;
176 int _errno;
177 bool _error;
178 } LTTNG_PACKED;
179
180 #define COMMAND_IN_FDS(data_ptr) ({ \
181 int *fds = NULL; \
182 if (command_properties[data_ptr->cmd].in_fds_offset != -1) { \
183 fds = (int *) ((char *) data_ptr + command_properties[data_ptr->cmd].in_fds_offset); \
184 } \
185 fds; \
186 })
187
188 #define COMMAND_OUT_FDS(cmd, ret_ptr) ({ \
189 int *fds = NULL; \
190 if (command_properties[cmd].out_fds_offset != -1) { \
191 fds = (int *) ((char *) ret_ptr + command_properties[cmd].out_fds_offset); \
192 } \
193 fds; \
194 })
195
196 #define COMMAND_IN_FD_COUNT(data_ptr) ({ \
197 command_properties[data_ptr->cmd].in_fd_count; \
198 })
199
200 #define COMMAND_OUT_FD_COUNT(cmd) ({ \
201 command_properties[cmd].out_fd_count; \
202 })
203
204 #define COMMAND_USE_CWD_FD(data_ptr) command_properties[data_ptr->cmd].use_cwd_fd
205
206 struct run_as_command_properties {
207 /* Set to -1 when not applicable. */
208 ptrdiff_t in_fds_offset, out_fds_offset;
209 unsigned int in_fd_count, out_fd_count;
210 bool use_cwd_fd;
211 };
212
213 static const struct run_as_command_properties command_properties[] = {
214 {
215 .in_fds_offset = offsetof(struct run_as_data, u.mkdir.dirfd),
216 .out_fds_offset = -1,
217 .in_fd_count = 1,
218 .out_fd_count = 0,
219 .use_cwd_fd = true,
220 },
221 {
222 .in_fds_offset = offsetof(struct run_as_data, u.mkdir.dirfd),
223 .out_fds_offset = -1,
224 .in_fd_count = 1,
225 .out_fd_count = 0,
226 .use_cwd_fd = false,
227 },
228 {
229 .in_fds_offset = offsetof(struct run_as_data, u.mkdir.dirfd),
230 .out_fds_offset = -1,
231 .in_fd_count = 1,
232 .out_fd_count = 0,
233 .use_cwd_fd = true,
234 },
235 {
236 .in_fds_offset = offsetof(struct run_as_data, u.mkdir.dirfd),
237 .out_fds_offset = -1,
238 .in_fd_count = 1,
239 .out_fd_count = 0,
240 .use_cwd_fd = false,
241 },
242 {
243 .in_fds_offset = offsetof(struct run_as_data, u.open.dirfd),
244 .out_fds_offset = offsetof(struct run_as_ret, u.open.fd),
245 .in_fd_count = 1,
246 .out_fd_count = 1,
247 .use_cwd_fd = true,
248 },
249 {
250 .in_fds_offset = offsetof(struct run_as_data, u.open.dirfd),
251 .out_fds_offset = offsetof(struct run_as_ret, u.open.fd),
252 .in_fd_count = 1,
253 .out_fd_count = 1,
254 .use_cwd_fd = false,
255 },
256 {
257 .in_fds_offset = offsetof(struct run_as_data, u.unlink.dirfd),
258 .out_fds_offset = -1,
259 .in_fd_count = 1,
260 .out_fd_count = 0,
261 .use_cwd_fd = true,
262 },
263 {
264 .in_fds_offset = offsetof(struct run_as_data, u.unlink.dirfd),
265 .out_fds_offset = -1,
266 .in_fd_count = 1,
267 .out_fd_count = 0,
268 .use_cwd_fd = false,
269 },
270 {
271 .in_fds_offset = offsetof(struct run_as_data, u.rmdir.dirfd),
272 .out_fds_offset = -1,
273 .in_fd_count = 1,
274 .out_fd_count = 0,
275 .use_cwd_fd = true,
276 },
277 {
278 .in_fds_offset = offsetof(struct run_as_data, u.rmdir.dirfd),
279 .out_fds_offset = -1,
280 .in_fd_count = 1,
281 .out_fd_count = 0,
282 .use_cwd_fd = false,
283 },
284 {
285 .in_fds_offset = offsetof(struct run_as_data, u.rmdir.dirfd),
286 .out_fds_offset = -1,
287 .in_fd_count = 1,
288 .out_fd_count = 0,
289 .use_cwd_fd = true,
290 },
291 {
292 .in_fds_offset = offsetof(struct run_as_data, u.rmdir.dirfd),
293 .out_fds_offset = -1,
294 .in_fd_count = 1,
295 .out_fd_count = 0,
296 .use_cwd_fd = false,
297 },
298 {
299 .in_fds_offset = offsetof(struct run_as_data, u.rename.dirfds),
300 .out_fds_offset = -1,
301 .in_fd_count = 2,
302 .out_fd_count = 0,
303 .use_cwd_fd = true,
304 },
305 {
306 .in_fds_offset = offsetof(struct run_as_data, u.rename.dirfds),
307 .out_fds_offset = -1,
308 .in_fd_count = 2,
309 .out_fd_count = 0,
310 .use_cwd_fd = false,
311 },
312 {
313 .in_fds_offset = offsetof(struct run_as_data,
314 u.extract_elf_symbol_offset.fd),
315 .out_fds_offset = -1,
316 .in_fd_count = 1,
317 .out_fd_count = 0,
318 .use_cwd_fd = false,
319 },
320 {
321 .in_fds_offset = offsetof(struct run_as_data,
322 u.extract_sdt_probe_offsets.fd),
323 .out_fds_offset = -1,
324 .in_fd_count = 1,
325 .out_fd_count = 0,
326 .use_cwd_fd = false,
327 },
328 {
329 .in_fds_offset = -1,
330 .out_fds_offset = -1,
331 .in_fd_count = 0,
332 .out_fd_count = 0,
333 .use_cwd_fd = false,
334 },
335 };
336
337 struct run_as_worker_data {
338 pid_t pid; /* Worker PID. */
339 int sockpair[2];
340 char *procname;
341 };
342
343 /* Single global worker per process (for now). */
344 static run_as_worker_data *global_worker;
345 /* Lock protecting the worker. */
346 static pthread_mutex_t worker_lock = PTHREAD_MUTEX_INITIALIZER;
347
348 #ifdef VALGRIND
349 static
350 int use_clone(void)
351 {
352 return 0;
353 }
354 #else
355 static
356 int use_clone(void)
357 {
358 return !lttng_secure_getenv("LTTNG_DEBUG_NOCLONE");
359 }
360 #endif
361
362 /*
363 * Create recursively directory using the FULL path.
364 */
365 static
366 int _mkdirat_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
367 {
368 const char *path;
369 mode_t mode;
370 struct lttng_directory_handle *handle;
371
372 path = data->u.mkdir.path;
373 mode = data->u.mkdir.mode;
374
375 handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
376 if (!handle) {
377 ret_value->_errno = errno;
378 ret_value->_error = true;
379 ret_value->u.ret = -1;
380 goto end;
381 }
382 /* Ownership of dirfd is transferred to the handle. */
383 data->u.mkdir.dirfd = -1;
384 /* Safe to call as we have transitioned to the requested uid/gid. */
385 ret_value->u.ret = lttng_directory_handle_create_subdirectory_recursive(
386 handle, path, mode);
387 ret_value->_errno = errno;
388 ret_value->_error = (ret_value->u.ret) ? true : false;
389 lttng_directory_handle_put(handle);
390 end:
391 return ret_value->u.ret;
392 }
393
394 static
395 int _mkdirat(struct run_as_data *data, struct run_as_ret *ret_value)
396 {
397 const char *path;
398 mode_t mode;
399 struct lttng_directory_handle *handle;
400
401 path = data->u.mkdir.path;
402 mode = data->u.mkdir.mode;
403
404 handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
405 if (!handle) {
406 ret_value->u.ret = -1;
407 ret_value->_errno = errno;
408 ret_value->_error = true;
409 goto end;
410 }
411 /* Ownership of dirfd is transferred to the handle. */
412 data->u.mkdir.dirfd = -1;
413 /* Safe to call as we have transitioned to the requested uid/gid. */
414 ret_value->u.ret = lttng_directory_handle_create_subdirectory(
415 handle, path, mode);
416 ret_value->_errno = errno;
417 ret_value->_error = (ret_value->u.ret) ? true : false;
418 lttng_directory_handle_put(handle);
419 end:
420 return ret_value->u.ret;
421 }
422
423 static
424 int _open(struct run_as_data *data, struct run_as_ret *ret_value)
425 {
426 int fd;
427 struct lttng_directory_handle *handle;
428
429 handle = lttng_directory_handle_create_from_dirfd(data->u.open.dirfd);
430 if (!handle) {
431 ret_value->_errno = errno;
432 ret_value->_error = true;
433 ret_value->u.ret = -1;
434 goto end;
435 }
436 /* Ownership of dirfd is transferred to the handle. */
437 data->u.open.dirfd = -1;
438
439 fd = lttng_directory_handle_open_file(handle,
440 data->u.open.path, data->u.open.flags,
441 data->u.open.mode);
442 if (fd < 0) {
443 ret_value->u.ret = -1;
444 ret_value->u.open.fd = -1;
445 } else {
446 ret_value->u.ret = 0;
447 ret_value->u.open.fd = fd;
448 }
449
450 ret_value->_errno = errno;
451 ret_value->_error = fd < 0;
452 lttng_directory_handle_put(handle);
453 end:
454 return ret_value->u.ret;
455 }
456
457 static
458 int _unlink(struct run_as_data *data, struct run_as_ret *ret_value)
459 {
460 struct lttng_directory_handle *handle;
461
462 handle = lttng_directory_handle_create_from_dirfd(data->u.unlink.dirfd);
463 if (!handle) {
464 ret_value->u.ret = -1;
465 ret_value->_errno = errno;
466 ret_value->_error = true;
467 goto end;
468 }
469
470 /* Ownership of dirfd is transferred to the handle. */
471 data->u.unlink.dirfd = -1;
472
473 ret_value->u.ret = lttng_directory_handle_unlink_file(handle,
474 data->u.unlink.path);
475 ret_value->_errno = errno;
476 ret_value->_error = (ret_value->u.ret) ? true : false;
477 lttng_directory_handle_put(handle);
478 end:
479 return ret_value->u.ret;
480 }
481
482 static
483 int _rmdir(struct run_as_data *data, struct run_as_ret *ret_value)
484 {
485 struct lttng_directory_handle *handle;
486
487 handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
488 if (!handle) {
489 ret_value->u.ret = -1;
490 ret_value->_errno = errno;
491 ret_value->_error = true;
492 goto end;
493 }
494
495 /* Ownership of dirfd is transferred to the handle. */
496 data->u.rmdir.dirfd = -1;
497
498 ret_value->u.ret = lttng_directory_handle_remove_subdirectory(
499 handle, data->u.rmdir.path);
500 ret_value->_errno = errno;
501 ret_value->_error = (ret_value->u.ret) ? true : false;
502 lttng_directory_handle_put(handle);
503 end:
504 return ret_value->u.ret;
505 }
506
507 static
508 int _rmdir_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
509 {
510 struct lttng_directory_handle *handle;
511
512 handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
513 if (!handle) {
514 ret_value->u.ret = -1;
515 ret_value->_errno = errno;
516 ret_value->_error = true;
517 goto end;
518 }
519
520 /* Ownership of dirfd is transferred to the handle. */
521 data->u.rmdir.dirfd = -1;
522
523 ret_value->u.ret = lttng_directory_handle_remove_subdirectory_recursive(
524 handle, data->u.rmdir.path, data->u.rmdir.flags);
525 ret_value->_errno = errno;
526 ret_value->_error = (ret_value->u.ret) ? true : false;
527 lttng_directory_handle_put(handle);
528 end:
529 return ret_value->u.ret;
530 }
531
532 static
533 int _rename(struct run_as_data *data, struct run_as_ret *ret_value)
534 {
535 const char *old_path, *new_path;
536 struct lttng_directory_handle *old_handle = NULL, *new_handle = NULL;
537
538 old_path = data->u.rename.old_path;
539 new_path = data->u.rename.new_path;
540
541 old_handle = lttng_directory_handle_create_from_dirfd(
542 data->u.rename.dirfds[0]);
543 if (!old_handle) {
544 ret_value->u.ret = -1;
545 goto end;
546 }
547 new_handle = lttng_directory_handle_create_from_dirfd(
548 data->u.rename.dirfds[1]);
549 if (!new_handle) {
550 ret_value->u.ret = -1;
551 goto end;
552 }
553
554 /* Ownership of dirfds are transferred to the handles. */
555 data->u.rename.dirfds[0] = data->u.rename.dirfds[1] = -1;
556
557 /* Safe to call as we have transitioned to the requested uid/gid. */
558 ret_value->u.ret = lttng_directory_handle_rename(
559 old_handle, old_path, new_handle, new_path);
560 end:
561 lttng_directory_handle_put(old_handle);
562 lttng_directory_handle_put(new_handle);
563 ret_value->_errno = errno;
564 ret_value->_error = (ret_value->u.ret) ? true : false;
565 return ret_value->u.ret;
566 }
567
568 #ifdef HAVE_ELF_H
569 static
570 int _extract_elf_symbol_offset(struct run_as_data *data,
571 struct run_as_ret *ret_value)
572 {
573 int ret = 0;
574 uint64_t offset;
575
576 ret_value->_error = false;
577 ret = lttng_elf_get_symbol_offset(data->u.extract_elf_symbol_offset.fd,
578 data->u.extract_elf_symbol_offset.function,
579 &offset);
580 if (ret) {
581 DBG("Failed to extract ELF function offset");
582 ret_value->_error = true;
583 }
584 ret_value->u.extract_elf_symbol_offset.offset = offset;
585
586 return ret;
587 }
588
589 static
590 int _extract_sdt_probe_offsets(struct run_as_data *data,
591 struct run_as_ret *ret_value)
592 {
593 int ret = 0;
594 uint64_t *offsets = NULL;
595 uint32_t num_offset;
596
597 ret_value->_error = false;
598
599 /* On success, this call allocates the offsets paramater. */
600 ret = lttng_elf_get_sdt_probe_offsets(
601 data->u.extract_sdt_probe_offsets.fd,
602 data->u.extract_sdt_probe_offsets.provider_name,
603 data->u.extract_sdt_probe_offsets.probe_name,
604 &offsets, &num_offset);
605
606 if (ret) {
607 DBG("Failed to extract SDT probe offsets");
608 ret_value->_error = true;
609 goto end;
610 }
611
612 if (num_offset <= 0 || num_offset > LTTNG_KERNEL_ABI_MAX_UPROBE_NUM) {
613 DBG("Wrong number of probes.");
614 ret = -1;
615 ret_value->_error = true;
616 goto free_offset;
617 }
618
619 /* Copy the content of the offsets array to the ret struct. */
620 memcpy(ret_value->u.extract_sdt_probe_offsets.offsets,
621 offsets, num_offset * sizeof(uint64_t));
622
623 ret_value->u.extract_sdt_probe_offsets.num_offset = num_offset;
624
625 free_offset:
626 free(offsets);
627 end:
628 return ret;
629 }
630 #else
631 static
632 int _extract_elf_symbol_offset(struct run_as_data *data,
633 struct run_as_ret *ret_value)
634 {
635 ERR("Unimplemented runas command RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET");
636 return -1;
637 }
638
639 static
640 int _extract_sdt_probe_offsets(struct run_as_data *data,
641 struct run_as_ret *ret_value)
642 {
643 ERR("Unimplemented runas command RUN_AS_EXTRACT_SDT_PROBE_OFFSETS");
644 return -1;
645 }
646 #endif
647
648 static
649 int _generate_filter_bytecode(struct run_as_data *data,
650 struct run_as_ret *ret_value) {
651 int ret = 0;
652 const char *filter_expression = NULL;
653 struct filter_parser_ctx *ctx = NULL;
654
655 ret_value->_error = false;
656
657 filter_expression = data->u.generate_filter_bytecode.filter_expression;
658
659 if (lttng_strnlen(filter_expression, LTTNG_FILTER_MAX_LEN - 1) == LTTNG_FILTER_MAX_LEN - 1) {
660 ret_value->_error = true;
661 ret = -1;
662 goto end;
663 }
664
665 ret = filter_parser_ctx_create_from_filter_expression(filter_expression, &ctx);
666 if (ret < 0) {
667 ret_value->_error = true;
668 ret = -1;
669 goto end;
670 }
671
672 DBG("Size of bytecode generated: %u bytes.",
673 bytecode_get_len(&ctx->bytecode->b));
674
675 /* Copy the lttng_bytecode_filter object to the return structure. */
676 memcpy(ret_value->u.generate_filter_bytecode.bytecode,
677 &ctx->bytecode->b,
678 sizeof(ctx->bytecode->b) +
679 bytecode_get_len(&ctx->bytecode->b));
680
681 end:
682 if (ctx) {
683 filter_bytecode_free(ctx);
684 filter_ir_free(ctx);
685 filter_parser_ctx_free(ctx);
686 }
687
688 return ret;
689 }
690 static
691 run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
692 {
693 switch (cmd) {
694 case RUN_AS_MKDIR:
695 case RUN_AS_MKDIRAT:
696 return _mkdirat;
697 case RUN_AS_MKDIR_RECURSIVE:
698 case RUN_AS_MKDIRAT_RECURSIVE:
699 return _mkdirat_recursive;
700 case RUN_AS_OPEN:
701 case RUN_AS_OPENAT:
702 return _open;
703 case RUN_AS_UNLINK:
704 case RUN_AS_UNLINKAT:
705 return _unlink;
706 case RUN_AS_RMDIR:
707 case RUN_AS_RMDIRAT:
708 return _rmdir;
709 case RUN_AS_RMDIR_RECURSIVE:
710 case RUN_AS_RMDIRAT_RECURSIVE:
711 return _rmdir_recursive;
712 case RUN_AS_RENAME:
713 case RUN_AS_RENAMEAT:
714 return _rename;
715 case RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET:
716 return _extract_elf_symbol_offset;
717 case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
718 return _extract_sdt_probe_offsets;
719 case RUN_AS_GENERATE_FILTER_BYTECODE:
720 return _generate_filter_bytecode;
721 default:
722 ERR("Unknown command %d", (int) cmd);
723 return NULL;
724 }
725 }
726
727 static
728 int do_send_fds(int sock, const int *fds, unsigned int fd_count)
729 {
730 ssize_t len;
731 unsigned int i;
732
733 for (i = 0; i < fd_count; i++) {
734 if (fds[i] < 0) {
735 DBG("Attempt to send invalid file descriptor (fd = %i)",
736 fds[i]);
737 /* Return 0 as this is not a fatal error. */
738 return 0;
739 }
740 }
741
742 len = lttcomm_send_fds_unix_sock(sock, fds, fd_count);
743 return len < 0 ? -1 : 0;
744 }
745
746 static
747 int do_recv_fds(int sock, int *fds, unsigned int fd_count)
748 {
749 int ret = 0;
750 unsigned int i;
751 ssize_t len;
752
753 len = lttcomm_recv_fds_unix_sock(sock, fds, fd_count);
754 if (len == 0) {
755 ret = -1;
756 goto end;
757 } else if (len < 0) {
758 PERROR("Failed to receive file descriptors from socket");
759 ret = -1;
760 goto end;
761 }
762
763 for (i = 0; i < fd_count; i++) {
764 if (fds[i] < 0) {
765 ERR("Invalid file descriptor received from worker (fd = %i)", fds[i]);
766 /* Return 0 as this is not a fatal error. */
767 }
768 }
769 end:
770 return ret;
771 }
772
773 static
774 int send_fds_to_worker(const run_as_worker_data *worker,
775 const struct run_as_data *data)
776 {
777 int ret = 0;
778 unsigned int i;
779
780 if (COMMAND_USE_CWD_FD(data) || COMMAND_IN_FD_COUNT(data) == 0) {
781 goto end;
782 }
783
784 for (i = 0; i < COMMAND_IN_FD_COUNT(data); i++) {
785 if (COMMAND_IN_FDS(data)[i] < 0) {
786 ERR("Refusing to send invalid fd to worker (fd = %i)",
787 COMMAND_IN_FDS(data)[i]);
788 ret = -1;
789 goto end;
790 }
791 }
792
793 ret = do_send_fds(worker->sockpair[0], COMMAND_IN_FDS(data),
794 COMMAND_IN_FD_COUNT(data));
795 if (ret < 0) {
796 PERROR("Failed to send file descriptor to run-as worker");
797 ret = -1;
798 goto end;
799 }
800 end:
801 return ret;
802 }
803
804 static
805 int send_fds_to_master(run_as_worker_data *worker, enum run_as_cmd cmd,
806 struct run_as_ret *run_as_ret)
807 {
808 int ret = 0;
809 unsigned int i;
810
811 if (COMMAND_OUT_FD_COUNT(cmd) == 0) {
812 goto end;
813 }
814
815 ret = do_send_fds(worker->sockpair[1], COMMAND_OUT_FDS(cmd, run_as_ret),
816 COMMAND_OUT_FD_COUNT(cmd));
817 if (ret < 0) {
818 PERROR("Failed to send file descriptor to master process");
819 goto end;
820 }
821
822 for (i = 0; i < COMMAND_OUT_FD_COUNT(cmd); i++) {
823 int fd = COMMAND_OUT_FDS(cmd, run_as_ret)[i];
824 if (fd >= 0) {
825 int ret_close = close(fd);
826
827 if (ret_close < 0) {
828 PERROR("Failed to close result file descriptor (fd = %i)",
829 fd);
830 }
831 }
832 }
833 end:
834 return ret;
835 }
836
837 static
838 int recv_fds_from_worker(const run_as_worker_data *worker, enum run_as_cmd cmd,
839 struct run_as_ret *run_as_ret)
840 {
841 int ret = 0;
842
843 if (COMMAND_OUT_FD_COUNT(cmd) == 0) {
844 goto end;
845 }
846
847 ret = do_recv_fds(worker->sockpair[0], COMMAND_OUT_FDS(cmd, run_as_ret),
848 COMMAND_OUT_FD_COUNT(cmd));
849 if (ret < 0) {
850 PERROR("Failed to receive file descriptor from run-as worker");
851 ret = -1;
852 }
853 end:
854 return ret;
855 }
856
857 static
858 int recv_fds_from_master(run_as_worker_data *worker, struct run_as_data *data)
859 {
860 int ret = 0;
861
862 if (COMMAND_USE_CWD_FD(data)) {
863 unsigned int i;
864
865 for (i = 0; i < COMMAND_IN_FD_COUNT(data); i++) {
866 COMMAND_IN_FDS(data)[i] = AT_FDCWD;
867 }
868 goto end;
869 }
870
871 if (COMMAND_IN_FD_COUNT(data) == 0) {
872 goto end;
873 }
874
875 ret = do_recv_fds(worker->sockpair[1], COMMAND_IN_FDS(data),
876 COMMAND_IN_FD_COUNT(data));
877 if (ret < 0) {
878 PERROR("Failed to receive file descriptors from master process");
879 ret = -1;
880 }
881 end:
882 return ret;
883 }
884
885 static
886 int cleanup_received_fds(struct run_as_data *data)
887 {
888 int ret = 0, i;
889
890 for (i = 0; i < COMMAND_IN_FD_COUNT(data); i++) {
891 if (COMMAND_IN_FDS(data)[i] == -1) {
892 continue;
893 }
894 ret = close(COMMAND_IN_FDS(data)[i]);
895 if (ret) {
896 PERROR("Failed to close file descriptor received fd in run-as worker");
897 goto end;
898 }
899 }
900 end:
901 return ret;
902 }
903
904 static int get_user_infos_from_uid(
905 uid_t uid, char **username, gid_t *primary_gid)
906 {
907 int ret;
908 char *buf = NULL;
909 long raw_get_pw_buf_size;
910 size_t get_pw_buf_size;
911 struct passwd pwd;
912 struct passwd *result = NULL;
913
914 /* Fetch the max size for the temporary buffer. */
915 errno = 0;
916 raw_get_pw_buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
917 if (raw_get_pw_buf_size < 0) {
918 if (errno != 0) {
919 PERROR("Failed to query _SC_GETPW_R_SIZE_MAX");
920 goto error;
921 }
922
923 /* Limit is indeterminate. */
924 WARN("Failed to query _SC_GETPW_R_SIZE_MAX as it is "
925 "indeterminate; falling back to default buffer size");
926 raw_get_pw_buf_size = GETPW_BUFFER_FALLBACK_SIZE;
927 }
928
929 get_pw_buf_size = (size_t) raw_get_pw_buf_size;
930
931 buf = (char *) zmalloc(get_pw_buf_size);
932 if (buf == NULL) {
933 PERROR("Failed to allocate buffer to get password file entries");
934 goto error;
935 }
936
937 ret = getpwuid_r(uid, &pwd, buf, get_pw_buf_size, &result);
938 if (ret < 0) {
939 PERROR("Failed to get user information for user: uid = %d",
940 (int) uid);
941 goto error;
942 }
943
944 if (result == NULL) {
945 ERR("Failed to find user information in password entries: uid = %d",
946 (int) uid);
947 ret = -1;
948 goto error;
949 }
950
951 *username = strdup(result->pw_name);
952 if (*username == NULL) {
953 PERROR("Failed to copy user name");
954 goto error;
955 }
956
957 *primary_gid = result->pw_gid;
958
959 end:
960 free(buf);
961 return ret;
962 error:
963 *username = NULL;
964 *primary_gid = -1;
965 ret = -1;
966 goto end;
967 }
968
969 static int demote_creds(
970 uid_t prev_uid, gid_t prev_gid, uid_t new_uid, gid_t new_gid)
971 {
972 int ret = 0;
973 gid_t primary_gid;
974 char *username = NULL;
975
976 /* Change the group id. */
977 if (prev_gid != new_gid) {
978 ret = setegid(new_gid);
979 if (ret < 0) {
980 PERROR("Failed to set effective group id: new_gid = %d",
981 (int) new_gid);
982 goto end;
983 }
984 }
985
986 /* Change the user id. */
987 if (prev_uid != new_uid) {
988 ret = get_user_infos_from_uid(new_uid, &username, &primary_gid);
989 if (ret < 0) {
990 goto end;
991 }
992
993 /*
994 * Initialize the supplementary group access list.
995 *
996 * This is needed to handle cases where the supplementary groups
997 * of the user the process is demoting-to would give it access
998 * to a given file/folder, but not it's primary group.
999 *
1000 * e.g
1001 * username: User1
1002 * Primary Group: User1
1003 * Secondary group: Disk, Network
1004 *
1005 * mkdir inside the following directory must work since User1
1006 * is part of the Network group.
1007 *
1008 * drwxrwx--- 2 root Network 4096 Jul 23 17:17 /tmp/my_folder/
1009 *
1010 *
1011 * The order of the following initgroups and seteuid calls is
1012 * important here;
1013 * Only a root process or one with CAP_SETGID capability can
1014 * call the the initgroups() function. We must initialize the
1015 * supplementary groups before we change the effective
1016 * UID to a less-privileged user.
1017 */
1018 ret = initgroups(username, primary_gid);
1019 if (ret < 0) {
1020 PERROR("Failed to init the supplementary group access list: "
1021 "username = `%s`, primary gid = %d", username,
1022 (int) primary_gid);
1023 goto end;
1024 }
1025
1026 ret = seteuid(new_uid);
1027 if (ret < 0) {
1028 PERROR("Failed to set effective user id: new_uid = %d",
1029 (int) new_uid);
1030 goto end;
1031 }
1032 }
1033 end:
1034 free(username);
1035 return ret;
1036 }
1037
1038 static int promote_creds(
1039 uid_t prev_uid, gid_t prev_gid, uid_t new_uid, gid_t new_gid)
1040 {
1041 int ret = 0;
1042 gid_t primary_gid;
1043 char *username = NULL;
1044
1045 /* Change the group id. */
1046 if (prev_gid != new_gid) {
1047 ret = setegid(new_gid);
1048 if (ret < 0) {
1049 PERROR("Failed to set effective group id: new_gid = %d",
1050 (int) new_gid);
1051 goto end;
1052 }
1053 }
1054
1055 /* Change the user id. */
1056 if (prev_uid != new_uid) {
1057 ret = get_user_infos_from_uid(new_uid, &username, &primary_gid);
1058 if (ret < 0) {
1059 goto end;
1060 }
1061
1062 /*
1063 * seteuid call must be done before the initgroups call because
1064 * we need to be privileged (CAP_SETGID) to call initgroups().
1065 */
1066 ret = seteuid(new_uid);
1067 if (ret < 0) {
1068 PERROR("Failed to set effective user id: new_uid = %d",
1069 (int) new_uid);
1070 goto end;
1071 }
1072
1073 /*
1074 * Initialize the supplementary group access list.
1075 *
1076 * There is a possibility the groups we set in the following
1077 * initgroups() call are not exactly the same as the ones we
1078 * had when we originally demoted. This can happen if the
1079 * /etc/group file is modified after the runas process is
1080 * forked. This is very unlikely.
1081 */
1082 ret = initgroups(username, primary_gid);
1083 if (ret < 0) {
1084 PERROR("Failed to init the supplementary group access "
1085 "list: username = `%s`, primary gid = %d",
1086 username, (int) primary_gid)
1087 goto end;
1088 }
1089 }
1090 end:
1091 free(username);
1092 return ret;
1093 }
1094
1095 /*
1096 * Return < 0 on error, 0 if OK, 1 on hangup.
1097 */
1098 static
1099 int handle_one_cmd(run_as_worker_data *worker)
1100 {
1101 int ret = 0, promote_ret;
1102 struct run_as_data data = {};
1103 ssize_t readlen, writelen;
1104 struct run_as_ret sendret = {};
1105 run_as_fct cmd;
1106 const uid_t prev_ruid = getuid();
1107 const gid_t prev_rgid = getgid();
1108
1109 /*
1110 * Stage 1: Receive run_as_data struct from the master.
1111 * The structure contains the command type and all the parameters needed for
1112 * its execution
1113 */
1114 readlen = lttcomm_recv_unix_sock(worker->sockpair[1], &data,
1115 sizeof(data));
1116 if (readlen == 0) {
1117 /* hang up */
1118 ret = 1;
1119 goto end;
1120 }
1121 if (readlen < sizeof(data)) {
1122 PERROR("lttcomm_recv_unix_sock error");
1123 ret = -1;
1124 goto end;
1125 }
1126
1127 cmd = run_as_enum_to_fct(data.cmd);
1128 if (!cmd) {
1129 ret = -1;
1130 goto end;
1131 }
1132
1133 /*
1134 * Stage 2: Receive file descriptor from master.
1135 * Some commands need a file descriptor as input so if it's needed we
1136 * receive the fd using the Unix socket.
1137 */
1138 ret = recv_fds_from_master(worker, &data);
1139 if (ret < 0) {
1140 PERROR("recv_fd_from_master error");
1141 ret = -1;
1142 goto end;
1143 }
1144
1145 ret = demote_creds(prev_ruid, prev_rgid, data.uid, data.gid);
1146 if (ret < 0) {
1147 goto write_return;
1148 }
1149
1150 /*
1151 * Also set umask to 0 for mkdir executable bit.
1152 */
1153 umask(0);
1154
1155 /*
1156 * Stage 3: Execute the command
1157 */
1158 ret = (*cmd)(&data, &sendret);
1159 if (ret < 0) {
1160 DBG("Execution of command returned an error");
1161 }
1162
1163 write_return:
1164 ret = cleanup_received_fds(&data);
1165 if (ret < 0) {
1166 ERR("Error cleaning up FD");
1167 goto promote_back;
1168 }
1169
1170 /*
1171 * Stage 4: Send run_as_ret structure to the master.
1172 * This structure contain the return value of the command and the errno.
1173 */
1174 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
1175 sizeof(sendret));
1176 if (writelen < sizeof(sendret)) {
1177 PERROR("lttcomm_send_unix_sock error");
1178 ret = -1;
1179 goto promote_back;
1180 }
1181
1182 /*
1183 * Stage 5: Send resulting file descriptors to the master.
1184 */
1185 ret = send_fds_to_master(worker, data.cmd, &sendret);
1186 if (ret < 0) {
1187 DBG("Sending FD to master returned an error");
1188 }
1189
1190 ret = 0;
1191
1192 promote_back:
1193 /* Return to previous uid/gid. */
1194 promote_ret = promote_creds(data.uid, data.gid, prev_ruid, prev_rgid);
1195 if (promote_ret < 0) {
1196 ERR("Failed to promote back to the initial credentials");
1197 }
1198
1199 end:
1200 return ret;
1201 }
1202
1203 static
1204 int run_as_worker(run_as_worker_data *worker)
1205 {
1206 int ret;
1207 ssize_t writelen;
1208 struct run_as_ret sendret;
1209 size_t proc_orig_len;
1210
1211 /*
1212 * Initialize worker. Set a different process cmdline.
1213 */
1214 proc_orig_len = strlen(worker->procname);
1215 memset(worker->procname, 0, proc_orig_len);
1216 strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
1217
1218 ret = lttng_thread_setname(DEFAULT_RUN_AS_WORKER_NAME);
1219 if (ret && ret != -ENOSYS) {
1220 /* Don't fail as this is not essential. */
1221 DBG("Failed to set pthread name attribute");
1222 }
1223
1224 memset(&sendret, 0, sizeof(sendret));
1225
1226 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
1227 sizeof(sendret));
1228 if (writelen < sizeof(sendret)) {
1229 PERROR("lttcomm_send_unix_sock error");
1230 ret = EXIT_FAILURE;
1231 goto end;
1232 }
1233
1234 for (;;) {
1235 ret = handle_one_cmd(worker);
1236 if (ret < 0) {
1237 ret = EXIT_FAILURE;
1238 goto end;
1239 } else if (ret > 0) {
1240 break;
1241 } else {
1242 continue; /* Next command. */
1243 }
1244 }
1245 ret = EXIT_SUCCESS;
1246 end:
1247 return ret;
1248 }
1249
1250 static
1251 int run_as_cmd(run_as_worker_data *worker,
1252 enum run_as_cmd cmd,
1253 struct run_as_data *data,
1254 struct run_as_ret *ret_value,
1255 uid_t uid, gid_t gid)
1256 {
1257 int ret = 0;
1258 ssize_t readlen, writelen;
1259
1260 /*
1261 * If we are non-root, we can only deal with our own uid.
1262 */
1263 if (geteuid() != 0) {
1264 if (uid != geteuid()) {
1265 ret = -1;
1266 ret_value->_errno = EPERM;
1267 ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
1268 (int) uid, (int) geteuid());
1269 goto end;
1270 }
1271 }
1272
1273 data->cmd = cmd;
1274 data->uid = uid;
1275 data->gid = gid;
1276
1277 /*
1278 * Stage 1: Send the run_as_data struct to the worker process
1279 */
1280 writelen = lttcomm_send_unix_sock(worker->sockpair[0], data,
1281 sizeof(*data));
1282 if (writelen < sizeof(*data)) {
1283 PERROR("Error writing message to run_as");
1284 ret = -1;
1285 ret_value->_errno = EIO;
1286 goto end;
1287 }
1288
1289 /*
1290 * Stage 2: Send file descriptor to the worker process if needed
1291 */
1292 ret = send_fds_to_worker(worker, data);
1293 if (ret) {
1294 PERROR("do_send_fd error");
1295 ret = -1;
1296 ret_value->_errno = EIO;
1297 goto end;
1298 }
1299
1300 /*
1301 * Stage 3: Wait for the execution of the command
1302 */
1303
1304 /*
1305 * Stage 4: Receive the run_as_ret struct containing the return value and
1306 * errno
1307 */
1308 readlen = lttcomm_recv_unix_sock(worker->sockpair[0], ret_value,
1309 sizeof(*ret_value));
1310 if (!readlen) {
1311 ERR("Run-as worker has hung-up during run_as_cmd");
1312 ret = -1;
1313 ret_value->_errno = EIO;
1314 goto end;
1315 } else if (readlen < sizeof(*ret_value)) {
1316 PERROR("Error reading response from run_as");
1317 ret = -1;
1318 ret_value->_errno = errno;
1319 goto end;
1320 }
1321
1322 if (ret_value->_error) {
1323 /* Skip stage 5 on error as there will be no fd to receive. */
1324 goto end;
1325 }
1326
1327 /*
1328 * Stage 5: Receive file descriptor if needed
1329 */
1330 ret = recv_fds_from_worker(worker, cmd, ret_value);
1331 if (ret < 0) {
1332 ERR("Error receiving fd");
1333 ret = -1;
1334 ret_value->_errno = EIO;
1335 }
1336
1337 end:
1338 return ret;
1339 }
1340
1341 /*
1342 * This is for debugging ONLY and should not be considered secure.
1343 */
1344 static
1345 int run_as_noworker(enum run_as_cmd cmd,
1346 struct run_as_data *data, struct run_as_ret *ret_value,
1347 uid_t uid, gid_t gid)
1348 {
1349 int ret, saved_errno;
1350 mode_t old_mask;
1351 run_as_fct fct;
1352
1353 fct = run_as_enum_to_fct(cmd);
1354 if (!fct) {
1355 errno = -ENOSYS;
1356 ret = -1;
1357 goto end;
1358 }
1359 old_mask = umask(0);
1360 ret = fct(data, ret_value);
1361 saved_errno = ret_value->_errno;
1362 umask(old_mask);
1363 errno = saved_errno;
1364 end:
1365 return ret;
1366 }
1367
1368 static
1369 int reset_sighandler(void)
1370 {
1371 int sig;
1372
1373 DBG("Resetting run_as worker signal handlers to default");
1374 for (sig = 1; sig <= 31; sig++) {
1375 (void) signal(sig, SIG_DFL);
1376 }
1377 return 0;
1378 }
1379
1380 static
1381 void worker_sighandler(int sig)
1382 {
1383 const char *signame;
1384
1385 /*
1386 * The worker will inherit its parent's signals since they are part of
1387 * the same process group. However, in the case of SIGINT and SIGTERM,
1388 * we want to give the worker a chance to teardown gracefully when its
1389 * parent closes the command socket.
1390 */
1391 switch (sig) {
1392 case SIGINT:
1393 signame = "SIGINT";
1394 break;
1395 case SIGTERM:
1396 signame = "SIGTERM";
1397 break;
1398 default:
1399 signame = NULL;
1400 }
1401
1402 if (signame) {
1403 DBG("run_as worker received signal %s", signame);
1404 } else {
1405 DBG("run_as_worker received signal %d", sig);
1406 }
1407 }
1408
1409 static
1410 int set_worker_sighandlers(void)
1411 {
1412 int ret = 0;
1413 sigset_t sigset;
1414 struct sigaction sa;
1415
1416 if ((ret = sigemptyset(&sigset)) < 0) {
1417 PERROR("sigemptyset");
1418 goto end;
1419 }
1420
1421 sa.sa_handler = worker_sighandler;
1422 sa.sa_mask = sigset;
1423 sa.sa_flags = 0;
1424 if ((ret = sigaction(SIGINT, &sa, NULL)) < 0) {
1425 PERROR("sigaction SIGINT");
1426 goto end;
1427 }
1428
1429 if ((ret = sigaction(SIGTERM, &sa, NULL)) < 0) {
1430 PERROR("sigaction SIGTERM");
1431 goto end;
1432 }
1433
1434 DBG("run_as signal handler set for SIGTERM and SIGINT");
1435 end:
1436 return ret;
1437 }
1438
1439 static
1440 int run_as_create_worker_no_lock(const char *procname,
1441 post_fork_cleanup_cb clean_up_func,
1442 void *clean_up_user_data)
1443 {
1444 pid_t pid;
1445 int i, ret = 0;
1446 ssize_t readlen;
1447 struct run_as_ret recvret;
1448 run_as_worker_data *worker;
1449
1450 LTTNG_ASSERT(!global_worker);
1451 if (!use_clone()) {
1452 /*
1453 * Don't initialize a worker, all run_as tasks will be performed
1454 * in the current process.
1455 */
1456 ret = 0;
1457 goto end;
1458 }
1459 worker = (run_as_worker_data *) zmalloc(sizeof(*worker));
1460 if (!worker) {
1461 ret = -ENOMEM;
1462 goto end;
1463 }
1464 worker->procname = strdup(procname);
1465 if (!worker->procname) {
1466 ret = -ENOMEM;
1467 goto error_procname_alloc;
1468 }
1469 /* Create unix socket. */
1470 if (lttcomm_create_anon_unix_socketpair(worker->sockpair) < 0) {
1471 ret = -1;
1472 goto error_sock;
1473 }
1474
1475 /* Fork worker. */
1476 pid = fork();
1477 if (pid < 0) {
1478 PERROR("fork");
1479 ret = -1;
1480 goto error_fork;
1481 } else if (pid == 0) {
1482 /* Child */
1483
1484 reset_sighandler();
1485
1486 set_worker_sighandlers();
1487
1488 logger_set_thread_name("Run-as worker", true);
1489
1490 if (clean_up_func) {
1491 if (clean_up_func(clean_up_user_data) < 0) {
1492 ERR("Run-as post-fork clean-up failed, exiting.");
1493 exit(EXIT_FAILURE);
1494 }
1495 }
1496
1497 /* Just close, no shutdown. */
1498 if (close(worker->sockpair[0])) {
1499 PERROR("close");
1500 exit(EXIT_FAILURE);
1501 }
1502
1503 /*
1504 * Close all FDs aside from STDIN, STDOUT, STDERR and sockpair[1]
1505 * Sockpair[1] is used as a control channel with the master
1506 */
1507 for (i = 3; i < sysconf(_SC_OPEN_MAX); i++) {
1508 if (i != worker->sockpair[1]) {
1509 (void) close(i);
1510 }
1511 }
1512
1513 worker->sockpair[0] = -1;
1514 ret = run_as_worker(worker);
1515 if (lttcomm_close_unix_sock(worker->sockpair[1])) {
1516 PERROR("close");
1517 ret = -1;
1518 }
1519 worker->sockpair[1] = -1;
1520 free(worker->procname);
1521 free(worker);
1522 LOG(ret ? PRINT_ERR : PRINT_DBG, "run_as worker exiting (ret = %d)", ret);
1523 exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
1524 } else {
1525 /* Parent */
1526
1527 /* Just close, no shutdown. */
1528 if (close(worker->sockpair[1])) {
1529 PERROR("close");
1530 ret = -1;
1531 goto error_fork;
1532 }
1533 worker->sockpair[1] = -1;
1534 worker->pid = pid;
1535 /* Wait for worker to become ready. */
1536 readlen = lttcomm_recv_unix_sock(worker->sockpair[0],
1537 &recvret, sizeof(recvret));
1538 if (readlen < sizeof(recvret)) {
1539 ERR("readlen: %zd", readlen);
1540 PERROR("Error reading response from run_as at creation");
1541 ret = -1;
1542 goto error_fork;
1543 }
1544 global_worker = worker;
1545 }
1546 end:
1547 return ret;
1548
1549 /* Error handling. */
1550 error_fork:
1551 for (i = 0; i < 2; i++) {
1552 if (worker->sockpair[i] < 0) {
1553 continue;
1554 }
1555 if (lttcomm_close_unix_sock(worker->sockpair[i])) {
1556 PERROR("close");
1557 }
1558 worker->sockpair[i] = -1;
1559 }
1560 error_sock:
1561 free(worker->procname);
1562 error_procname_alloc:
1563 free(worker);
1564 return ret;
1565 }
1566
1567 static
1568 void run_as_destroy_worker_no_lock(void)
1569 {
1570 run_as_worker_data *worker = global_worker;
1571
1572 DBG("Destroying run_as worker");
1573 if (!worker) {
1574 return;
1575 }
1576 /* Close unix socket */
1577 DBG("Closing run_as worker socket");
1578 if (lttcomm_close_unix_sock(worker->sockpair[0])) {
1579 PERROR("close");
1580 }
1581 worker->sockpair[0] = -1;
1582 /* Wait for worker. */
1583 for (;;) {
1584 int status;
1585 pid_t wait_ret;
1586
1587 wait_ret = waitpid(worker->pid, &status, 0);
1588 if (wait_ret < 0) {
1589 if (errno == EINTR) {
1590 continue;
1591 }
1592 PERROR("waitpid");
1593 break;
1594 }
1595
1596 if (WIFEXITED(status)) {
1597 LOG(WEXITSTATUS(status) == 0 ? PRINT_DBG : PRINT_ERR,
1598 DEFAULT_RUN_AS_WORKER_NAME " terminated with status code %d",
1599 WEXITSTATUS(status));
1600 break;
1601 } else if (WIFSIGNALED(status)) {
1602 ERR(DEFAULT_RUN_AS_WORKER_NAME " was killed by signal %d",
1603 WTERMSIG(status));
1604 break;
1605 }
1606 }
1607 free(worker->procname);
1608 free(worker);
1609 global_worker = NULL;
1610 }
1611
1612 static
1613 int run_as_restart_worker(run_as_worker_data *worker)
1614 {
1615 int ret = 0;
1616 char *procname = NULL;
1617
1618 procname = worker->procname;
1619
1620 /* Close socket to run_as worker process and clean up the zombie process */
1621 run_as_destroy_worker_no_lock();
1622
1623 /* Create a new run_as worker process*/
1624 ret = run_as_create_worker_no_lock(procname, NULL, NULL);
1625 if (ret < 0 ) {
1626 ERR("Restarting the worker process failed");
1627 ret = -1;
1628 goto err;
1629 }
1630 err:
1631 return ret;
1632 }
1633
1634 static
1635 int run_as(enum run_as_cmd cmd, struct run_as_data *data,
1636 struct run_as_ret *ret_value, uid_t uid, gid_t gid)
1637 {
1638 int ret, saved_errno;
1639
1640 pthread_mutex_lock(&worker_lock);
1641 if (use_clone()) {
1642 DBG("Using run_as worker");
1643
1644 LTTNG_ASSERT(global_worker);
1645
1646 ret = run_as_cmd(global_worker, cmd, data, ret_value, uid, gid);
1647 saved_errno = ret_value->_errno;
1648
1649 /*
1650 * If the worker thread crashed the errno is set to EIO. we log
1651 * the error and start a new worker process.
1652 */
1653 if (ret == -1 && saved_errno == EIO) {
1654 DBG("Socket closed unexpectedly... "
1655 "Restarting the worker process");
1656 ret = run_as_restart_worker(global_worker);
1657 if (ret == -1) {
1658 ERR("Failed to restart worker process.");
1659 goto err;
1660 }
1661 }
1662 } else {
1663 DBG("Using run_as without worker");
1664 ret = run_as_noworker(cmd, data, ret_value, uid, gid);
1665 }
1666 err:
1667 pthread_mutex_unlock(&worker_lock);
1668 return ret;
1669 }
1670
1671 int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
1672 {
1673 return run_as_mkdirat_recursive(AT_FDCWD, path, mode, uid, gid);
1674 }
1675
1676 int run_as_mkdirat_recursive(int dirfd, const char *path, mode_t mode,
1677 uid_t uid, gid_t gid)
1678 {
1679 int ret;
1680 struct run_as_data data = {};
1681 struct run_as_ret run_as_ret = {};
1682
1683 DBG3("mkdirat() recursive fd = %d%s, path = %s, mode = %d, uid = %d, gid = %d",
1684 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1685 path, (int) mode, (int) uid, (int) gid);
1686 ret = lttng_strncpy(data.u.mkdir.path, path,
1687 sizeof(data.u.mkdir.path));
1688 if (ret) {
1689 ERR("Failed to copy path argument of mkdirat recursive command");
1690 goto error;
1691 }
1692 data.u.mkdir.path[sizeof(data.u.mkdir.path) - 1] = '\0';
1693 data.u.mkdir.mode = mode;
1694 data.u.mkdir.dirfd = dirfd;
1695 run_as(dirfd == AT_FDCWD ? RUN_AS_MKDIR_RECURSIVE : RUN_AS_MKDIRAT_RECURSIVE,
1696 &data, &run_as_ret, uid, gid);
1697 errno = run_as_ret._errno;
1698 ret = run_as_ret.u.ret;
1699 error:
1700 return ret;
1701 }
1702
1703 int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
1704 {
1705 return run_as_mkdirat(AT_FDCWD, path, mode, uid, gid);
1706 }
1707
1708 int run_as_mkdirat(int dirfd, const char *path, mode_t mode,
1709 uid_t uid, gid_t gid)
1710 {
1711 int ret;
1712 struct run_as_data data = {};
1713 struct run_as_ret run_as_ret = {};
1714
1715 DBG3("mkdirat() recursive fd = %d%s, path = %s, mode = %d, uid = %d, gid = %d",
1716 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1717 path, (int) mode, (int) uid, (int) gid);
1718 ret = lttng_strncpy(data.u.mkdir.path, path,
1719 sizeof(data.u.mkdir.path));
1720 if (ret) {
1721 ERR("Failed to copy path argument of mkdirat command");
1722 goto error;
1723 }
1724 data.u.mkdir.path[sizeof(data.u.mkdir.path) - 1] = '\0';
1725 data.u.mkdir.mode = mode;
1726 data.u.mkdir.dirfd = dirfd;
1727 run_as(dirfd == AT_FDCWD ? RUN_AS_MKDIR : RUN_AS_MKDIRAT,
1728 &data, &run_as_ret, uid, gid);
1729 errno = run_as_ret._errno;
1730 ret = run_as_ret.u.ret;
1731 error:
1732 return ret;
1733 }
1734
1735 int run_as_open(const char *path, int flags, mode_t mode, uid_t uid,
1736 gid_t gid)
1737 {
1738 return run_as_openat(AT_FDCWD, path, flags, mode, uid, gid);
1739 }
1740
1741 int run_as_openat(int dirfd, const char *path, int flags, mode_t mode,
1742 uid_t uid, gid_t gid)
1743 {
1744 int ret;
1745 struct run_as_data data = {};
1746 struct run_as_ret run_as_ret = {};
1747
1748 DBG3("openat() fd = %d%s, path = %s, flags = %X, mode = %d, uid %d, gid %d",
1749 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1750 path, flags, (int) mode, (int) uid, (int) gid);
1751 ret = lttng_strncpy(data.u.open.path, path, sizeof(data.u.open.path));
1752 if (ret) {
1753 ERR("Failed to copy path argument of open command");
1754 goto error;
1755 }
1756 data.u.open.flags = flags;
1757 data.u.open.mode = mode;
1758 data.u.open.dirfd = dirfd;
1759 run_as(dirfd == AT_FDCWD ? RUN_AS_OPEN : RUN_AS_OPENAT,
1760 &data, &run_as_ret, uid, gid);
1761 errno = run_as_ret._errno;
1762 ret = run_as_ret.u.ret < 0 ? run_as_ret.u.ret :
1763 run_as_ret.u.open.fd;
1764 error:
1765 return ret;
1766 }
1767
1768 int run_as_unlink(const char *path, uid_t uid, gid_t gid)
1769 {
1770 return run_as_unlinkat(AT_FDCWD, path, uid, gid);
1771 }
1772
1773 int run_as_unlinkat(int dirfd, const char *path, uid_t uid, gid_t gid)
1774 {
1775 int ret;
1776 struct run_as_data data = {};
1777 struct run_as_ret run_as_ret = {};
1778
1779 DBG3("unlinkat() fd = %d%s, path = %s, uid = %d, gid = %d",
1780 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1781 path, (int) uid, (int) gid);
1782 ret = lttng_strncpy(data.u.unlink.path, path,
1783 sizeof(data.u.unlink.path));
1784 if (ret) {
1785 goto error;
1786 }
1787 data.u.unlink.dirfd = dirfd;
1788 run_as(dirfd == AT_FDCWD ? RUN_AS_UNLINK : RUN_AS_UNLINKAT, &data,
1789 &run_as_ret, uid, gid);
1790 errno = run_as_ret._errno;
1791 ret = run_as_ret.u.ret;
1792 error:
1793 return ret;
1794 }
1795
1796 int run_as_rmdir(const char *path, uid_t uid, gid_t gid)
1797 {
1798 return run_as_rmdirat(AT_FDCWD, path, uid, gid);
1799 }
1800
1801 int run_as_rmdirat(int dirfd, const char *path, uid_t uid, gid_t gid)
1802 {
1803 int ret;
1804 struct run_as_data data = {};
1805 struct run_as_ret run_as_ret = {};
1806
1807 DBG3("rmdirat() fd = %d%s, path = %s, uid = %d, gid = %d",
1808 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1809 path, (int) uid, (int) gid);
1810 ret = lttng_strncpy(data.u.rmdir.path, path,
1811 sizeof(data.u.rmdir.path));
1812 if (ret) {
1813 goto error;
1814 }
1815 data.u.rmdir.dirfd = dirfd;
1816 run_as(dirfd == AT_FDCWD ? RUN_AS_RMDIR : RUN_AS_RMDIRAT, &data,
1817 &run_as_ret, uid, gid);
1818 errno = run_as_ret._errno;
1819 ret = run_as_ret.u.ret;
1820 error:
1821 return ret;
1822 }
1823
1824 int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid, int flags)
1825 {
1826 return run_as_rmdirat_recursive(AT_FDCWD, path, uid, gid, flags);
1827 }
1828
1829 int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid, int flags)
1830 {
1831 int ret;
1832 struct run_as_data data = {};
1833 struct run_as_ret run_as_ret = {};
1834
1835 DBG3("rmdirat() recursive fd = %d%s, path = %s, uid = %d, gid = %d",
1836 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1837 path, (int) uid, (int) gid);
1838 ret = lttng_strncpy(data.u.rmdir.path, path,
1839 sizeof(data.u.rmdir.path));
1840 if (ret) {
1841 goto error;
1842 }
1843 data.u.rmdir.dirfd = dirfd;
1844 data.u.rmdir.flags = flags;
1845 run_as(dirfd == AT_FDCWD ? RUN_AS_RMDIR_RECURSIVE : RUN_AS_RMDIRAT_RECURSIVE,
1846 &data, &run_as_ret, uid, gid);
1847 errno = run_as_ret._errno;
1848 ret = run_as_ret.u.ret;
1849 error:
1850 return ret;
1851 }
1852
1853 int run_as_rename(const char *old_name, const char *new_name, uid_t uid, gid_t gid)
1854 {
1855 return run_as_renameat(AT_FDCWD, old_name, AT_FDCWD, new_name, uid, gid);
1856 }
1857
1858 int run_as_renameat(int old_dirfd, const char *old_name,
1859 int new_dirfd, const char *new_name, uid_t uid, gid_t gid)
1860 {
1861 int ret;
1862 struct run_as_data data = {};
1863 struct run_as_ret run_as_ret = {};
1864
1865 DBG3("renameat() old_dirfd = %d%s, old_name = %s, new_dirfd = %d%s, new_name = %s, uid = %d, gid = %d",
1866 old_dirfd, old_dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1867 old_name,
1868 new_dirfd, new_dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1869 new_name, (int) uid, (int) gid);
1870 ret = lttng_strncpy(data.u.rename.old_path, old_name,
1871 sizeof(data.u.rename.old_path));
1872 if (ret) {
1873 goto error;
1874 }
1875 ret = lttng_strncpy(data.u.rename.new_path, new_name,
1876 sizeof(data.u.rename.new_path));
1877 if (ret) {
1878 goto error;
1879 }
1880
1881 data.u.rename.dirfds[0] = old_dirfd;
1882 data.u.rename.dirfds[1] = new_dirfd;
1883 run_as(old_dirfd == AT_FDCWD && new_dirfd == AT_FDCWD ?
1884 RUN_AS_RENAME : RUN_AS_RENAMEAT,
1885 &data, &run_as_ret, uid, gid);
1886 errno = run_as_ret._errno;
1887 ret = run_as_ret.u.ret;
1888 error:
1889 return ret;
1890 }
1891
1892 int run_as_extract_elf_symbol_offset(int fd, const char* function,
1893 uid_t uid, gid_t gid, uint64_t *offset)
1894 {
1895 int ret;
1896 struct run_as_data data = {};
1897 struct run_as_ret run_as_ret = {};
1898
1899 DBG3("extract_elf_symbol_offset() on fd=%d and function=%s "
1900 "with for uid %d and gid %d", fd, function,
1901 (int) uid, (int) gid);
1902
1903 data.u.extract_elf_symbol_offset.fd = fd;
1904
1905 strncpy(data.u.extract_elf_symbol_offset.function, function, LTTNG_SYMBOL_NAME_LEN - 1);
1906 data.u.extract_elf_symbol_offset.function[LTTNG_SYMBOL_NAME_LEN - 1] = '\0';
1907 ret = lttng_strncpy(data.u.extract_elf_symbol_offset.function,
1908 function,
1909 sizeof(data.u.extract_elf_symbol_offset.function));
1910 if (ret) {
1911 goto error;
1912 }
1913
1914 run_as(RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET, &data, &run_as_ret, uid, gid);
1915 errno = run_as_ret._errno;
1916 if (run_as_ret._error) {
1917 ret = -1;
1918 goto error;
1919 }
1920
1921 *offset = run_as_ret.u.extract_elf_symbol_offset.offset;
1922 error:
1923 return ret;
1924 }
1925
1926 int run_as_extract_sdt_probe_offsets(int fd, const char* provider_name,
1927 const char* probe_name, uid_t uid, gid_t gid,
1928 uint64_t **offsets, uint32_t *num_offset)
1929 {
1930 int ret;
1931 struct run_as_data data = {};
1932 struct run_as_ret run_as_ret = {};
1933
1934 DBG3("extract_sdt_probe_offsets() on fd=%d, probe_name=%s and "
1935 "provider_name=%s with for uid %d and gid %d", fd,
1936 probe_name, provider_name, (int) uid, (int) gid);
1937
1938 data.u.extract_sdt_probe_offsets.fd = fd;
1939
1940 ret = lttng_strncpy(data.u.extract_sdt_probe_offsets.probe_name, probe_name,
1941 sizeof(data.u.extract_sdt_probe_offsets.probe_name));
1942 if (ret) {
1943 goto error;
1944 }
1945 ret = lttng_strncpy(data.u.extract_sdt_probe_offsets.provider_name,
1946 provider_name,
1947 sizeof(data.u.extract_sdt_probe_offsets.provider_name));
1948 if (ret) {
1949 goto error;
1950 }
1951
1952 run_as(RUN_AS_EXTRACT_SDT_PROBE_OFFSETS, &data, &run_as_ret, uid, gid);
1953 errno = run_as_ret._errno;
1954 if (run_as_ret._error) {
1955 ret = -1;
1956 goto error;
1957 }
1958
1959 *num_offset = run_as_ret.u.extract_sdt_probe_offsets.num_offset;
1960 *offsets = (uint64_t *) zmalloc(*num_offset * sizeof(uint64_t));
1961 if (!*offsets) {
1962 ret = -ENOMEM;
1963 goto error;
1964 }
1965
1966 memcpy(*offsets, run_as_ret.u.extract_sdt_probe_offsets.offsets,
1967 *num_offset * sizeof(uint64_t));
1968 error:
1969 return ret;
1970 }
1971
1972 int run_as_generate_filter_bytecode(const char *filter_expression,
1973 const struct lttng_credentials *creds,
1974 struct lttng_bytecode **bytecode)
1975 {
1976 int ret;
1977 struct run_as_data data = {};
1978 struct run_as_ret run_as_ret = {};
1979 const struct lttng_bytecode *view_bytecode = NULL;
1980 struct lttng_bytecode *local_bytecode = NULL;
1981 const uid_t uid = lttng_credentials_get_uid(creds);
1982 const gid_t gid = lttng_credentials_get_gid(creds);
1983
1984 DBG3("generate_filter_bytecode() from expression=\"%s\" for uid %d and gid %d",
1985 filter_expression, (int) uid, (int) gid);
1986
1987 ret = lttng_strncpy(data.u.generate_filter_bytecode.filter_expression, filter_expression,
1988 sizeof(data.u.generate_filter_bytecode.filter_expression));
1989 if (ret) {
1990 goto error;
1991 }
1992
1993 run_as(RUN_AS_GENERATE_FILTER_BYTECODE, &data, &run_as_ret, uid, gid);
1994 errno = run_as_ret._errno;
1995 if (run_as_ret._error) {
1996 ret = -1;
1997 goto error;
1998 }
1999
2000 view_bytecode = (const struct lttng_bytecode *) run_as_ret.u.generate_filter_bytecode.bytecode;
2001
2002 local_bytecode = (lttng_bytecode *) zmalloc(sizeof(*local_bytecode) + view_bytecode->len);
2003 if (!local_bytecode) {
2004 ret = -ENOMEM;
2005 goto error;
2006 }
2007
2008 memcpy(local_bytecode, run_as_ret.u.generate_filter_bytecode.bytecode,
2009 sizeof(*local_bytecode) + view_bytecode->len);
2010 *bytecode = local_bytecode;
2011 error:
2012 return ret;
2013 }
2014
2015 int run_as_create_worker(const char *procname,
2016 post_fork_cleanup_cb clean_up_func,
2017 void *clean_up_user_data)
2018 {
2019 int ret;
2020
2021 pthread_mutex_lock(&worker_lock);
2022 ret = run_as_create_worker_no_lock(procname, clean_up_func,
2023 clean_up_user_data);
2024 pthread_mutex_unlock(&worker_lock);
2025 return ret;
2026 }
2027
2028 void run_as_destroy_worker(void)
2029 {
2030 pthread_mutex_lock(&worker_lock);
2031 run_as_destroy_worker_no_lock();
2032 pthread_mutex_unlock(&worker_lock);
2033 }
This page took 0.070669 seconds and 5 git commands to generate.