The triggers will only use the uid element.
Signed-off-by: Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ia96e7def5ab560d9af1476920426635fc49f92ef
{
bool is_allowed = false;
const struct lttng_credentials session_creds = {
- .uid = session->uid,
- .gid = session->gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(session->uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(session->gid),
};
/* Can never be NULL. */
const struct lttng_credentials *trigger_creds =
lttng_trigger_get_credentials(trigger);
- is_allowed = (trigger_creds->uid == session_creds.uid) ||
- (trigger_creds->uid == 0);
+ is_allowed = (lttng_credentials_is_equal_uid(trigger_creds, &session_creds)) ||
+ (lttng_credentials_get_uid(trigger_creds) == 0);
if (!is_allowed) {
- WARN("Trigger is not allowed to interact with session `%s`: session uid = %ld, session gid = %ld, trigger uid = %ld, trigger gid = %ld",
+ WARN("Trigger is not allowed to interact with session `%s`: session uid = %ld, session gid = %ld, trigger uid = %ld",
session->name,
(long int) session->uid,
(long int) session->gid,
- (long int) trigger_creds->uid,
- (long int) trigger_creds->gid);
+ (long int) lttng_credentials_get_uid(trigger_creds));
}
return is_allowed;
struct lttng_trigger *trigger = NULL;
struct lttng_payload trigger_payload;
struct lttng_credentials cmd_creds = {
- .uid = cmd_ctx->creds.uid,
- .gid = cmd_ctx->creds.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
};
lttng_payload_init(&trigger_payload);
struct lttng_trigger *trigger = NULL;
struct lttng_payload trigger_payload;
struct lttng_credentials cmd_creds = {
- .uid = cmd_ctx->creds.uid,
- .gid = cmd_ctx->creds.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
};
lttng_payload_init(&trigger_payload);
assert(chunk_status == LTTNG_TRACE_CHUNK_STATUS_OK);
LTTNG_OPTIONAL_SET(&msg->u.ask_channel.chunk_id, chunk_id);
}
- msg->u.ask_channel.buffer_credentials.uid = buffer_credentials->uid;
- msg->u.ask_channel.buffer_credentials.gid = buffer_credentials->gid;
+ msg->u.ask_channel.buffer_credentials.uid =
+ lttng_credentials_get_uid(buffer_credentials);
+ msg->u.ask_channel.buffer_credentials.gid =
+ lttng_credentials_get_gid(buffer_credentials);
msg->cmd_type = LTTNG_CONSUMER_ASK_CHANNEL_CREATION;
msg->u.ask_channel.subbuf_size = subbuf_size;
assert(domain_dirfd >= 0);
msg.u.create_trace_chunk.credentials.value.uid =
- chunk_credentials.uid;
+ lttng_credentials_get_uid(&chunk_credentials);
msg.u.create_trace_chunk.credentials.value.gid =
- chunk_credentials.gid;
+ lttng_credentials_get_gid(&chunk_credentials);
msg.u.create_trace_chunk.credentials.is_set = 1;
}
struct lttng_trigger_list_element *trigger_list_element;
struct session_info *session_info;
const struct lttng_credentials session_creds = {
- .uid = session_uid,
- .gid = session_gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(session_uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(session_gid),
};
rcu_read_lock();
bool free_trigger = true;
struct lttng_evaluation *evaluation = NULL;
struct lttng_credentials object_creds;
+ uid_t object_uid;
+ gid_t object_gid;
enum action_executor_status executor_status;
rcu_read_lock();
switch (get_condition_binding_object(condition)) {
case LTTNG_OBJECT_TYPE_SESSION:
ret = evaluate_session_condition_for_client(condition, state,
- &evaluation, &object_creds.uid,
- &object_creds.gid);
+ &evaluation, &object_uid,
+ &object_gid);
break;
case LTTNG_OBJECT_TYPE_CHANNEL:
ret = evaluate_channel_condition_for_client(condition, state,
- &evaluation, &object_creds.uid,
- &object_creds.gid);
+ &evaluation, &object_uid,
+ &object_gid);
break;
case LTTNG_OBJECT_TYPE_NONE:
ret = 0;
goto error_put_client_list;
}
+ LTTNG_OPTIONAL_SET(&object_creds.uid, object_uid);
+ LTTNG_OPTIONAL_SET(&object_creds.gid, object_gid);
+
DBG("Newly registered trigger's condition evaluated to %s",
evaluation ? "true" : "false");
if (!evaluation) {
struct notification_thread_state *state,
uid_t object_uid, gid_t object_gid)
{
+ const struct lttng_credentials creds = {
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(object_uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(object_gid),
+ };
+
return notification_client_list_send_evaluation(client_list,
lttng_trigger_get_const_condition(trigger), evaluation,
lttng_trigger_get_credentials(trigger),
- &(struct lttng_credentials){
- .uid = object_uid, .gid = object_gid},
+ &creds,
client_handle_transmission_status_wrapper, state);
}
}
if (source_object_creds) {
- if (client->uid != source_object_creds->uid &&
- client->gid != source_object_creds->gid &&
+ if (client->uid != lttng_credentials_get_uid(source_object_creds) &&
+ client->gid != lttng_credentials_get_gid(source_object_creds) &&
client->uid != 0) {
/*
* Client is not allowed to monitor this
}
}
- if (client->uid != trigger_creds->uid && client->gid != trigger_creds->gid) {
+ if (client->uid != lttng_credentials_get_uid(trigger_creds) && client->gid != lttng_credentials_get_gid(trigger_creds)) {
DBG("[notification-thread] Skipping client at it does not have the permission to receive notification for this trigger");
goto skip_client;
}
}
channel_creds = (typeof(channel_creds)) {
- .uid = channel_info->session_info->uid,
- .gid = channel_info->session_info->gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(channel_info->session_info->uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(channel_info->session_info->gid),
};
trigger_list = caa_container_of(node, struct lttng_channel_trigger_list,
enum lttng_notification_channel_status nc_status;
struct lttng_action *action;
const struct lttng_credentials session_creds = {
- .uid = session->uid,
- .gid = session->gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(session->uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(session->gid),
};
session->rotate_condition = lttng_condition_session_consumed_size_create();
const char *base_path;
struct lttng_directory_handle *session_output_directory = NULL;
const struct lttng_credentials session_credentials = {
- .uid = session->uid,
- .gid = session->gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(session->uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(session->gid),
};
uint64_t next_chunk_id;
const struct consumer_output *output;
{
struct buffer_reg_uid *reg_uid = buffer_reg_uid_find(
ua_sess->tracing_id, ua_sess->bits_per_long,
- ua_sess->real_credentials.uid);
+ lttng_credentials_get_uid(&ua_sess->real_credentials));
if (!reg_uid) {
goto error;
}
ua_sess->tracing_id = usess->id;
ua_sess->id = get_next_session_id();
- ua_sess->real_credentials.uid = app->uid;
- ua_sess->real_credentials.gid = app->gid;
- ua_sess->effective_credentials.uid = usess->uid;
- ua_sess->effective_credentials.gid = usess->gid;
+ LTTNG_OPTIONAL_SET(&ua_sess->real_credentials.uid, app->uid);
+ LTTNG_OPTIONAL_SET(&ua_sess->real_credentials.gid, app->gid);
+ LTTNG_OPTIONAL_SET(&ua_sess->effective_credentials.uid, usess->uid);
+ LTTNG_OPTIONAL_SET(&ua_sess->effective_credentials.gid, usess->gid);
ua_sess->buffer_type = usess->buffer_type;
ua_sess->bits_per_long = app->bits_per_long;
case LTTNG_BUFFER_PER_UID:
ret = snprintf(ua_sess->path, sizeof(ua_sess->path),
DEFAULT_UST_TRACE_UID_PATH,
- ua_sess->real_credentials.uid,
+ lttng_credentials_get_uid(&ua_sess->real_credentials),
app->bits_per_long);
break;
default:
app->uint64_t_alignment, app->long_alignment,
app->byte_order, app->version.major, app->version.minor,
reg_pid->root_shm_path, reg_pid->shm_path,
- ua_sess->effective_credentials.uid,
- ua_sess->effective_credentials.gid, ua_sess->tracing_id,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
+ ua_sess->tracing_id,
app->uid);
if (ret < 0) {
/*
notification_ret = notification_thread_command_add_channel(
notification_thread_handle, session->name,
- ua_sess->effective_credentials.uid,
- ua_sess->effective_credentials.gid, ua_chan->name,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
+ ua_chan->name,
ua_chan->key, LTTNG_DOMAIN_UST,
ua_chan->attr.subbuf_size * ua_chan->attr.num_subbuf);
if (notification_ret != LTTNG_OK) {
cmd_ret = notification_thread_command_add_channel(
notification_thread_handle, session->name,
- ua_sess->effective_credentials.uid,
- ua_sess->effective_credentials.gid, ua_chan->name,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
+ ua_chan->name,
ua_chan->key, LTTNG_DOMAIN_UST,
ua_chan->attr.subbuf_size * ua_chan->attr.num_subbuf);
if (cmd_ret != LTTNG_OK) {
ua_chan, node.node) {
status = consumer_snapshot_channel(socket,
ua_chan->key, output, 0,
- ua_sess->effective_credentials
- .uid,
- ua_sess->effective_credentials
- .gid,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
&trace_path[consumer_path_offset], wait,
nb_packets_per_stream);
switch (status) {
}
status = consumer_snapshot_channel(socket,
registry->metadata_key, output, 1,
- ua_sess->effective_credentials.uid,
- ua_sess->effective_credentials.gid,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
&trace_path[consumer_path_offset], wait, 0);
switch (status) {
case LTTNG_OK:
ua_chan, node.node) {
ret = consumer_rotate_channel(socket,
ua_chan->key,
- ua_sess->effective_credentials
- .uid,
- ua_sess->effective_credentials
- .gid,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
ua_sess->consumer,
/* is_metadata_channel */ false);
if (ret < 0) {
(void) push_metadata(registry, usess->consumer);
ret = consumer_rotate_channel(socket,
registry->metadata_key,
- ua_sess->effective_credentials.uid,
- ua_sess->effective_credentials.gid,
+ lttng_credentials_get_uid(&ua_sess->effective_credentials),
+ lttng_credentials_get_gid(&ua_sess->effective_credentials),
ua_sess->consumer,
/* is_metadata_channel */ true);
if (ret < 0) {
ua_chan->tracefile_count,
ua_sess->id,
ua_sess->output_traces,
- ua_sess->real_credentials.uid,
+ lttng_credentials_get_uid(&ua_sess->real_credentials),
ua_chan->attr.blocking_timeout,
root_shm_path, shm_path,
trace_chunk,
ret = create_directory_check_exists(handle,
subdirectory, mode);
} else {
- ret = _run_as_mkdir(handle, subdirectory,
- mode, creds->uid, creds->gid);
+ ret = _run_as_mkdir(handle, subdirectory, mode,
+ lttng_credentials_get_uid(creds),
+ lttng_credentials_get_gid(creds));
}
return ret;
subdirectory_path, mode);
} else {
ret = _run_as_mkdir_recursive(handle, subdirectory_path,
- mode, creds->uid, creds->gid);
+ mode, lttng_credentials_get_uid(creds), lttng_credentials_get_gid(creds));
}
return ret;
mode);
} else {
ret = _run_as_open(handle, filename, flags, mode,
- creds->uid, creds->gid);
+ lttng_credentials_get_uid(creds), lttng_credentials_get_gid(creds));
}
return ret;
}
/* Run as current user. */
ret = lttng_directory_handle_unlink(handle, filename);
} else {
- ret = _run_as_unlink(handle, filename, creds->uid, creds->gid);
+ ret = _run_as_unlink(handle, filename, lttng_credentials_get_uid(creds), lttng_credentials_get_gid(creds));
}
return ret;
}
old_name, new_handle, new_name);
} else {
ret = _run_as_rename(old_handle, old_name, new_handle,
- new_name, creds->uid, creds->gid);
+ new_name, lttng_credentials_get_uid(creds), lttng_credentials_get_gid(creds));
}
return ret;
}
/* Run as current user. */
ret = lttng_directory_handle_rmdir(handle, name);
} else {
- ret = _run_as_rmdir(handle, name, creds->uid, creds->gid);
+ ret = _run_as_rmdir(handle, name, lttng_credentials_get_uid(creds), lttng_credentials_get_gid(creds));
}
return ret;
}
/* Run as current user. */
ret = remove_directory_recursive(handle, name, flags);
} else {
- ret = _run_as_rmdir_recursive(handle, name, creds->uid,
- creds->gid, flags);
+ ret = _run_as_rmdir_recursive(handle, name, lttng_credentials_get_uid(creds),
+ lttng_credentials_get_gid(creds), flags);
}
return ret;
}
#include <stdbool.h>
#include "credentials.h"
-bool lttng_credentials_is_equal(const struct lttng_credentials *a,
+uid_t lttng_credentials_get_uid(const struct lttng_credentials *creds)
+{
+ return LTTNG_OPTIONAL_GET(creds->uid);
+}
+
+gid_t lttng_credentials_get_gid(const struct lttng_credentials *creds)
+{
+ return LTTNG_OPTIONAL_GET(creds->gid);
+}
+
+bool lttng_credentials_is_equal_uid(const struct lttng_credentials *a,
const struct lttng_credentials *b)
{
assert(a);
assert(b);
- if ((a->uid != b->uid) || (a->gid != b->gid)) {
+ /* XOR on the is_set value */
+ if (!!a->uid.is_set != !!b->uid.is_set) {
return false;
}
- return true;
-};
+ if (!a->uid.is_set && !b->uid.is_set) {
+ return true;
+ }
+
+ /* Both a and b are set. */
+ return a->uid.value == b->uid.value;
+}
+
+bool lttng_credentials_is_equal_gid(const struct lttng_credentials *a,
+ const struct lttng_credentials *b)
+{
+ assert(a);
+ assert(b);
+
+ /* XOR on the is_set value */
+ if (!!a->gid.is_set != !!b->gid.is_set) {
+ return false;
+ }
+
+ if (!a->gid.is_set && !b->gid.is_set) {
+ return true;
+ }
+
+ /* Both a and b are set. */
+ return a->gid.value == b->gid.value;
+}
+
+bool lttng_credentials_is_equal(const struct lttng_credentials *a,
+ const struct lttng_credentials *b)
+{
+ assert(a);
+ assert(b);
+
+ return lttng_credentials_is_equal_uid(a, b) &&
+ lttng_credentials_is_equal_gid(a, b);
+}
#include <sys/types.h>
#include <stdbool.h>
+#include "optional.h"
+
struct lttng_credentials {
- uid_t uid;
- gid_t gid;
+ LTTNG_OPTIONAL(uid_t) uid;
+ LTTNG_OPTIONAL(gid_t) gid;
};
+uid_t lttng_credentials_get_uid(const struct lttng_credentials *creds);
+gid_t lttng_credentials_get_gid(const struct lttng_credentials *creds);
+
+bool lttng_credentials_is_equal_uid(const struct lttng_credentials *a,
+ const struct lttng_credentials *b);
+
+bool lttng_credentials_is_equal_gid(const struct lttng_credentials *a,
+ const struct lttng_credentials *b);
+
bool lttng_credentials_is_equal(const struct lttng_credentials *a,
const struct lttng_credentials *b);
case LTTNG_CONSUMER_CREATE_TRACE_CHUNK:
{
const struct lttng_credentials credentials = {
- .uid = msg.u.create_trace_chunk.credentials.value.uid,
- .gid = msg.u.create_trace_chunk.credentials.value.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.create_trace_chunk.credentials.value.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.create_trace_chunk.credentials.value.gid),
};
const bool is_local_trace =
!msg.u.create_trace_chunk.relayd_id.is_set;
pthread_mutex_lock(&chunk->lock);
if (chunk->credentials.is_set) {
if (chunk->credentials.value.use_current_user) {
- credentials->uid = geteuid();
- credentials->gid = getegid();
+ LTTNG_OPTIONAL_SET(&credentials->uid, geteuid());
+ LTTNG_OPTIONAL_SET(&credentials->gid, getegid());
} else {
*credentials = chunk->credentials.value.user;
}
}
return run_as_open(shm_path,
O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR,
- session_credentials->uid, session_credentials->gid);
+ lttng_credentials_get_uid(session_credentials),
+ lttng_credentials_get_gid(session_credentials));
error_shm_path:
return -1;
ERR("Cannot get stream shm path");
}
closeret = run_as_unlink(shm_path,
- channel->buffer_credentials.value.uid,
- channel->buffer_credentials.value.gid);
+ lttng_credentials_get_uid(LTTNG_OPTIONAL_GET_PTR(
+ channel->buffer_credentials)),
+ lttng_credentials_get_gid(LTTNG_OPTIONAL_GET_PTR(
+ channel->buffer_credentials)));
if (closeret) {
PERROR("unlink %s", shm_path);
}
/* Try to rmdir all directories under shm_path root. */
if (channel->root_shm_path[0]) {
(void) run_as_rmdir_recursive(channel->root_shm_path,
- channel->buffer_credentials.value.uid,
- channel->buffer_credentials.value.gid,
+ lttng_credentials_get_uid(LTTNG_OPTIONAL_GET_PTR(
+ channel->buffer_credentials)),
+ lttng_credentials_get_gid(LTTNG_OPTIONAL_GET_PTR(
+ channel->buffer_credentials)),
LTTNG_DIRECTORY_HANDLE_SKIP_NON_EMPTY_FLAG);
}
free(stream_fds);
struct ustctl_consumer_channel_attr attr;
const uint64_t chunk_id = msg.u.ask_channel.chunk_id.value;
const struct lttng_credentials buffer_credentials = {
- .uid = msg.u.ask_channel.buffer_credentials.uid,
- .gid = msg.u.ask_channel.buffer_credentials.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.ask_channel.buffer_credentials.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.ask_channel.buffer_credentials.gid),
};
/* Create a plain object and reserve a channel key. */
case LTTNG_CONSUMER_CREATE_TRACE_CHUNK:
{
const struct lttng_credentials credentials = {
- .uid = msg.u.create_trace_chunk.credentials.value.uid,
- .gid = msg.u.create_trace_chunk.credentials.value.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.create_trace_chunk.credentials.value.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(msg.u.create_trace_chunk.credentials.value.gid),
};
const bool is_local_trace =
!msg.u.create_trace_chunk.relayd_id.is_set;
ERR("Cannot get stream shm path");
}
ret = run_as_unlink(shm_path,
- chan->buffer_credentials.value.uid,
- chan->buffer_credentials.value.gid);
+ lttng_credentials_get_uid(LTTNG_OPTIONAL_GET_PTR(
+ chan->buffer_credentials)),
+ lttng_credentials_get_gid(LTTNG_OPTIONAL_GET_PTR(
+ chan->buffer_credentials)));
if (ret) {
PERROR("unlink %s", shm_path);
}
/* Try to rmdir all directories under shm_path root. */
if (chan->root_shm_path[0]) {
(void) run_as_rmdir_recursive(chan->root_shm_path,
- chan->buffer_credentials.value.uid,
- chan->buffer_credentials.value.gid,
+ lttng_credentials_get_uid(LTTNG_OPTIONAL_GET_PTR(
+ chan->buffer_credentials)),
+ lttng_credentials_get_gid(LTTNG_OPTIONAL_GET_PTR(
+ chan->buffer_credentials)),
LTTNG_DIRECTORY_HANDLE_SKIP_NON_EMPTY_FLAG);
}
free(chan->stream_fds);
int ret;
struct lttng_directory_handle *handle;
const struct lttng_credentials creds = {
- .uid = (uid_t) uid,
- .gid = (gid_t) gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(gid),
};
handle = lttng_directory_handle_create(NULL);
int ret;
struct lttng_directory_handle *handle;
const struct lttng_credentials creds = {
- .uid = (uid_t) uid,
- .gid = (gid_t) gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(gid),
};
handle = lttng_directory_handle_create(NULL);
projects / lttng-tools.git / commitdiff
