bus-creds.c revision cccb0b2cdbd25e90ae92d2d5b107125cb1ca3433
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen This file is part of systemd.
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen Copyright 2013 Lennart Poettering
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen systemd is free software; you can redistribute it and/or modify it
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen under the terms of the GNU Lesser General Public License as published by
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen the Free Software Foundation; either version 2.1 of the License, or
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen (at your option) any later version.
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen systemd is distributed in the hope that it will be useful, but
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen WITHOUT ANY WARRANTY; without even the implied warranty of
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen Lesser General Public License for more details.
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen You should have received a copy of the GNU Lesser General Public License
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen along with systemd; If not, see <http://www.gnu.org/licenses/>.
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen /* For internal bus cred structures that are allocated by
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen * something else */
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
2ad8416dd057e7e3185169609ca3006e7649f576Zbigniew Jędrzejewski-Szmek /* If this is an embedded creds structure, then
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen * forward ref counting to the message */
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) {
f61942250a43a123580d7bbe5d7873dc5118ed97Tom Gundersen if (c->n_ref == 0) {
866ee3682213789f85b877700457fdca05695a0eTom Gundersen_public_ uint64_t sd_bus_creds_get_mask(const sd_bus_creds *c) {
d2df0d0ed3a88e491405b403e6022e6619750130Tom Gundersen_public_ int sd_bus_creds_new_from_pid(pid_t pid, uint64_t mask, sd_bus_creds **ret) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen assert_return(mask <= _SD_BUS_CREDS_ALL, -ENOTSUP);
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen /* Check if the process existed at all, in case we haven't
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen * figured that out already */
ecb08ec6a5c52f2d940f3b8147e2a480affd46e1Zbigniew Jędrzejewski-Szmek if (kill(pid, 0) < 0 && errno == ESRCH) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
36f822c4bd077f9121757e24b6516e5c7ada63b5Zbigniew Jędrzejewski-Szmek_public_ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid) {
a2a5291b3f5ab6ed4c92f51d0fd10a03047380d8Zbigniew Jędrzejewski-Szmek if (!(c->mask & SD_BUS_CREDS_TID))
74df0fca09b3c31ed19e14ba80f996fdff772417Lennart Poettering_public_ int sd_bus_creds_get_pid_starttime(sd_bus_creds *c, uint64_t *usec) {
a2a5291b3f5ab6ed4c92f51d0fd10a03047380d8Zbigniew Jędrzejewski-Szmek if (!(c->mask & SD_BUS_CREDS_PID_STARTTIME))
edf029b7fd9a5853a87d3ca99aac2922bb8a277eTom Gundersen_public_ int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **ret) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen if (!(c->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
2ad8416dd057e7e3185169609ca3006e7649f576Zbigniew Jędrzejewski-Szmek_public_ int sd_bus_creds_get_comm(sd_bus_creds *c, const char **ret) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **ret) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_exe(sd_bus_creds *c, const char **ret) {
be32eb9b7fbcb22e4b648086d644135e38279633Tom Gundersen_public_ int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **ret) {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) {
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
04b67d49254d956d31bcfe80340fb9df7ed332d3Tom Gundersen r = cg_path_get_unit(shifted, (char**) &c->unit);
3c9b886068d99e5d3cbabcac32a4decf37244c54Tom Gundersen_public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) {
04b67d49254d956d31bcfe80340fb9df7ed332d3Tom Gundersen r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
3c9b886068d99e5d3cbabcac32a4decf37244c54Tom Gundersen r = cg_path_get_user_unit(shifted, (char**) &c->user_unit);
9bf3b53533cdc9b95c921b71da755401f223f765Lennart Poettering_public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) {
3c9b886068d99e5d3cbabcac32a4decf37244c54Tom Gundersen r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen r = cg_path_get_slice(shifted, (char**) &c->slice);
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen_public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) {
464cf22f17e0cf2d8bfa6d72b5e7a662d634f149Tom Gundersen r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
464cf22f17e0cf2d8bfa6d72b5e7a662d634f149Tom Gundersen r = cg_path_get_session(shifted, (char**) &c->session);
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen_public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) {
04b67d49254d956d31bcfe80340fb9df7ed332d3Tom Gundersen r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted);
daeb71a36a98834664e4d95773a3629b746f4db8Tom Gundersen_public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) {
5fde13d748749f0e06e2e6cdd15f0980a79ea82cTom Gundersen c->cmdline_array = strv_parse_nulstr(c->cmdline, c->cmdline_size);
04b67d49254d956d31bcfe80340fb9df7ed332d3Tom Gundersen_public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid) {
04b67d49254d956d31bcfe80340fb9df7ed332d3Tom Gundersen if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID))
a669ea9860900d5cdebbc4cb9aaea72db7e28a02Tom Gundersen_public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
a669ea9860900d5cdebbc4cb9aaea72db7e28a02Tom Gundersen_public_ int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **unique_name) {
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen_public_ int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***well_known_names) {
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen if (!(c->mask & SD_BUS_CREDS_WELL_KNOWN_NAMES))
847a8a5fed4d265dfa659917515c6f9bd1b8d5c4Tom Gundersen_public_ int sd_bus_creds_get_connection_name(sd_bus_creds *c, const char **ret) {
847a8a5fed4d265dfa659917515c6f9bd1b8d5c4Tom Gundersen if (!(c->mask & SD_BUS_CREDS_CONNECTION_NAME))
847a8a5fed4d265dfa659917515c6f9bd1b8d5c4Tom Gundersenstatic int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
be32eb9b7fbcb22e4b648086d644135e38279633Tom Gundersen return !!(c->capability[offset * sz + (capability / 8)] & (1 << (capability % 8)));
464cf22f17e0cf2d8bfa6d72b5e7a662d634f149Tom Gundersen_public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
be32eb9b7fbcb22e4b648086d644135e38279633Tom Gundersen return has_cap(c, CAP_OFFSET_EFFECTIVE, capability);
be32eb9b7fbcb22e4b648086d644135e38279633Tom Gundersen_public_ int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability) {
return -ENODATA;
return -ENODATA;
assert(c);
assert(p);
return -EINVAL;
if (!c->capability) {
if (!c->capability)
return -ENOMEM;
for (i = 0; i < sz; i ++) {
return -EINVAL;
assert(c);
if (missing == 0)
if (pid <= 0)
unsigned long uid;
return -EIO;
unsigned long gid;
return -EIO;
unsigned long long st;
if (c->cmdline_size == 0) {
return -ENOMEM;
if (missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)) {
c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID);
assert(c);
n = bus_creds_new();
return -ENOMEM;
if (!n->comm)
return -ENOMEM;
if (!n->tid_comm)
return -ENOMEM;
if (!n->exe)
return -ENOMEM;
if (!n->cmdline)
return -ENOMEM;
if (c->mask & mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID)) {
if (!n->cgroup)
return -ENOMEM;
if (!n->cgroup_root)
return -ENOMEM;
n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID);
if (c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)) {
if (!n->capability)
return -ENOMEM;
n->mask |= c->mask & mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS);
if (!n->unique_name)
return -ENOMEM;
if (!n->well_known_names)
return -ENOMEM;
*ret = n;
n = NULL;