X-Git-Url: http://git.lttng.org/?a=blobdiff_plain;f=liblttng-ust-ctl%2Fustctl.c;h=0272d9b9331c6750c276993b14552bbeb6e565f2;hb=a834901f2890deadb815d7f9e3ab79c3ba673994;hp=259f40de6d164886d0d822ceece8dfd383ec1ad4;hpb=3167741775bf8edf1c6085a2ac79bb1ed4a3f401;p=lttng-ust.git

diff --git a/liblttng-ust-ctl/ustctl.c b/liblttng-ust-ctl/ustctl.c
index 259f40de..0272d9b9 100644
--- a/liblttng-ust-ctl/ustctl.c
+++ b/liblttng-ust-ctl/ustctl.c
@@ -20,6 +20,8 @@
 #include <string.h>
 #include <sys/mman.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 
 #include <lttng/ust-config.h>
 #include <lttng/ust-ctl.h>
@@ -36,6 +38,7 @@
 #include "../liblttng-ust/lttng-rb-clients.h"
 #include "../liblttng-ust/clock.h"
 #include "../liblttng-ust/getenv.h"
+#include "../liblttng-ust/lttng-tracer-core.h"
 
 #include "../libcounter/shm.h"
 #include "../libcounter/smp.h"
@@ -2021,6 +2024,104 @@ int ustctl_has_perf_counters(void)
 
 #endif
 
+#ifdef __linux__
+/*
+ * Override application pid/uid/gid with unix socket credentials. If
+ * the application announced a pid matching our view, it means it is
+ * within the same pid namespace, so expose the ppid provided by the
+ * application.
+ */
+static
+int get_cred(int sock,
+	const struct ustctl_reg_msg *reg_msg,
+	uint32_t *pid,
+	uint32_t *ppid,
+	uint32_t *uid,
+	uint32_t *gid)
+{
+	struct ucred ucred;
+	socklen_t ucred_len = sizeof(struct ucred);
+	int ret;
+
+	ret = getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &ucred_len);
+	if (ret) {
+		return -LTTNG_UST_ERR_PEERCRED;
+	}
+	DBG("Unix socket peercred [ pid: %u, uid: %u, gid: %u ], "
+		"application registered claiming [ pid: %u, ppid: %u, uid: %u, gid: %u ]",
+		ucred.pid, ucred.uid, ucred.gid,
+		reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+	if (!ucred.pid) {
+		ERR("Unix socket credential pid=0. Refusing application in distinct, non-nested pid namespace.");
+		return -LTTNG_UST_ERR_PEERCRED_PID;
+	}
+	*pid = ucred.pid;
+	*uid = ucred.uid;
+	*gid = ucred.gid;
+	if (ucred.pid == reg_msg->pid) {
+		*ppid = reg_msg->ppid;
+	} else {
+		*ppid = 0;
+	}
+	return 0;
+}
+#elif defined(__FreeBSD__)
+#include <sys/ucred.h>
+
+/*
+ * Override application uid/gid with unix socket credentials. Use the
+ * first group of the cr_groups.
+ * Use the pid and ppid provided by the application on registration.
+ */
+static
+int get_cred(int sock,
+	const struct ustctl_reg_msg *reg_msg,
+	uint32_t *pid,
+	uint32_t *ppid,
+	uint32_t *uid,
+	uint32_t *gid)
+{
+	struct xucred xucred;
+	socklen_t xucred_len = sizeof(struct xucred);
+	int ret;
+
+	ret = getsockopt(sock, SOL_SOCKET, LOCAL_PEERCRED, &xucred, &xucred_len);
+	if (ret) {
+		return -LTTNG_UST_ERR_PEERCRED;
+	}
+	if (xucred.cr_version != XUCRED_VERSION || xucred.cr_ngroups < 1) {
+		return -LTTNG_UST_ERR_PEERCRED;
+	}
+	DBG("Unix socket peercred [ uid: %u, gid: %u ], "
+		"application registered claiming [ pid: %d, ppid: %d, uid: %u, gid: %u ]",
+		xucred.uid, xucred.cr_groups[0],
+		reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+	*pid = reg_msg->pid;
+	*ppid = reg_msg->ppid;
+	*uid = xucred.uid;
+	*gid = xucred.cr_groups[0];
+	return 0;
+}
+#else
+#warning "Using insecure fallback: trusting user id provided by registered applications. Please consider implementing use of unix socket credentials on your platform."
+static
+int get_cred(int sock,
+	const struct ustctl_reg_msg *reg_msg,
+	uint32_t *pid,
+	uint32_t *ppid,
+	uint32_t *uid,
+	uint32_t *gid)
+{
+	DBG("Application registered claiming [ pid: %u, ppid: %d, uid: %u, gid: %u ]",
+		reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+	*pid = reg_msg->pid;
+	*ppid = reg_msg->ppid;
+	*uid = reg_msg->uid;
+	*gid = reg_msg->gid;
+	return 0;
+}
+#endif
+
 /*
  * Returns 0 on success, negative error value on error.
  */
@@ -2071,10 +2172,6 @@ int ustctl_recv_reg_msg(int sock,
 	}
 	*major = reg_msg.major;
 	*minor = reg_msg.minor;
-	*pid = reg_msg.pid;
-	*ppid = reg_msg.ppid;
-	*uid = reg_msg.uid;
-	*gid = reg_msg.gid;
 	*bits_per_long = reg_msg.bits_per_long;
 	*uint8_t_alignment = reg_msg.uint8_t_alignment;
 	*uint16_t_alignment = reg_msg.uint16_t_alignment;
@@ -2086,8 +2183,7 @@ int ustctl_recv_reg_msg(int sock,
 			reg_msg.major > LTTNG_UST_ABI_MAJOR_VERSION) {
 		return -LTTNG_UST_ERR_UNSUP_MAJOR;
 	}
-
-	return 0;
+	return get_cred(sock, &reg_msg, pid, ppid, uid, gid);
 }
 
 int ustctl_recv_notify(int sock, enum ustctl_notify_cmd *notify_cmd)