[lttng-tools.git] / src / common / runas.c

/*
 * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
 *                      Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License, version 2 only,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#define _GNU_SOURCE
#define _LGPL_SOURCE
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <sched.h>
#include <sys/signal.h>

#include <common/common.h>
#include <common/utils.h>
#include <common/compat/getenv.h>
#include <common/sessiond-comm/unix.h>

#include "runas.h"

struct run_as_data;
typedef int (*run_as_fct)(struct run_as_data *data);

struct run_as_mkdir_data {
	char path[PATH_MAX];
	mode_t mode;
};

struct run_as_open_data {
	char path[PATH_MAX];
	int flags;
	mode_t mode;
};

struct run_as_unlink_data {
	char path[PATH_MAX];
};

struct run_as_rmdir_recursive_data {
	char path[PATH_MAX];
};

enum run_as_cmd {
	RUN_AS_MKDIR,
	RUN_AS_OPEN,
	RUN_AS_UNLINK,
	RUN_AS_RMDIR_RECURSIVE,
	RUN_AS_MKDIR_RECURSIVE,
};

struct run_as_data {
	enum run_as_cmd cmd;
	union {
		struct run_as_mkdir_data mkdir;
		struct run_as_open_data open;
		struct run_as_unlink_data unlink;
		struct run_as_rmdir_recursive_data rmdir_recursive;
	} u;
	uid_t uid;
	gid_t gid;
};

struct run_as_ret {
	int ret;
	int _errno;
};

struct run_as_worker {
	pid_t pid;	/* Worker PID. */
	int sockpair[2];
	char *procname;
};

/* Single global worker per process (for now). */
static struct run_as_worker *global_worker;
/* Lock protecting the worker. */
static pthread_mutex_t worker_lock = PTHREAD_MUTEX_INITIALIZER;

#ifdef VALGRIND
static
int use_clone(void)
{
	return 0;
}
#else
static
int use_clone(void)
{
	return !lttng_secure_getenv("LTTNG_DEBUG_NOCLONE");
}
#endif

LTTNG_HIDDEN
int _utils_mkdir_recursive_unsafe(const char *path, mode_t mode);

/*
 * Create recursively directory using the FULL path.
 */
static
int _mkdir_recursive(struct run_as_data *data)
{
	const char *path;
	mode_t mode;

	path = data->u.mkdir.path;
	mode = data->u.mkdir.mode;

	/* Safe to call as we have transitioned to the requested uid/gid. */
	return _utils_mkdir_recursive_unsafe(path, mode);
}

static
int _mkdir(struct run_as_data *data)
{
	return mkdir(data->u.mkdir.path, data->u.mkdir.mode);
}

static
int _open(struct run_as_data *data)
{
	return open(data->u.open.path, data->u.open.flags, data->u.open.mode);
}

static
int _unlink(struct run_as_data *data)
{
	return unlink(data->u.unlink.path);
}

static
int _rmdir_recursive(struct run_as_data *data)
{
	return utils_recursive_rmdir(data->u.rmdir_recursive.path);
}

static
run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
{
	switch (cmd) {
	case RUN_AS_MKDIR:
		return _mkdir;
	case RUN_AS_OPEN:
		return _open;
	case RUN_AS_UNLINK:
		return _unlink;
	case RUN_AS_RMDIR_RECURSIVE:
		return _rmdir_recursive;
	case RUN_AS_MKDIR_RECURSIVE:
		return _mkdir_recursive;
	default:
		ERR("Unknown command %d", (int) cmd)
		return NULL;
	}
}

static
int do_send_fd(struct run_as_worker *worker,
		enum run_as_cmd cmd, int fd)
{
	ssize_t len;

	switch (cmd) {
	case RUN_AS_OPEN:
		break;
	default:
		return 0;
	}
	if (fd < 0) {
		return 0;
	}
	len = lttcomm_send_fds_unix_sock(worker->sockpair[1], &fd, 1);
	if (len < 0) {
		PERROR("lttcomm_send_fds_unix_sock");
		return -1;
	}
	if (close(fd) < 0) {
		PERROR("close");
		return -1;
	}
	return 0;
}

static
int do_recv_fd(struct run_as_worker *worker,
		enum run_as_cmd cmd, int *fd)
{
	ssize_t len;

	switch (cmd) {
	case RUN_AS_OPEN:
		break;
	default:
		return 0;
	}
	if (*fd < 0) {
		return 0;
	}
	len = lttcomm_recv_fds_unix_sock(worker->sockpair[0], fd, 1);
	if (!len) {
		return -1;
	} else if (len < 0) {
		PERROR("lttcomm_recv_fds_unix_sock");
		return -1;
	}
	return 0;
}

/*
 * Return < 0 on error, 0 if OK, 1 on hangup.
 */
static
int handle_one_cmd(struct run_as_worker *worker)
{
	int ret = 0;
	struct run_as_data data;
	ssize_t readlen, writelen;
	struct run_as_ret sendret;
	run_as_fct cmd;
	uid_t prev_euid;

	/* Read data */
	readlen = lttcomm_recv_unix_sock(worker->sockpair[1], &data,
			sizeof(data));
	if (readlen == 0) {
		/* hang up */
		ret = 1;
		goto end;
	}
	if (readlen < sizeof(data)) {
		PERROR("lttcomm_recv_unix_sock error");
		ret = -1;
		goto end;
	}

	cmd = run_as_enum_to_fct(data.cmd);
	if (!cmd) {
		ret = -1;
		goto end;
	}

	prev_euid = getuid();
	if (data.gid != getegid()) {
		ret = setegid(data.gid);
		if (ret < 0) {
			PERROR("setegid");
			goto write_return;
		}
	}
	if (data.uid != prev_euid) {
		ret = seteuid(data.uid);
		if (ret < 0) {
			PERROR("seteuid");
			goto write_return;
		}
	}
	/*
	 * Also set umask to 0 for mkdir executable bit.
	 */
	umask(0);
	ret = (*cmd)(&data);

write_return:
	sendret.ret = ret;
	sendret._errno = errno;
	/* send back return value */
	writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
			sizeof(sendret));
	if (writelen < sizeof(sendret)) {
		PERROR("lttcomm_send_unix_sock error");
		ret = -1;
		goto end;
	}
	ret = do_send_fd(worker, data.cmd, ret);
	if (ret) {
		PERROR("do_send_fd error");
		ret = -1;
		goto end;
	}
	if (seteuid(prev_euid) < 0) {
		PERROR("seteuid");
		ret = -1;
		goto end;
	}
	ret = 0;
end:
	return ret;
}

static
int run_as_worker(struct run_as_worker *worker)
{
	int ret;
	ssize_t writelen;
	struct run_as_ret sendret;
	size_t proc_orig_len;

	/*
	 * Initialize worker. Set a different process cmdline.
	 */
	proc_orig_len = strlen(worker->procname);
	memset(worker->procname, 0, proc_orig_len);
	strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);

	ret = pthread_setname_np(pthread_self(), DEFAULT_RUN_AS_WORKER_NAME);
	if (ret) {
		errno = ret;
		ret = -1;
		PERROR("pthread_setname_np");
		return EXIT_FAILURE;
	}

	sendret.ret = 0;
	sendret._errno = 0;
	writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
			sizeof(sendret));
	if (writelen < sizeof(sendret)) {
		PERROR("lttcomm_send_unix_sock error");
		ret = EXIT_FAILURE;
		goto end;
	}

	for (;;) {
		ret = handle_one_cmd(worker);
		if (ret < 0) {
			ret = EXIT_FAILURE;
			goto end;
		} else if (ret > 0) {
			break;
		} else {
			continue;	/* Next command. */
		}
	}
	ret = EXIT_SUCCESS;
end:
	return ret;
}

static
int run_as_cmd(struct run_as_worker *worker,
		enum run_as_cmd cmd,
		struct run_as_data *data,
		uid_t uid, gid_t gid)
{
	ssize_t readlen, writelen;
	struct run_as_ret recvret;

	pthread_mutex_lock(&worker_lock);
	/*
	 * If we are non-root, we can only deal with our own uid.
	 */
	if (geteuid() != 0) {
		if (uid != geteuid()) {
			recvret.ret = -1;
			recvret._errno = EPERM;
			ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
				uid, geteuid());
			goto end;
		}
	}

	data->cmd = cmd;
	data->uid = uid;
	data->gid = gid;

	writelen = lttcomm_send_unix_sock(worker->sockpair[0], data,
			sizeof(*data));
	if (writelen < sizeof(*data)) {
		PERROR("Error writing message to run_as");
		recvret.ret = -1;
		recvret._errno = errno;
		goto end;
	}

	/* receive return value */
	readlen = lttcomm_recv_unix_sock(worker->sockpair[0], &recvret,
			sizeof(recvret));
	if (!readlen) {
		ERR("Run-as worker has hung-up during run_as_cmd");
		recvret.ret = -1;
		recvret._errno = EIO;
		goto end;
	} else if (readlen < sizeof(recvret)) {
		PERROR("Error reading response from run_as");
		recvret.ret = -1;
		recvret._errno = errno;
	}
	if (do_recv_fd(worker, cmd, &recvret.ret)) {
		recvret.ret = -1;
		recvret._errno = EIO;
	}

end:
	pthread_mutex_unlock(&worker_lock);
	errno = recvret._errno;
	return recvret.ret;
}

/*
 * This is for debugging ONLY and should not be considered secure.
 */
static
int run_as_noworker(enum run_as_cmd cmd,
		struct run_as_data *data, uid_t uid, gid_t gid)
{
	int ret, saved_errno;
	mode_t old_mask;
	run_as_fct fct;

	fct = run_as_enum_to_fct(cmd);
	if (!fct) {
		errno = -ENOSYS;
		ret = -1;
		goto end;
	}
	old_mask = umask(0);
	ret = fct(data);
	saved_errno = errno;
	umask(old_mask);
	errno = saved_errno;
end:
	return ret;
}

static
int run_as(struct run_as_worker *worker,
		enum run_as_cmd cmd,
		struct run_as_data *data, uid_t uid, gid_t gid)
{
	int ret;

	if (worker) {
		DBG("Using run_as worker");
		ret = run_as_cmd(worker, cmd, data, uid, gid);
	} else {
		DBG("Using run_as without worker");
		ret = run_as_noworker(cmd, data, uid, gid);
	}
	return ret;
}

LTTNG_HIDDEN
int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
{
	struct run_as_worker *worker = global_worker;
	struct run_as_data data;

	DBG3("mkdir() recursive %s with mode %d for uid %d and gid %d",
			path, mode, uid, gid);
	strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
	data.u.mkdir.path[PATH_MAX - 1] = '\0';
	data.u.mkdir.mode = mode;
	return run_as(worker, RUN_AS_MKDIR_RECURSIVE, &data, uid, gid);
}

LTTNG_HIDDEN
int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
{
	struct run_as_worker *worker = global_worker;
	struct run_as_data data;

	DBG3("mkdir() %s with mode %d for uid %d and gid %d",
			path, mode, uid, gid);
	strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
	data.u.mkdir.path[PATH_MAX - 1] = '\0';
	data.u.mkdir.mode = mode;
	return run_as(worker, RUN_AS_MKDIR, &data, uid, gid);
}

/*
 * Note: open_run_as is currently not working. We'd need to pass the fd
 * opened in the child to the parent.
 */
LTTNG_HIDDEN
int run_as_open(const char *path, int flags, mode_t mode, uid_t uid, gid_t gid)
{
	struct run_as_worker *worker = global_worker;
	struct run_as_data data;

	DBG3("open() %s with flags %X mode %d for uid %d and gid %d",
			path, flags, mode, uid, gid);
	strncpy(data.u.open.path, path, PATH_MAX - 1);
	data.u.open.path[PATH_MAX - 1] = '\0';
	data.u.open.flags = flags;
	data.u.open.mode = mode;
	return run_as(worker, RUN_AS_OPEN, &data, uid, gid);
}

LTTNG_HIDDEN
int run_as_unlink(const char *path, uid_t uid, gid_t gid)
{
	struct run_as_worker *worker = global_worker;
	struct run_as_data data;

	DBG3("unlink() %s with for uid %d and gid %d",
			path, uid, gid);
	strncpy(data.u.unlink.path, path, PATH_MAX - 1);
	data.u.unlink.path[PATH_MAX - 1] = '\0';
	return run_as(worker, RUN_AS_UNLINK, &data, uid, gid);
}

LTTNG_HIDDEN
int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
{
	struct run_as_worker *worker = global_worker;
	struct run_as_data data;

	DBG3("rmdir_recursive() %s with for uid %d and gid %d",
			path, uid, gid);
	strncpy(data.u.rmdir_recursive.path, path, PATH_MAX - 1);
	data.u.rmdir_recursive.path[PATH_MAX - 1] = '\0';
	return run_as(worker, RUN_AS_RMDIR_RECURSIVE, &data, uid, gid);
}

LTTNG_HIDDEN
int run_as_create_worker(char *procname)
{
	pid_t pid;
	int i, ret = 0;
	ssize_t readlen;
	struct run_as_ret recvret;
	struct run_as_worker *worker;

	if (!use_clone()) {
		ret = 0;
		goto end;
	}
	worker = zmalloc(sizeof(*worker));
	if (!worker) {
		ret = -ENOMEM;
		goto end;
	}
	worker->procname = procname;
	/* Create unix socket. */
	if (lttcomm_create_anon_unix_socketpair(worker->sockpair) < 0) {
		ret = -1;
		goto error_sock;
	}
	/* Fork worker. */
	pid = fork();
	if (pid < 0) {
		PERROR("fork");
		ret = -1;
		goto error_fork;
	} else if (pid == 0) {
		/* Child */

		/* Just close, no shutdown. */
		if (close(worker->sockpair[0])) {
			PERROR("close");
			exit(EXIT_FAILURE);
		}
		worker->sockpair[0] = -1;
		ret = run_as_worker(worker);
		if (lttcomm_close_unix_sock(worker->sockpair[1])) {
			PERROR("close");
			ret = -1;
		}
		worker->sockpair[1] = -1;
		exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
	} else {
		/* Parent */

		/* Just close, no shutdown. */
		if (close(worker->sockpair[1])) {
			PERROR("close");
			ret = -1;
			goto error_fork;
		}
		worker->sockpair[1] = -1;
		worker->pid = pid;
		/* Wait for worker to become ready. */
		readlen = lttcomm_recv_unix_sock(worker->sockpair[0],
				&recvret, sizeof(recvret));
		if (readlen < sizeof(recvret)) {
			ERR("readlen: %zd", readlen);
			PERROR("Error reading response from run_as at creation");
			ret = -1;
			goto error_fork;
		}
		global_worker = worker;
	}
end:
	return ret;

	/* Error handling. */
error_fork:
	for (i = 0; i < 2; i++) {
		if (worker->sockpair[i] < 0) {
			continue;
		}
		if (lttcomm_close_unix_sock(worker->sockpair[i])) {
			PERROR("close");
		}
		worker->sockpair[i] = -1;
	}
error_sock:
	free(worker);
	return ret;
}

LTTNG_HIDDEN
void run_as_destroy_worker(void)
{
	struct run_as_worker *worker = global_worker;
	int status;
	pid_t pid;

	if (!worker) {
		return;
	}
	/* Close unix socket */
	if (lttcomm_close_unix_sock(worker->sockpair[0])) {
		PERROR("close");
	}
	worker->sockpair[0] = -1;
	/* Wait for worker. */
	pid = waitpid(worker->pid, &status, 0);
	if (pid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
		PERROR("wait");
	}
	free(worker);
	global_worker = NULL;
}
Commit	Line	Data
	1	/*
	2	* Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
	3	* Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License, version 2 only,
	7	* as published by the Free Software Foundation.
	8	*
	9	* This program is distributed in the hope that it will be useful, but WITHOUT
	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	* more details.
	13	*
	14	* You should have received a copy of the GNU General Public License along
	15	* with this program; if not, write to the Free Software Foundation, Inc.,
	16	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	17	*/
	18
	19	#define _GNU_SOURCE
	20	#define _LGPL_SOURCE
	21	#include <errno.h>
	22	#include <limits.h>
	23	#include <stdio.h>
	24	#include <stdlib.h>
	25	#include <string.h>
	26	#include <sys/wait.h>
	27	#include <sys/types.h>
	28	#include <sys/stat.h>
	29	#include <unistd.h>
	30	#include <fcntl.h>
	31	#include <sched.h>
	32	#include <sys/signal.h>
	33
	34	#include <common/common.h>
	35	#include <common/utils.h>
	36	#include <common/compat/getenv.h>
	37	#include <common/sessiond-comm/unix.h>
	38
	39	#include "runas.h"
	40
	41	struct run_as_data;
	42	typedef int (run_as_fct)(struct run_as_data data);
	43
	44	struct run_as_mkdir_data {
	45	char path[PATH_MAX];
	46	mode_t mode;
	47	};
	48
	49	struct run_as_open_data {
	50	char path[PATH_MAX];
	51	int flags;
	52	mode_t mode;
	53	};
	54
	55	struct run_as_unlink_data {
	56	char path[PATH_MAX];
	57	};
	58
	59	struct run_as_rmdir_recursive_data {
	60	char path[PATH_MAX];
	61	};
	62
	63	enum run_as_cmd {
	64	RUN_AS_MKDIR,
	65	RUN_AS_OPEN,
	66	RUN_AS_UNLINK,
	67	RUN_AS_RMDIR_RECURSIVE,
	68	RUN_AS_MKDIR_RECURSIVE,
	69	};
	70
	71	struct run_as_data {
	72	enum run_as_cmd cmd;
	73	union {
	74	struct run_as_mkdir_data mkdir;
	75	struct run_as_open_data open;
	76	struct run_as_unlink_data unlink;
	77	struct run_as_rmdir_recursive_data rmdir_recursive;
	78	} u;
	79	uid_t uid;
	80	gid_t gid;
	81	};
	82
	83	struct run_as_ret {
	84	int ret;
	85	int _errno;
	86	};
	87
	88	struct run_as_worker {
	89	pid_t pid; /* Worker PID. */
	90	int sockpair[2];
	91	char *procname;
	92	};
	93
	94	/* Single global worker per process (for now). */
	95	static struct run_as_worker *global_worker;
	96	/* Lock protecting the worker. */
	97	static pthread_mutex_t worker_lock = PTHREAD_MUTEX_INITIALIZER;
	98
	99	#ifdef VALGRIND
	100	static
	101	int use_clone(void)
	102	{
	103	return 0;
	104	}
	105	#else
	106	static
	107	int use_clone(void)
	108	{
	109	return !lttng_secure_getenv("LTTNG_DEBUG_NOCLONE");
	110	}
	111	#endif
	112
	113	LTTNG_HIDDEN
	114	int _utils_mkdir_recursive_unsafe(const char *path, mode_t mode);
	115
	116	/*
	117	* Create recursively directory using the FULL path.
	118	*/
	119	static
	120	int _mkdir_recursive(struct run_as_data *data)
	121	{
	122	const char *path;
	123	mode_t mode;
	124
	125	path = data->u.mkdir.path;
	126	mode = data->u.mkdir.mode;
	127
	128	/* Safe to call as we have transitioned to the requested uid/gid. */
	129	return _utils_mkdir_recursive_unsafe(path, mode);
	130	}
	131
	132	static
	133	int _mkdir(struct run_as_data *data)
	134	{
	135	return mkdir(data->u.mkdir.path, data->u.mkdir.mode);
	136	}
	137
	138	static
	139	int _open(struct run_as_data *data)
	140	{
	141	return open(data->u.open.path, data->u.open.flags, data->u.open.mode);
	142	}
	143
	144	static
	145	int _unlink(struct run_as_data *data)
	146	{
	147	return unlink(data->u.unlink.path);
	148	}
	149
	150	static
	151	int _rmdir_recursive(struct run_as_data *data)
	152	{
	153	return utils_recursive_rmdir(data->u.rmdir_recursive.path);
	154	}
	155
	156	static
	157	run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
	158	{
	159	switch (cmd) {
	160	case RUN_AS_MKDIR:
	161	return _mkdir;
	162	case RUN_AS_OPEN:
	163	return _open;
	164	case RUN_AS_UNLINK:
	165	return _unlink;
	166	case RUN_AS_RMDIR_RECURSIVE:
	167	return _rmdir_recursive;
	168	case RUN_AS_MKDIR_RECURSIVE:
	169	return _mkdir_recursive;
	170	default:
	171	ERR("Unknown command %d", (int) cmd)
	172	return NULL;
	173	}
	174	}
	175
	176	static
	177	int do_send_fd(struct run_as_worker *worker,
	178	enum run_as_cmd cmd, int fd)
	179	{
	180	ssize_t len;
	181
	182	switch (cmd) {
	183	case RUN_AS_OPEN:
	184	break;
	185	default:
	186	return 0;
	187	}
	188	if (fd < 0) {
	189	return 0;
	190	}
	191	len = lttcomm_send_fds_unix_sock(worker->sockpair[1], &fd, 1);
	192	if (len < 0) {
	193	PERROR("lttcomm_send_fds_unix_sock");
	194	return -1;
	195	}
	196	if (close(fd) < 0) {
	197	PERROR("close");
	198	return -1;
	199	}
	200	return 0;
	201	}
	202
	203	static
	204	int do_recv_fd(struct run_as_worker *worker,
	205	enum run_as_cmd cmd, int *fd)
	206	{
	207	ssize_t len;
	208
	209	switch (cmd) {
	210	case RUN_AS_OPEN:
	211	break;
	212	default:
	213	return 0;
	214	}
	215	if (*fd < 0) {
	216	return 0;
	217	}
	218	len = lttcomm_recv_fds_unix_sock(worker->sockpair[0], fd, 1);
	219	if (!len) {
	220	return -1;
	221	} else if (len < 0) {
	222	PERROR("lttcomm_recv_fds_unix_sock");
	223	return -1;
	224	}
	225	return 0;
	226	}
	227
	228	/*
	229	* Return < 0 on error, 0 if OK, 1 on hangup.
	230	*/
	231	static
	232	int handle_one_cmd(struct run_as_worker *worker)
	233	{
	234	int ret = 0;
	235	struct run_as_data data;
	236	ssize_t readlen, writelen;
	237	struct run_as_ret sendret;
	238	run_as_fct cmd;
	239	uid_t prev_euid;
	240
	241	/* Read data */
	242	readlen = lttcomm_recv_unix_sock(worker->sockpair[1], &data,
	243	sizeof(data));
	244	if (readlen == 0) {
	245	/* hang up */
	246	ret = 1;
	247	goto end;
	248	}
	249	if (readlen < sizeof(data)) {
	250	PERROR("lttcomm_recv_unix_sock error");
	251	ret = -1;
	252	goto end;
	253	}
	254
	255	cmd = run_as_enum_to_fct(data.cmd);
	256	if (!cmd) {
	257	ret = -1;
	258	goto end;
	259	}
	260
	261	prev_euid = getuid();
	262	if (data.gid != getegid()) {
	263	ret = setegid(data.gid);
	264	if (ret < 0) {
	265	PERROR("setegid");
	266	goto write_return;
	267	}
	268	}
	269	if (data.uid != prev_euid) {
	270	ret = seteuid(data.uid);
	271	if (ret < 0) {
	272	PERROR("seteuid");
	273	goto write_return;
	274	}
	275	}
	276	/*
	277	* Also set umask to 0 for mkdir executable bit.
	278	*/
	279	umask(0);
	280	ret = (*cmd)(&data);
	281
	282	write_return:
	283	sendret.ret = ret;
	284	sendret._errno = errno;
	285	/* send back return value */
	286	writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
	287	sizeof(sendret));
	288	if (writelen < sizeof(sendret)) {
	289	PERROR("lttcomm_send_unix_sock error");
	290	ret = -1;
	291	goto end;
	292	}
	293	ret = do_send_fd(worker, data.cmd, ret);
	294	if (ret) {
	295	PERROR("do_send_fd error");
	296	ret = -1;
	297	goto end;
	298	}
	299	if (seteuid(prev_euid) < 0) {
	300	PERROR("seteuid");
	301	ret = -1;
	302	goto end;
	303	}
	304	ret = 0;
	305	end:
	306	return ret;
	307	}
	308
	309	static
	310	int run_as_worker(struct run_as_worker *worker)
	311	{
	312	int ret;
	313	ssize_t writelen;
	314	struct run_as_ret sendret;
	315	size_t proc_orig_len;
	316
	317	/*
	318	* Initialize worker. Set a different process cmdline.
	319	*/
	320	proc_orig_len = strlen(worker->procname);
	321	memset(worker->procname, 0, proc_orig_len);
	322	strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
	323
	324	ret = pthread_setname_np(pthread_self(), DEFAULT_RUN_AS_WORKER_NAME);
	325	if (ret) {
	326	errno = ret;
	327	ret = -1;
	328	PERROR("pthread_setname_np");
	329	return EXIT_FAILURE;
	330	}
	331
	332	sendret.ret = 0;
	333	sendret._errno = 0;
	334	writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
	335	sizeof(sendret));
	336	if (writelen < sizeof(sendret)) {
	337	PERROR("lttcomm_send_unix_sock error");
	338	ret = EXIT_FAILURE;
	339	goto end;
	340	}
	341
	342	for (;;) {
	343	ret = handle_one_cmd(worker);
	344	if (ret < 0) {
	345	ret = EXIT_FAILURE;
	346	goto end;
	347	} else if (ret > 0) {
	348	break;
	349	} else {
	350	continue; /* Next command. */
	351	}
	352	}
	353	ret = EXIT_SUCCESS;
	354	end:
	355	return ret;
	356	}
	357
	358	static
	359	int run_as_cmd(struct run_as_worker *worker,
	360	enum run_as_cmd cmd,
	361	struct run_as_data *data,
	362	uid_t uid, gid_t gid)
	363	{
	364	ssize_t readlen, writelen;
	365	struct run_as_ret recvret;
	366
	367	pthread_mutex_lock(&worker_lock);
	368	/*
	369	* If we are non-root, we can only deal with our own uid.
	370	*/
	371	if (geteuid() != 0) {
	372	if (uid != geteuid()) {
	373	recvret.ret = -1;
	374	recvret._errno = EPERM;
	375	ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
	376	uid, geteuid());
	377	goto end;
	378	}
	379	}
	380
	381	data->cmd = cmd;
	382	data->uid = uid;
	383	data->gid = gid;
	384
	385	writelen = lttcomm_send_unix_sock(worker->sockpair[0], data,
	386	sizeof(*data));
	387	if (writelen < sizeof(*data)) {
	388	PERROR("Error writing message to run_as");
	389	recvret.ret = -1;
	390	recvret._errno = errno;
	391	goto end;
	392	}
	393
	394	/* receive return value */
	395	readlen = lttcomm_recv_unix_sock(worker->sockpair[0], &recvret,
	396	sizeof(recvret));
	397	if (!readlen) {
	398	ERR("Run-as worker has hung-up during run_as_cmd");
	399	recvret.ret = -1;
	400	recvret._errno = EIO;
	401	goto end;
	402	} else if (readlen < sizeof(recvret)) {
	403	PERROR("Error reading response from run_as");
	404	recvret.ret = -1;
	405	recvret._errno = errno;
	406	}
	407	if (do_recv_fd(worker, cmd, &recvret.ret)) {
	408	recvret.ret = -1;
	409	recvret._errno = EIO;
	410	}
	411
	412	end:
	413	pthread_mutex_unlock(&worker_lock);
	414	errno = recvret._errno;
	415	return recvret.ret;
	416	}
	417
	418	/*
	419	* This is for debugging ONLY and should not be considered secure.
	420	*/
	421	static
	422	int run_as_noworker(enum run_as_cmd cmd,
	423	struct run_as_data *data, uid_t uid, gid_t gid)
	424	{
	425	int ret, saved_errno;
	426	mode_t old_mask;
	427	run_as_fct fct;
	428
	429	fct = run_as_enum_to_fct(cmd);
	430	if (!fct) {
	431	errno = -ENOSYS;
	432	ret = -1;
	433	goto end;
	434	}
	435	old_mask = umask(0);
	436	ret = fct(data);
	437	saved_errno = errno;
	438	umask(old_mask);
	439	errno = saved_errno;
	440	end:
	441	return ret;
	442	}
	443
	444	static
	445	int run_as(struct run_as_worker *worker,
	446	enum run_as_cmd cmd,
	447	struct run_as_data *data, uid_t uid, gid_t gid)
	448	{
	449	int ret;
	450
	451	if (worker) {
	452	DBG("Using run_as worker");
	453	ret = run_as_cmd(worker, cmd, data, uid, gid);
	454	} else {
	455	DBG("Using run_as without worker");
	456	ret = run_as_noworker(cmd, data, uid, gid);
	457	}
	458	return ret;
	459	}
	460
	461	LTTNG_HIDDEN
	462	int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
	463	{
	464	struct run_as_worker *worker = global_worker;
	465	struct run_as_data data;
	466
	467	DBG3("mkdir() recursive %s with mode %d for uid %d and gid %d",
	468	path, mode, uid, gid);
	469	strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
	470	data.u.mkdir.path[PATH_MAX - 1] = '\0';
	471	data.u.mkdir.mode = mode;
	472	return run_as(worker, RUN_AS_MKDIR_RECURSIVE, &data, uid, gid);
	473	}
	474
	475	LTTNG_HIDDEN
	476	int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
	477	{
	478	struct run_as_worker *worker = global_worker;
	479	struct run_as_data data;
	480
	481	DBG3("mkdir() %s with mode %d for uid %d and gid %d",
	482	path, mode, uid, gid);
	483	strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
	484	data.u.mkdir.path[PATH_MAX - 1] = '\0';
	485	data.u.mkdir.mode = mode;
	486	return run_as(worker, RUN_AS_MKDIR, &data, uid, gid);
	487	}
	488
	489	/*
	490	* Note: open_run_as is currently not working. We'd need to pass the fd
	491	* opened in the child to the parent.
	492	*/
	493	LTTNG_HIDDEN
	494	int run_as_open(const char *path, int flags, mode_t mode, uid_t uid, gid_t gid)
	495	{
	496	struct run_as_worker *worker = global_worker;
	497	struct run_as_data data;
	498
	499	DBG3("open() %s with flags %X mode %d for uid %d and gid %d",
	500	path, flags, mode, uid, gid);
	501	strncpy(data.u.open.path, path, PATH_MAX - 1);
	502	data.u.open.path[PATH_MAX - 1] = '\0';
	503	data.u.open.flags = flags;
	504	data.u.open.mode = mode;
	505	return run_as(worker, RUN_AS_OPEN, &data, uid, gid);
	506	}
	507
	508	LTTNG_HIDDEN
	509	int run_as_unlink(const char *path, uid_t uid, gid_t gid)
	510	{
	511	struct run_as_worker *worker = global_worker;
	512	struct run_as_data data;
	513
	514	DBG3("unlink() %s with for uid %d and gid %d",
	515	path, uid, gid);
	516	strncpy(data.u.unlink.path, path, PATH_MAX - 1);
	517	data.u.unlink.path[PATH_MAX - 1] = '\0';
	518	return run_as(worker, RUN_AS_UNLINK, &data, uid, gid);
	519	}
	520
	521	LTTNG_HIDDEN
	522	int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
	523	{
	524	struct run_as_worker *worker = global_worker;
	525	struct run_as_data data;
	526
	527	DBG3("rmdir_recursive() %s with for uid %d and gid %d",
	528	path, uid, gid);
	529	strncpy(data.u.rmdir_recursive.path, path, PATH_MAX - 1);
	530	data.u.rmdir_recursive.path[PATH_MAX - 1] = '\0';
	531	return run_as(worker, RUN_AS_RMDIR_RECURSIVE, &data, uid, gid);
	532	}
	533
	534	LTTNG_HIDDEN
	535	int run_as_create_worker(char *procname)
	536	{
	537	pid_t pid;
	538	int i, ret = 0;
	539	ssize_t readlen;
	540	struct run_as_ret recvret;
	541	struct run_as_worker *worker;
	542
	543	if (!use_clone()) {
	544	ret = 0;
	545	goto end;
	546	}
	547	worker = zmalloc(sizeof(*worker));
	548	if (!worker) {
	549	ret = -ENOMEM;
	550	goto end;
	551	}
	552	worker->procname = procname;
	553	/* Create unix socket. */
	554	if (lttcomm_create_anon_unix_socketpair(worker->sockpair) < 0) {
	555	ret = -1;
	556	goto error_sock;
	557	}
	558	/* Fork worker. */
	559	pid = fork();
	560	if (pid < 0) {
	561	PERROR("fork");
	562	ret = -1;
	563	goto error_fork;
	564	} else if (pid == 0) {
	565	/* Child */
	566
	567	/* Just close, no shutdown. */
	568	if (close(worker->sockpair[0])) {
	569	PERROR("close");
	570	exit(EXIT_FAILURE);
	571	}
	572	worker->sockpair[0] = -1;
	573	ret = run_as_worker(worker);
	574	if (lttcomm_close_unix_sock(worker->sockpair[1])) {
	575	PERROR("close");
	576	ret = -1;
	577	}
	578	worker->sockpair[1] = -1;
	579	exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
	580	} else {
	581	/* Parent */
	582
	583	/* Just close, no shutdown. */
	584	if (close(worker->sockpair[1])) {
	585	PERROR("close");
	586	ret = -1;
	587	goto error_fork;
	588	}
	589	worker->sockpair[1] = -1;
	590	worker->pid = pid;
	591	/* Wait for worker to become ready. */
	592	readlen = lttcomm_recv_unix_sock(worker->sockpair[0],
	593	&recvret, sizeof(recvret));
	594	if (readlen < sizeof(recvret)) {
	595	ERR("readlen: %zd", readlen);
	596	PERROR("Error reading response from run_as at creation");
	597	ret = -1;
	598	goto error_fork;
	599	}
	600	global_worker = worker;
	601	}
	602	end:
	603	return ret;
	604
	605	/* Error handling. */
	606	error_fork:
	607	for (i = 0; i < 2; i++) {
	608	if (worker->sockpair[i] < 0) {
	609	continue;
	610	}
	611	if (lttcomm_close_unix_sock(worker->sockpair[i])) {
	612	PERROR("close");
	613	}
	614	worker->sockpair[i] = -1;
	615	}
	616	error_sock:
	617	free(worker);
	618	return ret;
	619	}
	620
	621	LTTNG_HIDDEN
	622	void run_as_destroy_worker(void)
	623	{
	624	struct run_as_worker *worker = global_worker;
	625	int status;
	626	pid_t pid;
	627
	628	if (!worker) {
	629	return;
	630	}
	631	/* Close unix socket */
	632	if (lttcomm_close_unix_sock(worker->sockpair[0])) {
	633	PERROR("close");
	634	}
	635	worker->sockpair[0] = -1;
	636	/* Wait for worker. */
	637	pid = waitpid(worker->pid, &status, 0);
	638	if (pid < 0 \|\| !WIFEXITED(status) \|\| WEXITSTATUS(status) != 0) {
	639	PERROR("wait");
	640	}
	641	free(worker);
	642	global_worker = NULL;
	643	}