3a1de0a3acdd2b3613d715d48f404c3a60eb9eeb
[lttng-tools.git] / src / common / runas.c
1 /*
2 * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
3 * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License, version 2 only,
7 * as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17 */
18
19 #define _GNU_SOURCE
20 #define _LGPL_SOURCE
21 #include <errno.h>
22 #include <limits.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/wait.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <sched.h>
32 #include <sys/signal.h>
33 #include <assert.h>
34
35 #include <common/common.h>
36 #include <common/utils.h>
37 #include <common/compat/getenv.h>
38 #include <common/sessiond-comm/unix.h>
39
40 #include "runas.h"
41
42 struct run_as_data;
43 typedef int (*run_as_fct)(struct run_as_data *data);
44
45 struct run_as_mkdir_data {
46 char path[PATH_MAX];
47 mode_t mode;
48 };
49
50 struct run_as_open_data {
51 char path[PATH_MAX];
52 int flags;
53 mode_t mode;
54 };
55
56 struct run_as_unlink_data {
57 char path[PATH_MAX];
58 };
59
60 struct run_as_rmdir_recursive_data {
61 char path[PATH_MAX];
62 };
63
64 enum run_as_cmd {
65 RUN_AS_MKDIR,
66 RUN_AS_OPEN,
67 RUN_AS_UNLINK,
68 RUN_AS_RMDIR_RECURSIVE,
69 RUN_AS_MKDIR_RECURSIVE,
70 };
71
72 struct run_as_data {
73 enum run_as_cmd cmd;
74 union {
75 struct run_as_mkdir_data mkdir;
76 struct run_as_open_data open;
77 struct run_as_unlink_data unlink;
78 struct run_as_rmdir_recursive_data rmdir_recursive;
79 } u;
80 uid_t uid;
81 gid_t gid;
82 };
83
84 struct run_as_ret {
85 int ret;
86 int _errno;
87 };
88
89 struct run_as_worker {
90 pid_t pid; /* Worker PID. */
91 int sockpair[2];
92 char *procname;
93 };
94
95 /* Single global worker per process (for now). */
96 static struct run_as_worker *global_worker;
97 /* Lock protecting the worker. */
98 static pthread_mutex_t worker_lock = PTHREAD_MUTEX_INITIALIZER;
99
100 #ifdef VALGRIND
101 static
102 int use_clone(void)
103 {
104 return 0;
105 }
106 #else
107 static
108 int use_clone(void)
109 {
110 return !lttng_secure_getenv("LTTNG_DEBUG_NOCLONE");
111 }
112 #endif
113
114 LTTNG_HIDDEN
115 int _utils_mkdir_recursive_unsafe(const char *path, mode_t mode);
116
117 /*
118 * Create recursively directory using the FULL path.
119 */
120 static
121 int _mkdir_recursive(struct run_as_data *data)
122 {
123 const char *path;
124 mode_t mode;
125
126 path = data->u.mkdir.path;
127 mode = data->u.mkdir.mode;
128
129 /* Safe to call as we have transitioned to the requested uid/gid. */
130 return _utils_mkdir_recursive_unsafe(path, mode);
131 }
132
133 static
134 int _mkdir(struct run_as_data *data)
135 {
136 return mkdir(data->u.mkdir.path, data->u.mkdir.mode);
137 }
138
139 static
140 int _open(struct run_as_data *data)
141 {
142 return open(data->u.open.path, data->u.open.flags, data->u.open.mode);
143 }
144
145 static
146 int _unlink(struct run_as_data *data)
147 {
148 return unlink(data->u.unlink.path);
149 }
150
151 static
152 int _rmdir_recursive(struct run_as_data *data)
153 {
154 return utils_recursive_rmdir(data->u.rmdir_recursive.path);
155 }
156
157 static
158 run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
159 {
160 switch (cmd) {
161 case RUN_AS_MKDIR:
162 return _mkdir;
163 case RUN_AS_OPEN:
164 return _open;
165 case RUN_AS_UNLINK:
166 return _unlink;
167 case RUN_AS_RMDIR_RECURSIVE:
168 return _rmdir_recursive;
169 case RUN_AS_MKDIR_RECURSIVE:
170 return _mkdir_recursive;
171 default:
172 ERR("Unknown command %d", (int) cmd)
173 return NULL;
174 }
175 }
176
177 static
178 int do_send_fd(struct run_as_worker *worker,
179 enum run_as_cmd cmd, int fd)
180 {
181 ssize_t len;
182
183 switch (cmd) {
184 case RUN_AS_OPEN:
185 break;
186 default:
187 return 0;
188 }
189 if (fd < 0) {
190 return 0;
191 }
192 len = lttcomm_send_fds_unix_sock(worker->sockpair[1], &fd, 1);
193 if (len < 0) {
194 PERROR("lttcomm_send_fds_unix_sock");
195 return -1;
196 }
197 if (close(fd) < 0) {
198 PERROR("close");
199 return -1;
200 }
201 return 0;
202 }
203
204 static
205 int do_recv_fd(struct run_as_worker *worker,
206 enum run_as_cmd cmd, int *fd)
207 {
208 ssize_t len;
209
210 switch (cmd) {
211 case RUN_AS_OPEN:
212 break;
213 default:
214 return 0;
215 }
216 if (*fd < 0) {
217 return 0;
218 }
219 len = lttcomm_recv_fds_unix_sock(worker->sockpair[0], fd, 1);
220 if (!len) {
221 return -1;
222 } else if (len < 0) {
223 PERROR("lttcomm_recv_fds_unix_sock");
224 return -1;
225 }
226 return 0;
227 }
228
229 /*
230 * Return < 0 on error, 0 if OK, 1 on hangup.
231 */
232 static
233 int handle_one_cmd(struct run_as_worker *worker)
234 {
235 int ret = 0;
236 struct run_as_data data;
237 ssize_t readlen, writelen;
238 struct run_as_ret sendret;
239 run_as_fct cmd;
240 uid_t prev_euid;
241
242 /* Read data */
243 readlen = lttcomm_recv_unix_sock(worker->sockpair[1], &data,
244 sizeof(data));
245 if (readlen == 0) {
246 /* hang up */
247 ret = 1;
248 goto end;
249 }
250 if (readlen < sizeof(data)) {
251 PERROR("lttcomm_recv_unix_sock error");
252 ret = -1;
253 goto end;
254 }
255
256 cmd = run_as_enum_to_fct(data.cmd);
257 if (!cmd) {
258 ret = -1;
259 goto end;
260 }
261
262 prev_euid = getuid();
263 if (data.gid != getegid()) {
264 ret = setegid(data.gid);
265 if (ret < 0) {
266 PERROR("setegid");
267 goto write_return;
268 }
269 }
270 if (data.uid != prev_euid) {
271 ret = seteuid(data.uid);
272 if (ret < 0) {
273 PERROR("seteuid");
274 goto write_return;
275 }
276 }
277 /*
278 * Also set umask to 0 for mkdir executable bit.
279 */
280 umask(0);
281 ret = (*cmd)(&data);
282
283 write_return:
284 sendret.ret = ret;
285 sendret._errno = errno;
286 /* send back return value */
287 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
288 sizeof(sendret));
289 if (writelen < sizeof(sendret)) {
290 PERROR("lttcomm_send_unix_sock error");
291 ret = -1;
292 goto end;
293 }
294 ret = do_send_fd(worker, data.cmd, ret);
295 if (ret) {
296 PERROR("do_send_fd error");
297 ret = -1;
298 goto end;
299 }
300 if (seteuid(prev_euid) < 0) {
301 PERROR("seteuid");
302 ret = -1;
303 goto end;
304 }
305 ret = 0;
306 end:
307 return ret;
308 }
309
310 static
311 int run_as_worker(struct run_as_worker *worker)
312 {
313 int ret;
314 ssize_t writelen;
315 struct run_as_ret sendret;
316 size_t proc_orig_len;
317
318 /*
319 * Initialize worker. Set a different process cmdline.
320 */
321 proc_orig_len = strlen(worker->procname);
322 memset(worker->procname, 0, proc_orig_len);
323 strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
324
325 ret = pthread_setname_np(pthread_self(), DEFAULT_RUN_AS_WORKER_NAME);
326 if (ret) {
327 errno = ret;
328 ret = -1;
329 PERROR("pthread_setname_np");
330 return EXIT_FAILURE;
331 }
332
333 sendret.ret = 0;
334 sendret._errno = 0;
335 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
336 sizeof(sendret));
337 if (writelen < sizeof(sendret)) {
338 PERROR("lttcomm_send_unix_sock error");
339 ret = EXIT_FAILURE;
340 goto end;
341 }
342
343 for (;;) {
344 ret = handle_one_cmd(worker);
345 if (ret < 0) {
346 ret = EXIT_FAILURE;
347 goto end;
348 } else if (ret > 0) {
349 break;
350 } else {
351 continue; /* Next command. */
352 }
353 }
354 ret = EXIT_SUCCESS;
355 end:
356 return ret;
357 }
358
359 static
360 int run_as_cmd(struct run_as_worker *worker,
361 enum run_as_cmd cmd,
362 struct run_as_data *data,
363 uid_t uid, gid_t gid)
364 {
365 ssize_t readlen, writelen;
366 struct run_as_ret recvret;
367
368 /*
369 * If we are non-root, we can only deal with our own uid.
370 */
371 if (geteuid() != 0) {
372 if (uid != geteuid()) {
373 recvret.ret = -1;
374 recvret._errno = EPERM;
375 ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
376 uid, geteuid());
377 goto end;
378 }
379 }
380
381 data->cmd = cmd;
382 data->uid = uid;
383 data->gid = gid;
384
385 writelen = lttcomm_send_unix_sock(worker->sockpair[0], data,
386 sizeof(*data));
387 if (writelen < sizeof(*data)) {
388 PERROR("Error writing message to run_as");
389 recvret.ret = -1;
390 recvret._errno = errno;
391 goto end;
392 }
393
394 /* receive return value */
395 readlen = lttcomm_recv_unix_sock(worker->sockpair[0], &recvret,
396 sizeof(recvret));
397 if (!readlen) {
398 ERR("Run-as worker has hung-up during run_as_cmd");
399 recvret.ret = -1;
400 recvret._errno = EIO;
401 goto end;
402 } else if (readlen < sizeof(recvret)) {
403 PERROR("Error reading response from run_as");
404 recvret.ret = -1;
405 recvret._errno = errno;
406 }
407 if (do_recv_fd(worker, cmd, &recvret.ret)) {
408 recvret.ret = -1;
409 recvret._errno = EIO;
410 }
411
412 end:
413 errno = recvret._errno;
414 return recvret.ret;
415 }
416
417 /*
418 * This is for debugging ONLY and should not be considered secure.
419 */
420 static
421 int run_as_noworker(enum run_as_cmd cmd,
422 struct run_as_data *data, uid_t uid, gid_t gid)
423 {
424 int ret, saved_errno;
425 mode_t old_mask;
426 run_as_fct fct;
427
428 fct = run_as_enum_to_fct(cmd);
429 if (!fct) {
430 errno = -ENOSYS;
431 ret = -1;
432 goto end;
433 }
434 old_mask = umask(0);
435 ret = fct(data);
436 saved_errno = errno;
437 umask(old_mask);
438 errno = saved_errno;
439 end:
440 return ret;
441 }
442
443 static
444 int run_as(enum run_as_cmd cmd, struct run_as_data *data, uid_t uid, gid_t gid)
445 {
446 int ret;
447
448 if (use_clone()) {
449 DBG("Using run_as worker");
450 pthread_mutex_lock(&worker_lock);
451 assert(global_worker);
452 ret = run_as_cmd(global_worker, cmd, data, uid, gid);
453 pthread_mutex_unlock(&worker_lock);
454
455 } else {
456 DBG("Using run_as without worker");
457 ret = run_as_noworker(cmd, data, uid, gid);
458 }
459 return ret;
460 }
461
462 LTTNG_HIDDEN
463 int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
464 {
465 struct run_as_data data;
466
467 DBG3("mkdir() recursive %s with mode %d for uid %d and gid %d",
468 path, mode, uid, gid);
469 strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
470 data.u.mkdir.path[PATH_MAX - 1] = '\0';
471 data.u.mkdir.mode = mode;
472 return run_as(RUN_AS_MKDIR_RECURSIVE, &data, uid, gid);
473 }
474
475 LTTNG_HIDDEN
476 int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
477 {
478 struct run_as_data data;
479
480 DBG3("mkdir() %s with mode %d for uid %d and gid %d",
481 path, mode, uid, gid);
482 strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
483 data.u.mkdir.path[PATH_MAX - 1] = '\0';
484 data.u.mkdir.mode = mode;
485 return run_as(RUN_AS_MKDIR, &data, uid, gid);
486 }
487
488 /*
489 * Note: open_run_as is currently not working. We'd need to pass the fd
490 * opened in the child to the parent.
491 */
492 LTTNG_HIDDEN
493 int run_as_open(const char *path, int flags, mode_t mode, uid_t uid, gid_t gid)
494 {
495 struct run_as_data data;
496
497 DBG3("open() %s with flags %X mode %d for uid %d and gid %d",
498 path, flags, mode, uid, gid);
499 strncpy(data.u.open.path, path, PATH_MAX - 1);
500 data.u.open.path[PATH_MAX - 1] = '\0';
501 data.u.open.flags = flags;
502 data.u.open.mode = mode;
503 return run_as(RUN_AS_OPEN, &data, uid, gid);
504 }
505
506 LTTNG_HIDDEN
507 int run_as_unlink(const char *path, uid_t uid, gid_t gid)
508 {
509 struct run_as_data data;
510
511 DBG3("unlink() %s with for uid %d and gid %d",
512 path, uid, gid);
513 strncpy(data.u.unlink.path, path, PATH_MAX - 1);
514 data.u.unlink.path[PATH_MAX - 1] = '\0';
515 return run_as(RUN_AS_UNLINK, &data, uid, gid);
516 }
517
518 LTTNG_HIDDEN
519 int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
520 {
521 struct run_as_data data;
522
523 DBG3("rmdir_recursive() %s with for uid %d and gid %d",
524 path, uid, gid);
525 strncpy(data.u.rmdir_recursive.path, path, PATH_MAX - 1);
526 data.u.rmdir_recursive.path[PATH_MAX - 1] = '\0';
527 return run_as(RUN_AS_RMDIR_RECURSIVE, &data, uid, gid);
528 }
529
530 LTTNG_HIDDEN
531 int run_as_create_worker(char *procname)
532 {
533 pid_t pid;
534 int i, ret = 0;
535 ssize_t readlen;
536 struct run_as_ret recvret;
537 struct run_as_worker *worker;
538
539 pthread_mutex_lock(&worker_lock);
540 assert(!global_worker);
541 if (!use_clone()) {
542 /*
543 * Don't initialize a worker, all run_as tasks will be performed
544 * in the current process.
545 */
546 ret = 0;
547 goto end;
548 }
549 worker = zmalloc(sizeof(*worker));
550 if (!worker) {
551 ret = -ENOMEM;
552 goto end;
553 }
554 worker->procname = procname;
555 /* Create unix socket. */
556 if (lttcomm_create_anon_unix_socketpair(worker->sockpair) < 0) {
557 ret = -1;
558 goto error_sock;
559 }
560 /* Fork worker. */
561 pid = fork();
562 if (pid < 0) {
563 PERROR("fork");
564 ret = -1;
565 goto error_fork;
566 } else if (pid == 0) {
567 /* Child */
568
569 /* The child has no use for this lock. */
570 pthread_mutex_unlock(&worker_lock);
571 /* Just close, no shutdown. */
572 if (close(worker->sockpair[0])) {
573 PERROR("close");
574 exit(EXIT_FAILURE);
575 }
576 worker->sockpair[0] = -1;
577 ret = run_as_worker(worker);
578 if (lttcomm_close_unix_sock(worker->sockpair[1])) {
579 PERROR("close");
580 ret = -1;
581 }
582 worker->sockpair[1] = -1;
583 exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
584 } else {
585 /* Parent */
586
587 /* Just close, no shutdown. */
588 if (close(worker->sockpair[1])) {
589 PERROR("close");
590 ret = -1;
591 goto error_fork;
592 }
593 worker->sockpair[1] = -1;
594 worker->pid = pid;
595 /* Wait for worker to become ready. */
596 readlen = lttcomm_recv_unix_sock(worker->sockpair[0],
597 &recvret, sizeof(recvret));
598 if (readlen < sizeof(recvret)) {
599 ERR("readlen: %zd", readlen);
600 PERROR("Error reading response from run_as at creation");
601 ret = -1;
602 goto error_fork;
603 }
604 global_worker = worker;
605 }
606 end:
607 pthread_mutex_unlock(&worker_lock);
608 return ret;
609
610 /* Error handling. */
611 error_fork:
612 for (i = 0; i < 2; i++) {
613 if (worker->sockpair[i] < 0) {
614 continue;
615 }
616 if (lttcomm_close_unix_sock(worker->sockpair[i])) {
617 PERROR("close");
618 }
619 worker->sockpair[i] = -1;
620 }
621 error_sock:
622 free(worker);
623 pthread_mutex_unlock(&worker_lock);
624 return ret;
625 }
626
627 LTTNG_HIDDEN
628 void run_as_destroy_worker(void)
629 {
630 struct run_as_worker *worker = global_worker;
631 int status;
632 pid_t pid;
633
634 pthread_mutex_lock(&worker_lock);
635 if (!worker) {
636 goto end;
637 }
638 /* Close unix socket */
639 if (lttcomm_close_unix_sock(worker->sockpair[0])) {
640 PERROR("close");
641 }
642 worker->sockpair[0] = -1;
643 /* Wait for worker. */
644 pid = waitpid(worker->pid, &status, 0);
645 if (pid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
646 PERROR("wait");
647 }
648 free(worker);
649 global_worker = NULL;
650 end:
651 pthread_mutex_unlock(&worker_lock);
652 }
This page took 0.066374 seconds and 3 git commands to generate.