*
*/
-#include "bin/lttng-sessiond/tracker.h"
-#include "lttng/lttng-error.h"
-#include "lttng/tracker.h"
#define _LGPL_SOURCE
#include <assert.h>
#include <inttypes.h>
#include <lttng/session-internal.h>
#include <lttng/userspace-probe-internal.h>
#include <lttng/session-descriptor-internal.h>
+#include <lttng/lttng-error.h>
+#include <lttng/tracker.h>
#include <common/string-utils/string-utils.h>
#include "channel.h"
#include "rotation-thread.h"
#include "timer.h"
#include "agent-thread.h"
+#include "tracker.h"
#include "cmd.h"
/*
* Only list the sessions the user can control.
*/
- if (!session_access_ok(session, uid, gid) ||
+ if (!session_access_ok(session, uid) ||
session->destroyed) {
session_put(session);
continue;
struct lttng_trigger *trigger = NULL;
struct lttng_payload trigger_payload;
struct lttng_credentials cmd_creds = {
- .uid = cmd_ctx->creds.uid,
- .gid = cmd_ctx->creds.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
};
lttng_payload_init(&trigger_payload);
}
}
- /* Set the trigger credential */
- lttng_trigger_set_credentials(trigger, &cmd_creds);
+
+ /*
+ * Validate the trigger credentials against the command credentials.
+ * Only the root user can register a trigger with non-matching
+ * credentials.
+ */
+ if (!lttng_credentials_is_equal_uid(
+ lttng_trigger_get_credentials(trigger),
+ &cmd_creds)) {
+ if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+ ERR("Trigger credentials do not match the command credentials");
+ ret = LTTNG_ERR_INVALID_TRIGGER;
+ goto end;
+ }
+ }
/* Inform the notification thread */
ret = notification_thread_command_register_trigger(notification_thread,
struct lttng_trigger *trigger = NULL;
struct lttng_payload trigger_payload;
struct lttng_credentials cmd_creds = {
- .uid = cmd_ctx->creds.uid,
- .gid = cmd_ctx->creds.gid,
+ .uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+ .gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
};
lttng_payload_init(&trigger_payload);
}
}
- lttng_trigger_set_credentials(trigger, &cmd_creds);
+ /*
+ * Validate the trigger credentials against the command credentials.
+ * Only the root user can unregister a trigger with non-matching
+ * credentials.
+ */
+ if (!lttng_credentials_is_equal_uid(
+ lttng_trigger_get_credentials(trigger),
+ &cmd_creds)) {
+ if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+ ERR("Trigger credentials do not match the command credentials");
+ ret = LTTNG_ERR_INVALID_TRIGGER;
+ goto end;
+ }
+ }
ret = notification_thread_command_unregister_trigger(notification_thread,
trigger);
projects / lttng-tools.git / blobdiff