};
struct notification_client {
+ notification_client_id id;
int socket;
/* Client protocol version. */
uint8_t major, minor;
*/
struct cds_list_head condition_list;
struct cds_lfht_node client_socket_ht_node;
+ struct cds_lfht_node client_id_ht_node;
struct {
+ /*
+ * If a client's communication is inactive, it means a fatal
+ * error (either a protocol error or the socket API returned
+ * a fatal error). No further communication should be attempted;
+ * the client is queued for clean-up.
+ */
+ bool active;
struct {
/*
* During the reception of a message, the reception
static
-int match_client(struct cds_lfht_node *node, const void *key)
+int match_client_socket(struct cds_lfht_node *node, const void *key)
{
/* This double-cast is intended to supress pointer-to-cast warning. */
- int socket = (int) (intptr_t) key;
- struct notification_client *client;
+ const int socket = (int) (intptr_t) key;
+ const struct notification_client *client = caa_container_of(node,
+ struct notification_client, client_socket_ht_node);
- client = caa_container_of(node, struct notification_client,
- client_socket_ht_node);
+ return client->socket == socket;
+}
+
+static
+int match_client_id(struct cds_lfht_node *node, const void *key)
+{
+ /* This double-cast is intended to supress pointer-to-cast warning. */
+ const notification_client_id id = *((notification_client_id *) key);
+ const struct notification_client *client = caa_container_of(
+ node, struct notification_client, client_id_ht_node);
- return !!(client->socket == socket);
+ return client->id == id;
}
static
return key_hash ^ domain_hash;
}
+static
+unsigned long hash_client_socket(int socket)
+{
+ return hash_key_ulong((void *) (unsigned long) socket, lttng_ht_seed);
+}
+
+static
+unsigned long hash_client_id(notification_client_id id)
+{
+ return hash_key_u64(&id, lttng_ht_seed);
+}
+
/*
* Get the type of object to which a given condition applies. Bindings let
* the notification system evaluate a trigger's condition when a given
case LTTNG_CONDITION_TYPE_BUFFER_USAGE_LOW:
case LTTNG_CONDITION_TYPE_BUFFER_USAGE_HIGH:
case LTTNG_CONDITION_TYPE_SESSION_CONSUMED_SIZE:
- return LTTNG_OBJECT_TYPE_CHANNEL;
+ return LTTNG_OBJECT_TYPE_CHANNEL;
case LTTNG_CONDITION_TYPE_SESSION_ROTATION_ONGOING:
case LTTNG_CONDITION_TYPE_SESSION_ROTATION_COMPLETED:
return LTTNG_OBJECT_TYPE_SESSION;
&iter);
node = cds_lfht_iter_get_node(&iter);
- return node ? caa_container_of(node,
+ return node ? caa_container_of(node,
struct notification_client_list,
notification_trigger_ht_node) : NULL;
}
if (client->socket >= 0) {
(void) lttcomm_close_unix_sock(client->socket);
+ client->socket = -1;
}
lttng_dynamic_buffer_reset(&client->communication.inbound.buffer);
lttng_dynamic_buffer_reset(&client->communication.outbound.buffer);
struct notification_client *client = NULL;
cds_lfht_lookup(state->client_socket_ht,
- hash_key_ulong((void *) (unsigned long) socket, lttng_ht_seed),
- match_client,
+ hash_client_socket(socket),
+ match_client_socket,
(void *) (unsigned long) socket,
&iter);
node = cds_lfht_iter_get_node(&iter);
return client;
}
+/*
+ * Call with rcu_read_lock held (and hold for the lifetime of the returned
+ * client pointer).
+ */
+static
+struct notification_client *get_client_from_id(notification_client_id id,
+ struct notification_thread_state *state)
+{
+ struct cds_lfht_iter iter;
+ struct cds_lfht_node *node;
+ struct notification_client *client = NULL;
+
+ cds_lfht_lookup(state->client_id_ht,
+ hash_client_id(id),
+ match_client_id,
+ &id,
+ &iter);
+ node = cds_lfht_iter_get_node(&iter);
+ if (!node) {
+ goto end;
+ }
+
+ client = caa_container_of(node, struct notification_client,
+ client_id_ht_node);
+end:
+ return client;
+}
+
static
bool buffer_usage_condition_applies_to_channel(
const struct lttng_condition *condition,
goto end;
}
- list = caa_container_of(node,
+ list = caa_container_of(node,
struct lttng_session_trigger_list,
session_triggers_ht_node);
end:
free(trigger_ht_element);
error:
if (free_trigger) {
- struct lttng_action *action = lttng_trigger_get_action(trigger);
-
- lttng_condition_destroy(condition);
- lttng_action_destroy(action);
lttng_trigger_destroy(trigger);
}
rcu_read_unlock();
struct lttng_trigger_ht_element *trigger_ht_element = NULL;
struct lttng_condition *condition = lttng_trigger_get_condition(
trigger);
- struct lttng_action *action;
enum lttng_error_code cmd_reply;
rcu_read_lock();
struct lttng_trigger_ht_element, node);
cds_lfht_del(state->triggers_ht, triggers_ht_node);
- condition = lttng_trigger_get_condition(trigger_ht_element->trigger);
- lttng_condition_destroy(condition);
- action = lttng_trigger_get_action(trigger_ht_element->trigger);
- lttng_action_destroy(action);
+ /* Release the ownership of the trigger. */
lttng_trigger_destroy(trigger_ht_element->trigger);
call_rcu(&trigger_ht_element->rcu_node, free_lttng_trigger_ht_element_rcu);
end:
return -1;
}
-static
-unsigned long hash_client_socket(int socket)
-{
- return hash_key_ulong((void *) (unsigned long) socket, lttng_ht_seed);
-}
-
static
int socket_set_non_blocking(int socket)
{
ret = -1;
goto error;
}
+ client->id = state->next_notification_client_id++;
CDS_INIT_LIST_HEAD(&client->condition_list);
lttng_dynamic_buffer_init(&client->communication.inbound.buffer);
lttng_dynamic_buffer_init(&client->communication.outbound.buffer);
ret = client_reset_inbound_state(client);
if (ret) {
ERR("[notification-thread] Failed to reset client communication's inbound state");
- ret = 0;
+ ret = 0;
goto error;
}
cds_lfht_add(state->client_socket_ht,
hash_client_socket(client->socket),
&client->client_socket_ht_node);
+ cds_lfht_add(state->client_id_ht,
+ hash_client_id(client->id),
+ &client->client_id_ht_node);
rcu_read_unlock();
return ret;
if (ret) {
ERR("[notification-thread] Failed to remove client socket from poll set");
}
- cds_lfht_del(state->client_socket_ht,
+ cds_lfht_del(state->client_socket_ht,
&client->client_socket_ht_node);
+ cds_lfht_del(state->client_id_ht,
+ &client->client_id_ht_node);
notification_client_destroy(client, state);
end:
rcu_read_unlock();
goto end;
}
client->validated = true;
+ client->communication.active = true;
break;
}
case LTTNG_NOTIFICATION_CHANNEL_MESSAGE_TYPE_SUBSCRIBE:
}
static
-int client_enqueue_dropped_notification(struct notification_client *client,
- struct notification_thread_state *state)
+int client_enqueue_dropped_notification(struct notification_client *client)
{
int ret;
struct lttng_notification_channel_message msg = {
return ret;
}
+/*
+ * Permission checks relative to notification channel clients are performed
+ * here. Notice how object, client, and trigger credentials are involved in
+ * this check.
+ *
+ * The `object` credentials are the credentials associated with the "subject"
+ * of a condition. For instance, a `rotation completed` condition applies
+ * to a session. When that condition is met, it will produce an evaluation
+ * against a session. Hence, in this case, the `object` credentials are the
+ * credentials of the "subject" session.
+ *
+ * The `trigger` credentials are the credentials of the user that registered the
+ * trigger.
+ *
+ * The `client` credentials are the credentials of the user that created a given
+ * notification channel.
+ *
+ * In terms of visibility, it is expected that non-privilieged users can only
+ * register triggers against "their" objects (their own sessions and
+ * applications they are allowed to interact with). They can then open a
+ * notification channel and subscribe to notifications associated with those
+ * triggers.
+ *
+ * As for privilieged users, they can register triggers against the objects of
+ * other users. They can then subscribe to the notifications associated to their
+ * triggers. Privilieged users _can't_ subscribe to the notifications of
+ * triggers owned by other users; they must create their own triggers.
+ *
+ * This is more a concern of usability than security. It would be difficult for
+ * a root user reliably subscribe to a specific set of conditions without
+ * interference from external users (those could, for instance, unregister
+ * their triggers).
+ */
static
int send_evaluation_to_clients(const struct lttng_trigger *trigger,
const struct lttng_evaluation *evaluation,
struct notification_client_list* client_list,
struct notification_thread_state *state,
- uid_t channel_uid, gid_t channel_gid)
+ uid_t object_uid, gid_t object_gid)
{
int ret = 0;
struct lttng_payload msg_payload;
struct lttng_notification_channel_message msg_header = {
.type = (int8_t) LTTNG_NOTIFICATION_CHANNEL_MESSAGE_TYPE_NOTIFICATION,
};
+ const struct lttng_credentials *trigger_creds = lttng_trigger_get_credentials(trigger);
lttng_payload_init(&msg_payload);
struct notification_client *client =
client_list_element->client;
- if (client->uid != channel_uid && client->gid != channel_gid &&
+ if (client->uid != object_uid && client->gid != object_gid &&
client->uid != 0) {
/* Client is not allowed to monitor this channel. */
- DBG("[notification-thread] Skipping client at it does not have the permission to receive notification for this channel");
+ DBG("[notification-thread] Skipping client at it does not have the object permission to receive notification for this trigger");
+ continue;
+ }
+
+ if (client->uid != trigger_creds->uid && client->gid != trigger_creds->gid) {
+ DBG("[notification-thread] Skipping client at it does not have the permission to receive notification for this trigger");
continue;
}
if (!client->communication.outbound.dropped_notification) {
client->communication.outbound.dropped_notification = true;
ret = client_enqueue_dropped_notification(
- client, state);
+ client);
if (ret) {
goto end;
}
trigger_list = caa_container_of(node, struct lttng_channel_trigger_list,
channel_triggers_ht_node);
cds_list_for_each_entry(trigger_list_element, &trigger_list->list,
- node) {
+ node) {
const struct lttng_condition *condition;
const struct lttng_action *action;
const struct lttng_trigger *trigger;
projects / lttng-tools.git / blobdiff