X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fbin%2Flttng-sessiond%2Fcmd.c;h=d8d17b59cba2b07956ff7e08bf13c685dfca37da;hp=15e559d03b5c31faa0e08b39e6f1921dcd1c54c2;hb=64eafdf60552bbd7e22fb1c8fc8fc2b42a3cf68b;hpb=0e270a1ed773dba5c2f47621494771d4f0bf466d

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index 15e559d03..d8d17b59c 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -6,9 +6,6 @@
  *
  */
 
-#include "bin/lttng-sessiond/tracker.h"
-#include "lttng/lttng-error.h"
-#include "lttng/tracker.h"
 #define _LGPL_SOURCE
 #include <assert.h>
 #include <inttypes.h>
@@ -40,6 +37,8 @@
 #include <lttng/session-internal.h>
 #include <lttng/userspace-probe-internal.h>
 #include <lttng/session-descriptor-internal.h>
+#include <lttng/lttng-error.h>
+#include <lttng/tracker.h>
 #include <common/string-utils/string-utils.h>
 
 #include "channel.h"
@@ -59,6 +58,7 @@
 #include "rotation-thread.h"
 #include "timer.h"
 #include "agent-thread.h"
+#include "tracker.h"
 
 #include "cmd.h"
 
@@ -3715,7 +3715,7 @@ void cmd_list_lttng_sessions(struct lttng_session *sessions,
 		/*
 		 * Only list the sessions the user can control.
 		 */
-		if (!session_access_ok(session, uid, gid) ||
+		if (!session_access_ok(session, uid) ||
 				session->destroyed) {
 			session_put(session);
 			continue;
@@ -4265,8 +4265,8 @@ int cmd_register_trigger(struct command_ctx *cmd_ctx, int sock,
 	struct lttng_trigger *trigger = NULL;
 	struct lttng_payload trigger_payload;
 	struct lttng_credentials cmd_creds = {
-		.uid = cmd_ctx->creds.uid,
-		.gid = cmd_ctx->creds.gid,
+		.uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+		.gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
 	};
 
 	lttng_payload_init(&trigger_payload);
@@ -4314,8 +4314,21 @@ int cmd_register_trigger(struct command_ctx *cmd_ctx, int sock,
 		}
 	}
 
-	/* Set the trigger credential */
-	lttng_trigger_set_credentials(trigger, &cmd_creds);
+
+	/*
+	 * Validate the trigger credentials against the command credentials.
+	 * Only the root user can register a trigger with non-matching
+	 * credentials.
+	 */
+	if (!lttng_credentials_is_equal_uid(
+			lttng_trigger_get_credentials(trigger),
+			&cmd_creds)) {
+		if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+			ERR("Trigger credentials do not match the command credentials");
+			ret = LTTNG_ERR_INVALID_TRIGGER;
+			goto end;
+		}
+	}
 
 	/* Inform the notification thread */
 	ret = notification_thread_command_register_trigger(notification_thread,
@@ -4337,8 +4350,8 @@ int cmd_unregister_trigger(struct command_ctx *cmd_ctx, int sock,
 	struct lttng_trigger *trigger = NULL;
 	struct lttng_payload trigger_payload;
 	struct lttng_credentials cmd_creds = {
-		.uid = cmd_ctx->creds.uid,
-		.gid = cmd_ctx->creds.gid,
+		.uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+		.gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
 	};
 
 	lttng_payload_init(&trigger_payload);
@@ -4385,7 +4398,20 @@ int cmd_unregister_trigger(struct command_ctx *cmd_ctx, int sock,
 		}
 	}
 
-	lttng_trigger_set_credentials(trigger, &cmd_creds);
+	/*
+	 * Validate the trigger credentials against the command credentials.
+	 * Only the root user can unregister a trigger with non-matching
+	 * credentials.
+	 */
+	if (!lttng_credentials_is_equal_uid(
+			lttng_trigger_get_credentials(trigger),
+			&cmd_creds)) {
+		if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+			ERR("Trigger credentials do not match the command credentials");
+			ret = LTTNG_ERR_INVALID_TRIGGER;
+			goto end;
+		}
+	}
 
 	ret = notification_thread_command_unregister_trigger(notification_thread,
 			trigger);