X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fbin%2Flttng-sessiond%2Fcmd.c;h=d8d17b59cba2b07956ff7e08bf13c685dfca37da;hp=b1b22012c2701ff8e8b3c2accf9be27674353786;hb=64eafdf60552bbd7e22fb1c8fc8fc2b42a3cf68b;hpb=47aa1ca64b084901d2930f7eb39ef077d8b909eb

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index b1b22012c..d8d17b59c 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -3715,7 +3715,7 @@ void cmd_list_lttng_sessions(struct lttng_session *sessions,
 		/*
 		 * Only list the sessions the user can control.
 		 */
-		if (!session_access_ok(session, uid, gid) ||
+		if (!session_access_ok(session, uid) ||
 				session->destroyed) {
 			session_put(session);
 			continue;
@@ -4265,8 +4265,8 @@ int cmd_register_trigger(struct command_ctx *cmd_ctx, int sock,
 	struct lttng_trigger *trigger = NULL;
 	struct lttng_payload trigger_payload;
 	struct lttng_credentials cmd_creds = {
-		.uid = cmd_ctx->creds.uid,
-		.gid = cmd_ctx->creds.gid,
+		.uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+		.gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
 	};
 
 	lttng_payload_init(&trigger_payload);
@@ -4314,8 +4314,21 @@ int cmd_register_trigger(struct command_ctx *cmd_ctx, int sock,
 		}
 	}
 
-	/* Set the trigger credential */
-	lttng_trigger_set_credentials(trigger, &cmd_creds);
+
+	/*
+	 * Validate the trigger credentials against the command credentials.
+	 * Only the root user can register a trigger with non-matching
+	 * credentials.
+	 */
+	if (!lttng_credentials_is_equal_uid(
+			lttng_trigger_get_credentials(trigger),
+			&cmd_creds)) {
+		if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+			ERR("Trigger credentials do not match the command credentials");
+			ret = LTTNG_ERR_INVALID_TRIGGER;
+			goto end;
+		}
+	}
 
 	/* Inform the notification thread */
 	ret = notification_thread_command_register_trigger(notification_thread,
@@ -4337,8 +4350,8 @@ int cmd_unregister_trigger(struct command_ctx *cmd_ctx, int sock,
 	struct lttng_trigger *trigger = NULL;
 	struct lttng_payload trigger_payload;
 	struct lttng_credentials cmd_creds = {
-		.uid = cmd_ctx->creds.uid,
-		.gid = cmd_ctx->creds.gid,
+		.uid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.uid),
+		.gid = LTTNG_OPTIONAL_INIT_VALUE(cmd_ctx->creds.gid),
 	};
 
 	lttng_payload_init(&trigger_payload);
@@ -4385,7 +4398,20 @@ int cmd_unregister_trigger(struct command_ctx *cmd_ctx, int sock,
 		}
 	}
 
-	lttng_trigger_set_credentials(trigger, &cmd_creds);
+	/*
+	 * Validate the trigger credentials against the command credentials.
+	 * Only the root user can unregister a trigger with non-matching
+	 * credentials.
+	 */
+	if (!lttng_credentials_is_equal_uid(
+			lttng_trigger_get_credentials(trigger),
+			&cmd_creds)) {
+		if (lttng_credentials_get_uid(&cmd_creds) != 0) {
+			ERR("Trigger credentials do not match the command credentials");
+			ret = LTTNG_ERR_INVALID_TRIGGER;
+			goto end;
+		}
+	}
 
 	ret = notification_thread_command_unregister_trigger(notification_thread,
 			trigger);