/*
- * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
- * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
- * 2019 - Jérémie Galarneau <jeremie.galarneau@efficios.com>
+ * Copyright (C) 2011 David Goulet <david.goulet@polymtl.ca>
+ * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+ * Copyright (C) 2019 Jérémie Galarneau <jeremie.galarneau@efficios.com>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 2 only,
- * as published by the Free Software Foundation.
+ * SPDX-License-Identifier: GPL-2.0-only
*
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#define _LGPL_SOURCE
-#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <signal.h>
+#include <common/bytecode/bytecode.h>
#include <common/lttng-kernel.h>
#include <common/common.h>
#include <common/utils.h>
+#include <common/compat/errno.h>
#include <common/compat/getenv.h>
-#include <common/compat/prctl.h>
+#include <common/compat/string.h>
#include <common/unix.h>
#include <common/defaults.h>
#include <common/lttng-elf.h>
+#include <common/thread.h>
#include <lttng/constant.h>
+#include <common/sessiond-comm/sessiond-comm.h>
+#include <common/filter/filter-ast.h>
+
#include "runas.h"
struct run_as_data;
RUN_AS_RENAMEAT,
RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET,
RUN_AS_EXTRACT_SDT_PROBE_OFFSETS,
+ RUN_AS_GENERATE_FILTER_BYTECODE,
};
struct run_as_mkdir_data {
struct run_as_rmdir_data {
int dirfd;
char path[LTTNG_PATH_MAX];
+ int flags; /* enum lttng_directory_handle_rmdir_recursive_flags. */
} LTTNG_PACKED;
struct run_as_extract_elf_symbol_offset_data {
char provider_name[LTTNG_SYMBOL_NAME_LEN];
} LTTNG_PACKED;
+struct run_as_generate_filter_bytecode_data {
+ char filter_expression[LTTNG_FILTER_MAX_LEN];
+} LTTNG_PACKED;
+
struct run_as_rename_data {
/*
* [0] = old_dirfd
uint64_t offsets[LTTNG_KERNEL_MAX_UPROBE_NUM];
} LTTNG_PACKED;
+struct run_as_generate_filter_bytecode_ret {
+ /* A lttng_bytecode_filter struct with 'dynamic' payload. */
+ char bytecode[LTTNG_FILTER_MAX_LEN];
+} LTTNG_PACKED;
+
struct run_as_data {
enum run_as_cmd cmd;
union {
struct run_as_rename_data rename;
struct run_as_extract_elf_symbol_offset_data extract_elf_symbol_offset;
struct run_as_extract_sdt_probe_offsets_data extract_sdt_probe_offsets;
+ struct run_as_generate_filter_bytecode_data generate_filter_bytecode;
} u;
uid_t uid;
gid_t gid;
struct run_as_open_ret open;
struct run_as_extract_elf_symbol_offset_ret extract_elf_symbol_offset;
struct run_as_extract_sdt_probe_offsets_ret extract_sdt_probe_offsets;
+ struct run_as_generate_filter_bytecode_ret generate_filter_bytecode;
} u;
int _errno;
bool _error;
.out_fd_count = 0,
.use_cwd_fd = false,
},
+ [RUN_AS_GENERATE_FILTER_BYTECODE] = {
+ .in_fds_offset = -1,
+ .in_fd_count = 0,
+ .out_fds_offset = -1,
+ .out_fd_count = 0,
+ .use_cwd_fd = false,
+ },
};
struct run_as_worker {
{
const char *path;
mode_t mode;
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
path = data->u.mkdir.path;
mode = data->u.mkdir.mode;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.mkdir.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
+ if (!handle) {
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ ret_value->u.ret = -1;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.mkdir.dirfd = -1;
/* Safe to call as we have transitioned to the requested uid/gid. */
- ret_value->u.ret =
- lttng_directory_handle_create_subdirectory_recursive(
- &handle, path, mode);
+ ret_value->u.ret = lttng_directory_handle_create_subdirectory_recursive(
+ handle, path, mode);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
{
const char *path;
mode_t mode;
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
path = data->u.mkdir.path;
mode = data->u.mkdir.mode;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.mkdir.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
+ if (!handle) {
+ ret_value->u.ret = -1;
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.mkdir.dirfd = -1;
/* Safe to call as we have transitioned to the requested uid/gid. */
- ret_value->u.ret =
- lttng_directory_handle_create_subdirectory(
- &handle, path, mode);
+ ret_value->u.ret = lttng_directory_handle_create_subdirectory(
+ handle, path, mode);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
int _open(struct run_as_data *data, struct run_as_ret *ret_value)
{
int fd;
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.open.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.open.dirfd);
+ if (!handle) {
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ ret_value->u.ret = -1;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.open.dirfd = -1;
- fd = lttng_directory_handle_open_file(&handle,
+ fd = lttng_directory_handle_open_file(handle,
data->u.open.path, data->u.open.flags,
data->u.open.mode);
if (fd < 0) {
ret_value->_errno = errno;
ret_value->_error = fd < 0;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
static
int _unlink(struct run_as_data *data, struct run_as_ret *ret_value)
{
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.unlink.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.unlink.dirfd);
+ if (!handle) {
+ ret_value->u.ret = -1;
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.unlink.dirfd = -1;
- ret_value->u.ret = lttng_directory_handle_unlink_file(&handle,
+ ret_value->u.ret = lttng_directory_handle_unlink_file(handle,
data->u.unlink.path);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
static
int _rmdir(struct run_as_data *data, struct run_as_ret *ret_value)
{
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.rmdir.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
+ if (!handle) {
+ ret_value->u.ret = -1;
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.rmdir.dirfd = -1;
ret_value->u.ret = lttng_directory_handle_remove_subdirectory(
- &handle, data->u.rmdir.path);
+ handle, data->u.rmdir.path);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
static
int _rmdir_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
{
- struct lttng_directory_handle handle;
+ struct lttng_directory_handle *handle;
- (void) lttng_directory_handle_init_from_dirfd(&handle,
- data->u.rmdir.dirfd);
+ handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
+ if (!handle) {
+ ret_value->u.ret = -1;
+ ret_value->_errno = errno;
+ ret_value->_error = true;
+ goto end;
+ }
/* Ownership of dirfd is transferred to the handle. */
data->u.rmdir.dirfd = -1;
ret_value->u.ret = lttng_directory_handle_remove_subdirectory_recursive(
- &handle, data->u.rmdir.path);
+ handle, data->u.rmdir.path, data->u.rmdir.flags);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&handle);
+ lttng_directory_handle_put(handle);
+end:
return ret_value->u.ret;
}
int _rename(struct run_as_data *data, struct run_as_ret *ret_value)
{
const char *old_path, *new_path;
- struct lttng_directory_handle old_handle, new_handle;
+ struct lttng_directory_handle *old_handle = NULL, *new_handle = NULL;
old_path = data->u.rename.old_path;
new_path = data->u.rename.new_path;
- (void) lttng_directory_handle_init_from_dirfd(&old_handle,
+ old_handle = lttng_directory_handle_create_from_dirfd(
data->u.rename.dirfds[0]);
- (void) lttng_directory_handle_init_from_dirfd(&new_handle,
+ if (!old_handle) {
+ ret_value->u.ret = -1;
+ goto end;
+ }
+ new_handle = lttng_directory_handle_create_from_dirfd(
data->u.rename.dirfds[1]);
+ if (!new_handle) {
+ ret_value->u.ret = -1;
+ goto end;
+ }
/* Ownership of dirfds are transferred to the handles. */
data->u.rename.dirfds[0] = data->u.rename.dirfds[1] = -1;
/* Safe to call as we have transitioned to the requested uid/gid. */
ret_value->u.ret = lttng_directory_handle_rename(
- &old_handle, old_path, &new_handle, new_path);
+ old_handle, old_path, new_handle, new_path);
+end:
+ lttng_directory_handle_put(old_handle);
+ lttng_directory_handle_put(new_handle);
ret_value->_errno = errno;
ret_value->_error = (ret_value->u.ret) ? true : false;
- lttng_directory_handle_fini(&old_handle);
- lttng_directory_handle_fini(&new_handle);
return ret_value->u.ret;
}
struct run_as_ret *ret_value)
{
int ret = 0;
+ uint64_t offset;
ret_value->_error = false;
ret = lttng_elf_get_symbol_offset(data->u.extract_elf_symbol_offset.fd,
data->u.extract_elf_symbol_offset.function,
- &ret_value->u.extract_elf_symbol_offset.offset);
+ &offset);
if (ret) {
DBG("Failed to extract ELF function offset");
ret_value->_error = true;
}
+ ret_value->u.extract_elf_symbol_offset.offset = offset;
return ret;
}
}
#endif
+static
+int _generate_filter_bytecode(struct run_as_data *data,
+ struct run_as_ret *ret_value) {
+ int ret = 0;
+ const char *filter_expression = NULL;
+ struct filter_parser_ctx *ctx = NULL;
+
+ ret_value->_error = false;
+
+ filter_expression = data->u.generate_filter_bytecode.filter_expression;
+
+ if (lttng_strnlen(filter_expression, LTTNG_FILTER_MAX_LEN - 1) == LTTNG_FILTER_MAX_LEN - 1) {
+ ret_value->_error = true;
+ ret = -1;
+ goto end;
+ }
+
+ ret = filter_parser_ctx_create_from_filter_expression(filter_expression, &ctx);
+ if (ret < 0) {
+ ret_value->_error = true;
+ ret = -1;
+ goto end;
+ }
+
+ DBG("Size of bytecode generated: %u bytes.",
+ bytecode_get_len(&ctx->bytecode->b));
+
+ /* Copy the lttng_bytecode_filter object to the return structure. */
+ memcpy(ret_value->u.generate_filter_bytecode.bytecode,
+ &ctx->bytecode->b,
+ sizeof(ctx->bytecode->b) +
+ bytecode_get_len(&ctx->bytecode->b));
+
+end:
+ if (ctx) {
+ filter_bytecode_free(ctx);
+ filter_ir_free(ctx);
+ filter_parser_ctx_free(ctx);
+ }
+
+ return ret;
+}
static
run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
{
return _extract_elf_symbol_offset;
case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
return _extract_sdt_probe_offsets;
+ case RUN_AS_GENERATE_FILTER_BYTECODE:
+ return _generate_filter_bytecode;
default:
ERR("Unknown command %d", (int) cmd);
return NULL;
/* Return 0 as this is not a fatal error. */
return 0;
}
- }
+ }
- len = lttcomm_send_fds_unix_sock(sock, fds, fd_count);
+ len = lttcomm_send_fds_unix_sock(sock, fds, fd_count);
return len < 0 ? -1 : 0;
}
ERR("Invalid file descriptor received from worker (fd = %i)", fds[i]);
/* Return 0 as this is not a fatal error. */
}
- }
+ }
end:
- return ret;
+ return ret;
}
static
ret = -1;
goto end;
}
- }
+ }
- ret = do_send_fds(worker->sockpair[0], COMMAND_IN_FDS(data),
+ ret = do_send_fds(worker->sockpair[0], COMMAND_IN_FDS(data),
COMMAND_IN_FD_COUNT(data));
if (ret < 0) {
PERROR("Failed to send file descriptor to run-as worker");
goto end;
}
+ if (COMMAND_IN_FD_COUNT(data) == 0) {
+ goto end;
+ }
+
ret = do_recv_fds(worker->sockpair[1], COMMAND_IN_FDS(data),
COMMAND_IN_FD_COUNT(data));
if (ret < 0) {
int handle_one_cmd(struct run_as_worker *worker)
{
int ret = 0;
- struct run_as_data data = {};
- ssize_t readlen, writelen;
- struct run_as_ret sendret = {};
- run_as_fct cmd;
+ struct run_as_data data = {};
+ ssize_t readlen, writelen;
+ struct run_as_ret sendret = {};
+ run_as_fct cmd;
uid_t prev_euid;
/*
memset(worker->procname, 0, proc_orig_len);
strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
- ret = lttng_prctl(PR_SET_NAME,
- (unsigned long) DEFAULT_RUN_AS_WORKER_NAME, 0, 0, 0);
+ ret = lttng_thread_setname(DEFAULT_RUN_AS_WORKER_NAME);
if (ret && ret != -ENOSYS) {
/* Don't fail as this is not essential. */
- PERROR("prctl PR_SET_NAME");
+ DBG("Failed to set pthread name attribute");
}
memset(&sendret, 0, sizeof(sendret));
ret = -1;
}
worker->sockpair[1] = -1;
- free(worker->procname);
+ free(worker->procname);
free(worker);
LOG(ret ? PRINT_ERR : PRINT_DBG, "run_as worker exiting (ret = %d)", ret);
exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
if (WIFEXITED(status)) {
LOG(WEXITSTATUS(status) == 0 ? PRINT_DBG : PRINT_ERR,
DEFAULT_RUN_AS_WORKER_NAME " terminated with status code %d",
- WEXITSTATUS(status));
+ WEXITSTATUS(status));
break;
} else if (WIFSIGNALED(status)) {
ERR(DEFAULT_RUN_AS_WORKER_NAME " was killed by signal %d",
LTTNG_HIDDEN
int run_as_open(const char *path, int flags, mode_t mode, uid_t uid,
- gid_t gid)
+ gid_t gid)
{
return run_as_openat(AT_FDCWD, path, flags, mode, uid, gid);
}
uid_t uid, gid_t gid)
{
int ret;
- struct run_as_data data = {};
- struct run_as_ret run_as_ret = {};
+ struct run_as_data data = {};
+ struct run_as_ret run_as_ret = {};
DBG3("openat() fd = %d%s, path = %s, flags = %X, mode = %d, uid %d, gid %d",
dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
}
LTTNG_HIDDEN
-int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
+int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid, int flags)
{
- return run_as_rmdirat_recursive(AT_FDCWD, path, uid, gid);
+ return run_as_rmdirat_recursive(AT_FDCWD, path, uid, gid, flags);
}
LTTNG_HIDDEN
-int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid)
+int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid, int flags)
{
int ret;
struct run_as_data data = {};
goto error;
}
data.u.rmdir.dirfd = dirfd;
+ data.u.rmdir.flags = flags;
run_as(dirfd == AT_FDCWD ? RUN_AS_RMDIR_RECURSIVE : RUN_AS_RMDIRAT_RECURSIVE,
&data, &run_as_ret, uid, gid);
errno = run_as_ret._errno;
{
int ret;
struct run_as_data data = {};
- struct run_as_ret run_as_ret = {};
+ struct run_as_ret run_as_ret = {};
DBG3("extract_elf_symbol_offset() on fd=%d and function=%s "
"with for uid %d and gid %d", fd, function,
return ret;
}
+LTTNG_HIDDEN
+int run_as_generate_filter_bytecode(const char *filter_expression,
+ const struct lttng_credentials *creds,
+ struct lttng_bytecode **bytecode)
+{
+ int ret;
+ struct run_as_data data = {};
+ struct run_as_ret run_as_ret = {};
+ const struct lttng_bytecode *view_bytecode = NULL;
+ struct lttng_bytecode *local_bytecode = NULL;
+ const uid_t uid = lttng_credentials_get_uid(creds);
+ const gid_t gid = lttng_credentials_get_gid(creds);
+
+ DBG3("generate_filter_bytecode() from expression=\"%s\" for uid %d and gid %d",
+ filter_expression, (int) uid, (int) gid);
+
+ ret = lttng_strncpy(data.u.generate_filter_bytecode.filter_expression, filter_expression,
+ sizeof(data.u.generate_filter_bytecode.filter_expression));
+ if (ret) {
+ goto error;
+ }
+
+ run_as(RUN_AS_GENERATE_FILTER_BYTECODE, &data, &run_as_ret, uid, gid);
+ errno = run_as_ret._errno;
+ if (run_as_ret._error) {
+ ret = -1;
+ goto error;
+ }
+
+ view_bytecode = (const struct lttng_bytecode *) run_as_ret.u.generate_filter_bytecode.bytecode;
+
+ local_bytecode = zmalloc(sizeof(*local_bytecode) + view_bytecode->len);
+ if (!local_bytecode) {
+ ret = -ENOMEM;
+ goto error;
+ }
+
+ memcpy(local_bytecode, run_as_ret.u.generate_filter_bytecode.bytecode,
+ sizeof(*local_bytecode) + view_bytecode->len);
+ *bytecode = local_bytecode;
+error:
+ return ret;
+}
+
LTTNG_HIDDEN
int run_as_create_worker(const char *procname,
post_fork_cleanup_cb clean_up_func,