* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#define _GNU_SOURCE
#define _LGPL_SOURCE
#include <errno.h>
#include <limits.h>
#include <fcntl.h>
#include <sched.h>
#include <sys/signal.h>
+#include <assert.h>
+#include <signal.h>
#include <common/common.h>
#include <common/utils.h>
#include <common/compat/getenv.h>
-#include <common/sessiond-comm/unix.h>
+#include <common/compat/prctl.h>
+#include <common/unix.h>
+#include <common/defaults.h>
#include "runas.h"
return 0;
}
len = lttcomm_recv_fds_unix_sock(worker->sockpair[0], fd, 1);
- if (len < 0) {
+ if (!len) {
+ return -1;
+ } else if (len < 0) {
PERROR("lttcomm_recv_fds_unix_sock");
return -1;
}
memset(worker->procname, 0, proc_orig_len);
strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
- ret = pthread_setname_np(pthread_self(), DEFAULT_RUN_AS_WORKER_NAME);
- if (ret) {
- errno = ret;
- ret = -1;
- PERROR("pthread_setname_np");
- return EXIT_FAILURE;
+ ret = lttng_prctl(PR_SET_NAME,
+ (unsigned long) DEFAULT_RUN_AS_WORKER_NAME, 0, 0, 0);
+ if (ret && ret != -ENOSYS) {
+ /* Don't fail as this is not essential. */
+ PERROR("prctl PR_SET_NAME");
+ ret = 0;
}
sendret.ret = 0;
ssize_t readlen, writelen;
struct run_as_ret recvret;
- pthread_mutex_lock(&worker_lock);
/*
* If we are non-root, we can only deal with our own uid.
*/
recvret.ret = -1;
recvret._errno = EPERM;
ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
- uid, geteuid());
+ (int) uid, (int) geteuid());
goto end;
}
}
/* receive return value */
readlen = lttcomm_recv_unix_sock(worker->sockpair[0], &recvret,
sizeof(recvret));
- if (readlen < sizeof(recvret)) {
+ if (!readlen) {
+ ERR("Run-as worker has hung-up during run_as_cmd");
+ recvret.ret = -1;
+ recvret._errno = EIO;
+ goto end;
+ } else if (readlen < sizeof(recvret)) {
PERROR("Error reading response from run_as");
recvret.ret = -1;
recvret._errno = errno;
}
if (do_recv_fd(worker, cmd, &recvret.ret)) {
recvret.ret = -1;
- recvret._errno = -EIO;
+ recvret._errno = EIO;
}
end:
- pthread_mutex_unlock(&worker_lock);
errno = recvret._errno;
return recvret.ret;
}
}
static
-int run_as(struct run_as_worker *worker,
- enum run_as_cmd cmd,
- struct run_as_data *data, uid_t uid, gid_t gid)
+int run_as(enum run_as_cmd cmd, struct run_as_data *data, uid_t uid, gid_t gid)
{
int ret;
- if (worker) {
+ if (use_clone()) {
DBG("Using run_as worker");
- ret = run_as_cmd(worker, cmd, data, uid, gid);
+ pthread_mutex_lock(&worker_lock);
+ assert(global_worker);
+ ret = run_as_cmd(global_worker, cmd, data, uid, gid);
+ pthread_mutex_unlock(&worker_lock);
+
} else {
DBG("Using run_as without worker");
ret = run_as_noworker(cmd, data, uid, gid);
LTTNG_HIDDEN
int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
{
- struct run_as_worker *worker = global_worker;
struct run_as_data data;
DBG3("mkdir() recursive %s with mode %d for uid %d and gid %d",
- path, mode, uid, gid);
+ path, (int) mode, (int) uid, (int) gid);
strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
data.u.mkdir.path[PATH_MAX - 1] = '\0';
data.u.mkdir.mode = mode;
- return run_as(worker, RUN_AS_MKDIR_RECURSIVE, &data, uid, gid);
+ return run_as(RUN_AS_MKDIR_RECURSIVE, &data, uid, gid);
}
LTTNG_HIDDEN
int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
{
- struct run_as_worker *worker = global_worker;
struct run_as_data data;
DBG3("mkdir() %s with mode %d for uid %d and gid %d",
- path, mode, uid, gid);
+ path, (int) mode, (int) uid, (int) gid);
strncpy(data.u.mkdir.path, path, PATH_MAX - 1);
data.u.mkdir.path[PATH_MAX - 1] = '\0';
data.u.mkdir.mode = mode;
- return run_as(worker, RUN_AS_MKDIR, &data, uid, gid);
+ return run_as(RUN_AS_MKDIR, &data, uid, gid);
}
/*
LTTNG_HIDDEN
int run_as_open(const char *path, int flags, mode_t mode, uid_t uid, gid_t gid)
{
- struct run_as_worker *worker = global_worker;
struct run_as_data data;
DBG3("open() %s with flags %X mode %d for uid %d and gid %d",
- path, flags, mode, uid, gid);
+ path, flags, (int) mode, (int) uid, (int) gid);
strncpy(data.u.open.path, path, PATH_MAX - 1);
data.u.open.path[PATH_MAX - 1] = '\0';
data.u.open.flags = flags;
data.u.open.mode = mode;
- return run_as(worker, RUN_AS_OPEN, &data, uid, gid);
+ return run_as(RUN_AS_OPEN, &data, uid, gid);
}
LTTNG_HIDDEN
int run_as_unlink(const char *path, uid_t uid, gid_t gid)
{
- struct run_as_worker *worker = global_worker;
struct run_as_data data;
DBG3("unlink() %s with for uid %d and gid %d",
- path, uid, gid);
+ path, (int) uid, (int) gid);
strncpy(data.u.unlink.path, path, PATH_MAX - 1);
data.u.unlink.path[PATH_MAX - 1] = '\0';
- return run_as(worker, RUN_AS_UNLINK, &data, uid, gid);
+ return run_as(RUN_AS_UNLINK, &data, uid, gid);
}
LTTNG_HIDDEN
int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
{
- struct run_as_worker *worker = global_worker;
struct run_as_data data;
DBG3("rmdir_recursive() %s with for uid %d and gid %d",
- path, uid, gid);
+ path, (int) uid, (int) gid);
strncpy(data.u.rmdir_recursive.path, path, PATH_MAX - 1);
data.u.rmdir_recursive.path[PATH_MAX - 1] = '\0';
- return run_as(worker, RUN_AS_RMDIR_RECURSIVE, &data, uid, gid);
+ return run_as(RUN_AS_RMDIR_RECURSIVE, &data, uid, gid);
+}
+
+static
+int reset_sighandler(void)
+{
+ int sig;
+
+ DBG("Resetting run_as worker signal handlers to default");
+ for (sig = 1; sig <= 31; sig++) {
+ (void) signal(sig, SIG_DFL);
+ }
+ return 0;
+}
+
+static
+void worker_sighandler(int sig)
+{
+ const char *signame;
+
+ /*
+ * The worker will its parent's signals since they are part of the same
+ * process group. However, in the case of SIGINT and SIGTERM, we want
+ * to give the worker a chance to teardown gracefully when its parent
+ * closes the command socket.
+ */
+ switch (sig) {
+ case SIGINT:
+ signame = "SIGINT";
+ break;
+ case SIGTERM:
+ signame = "SIGTERM";
+ break;
+ default:
+ signame = "Unknown";
+ }
+
+ DBG("run_as worker received signal %s", signame);
+}
+
+static
+int set_worker_sighandlers(void)
+{
+ int ret = 0;
+ sigset_t sigset;
+ struct sigaction sa;
+
+ if ((ret = sigemptyset(&sigset)) < 0) {
+ PERROR("sigemptyset");
+ goto end;
+ }
+
+ sa.sa_handler = worker_sighandler;
+ sa.sa_mask = sigset;
+ sa.sa_flags = 0;
+ if ((ret = sigaction(SIGINT, &sa, NULL)) < 0) {
+ PERROR("sigaction SIGINT");
+ goto end;
+ }
+
+ if ((ret = sigaction(SIGTERM, &sa, NULL)) < 0) {
+ PERROR("sigaction SIGTERM");
+ goto end;
+ }
+
+ DBG("run_as signal handler set for SIGTERM and SIGINT");
+end:
+ return ret;
}
LTTNG_HIDDEN
struct run_as_ret recvret;
struct run_as_worker *worker;
+ pthread_mutex_lock(&worker_lock);
+ assert(!global_worker);
if (!use_clone()) {
+ /*
+ * Don't initialize a worker, all run_as tasks will be performed
+ * in the current process.
+ */
ret = 0;
goto end;
}
} else if (pid == 0) {
/* Child */
+ reset_sighandler();
+
+ set_worker_sighandlers();
+
+ /* The child has no use for this lock. */
+ pthread_mutex_unlock(&worker_lock);
/* Just close, no shutdown. */
if (close(worker->sockpair[0])) {
PERROR("close");
ret = -1;
}
worker->sockpair[1] = -1;
+ LOG(ret ? PRINT_ERR : PRINT_DBG, "run_as worker exiting (ret = %d)", ret);
exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
} else {
/* Parent */
global_worker = worker;
}
end:
+ pthread_mutex_unlock(&worker_lock);
return ret;
/* Error handling. */
}
error_sock:
free(worker);
+ pthread_mutex_unlock(&worker_lock);
return ret;
}
void run_as_destroy_worker(void)
{
struct run_as_worker *worker = global_worker;
- int status;
- pid_t pid;
+ DBG("Destroying run_as worker");
+ pthread_mutex_lock(&worker_lock);
if (!worker) {
- return;
+ goto end;
}
/* Close unix socket */
+ DBG("Closing run_as worker socket");
if (lttcomm_close_unix_sock(worker->sockpair[0])) {
PERROR("close");
}
worker->sockpair[0] = -1;
/* Wait for worker. */
- pid = waitpid(worker->pid, &status, 0);
- if (pid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
- PERROR("wait");
+ for (;;) {
+ int status;
+ pid_t wait_ret;
+
+ wait_ret = waitpid(worker->pid, &status, 0);
+ if (wait_ret < 0) {
+ if (errno == EINTR) {
+ continue;
+ }
+ PERROR("waitpid");
+ break;
+ }
+
+ if (WIFEXITED(status)) {
+ LOG(WEXITSTATUS(status) == 0 ? PRINT_DBG : PRINT_ERR,
+ DEFAULT_RUN_AS_WORKER_NAME " terminated with status code %d",
+ WEXITSTATUS(status));
+ break;
+ } else if (WIFSIGNALED(status)) {
+ ERR(DEFAULT_RUN_AS_WORKER_NAME " was killed by signal %d",
+ WTERMSIG(status));
+ break;
+ }
}
free(worker);
global_worker = NULL;
+end:
+ pthread_mutex_unlock(&worker_lock);
}