X-Git-Url: https://git.lttng.org/?a=blobdiff_plain;f=lttng-sessiond%2Fmain.c;h=402e228bab4c18c850a6136cd9f102d3d62563d6;hb=10d32e930a6b67c3f196ca3bf4f247d444d8c2b6;hp=fbf8d7975330414cf6589d2aa80f707f25dde88e;hpb=6df2e2c977b698cc6b8f15c90b649516674028f9;p=lttng-tools.git

diff --git a/lttng-sessiond/main.c b/lttng-sessiond/main.c
index fbf8d7975..402e228ba 100644
--- a/lttng-sessiond/main.c
+++ b/lttng-sessiond/main.c
@@ -43,6 +43,7 @@
 #include <lttng/lttng-consumer.h>
 
 #include <lttngerr.h>
+#include <runas.h>
 
 #include "channel.h"
 #include "compat/poll.h"
@@ -1744,7 +1745,7 @@ static int mount_debugfs(char *path)
 	int ret;
 	char *type = "debugfs";
 
-	ret = mkdir_recursive(path, S_IRWXU | S_IRWXG, geteuid(), getegid());
+	ret = mkdir_recursive_run_as(path, S_IRWXU | S_IRWXG, geteuid(), getegid());
 	if (ret < 0) {
 		PERROR("Cannot create debugfs path");
 		goto error;
@@ -1899,7 +1900,7 @@ static int create_ust_session(struct ltt_session *session,
 		goto error;
 	}
 
-	ret = mkdir_recursive(lus->pathname, S_IRWXU | S_IRWXG,
+	ret = mkdir_recursive_run_as(lus->pathname, S_IRWXU | S_IRWXG,
 			session->uid, session->gid);
 	if (ret < 0) {
 		if (ret != -EEXIST) {
@@ -1949,7 +1950,7 @@ static int create_kernel_session(struct ltt_session *session)
 		session->kernel_session->consumer_fd = kconsumer_data.cmd_sock;
 	}
 
-	ret = mkdir_recursive(session->kernel_session->trace_path,
+	ret = mkdir_recursive_run_as(session->kernel_session->trace_path,
 			S_IRWXU | S_IRWXG, session->uid, session->gid);
 	if (ret < 0) {
 		if (ret != -EEXIST) {
@@ -1964,6 +1965,40 @@ error:
 	return ret;
 }
 
+/*
+ * Check if the UID or GID match the session. Root user has access to
+ * all sessions.
+ */
+static int session_access_ok(struct ltt_session *session,
+	 uid_t uid, gid_t gid)
+{
+	if (uid != session->uid && gid != session->gid
+			&& uid != 0) {
+		return 0;
+	} else {
+		return 1;
+	}
+}
+
+static unsigned int lttng_sessions_count(uid_t uid, gid_t gid)
+{
+	unsigned int i = 0;
+	struct ltt_session *session;
+
+	DBG("Counting number of available session for UID %d GID %d",
+		uid, gid);
+	cds_list_for_each_entry(session, &session_list_ptr->head, list) {
+		/*
+		 * Only list the sessions the user can control.
+		 */
+		if (!session_access_ok(session, uid, gid)) {
+			continue;
+		}
+		i++;
+	}
+	return i;
+}
+
 /*
  * Using the session list, filled a lttng_session array to send back to the
  * client for session listing.
@@ -1971,17 +2006,25 @@ error:
  * The session list lock MUST be acquired before calling this function. Use
  * session_lock_list() and session_unlock_list().
  */
-static void list_lttng_sessions(struct lttng_session *sessions)
+static void list_lttng_sessions(struct lttng_session *sessions,
+		uid_t uid, gid_t gid)
 {
-	int i = 0;
+	unsigned int i = 0;
 	struct ltt_session *session;
 
-	DBG("Getting all available session");
+	DBG("Getting all available session for UID %d GID %d",
+		uid, gid);
 	/*
 	 * Iterate over session list and append data after the control struct in
 	 * the buffer.
 	 */
 	cds_list_for_each_entry(session, &session_list_ptr->head, list) {
+		/*
+		 * Only list the sessions the user can control.
+		 */
+		if (!session_access_ok(session, uid, gid)) {
+			continue;
+		}
 		strncpy(sessions[i].path, session->path, PATH_MAX);
 		sessions[i].path[PATH_MAX - 1] = '\0';
 		strncpy(sessions[i].name, session->name, NAME_MAX);
@@ -3315,6 +3358,18 @@ static int process_client_msg(struct command_ctx *cmd_ctx)
 		break;
 	}
 
+	/*
+	 * Check that the UID or GID match that of the tracing session.
+	 * The root user can interact with all sessions.
+	 */
+	if (need_tracing_session) {
+		if (!session_access_ok(cmd_ctx->session,
+				cmd_ctx->creds.uid, cmd_ctx->creds.gid)) {
+			ret = LTTCOMM_EPERM;
+			goto error;
+		}
+	}
+
 	/* Process by command type */
 	switch (cmd_ctx->lsm->cmd_type) {
 	case LTTNG_ADD_CONTEXT:
@@ -3500,23 +3555,24 @@ static int process_client_msg(struct command_ctx *cmd_ctx)
 	}
 	case LTTNG_LIST_SESSIONS:
 	{
-		session_lock_list();
+		unsigned int nr_sessions;
 
-		if (session_list_ptr->count == 0) {
+		session_lock_list();
+		nr_sessions = lttng_sessions_count(cmd_ctx->creds.uid, cmd_ctx->creds.gid);
+		if (nr_sessions == 0) {
 			ret = LTTCOMM_NO_SESSION;
 			session_unlock_list();
 			goto error;
 		}
-
-		ret = setup_lttng_msg(cmd_ctx, sizeof(struct lttng_session) *
-				session_list_ptr->count);
+		ret = setup_lttng_msg(cmd_ctx, sizeof(struct lttng_session) * nr_sessions);
 		if (ret < 0) {
 			session_unlock_list();
 			goto setup_error;
 		}
 
 		/* Filled the session array */
-		list_lttng_sessions((struct lttng_session *)(cmd_ctx->llm->payload));
+		list_lttng_sessions((struct lttng_session *)(cmd_ctx->llm->payload),
+			cmd_ctx->creds.uid, cmd_ctx->creds.gid);
 
 		session_unlock_list();