Fix: run_as_mkdirat returns value of errno
[lttng-tools.git] / src / common / runas.c
1 /*
2 * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
3 * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License, version 2 only,
7 * as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17 */
18
19 #define _LGPL_SOURCE
20 #include <errno.h>
21 #include <limits.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <sys/wait.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <unistd.h>
29 #include <fcntl.h>
30 #include <sched.h>
31 #include <signal.h>
32 #include <assert.h>
33 #include <signal.h>
34
35 #include <common/lttng-kernel.h>
36 #include <common/common.h>
37 #include <common/utils.h>
38 #include <common/compat/getenv.h>
39 #include <common/compat/prctl.h>
40 #include <common/unix.h>
41 #include <common/defaults.h>
42 #include <common/lttng-elf.h>
43
44 #include <lttng/constant.h>
45
46 #include "runas.h"
47
48 struct run_as_data;
49 struct run_as_ret;
50 typedef int (*run_as_fct)(struct run_as_data *data, struct run_as_ret *ret_value);
51
52 struct run_as_mkdirat_data {
53 char path[PATH_MAX];
54 mode_t mode;
55 };
56
57 struct run_as_open_data {
58 char path[PATH_MAX];
59 int flags;
60 mode_t mode;
61 };
62
63 struct run_as_unlink_data {
64 char path[PATH_MAX];
65 };
66
67 struct run_as_rmdir_recursive_data {
68 char path[PATH_MAX];
69 };
70
71 struct run_as_extract_elf_symbol_offset_data {
72 char function[LTTNG_SYMBOL_NAME_LEN];
73 };
74
75 struct run_as_extract_sdt_probe_offsets_data {
76 char probe_name[LTTNG_SYMBOL_NAME_LEN];
77 char provider_name[LTTNG_SYMBOL_NAME_LEN];
78 };
79
80 struct run_as_mkdirat_ret {
81 int ret;
82 };
83
84 struct run_as_open_ret {
85 int ret;
86 };
87
88 struct run_as_unlink_ret {
89 int ret;
90 };
91
92 struct run_as_rmdir_recursive_ret {
93 int ret;
94 };
95
96 struct run_as_extract_elf_symbol_offset_ret {
97 uint64_t offset;
98 };
99
100 struct run_as_extract_sdt_probe_offsets_ret {
101 uint32_t num_offset;
102 uint64_t offsets[LTTNG_KERNEL_MAX_UPROBE_NUM];
103 };
104
105 enum run_as_cmd {
106 RUN_AS_MKDIR,
107 RUN_AS_MKDIRAT,
108 RUN_AS_MKDIR_RECURSIVE,
109 RUN_AS_MKDIRAT_RECURSIVE,
110 RUN_AS_OPEN,
111 RUN_AS_OPENAT,
112 RUN_AS_UNLINK,
113 RUN_AS_UNLINKAT,
114 RUN_AS_RMDIR_RECURSIVE,
115 RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET,
116 RUN_AS_EXTRACT_SDT_PROBE_OFFSETS,
117 };
118
119 struct run_as_data {
120 enum run_as_cmd cmd;
121 int fd;
122 union {
123 struct run_as_mkdirat_data mkdirat;
124 struct run_as_open_data open;
125 struct run_as_unlink_data unlink;
126 struct run_as_rmdir_recursive_data rmdir_recursive;
127 struct run_as_extract_elf_symbol_offset_data extract_elf_symbol_offset;
128 struct run_as_extract_sdt_probe_offsets_data extract_sdt_probe_offsets;
129 } u;
130 uid_t uid;
131 gid_t gid;
132 };
133
134 /*
135 * The run_as_ret structure holds the returned value and status of the command.
136 *
137 * The `u` union field holds the return value of the command; in most cases it
138 * represents the success or the failure of the command. In more complex
139 * commands, it holds a computed value.
140 *
141 * The _errno field is the errno recorded after the execution of the command.
142 *
143 * The _error fields is used the signify that return status of the command. For
144 * simple commands returning `int` the _error field will be the same as the
145 * ret_int field. In complex commands, it signify the success or failure of the
146 * command.
147 *
148 */
149 struct run_as_ret {
150 int fd;
151 union {
152 struct run_as_mkdirat_ret mkdirat;
153 struct run_as_open_ret open;
154 struct run_as_unlink_ret unlink;
155 struct run_as_rmdir_recursive_ret rmdir_recursive;
156 struct run_as_extract_elf_symbol_offset_ret extract_elf_symbol_offset;
157 struct run_as_extract_sdt_probe_offsets_ret extract_sdt_probe_offsets;
158 } u;
159 int _errno;
160 bool _error;
161 };
162
163 struct run_as_worker {
164 pid_t pid; /* Worker PID. */
165 int sockpair[2];
166 char *procname;
167 };
168
169 /* Single global worker per process (for now). */
170 static struct run_as_worker *global_worker;
171 /* Lock protecting the worker. */
172 static pthread_mutex_t worker_lock = PTHREAD_MUTEX_INITIALIZER;
173
174 #ifdef VALGRIND
175 static
176 int use_clone(void)
177 {
178 return 0;
179 }
180 #else
181 static
182 int use_clone(void)
183 {
184 return !lttng_secure_getenv("LTTNG_DEBUG_NOCLONE");
185 }
186 #endif
187
188 /*
189 * Create recursively directory using the FULL path.
190 */
191 static
192 int _mkdirat_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
193 {
194 const char *path;
195 mode_t mode;
196 struct lttng_directory_handle handle;
197
198 path = data->u.mkdirat.path;
199 mode = data->u.mkdirat.mode;
200
201 (void) lttng_directory_handle_init_from_dirfd(&handle, data->fd);
202 /* Ownership of dirfd is transferred to the handle. */
203 data->fd = -1;
204 /* Safe to call as we have transitioned to the requested uid/gid. */
205 ret_value->u.mkdirat.ret =
206 lttng_directory_handle_create_subdirectory_recursive(
207 &handle, path, mode);
208 ret_value->_errno = errno;
209 ret_value->_error = (ret_value->u.mkdirat.ret) ? true : false;
210 lttng_directory_handle_fini(&handle);
211 return ret_value->u.mkdirat.ret;
212 }
213
214 static
215 int _mkdirat(struct run_as_data *data, struct run_as_ret *ret_value)
216 {
217 const char *path;
218 mode_t mode;
219 struct lttng_directory_handle handle;
220
221 path = data->u.mkdirat.path;
222 mode = data->u.mkdirat.mode;
223
224 (void) lttng_directory_handle_init_from_dirfd(&handle, data->fd);
225 /* Ownership of dirfd is transferred to the handle. */
226 data->fd = -1;
227 /* Safe to call as we have transitioned to the requested uid/gid. */
228 ret_value->u.mkdirat.ret =
229 lttng_directory_handle_create_subdirectory(
230 &handle, path, mode);
231 ret_value->_errno = errno;
232 ret_value->_error = (ret_value->u.mkdirat.ret) ? true : false;
233 lttng_directory_handle_fini(&handle);
234 return ret_value->u.mkdirat.ret;
235 }
236
237 static
238 int _open(struct run_as_data *data, struct run_as_ret *ret_value)
239 {
240 ret_value->u.open.ret = openat(data->fd, data->u.open.path,
241 data->u.open.flags, data->u.open.mode);
242 ret_value->fd = ret_value->u.open.ret;
243 ret_value->_errno = errno;
244 ret_value->_error = ret_value->u.open.ret < 0;
245 return ret_value->u.open.ret;
246 }
247
248 static
249 int _unlink(struct run_as_data *data, struct run_as_ret *ret_value)
250 {
251 ret_value->u.unlink.ret = unlinkat(data->fd, data->u.unlink.path, 0);
252 ret_value->_errno = errno;
253 ret_value->_error = (ret_value->u.unlink.ret) ? true : false;
254 return ret_value->u.unlink.ret;
255 }
256
257 static
258 int _rmdir_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
259 {
260 ret_value->u.rmdir_recursive.ret = utils_recursive_rmdir(data->u.rmdir_recursive.path);
261 ret_value->_errno = errno;
262 ret_value->_error = (ret_value->u.rmdir_recursive.ret) ? true : false;
263 return ret_value->u.rmdir_recursive.ret;
264 }
265
266 #ifdef HAVE_ELF_H
267 static
268 int _extract_elf_symbol_offset(struct run_as_data *data,
269 struct run_as_ret *ret_value)
270 {
271 int ret = 0;
272 ret_value->_error = false;
273
274 ret = lttng_elf_get_symbol_offset(data->fd,
275 data->u.extract_elf_symbol_offset.function,
276 &ret_value->u.extract_elf_symbol_offset.offset);
277 if (ret) {
278 DBG("Failed to extract ELF function offset");
279 ret_value->_error = true;
280 }
281
282 return ret;
283 }
284
285 static
286 int _extract_sdt_probe_offsets(struct run_as_data *data,
287 struct run_as_ret *ret_value)
288 {
289 int ret = 0;
290 uint64_t *offsets = NULL;
291 uint32_t num_offset;
292
293 ret_value->_error = false;
294
295 /* On success, this call allocates the offsets paramater. */
296 ret = lttng_elf_get_sdt_probe_offsets(data->fd,
297 data->u.extract_sdt_probe_offsets.provider_name,
298 data->u.extract_sdt_probe_offsets.probe_name,
299 &offsets, &num_offset);
300
301 if (ret) {
302 DBG("Failed to extract SDT probe offsets");
303 ret_value->_error = true;
304 goto end;
305 }
306
307 if (num_offset <= 0 || num_offset > LTTNG_KERNEL_MAX_UPROBE_NUM) {
308 DBG("Wrong number of probes.");
309 ret = -1;
310 ret_value->_error = true;
311 goto free_offset;
312 }
313
314 /* Copy the content of the offsets array to the ret struct. */
315 memcpy(ret_value->u.extract_sdt_probe_offsets.offsets,
316 offsets, num_offset * sizeof(uint64_t));
317
318 ret_value->u.extract_sdt_probe_offsets.num_offset = num_offset;
319
320 free_offset:
321 free(offsets);
322 end:
323 return ret;
324 }
325 #else
326 static
327 int _extract_elf_symbol_offset(struct run_as_data *data,
328 struct run_as_ret *ret_value)
329 {
330 ERR("Unimplemented runas command RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET");
331 return -1;
332 }
333
334 static
335 int _extract_sdt_probe_offsets(struct run_as_data *data,
336 struct run_as_ret *ret_value)
337 {
338 ERR("Unimplemented runas command RUN_AS_EXTRACT_SDT_PROBE_OFFSETS");
339 return -1;
340 }
341 #endif
342
343 static
344 run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
345 {
346 switch (cmd) {
347 case RUN_AS_MKDIR:
348 case RUN_AS_MKDIRAT:
349 return _mkdirat;
350 case RUN_AS_MKDIR_RECURSIVE:
351 case RUN_AS_MKDIRAT_RECURSIVE:
352 return _mkdirat_recursive;
353 case RUN_AS_OPEN:
354 case RUN_AS_OPENAT:
355 return _open;
356 case RUN_AS_UNLINK:
357 case RUN_AS_UNLINKAT:
358 return _unlink;
359 case RUN_AS_RMDIR_RECURSIVE:
360 return _rmdir_recursive;
361 case RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET:
362 return _extract_elf_symbol_offset;
363 case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
364 return _extract_sdt_probe_offsets;
365 default:
366 ERR("Unknown command %d", (int) cmd);
367 return NULL;
368 }
369 }
370
371 static
372 int do_send_fd(int sock, int fd)
373 {
374 ssize_t len;
375
376 if (fd < 0) {
377 ERR("Attempt to send invalid file descriptor to master (fd = %i)", fd);
378 /* Return 0 as this is not a fatal error. */
379 return 0;
380 }
381
382 len = lttcomm_send_fds_unix_sock(sock, &fd, 1);
383 if (len < 0) {
384 PERROR("lttcomm_send_fds_unix_sock");
385 return -1;
386 }
387 return 0;
388 }
389
390 static
391 int do_recv_fd(int sock, int *fd)
392 {
393 ssize_t len;
394
395 len = lttcomm_recv_fds_unix_sock(sock, fd, 1);
396
397 if (!len) {
398 return -1;
399 } else if (len < 0) {
400 PERROR("lttcomm_recv_fds_unix_sock");
401 return -1;
402 }
403 if (*fd < 0) {
404 ERR("Invalid file descriptor received from worker (fd = %i)", *fd);
405 /* Return 0 as this is not a fatal error. */
406 return 0;
407 }
408
409 return 0;
410 }
411
412 static
413 int send_fd_to_worker(struct run_as_worker *worker, enum run_as_cmd cmd, int fd)
414 {
415 int ret = 0;
416
417 switch (cmd) {
418 case RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET:
419 case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
420 case RUN_AS_MKDIRAT:
421 case RUN_AS_MKDIRAT_RECURSIVE:
422 case RUN_AS_OPENAT:
423 case RUN_AS_UNLINKAT:
424 break;
425 default:
426 return 0;
427 }
428
429 if (fd < 0) {
430 ERR("Refusing to send invalid fd to worker (fd = %i)", fd);
431 return -1;
432 }
433
434 ret = do_send_fd(worker->sockpair[0], fd);
435 if (ret < 0) {
436 PERROR("do_send_fd");
437 ret = -1;
438 }
439
440 return ret;
441 }
442
443 static
444 int send_fd_to_master(struct run_as_worker *worker, enum run_as_cmd cmd, int fd)
445 {
446 int ret = 0, ret_close = 0;
447
448 switch (cmd) {
449 case RUN_AS_OPEN:
450 case RUN_AS_OPENAT:
451 break;
452 default:
453 return 0;
454 }
455
456 if (fd < 0) {
457 DBG("Not sending file descriptor to master as it is invalid (fd = %i)", fd);
458 return 0;
459 }
460 ret = do_send_fd(worker->sockpair[1], fd);
461 if (ret < 0) {
462 PERROR("do_send_fd error");
463 ret = -1;
464 }
465
466 ret_close = close(fd);
467 if (ret_close < 0) {
468 PERROR("close");
469 }
470
471 return ret;
472 }
473
474 static
475 int recv_fd_from_worker(struct run_as_worker *worker, enum run_as_cmd cmd, int *fd)
476 {
477 int ret = 0;
478
479 switch (cmd) {
480 case RUN_AS_OPEN:
481 case RUN_AS_OPENAT:
482 break;
483 default:
484 return 0;
485 }
486
487 ret = do_recv_fd(worker->sockpair[0], fd);
488 if (ret < 0) {
489 PERROR("do_recv_fd error");
490 ret = -1;
491 }
492
493 return ret;
494 }
495
496 static
497 int recv_fd_from_master(struct run_as_worker *worker, enum run_as_cmd cmd, int *fd)
498 {
499 int ret = 0;
500
501 switch (cmd) {
502 case RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET:
503 case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
504 case RUN_AS_MKDIRAT:
505 case RUN_AS_MKDIRAT_RECURSIVE:
506 case RUN_AS_OPENAT:
507 case RUN_AS_UNLINKAT:
508 break;
509 case RUN_AS_MKDIR:
510 case RUN_AS_MKDIR_RECURSIVE:
511 case RUN_AS_OPEN:
512 case RUN_AS_UNLINK:
513 *fd = AT_FDCWD;
514 /* fall-through */
515 default:
516 return 0;
517 }
518
519 ret = do_recv_fd(worker->sockpair[1], fd);
520 if (ret < 0) {
521 PERROR("do_recv_fd error");
522 ret = -1;
523 }
524
525 return ret;
526 }
527
528 static
529 int cleanup_received_fd(enum run_as_cmd cmd, int fd)
530 {
531 int ret = 0;
532
533 switch (cmd) {
534 case RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET:
535 case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
536 case RUN_AS_MKDIRAT:
537 case RUN_AS_MKDIRAT_RECURSIVE:
538 case RUN_AS_OPEN:
539 case RUN_AS_OPENAT:
540 case RUN_AS_UNLINK:
541 case RUN_AS_UNLINKAT:
542 break;
543 default:
544 return 0;
545 }
546
547 if (fd < 0) {
548 return 0;
549 }
550 ret = close(fd);
551 if (ret < 0) {
552 PERROR("close error");
553 ret = -1;
554 }
555
556 return ret;
557 }
558
559 /*
560 * Return < 0 on error, 0 if OK, 1 on hangup.
561 */
562 static
563 int handle_one_cmd(struct run_as_worker *worker)
564 {
565 int ret = 0;
566 struct run_as_data data;
567 ssize_t readlen, writelen;
568 struct run_as_ret sendret;
569 run_as_fct cmd;
570 uid_t prev_euid;
571
572 memset(&sendret, 0, sizeof(sendret));
573 sendret.fd = -1;
574
575 /*
576 * Stage 1: Receive run_as_data struct from the master.
577 * The structure contains the command type and all the parameters needed for
578 * its execution
579 */
580 readlen = lttcomm_recv_unix_sock(worker->sockpair[1], &data,
581 sizeof(data));
582 if (readlen == 0) {
583 /* hang up */
584 ret = 1;
585 goto end;
586 }
587 if (readlen < sizeof(data)) {
588 PERROR("lttcomm_recv_unix_sock error");
589 ret = -1;
590 goto end;
591 }
592
593 cmd = run_as_enum_to_fct(data.cmd);
594 if (!cmd) {
595 ret = -1;
596 goto end;
597 }
598
599 /*
600 * Stage 2: Receive file descriptor from master.
601 * Some commands need a file descriptor as input so if it's needed we
602 * receive the fd using the Unix socket.
603 */
604 ret = recv_fd_from_master(worker, data.cmd, &data.fd);
605 if (ret < 0) {
606 PERROR("recv_fd_from_master error");
607 ret = -1;
608 goto end;
609 }
610
611 prev_euid = getuid();
612 if (data.gid != getegid()) {
613 ret = setegid(data.gid);
614 if (ret < 0) {
615 sendret._error = true;
616 sendret._errno = errno;
617 PERROR("setegid");
618 goto write_return;
619 }
620 }
621 if (data.uid != prev_euid) {
622 ret = seteuid(data.uid);
623 if (ret < 0) {
624 sendret._error = true;
625 sendret._errno = errno;
626 PERROR("seteuid");
627 goto write_return;
628 }
629 }
630
631 /*
632 * Also set umask to 0 for mkdir executable bit.
633 */
634 umask(0);
635
636 /*
637 * Stage 3: Execute the command
638 */
639 ret = (*cmd)(&data, &sendret);
640 if (ret < 0) {
641 DBG("Execution of command returned an error");
642 }
643
644 write_return:
645 ret = cleanup_received_fd(data.cmd, data.fd);
646 if (ret < 0) {
647 ERR("Error cleaning up FD");
648 goto end;
649 }
650
651 /*
652 * Stage 4: Send run_as_ret structure to the master.
653 * This structure contain the return value of the command and the errno.
654 */
655 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
656 sizeof(sendret));
657 if (writelen < sizeof(sendret)) {
658 PERROR("lttcomm_send_unix_sock error");
659 ret = -1;
660 goto end;
661 }
662
663 /*
664 * Stage 5: Send file descriptor to the master
665 * Some commands return a file descriptor so if it's needed we pass it back
666 * to the master using the Unix socket.
667 */
668 ret = send_fd_to_master(worker, data.cmd, sendret.fd);
669 if (ret < 0) {
670 DBG("Sending FD to master returned an error");
671 goto end;
672 }
673
674 if (seteuid(prev_euid) < 0) {
675 PERROR("seteuid");
676 ret = -1;
677 goto end;
678 }
679 ret = 0;
680 end:
681 return ret;
682 }
683
684 static
685 int run_as_worker(struct run_as_worker *worker)
686 {
687 int ret;
688 ssize_t writelen;
689 struct run_as_ret sendret;
690 size_t proc_orig_len;
691
692 /*
693 * Initialize worker. Set a different process cmdline.
694 */
695 proc_orig_len = strlen(worker->procname);
696 memset(worker->procname, 0, proc_orig_len);
697 strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
698
699 ret = lttng_prctl(PR_SET_NAME,
700 (unsigned long) DEFAULT_RUN_AS_WORKER_NAME, 0, 0, 0);
701 if (ret && ret != -ENOSYS) {
702 /* Don't fail as this is not essential. */
703 PERROR("prctl PR_SET_NAME");
704 }
705
706 memset(&sendret, 0, sizeof(sendret));
707
708 writelen = lttcomm_send_unix_sock(worker->sockpair[1], &sendret,
709 sizeof(sendret));
710 if (writelen < sizeof(sendret)) {
711 PERROR("lttcomm_send_unix_sock error");
712 ret = EXIT_FAILURE;
713 goto end;
714 }
715
716 for (;;) {
717 ret = handle_one_cmd(worker);
718 if (ret < 0) {
719 ret = EXIT_FAILURE;
720 goto end;
721 } else if (ret > 0) {
722 break;
723 } else {
724 continue; /* Next command. */
725 }
726 }
727 ret = EXIT_SUCCESS;
728 end:
729 return ret;
730 }
731
732 static
733 int run_as_cmd(struct run_as_worker *worker,
734 enum run_as_cmd cmd,
735 struct run_as_data *data,
736 struct run_as_ret *ret_value,
737 uid_t uid, gid_t gid)
738 {
739 int ret = 0;
740 ssize_t readlen, writelen;
741
742 /*
743 * If we are non-root, we can only deal with our own uid.
744 */
745 if (geteuid() != 0) {
746 if (uid != geteuid()) {
747 ret = -1;
748 ret_value->_errno = EPERM;
749 ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
750 (int) uid, (int) geteuid());
751 goto end;
752 }
753 }
754
755 data->cmd = cmd;
756 data->uid = uid;
757 data->gid = gid;
758
759 /*
760 * Stage 1: Send the run_as_data struct to the worker process
761 */
762 writelen = lttcomm_send_unix_sock(worker->sockpair[0], data,
763 sizeof(*data));
764 if (writelen < sizeof(*data)) {
765 PERROR("Error writing message to run_as");
766 ret = -1;
767 ret_value->_errno = EIO;
768 goto end;
769 }
770
771 /*
772 * Stage 2: Send file descriptor to the worker process if needed
773 */
774 ret = send_fd_to_worker(worker, data->cmd, data->fd);
775 if (ret) {
776 PERROR("do_send_fd error");
777 ret = -1;
778 ret_value->_errno = EIO;
779 goto end;
780 }
781
782 /*
783 * Stage 3: Wait for the execution of the command
784 */
785
786 /*
787 * Stage 4: Receive the run_as_ret struct containing the return value and
788 * errno
789 */
790 readlen = lttcomm_recv_unix_sock(worker->sockpair[0], ret_value,
791 sizeof(*ret_value));
792 if (!readlen) {
793 ERR("Run-as worker has hung-up during run_as_cmd");
794 ret = -1;
795 ret_value->_errno = EIO;
796 goto end;
797 } else if (readlen < sizeof(*ret_value)) {
798 PERROR("Error reading response from run_as");
799 ret = -1;
800 ret_value->_errno = errno;
801 goto end;
802 }
803
804 if (ret_value->_error) {
805 /* Skip stage 5 on error as there will be no fd to receive. */
806 goto end;
807 }
808
809 /*
810 * Stage 5: Receive file descriptor if needed
811 */
812 ret = recv_fd_from_worker(worker, data->cmd, &ret_value->fd);
813 if (ret < 0) {
814 ERR("Error receiving fd");
815 ret = -1;
816 ret_value->_errno = EIO;
817 }
818
819 end:
820 return ret;
821 }
822
823 /*
824 * This is for debugging ONLY and should not be considered secure.
825 */
826 static
827 int run_as_noworker(enum run_as_cmd cmd,
828 struct run_as_data *data, struct run_as_ret *ret_value,
829 uid_t uid, gid_t gid)
830 {
831 int ret, saved_errno;
832 mode_t old_mask;
833 run_as_fct fct;
834
835 fct = run_as_enum_to_fct(cmd);
836 if (!fct) {
837 errno = -ENOSYS;
838 ret = -1;
839 goto end;
840 }
841 old_mask = umask(0);
842 ret = fct(data, ret_value);
843 saved_errno = ret_value->_errno;
844 umask(old_mask);
845 errno = saved_errno;
846 end:
847 return ret;
848 }
849
850 static
851 int reset_sighandler(void)
852 {
853 int sig;
854
855 DBG("Resetting run_as worker signal handlers to default");
856 for (sig = 1; sig <= 31; sig++) {
857 (void) signal(sig, SIG_DFL);
858 }
859 return 0;
860 }
861
862 static
863 void worker_sighandler(int sig)
864 {
865 const char *signame;
866
867 /*
868 * The worker will inherit its parent's signals since they are part of
869 * the same process group. However, in the case of SIGINT and SIGTERM,
870 * we want to give the worker a chance to teardown gracefully when its
871 * parent closes the command socket.
872 */
873 switch (sig) {
874 case SIGINT:
875 signame = "SIGINT";
876 break;
877 case SIGTERM:
878 signame = "SIGTERM";
879 break;
880 default:
881 signame = NULL;
882 }
883
884 if (signame) {
885 DBG("run_as worker received signal %s", signame);
886 } else {
887 DBG("run_as_worker received signal %d", sig);
888 }
889 }
890
891 static
892 int set_worker_sighandlers(void)
893 {
894 int ret = 0;
895 sigset_t sigset;
896 struct sigaction sa;
897
898 if ((ret = sigemptyset(&sigset)) < 0) {
899 PERROR("sigemptyset");
900 goto end;
901 }
902
903 sa.sa_handler = worker_sighandler;
904 sa.sa_mask = sigset;
905 sa.sa_flags = 0;
906 if ((ret = sigaction(SIGINT, &sa, NULL)) < 0) {
907 PERROR("sigaction SIGINT");
908 goto end;
909 }
910
911 if ((ret = sigaction(SIGTERM, &sa, NULL)) < 0) {
912 PERROR("sigaction SIGTERM");
913 goto end;
914 }
915
916 DBG("run_as signal handler set for SIGTERM and SIGINT");
917 end:
918 return ret;
919 }
920
921 static
922 int run_as_create_worker_no_lock(const char *procname,
923 post_fork_cleanup_cb clean_up_func,
924 void *clean_up_user_data)
925 {
926 pid_t pid;
927 int i, ret = 0;
928 ssize_t readlen;
929 struct run_as_ret recvret;
930 struct run_as_worker *worker;
931
932 assert(!global_worker);
933 if (!use_clone()) {
934 /*
935 * Don't initialize a worker, all run_as tasks will be performed
936 * in the current process.
937 */
938 ret = 0;
939 goto end;
940 }
941 worker = zmalloc(sizeof(*worker));
942 if (!worker) {
943 ret = -ENOMEM;
944 goto end;
945 }
946 worker->procname = strdup(procname);
947 if (!worker->procname) {
948 ret = -ENOMEM;
949 goto error_procname_alloc;
950 }
951 /* Create unix socket. */
952 if (lttcomm_create_anon_unix_socketpair(worker->sockpair) < 0) {
953 ret = -1;
954 goto error_sock;
955 }
956
957 /* Fork worker. */
958 pid = fork();
959 if (pid < 0) {
960 PERROR("fork");
961 ret = -1;
962 goto error_fork;
963 } else if (pid == 0) {
964 /* Child */
965
966 reset_sighandler();
967
968 set_worker_sighandlers();
969 if (clean_up_func) {
970 if (clean_up_func(clean_up_user_data) < 0) {
971 ERR("Run-as post-fork clean-up failed, exiting.");
972 exit(EXIT_FAILURE);
973 }
974 }
975
976 /* Just close, no shutdown. */
977 if (close(worker->sockpair[0])) {
978 PERROR("close");
979 exit(EXIT_FAILURE);
980 }
981
982 /*
983 * Close all FDs aside from STDIN, STDOUT, STDERR and sockpair[1]
984 * Sockpair[1] is used as a control channel with the master
985 */
986 for (i = 3; i < sysconf(_SC_OPEN_MAX); i++) {
987 if (i != worker->sockpair[1]) {
988 (void) close(i);
989 }
990 }
991
992 worker->sockpair[0] = -1;
993 ret = run_as_worker(worker);
994 if (lttcomm_close_unix_sock(worker->sockpair[1])) {
995 PERROR("close");
996 ret = -1;
997 }
998 worker->sockpair[1] = -1;
999 free(worker->procname);
1000 free(worker);
1001 LOG(ret ? PRINT_ERR : PRINT_DBG, "run_as worker exiting (ret = %d)", ret);
1002 exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
1003 } else {
1004 /* Parent */
1005
1006 /* Just close, no shutdown. */
1007 if (close(worker->sockpair[1])) {
1008 PERROR("close");
1009 ret = -1;
1010 goto error_fork;
1011 }
1012 worker->sockpair[1] = -1;
1013 worker->pid = pid;
1014 /* Wait for worker to become ready. */
1015 readlen = lttcomm_recv_unix_sock(worker->sockpair[0],
1016 &recvret, sizeof(recvret));
1017 if (readlen < sizeof(recvret)) {
1018 ERR("readlen: %zd", readlen);
1019 PERROR("Error reading response from run_as at creation");
1020 ret = -1;
1021 goto error_fork;
1022 }
1023 global_worker = worker;
1024 }
1025 end:
1026 return ret;
1027
1028 /* Error handling. */
1029 error_fork:
1030 for (i = 0; i < 2; i++) {
1031 if (worker->sockpair[i] < 0) {
1032 continue;
1033 }
1034 if (lttcomm_close_unix_sock(worker->sockpair[i])) {
1035 PERROR("close");
1036 }
1037 worker->sockpair[i] = -1;
1038 }
1039 error_sock:
1040 free(worker->procname);
1041 error_procname_alloc:
1042 free(worker);
1043 return ret;
1044 }
1045
1046 static
1047 void run_as_destroy_worker_no_lock(void)
1048 {
1049 struct run_as_worker *worker = global_worker;
1050
1051 DBG("Destroying run_as worker");
1052 if (!worker) {
1053 return;
1054 }
1055 /* Close unix socket */
1056 DBG("Closing run_as worker socket");
1057 if (lttcomm_close_unix_sock(worker->sockpair[0])) {
1058 PERROR("close");
1059 }
1060 worker->sockpair[0] = -1;
1061 /* Wait for worker. */
1062 for (;;) {
1063 int status;
1064 pid_t wait_ret;
1065
1066 wait_ret = waitpid(worker->pid, &status, 0);
1067 if (wait_ret < 0) {
1068 if (errno == EINTR) {
1069 continue;
1070 }
1071 PERROR("waitpid");
1072 break;
1073 }
1074
1075 if (WIFEXITED(status)) {
1076 LOG(WEXITSTATUS(status) == 0 ? PRINT_DBG : PRINT_ERR,
1077 DEFAULT_RUN_AS_WORKER_NAME " terminated with status code %d",
1078 WEXITSTATUS(status));
1079 break;
1080 } else if (WIFSIGNALED(status)) {
1081 ERR(DEFAULT_RUN_AS_WORKER_NAME " was killed by signal %d",
1082 WTERMSIG(status));
1083 break;
1084 }
1085 }
1086 free(worker->procname);
1087 free(worker);
1088 global_worker = NULL;
1089 }
1090
1091 static
1092 int run_as_restart_worker(struct run_as_worker *worker)
1093 {
1094 int ret = 0;
1095 char *procname = NULL;
1096
1097 procname = worker->procname;
1098
1099 /* Close socket to run_as worker process and clean up the zombie process */
1100 run_as_destroy_worker_no_lock();
1101
1102 /* Create a new run_as worker process*/
1103 ret = run_as_create_worker_no_lock(procname, NULL, NULL);
1104 if (ret < 0 ) {
1105 ERR("Restarting the worker process failed");
1106 ret = -1;
1107 goto err;
1108 }
1109 err:
1110 return ret;
1111 }
1112
1113 static
1114 int run_as(enum run_as_cmd cmd, struct run_as_data *data,
1115 struct run_as_ret *ret_value, uid_t uid, gid_t gid)
1116 {
1117 int ret, saved_errno;
1118
1119 pthread_mutex_lock(&worker_lock);
1120 if (use_clone()) {
1121 DBG("Using run_as worker");
1122
1123 assert(global_worker);
1124
1125 ret = run_as_cmd(global_worker, cmd, data, ret_value, uid, gid);
1126 saved_errno = ret_value->_errno;
1127
1128 /*
1129 * If the worker thread crashed the errno is set to EIO. we log
1130 * the error and start a new worker process.
1131 */
1132 if (ret == -1 && saved_errno == EIO) {
1133 DBG("Socket closed unexpectedly... "
1134 "Restarting the worker process");
1135 ret = run_as_restart_worker(global_worker);
1136 if (ret == -1) {
1137 ERR("Failed to restart worker process.");
1138 goto err;
1139 }
1140 }
1141 } else {
1142 DBG("Using run_as without worker");
1143 ret = run_as_noworker(cmd, data, ret_value, uid, gid);
1144 }
1145 err:
1146 pthread_mutex_unlock(&worker_lock);
1147 return ret;
1148 }
1149
1150 LTTNG_HIDDEN
1151 int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid)
1152 {
1153 return run_as_mkdirat_recursive(AT_FDCWD, path, mode, uid, gid);
1154 }
1155
1156 LTTNG_HIDDEN
1157 int run_as_mkdirat_recursive(int dirfd, const char *path, mode_t mode,
1158 uid_t uid, gid_t gid)
1159 {
1160 int ret;
1161 struct run_as_data data;
1162 struct run_as_ret run_as_ret;
1163
1164 memset(&data, 0, sizeof(data));
1165 memset(&run_as_ret, 0, sizeof(run_as_ret));
1166 DBG3("mkdirat() recursive fd = %d%s, path = %s, mode = %d, uid = %d, gid = %d",
1167 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1168 path, (int) mode, (int) uid, (int) gid);
1169 ret = lttng_strncpy(data.u.mkdirat.path, path,
1170 sizeof(data.u.mkdirat.path));
1171 if (ret) {
1172 ERR("Failed to copy path argument of mkdirat recursive command");
1173 goto error;
1174 }
1175 data.u.mkdirat.path[PATH_MAX - 1] = '\0';
1176 data.u.mkdirat.mode = mode;
1177 data.fd = dirfd;
1178 run_as(dirfd == AT_FDCWD ? RUN_AS_MKDIR_RECURSIVE : RUN_AS_MKDIRAT_RECURSIVE,
1179 &data, &run_as_ret, uid, gid);
1180 errno = run_as_ret._errno;
1181 ret = run_as_ret.u.mkdirat.ret;
1182 error:
1183 return ret;
1184 }
1185
1186 LTTNG_HIDDEN
1187 int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid)
1188 {
1189 return run_as_mkdirat(AT_FDCWD, path, mode, uid, gid);
1190 }
1191
1192 LTTNG_HIDDEN
1193 int run_as_mkdirat(int dirfd, const char *path, mode_t mode,
1194 uid_t uid, gid_t gid)
1195 {
1196 int ret;
1197 struct run_as_data data;
1198 struct run_as_ret run_as_ret;
1199
1200 memset(&data, 0, sizeof(data));
1201 memset(&run_as_ret, 0, sizeof(run_as_ret));
1202
1203 DBG3("mkdirat() recursive fd = %d%s, path = %s, mode = %d, uid = %d, gid = %d",
1204 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1205 path, (int) mode, (int) uid, (int) gid);
1206 ret = lttng_strncpy(data.u.mkdirat.path, path,
1207 sizeof(data.u.mkdirat.path));
1208 if (ret) {
1209 ERR("Failed to copy path argument of mkdirat command");
1210 goto error;
1211 }
1212 data.u.mkdirat.path[PATH_MAX - 1] = '\0';
1213 data.u.mkdirat.mode = mode;
1214 data.fd = dirfd;
1215 run_as(dirfd == AT_FDCWD ? RUN_AS_MKDIR : RUN_AS_MKDIRAT,
1216 &data, &run_as_ret, uid, gid);
1217 errno = run_as_ret._errno;
1218 ret = run_as_ret.u.mkdirat.ret;
1219 error:
1220 return ret;
1221 }
1222
1223 LTTNG_HIDDEN
1224 int run_as_open(const char *path, int flags, mode_t mode, uid_t uid,
1225 gid_t gid)
1226 {
1227 return run_as_openat(AT_FDCWD, path, flags, mode, uid, gid);
1228 }
1229
1230 LTTNG_HIDDEN
1231 int run_as_openat(int dirfd, const char *path, int flags, mode_t mode,
1232 uid_t uid, gid_t gid)
1233 {
1234 struct run_as_data data;
1235 struct run_as_ret ret;
1236
1237 memset(&data, 0, sizeof(data));
1238 memset(&ret, 0, sizeof(ret));
1239
1240 DBG3("openat() fd = %d%s, path = %s, flags = %X, mode = %d, uid %d, gid %d",
1241 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1242 path, flags, (int) mode, (int) uid, (int) gid);
1243 strncpy(data.u.open.path, path, PATH_MAX - 1);
1244 data.u.open.path[PATH_MAX - 1] = '\0';
1245 data.u.open.flags = flags;
1246 data.u.open.mode = mode;
1247 data.fd = dirfd;
1248 run_as(dirfd == AT_FDCWD ? RUN_AS_OPEN : RUN_AS_OPENAT,
1249 &data, &ret, uid, gid);
1250 errno = ret._errno;
1251 ret.u.open.ret = ret.fd;
1252 return ret.u.open.ret;
1253 }
1254
1255 LTTNG_HIDDEN
1256 int run_as_unlink(const char *path, uid_t uid, gid_t gid)
1257 {
1258 return run_as_unlinkat(AT_FDCWD, path, uid, gid);
1259 }
1260
1261 LTTNG_HIDDEN
1262 int run_as_unlinkat(int dirfd, const char *path, uid_t uid, gid_t gid)
1263 {
1264 struct run_as_data data;
1265 struct run_as_ret ret;
1266
1267 memset(&data, 0, sizeof(data));
1268 memset(&ret, 0, sizeof(ret));
1269
1270 DBG3("unlinkat() fd = %d%s, path = %s, uid = %d, gid = %d",
1271 dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
1272 path, (int) uid, (int) gid);
1273 strncpy(data.u.unlink.path, path, PATH_MAX - 1);
1274 data.u.unlink.path[PATH_MAX - 1] = '\0';
1275 data.fd = dirfd;
1276 run_as(RUN_AS_UNLINK, &data, &ret, uid, gid);
1277 errno = ret._errno;
1278 return ret.u.unlink.ret;
1279 }
1280
1281 LTTNG_HIDDEN
1282 int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
1283 {
1284 struct run_as_data data;
1285 struct run_as_ret ret;
1286
1287 memset(&data, 0, sizeof(data));
1288 memset(&ret, 0, sizeof(ret));
1289
1290 DBG3("rmdir_recursive() %s with for uid %d and gid %d",
1291 path, (int) uid, (int) gid);
1292 strncpy(data.u.rmdir_recursive.path, path, PATH_MAX - 1);
1293 data.u.rmdir_recursive.path[PATH_MAX - 1] = '\0';
1294 run_as(RUN_AS_RMDIR_RECURSIVE, &data, &ret, uid, gid);
1295 errno = ret._errno;
1296 return ret.u.rmdir_recursive.ret;
1297 }
1298
1299 LTTNG_HIDDEN
1300 int run_as_extract_elf_symbol_offset(int fd, const char* function,
1301 uid_t uid, gid_t gid, uint64_t *offset)
1302 {
1303 struct run_as_data data;
1304 struct run_as_ret ret;
1305
1306 memset(&data, 0, sizeof(data));
1307 memset(&ret, 0, sizeof(ret));
1308
1309 DBG3("extract_elf_symbol_offset() on fd=%d and function=%s "
1310 "with for uid %d and gid %d", fd, function, (int) uid, (int) gid);
1311
1312 data.fd = fd;
1313
1314 strncpy(data.u.extract_elf_symbol_offset.function, function, LTTNG_SYMBOL_NAME_LEN - 1);
1315
1316 data.u.extract_elf_symbol_offset.function[LTTNG_SYMBOL_NAME_LEN - 1] = '\0';
1317
1318 run_as(RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET, &data, &ret, uid, gid);
1319
1320 errno = ret._errno;
1321
1322 if (ret._error) {
1323 return -1;
1324 }
1325
1326 *offset = ret.u.extract_elf_symbol_offset.offset;
1327 return 0;
1328 }
1329
1330 LTTNG_HIDDEN
1331 int run_as_extract_sdt_probe_offsets(int fd, const char* provider_name,
1332 const char* probe_name, uid_t uid, gid_t gid,
1333 uint64_t **offsets, uint32_t *num_offset)
1334 {
1335 struct run_as_data data;
1336 struct run_as_ret ret;
1337
1338 memset(&data, 0, sizeof(data));
1339 memset(&ret, 0, sizeof(ret));
1340
1341 DBG3("extract_sdt_probe_offsets() on fd=%d, probe_name=%s and "
1342 "provider_name=%s with for uid %d and gid %d", fd, probe_name,
1343 provider_name, (int) uid, (int) gid);
1344
1345 data.fd = fd;
1346
1347 strncpy(data.u.extract_sdt_probe_offsets.probe_name, probe_name, LTTNG_SYMBOL_NAME_LEN - 1);
1348 strncpy(data.u.extract_sdt_probe_offsets.provider_name, provider_name, LTTNG_SYMBOL_NAME_LEN - 1);
1349
1350 data.u.extract_sdt_probe_offsets.probe_name[LTTNG_SYMBOL_NAME_LEN - 1] = '\0';
1351 data.u.extract_sdt_probe_offsets.provider_name[LTTNG_SYMBOL_NAME_LEN - 1] = '\0';
1352
1353 run_as(RUN_AS_EXTRACT_SDT_PROBE_OFFSETS, &data, &ret, uid, gid);
1354
1355 errno = ret._errno;
1356
1357 if (ret._error) {
1358 return -1;
1359 }
1360
1361 *num_offset = ret.u.extract_sdt_probe_offsets.num_offset;
1362
1363 *offsets = zmalloc(*num_offset * sizeof(uint64_t));
1364 if (!*offsets) {
1365 return -ENOMEM;
1366 }
1367
1368 memcpy(*offsets, ret.u.extract_sdt_probe_offsets.offsets, *num_offset * sizeof(uint64_t));
1369 return 0;
1370 }
1371
1372 LTTNG_HIDDEN
1373 int run_as_create_worker(const char *procname,
1374 post_fork_cleanup_cb clean_up_func,
1375 void *clean_up_user_data)
1376 {
1377 int ret;
1378
1379 pthread_mutex_lock(&worker_lock);
1380 ret = run_as_create_worker_no_lock(procname, clean_up_func,
1381 clean_up_user_data);
1382 pthread_mutex_unlock(&worker_lock);
1383 return ret;
1384 }
1385
1386 LTTNG_HIDDEN
1387 void run_as_destroy_worker(void)
1388 {
1389 pthread_mutex_lock(&worker_lock);
1390 run_as_destroy_worker_no_lock();
1391 pthread_mutex_unlock(&worker_lock);
1392 }
This page took 0.073134 seconds and 4 git commands to generate.