diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-17 18:14:26 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-17 18:15:57 +0100 |
commit | bf34ab149f3038686bc75e1592179abac1700322 (patch) | |
tree | 42a953b9e17ef1614a890f699f245c84bd6a831b /src | |
parent | 7366b080b324caf66e2ca1671f8ce7f57ace7553 (diff) |
sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
Diffstat (limited to 'src')
-rw-r--r-- | src/libsystemd/libsystemd.sym.m4 | 6 | ||||
-rw-r--r-- | src/login/sd-login.c | 91 | ||||
-rw-r--r-- | src/login/test-login.c | 7 | ||||
-rw-r--r-- | src/systemd/sd-login.h | 28 |
4 files changed, 125 insertions, 7 deletions
diff --git a/src/libsystemd/libsystemd.sym.m4 b/src/libsystemd/libsystemd.sym.m4 index 290eabe1a0..e9c42d0044 100644 --- a/src/libsystemd/libsystemd.sym.m4 +++ b/src/libsystemd/libsystemd.sym.m4 @@ -129,6 +129,12 @@ local: LIBSYSTEMD_211 { global: sd_machine_get_class; + sd_peer_get_session; + sd_peer_get_owner_uid; + sd_peer_get_unit; + sd_peer_get_user_unit; + sd_peer_get_machine_name; + sd_peer_get_slice; m4_ifdef(`ENABLE_KDBUS', /* sd-bus */ diff --git a/src/login/sd-login.c b/src/login/sd-login.c index 4ad250eb37..d24b2ed1fd 100644 --- a/src/login/sd-login.c +++ b/src/login/sd-login.c @@ -81,8 +81,93 @@ _public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) { return cg_pid_get_owner_uid(pid, uid); } +_public_ int sd_peer_get_session(int fd, char **session) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(session, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_session(ucred.pid, session); +} + +_public_ int sd_peer_get_owner_uid(int fd, uid_t *uid) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(uid, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_owner_uid(ucred.pid, uid); +} + +_public_ int sd_peer_get_unit(int fd, char **unit) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(unit, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_unit(ucred.pid, unit); +} + +_public_ int sd_peer_get_user_unit(int fd, char **unit) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(unit, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_user_unit(ucred.pid, unit); +} + +_public_ int sd_peer_get_machine_name(int fd, char **machine) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(machine, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_machine_name(ucred.pid, machine); +} + +_public_ int sd_peer_get_slice(int fd, char **slice) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(slice, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_slice(ucred.pid, slice); +} + _public_ int sd_uid_get_state(uid_t uid, char**state) { - char *p, *s = NULL; + _cleanup_free_ char *p = NULL; + char *s = NULL; int r; assert_return(state, -EINVAL); @@ -91,16 +176,12 @@ _public_ int sd_uid_get_state(uid_t uid, char**state) { return -ENOMEM; r = parse_env_file(p, NEWLINE, "STATE", &s, NULL); - free(p); - if (r == -ENOENT) { free(s); s = strdup("offline"); if (!s) return -ENOMEM; - *state = s; - return 0; } else if (r < 0) { free(s); return r; diff --git a/src/login/test-login.c b/src/login/test-login.c index d78cea46af..2ab083bb71 100644 --- a/src/login/test-login.c +++ b/src/login/test-login.c @@ -28,6 +28,8 @@ #include "strv.h" static void test_login(void) { + _cleanup_close_pipe_ int pair[2] = { -1, -1 }; + _cleanup_free_ char *pp = NULL, *qq = NULL; int r, k; uid_t u, u2; char *seat, *type, *class, *display, *remote_user, *remote_host; @@ -47,6 +49,11 @@ static void test_login(void) { assert_se(sd_pid_get_owner_uid(0, &u2) == 0); printf("user = %lu\n", (unsigned long) u2); + assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0); + sd_peer_get_session(pair[0], &pp); + sd_peer_get_session(pair[1], &qq); + assert_se(streq_ptr(pp, qq)); + r = sd_uid_get_sessions(u2, false, &sessions); assert_se(r >= 0); assert_se(r == (int) strv_length(sessions)); diff --git a/src/systemd/sd-login.h b/src/systemd/sd-login.h index d6cfbc3133..87ebafb264 100644 --- a/src/systemd/sd-login.h +++ b/src/systemd/sd-login.h @@ -73,10 +73,34 @@ int sd_pid_get_user_unit(pid_t pid, char **unit); /* Get machine name from PID, for processes assigned to VM or * container. This will return an error for non-machine processes. */ -int sd_pid_get_machine_name(pid_t pid, char **name); +int sd_pid_get_machine_name(pid_t pid, char **machine); /* Get slice name from PID. */ -int sd_pid_get_slice(pid_t pid, char **name); +int sd_pid_get_slice(pid_t pid, char **slice); + +/* Similar to sd_pid_get_session(), but retrieves data about peer of + * connected AF_UNIX socket */ +int sd_peer_get_session(int fd, char **session); + +/* Similar to sd_pid_get_owner_uid(), but retrieves data about peer of + * connected AF_UNIX socket */ +int sd_peer_get_owner_uid(int fd, uid_t *uid); + +/* Similar to sd_pid_get_unit(), but retrieves data about peer of + * connected AF_UNIX socket */ +int sd_peer_get_unit(int fd, char **unit); + +/* Similar to sd_pid_get_user_unit(), but retrieves data about peer of + * connected AF_UNIX socket */ +int sd_peer_get_user_unit(int fd, char **unit); + +/* Similar to sd_pid_get_machine_name(), but retrieves data about peer + * of connected AF_UNIX socket */ +int sd_peer_get_machine_name(int fd, char **machine); + +/* Similar to sd_pid_get_slice(), but retrieves data about peer of + * connected AF_UNIX socket */ +int sd_peer_get_slice(int fd, char **slice); /* Get state from uid. Possible states: offline, lingering, online, active, closing */ int sd_uid_get_state(uid_t uid, char**state); |