From bf34ab149f3038686bc75e1592179abac1700322 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 17 Mar 2014 18:14:26 +0100 Subject: sd-login: add calls that retrieve credentials of peers connected to AF_UNIX peers This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC, except for cgroup information. --- src/login/sd-login.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++--- src/login/test-login.c | 7 ++++ 2 files changed, 93 insertions(+), 5 deletions(-) (limited to 'src/login') diff --git a/src/login/sd-login.c b/src/login/sd-login.c index 4ad250eb37..d24b2ed1fd 100644 --- a/src/login/sd-login.c +++ b/src/login/sd-login.c @@ -81,8 +81,93 @@ _public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) { return cg_pid_get_owner_uid(pid, uid); } +_public_ int sd_peer_get_session(int fd, char **session) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(session, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_session(ucred.pid, session); +} + +_public_ int sd_peer_get_owner_uid(int fd, uid_t *uid) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(uid, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_owner_uid(ucred.pid, uid); +} + +_public_ int sd_peer_get_unit(int fd, char **unit) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(unit, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_unit(ucred.pid, unit); +} + +_public_ int sd_peer_get_user_unit(int fd, char **unit) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(unit, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_user_unit(ucred.pid, unit); +} + +_public_ int sd_peer_get_machine_name(int fd, char **machine) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(machine, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_machine_name(ucred.pid, machine); +} + +_public_ int sd_peer_get_slice(int fd, char **slice) { + struct ucred ucred; + int r; + + assert_return(fd >= 0, -EINVAL); + assert_return(slice, -EINVAL); + + r = getpeercred(fd, &ucred); + if (r < 0) + return r; + + return cg_pid_get_slice(ucred.pid, slice); +} + _public_ int sd_uid_get_state(uid_t uid, char**state) { - char *p, *s = NULL; + _cleanup_free_ char *p = NULL; + char *s = NULL; int r; assert_return(state, -EINVAL); @@ -91,16 +176,12 @@ _public_ int sd_uid_get_state(uid_t uid, char**state) { return -ENOMEM; r = parse_env_file(p, NEWLINE, "STATE", &s, NULL); - free(p); - if (r == -ENOENT) { free(s); s = strdup("offline"); if (!s) return -ENOMEM; - *state = s; - return 0; } else if (r < 0) { free(s); return r; diff --git a/src/login/test-login.c b/src/login/test-login.c index d78cea46af..2ab083bb71 100644 --- a/src/login/test-login.c +++ b/src/login/test-login.c @@ -28,6 +28,8 @@ #include "strv.h" static void test_login(void) { + _cleanup_close_pipe_ int pair[2] = { -1, -1 }; + _cleanup_free_ char *pp = NULL, *qq = NULL; int r, k; uid_t u, u2; char *seat, *type, *class, *display, *remote_user, *remote_host; @@ -47,6 +49,11 @@ static void test_login(void) { assert_se(sd_pid_get_owner_uid(0, &u2) == 0); printf("user = %lu\n", (unsigned long) u2); + assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0); + sd_peer_get_session(pair[0], &pp); + sd_peer_get_session(pair[1], &qq); + assert_se(streq_ptr(pp, qq)); + r = sd_uid_get_sessions(u2, false, &sessions); assert_se(r >= 0); assert_se(r == (int) strv_length(sessions)); -- cgit v1.2.3-54-g00ecf