1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include <linux/capability.h>
6 #include "alloc-util.h"
7 #include "audit-util.h"
10 #include "bus-message.h"
12 #include "capability-util.h"
13 #include "cgroup-util.h"
16 #include "format-util.h"
17 #include "hexdecoct.h"
18 #include "parse-util.h"
19 #include "process-util.h"
20 #include "string-util.h"
22 #include "terminal-util.h"
23 #include "user-util.h"
27 CAP_OFFSET_INHERITABLE
= 0,
28 CAP_OFFSET_PERMITTED
= 1,
29 CAP_OFFSET_EFFECTIVE
= 2,
30 CAP_OFFSET_BOUNDING
= 3
33 void bus_creds_done(sd_bus_creds
*c
) {
36 /* For internal bus cred structures that are allocated by
44 free(c
->unescaped_description
);
45 free(c
->supplementary_gids
);
48 free(c
->well_known_names
); /* note that this is an strv, but
49 * we only free the array, not the
50 * strings the array points to. The
51 * full strv we only free if
52 * c->allocated is set, see
55 strv_free(c
->cmdline_array
);
58 _public_ sd_bus_creds
*sd_bus_creds_ref(sd_bus_creds
*c
) {
69 /* If this is an embedded creds structure, then
70 * forward ref counting to the message */
71 m
= container_of(c
, sd_bus_message
, creds
);
72 sd_bus_message_ref(m
);
78 _public_ sd_bus_creds
*sd_bus_creds_unref(sd_bus_creds
*c
) {
99 c
->supplementary_gids
= mfree(c
->supplementary_gids
);
101 c
->well_known_names
= strv_free(c
->well_known_names
);
110 m
= container_of(c
, sd_bus_message
, creds
);
111 sd_bus_message_unref(m
);
117 _public_
uint64_t sd_bus_creds_get_mask(const sd_bus_creds
*c
) {
123 _public_
uint64_t sd_bus_creds_get_augmented_mask(const sd_bus_creds
*c
) {
129 sd_bus_creds
* bus_creds_new(void) {
132 c
= new0(sd_bus_creds
, 1);
141 _public_
int sd_bus_creds_new_from_pid(sd_bus_creds
**ret
, pid_t pid
, uint64_t mask
) {
145 assert_return(pid
>= 0, -EINVAL
);
146 assert_return(mask
<= _SD_BUS_CREDS_ALL
, -EOPNOTSUPP
);
147 assert_return(ret
, -EINVAL
);
150 pid
= getpid_cached();
156 r
= bus_creds_add_more(c
, mask
| SD_BUS_CREDS_AUGMENT
, pid
, 0);
158 sd_bus_creds_unref(c
);
162 /* Check if the process existed at all, in case we haven't
163 * figured that out already */
164 if (!pid_is_alive(pid
)) {
165 sd_bus_creds_unref(c
);
173 _public_
int sd_bus_creds_get_uid(sd_bus_creds
*c
, uid_t
*uid
) {
174 assert_return(c
, -EINVAL
);
175 assert_return(uid
, -EINVAL
);
177 if (!(c
->mask
& SD_BUS_CREDS_UID
))
184 _public_
int sd_bus_creds_get_euid(sd_bus_creds
*c
, uid_t
*euid
) {
185 assert_return(c
, -EINVAL
);
186 assert_return(euid
, -EINVAL
);
188 if (!(c
->mask
& SD_BUS_CREDS_EUID
))
195 _public_
int sd_bus_creds_get_suid(sd_bus_creds
*c
, uid_t
*suid
) {
196 assert_return(c
, -EINVAL
);
197 assert_return(suid
, -EINVAL
);
199 if (!(c
->mask
& SD_BUS_CREDS_SUID
))
206 _public_
int sd_bus_creds_get_fsuid(sd_bus_creds
*c
, uid_t
*fsuid
) {
207 assert_return(c
, -EINVAL
);
208 assert_return(fsuid
, -EINVAL
);
210 if (!(c
->mask
& SD_BUS_CREDS_FSUID
))
217 _public_
int sd_bus_creds_get_gid(sd_bus_creds
*c
, gid_t
*gid
) {
218 assert_return(c
, -EINVAL
);
219 assert_return(gid
, -EINVAL
);
221 if (!(c
->mask
& SD_BUS_CREDS_GID
))
228 _public_
int sd_bus_creds_get_egid(sd_bus_creds
*c
, gid_t
*egid
) {
229 assert_return(c
, -EINVAL
);
230 assert_return(egid
, -EINVAL
);
232 if (!(c
->mask
& SD_BUS_CREDS_EGID
))
239 _public_
int sd_bus_creds_get_sgid(sd_bus_creds
*c
, gid_t
*sgid
) {
240 assert_return(c
, -EINVAL
);
241 assert_return(sgid
, -EINVAL
);
243 if (!(c
->mask
& SD_BUS_CREDS_SGID
))
250 _public_
int sd_bus_creds_get_fsgid(sd_bus_creds
*c
, gid_t
*fsgid
) {
251 assert_return(c
, -EINVAL
);
252 assert_return(fsgid
, -EINVAL
);
254 if (!(c
->mask
& SD_BUS_CREDS_FSGID
))
261 _public_
int sd_bus_creds_get_supplementary_gids(sd_bus_creds
*c
, const gid_t
**gids
) {
262 assert_return(c
, -EINVAL
);
263 assert_return(gids
, -EINVAL
);
265 if (!(c
->mask
& SD_BUS_CREDS_SUPPLEMENTARY_GIDS
))
268 *gids
= c
->supplementary_gids
;
269 return (int) c
->n_supplementary_gids
;
272 _public_
int sd_bus_creds_get_pid(sd_bus_creds
*c
, pid_t
*pid
) {
273 assert_return(c
, -EINVAL
);
274 assert_return(pid
, -EINVAL
);
276 if (!(c
->mask
& SD_BUS_CREDS_PID
))
284 _public_
int sd_bus_creds_get_ppid(sd_bus_creds
*c
, pid_t
*ppid
) {
285 assert_return(c
, -EINVAL
);
286 assert_return(ppid
, -EINVAL
);
288 if (!(c
->mask
& SD_BUS_CREDS_PPID
))
291 /* PID 1 has no parent process. Let's distinguish the case of
292 * not knowing and not having a parent process by the returned
301 _public_
int sd_bus_creds_get_tid(sd_bus_creds
*c
, pid_t
*tid
) {
302 assert_return(c
, -EINVAL
);
303 assert_return(tid
, -EINVAL
);
305 if (!(c
->mask
& SD_BUS_CREDS_TID
))
313 _public_
int sd_bus_creds_get_selinux_context(sd_bus_creds
*c
, const char **ret
) {
314 assert_return(c
, -EINVAL
);
316 if (!(c
->mask
& SD_BUS_CREDS_SELINUX_CONTEXT
))
324 _public_
int sd_bus_creds_get_comm(sd_bus_creds
*c
, const char **ret
) {
325 assert_return(c
, -EINVAL
);
326 assert_return(ret
, -EINVAL
);
328 if (!(c
->mask
& SD_BUS_CREDS_COMM
))
336 _public_
int sd_bus_creds_get_tid_comm(sd_bus_creds
*c
, const char **ret
) {
337 assert_return(c
, -EINVAL
);
338 assert_return(ret
, -EINVAL
);
340 if (!(c
->mask
& SD_BUS_CREDS_TID_COMM
))
348 _public_
int sd_bus_creds_get_exe(sd_bus_creds
*c
, const char **ret
) {
349 assert_return(c
, -EINVAL
);
350 assert_return(ret
, -EINVAL
);
352 if (!(c
->mask
& SD_BUS_CREDS_EXE
))
362 _public_
int sd_bus_creds_get_cgroup(sd_bus_creds
*c
, const char **ret
) {
363 assert_return(c
, -EINVAL
);
364 assert_return(ret
, -EINVAL
);
366 if (!(c
->mask
& SD_BUS_CREDS_CGROUP
))
374 _public_
int sd_bus_creds_get_unit(sd_bus_creds
*c
, const char **ret
) {
377 assert_return(c
, -EINVAL
);
378 assert_return(ret
, -EINVAL
);
380 if (!(c
->mask
& SD_BUS_CREDS_UNIT
))
388 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
392 r
= cg_path_get_unit(shifted
, (char**) &c
->unit
);
401 _public_
int sd_bus_creds_get_user_unit(sd_bus_creds
*c
, const char **ret
) {
404 assert_return(c
, -EINVAL
);
405 assert_return(ret
, -EINVAL
);
407 if (!(c
->mask
& SD_BUS_CREDS_USER_UNIT
))
415 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
419 r
= cg_path_get_user_unit(shifted
, (char**) &c
->user_unit
);
428 _public_
int sd_bus_creds_get_slice(sd_bus_creds
*c
, const char **ret
) {
431 assert_return(c
, -EINVAL
);
432 assert_return(ret
, -EINVAL
);
434 if (!(c
->mask
& SD_BUS_CREDS_SLICE
))
442 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
446 r
= cg_path_get_slice(shifted
, (char**) &c
->slice
);
455 _public_
int sd_bus_creds_get_user_slice(sd_bus_creds
*c
, const char **ret
) {
458 assert_return(c
, -EINVAL
);
459 assert_return(ret
, -EINVAL
);
461 if (!(c
->mask
& SD_BUS_CREDS_USER_SLICE
))
466 if (!c
->user_slice
) {
469 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
473 r
= cg_path_get_user_slice(shifted
, (char**) &c
->user_slice
);
478 *ret
= c
->user_slice
;
482 _public_
int sd_bus_creds_get_session(sd_bus_creds
*c
, const char **ret
) {
485 assert_return(c
, -EINVAL
);
486 assert_return(ret
, -EINVAL
);
488 if (!(c
->mask
& SD_BUS_CREDS_SESSION
))
496 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
500 r
= cg_path_get_session(shifted
, (char**) &c
->session
);
509 _public_
int sd_bus_creds_get_owner_uid(sd_bus_creds
*c
, uid_t
*uid
) {
513 assert_return(c
, -EINVAL
);
514 assert_return(uid
, -EINVAL
);
516 if (!(c
->mask
& SD_BUS_CREDS_OWNER_UID
))
521 r
= cg_shift_path(c
->cgroup
, c
->cgroup_root
, &shifted
);
525 return cg_path_get_owner_uid(shifted
, uid
);
528 _public_
int sd_bus_creds_get_cmdline(sd_bus_creds
*c
, char ***cmdline
) {
529 assert_return(c
, -EINVAL
);
531 if (!(c
->mask
& SD_BUS_CREDS_CMDLINE
))
537 if (!c
->cmdline_array
) {
538 c
->cmdline_array
= strv_parse_nulstr(c
->cmdline
, c
->cmdline_size
);
539 if (!c
->cmdline_array
)
543 *cmdline
= c
->cmdline_array
;
547 _public_
int sd_bus_creds_get_audit_session_id(sd_bus_creds
*c
, uint32_t *sessionid
) {
548 assert_return(c
, -EINVAL
);
549 assert_return(sessionid
, -EINVAL
);
551 if (!(c
->mask
& SD_BUS_CREDS_AUDIT_SESSION_ID
))
554 if (!audit_session_is_valid(c
->audit_session_id
))
557 *sessionid
= c
->audit_session_id
;
561 _public_
int sd_bus_creds_get_audit_login_uid(sd_bus_creds
*c
, uid_t
*uid
) {
562 assert_return(c
, -EINVAL
);
563 assert_return(uid
, -EINVAL
);
565 if (!(c
->mask
& SD_BUS_CREDS_AUDIT_LOGIN_UID
))
568 if (!uid_is_valid(c
->audit_login_uid
))
571 *uid
= c
->audit_login_uid
;
575 _public_
int sd_bus_creds_get_tty(sd_bus_creds
*c
, const char **ret
) {
576 assert_return(c
, -EINVAL
);
577 assert_return(ret
, -EINVAL
);
579 if (!(c
->mask
& SD_BUS_CREDS_TTY
))
589 _public_
int sd_bus_creds_get_unique_name(sd_bus_creds
*c
, const char **unique_name
) {
590 assert_return(c
, -EINVAL
);
591 assert_return(unique_name
, -EINVAL
);
593 if (!(c
->mask
& SD_BUS_CREDS_UNIQUE_NAME
))
596 *unique_name
= c
->unique_name
;
600 _public_
int sd_bus_creds_get_well_known_names(sd_bus_creds
*c
, char ***well_known_names
) {
601 assert_return(c
, -EINVAL
);
602 assert_return(well_known_names
, -EINVAL
);
604 if (!(c
->mask
& SD_BUS_CREDS_WELL_KNOWN_NAMES
))
607 /* As a special hack we return the bus driver as well-known
608 * names list when this is requested. */
609 if (c
->well_known_names_driver
) {
610 static const char* const wkn
[] = {
611 "org.freedesktop.DBus",
615 *well_known_names
= (char**) wkn
;
619 if (c
->well_known_names_local
) {
620 static const char* const wkn
[] = {
621 "org.freedesktop.DBus.Local",
625 *well_known_names
= (char**) wkn
;
629 *well_known_names
= c
->well_known_names
;
633 _public_
int sd_bus_creds_get_description(sd_bus_creds
*c
, const char **ret
) {
634 assert_return(c
, -EINVAL
);
635 assert_return(ret
, -EINVAL
);
637 if (!(c
->mask
& SD_BUS_CREDS_DESCRIPTION
))
640 assert(c
->description
);
642 if (!c
->unescaped_description
) {
643 c
->unescaped_description
= bus_label_unescape(c
->description
);
644 if (!c
->unescaped_description
)
648 *ret
= c
->unescaped_description
;
652 static int has_cap(sd_bus_creds
*c
, unsigned offset
, int capability
) {
656 assert(capability
>= 0);
657 assert(c
->capability
);
659 if ((unsigned) capability
> cap_last_cap())
662 sz
= DIV_ROUND_UP(cap_last_cap(), 32U);
664 return !!(c
->capability
[offset
* sz
+ CAP_TO_INDEX(capability
)] & CAP_TO_MASK(capability
));
667 _public_
int sd_bus_creds_has_effective_cap(sd_bus_creds
*c
, int capability
) {
668 assert_return(c
, -EINVAL
);
669 assert_return(capability
>= 0, -EINVAL
);
671 if (!(c
->mask
& SD_BUS_CREDS_EFFECTIVE_CAPS
))
674 return has_cap(c
, CAP_OFFSET_EFFECTIVE
, capability
);
677 _public_
int sd_bus_creds_has_permitted_cap(sd_bus_creds
*c
, int capability
) {
678 assert_return(c
, -EINVAL
);
679 assert_return(capability
>= 0, -EINVAL
);
681 if (!(c
->mask
& SD_BUS_CREDS_PERMITTED_CAPS
))
684 return has_cap(c
, CAP_OFFSET_PERMITTED
, capability
);
687 _public_
int sd_bus_creds_has_inheritable_cap(sd_bus_creds
*c
, int capability
) {
688 assert_return(c
, -EINVAL
);
689 assert_return(capability
>= 0, -EINVAL
);
691 if (!(c
->mask
& SD_BUS_CREDS_INHERITABLE_CAPS
))
694 return has_cap(c
, CAP_OFFSET_INHERITABLE
, capability
);
697 _public_
int sd_bus_creds_has_bounding_cap(sd_bus_creds
*c
, int capability
) {
698 assert_return(c
, -EINVAL
);
699 assert_return(capability
>= 0, -EINVAL
);
701 if (!(c
->mask
& SD_BUS_CREDS_BOUNDING_CAPS
))
704 return has_cap(c
, CAP_OFFSET_BOUNDING
, capability
);
707 static int parse_caps(sd_bus_creds
*c
, unsigned offset
, const char *p
) {
714 max
= DIV_ROUND_UP(cap_last_cap(), 32U);
715 p
+= strspn(p
, WHITESPACE
);
725 if (!c
->capability
) {
726 c
->capability
= new0(uint32_t, max
* 4);
731 for (i
= 0; i
< sz
; i
++) {
734 for (j
= 0; j
< 8; ++j
) {
744 c
->capability
[offset
* max
+ (sz
- i
- 1)] = v
;
750 int bus_creds_add_more(sd_bus_creds
*c
, uint64_t mask
, pid_t pid
, pid_t tid
) {
755 assert(c
->allocated
);
757 if (!(mask
& SD_BUS_CREDS_AUGMENT
))
760 /* Try to retrieve PID from creds if it wasn't passed to us */
763 c
->mask
|= SD_BUS_CREDS_PID
;
764 } else if (c
->mask
& SD_BUS_CREDS_PID
)
767 /* Without pid we cannot do much... */
770 /* Try to retrieve TID from creds if it wasn't passed to us */
771 if (tid
<= 0 && (c
->mask
& SD_BUS_CREDS_TID
))
774 /* Calculate what we shall and can add */
775 missing
= mask
& ~(c
->mask
|SD_BUS_CREDS_PID
|SD_BUS_CREDS_TID
|SD_BUS_CREDS_UNIQUE_NAME
|SD_BUS_CREDS_WELL_KNOWN_NAMES
|SD_BUS_CREDS_DESCRIPTION
|SD_BUS_CREDS_AUGMENT
);
781 c
->mask
|= SD_BUS_CREDS_TID
;
784 if (missing
& (SD_BUS_CREDS_PPID
|
785 SD_BUS_CREDS_UID
| SD_BUS_CREDS_EUID
| SD_BUS_CREDS_SUID
| SD_BUS_CREDS_FSUID
|
786 SD_BUS_CREDS_GID
| SD_BUS_CREDS_EGID
| SD_BUS_CREDS_SGID
| SD_BUS_CREDS_FSGID
|
787 SD_BUS_CREDS_SUPPLEMENTARY_GIDS
|
788 SD_BUS_CREDS_EFFECTIVE_CAPS
| SD_BUS_CREDS_INHERITABLE_CAPS
|
789 SD_BUS_CREDS_PERMITTED_CAPS
| SD_BUS_CREDS_BOUNDING_CAPS
)) {
791 _cleanup_fclose_
FILE *f
= NULL
;
794 p
= procfs_file_alloca(pid
, "status");
800 else if (!IN_SET(errno
, EPERM
, EACCES
))
805 FOREACH_LINE(line
, f
, return -errno
) {
808 if (missing
& SD_BUS_CREDS_PPID
) {
809 p
= startswith(line
, "PPid:");
811 p
+= strspn(p
, WHITESPACE
);
813 /* Explicitly check for PPID 0 (which is the case for PID 1) */
814 if (!streq(p
, "0")) {
815 r
= parse_pid(p
, &c
->ppid
);
822 c
->mask
|= SD_BUS_CREDS_PPID
;
827 if (missing
& (SD_BUS_CREDS_UID
|SD_BUS_CREDS_EUID
|SD_BUS_CREDS_SUID
|SD_BUS_CREDS_FSUID
)) {
828 p
= startswith(line
, "Uid:");
830 unsigned long uid
, euid
, suid
, fsuid
;
832 p
+= strspn(p
, WHITESPACE
);
833 if (sscanf(p
, "%lu %lu %lu %lu", &uid
, &euid
, &suid
, &fsuid
) != 4)
836 if (missing
& SD_BUS_CREDS_UID
)
837 c
->uid
= (uid_t
) uid
;
838 if (missing
& SD_BUS_CREDS_EUID
)
839 c
->euid
= (uid_t
) euid
;
840 if (missing
& SD_BUS_CREDS_SUID
)
841 c
->suid
= (uid_t
) suid
;
842 if (missing
& SD_BUS_CREDS_FSUID
)
843 c
->fsuid
= (uid_t
) fsuid
;
845 c
->mask
|= missing
& (SD_BUS_CREDS_UID
|SD_BUS_CREDS_EUID
|SD_BUS_CREDS_SUID
|SD_BUS_CREDS_FSUID
);
850 if (missing
& (SD_BUS_CREDS_GID
|SD_BUS_CREDS_EGID
|SD_BUS_CREDS_SGID
|SD_BUS_CREDS_FSGID
)) {
851 p
= startswith(line
, "Gid:");
853 unsigned long gid
, egid
, sgid
, fsgid
;
855 p
+= strspn(p
, WHITESPACE
);
856 if (sscanf(p
, "%lu %lu %lu %lu", &gid
, &egid
, &sgid
, &fsgid
) != 4)
859 if (missing
& SD_BUS_CREDS_GID
)
860 c
->gid
= (gid_t
) gid
;
861 if (missing
& SD_BUS_CREDS_EGID
)
862 c
->egid
= (gid_t
) egid
;
863 if (missing
& SD_BUS_CREDS_SGID
)
864 c
->sgid
= (gid_t
) sgid
;
865 if (missing
& SD_BUS_CREDS_FSGID
)
866 c
->fsgid
= (gid_t
) fsgid
;
868 c
->mask
|= missing
& (SD_BUS_CREDS_GID
|SD_BUS_CREDS_EGID
|SD_BUS_CREDS_SGID
|SD_BUS_CREDS_FSGID
);
873 if (missing
& SD_BUS_CREDS_SUPPLEMENTARY_GIDS
) {
874 p
= startswith(line
, "Groups:");
876 size_t allocated
= 0;
882 p
+= strspn(p
, WHITESPACE
);
886 if (sscanf(p
, "%lu%n", &g
, &n
) != 1)
889 if (!GREEDY_REALLOC(c
->supplementary_gids
, allocated
, c
->n_supplementary_gids
+1))
892 c
->supplementary_gids
[c
->n_supplementary_gids
++] = (gid_t
) g
;
896 c
->mask
|= SD_BUS_CREDS_SUPPLEMENTARY_GIDS
;
901 if (missing
& SD_BUS_CREDS_EFFECTIVE_CAPS
) {
902 p
= startswith(line
, "CapEff:");
904 r
= parse_caps(c
, CAP_OFFSET_EFFECTIVE
, p
);
908 c
->mask
|= SD_BUS_CREDS_EFFECTIVE_CAPS
;
913 if (missing
& SD_BUS_CREDS_PERMITTED_CAPS
) {
914 p
= startswith(line
, "CapPrm:");
916 r
= parse_caps(c
, CAP_OFFSET_PERMITTED
, p
);
920 c
->mask
|= SD_BUS_CREDS_PERMITTED_CAPS
;
925 if (missing
& SD_BUS_CREDS_INHERITABLE_CAPS
) {
926 p
= startswith(line
, "CapInh:");
928 r
= parse_caps(c
, CAP_OFFSET_INHERITABLE
, p
);
932 c
->mask
|= SD_BUS_CREDS_INHERITABLE_CAPS
;
937 if (missing
& SD_BUS_CREDS_BOUNDING_CAPS
) {
938 p
= startswith(line
, "CapBnd:");
940 r
= parse_caps(c
, CAP_OFFSET_BOUNDING
, p
);
944 c
->mask
|= SD_BUS_CREDS_BOUNDING_CAPS
;
952 if (missing
& SD_BUS_CREDS_SELINUX_CONTEXT
) {
955 p
= procfs_file_alloca(pid
, "attr/current");
956 r
= read_one_line_file(p
, &c
->label
);
958 if (!IN_SET(r
, -ENOENT
, -EINVAL
, -EPERM
, -EACCES
))
961 c
->mask
|= SD_BUS_CREDS_SELINUX_CONTEXT
;
964 if (missing
& SD_BUS_CREDS_COMM
) {
965 r
= get_process_comm(pid
, &c
->comm
);
967 if (!IN_SET(r
, -EPERM
, -EACCES
))
970 c
->mask
|= SD_BUS_CREDS_COMM
;
973 if (missing
& SD_BUS_CREDS_EXE
) {
974 r
= get_process_exe(pid
, &c
->exe
);
976 /* Unfortunately we cannot really distinguish
977 * the case here where the process does not
978 * exist, and /proc/$PID/exe being unreadable
979 * because $PID is a kernel thread. Hence,
980 * assume it is a kernel thread, and rely on
981 * that this case is caught with a later
984 c
->mask
|= SD_BUS_CREDS_EXE
;
986 if (!IN_SET(r
, -EPERM
, -EACCES
))
989 c
->mask
|= SD_BUS_CREDS_EXE
;
992 if (missing
& SD_BUS_CREDS_CMDLINE
) {
995 p
= procfs_file_alloca(pid
, "cmdline");
996 r
= read_full_file(p
, &c
->cmdline
, &c
->cmdline_size
);
1000 if (!IN_SET(r
, -EPERM
, -EACCES
))
1003 if (c
->cmdline_size
== 0)
1004 c
->cmdline
= mfree(c
->cmdline
);
1006 c
->mask
|= SD_BUS_CREDS_CMDLINE
;
1010 if (tid
> 0 && (missing
& SD_BUS_CREDS_TID_COMM
)) {
1011 _cleanup_free_
char *p
= NULL
;
1013 if (asprintf(&p
, "/proc/"PID_FMT
"/task/"PID_FMT
"/comm", pid
, tid
) < 0)
1016 r
= read_one_line_file(p
, &c
->tid_comm
);
1020 if (!IN_SET(r
, -EPERM
, -EACCES
))
1023 c
->mask
|= SD_BUS_CREDS_TID_COMM
;
1026 if (missing
& (SD_BUS_CREDS_CGROUP
|SD_BUS_CREDS_UNIT
|SD_BUS_CREDS_USER_UNIT
|SD_BUS_CREDS_SLICE
|SD_BUS_CREDS_USER_SLICE
|SD_BUS_CREDS_SESSION
|SD_BUS_CREDS_OWNER_UID
)) {
1029 r
= cg_pid_get_path(NULL
, pid
, &c
->cgroup
);
1031 if (!IN_SET(r
, -EPERM
, -EACCES
))
1036 if (!c
->cgroup_root
) {
1037 r
= cg_get_root_path(&c
->cgroup_root
);
1043 c
->mask
|= missing
& (SD_BUS_CREDS_CGROUP
|SD_BUS_CREDS_UNIT
|SD_BUS_CREDS_USER_UNIT
|SD_BUS_CREDS_SLICE
|SD_BUS_CREDS_USER_SLICE
|SD_BUS_CREDS_SESSION
|SD_BUS_CREDS_OWNER_UID
);
1046 if (missing
& SD_BUS_CREDS_AUDIT_SESSION_ID
) {
1047 r
= audit_session_from_pid(pid
, &c
->audit_session_id
);
1048 if (r
== -ENODATA
) {
1049 /* ENODATA means: no audit session id assigned */
1050 c
->audit_session_id
= AUDIT_SESSION_INVALID
;
1051 c
->mask
|= SD_BUS_CREDS_AUDIT_SESSION_ID
;
1053 if (!IN_SET(r
, -EOPNOTSUPP
, -ENOENT
, -EPERM
, -EACCES
))
1056 c
->mask
|= SD_BUS_CREDS_AUDIT_SESSION_ID
;
1059 if (missing
& SD_BUS_CREDS_AUDIT_LOGIN_UID
) {
1060 r
= audit_loginuid_from_pid(pid
, &c
->audit_login_uid
);
1061 if (r
== -ENODATA
) {
1062 /* ENODATA means: no audit login uid assigned */
1063 c
->audit_login_uid
= UID_INVALID
;
1064 c
->mask
|= SD_BUS_CREDS_AUDIT_LOGIN_UID
;
1066 if (!IN_SET(r
, -EOPNOTSUPP
, -ENOENT
, -EPERM
, -EACCES
))
1069 c
->mask
|= SD_BUS_CREDS_AUDIT_LOGIN_UID
;
1072 if (missing
& SD_BUS_CREDS_TTY
) {
1073 r
= get_ctty(pid
, NULL
, &c
->tty
);
1075 /* ENXIO means: process has no controlling TTY */
1077 c
->mask
|= SD_BUS_CREDS_TTY
;
1079 if (!IN_SET(r
, -EPERM
, -EACCES
, -ENOENT
))
1082 c
->mask
|= SD_BUS_CREDS_TTY
;
1085 /* In case only the exe path was to be read we cannot
1086 * distinguish the case where the exe path was unreadable
1087 * because the process was a kernel thread, or when the
1088 * process didn't exist at all. Hence, let's do a final check,
1090 if (!pid_is_alive(pid
))
1093 if (tid
> 0 && tid
!= pid
&& !pid_is_unwaited(tid
))
1096 c
->augmented
= missing
& c
->mask
;
1101 int bus_creds_extend_by_pid(sd_bus_creds
*c
, uint64_t mask
, sd_bus_creds
**ret
) {
1102 _cleanup_(sd_bus_creds_unrefp
) sd_bus_creds
*n
= NULL
;
1108 if ((mask
& ~c
->mask
) == 0 || (!(mask
& SD_BUS_CREDS_AUGMENT
))) {
1109 /* There's already all data we need, or augmentation
1110 * wasn't turned on. */
1112 *ret
= sd_bus_creds_ref(c
);
1116 n
= bus_creds_new();
1120 /* Copy the original data over */
1122 if (c
->mask
& mask
& SD_BUS_CREDS_PID
) {
1124 n
->mask
|= SD_BUS_CREDS_PID
;
1127 if (c
->mask
& mask
& SD_BUS_CREDS_TID
) {
1129 n
->mask
|= SD_BUS_CREDS_TID
;
1132 if (c
->mask
& mask
& SD_BUS_CREDS_PPID
) {
1134 n
->mask
|= SD_BUS_CREDS_PPID
;
1137 if (c
->mask
& mask
& SD_BUS_CREDS_UID
) {
1139 n
->mask
|= SD_BUS_CREDS_UID
;
1142 if (c
->mask
& mask
& SD_BUS_CREDS_EUID
) {
1144 n
->mask
|= SD_BUS_CREDS_EUID
;
1147 if (c
->mask
& mask
& SD_BUS_CREDS_SUID
) {
1149 n
->mask
|= SD_BUS_CREDS_SUID
;
1152 if (c
->mask
& mask
& SD_BUS_CREDS_FSUID
) {
1153 n
->fsuid
= c
->fsuid
;
1154 n
->mask
|= SD_BUS_CREDS_FSUID
;
1157 if (c
->mask
& mask
& SD_BUS_CREDS_GID
) {
1159 n
->mask
|= SD_BUS_CREDS_GID
;
1162 if (c
->mask
& mask
& SD_BUS_CREDS_EGID
) {
1164 n
->mask
|= SD_BUS_CREDS_EGID
;
1167 if (c
->mask
& mask
& SD_BUS_CREDS_SGID
) {
1169 n
->mask
|= SD_BUS_CREDS_SGID
;
1172 if (c
->mask
& mask
& SD_BUS_CREDS_FSGID
) {
1173 n
->fsgid
= c
->fsgid
;
1174 n
->mask
|= SD_BUS_CREDS_FSGID
;
1177 if (c
->mask
& mask
& SD_BUS_CREDS_SUPPLEMENTARY_GIDS
) {
1178 if (c
->supplementary_gids
) {
1179 n
->supplementary_gids
= newdup(gid_t
, c
->supplementary_gids
, c
->n_supplementary_gids
);
1180 if (!n
->supplementary_gids
)
1182 n
->n_supplementary_gids
= c
->n_supplementary_gids
;
1184 n
->supplementary_gids
= NULL
;
1185 n
->n_supplementary_gids
= 0;
1188 n
->mask
|= SD_BUS_CREDS_SUPPLEMENTARY_GIDS
;
1191 if (c
->mask
& mask
& SD_BUS_CREDS_COMM
) {
1194 n
->comm
= strdup(c
->comm
);
1198 n
->mask
|= SD_BUS_CREDS_COMM
;
1201 if (c
->mask
& mask
& SD_BUS_CREDS_TID_COMM
) {
1202 assert(c
->tid_comm
);
1204 n
->tid_comm
= strdup(c
->tid_comm
);
1208 n
->mask
|= SD_BUS_CREDS_TID_COMM
;
1211 if (c
->mask
& mask
& SD_BUS_CREDS_EXE
) {
1213 n
->exe
= strdup(c
->exe
);
1219 n
->mask
|= SD_BUS_CREDS_EXE
;
1222 if (c
->mask
& mask
& SD_BUS_CREDS_CMDLINE
) {
1224 n
->cmdline
= memdup(c
->cmdline
, c
->cmdline_size
);
1228 n
->cmdline_size
= c
->cmdline_size
;
1231 n
->cmdline_size
= 0;
1234 n
->mask
|= SD_BUS_CREDS_CMDLINE
;
1237 if (c
->mask
& mask
& (SD_BUS_CREDS_CGROUP
|SD_BUS_CREDS_SESSION
|SD_BUS_CREDS_UNIT
|SD_BUS_CREDS_USER_UNIT
|SD_BUS_CREDS_SLICE
|SD_BUS_CREDS_USER_SLICE
|SD_BUS_CREDS_OWNER_UID
)) {
1240 n
->cgroup
= strdup(c
->cgroup
);
1244 n
->cgroup_root
= strdup(c
->cgroup_root
);
1245 if (!n
->cgroup_root
)
1248 n
->mask
|= mask
& (SD_BUS_CREDS_CGROUP
|SD_BUS_CREDS_SESSION
|SD_BUS_CREDS_UNIT
|SD_BUS_CREDS_USER_UNIT
|SD_BUS_CREDS_SLICE
|SD_BUS_CREDS_USER_SLICE
|SD_BUS_CREDS_OWNER_UID
);
1251 if (c
->mask
& mask
& (SD_BUS_CREDS_EFFECTIVE_CAPS
|SD_BUS_CREDS_PERMITTED_CAPS
|SD_BUS_CREDS_INHERITABLE_CAPS
|SD_BUS_CREDS_BOUNDING_CAPS
)) {
1252 assert(c
->capability
);
1254 n
->capability
= memdup(c
->capability
, DIV_ROUND_UP(cap_last_cap(), 32U) * 4 * 4);
1258 n
->mask
|= c
->mask
& mask
& (SD_BUS_CREDS_EFFECTIVE_CAPS
|SD_BUS_CREDS_PERMITTED_CAPS
|SD_BUS_CREDS_INHERITABLE_CAPS
|SD_BUS_CREDS_BOUNDING_CAPS
);
1261 if (c
->mask
& mask
& SD_BUS_CREDS_SELINUX_CONTEXT
) {
1264 n
->label
= strdup(c
->label
);
1267 n
->mask
|= SD_BUS_CREDS_SELINUX_CONTEXT
;
1270 if (c
->mask
& mask
& SD_BUS_CREDS_AUDIT_SESSION_ID
) {
1271 n
->audit_session_id
= c
->audit_session_id
;
1272 n
->mask
|= SD_BUS_CREDS_AUDIT_SESSION_ID
;
1274 if (c
->mask
& mask
& SD_BUS_CREDS_AUDIT_LOGIN_UID
) {
1275 n
->audit_login_uid
= c
->audit_login_uid
;
1276 n
->mask
|= SD_BUS_CREDS_AUDIT_LOGIN_UID
;
1279 if (c
->mask
& mask
& SD_BUS_CREDS_TTY
) {
1281 n
->tty
= strdup(c
->tty
);
1286 n
->mask
|= SD_BUS_CREDS_TTY
;
1289 if (c
->mask
& mask
& SD_BUS_CREDS_UNIQUE_NAME
) {
1290 assert(c
->unique_name
);
1292 n
->unique_name
= strdup(c
->unique_name
);
1293 if (!n
->unique_name
)
1295 n
->mask
|= SD_BUS_CREDS_UNIQUE_NAME
;
1298 if (c
->mask
& mask
& SD_BUS_CREDS_WELL_KNOWN_NAMES
) {
1299 if (strv_isempty(c
->well_known_names
))
1300 n
->well_known_names
= NULL
;
1302 n
->well_known_names
= strv_copy(c
->well_known_names
);
1303 if (!n
->well_known_names
)
1306 n
->well_known_names_driver
= c
->well_known_names_driver
;
1307 n
->well_known_names_local
= c
->well_known_names_local
;
1308 n
->mask
|= SD_BUS_CREDS_WELL_KNOWN_NAMES
;
1311 if (c
->mask
& mask
& SD_BUS_CREDS_DESCRIPTION
) {
1312 assert(c
->description
);
1313 n
->description
= strdup(c
->description
);
1314 if (!n
->description
)
1316 n
->mask
|= SD_BUS_CREDS_DESCRIPTION
;
1319 n
->augmented
= c
->augmented
& n
->mask
;
1323 r
= bus_creds_add_more(n
, mask
, 0, 0);