1/*- 2 * Copyright (c) 2011 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Edward Tomasz Napierala under sponsorship 6 * from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 *
| 1/*- 2 * Copyright (c) 2011 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Edward Tomasz Napierala under sponsorship 6 * from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 *
|
29 * $FreeBSD: head/sys/kern/kern_loginclass.c 219304 2011-03-05 12:40:35Z trasz $
| 29 * $FreeBSD: head/sys/kern/kern_loginclass.c 220137 2011-03-29 17:47:25Z trasz $
|
30 */ 31 32/* 33 * Processes may set login class name using setloginclass(2). This 34 * is usually done through call to setusercontext(3), by programs 35 * such as login(1), based on information from master.passwd(5). Kernel 36 * uses this information to enforce per-class resource limits. Current 37 * login class can be determined using id(1). Login class is inherited 38 * from the parent process during fork(2). If not set, it defaults 39 * to "default". 40 * 41 * Code in this file implements setloginclass(2) and getloginclass(2) 42 * system calls, and maintains class name storage and retrieval. 43 */ 44 45#include <sys/cdefs.h>
| 30 */ 31 32/* 33 * Processes may set login class name using setloginclass(2). This 34 * is usually done through call to setusercontext(3), by programs 35 * such as login(1), based on information from master.passwd(5). Kernel 36 * uses this information to enforce per-class resource limits. Current 37 * login class can be determined using id(1). Login class is inherited 38 * from the parent process during fork(2). If not set, it defaults 39 * to "default". 40 * 41 * Code in this file implements setloginclass(2) and getloginclass(2) 42 * system calls, and maintains class name storage and retrieval. 43 */ 44 45#include <sys/cdefs.h>
|
46__FBSDID("$FreeBSD: head/sys/kern/kern_loginclass.c 219304 2011-03-05 12:40:35Z trasz $");
| 46__FBSDID("$FreeBSD: head/sys/kern/kern_loginclass.c 220137 2011-03-29 17:47:25Z trasz $");
|
47 48#include <sys/param.h> 49#include <sys/eventhandler.h> 50#include <sys/kernel.h> 51#include <sys/lock.h> 52#include <sys/loginclass.h> 53#include <sys/malloc.h> 54#include <sys/mutex.h> 55#include <sys/types.h> 56#include <sys/priv.h> 57#include <sys/proc.h> 58#include <sys/queue.h>
| 47 48#include <sys/param.h> 49#include <sys/eventhandler.h> 50#include <sys/kernel.h> 51#include <sys/lock.h> 52#include <sys/loginclass.h> 53#include <sys/malloc.h> 54#include <sys/mutex.h> 55#include <sys/types.h> 56#include <sys/priv.h> 57#include <sys/proc.h> 58#include <sys/queue.h>
|
| 59#include <sys/racct.h>
|
59#include <sys/refcount.h> 60#include <sys/sysproto.h> 61#include <sys/systm.h> 62 63static MALLOC_DEFINE(M_LOGINCLASS, "loginclass", "loginclass structures"); 64 65LIST_HEAD(, loginclass) loginclasses; 66 67/* 68 * Lock protecting loginclasses list. 69 */ 70static struct mtx loginclasses_lock; 71 72static void lc_init(void); 73SYSINIT(loginclass, SI_SUB_CPU, SI_ORDER_FIRST, lc_init, NULL); 74 75void 76loginclass_hold(struct loginclass *lc) 77{ 78 79 refcount_acquire(&lc->lc_refcount); 80} 81 82void 83loginclass_free(struct loginclass *lc) 84{ 85 int old; 86 87 old = lc->lc_refcount; 88 if (old > 1 && atomic_cmpset_int(&lc->lc_refcount, old, old - 1)) 89 return; 90 91 mtx_lock(&loginclasses_lock); 92 if (refcount_release(&lc->lc_refcount)) {
| 60#include <sys/refcount.h> 61#include <sys/sysproto.h> 62#include <sys/systm.h> 63 64static MALLOC_DEFINE(M_LOGINCLASS, "loginclass", "loginclass structures"); 65 66LIST_HEAD(, loginclass) loginclasses; 67 68/* 69 * Lock protecting loginclasses list. 70 */ 71static struct mtx loginclasses_lock; 72 73static void lc_init(void); 74SYSINIT(loginclass, SI_SUB_CPU, SI_ORDER_FIRST, lc_init, NULL); 75 76void 77loginclass_hold(struct loginclass *lc) 78{ 79 80 refcount_acquire(&lc->lc_refcount); 81} 82 83void 84loginclass_free(struct loginclass *lc) 85{ 86 int old; 87 88 old = lc->lc_refcount; 89 if (old > 1 && atomic_cmpset_int(&lc->lc_refcount, old, old - 1)) 90 return; 91 92 mtx_lock(&loginclasses_lock); 93 if (refcount_release(&lc->lc_refcount)) {
|
| 94 racct_destroy(&lc->lc_racct);
|
93 LIST_REMOVE(lc, lc_next); 94 mtx_unlock(&loginclasses_lock); 95 free(lc, M_LOGINCLASS); 96 97 return; 98 } 99 mtx_unlock(&loginclasses_lock); 100} 101 102/* 103 * Return loginclass structure with a corresponding name. Not 104 * performance critical, as it's used mainly by setloginclass(2), 105 * which happens once per login session. Caller has to use 106 * loginclass_free() on the returned value when it's no longer 107 * needed. 108 */ 109struct loginclass * 110loginclass_find(const char *name) 111{ 112 struct loginclass *lc, *newlc; 113 114 if (name[0] == '\0' || strlen(name) >= MAXLOGNAME) 115 return (NULL); 116 117 newlc = malloc(sizeof(*newlc), M_LOGINCLASS, M_ZERO | M_WAITOK);
| 95 LIST_REMOVE(lc, lc_next); 96 mtx_unlock(&loginclasses_lock); 97 free(lc, M_LOGINCLASS); 98 99 return; 100 } 101 mtx_unlock(&loginclasses_lock); 102} 103 104/* 105 * Return loginclass structure with a corresponding name. Not 106 * performance critical, as it's used mainly by setloginclass(2), 107 * which happens once per login session. Caller has to use 108 * loginclass_free() on the returned value when it's no longer 109 * needed. 110 */ 111struct loginclass * 112loginclass_find(const char *name) 113{ 114 struct loginclass *lc, *newlc; 115 116 if (name[0] == '\0' || strlen(name) >= MAXLOGNAME) 117 return (NULL); 118 119 newlc = malloc(sizeof(*newlc), M_LOGINCLASS, M_ZERO | M_WAITOK);
|
| 120 racct_create(&newlc->lc_racct);
|
118 119 mtx_lock(&loginclasses_lock); 120 LIST_FOREACH(lc, &loginclasses, lc_next) { 121 if (strcmp(name, lc->lc_name) != 0) 122 continue; 123 124 /* Found loginclass with a matching name? */ 125 loginclass_hold(lc); 126 mtx_unlock(&loginclasses_lock);
| 121 122 mtx_lock(&loginclasses_lock); 123 LIST_FOREACH(lc, &loginclasses, lc_next) { 124 if (strcmp(name, lc->lc_name) != 0) 125 continue; 126 127 /* Found loginclass with a matching name? */ 128 loginclass_hold(lc); 129 mtx_unlock(&loginclasses_lock);
|
| 130 racct_destroy(&newlc->lc_racct);
|
127 free(newlc, M_LOGINCLASS); 128 return (lc); 129 } 130 131 /* Add new loginclass. */ 132 strcpy(newlc->lc_name, name); 133 refcount_init(&newlc->lc_refcount, 1); 134 LIST_INSERT_HEAD(&loginclasses, newlc, lc_next); 135 mtx_unlock(&loginclasses_lock); 136 137 return (newlc); 138} 139 140/* 141 * Get login class name. 142 */ 143#ifndef _SYS_SYSPROTO_H_ 144struct getloginclass_args { 145 char *namebuf; 146 size_t namelen; 147}; 148#endif 149/* ARGSUSED */ 150int 151getloginclass(struct thread *td, struct getloginclass_args *uap) 152{ 153 int error = 0; 154 size_t lcnamelen; 155 struct proc *p; 156 struct loginclass *lc; 157 158 p = td->td_proc; 159 PROC_LOCK(p); 160 lc = p->p_ucred->cr_loginclass; 161 loginclass_hold(lc); 162 PROC_UNLOCK(p); 163 164 lcnamelen = strlen(lc->lc_name) + 1; 165 if (lcnamelen > uap->namelen) 166 error = ERANGE; 167 if (error == 0) 168 error = copyout(lc->lc_name, uap->namebuf, lcnamelen); 169 loginclass_free(lc); 170 return (error); 171} 172 173/* 174 * Set login class name. 175 */ 176#ifndef _SYS_SYSPROTO_H_ 177struct setloginclass_args { 178 const char *namebuf; 179}; 180#endif 181/* ARGSUSED */ 182int 183setloginclass(struct thread *td, struct setloginclass_args *uap) 184{ 185 struct proc *p = td->td_proc; 186 int error; 187 char lcname[MAXLOGNAME]; 188 struct loginclass *newlc; 189 struct ucred *newcred, *oldcred; 190 191 error = priv_check(td, PRIV_PROC_SETLOGINCLASS); 192 if (error != 0) 193 return (error); 194 error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL); 195 if (error != 0) 196 return (error); 197 198 newlc = loginclass_find(lcname); 199 if (newlc == NULL) 200 return (EINVAL); 201 newcred = crget(); 202 203 PROC_LOCK(p); 204 oldcred = crcopysafe(p, newcred); 205 newcred->cr_loginclass = newlc; 206 p->p_ucred = newcred; 207 PROC_UNLOCK(p);
| 131 free(newlc, M_LOGINCLASS); 132 return (lc); 133 } 134 135 /* Add new loginclass. */ 136 strcpy(newlc->lc_name, name); 137 refcount_init(&newlc->lc_refcount, 1); 138 LIST_INSERT_HEAD(&loginclasses, newlc, lc_next); 139 mtx_unlock(&loginclasses_lock); 140 141 return (newlc); 142} 143 144/* 145 * Get login class name. 146 */ 147#ifndef _SYS_SYSPROTO_H_ 148struct getloginclass_args { 149 char *namebuf; 150 size_t namelen; 151}; 152#endif 153/* ARGSUSED */ 154int 155getloginclass(struct thread *td, struct getloginclass_args *uap) 156{ 157 int error = 0; 158 size_t lcnamelen; 159 struct proc *p; 160 struct loginclass *lc; 161 162 p = td->td_proc; 163 PROC_LOCK(p); 164 lc = p->p_ucred->cr_loginclass; 165 loginclass_hold(lc); 166 PROC_UNLOCK(p); 167 168 lcnamelen = strlen(lc->lc_name) + 1; 169 if (lcnamelen > uap->namelen) 170 error = ERANGE; 171 if (error == 0) 172 error = copyout(lc->lc_name, uap->namebuf, lcnamelen); 173 loginclass_free(lc); 174 return (error); 175} 176 177/* 178 * Set login class name. 179 */ 180#ifndef _SYS_SYSPROTO_H_ 181struct setloginclass_args { 182 const char *namebuf; 183}; 184#endif 185/* ARGSUSED */ 186int 187setloginclass(struct thread *td, struct setloginclass_args *uap) 188{ 189 struct proc *p = td->td_proc; 190 int error; 191 char lcname[MAXLOGNAME]; 192 struct loginclass *newlc; 193 struct ucred *newcred, *oldcred; 194 195 error = priv_check(td, PRIV_PROC_SETLOGINCLASS); 196 if (error != 0) 197 return (error); 198 error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL); 199 if (error != 0) 200 return (error); 201 202 newlc = loginclass_find(lcname); 203 if (newlc == NULL) 204 return (EINVAL); 205 newcred = crget(); 206 207 PROC_LOCK(p); 208 oldcred = crcopysafe(p, newcred); 209 newcred->cr_loginclass = newlc; 210 p->p_ucred = newcred; 211 PROC_UNLOCK(p);
|
208
| 212#ifdef RACCT 213 racct_proc_ucred_changed(p, oldcred, newcred); 214#endif
|
209 loginclass_free(oldcred->cr_loginclass); 210 crfree(oldcred); 211 212 return (0); 213} 214
| 215 loginclass_free(oldcred->cr_loginclass); 216 crfree(oldcred); 217 218 return (0); 219} 220
|
| 221void 222loginclass_racct_foreach(void (*callback)(struct racct *racct, 223 void *arg2, void *arg3), void *arg2, void *arg3) 224{ 225 struct loginclass *lc; 226 227 mtx_lock(&loginclasses_lock); 228 LIST_FOREACH(lc, &loginclasses, lc_next) 229 (callback)(lc->lc_racct, arg2, arg3); 230 mtx_unlock(&loginclasses_lock); 231} 232
|
215static void 216lc_init(void) 217{ 218 219 mtx_init(&loginclasses_lock, "loginclasses lock", NULL, MTX_DEF); 220}
| 233static void 234lc_init(void) 235{ 236 237 mtx_init(&loginclasses_lock, "loginclasses lock", NULL, MTX_DEF); 238}
|