1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2011 The FreeBSD Foundation
5 * All rights reserved.
6 *
7 * This software was developed by Edward Tomasz Napierala under sponsorship
8 * from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $FreeBSD$
32 */
33
34 /*
35 * Processes may set login class name using setloginclass(2). This
36 * is usually done through call to setusercontext(3), by programs
37 * such as login(1), based on information from master.passwd(5). Kernel
38 * uses this information to enforce per-class resource limits. Current
39 * login class can be determined using id(1). Login class is inherited
40 * from the parent process during fork(2). If not set, it defaults
41 * to "default".
42 *
43 * Code in this file implements setloginclass(2) and getloginclass(2)
44 * system calls, and maintains class name storage and retrieval.
45 */
46
47 #include <sys/cdefs.h>
48 __FBSDID("$FreeBSD$");
49
50 #include <sys/param.h>
51 #include <sys/eventhandler.h>
52 #include <sys/kernel.h>
53 #include <sys/lock.h>
54 #include <sys/loginclass.h>
55 #include <sys/malloc.h>
56 #include <sys/types.h>
57 #include <sys/priv.h>
58 #include <sys/proc.h>
59 #include <sys/queue.h>
60 #include <sys/racct.h>
61 #include <sys/rctl.h>
62 #include <sys/refcount.h>
63 #include <sys/rwlock.h>
64 #include <sys/sysproto.h>
65 #include <sys/systm.h>
66
67 static MALLOC_DEFINE(M_LOGINCLASS, "loginclass", "loginclass structures");
68
69 LIST_HEAD(, loginclass) loginclasses;
70
71 /*
72 * Lock protecting loginclasses list.
73 */
74 static struct rwlock loginclasses_lock;
75 RW_SYSINIT(loginclasses_init, &loginclasses_lock, "loginclasses lock");
76
77 void
78 loginclass_hold(struct loginclass *lc)
79 {
80
81 refcount_acquire(&lc->lc_refcount);
82 }
83
84 void
85 loginclass_free(struct loginclass *lc)
86 {
87 int old;
88
89 old = lc->lc_refcount;
90 if (old > 1 && atomic_cmpset_int(&lc->lc_refcount, old, old - 1))
91 return;
92
93 rw_wlock(&loginclasses_lock);
94 if (!refcount_release(&lc->lc_refcount)) {
95 rw_wunlock(&loginclasses_lock);
96 return;
97 }
98
99 racct_destroy(&lc->lc_racct);
100 LIST_REMOVE(lc, lc_next);
101 rw_wunlock(&loginclasses_lock);
102
103 free(lc, M_LOGINCLASS);
104 }
105
106 /*
107 * Look up a loginclass struct for the parameter name.
108 * loginclasses_lock must be locked.
109 * Increase refcount on loginclass struct returned.
110 */
111 static struct loginclass *
112 loginclass_lookup(const char *name)
113 {
114 struct loginclass *lc;
115
116 rw_assert(&loginclasses_lock, RA_LOCKED);
117 LIST_FOREACH(lc, &loginclasses, lc_next)
118 if (strcmp(name, lc->lc_name) == 0) {
119 loginclass_hold(lc);
120 break;
121 }
122
123 return (lc);
124 }
125
126 /*
127 * Return loginclass structure with a corresponding name. Not
128 * performance critical, as it's used mainly by setloginclass(2),
129 * which happens once per login session. Caller has to use
130 * loginclass_free() on the returned value when it's no longer
131 * needed.
132 */
133 struct loginclass *
134 loginclass_find(const char *name)
135 {
136 struct loginclass *lc, *new_lc;
137
138 if (name[0] == '\0' || strlen(name) >= MAXLOGNAME)
139 return (NULL);
140
141 lc = curthread->td_ucred->cr_loginclass;
142 if (strcmp(name, lc->lc_name) == 0) {
143 loginclass_hold(lc);
144 return (lc);
145 }
146
147 rw_rlock(&loginclasses_lock);
148 lc = loginclass_lookup(name);
149 rw_runlock(&loginclasses_lock);
150 if (lc != NULL)
151 return (lc);
152
153 new_lc = malloc(sizeof(*new_lc), M_LOGINCLASS, M_ZERO | M_WAITOK);
154 racct_create(&new_lc->lc_racct);
155 refcount_init(&new_lc->lc_refcount, 1);
156 strcpy(new_lc->lc_name, name);
157
158 rw_wlock(&loginclasses_lock);
159 /*
160 * There's a chance someone created our loginclass while we
161 * were in malloc and not holding the lock, so we have to
162 * make sure we don't insert a duplicate loginclass.
163 */
164 if ((lc = loginclass_lookup(name)) == NULL) {
165 LIST_INSERT_HEAD(&loginclasses, new_lc, lc_next);
166 rw_wunlock(&loginclasses_lock);
167 lc = new_lc;
168 } else {
169 rw_wunlock(&loginclasses_lock);
170 racct_destroy(&new_lc->lc_racct);
171 free(new_lc, M_LOGINCLASS);
172 }
173
174 return (lc);
175 }
176
177 /*
178 * Get login class name.
179 */
180 #ifndef _SYS_SYSPROTO_H_
181 struct getloginclass_args {
182 char *namebuf;
183 size_t namelen;
184 };
185 #endif
186 /* ARGSUSED */
187 int
188 sys_getloginclass(struct thread *td, struct getloginclass_args *uap)
189 {
190 struct loginclass *lc;
191 size_t lcnamelen;
192
193 lc = td->td_ucred->cr_loginclass;
194 lcnamelen = strlen(lc->lc_name) + 1;
195 if (lcnamelen > uap->namelen)
196 return (ERANGE);
197 return (copyout(lc->lc_name, uap->namebuf, lcnamelen));
198 }
199
200 /*
201 * Set login class name.
202 */
203 #ifndef _SYS_SYSPROTO_H_
204 struct setloginclass_args {
205 const char *namebuf;
206 };
207 #endif
208 /* ARGSUSED */
209 int
210 sys_setloginclass(struct thread *td, struct setloginclass_args *uap)
211 {
212 struct proc *p = td->td_proc;
213 int error;
214 char lcname[MAXLOGNAME];
215 struct loginclass *newlc;
216 struct ucred *newcred, *oldcred;
217
218 error = priv_check(td, PRIV_PROC_SETLOGINCLASS);
219 if (error != 0)
220 return (error);
221 error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL);
222 if (error != 0)
223 return (error);
224
225 newlc = loginclass_find(lcname);
226 if (newlc == NULL)
227 return (EINVAL);
228 newcred = crget();
229
230 PROC_LOCK(p);
231 oldcred = crcopysafe(p, newcred);
232 newcred->cr_loginclass = newlc;
233 proc_set_cred(p, newcred);
234 #ifdef RACCT
235 racct_proc_ucred_changed(p, oldcred, newcred);
236 crhold(newcred);
237 #endif
238 PROC_UNLOCK(p);
239 #ifdef RCTL
240 rctl_proc_ucred_changed(p, newcred);
241 crfree(newcred);
242 #endif
243 loginclass_free(oldcred->cr_loginclass);
244 crfree(oldcred);
245
246 return (0);
247 }
248
249 void
250 loginclass_racct_foreach(void (*callback)(struct racct *racct,
251 void *arg2, void *arg3), void (*pre)(void), void (*post)(void),
252 void *arg2, void *arg3)
253 {
254 struct loginclass *lc;
255
256 rw_rlock(&loginclasses_lock);
257 if (pre != NULL)
258 (pre)();
259 LIST_FOREACH(lc, &loginclasses, lc_next)
260 (callback)(lc->lc_racct, arg2, arg3);
261 if (post != NULL)
262 (post)();
263 rw_runlock(&loginclasses_lock);
264 }
Cache object: 6c05969ba99268ebe5f179b1e731ad17
|