1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2011 The FreeBSD Foundation
5 *
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 */
30
31 /*
32 * Processes may set login class name using setloginclass(2). This
33 * is usually done through call to setusercontext(3), by programs
34 * such as login(1), based on information from master.passwd(5). Kernel
35 * uses this information to enforce per-class resource limits. Current
36 * login class can be determined using id(1). Login class is inherited
37 * from the parent process during fork(2). If not set, it defaults
38 * to "default".
39 *
40 * Code in this file implements setloginclass(2) and getloginclass(2)
41 * system calls, and maintains class name storage and retrieval.
42 */
43
44 #include <sys/cdefs.h>
45 #include <sys/param.h>
46 #include <sys/eventhandler.h>
47 #include <sys/kernel.h>
48 #include <sys/lock.h>
49 #include <sys/loginclass.h>
50 #include <sys/malloc.h>
51 #include <sys/types.h>
52 #include <sys/priv.h>
53 #include <sys/proc.h>
54 #include <sys/queue.h>
55 #include <sys/racct.h>
56 #include <sys/rctl.h>
57 #include <sys/refcount.h>
58 #include <sys/rwlock.h>
59 #include <sys/sysproto.h>
60 #include <sys/systm.h>
61
62 static MALLOC_DEFINE(M_LOGINCLASS, "loginclass", "loginclass structures");
63
64 LIST_HEAD(, loginclass) loginclasses;
65
66 /*
67 * Lock protecting loginclasses list.
68 */
69 static struct rwlock loginclasses_lock;
70 RW_SYSINIT(loginclasses_init, &loginclasses_lock, "loginclasses lock");
71
72 void
loginclass_hold(struct loginclass * lc)73 loginclass_hold(struct loginclass *lc)
74 {
75
76 refcount_acquire(&lc->lc_refcount);
77 }
78
79 void
loginclass_free(struct loginclass * lc)80 loginclass_free(struct loginclass *lc)
81 {
82
83 if (refcount_release_if_not_last(&lc->lc_refcount))
84 return;
85
86 rw_wlock(&loginclasses_lock);
87 if (!refcount_release(&lc->lc_refcount)) {
88 rw_wunlock(&loginclasses_lock);
89 return;
90 }
91
92 racct_destroy(&lc->lc_racct);
93 LIST_REMOVE(lc, lc_next);
94 rw_wunlock(&loginclasses_lock);
95
96 free(lc, M_LOGINCLASS);
97 }
98
99 /*
100 * Look up a loginclass struct for the parameter name.
101 * loginclasses_lock must be locked.
102 * Increase refcount on loginclass struct returned.
103 */
104 static struct loginclass *
loginclass_lookup(const char * name)105 loginclass_lookup(const char *name)
106 {
107 struct loginclass *lc;
108
109 rw_assert(&loginclasses_lock, RA_LOCKED);
110 LIST_FOREACH(lc, &loginclasses, lc_next)
111 if (strcmp(name, lc->lc_name) == 0) {
112 loginclass_hold(lc);
113 break;
114 }
115
116 return (lc);
117 }
118
119 /*
120 * Return loginclass structure with a corresponding name. Not
121 * performance critical, as it's used mainly by setloginclass(2),
122 * which happens once per login session. Caller has to use
123 * loginclass_free() on the returned value when it's no longer
124 * needed.
125 */
126 struct loginclass *
loginclass_find(const char * name)127 loginclass_find(const char *name)
128 {
129 struct loginclass *lc, *new_lc;
130
131 if (name[0] == '\0' || strlen(name) >= MAXLOGNAME)
132 return (NULL);
133
134 lc = curthread->td_ucred->cr_loginclass;
135 if (strcmp(name, lc->lc_name) == 0) {
136 loginclass_hold(lc);
137 return (lc);
138 }
139
140 rw_rlock(&loginclasses_lock);
141 lc = loginclass_lookup(name);
142 rw_runlock(&loginclasses_lock);
143 if (lc != NULL)
144 return (lc);
145
146 new_lc = malloc(sizeof(*new_lc), M_LOGINCLASS, M_ZERO | M_WAITOK);
147 racct_create(&new_lc->lc_racct);
148 refcount_init(&new_lc->lc_refcount, 1);
149 strcpy(new_lc->lc_name, name);
150
151 rw_wlock(&loginclasses_lock);
152 /*
153 * There's a chance someone created our loginclass while we
154 * were in malloc and not holding the lock, so we have to
155 * make sure we don't insert a duplicate loginclass.
156 */
157 if ((lc = loginclass_lookup(name)) == NULL) {
158 LIST_INSERT_HEAD(&loginclasses, new_lc, lc_next);
159 rw_wunlock(&loginclasses_lock);
160 lc = new_lc;
161 } else {
162 rw_wunlock(&loginclasses_lock);
163 racct_destroy(&new_lc->lc_racct);
164 free(new_lc, M_LOGINCLASS);
165 }
166
167 return (lc);
168 }
169
170 /*
171 * Get login class name.
172 */
173 #ifndef _SYS_SYSPROTO_H_
174 struct getloginclass_args {
175 char *namebuf;
176 size_t namelen;
177 };
178 #endif
179 /* ARGSUSED */
180 int
sys_getloginclass(struct thread * td,struct getloginclass_args * uap)181 sys_getloginclass(struct thread *td, struct getloginclass_args *uap)
182 {
183 struct loginclass *lc;
184 size_t lcnamelen;
185
186 lc = td->td_ucred->cr_loginclass;
187 lcnamelen = strlen(lc->lc_name) + 1;
188 if (lcnamelen > uap->namelen)
189 return (ERANGE);
190 return (copyout(lc->lc_name, uap->namebuf, lcnamelen));
191 }
192
193 /*
194 * Set login class name.
195 */
196 #ifndef _SYS_SYSPROTO_H_
197 struct setloginclass_args {
198 const char *namebuf;
199 };
200 #endif
201 /* ARGSUSED */
202 int
sys_setloginclass(struct thread * td,struct setloginclass_args * uap)203 sys_setloginclass(struct thread *td, struct setloginclass_args *uap)
204 {
205 struct proc *p = td->td_proc;
206 int error;
207 char lcname[MAXLOGNAME];
208 struct loginclass *newlc;
209 struct ucred *newcred, *oldcred;
210
211 error = priv_check(td, PRIV_PROC_SETLOGINCLASS);
212 if (error != 0)
213 return (error);
214 error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL);
215 if (error != 0)
216 return (error);
217
218 newlc = loginclass_find(lcname);
219 if (newlc == NULL)
220 return (EINVAL);
221 newcred = crget();
222
223 PROC_LOCK(p);
224 oldcred = crcopysafe(p, newcred);
225 newcred->cr_loginclass = newlc;
226 proc_set_cred(p, newcred);
227 #ifdef RACCT
228 racct_proc_ucred_changed(p, oldcred, newcred);
229 crhold(newcred);
230 #endif
231 PROC_UNLOCK(p);
232 #ifdef RCTL
233 rctl_proc_ucred_changed(p, newcred);
234 crfree(newcred);
235 #endif
236 loginclass_free(oldcred->cr_loginclass);
237 crfree(oldcred);
238
239 return (0);
240 }
241
242 void
loginclass_racct_foreach(void (* callback)(struct racct * racct,void * arg2,void * arg3),void (* pre)(void),void (* post)(void),void * arg2,void * arg3)243 loginclass_racct_foreach(void (*callback)(struct racct *racct,
244 void *arg2, void *arg3), void (*pre)(void), void (*post)(void),
245 void *arg2, void *arg3)
246 {
247 struct loginclass *lc;
248
249 rw_rlock(&loginclasses_lock);
250 if (pre != NULL)
251 (pre)();
252 LIST_FOREACH(lc, &loginclasses, lc_next)
253 (callback)(lc->lc_racct, arg2, arg3);
254 if (post != NULL)
255 (post)();
256 rw_runlock(&loginclasses_lock);
257 }
258