xref: /titanic_52/usr/src/lib/libproject/common/setproject.c (revision 96ab4d5390a62b7e1743ec1fad5c0eef9682b961)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
 */


#include <sys/task.h>
#include <sys/types.h>
#include <unistd.h>

#include <ctype.h>
#include <project.h>
#include <rctl.h>
#include <secdb.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <nss_dbdefs.h>
#include <pwd.h>
#include <pool.h>
#include <libproc.h>
#include <priv.h>
#include <priv_utils.h>
#include <zone.h>
#include <sys/pool.h>
#include <sys/pool_impl.h>
#include <sys/rctl_impl.h>

static void
xstrtolower(char *s)
{
	for (; *s != '\0'; s++)
		*s = tolower(*s);
}

static void
remove_spaces(char *s)
{
	char *current;
	char *next;

	current = next = s;

	while (*next != '\0') {
		while (isspace(*next))
			next++;
		*current++ = *next++;
	}
	*current = '\0';
}

int
build_rctlblk(rctlblk_t *blk, int comp_num, char *component)
{
	char *signam;
	int sig = 0;
	uint_t act = rctlblk_get_local_action(blk, &sig);

	if (comp_num == 0) {
		/*
		 * Setting privilege level for resource control block.
		 */
		xstrtolower(component);

		if (strcmp("basic", component) == 0) {
			rctlblk_set_privilege(blk, RCPRIV_BASIC);
			return (0);
		}

		if (strcmp("priv", component) == 0 ||
		    strcmp("privileged", component) == 0) {
			rctlblk_set_privilege(blk, RCPRIV_PRIVILEGED);
			return (0);
		}

		return (-1);
	}

	if (comp_num == 1) {

		/*
		 * Setting value for resource control block.
		 */
		unsigned long long val;
		char *t;

		/* Negative numbers are not allowed */
		if (strchr(component, '-') != NULL)
			return (-1);

		errno = 0;
		val = strtoull(component, &t, 10);
		if (errno != 0 || t == component || *t != '\0')
			return (-1);

		rctlblk_set_value(blk, (rctl_qty_t)val);
		return (0);
	}

	/*
	 * Setting one or more actions on this resource control block.
	 */
	if (comp_num >= 2) {
		if (strcmp("none", component) == 0) {
			rctlblk_set_local_action(blk, 0, 0);
			return (0);
		}

		if (strcmp("deny", component) == 0) {
			act |= RCTL_LOCAL_DENY;

			rctlblk_set_local_action(blk, act, sig);

			return (0);
		}

		/*
		 * The last, and trickiest, form of action is the signal
		 * specification.
		 */
		if ((signam = strchr(component, '=')) == NULL)
			return (-1);

		*signam++ = '\0';

		if (strcmp("sig", component) == 0 ||
		    strcmp("signal", component) == 0) {
			if (strncmp("SIG", signam, 3) == 0)
				signam += 3;

			if (str2sig(signam, &sig) == -1)
				return (-1);

			act |= RCTL_LOCAL_SIGNAL;

			rctlblk_set_local_action(blk, act, sig);

			return (0);
		}
	}
	return (-1);
}

/*
 * States:
 */
#define	INPAREN		0x1

/*
 * Errors:
 */
#define	SETFAILED	(-1)
#define	COMPLETE	1
#define	NESTING		2
#define	UNCLOSED	3
#define	CLOSEBEFOREOPEN	4
#define	BADSPEC		5

static void
reinit_blk(rctlblk_t *blk, int local_action)
{
	rctlblk_set_privilege(blk, RCPRIV_PRIVILEGED);
	rctlblk_set_value(blk, 0);
	rctlblk_set_local_flags(blk, 0);
	rctlblk_set_local_action(blk, local_action, 0);
}

static int
rctl_set(char *ctl_name, char *val, struct ps_prochandle *Pr, int flags)
{
	int error = 0;
	uint_t component = 0;
	int valuecount = 0;
	uint_t state = 0;
	char *component_head;
	rctlblk_t *blk;
	rctlblk_t *ablk;
	int project_entity = 0;
	int count = 0;
	char *tmp;
	int local_act;
	rctlblk_t *rnext;
	int teardown_basic = 0;
	int teardown_priv = 0;

	/* We cannot modify a zone resource control */
	if (strncmp(ctl_name, "zone.", strlen("zone.")) == 0) {
		return (SETFAILED);
	}

	remove_spaces(val);

	if (strncmp(ctl_name, "project.", strlen("project.")) == 0) {
		project_entity = 1;
	} else if ((strncmp(ctl_name, "process.", strlen("process.")) != 0) &&
	    (strncmp(ctl_name, "task.", strlen("task.")) != 0)) {
		return (SETFAILED);
	}

	/* Determine how many attributes we'll be setting */
	for (tmp = val; *tmp != '\0'; tmp++) {
		if (*tmp == '(')
			count++;
	}
	/* Allocate sufficient memory for rctl blocks */
	if ((count == 0) || ((ablk =
	    (rctlblk_t *)malloc(rctlblk_size() * count)) == NULL)) {
		return (SETFAILED);
	}
	blk = ablk;

	/*
	 * In order to set the new rctl's local_action, we'll need the
	 * current value of global_flags.  We obtain global_flags by
	 * performing a pr_getrctl().
	 *
	 * The ctl_name has been verified as valid, so we have no reason
	 * to suspect that pr_getrctl() will return an error.
	 */
	(void) pr_getrctl(Pr, ctl_name, NULL, blk, RCTL_FIRST);


	/*
	 * Set initial local action based on global deny properties.
	 */
	rctlblk_set_privilege(blk, RCPRIV_PRIVILEGED);
	rctlblk_set_value(blk, 0);
	rctlblk_set_local_flags(blk, 0);

	if (rctlblk_get_global_flags(blk) & RCTL_GLOBAL_DENY_ALWAYS)
		local_act = RCTL_LOCAL_DENY;
	else
		local_act = RCTL_LOCAL_NOACTION;

	rctlblk_set_local_action(blk, local_act, 0);

	for (; ; val++) {

		switch (*val) {
			case '(':
				if (state & INPAREN) {
					error = NESTING;
					break;
				}

				state |= INPAREN;
				component_head = (char *)val + 1;

				break;
			case ')':
				if (state & INPAREN) {
					*val = '\0';
					if (component < 2) {
						error = BADSPEC;
						break;
					}
					if (build_rctlblk(blk, component,
					    component_head) == -1) {
						error = BADSPEC;
						break;
					}
					state &= ~INPAREN;
					component = 0;
					valuecount++;

					if (project_entity &&
					    (rctlblk_get_privilege(blk) ==
					    RCPRIV_BASIC)) {
						error = SETFAILED;
					} else {
						if (rctlblk_get_privilege(blk)
						    == RCPRIV_BASIC)
							teardown_basic = 1;

						if (rctlblk_get_privilege(blk)
						    == RCPRIV_PRIVILEGED)
							teardown_priv = 1;

						if (valuecount > count) {
							free(ablk);
							return (SETFAILED);
						}

						if (valuecount != count) {
							blk = RCTLBLK_INC(ablk,
							    valuecount);
							/* re-initialize blk */
							reinit_blk(blk,
							    local_act);
						}
					}

				} else {
					error = CLOSEBEFOREOPEN;
				}
				break;
			case ',':
				if (state & INPAREN) {
					*val = '\0';
					if (build_rctlblk(blk, component,
					    component_head) == -1)
						error = BADSPEC;

					component++;
					component_head = (char *)val + 1;

				}
				break;
			case '\0':
				if (valuecount == 0)
					error = BADSPEC;
				else if (state & INPAREN)
					error = UNCLOSED;
				else
					error = COMPLETE;
				break;
			default:
				if (!(state & INPAREN))
					error = BADSPEC;
				break;
		}

		if (error)
			break;
	}
	/* ablk points to array of rctlblk_t */

	if (valuecount == 0)
		error = BADSPEC;

	if (error != COMPLETE) {
		free(ablk);
		return (error);
	}

	/* teardown rctls if required */
	if (!project_entity) {

		if ((rnext = (rctlblk_t *)malloc(rctlblk_size())) == NULL) {
			free(ablk);
			return (SETFAILED);
		}

restart:
		if (pr_getrctl(Pr, ctl_name, NULL, rnext, RCTL_FIRST) == 0) {
			while (1) {
				if ((rctlblk_get_privilege(rnext) ==
				    RCPRIV_PRIVILEGED) &&
				    (teardown_priv == 1)) {
					(void) pr_setrctl(Pr, ctl_name, NULL,
					    rnext, RCTL_DELETE);
					goto restart;
				}
				if ((rctlblk_get_privilege(rnext) ==
				    RCPRIV_BASIC) && (teardown_basic == 1)) {
					(void) pr_setrctl(Pr, ctl_name, NULL,
					    rnext, RCTL_DELETE);
					goto restart;
				}

				if (pr_getrctl(Pr, ctl_name, rnext, rnext,
				    RCTL_NEXT) == -1)
					break;
			}
		}

		free(rnext);
	}

	/* set rctls */

	blk = ablk;

	if (project_entity) {
		if (pr_setprojrctl(Pr, ctl_name, blk, count, flags) == -1)
			error = SETFAILED;
	} else {
		valuecount = 0;
		while (valuecount < count) {
			if (pr_setrctl(Pr, ctl_name,
			    NULL, blk, RCTL_INSERT) == -1) {
				error = SETFAILED;
				break;
				}
			valuecount++;
			blk = RCTLBLK_INC(ablk, valuecount);
		}
	}



	free(ablk);

	if (error != COMPLETE)
		return (error);

	return (0);
}

static int
rctlwalkfunc(const char *name, void *data)
{

	if (strcmp(name, (char *)data) == 0)
		return (-1);
	else
		return (0);

}

/*
 * This routine determines if /dev/pool device is present on the system and
 * pools are currently enabled.  We want to do this directly from libproject
 * without using libpool's pool_get_status() routine because pools could be
 * completely removed from the system.  Return 1 if pools are enabled, or
 * 0 otherwise.  When used inside local zones, always pretend that pools
 * are disabled because binding is not allowed and we're already in the
 * right pool.
 */
static int
pools_enabled(void)
{
	pool_status_t status;
	int fd;

	if (getzoneid() != GLOBAL_ZONEID)
		return (0);
	if ((fd = open("/dev/pool", O_RDONLY)) < 0)
		return (0);
	if (ioctl(fd, POOL_STATUSQ, &status) < 0) {
		(void) close(fd);
		return (0);
	}
	(void) close(fd);
	return (status.ps_io_state);
}

/*
 * A pool_name of NULL means to attempt to bind to the default pool.
 * If the "force" flag is non-zero, the value of "system.bind-default" will be
 * ignored, and the process will be bound to the default pool if one exists.
 */
static int
bind_to_pool(const char *pool_name, pid_t pid, int force)
{
	pool_value_t *pvals[] = { NULL, NULL };
	pool_t **pools;
	uint_t nelem;
	uchar_t bval;
	pool_conf_t *conf;
	const char *nm;
	int retval;

	if ((conf = pool_conf_alloc()) == NULL)
		return (-1);
	if (pool_conf_open(conf, pool_dynamic_location(), PO_RDONLY) < 0) {
		/*
		 * Pools configuration file is corrupted; allow logins.
		 */
		pool_conf_free(conf);
		return (0);
	}
	if (pool_name != NULL && pool_get_pool(conf, pool_name) != NULL) {
		/*
		 * There was a project.pool entry, and the pool it refers to
		 * is a valid (active) pool.
		 */
		(void) pool_conf_close(conf);
		pool_conf_free(conf);
		if (pool_set_binding(pool_name, P_PID, pid) != PO_SUCCESS) {
			if (pool_error() != POE_SYSTEM)
				errno = EINVAL;
			return (-1);
		}
		return (0);
	}

	/*
	 * Bind to the pool with 'pool.default' = 'true' if
	 * 'system.bind-default' = 'true'.
	 */
	if ((pvals[0] = pool_value_alloc()) == NULL) {
		pool_conf_close(conf);
		pool_conf_free(conf);
		return (-1);
	}
	if (!force && pool_get_property(conf, pool_conf_to_elem(conf),
	    "system.bind-default", pvals[0]) != POC_BOOL ||
	    pool_value_get_bool(pvals[0], &bval) != PO_SUCCESS ||
	    bval == PO_FALSE) {
		pool_value_free(pvals[0]);
		pool_conf_close(conf);
		pool_conf_free(conf);
		errno = pool_name == NULL ? EACCES : ESRCH;
		return (-1);
	}
	(void) pool_value_set_name(pvals[0], "pool.default");
	pool_value_set_bool(pvals[0], PO_TRUE);
	if ((pools = pool_query_pools(conf, &nelem, pvals)) == NULL) {
		/*
		 * No default pools exist.
		 */
		pool_value_free(pvals[0]);
		pool_conf_close(conf);
		pool_conf_free(conf);
		errno = pool_name == NULL ? EACCES : ESRCH;
		return (-1);
	}
	if (nelem != 1 ||
	    pool_get_property(conf, pool_to_elem(conf, pools[0]), "pool.name",
	    pvals[0]) != POC_STRING) {
		/*
		 * Configuration is invalid.
		 */
		free(pools);
		pool_value_free(pvals[0]);
		(void) pool_conf_close(conf);
		pool_conf_free(conf);
		return (0);
	}
	free(pools);
	(void) pool_conf_close(conf);
	pool_conf_free(conf);
	(void) pool_value_get_string(pvals[0], &nm);
	if (pool_set_binding(nm, P_PID, pid) != PO_SUCCESS) {
		if (pool_error() != POE_SYSTEM)
			errno = EINVAL;
		retval = -1;
	} else {
		retval = 0;
	}
	pool_value_free(pvals[0]);
	return (retval);
}

/*
 * Changes the assigned project, task and resource pool of a stopped target
 * process.
 *
 * We may not have access to the project table if our target process is in
 * getprojbyname()'s execution path. Similarly, we may not be able to get user
 * information if the target process is in getpwnam()'s execution path. Thus we
 * give the caller the option of skipping these checks by providing a pointer to
 * a pre-validated project structure in proj (whose name matches project_name)
 * and taking responsibility for ensuring that the target process' owner is a
 * member of the target project.
 *
 * Callers of this function should always provide a pre-validated project
 * structure in proj unless they can be sure that the target process will never
 * be in setproject_proc()'s execution path.
 */

projid_t
setproject_proc(const char *project_name, const char *user_name, int flags,
    pid_t pid, struct ps_prochandle *Pr, struct project *proj)
{
	char pwdbuf[NSS_BUFLEN_PASSWD];
	char prbuf[PROJECT_BUFSZ];
	projid_t projid;
	struct passwd pwd;
	int i;
	int unknown = 0;
	int ret = 0;
	kva_t *kv_array;
	struct project local_proj; /* space to store proj if not provided */
	const char *pool_name = NULL;

	if (project_name != NULL) {
		/*
		 * Sanity checks.
		 */
		if (strcmp(project_name, "") == 0 ||
		    user_name == NULL) {
			errno = EINVAL;
			return (SETPROJ_ERR_TASK);
		}

		/*
		 * If proj is NULL, acquire project information to ensure that
		 * project_name is a valid project, and confirm that user_name
		 * exists and is a member of the specified project.
		 */
		if (proj == NULL) {
			if ((proj = getprojbyname(project_name, &local_proj,
			    prbuf, PROJECT_BUFSZ)) == NULL) {
				errno = ESRCH;
				return (SETPROJ_ERR_TASK);
			}

			if (getpwnam_r(user_name, &pwd,
			    pwdbuf, NSS_BUFLEN_PASSWD) == NULL) {
				errno = ESRCH;
				return (SETPROJ_ERR_TASK);
			}
			/*
			 * Root can join any project.
			 */
			if (pwd.pw_uid != (uid_t)0 &&
			    !inproj(user_name, project_name, prbuf,
			    PROJECT_BUFSZ)) {
				errno = ESRCH;
				return (SETPROJ_ERR_TASK);
			}
		}
		projid = proj->pj_projid;
	} else {
		projid = getprojid();
	}


	if ((kv_array = _str2kva(proj->pj_attr, KV_ASSIGN,
	    KV_DELIMITER)) != NULL) {
		for (i = 0; i < kv_array->length; i++) {
			if (strcmp(kv_array->data[i].key,
			    "project.pool") == 0) {
				pool_name = kv_array->data[i].value;
			}
			if (strcmp(kv_array->data[i].key, "task.final") == 0) {
				flags |= TASK_FINAL;
			}
		}
	}

	/*
	 * Bind process to a pool only if pools are configured
	 */
	if (pools_enabled() == 1) {
		char *old_pool_name;
		/*
		 * Attempt to bind to pool before calling
		 * settaskid().
		 */
		old_pool_name = pool_get_binding(pid);
		if (bind_to_pool(pool_name, pid, 0) != 0) {
			if (old_pool_name)
				free(old_pool_name);
			_kva_free(kv_array);
			return (SETPROJ_ERR_POOL);
		}
		if (pr_settaskid(Pr, projid, flags & TASK_MASK) == -1) {
			int saved_errno = errno;

			/*
			 * Undo pool binding.
			 */
			(void) bind_to_pool(old_pool_name, pid, 1);
			if (old_pool_name)
				free(old_pool_name);
			_kva_free(kv_array);
			/*
			 * Restore errno
			 */
			errno = saved_errno;
			return (SETPROJ_ERR_TASK);
		}
		if (old_pool_name)
			free(old_pool_name);
	} else {
		/*
		 * Pools are not configured, so simply create new task.
		 */
		if (pr_settaskid(Pr, projid, flags & TASK_MASK) == -1) {
			_kva_free(kv_array);
			return (SETPROJ_ERR_TASK);
		}
	}

	if (project_name == NULL) {
		/*
		 * In the case that we are starting a new task in the
		 * current project, we are finished, since the current
		 * resource controls will still apply. (Implicit behaviour:
		 * a project must be entirely logged out before name
		 * service changes will take effect.)
		 */
		_kva_free(kv_array);
		return (projid);
	}

	if (kv_array == NULL)
		return (0);

	for (i = 0; i < kv_array->length; i++) {
		/*
		 * Providing a special, i.e. a non-resource control, key?  Then
		 * parse that key here and end with "continue;".
		 */

		/*
		 * For generic bindings, the kernel performs the binding, as
		 * these are resource controls advertised by kernel subsystems.
		 */

		/*
		 * Check for known attribute name.
		 */
		errno = 0;
		if (rctl_walk(rctlwalkfunc, (void *)kv_array->data[i].key)
		    == 0)
			continue;
		if (errno) {
			_kva_free(kv_array);
			return (SETPROJ_ERR_TASK);
		}

		ret = rctl_set(kv_array->data[i].key,
		    kv_array->data[i].value, Pr, flags & TASK_PROJ_MASK);

		if (ret && unknown == 0) {
			/*
			 * We only report the first failure.
			 */
			unknown = i + 1;
		}

		if (ret && ret != SETFAILED) {
			/*
			 * We abort if we couldn't set a component, but if
			 * it's merely that the system didn't recognize it, we
			 * continue, as this could be a third party attribute.
			 */
			break;
		}
	}
	_kva_free(kv_array);

	return (unknown);
}

projid_t
setproject(const char *project_name, const char *user_name, int flags)
{
	return (setproject_proc(project_name, user_name, flags, P_MYID, NULL,
	    NULL));
}


priv_set_t *
setproject_initpriv(void)
{
	static priv_t taskpriv = PRIV_PROC_TASKID;
	static priv_t rctlpriv = PRIV_SYS_RESOURCE;
	static priv_t poolpriv = PRIV_SYS_RES_CONFIG;
	static priv_t schedpriv = PRIV_PROC_PRIOCNTL;
	int res;

	priv_set_t *nset;

	if (getzoneid() == GLOBAL_ZONEID) {
		res = __init_suid_priv(0, taskpriv, rctlpriv, poolpriv,
		    schedpriv, (char *)NULL);
	} else {
		res = __init_suid_priv(0, taskpriv, rctlpriv, (char *)NULL);
	}

	if (res != 0)
		return (NULL);

	nset = priv_allocset();
	if (nset != NULL) {
		priv_emptyset(nset);
		(void) priv_addset(nset, taskpriv);
		(void) priv_addset(nset, rctlpriv);
		/*
		 * Only need these if we need to change pools, which can
		 * only happen if the target is in the global zone.  Rather
		 * than checking the target's zone just check our own
		 * (since if we're in a non-global zone we won't be able
		 * to control processes in other zones).
		 */
		if (getzoneid() == GLOBAL_ZONEID) {
			(void) priv_addset(nset, poolpriv);
			(void) priv_addset(nset, schedpriv);
		}
	}
	return (nset);
}