diff options
author | Damien Miller <djm@mindrot.org> | 2006-08-31 03:24:41 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-08-31 03:24:41 +1000 |
commit | 1b06dc30ad4692ec76c476d130ba7366f7ebfef2 (patch) | |
tree | 85a3f1df0e15d7da1939df14a43a35dc4380a001 /openbsd-compat/port-solaris.c | |
parent | 26d4e19caa3013f57dc3c1462847eceaac6a1d7d (diff) |
- (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
[openbsd-compat/port-solaris.h] Add support for Solaris process
contracts, enabled with --use-solaris-contracts. Patch from Chad
Mynhier, tweaked by dtucker@ and myself; ok dtucker@
Diffstat (limited to 'openbsd-compat/port-solaris.c')
-rw-r--r-- | openbsd-compat/port-solaris.c | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c new file mode 100644 index 000000000..f31f0c6ea --- /dev/null +++ b/openbsd-compat/port-solaris.c | |||
@@ -0,0 +1,189 @@ | |||
1 | /* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2006 Chad Mynhier. | ||
5 | * | ||
6 | * Permission to use, copy, modify, and distribute this software for any | ||
7 | * purpose with or without fee is hereby granted, provided that the above | ||
8 | * copyright notice and this permission notice appear in all copies. | ||
9 | * | ||
10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
17 | */ | ||
18 | |||
19 | #include "config.h" | ||
20 | #include "includes.h" | ||
21 | |||
22 | #ifdef USE_SOLARIS_PROCESS_CONTRACTS | ||
23 | |||
24 | #include <sys/types.h> | ||
25 | #include <sys/stat.h> | ||
26 | #include <sys/param.h> | ||
27 | |||
28 | #include <errno.h> | ||
29 | #ifdef HAVE_FCNTL_H | ||
30 | # include <fcntl.h> | ||
31 | #endif | ||
32 | #include <string.h> | ||
33 | #include <unistd.h> | ||
34 | |||
35 | #include <libcontract.h> | ||
36 | #include <sys/contract/process.h> | ||
37 | #include <sys/ctfs.h> | ||
38 | |||
39 | #include "log.h" | ||
40 | |||
41 | #define CT_TEMPLATE CTFS_ROOT "/process/template" | ||
42 | #define CT_LATEST CTFS_ROOT "/process/latest" | ||
43 | |||
44 | static int tmpl_fd = -1; | ||
45 | |||
46 | /* Lookup the latest process contract */ | ||
47 | static ctid_t | ||
48 | get_active_process_contract_id(void) | ||
49 | { | ||
50 | int stat_fd; | ||
51 | ctid_t ctid = -1; | ||
52 | ct_stathdl_t stathdl; | ||
53 | |||
54 | if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { | ||
55 | error("%s: Error opening 'latest' process " | ||
56 | "contract: %s", __func__, strerror(errno)); | ||
57 | return -1; | ||
58 | } | ||
59 | if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { | ||
60 | error("%s: Error reading process contract " | ||
61 | "status: %s", __func__, strerror(errno)); | ||
62 | goto out; | ||
63 | } | ||
64 | if ((ctid = ct_status_get_id(stathdl)) < 0) { | ||
65 | error("%s: Error getting process contract id: %s", | ||
66 | __func__, strerror(errno)); | ||
67 | goto out; | ||
68 | } | ||
69 | |||
70 | ct_status_free(stathdl); | ||
71 | out: | ||
72 | close(stat_fd); | ||
73 | return ctid; | ||
74 | } | ||
75 | |||
76 | void | ||
77 | solaris_contract_pre_fork(void) | ||
78 | { | ||
79 | if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { | ||
80 | error("%s: open %s: %s", __func__, | ||
81 | CT_TEMPLATE, strerror(errno)); | ||
82 | return; | ||
83 | } | ||
84 | |||
85 | debug2("%s: setting up process contract template on fd %d", | ||
86 | __func__, tmpl_fd); | ||
87 | |||
88 | /* We have to set certain attributes before activating the template */ | ||
89 | if (ct_pr_tmpl_set_fatal(tmpl_fd, | ||
90 | CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) { | ||
91 | error("%s: Error setting process contract template " | ||
92 | "fatal events: %s", __func__, strerror(errno)); | ||
93 | goto fail; | ||
94 | } | ||
95 | if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) { | ||
96 | error("%s: Error setting process contract template " | ||
97 | "critical events: %s", __func__, strerror(errno)); | ||
98 | goto fail; | ||
99 | } | ||
100 | |||
101 | /* Now make this the active template for this process. */ | ||
102 | if (ct_tmpl_activate(tmpl_fd) != 0) { | ||
103 | error("%s: Error activating process contract " | ||
104 | "template: %s", __func__, strerror(errno)); | ||
105 | goto fail; | ||
106 | } | ||
107 | return; | ||
108 | |||
109 | fail: | ||
110 | if (tmpl_fd != -1) { | ||
111 | close(tmpl_fd); | ||
112 | tmpl_fd = -1; | ||
113 | } | ||
114 | } | ||
115 | |||
116 | void | ||
117 | solaris_contract_post_fork_child() | ||
118 | { | ||
119 | debug2("%s: clearing process contract template on fd %d", | ||
120 | __func__, tmpl_fd); | ||
121 | |||
122 | /* Clear the active template. */ | ||
123 | if (ct_tmpl_clear(tmpl_fd) != 0) | ||
124 | error("%s: Error clearing active process contract " | ||
125 | "template: %s", __func__, strerror(errno)); | ||
126 | |||
127 | close(tmpl_fd); | ||
128 | tmpl_fd = -1; | ||
129 | } | ||
130 | |||
131 | void | ||
132 | solaris_contract_post_fork_parent(pid_t pid) | ||
133 | { | ||
134 | ctid_t ctid; | ||
135 | char ctl_path[256]; | ||
136 | int r, ctl_fd = -1, stat_fd = -1; | ||
137 | |||
138 | debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); | ||
139 | |||
140 | if (tmpl_fd == -1) | ||
141 | return; | ||
142 | |||
143 | /* First clear the active template. */ | ||
144 | if ((r = ct_tmpl_clear(tmpl_fd)) != 0) | ||
145 | error("%s: Error clearing active process contract " | ||
146 | "template: %s", __func__, strerror(errno)); | ||
147 | |||
148 | close(tmpl_fd); | ||
149 | tmpl_fd = -1; | ||
150 | |||
151 | /* | ||
152 | * If either the fork didn't succeed (pid < 0), or clearing | ||
153 | * th active contract failed (r != 0), then we have nothing | ||
154 | * more do. | ||
155 | */ | ||
156 | if (r != 0 || pid <= 0) | ||
157 | return; | ||
158 | |||
159 | /* Now lookup and abandon the contract we've created. */ | ||
160 | ctid = get_active_process_contract_id(); | ||
161 | |||
162 | debug2("%s: abandoning contract id %ld", __func__, ctid); | ||
163 | |||
164 | snprintf(ctl_path, sizeof(ctl_path), | ||
165 | CTFS_ROOT "/process/%ld/ctl", ctid); | ||
166 | if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { | ||
167 | error("%s: Error opening process contract " | ||
168 | "ctl file: %s", __func__, strerror(errno)); | ||
169 | goto fail; | ||
170 | } | ||
171 | if (ct_ctl_abandon(ctl_fd) < 0) { | ||
172 | error("%s: Error abandoning process contract: %s", | ||
173 | __func__, strerror(errno)); | ||
174 | goto fail; | ||
175 | } | ||
176 | close(ctl_fd); | ||
177 | return; | ||
178 | |||
179 | fail: | ||
180 | if (tmpl_fd != -1) { | ||
181 | close(tmpl_fd); | ||
182 | tmpl_fd = -1; | ||
183 | } | ||
184 | if (stat_fd != -1) | ||
185 | close(stat_fd); | ||
186 | if (ctl_fd != -1) | ||
187 | close(ctl_fd); | ||
188 | } | ||
189 | #endif | ||