An interface is provided for figuring out the PID and process name of a client. Make some existing functionality from SELinux and IA extensions available for general use.
Signed-off-by: Rami Ylimäki <[email protected]> --- dix/Makefile.am | 1 + dix/client.c | 338 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/client.h | 54 +++++++++ include/os.h | 2 + os/access.c | 46 ++++++++ 5 files changed, 441 insertions(+), 0 deletions(-) create mode 100644 dix/client.c create mode 100644 include/client.h diff --git a/dix/Makefile.am b/dix/Makefile.am index 5e2dad7..bc87da5 100644 --- a/dix/Makefile.am +++ b/dix/Makefile.am @@ -7,6 +7,7 @@ libmain_la_SOURCES = \ libdix_la_SOURCES = \ atom.c \ + client.c \ colormap.c \ cursor.c \ deprecated.c \ diff --git a/dix/client.c b/dix/client.c new file mode 100644 index 0000000..99152a4 --- /dev/null +++ b/dix/client.c @@ -0,0 +1,338 @@ +/* + * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All + * rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * Author: Rami Ylimäki <[email protected]> + * + * This file contains functionality for identifying clients by various + * means. The primary purpose of identification is to simply aid in + * finding out which clients are using X server and how they are using + * it. For example, it's often necessary to monitor what requests + * clients are executing (to spot bad behaviour) and how they are + * allocating resources in X server (to spot excessive resource + * usage). + * + * This framework automatically allocates information, that can be + * used for client identification, when a client connects to the + * server. The information is freed when the client disconnects. The + * allocated information is just a collection of various IDs, such as + * PID and process name for local clients, that are likely to be + * useful in analyzing X server usage. + * + * Users of the framework can query ID information about clients at + * any time. To avoid repeated polling of IDs the users can also + * subscribe for notifications about the availability of ID + * information. Use GetClient* to query information and + * GetClientIds*Cbs to register for notifications. + */ + +#include <stdlib.h> +#include <unistd.h> + +#include "os.h" +#include "client.h" +#include "dixstruct.h" + +/* Key for identifying ID information for a client. */ +static DevPrivateKeyRec ClientIdsPrivKeyRec; +static DevPrivateKey ClientIdsPrivKey = &ClientIdsPrivKeyRec; + +/** + * @return Client private holding PID and command line string. Error + * (NULL) if PID is not available for the client. + */ +ClientIdsPrivatePtr GetClientIds(ClientPtr client) +{ + PrivatePtr *privates = &(client)->devPrivates; + pointer priv = dixLookupPrivate(privates, ClientIdsPrivKey); + return (ClientIdsPrivatePtr) priv; +} + +/* Called after PID and command line string have been determined for a + * client (all clients, including remote clients, except server + * client). You may call GetClientPid and GetClientCmd after this + * notification. */ +static CallbackListPtr ClientIdsReservedCbs = NULL; + +/** + * @return Publisher of client ID allocation notifications. + * + * @see AddCallback + */ +CallbackListPtr *GetClientIdsReservedCbs(void) +{ + return &ClientIdsReservedCbs; +} + +/* Called before PID and command line string will be invalidated for a + * client (all clients, including remote clients, except server + * client). GetClientPid and GetClientCmd will return errors when + * called after this notification. */ +static CallbackListPtr ClientIdsReleasedCbs = NULL; + +/** + * @return Publisher of client ID deallocation notifications. + * + * @see AddCallback + */ +CallbackListPtr *GetClientIdsReleasedCbs(void) +{ + return &ClientIdsReleasedCbs; +} + +/** + * Try to determine a PID for a client from its connection + * information. This should be called only once when new client has + * connected, use GetClientPid to determine the PID at other times. + * + * @param[in] client Connection linked to some process. + * + * @return PID of the client. Error (-1) if PID can't be determined + * for the client. + * + * @see GetClientPid + */ +static pid_t DetermineClientPid(ClientPtr client) +{ + LocalClientCredRec *lcc = NULL; + pid_t pid = -1; + + if (client == NullClient) + return pid; + + if (client == serverClient) + return getpid(); + + if (GetLocalClientCreds(client, &lcc) != -1) + { + if (lcc->fieldsSet & LCC_PID_SET) + pid = lcc->pid; + FreeLocalClientCreds(lcc); + } + + return pid; +} + +/** + * Try to determine a command line string for a client based on its + * PID. Note that mapping PID to a command hasn't been implemented for + * some operating systems. This should be called only once when a new + * client has connected, use GetClientCmd to determine the string at + * other times. + * + * @param[in] pid Process ID of a client. + * + * @return Client command line string. Error (NULL) if command line + * string can't be determined for the client. You must release + * the string by calling free when it's not used anymore. + * + * @see GetClientCmd + */ +static const char *DetermineClientCmd(pid_t pid) +{ + return GetCommandFromPid(pid); +} + +/** + * Called when a new client connects. Allocates a private for the + * client and fills it with ID information. + * + * @param[in] client Recently connected client. + */ +static void ReserveClientIds(ClientPtr client) +{ + ClientIdsPrivatePtr priv = NULL; + pid_t pid = -1; + + if (client == NullClient) + return; + + /* Allocate private structure only if PID is available. */ + pid = DetermineClientPid(client); + if (pid != -1) + { + priv = malloc(sizeof(ClientIdsPrivateRec)); + if (priv) + { + priv->pid = pid; + priv->cmdline = DetermineClientCmd(pid); + } + } + + DebugF("client(%lx): Reserved pid(%d).\n", + client->clientAsMask, priv ? priv->pid : -1); + DebugF("client(%lx): Reserved cmdline(%s).\n", + client->clientAsMask, (priv && priv->cmdline) ? priv->cmdline : "NULL"); + + dixSetPrivate(&(client)->devPrivates, ClientIdsPrivKey, priv); +} + +/** + * Called when an existing client disconnects. Frees client ID + * information as well as the client private. + * + * @param[in] client Recently disconnected client. + */ +static void ReleaseClientIds(ClientPtr client) +{ + ClientIdsPrivatePtr priv = NULL; + + if (client == NullClient) + return; + + priv = GetClientIds(client); + if (!priv) + return; + + DebugF("client(%lx): Released pid(%d).\n", + client->clientAsMask, priv ? priv->pid : -1); + DebugF("client(%lx): Released cmdline(%s).\n", + client->clientAsMask, (priv && priv->cmdline) ? priv->cmdline : "NULL"); + + free((void *) priv->cmdline); /* const char * */ + free(priv); + dixSetPrivate(&(client)->devPrivates, ClientIdsPrivKey, NULL); +} + +/** + * Called when new client connects or existing client disconnects. + * + * @param[in] pcbl Publisher of client state change notifications. + * @param[in] nulldata Unused private callback data. + * @param[in] calldata Information about client whose state changed. + * + * @see GetClientIdsReservedCbs + * @see GetClientIdsReleasedCbs + */ +static void ClientIdsChanged(CallbackListPtr *pcbl, pointer nulldata, pointer calldata) +{ + NewClientInfoRec *pci = (NewClientInfoRec *)calldata; + ClientPtr client = pci->client; + + switch (client->clientState) + { + case ClientStateGone: + case ClientStateRetained: + /* Notify subscribers that client IDs will be released before + * they are actually released. */ + CallCallbacks(&ClientIdsReleasedCbs, client); + ReleaseClientIds(client); + break; + case ClientStateInitial: + /* Reserve client IDs and notify subscribers about new IDs + * afterwards. */ + ReserveClientIds(client); + CallCallbacks(&ClientIdsReservedCbs, client); + break; + default: + break; + } +} + +/** + * Starts tracking of client connections and disconnections. After + * initialization, PID and command line strings are determined and + * cached for each connected client. Call this before any clients have + * connected. + * + * @param[in] server Recently initialized server client. + */ +void InitClientIds(ClientPtr server) +{ + if (!dixRegisterPrivateKey(ClientIdsPrivKey, PRIVATE_CLIENT, 0)) + FatalError("Can't register client IDs private.\n"); + + if (!AddCallback(&ClientStateCallback, ClientIdsChanged, NULL)) + FatalError("Can't track client IDs.\n"); + + ReserveClientIds(server); +} + +/** + * Stops tracking clients. Call this after all clients have + * disconnected. + * + * @param[in] server Server client that is about to be cleaned up. + */ +void CloseClientIds(ClientPtr server) +{ + if (!DeleteCallback(&ClientStateCallback, ClientIdsChanged, NULL)) + LogMessage(X_ERROR, "Can't stop tracking client IDs.\n"); + + DeleteCallbackList(&ClientIdsReservedCbs); + DeleteCallbackList(&ClientIdsReleasedCbs); + + ReleaseClientIds(server); +} + +/** + * Get cached PID of a client. + * + * param[in] client Client whose PID has been already cached. + * + * @return Cached client PID. Error (-1) if called: + * - before ClientIdsReservedCbs notification + * - after ClientIdsReleasedCbs notification + * - for remote clients + * + * @see DetermineClientPid + */ +pid_t GetClientPid(ClientPtr client) +{ + ClientIdsPrivatePtr priv = NULL; + + if (client == NullClient) + return -1; + + priv = GetClientIds(client); + if (!priv) + return -1; + + return priv->pid; +} + +/** + * Get cached command line string of a client. + * + * param[in] client Client whose command line string caching has been + * attempted previously. + * + * @return Cached client command line. Error (NULL) if called: + * - before ClientIdsReservedCbs notification + * - after ClientIdsReleasedCbs notification + * - for remote clients + * - on OS that doesn't support mapping of PID to command line + * + * @see DetermineClientCmd + */ +const char *GetClientCmd(ClientPtr client) +{ + ClientIdsPrivatePtr priv = NULL; + + if (client == NullClient) + return NULL; + + priv = GetClientIds(client); + if (!priv) + return NULL; + + return priv->cmdline; +} diff --git a/include/client.h b/include/client.h new file mode 100644 index 0000000..6c15b2b --- /dev/null +++ b/include/client.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All + * rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * Author: Rami Ylimäki <[email protected]> + */ + +#ifndef CLIENT_IDS_H +#define CLIENT_IDS_H + +#include <sys/types.h> + +#include "dix.h" + +/* Client specific ID information. The corresponding client private + * will be NULL if PID is not available for the client. */ +typedef struct +{ + pid_t pid; /* always zero or positive */ + const char *cmdline; /* NULL if not available */ +} ClientIdsPrivateRec, *ClientIdsPrivatePtr; + +/* Initialize and clean up. */ +void InitClientIds(ClientPtr server); +void CloseClientIds(ClientPtr server); + +/* Register to notifications. */ +extern _X_EXPORT CallbackListPtr *GetClientIdsReservedCbs(void); +extern _X_EXPORT CallbackListPtr *GetClientIdsReleasedCbs(void); + +/* Query client IDs. */ +extern _X_EXPORT ClientIdsPrivatePtr GetClientIds(ClientPtr client); +extern _X_EXPORT pid_t GetClientPid(ClientPtr client); +extern _X_EXPORT const char *GetClientCmd(ClientPtr client); + +#endif /* CLIENT_IDS_H */ diff --git a/include/os.h b/include/os.h index efa202c..22c22a7 100644 --- a/include/os.h +++ b/include/os.h @@ -51,6 +51,7 @@ SOFTWARE. #include "misc.h" #include <stdarg.h> +#include <sys/types.h> /* pid_t */ #define SCREEN_SAVER_ON 0 #define SCREEN_SAVER_OFF 1 @@ -369,6 +370,7 @@ typedef struct { extern _X_EXPORT int GetLocalClientCreds(ClientPtr, LocalClientCredRec **); extern _X_EXPORT void FreeLocalClientCreds(LocalClientCredRec *); +extern _X_EXPORT const char *GetCommandFromPid(pid_t pid); extern _X_EXPORT int ChangeAccessControl(ClientPtr /*client*/, int /*fEnabled*/); diff --git a/os/access.c b/os/access.c index 0279259..ce96436 100644 --- a/os/access.c +++ b/os/access.c @@ -1297,6 +1297,52 @@ FreeLocalClientCreds(LocalClientCredRec *lcc) } } +/** + * Map a client PID to a command line string. Currently only systems + * with /proc/pid/cmdline are supported. + * + * @param[in] pid Process ID of a client. + * + * @return Command line string of the given process. Error (NULL) if + * the command line string can't be determined from the + * PID. You must release the string by calling free when it's + * not used anymore. + */ +const char *GetCommandFromPid(pid_t pid) +{ + char path[PATH_MAX + 1]; + char *cmd = NULL; + int fd = 0; + int bytes = 0; + + if (pid == -1) + return NULL; + + if (snprintf(path, sizeof(path), "/proc/%d/cmdline", pid) < 0) + return NULL; + + fd = open(path, O_RDONLY); + if (fd < 0) + return NULL; + bytes = read(fd, path, sizeof(path)); + if (bytes <= 0) + return NULL; + if (close(fd) < 0) + return NULL; + + /* We are only interested in the process name. We don't care about + * its arguments. Allocate space only for the process name. */ + path[bytes - 1] = '\0'; + bytes = strlen(path) + 1; + cmd = malloc(bytes); + if (cmd == NULL) + return NULL; + strncpy(cmd, path, bytes); + cmd[bytes - 1] = '\0'; + + return cmd; +} + static int AuthorizedClient(ClientPtr client) { -- 1.6.3.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
