- (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]

   [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@

4 files changed, 223 insertions, 5 deletions

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 67e521bf..9f06605d 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $
+# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl
 
 COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
-PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o
+PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 18249d81..278ac71d 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.40 2006/07/12 13:10:34 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -190,10 +190,12 @@ char *shadow_pw(struct passwd *pw);
 /* Routines for a single OS platform */
 #include "bsd-cray.h"
 #include "bsd-cygwin_util.h"
+
+#include "port-aix.h"
 #include "port-irix.h"
 #include "port-linux.h"
-#include "port-aix.h"
-#include "port-uw.h"
+#include "port-solaris.h"
 #include "port-tun.h"
+#include "port-uw.h"
 
 #endif /* _OPENBSD_COMPAT_H */
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
new file mode 100644
index 00000000..f31f0c6e
--- /dev/null
+++ b/openbsd-compat/port-solaris.c
@@ -0,0 +1,189 @@
+/* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Chad Mynhier.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+#include "includes.h"
+
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+#include <string.h>
+#include <unistd.h>
+
+#include <libcontract.h>
+#include <sys/contract/process.h>
+#include <sys/ctfs.h>
+
+#include "log.h"
+
+#define CT_TEMPLATE	CTFS_ROOT "/process/template"
+#define CT_LATEST	CTFS_ROOT "/process/latest"
+
+static int tmpl_fd = -1;
+
+/* Lookup the latest process contract */
+static ctid_t
+get_active_process_contract_id(void)
+{
+	int stat_fd;
+	ctid_t ctid = -1;
+	ct_stathdl_t stathdl;
+
+	if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) {
+		error("%s: Error opening 'latest' process "
+		    "contract: %s", __func__, strerror(errno));
+		return -1;
+	}
+	if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) {
+		error("%s: Error reading process contract "
+		    "status: %s", __func__, strerror(errno));
+		goto out;
+	}
+	if ((ctid = ct_status_get_id(stathdl)) < 0) {
+		error("%s: Error getting process contract id: %s",
+		    __func__, strerror(errno));
+		goto out;
+	}
+
+	ct_status_free(stathdl);
+ out:
+	close(stat_fd);
+	return ctid;
+}
+
+void
+solaris_contract_pre_fork(void)
+{
+	if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) {
+		error("%s: open %s: %s", __func__,
+		    CT_TEMPLATE, strerror(errno));
+		return;
+	}
+
+	debug2("%s: setting up process contract template on fd %d",
+	    __func__, tmpl_fd);
+
+	/* We have to set certain attributes before activating the template */
+	if (ct_pr_tmpl_set_fatal(tmpl_fd,
+	    CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) {
+		error("%s: Error setting process contract template "
+		    "fatal events: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) {
+		error("%s: Error setting process contract template "
+		    "critical events: %s", __func__, strerror(errno));
+		goto fail;
+	}
+
+	/* Now make this the active template for this process. */
+	if (ct_tmpl_activate(tmpl_fd) != 0) {
+		error("%s: Error activating process contract "
+		    "template: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	return;
+
+ fail:
+	if (tmpl_fd != -1) {
+		close(tmpl_fd);
+		tmpl_fd = -1;
+	}
+}
+
+void
+solaris_contract_post_fork_child()
+{
+	debug2("%s: clearing process contract template on fd %d",
+	    __func__, tmpl_fd);
+
+	/* Clear the active template. */
+	if (ct_tmpl_clear(tmpl_fd) != 0)
+		error("%s: Error clearing active process contract "
+		    "template: %s", __func__, strerror(errno));
+
+	close(tmpl_fd);
+	tmpl_fd = -1;
+}
+
+void
+solaris_contract_post_fork_parent(pid_t pid)
+{
+	ctid_t ctid;
+	char ctl_path[256];
+	int r, ctl_fd = -1, stat_fd = -1;
+
+	debug2("%s: clearing template (fd %d)", __func__, tmpl_fd);
+
+	if (tmpl_fd == -1)
+		return;
+
+	/* First clear the active template. */
+	if ((r = ct_tmpl_clear(tmpl_fd)) != 0)
+		error("%s: Error clearing active process contract "
+		    "template: %s", __func__, strerror(errno));
+
+	close(tmpl_fd);
+	tmpl_fd = -1;
+
+	/*
+	 * If either the fork didn't succeed (pid < 0), or clearing
+	 * th active contract failed (r != 0), then we have nothing
+	 * more do.
+	 */
+	if (r != 0 || pid <= 0)
+		return;
+
+	/* Now lookup and abandon the contract we've created. */
+	ctid = get_active_process_contract_id();
+
+	debug2("%s: abandoning contract id %ld", __func__, ctid);
+
+	snprintf(ctl_path, sizeof(ctl_path),
+	    CTFS_ROOT "/process/%ld/ctl", ctid);
+	if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) {
+		error("%s: Error opening process contract "
+		    "ctl file: %s", __func__, strerror(errno));
+		goto fail;
+	}
+	if (ct_ctl_abandon(ctl_fd) < 0) {
+		error("%s: Error abandoning process contract: %s",
+		    __func__, strerror(errno));
+		goto fail;
+	}
+	close(ctl_fd);
+	return;
+
+ fail:
+	if (tmpl_fd != -1) {
+		close(tmpl_fd);
+		tmpl_fd = -1;
+	}
+	if (stat_fd != -1)
+		close(stat_fd);
+	if (ctl_fd != -1)
+		close(ctl_fd);
+}
+#endif
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h
new file mode 100644
index 00000000..4c324871
--- /dev/null
+++ b/openbsd-compat/port-solaris.h
@@ -0,0 +1,27 @@
+/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Chad Mynhier.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _PORT_SOLARIS_H
+
+#include <sys/types.h>
+
+void solaris_contract_pre_fork(void);
+void solaris_contract_post_fork_child(void);
+void solaris_contract_post_fork_parent(pid_t pid);
+
+#endif