[PATCH v2 1/5] dix: Add facilities for client ID tracking.
Rami Ylimäki
rami.ylimaki at vincit.fi
Fri Sep 10 09:58:38 PDT 2010
An interface is provided for figuring out the PID and process name of
a client. Make some existing functionality from SELinux and IA
extensions available for general use.
Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
---
dix/Makefile.am | 1 +
dix/client.c | 338 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
include/client.h | 54 +++++++++
include/os.h | 2 +
os/access.c | 46 ++++++++
5 files changed, 441 insertions(+), 0 deletions(-)
create mode 100644 dix/client.c
create mode 100644 include/client.h
diff --git a/dix/Makefile.am b/dix/Makefile.am
index 5e2dad7..bc87da5 100644
--- a/dix/Makefile.am
+++ b/dix/Makefile.am
@@ -7,6 +7,7 @@ libmain_la_SOURCES = \
libdix_la_SOURCES = \
atom.c \
+ client.c \
colormap.c \
cursor.c \
deprecated.c \
diff --git a/dix/client.c b/dix/client.c
new file mode 100644
index 0000000..99152a4
--- /dev/null
+++ b/dix/client.c
@@ -0,0 +1,338 @@
+/*
+ * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All
+ * rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * Author: Rami Ylimäki <rami.ylimaki at vincit.fi>
+ *
+ * This file contains functionality for identifying clients by various
+ * means. The primary purpose of identification is to simply aid in
+ * finding out which clients are using X server and how they are using
+ * it. For example, it's often necessary to monitor what requests
+ * clients are executing (to spot bad behaviour) and how they are
+ * allocating resources in X server (to spot excessive resource
+ * usage).
+ *
+ * This framework automatically allocates information, that can be
+ * used for client identification, when a client connects to the
+ * server. The information is freed when the client disconnects. The
+ * allocated information is just a collection of various IDs, such as
+ * PID and process name for local clients, that are likely to be
+ * useful in analyzing X server usage.
+ *
+ * Users of the framework can query ID information about clients at
+ * any time. To avoid repeated polling of IDs the users can also
+ * subscribe for notifications about the availability of ID
+ * information. Use GetClient* to query information and
+ * GetClientIds*Cbs to register for notifications.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "os.h"
+#include "client.h"
+#include "dixstruct.h"
+
+/* Key for identifying ID information for a client. */
+static DevPrivateKeyRec ClientIdsPrivKeyRec;
+static DevPrivateKey ClientIdsPrivKey = &ClientIdsPrivKeyRec;
+
+/**
+ * @return Client private holding PID and command line string. Error
+ * (NULL) if PID is not available for the client.
+ */
+ClientIdsPrivatePtr GetClientIds(ClientPtr client)
+{
+ PrivatePtr *privates = &(client)->devPrivates;
+ pointer priv = dixLookupPrivate(privates, ClientIdsPrivKey);
+ return (ClientIdsPrivatePtr) priv;
+}
+
+/* Called after PID and command line string have been determined for a
+ * client (all clients, including remote clients, except server
+ * client). You may call GetClientPid and GetClientCmd after this
+ * notification. */
+static CallbackListPtr ClientIdsReservedCbs = NULL;
+
+/**
+ * @return Publisher of client ID allocation notifications.
+ *
+ * @see AddCallback
+ */
+CallbackListPtr *GetClientIdsReservedCbs(void)
+{
+ return &ClientIdsReservedCbs;
+}
+
+/* Called before PID and command line string will be invalidated for a
+ * client (all clients, including remote clients, except server
+ * client). GetClientPid and GetClientCmd will return errors when
+ * called after this notification. */
+static CallbackListPtr ClientIdsReleasedCbs = NULL;
+
+/**
+ * @return Publisher of client ID deallocation notifications.
+ *
+ * @see AddCallback
+ */
+CallbackListPtr *GetClientIdsReleasedCbs(void)
+{
+ return &ClientIdsReleasedCbs;
+}
+
+/**
+ * Try to determine a PID for a client from its connection
+ * information. This should be called only once when new client has
+ * connected, use GetClientPid to determine the PID at other times.
+ *
+ * @param[in] client Connection linked to some process.
+ *
+ * @return PID of the client. Error (-1) if PID can't be determined
+ * for the client.
+ *
+ * @see GetClientPid
+ */
+static pid_t DetermineClientPid(ClientPtr client)
+{
+ LocalClientCredRec *lcc = NULL;
+ pid_t pid = -1;
+
+ if (client == NullClient)
+ return pid;
+
+ if (client == serverClient)
+ return getpid();
+
+ if (GetLocalClientCreds(client, &lcc) != -1)
+ {
+ if (lcc->fieldsSet & LCC_PID_SET)
+ pid = lcc->pid;
+ FreeLocalClientCreds(lcc);
+ }
+
+ return pid;
+}
+
+/**
+ * Try to determine a command line string for a client based on its
+ * PID. Note that mapping PID to a command hasn't been implemented for
+ * some operating systems. This should be called only once when a new
+ * client has connected, use GetClientCmd to determine the string at
+ * other times.
+ *
+ * @param[in] pid Process ID of a client.
+ *
+ * @return Client command line string. Error (NULL) if command line
+ * string can't be determined for the client. You must release
+ * the string by calling free when it's not used anymore.
+ *
+ * @see GetClientCmd
+ */
+static const char *DetermineClientCmd(pid_t pid)
+{
+ return GetCommandFromPid(pid);
+}
+
+/**
+ * Called when a new client connects. Allocates a private for the
+ * client and fills it with ID information.
+ *
+ * @param[in] client Recently connected client.
+ */
+static void ReserveClientIds(ClientPtr client)
+{
+ ClientIdsPrivatePtr priv = NULL;
+ pid_t pid = -1;
+
+ if (client == NullClient)
+ return;
+
+ /* Allocate private structure only if PID is available. */
+ pid = DetermineClientPid(client);
+ if (pid != -1)
+ {
+ priv = malloc(sizeof(ClientIdsPrivateRec));
+ if (priv)
+ {
+ priv->pid = pid;
+ priv->cmdline = DetermineClientCmd(pid);
+ }
+ }
+
+ DebugF("client(%lx): Reserved pid(%d).\n",
+ client->clientAsMask, priv ? priv->pid : -1);
+ DebugF("client(%lx): Reserved cmdline(%s).\n",
+ client->clientAsMask, (priv && priv->cmdline) ? priv->cmdline : "NULL");
+
+ dixSetPrivate(&(client)->devPrivates, ClientIdsPrivKey, priv);
+}
+
+/**
+ * Called when an existing client disconnects. Frees client ID
+ * information as well as the client private.
+ *
+ * @param[in] client Recently disconnected client.
+ */
+static void ReleaseClientIds(ClientPtr client)
+{
+ ClientIdsPrivatePtr priv = NULL;
+
+ if (client == NullClient)
+ return;
+
+ priv = GetClientIds(client);
+ if (!priv)
+ return;
+
+ DebugF("client(%lx): Released pid(%d).\n",
+ client->clientAsMask, priv ? priv->pid : -1);
+ DebugF("client(%lx): Released cmdline(%s).\n",
+ client->clientAsMask, (priv && priv->cmdline) ? priv->cmdline : "NULL");
+
+ free((void *) priv->cmdline); /* const char * */
+ free(priv);
+ dixSetPrivate(&(client)->devPrivates, ClientIdsPrivKey, NULL);
+}
+
+/**
+ * Called when new client connects or existing client disconnects.
+ *
+ * @param[in] pcbl Publisher of client state change notifications.
+ * @param[in] nulldata Unused private callback data.
+ * @param[in] calldata Information about client whose state changed.
+ *
+ * @see GetClientIdsReservedCbs
+ * @see GetClientIdsReleasedCbs
+ */
+static void ClientIdsChanged(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
+{
+ NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
+ ClientPtr client = pci->client;
+
+ switch (client->clientState)
+ {
+ case ClientStateGone:
+ case ClientStateRetained:
+ /* Notify subscribers that client IDs will be released before
+ * they are actually released. */
+ CallCallbacks(&ClientIdsReleasedCbs, client);
+ ReleaseClientIds(client);
+ break;
+ case ClientStateInitial:
+ /* Reserve client IDs and notify subscribers about new IDs
+ * afterwards. */
+ ReserveClientIds(client);
+ CallCallbacks(&ClientIdsReservedCbs, client);
+ break;
+ default:
+ break;
+ }
+}
+
+/**
+ * Starts tracking of client connections and disconnections. After
+ * initialization, PID and command line strings are determined and
+ * cached for each connected client. Call this before any clients have
+ * connected.
+ *
+ * @param[in] server Recently initialized server client.
+ */
+void InitClientIds(ClientPtr server)
+{
+ if (!dixRegisterPrivateKey(ClientIdsPrivKey, PRIVATE_CLIENT, 0))
+ FatalError("Can't register client IDs private.\n");
+
+ if (!AddCallback(&ClientStateCallback, ClientIdsChanged, NULL))
+ FatalError("Can't track client IDs.\n");
+
+ ReserveClientIds(server);
+}
+
+/**
+ * Stops tracking clients. Call this after all clients have
+ * disconnected.
+ *
+ * @param[in] server Server client that is about to be cleaned up.
+ */
+void CloseClientIds(ClientPtr server)
+{
+ if (!DeleteCallback(&ClientStateCallback, ClientIdsChanged, NULL))
+ LogMessage(X_ERROR, "Can't stop tracking client IDs.\n");
+
+ DeleteCallbackList(&ClientIdsReservedCbs);
+ DeleteCallbackList(&ClientIdsReleasedCbs);
+
+ ReleaseClientIds(server);
+}
+
+/**
+ * Get cached PID of a client.
+ *
+ * param[in] client Client whose PID has been already cached.
+ *
+ * @return Cached client PID. Error (-1) if called:
+ * - before ClientIdsReservedCbs notification
+ * - after ClientIdsReleasedCbs notification
+ * - for remote clients
+ *
+ * @see DetermineClientPid
+ */
+pid_t GetClientPid(ClientPtr client)
+{
+ ClientIdsPrivatePtr priv = NULL;
+
+ if (client == NullClient)
+ return -1;
+
+ priv = GetClientIds(client);
+ if (!priv)
+ return -1;
+
+ return priv->pid;
+}
+
+/**
+ * Get cached command line string of a client.
+ *
+ * param[in] client Client whose command line string caching has been
+ * attempted previously.
+ *
+ * @return Cached client command line. Error (NULL) if called:
+ * - before ClientIdsReservedCbs notification
+ * - after ClientIdsReleasedCbs notification
+ * - for remote clients
+ * - on OS that doesn't support mapping of PID to command line
+ *
+ * @see DetermineClientCmd
+ */
+const char *GetClientCmd(ClientPtr client)
+{
+ ClientIdsPrivatePtr priv = NULL;
+
+ if (client == NullClient)
+ return NULL;
+
+ priv = GetClientIds(client);
+ if (!priv)
+ return NULL;
+
+ return priv->cmdline;
+}
diff --git a/include/client.h b/include/client.h
new file mode 100644
index 0000000..6c15b2b
--- /dev/null
+++ b/include/client.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All
+ * rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * Author: Rami Ylimäki <rami.ylimaki at vincit.fi>
+ */
+
+#ifndef CLIENT_IDS_H
+#define CLIENT_IDS_H
+
+#include <sys/types.h>
+
+#include "dix.h"
+
+/* Client specific ID information. The corresponding client private
+ * will be NULL if PID is not available for the client. */
+typedef struct
+{
+ pid_t pid; /* always zero or positive */
+ const char *cmdline; /* NULL if not available */
+} ClientIdsPrivateRec, *ClientIdsPrivatePtr;
+
+/* Initialize and clean up. */
+void InitClientIds(ClientPtr server);
+void CloseClientIds(ClientPtr server);
+
+/* Register to notifications. */
+extern _X_EXPORT CallbackListPtr *GetClientIdsReservedCbs(void);
+extern _X_EXPORT CallbackListPtr *GetClientIdsReleasedCbs(void);
+
+/* Query client IDs. */
+extern _X_EXPORT ClientIdsPrivatePtr GetClientIds(ClientPtr client);
+extern _X_EXPORT pid_t GetClientPid(ClientPtr client);
+extern _X_EXPORT const char *GetClientCmd(ClientPtr client);
+
+#endif /* CLIENT_IDS_H */
diff --git a/include/os.h b/include/os.h
index efa202c..22c22a7 100644
--- a/include/os.h
+++ b/include/os.h
@@ -51,6 +51,7 @@ SOFTWARE.
#include "misc.h"
#include <stdarg.h>
+#include <sys/types.h> /* pid_t */
#define SCREEN_SAVER_ON 0
#define SCREEN_SAVER_OFF 1
@@ -369,6 +370,7 @@ typedef struct {
extern _X_EXPORT int GetLocalClientCreds(ClientPtr, LocalClientCredRec **);
extern _X_EXPORT void FreeLocalClientCreds(LocalClientCredRec *);
+extern _X_EXPORT const char *GetCommandFromPid(pid_t pid);
extern _X_EXPORT int ChangeAccessControl(ClientPtr /*client*/, int /*fEnabled*/);
diff --git a/os/access.c b/os/access.c
index 0279259..ce96436 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1297,6 +1297,52 @@ FreeLocalClientCreds(LocalClientCredRec *lcc)
}
}
+/**
+ * Map a client PID to a command line string. Currently only systems
+ * with /proc/pid/cmdline are supported.
+ *
+ * @param[in] pid Process ID of a client.
+ *
+ * @return Command line string of the given process. Error (NULL) if
+ * the command line string can't be determined from the
+ * PID. You must release the string by calling free when it's
+ * not used anymore.
+ */
+const char *GetCommandFromPid(pid_t pid)
+{
+ char path[PATH_MAX + 1];
+ char *cmd = NULL;
+ int fd = 0;
+ int bytes = 0;
+
+ if (pid == -1)
+ return NULL;
+
+ if (snprintf(path, sizeof(path), "/proc/%d/cmdline", pid) < 0)
+ return NULL;
+
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return NULL;
+ bytes = read(fd, path, sizeof(path));
+ if (bytes <= 0)
+ return NULL;
+ if (close(fd) < 0)
+ return NULL;
+
+ /* We are only interested in the process name. We don't care about
+ * its arguments. Allocate space only for the process name. */
+ path[bytes - 1] = '\0';
+ bytes = strlen(path) + 1;
+ cmd = malloc(bytes);
+ if (cmd == NULL)
+ return NULL;
+ strncpy(cmd, path, bytes);
+ cmd[bytes - 1] = '\0';
+
+ return cmd;
+}
+
static int
AuthorizedClient(ClientPtr client)
{
--
1.6.3.3
More information about the xorg-devel
mailing list