* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file user.c uid User and user ID handling. */
+/** \file user.c \brief User and user ID handling. */
#include "adu.h"
#include <dirent.h> /* readdir() */
uint32_t high;
};
+/** Iterate over all uid ranges. */
#define FOR_EACH_UID_RANGE(ur, urs) for (ur = urs; ur->low <= ur->high; ur++)
/** Flags for the user hash table. */
/** Whether this uid should be taken into account. */
UI_FL_ADMISSIBLE = 2,
};
+
/*
* Contains info for each user that owns at least one regular file.
*
/** This is always a power of two. It is set in create_hash_table(). */
static uint32_t uid_hash_table_size;
+/* Array of indices to the entries of \a uid_hash_table. */
+static int *uid_hash_table_sort_idx;
+
+/** The number of used slots in the hash table. */
+static uint32_t num_uids;
+
/*
* The columns of the per-user tables.
*
return ret;
}
+/**
+ * Convert the --uid argument to an array of uid ranges.
+ *
+ * \param orig_arg The argument to the --uid option.
+ * \param ur Result pointer.
+ *
+ * Returns Negative on errors. On success, the number of uid ranges
+ * is returned.
+ */
int parse_uid_arg(const char *orig_arg, struct uid_range **ur)
{
char *arg, **argv;
return n;
}
+static int uid_is_admissible(uint32_t uid, struct uid_range *urs)
+{
+ struct uid_range *ur;
+ int ret = 1;
+
+ if (!urs) /* empty array means all uids are allowed */
+ return 1;
+ FOR_EACH_UID_RANGE(ur, urs)
+ if (ur->low <= uid && ur->high >= uid)
+ goto out;
+ ret = 0;
+out:
+ DEBUG_LOG("uid %u is %sadmissible\n", (unsigned)uid,
+ ret? "" : "not ");
+ return ret;
+}
+
+/**
+ * Add each given user to the array of admissible users.
+ *
+ * \param users Array of user names to add.
+ * \param num_users Length of \a users.
+ * \param admissible_uids The users which are already admissible.
+ * \param num_uid_ranges The number of intervals of \a admissible_uids.
+ *
+ * For each given user, the function checks whether that user is already
+ * admissible, i.e. its uid is contained in one of the ranges given by \a
+ * admissible_uids. If it is, the function ignores that user. Otherwise, a new
+ * length-one range consisting of that uid only is appended to \a
+ * admissible_uids.
+ *
+ * \return Negative on errors, the new number of uid ranges on success.
+ */
+int append_users(char **users, int num_users,
+ struct uid_range **admissible_uids, int num_uid_ranges)
+{
+ int i;
+ struct uid_range *au = *admissible_uids;
+
+ for (i = 0; i < num_users; i++) {
+ char *u = users[i];
+ struct uid_range *ur;
+ struct passwd *pw = getpwnam(u);
+
+ if (!pw) {
+ ERROR_LOG("user %s not found\n", u);
+ return -ERRNO_TO_ERROR(EINVAL);
+ }
+ if (au && uid_is_admissible(pw->pw_uid, au))
+ continue; /* nothing to do */
+ /* add a range consisting of this uid only */
+ num_uid_ranges++;
+ au = adu_realloc(au, (num_uid_ranges + 1) *
+ sizeof(struct uid_range));
+ *admissible_uids = au;
+ ur = au + num_uid_ranges - 1; /* the new uid range */
+ ur->low = ur->high = pw->pw_uid;
+ /* terminate the list */
+ ur++;
+ ur->low = 1;
+ ur->high = 0;
+ }
+ return num_uid_ranges;
+}
static inline int ui_used(struct user_info *ui)
{
if (pw && pw->pw_name)
ui->pw_name = adu_strdup(pw->pw_name);
- INFO_LOG(".............................uid #%u: %u\n",
- (unsigned)num_uids, (unsigned)ui->uid);
+ INFO_LOG("opening table for uid %u\n", (unsigned)ui->uid);
if (create) {
ret = osl(osl_create_table(ui->desc));
if (ret < 0)
return ret;
}
+/** Iterate over each user in the uid hash table. */
+#define FOR_EACH_USER(ui) for (ui = uid_hash_table; ui < \
+ uid_hash_table + uid_hash_table_size; ui++)
+
+
+/**
+ * Execute the given function for each admissible user.
+ *
+ * \param func The function to execute.
+ * \param data Arbitrary pointer.
+ *
+ * This function calls \a func for each admissible user in the uid hash table.
+ * The \a data pointer is passed as the second argument to \a func.
+ *
+ * \return As soon as \a func returns a negative value, the loop is terminated
+ * and that negative value is returned. Otherwise, the function returns 1.
+ */
int for_each_admissible_user(int (*func)(struct user_info *, void *),
void *data)
{
- struct user_info *ui = uid_hash_table;
-
- if (!ui)
- return -ERRNO_TO_ERROR(EFAULT);
+ int i;
- for (; ui < uid_hash_table + uid_hash_table_size; ui++) {
+ assert(uid_hash_table);
+ for (i = 0; i < uid_hash_table_size; i++) {
int ret;
+ struct user_info *ui = uid_hash_table +
+ uid_hash_table_sort_idx[i];
if (!ui_used(ui) || !ui_admissible(ui))
continue;
void create_hash_table(unsigned bits)
{
+ int i;
+
uid_hash_table_size = 1 << bits;
uid_hash_table = adu_calloc(uid_hash_table_size *
sizeof(struct user_info));
+ uid_hash_table_sort_idx = adu_malloc(uid_hash_table_size * sizeof(int));
+ for (i = 0; i < uid_hash_table_size; i++)
+ uid_hash_table_sort_idx[i] = i;
}
-void free_hash_table(void)
-{
- free(uid_hash_table);
- uid_hash_table = NULL;
-}
-
-static int close_user_table(struct user_info *ui, __a_unused void *data)
+void close_user_tables(void)
{
- int ret;
+ struct user_info *ui;
- ret = osl(osl_close_table(ui->table, OSL_MARK_CLEAN));
- if (ret < 0)
- ERROR_LOG("failed to close user table %u: %s\n",
- (unsigned) ui->uid, adu_strerror(-ret));
- free((char *)ui->desc->name);
- ui->desc->name = NULL;
- free((char *)ui->desc->dir);
- ui->desc->dir = NULL;
- free(ui->pw_name);
- ui->pw_name = NULL;
- free(ui->desc);
- ui->desc = NULL;
- ui->table = NULL;
- ui->flags = 0;
- return 1;
-}
+ FOR_EACH_USER(ui) {
+ int ret;
-void close_user_tables(void)
-{
- for_each_admissible_user(close_user_table, NULL);
+ if (!ui_used(ui))
+ continue;
+ if (!ui->table)
+ continue;
+ INFO_LOG("closing user table for uid %u\n", (unsigned)ui->uid);
+ ret = osl(osl_close_table(ui->table, OSL_MARK_CLEAN));
+ if (ret < 0)
+ ERROR_LOG("failed to close user table %u: %s\n",
+ (unsigned)ui->uid, adu_strerror(-ret));
+ free((char *)ui->desc->name);
+ ui->desc->name = NULL;
+ free((char *)ui->desc->dir);
+ ui->desc->dir = NULL;
+ free(ui->pw_name);
+ ui->pw_name = NULL;
+ free(ui->desc);
+ ui->desc = NULL;
+ ui->table = NULL;
+ ui->flags = 0;
+ }
+ free(uid_hash_table);
+ uid_hash_table = NULL;
+ free(uid_hash_table_sort_idx);
+ uid_hash_table_sort_idx = NULL;
}
/*
* We use a hash table of size s=2^uid_hash_bits to map the uids into the
- * interval [0..s]. Hash collisions are treated by open addressing, i.e.
+ * interval [0..s-1]. Hash collisions are treated by open addressing, i.e.
* unused slots in the table are used to store different uids that hash to the
* same slot.
*
* An odd number is sufficient to make sure each entry of the hash table gets
* probed for probe_num between 0 and s-1 because s is a power of two, hence
* the second hash value has never a common divisor with the hash table size.
- * IOW: h is invertible in the ring [0..s].
+ * IOW: h is invertible in the ring [0..s-1].
*/
static uint32_t double_hash(uint32_t uid, uint32_t probe_num)
{
% uid_hash_table_size;
}
-static int uid_is_admissible(uint32_t uid, struct uid_range *urs)
-{
- struct uid_range *ur;
- int ret = 1;
-
- if (!urs) /* empty array means all uids are allowed */
- return 1;
- FOR_EACH_UID_RANGE(ur, urs)
- if (ur->low <= uid && ur->high >= uid)
- goto out;
- ret = 0;
-out:
- DEBUG_LOG("uid %u is %sadmissible\n", (unsigned)uid,
- ret? "" : "not ");
- return ret;
-}
-
-int search_uid(uint32_t uid, struct uid_range *urs,
- enum search_uid_flags flags, struct user_info **ui_ptr)
+static struct user_info *lookup_uid(uint32_t uid)
{
uint32_t p;
for (p = 0; p < uid_hash_table_size; p++) {
struct user_info *ui = uid_hash_table + double_hash(uid, p);
-
- if (!ui_used(ui)) {
- int ret;
- if (!flags)
- return -E_BAD_UID;
- ui->uid = uid;
- ui->flags |= UI_FL_SLOT_USED;
- if (!uid_is_admissible(uid, urs))
- return 0;
- ui->flags |= UI_FL_ADMISSIBLE;
- ret = open_user_table(ui, flags & CREATE_USER_TABLE);
- if (ret < 0)
- return ret;
-
- if (ui_ptr)
- *ui_ptr = ui;
- return 1;
- }
- if (ui->uid != uid)
- continue;
- if (ui_ptr)
- *ui_ptr = ui;
- return 0;
+ if (!ui_used(ui))
+ return ui;
+ if (ui->uid == uid)
+ return ui;
}
- return flags? -E_HASH_TABLE_OVERFLOW : -E_BAD_UID;
+ return NULL;
+}
+
+int create_user_table(uint32_t uid, struct user_info **ui_ptr)
+{
+ struct user_info *ui = lookup_uid(uid);
+
+ if (!ui)
+ return -E_HASH_TABLE_OVERFLOW;
+ *ui_ptr = ui;
+ if (ui_used(ui))
+ return 1;
+ ui->uid = uid;
+ ui->flags |= UI_FL_SLOT_USED;
+ return open_user_table(ui, 1);
}
static char *get_uid_list_name(void)
return make_message("%s/uid_list", conf.database_dir_arg);
}
-void sort_hash_table(int (*comp)(const void *, const void *))
+static int (*hash_table_comparator)(struct user_info *a, struct user_info *b);
+
+static int comp_wrapper(const void *a, const void *b)
+{
+ struct user_info *x = uid_hash_table + *(unsigned *)a;
+ struct user_info *y = uid_hash_table + *(unsigned *)b;
+ return hash_table_comparator(x, y);
+}
+
+void sort_hash_table(int (*comp)(struct user_info *, struct user_info *))
+{
+ hash_table_comparator = comp;
+ qsort(uid_hash_table_sort_idx, uid_hash_table_size,
+ sizeof(*uid_hash_table_sort_idx), comp_wrapper);
+}
+
+int open_admissible_user_tables(struct uid_range *admissible_uids)
{
- qsort(uid_hash_table, uid_hash_table_size, sizeof(struct user_info),
- comp);
+ struct user_info *ui;
+
+ assert(uid_hash_table);
+ DEBUG_LOG("size: %d\n", uid_hash_table_size);
+ FOR_EACH_USER(ui) {
+ int ret;
+
+ if (!ui_used(ui))
+ continue;
+ if (!uid_is_admissible(ui->uid, admissible_uids)) {
+ DEBUG_LOG("uid %u is not admissible\n", ui->uid);
+ ui->flags &= ~UI_FL_ADMISSIBLE;
+ continue;
+ }
+ ui->flags |= UI_FL_ADMISSIBLE;
+ if (ui->table)
+ continue;
+ ret = open_user_table(ui, 0);
+ if (ret < 0)
+ return ret;
+ }
+ return 1;
}
-int read_uid_file(struct uid_range *admissible_uids)
+int read_uid_file(void)
{
size_t size;
uint32_t n;
unsigned bits;
if (ret < 0) {
- INFO_LOG("failed to map %s\n", filename);
+ ERROR_LOG("failed to map %s\n", filename);
free(filename);
return ret;
}
create_hash_table(bits);
for (n = 0; n < num_uids; n++) {
uint32_t uid = read_u32(map + n * sizeof(uid));
- ret = search_uid(uid, admissible_uids, OPEN_USER_TABLE, NULL);
- if (ret < 0)
+ struct user_info *ui = lookup_uid(uid);
+ assert(ui);
+ if (ui_used(ui)) { /* impossible */
+ ERROR_LOG("duplicate user id!?\n");
+ ret = -EFAULT;
goto out;
+ }
+ ui->uid = uid;
+ ui->flags |= UI_FL_SLOT_USED;
}
+ ret = 1;
out:
adu_munmap(map, size);
return ret;
}
-static int write_uid(struct user_info *ui, void *data)
-{
- char **p = data;
-
- write_u32(*p, ui->uid);
- *p += sizeof(uint32_t);
- return 1;
-}
-
int write_uid_file(void)
{
char *buf, *p, *filename;
size_t size = num_uids * sizeof(uint32_t);
int ret;
+ struct user_info *ui;
if (!num_uids)
return 0;
buf = p = adu_malloc(size);
- ret = for_each_admissible_user(write_uid, &p);
- if (ret < 0)
- goto out;
+ FOR_EACH_USER(ui) {
+ if (!ui_used(ui))
+ continue;
+ write_u32(p, ui->uid);
+ p += sizeof(uint32_t);
+ }
filename = get_uid_list_name();
ret = adu_write_file(filename, buf, size);
free(filename);
-out:
free(buf);
return ret;
}