Rename bloom_test_and_insert() to bloom_insert().
[adu.git] / user.c
1 /*
2 * Copyright (C) 2008 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file user.c \brief User and user ID handling. */
8
9 #include "adu.h"
10 #include <dirent.h> /* readdir() */
11 #include <sys/types.h>
12 #include <pwd.h>
13 #include "cmdline.h" /* TODO: This file should be independent of command line options */
14 #include "user.h"
15 #include "fd.h"
16 #include "string.h"
17 #include "error.h"
18
19 /**
20 * Describes one range of admissible user IDs.
21 *
22 * adu converts the admissible user ids given at the command line
23 * into an array of such structs.
24 */
25 struct uid_range {
26 /** Lowest admissible user ID. */
27 uint32_t low;
28 /** Greatest admissible user ID. */
29 uint32_t high;
30 };
31
32 /** Iterate over all uid ranges. */
33 #define FOR_EACH_UID_RANGE(ur, urs) for (ur = urs; ur->low <= ur->high; ur++)
34
35 /** Flags for the user hash table. */
36 enum uid_info_flags {
37 /** Whether this slot of the hash table is used. */
38 UI_FL_SLOT_USED = 1,
39 /** Whether this uid should be taken into account. */
40 UI_FL_ADMISSIBLE = 2,
41 };
42
43 /*
44 * Contains info for each user that owns at least one regular file.
45 *
46 * Even users that are not taken into account because of the --uid
47 * option occupy a slot in this hash table. This allows to find out
48 * quicky whether a uid is admissible. And yes, this has to be fast.
49 */
50 static struct user_info *uid_hash_table;
51
52 /** This is always a power of two. It is set in create_hash_table(). */
53 static uint32_t uid_hash_table_size;
54
55 /** The number of used slots in the hash table. */
56 static uint32_t num_uids;
57
58 /*
59 * The columns of the per-user tables.
60 *
61 * Adu tracks disk usage on a per-user basis. For each user, a user table is
62 * being created. The rows of the user table have three columns: The directory
63 * number that may be resolved to the path using the directory table, the
64 * number of bytes and the number of files in that directory owned by the given
65 * user.
66 */
67 static struct osl_column_description user_table_cols[] = {
68 [UT_DIR_NUM] = {
69 .storage_type = OSL_MAPPED_STORAGE,
70 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE | OSL_UNIQUE,
71 .name = "dir_num",
72 .compare_function = uint64_compare,
73 .data_size = sizeof(uint64_t)
74 },
75 [UT_BYTES] = {
76 .storage_type = OSL_MAPPED_STORAGE,
77 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE,
78 .compare_function = size_compare,
79 .name = "num_bytes",
80 .data_size = sizeof(uint64_t)
81 },
82 [UT_FILES] = {
83 .storage_type = OSL_MAPPED_STORAGE,
84 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE,
85 .compare_function = size_compare,
86 .name = "num_files",
87 .data_size = sizeof(uint64_t)
88 },
89 };
90
91 static int check_uid_arg(const char *arg, uint32_t *uid)
92 {
93 const uint32_t max = ~0U;
94 /*
95 * we need an 64-bit int for string -> uid conversion because strtoll()
96 * returns a signed value.
97 */
98 int64_t val;
99 int ret = atoi64(arg, &val);
100
101 if (ret < 0)
102 return ret;
103 if (val < 0 || val > max)
104 return -ERRNO_TO_ERROR(EINVAL);
105 *uid = val;
106 return 1;
107 }
108
109 static int parse_uid_range(const char *orig_arg, struct uid_range *ur)
110 {
111 int ret;
112 char *arg = adu_strdup(orig_arg), *p = strchr(arg, '-');
113
114 if (!p || p == arg) { /* -42 or 42 */
115 ret = check_uid_arg(p? p + 1 : arg, &ur->high);
116 if (ret < 0)
117 goto out;
118 ur->low = p? 0 : ur->high;
119 ret = 1;
120 goto out;
121 }
122 /* 42- or 42-4711 */
123 *p = '\0';
124 p++;
125 ret = check_uid_arg(arg, &ur->low);
126 if (ret < 0)
127 goto out;
128 ur->high = ~0U;
129 if (*p) { /* 42-4711 */
130 ret = check_uid_arg(p, &ur->high);
131 if (ret < 0)
132 goto out;
133 }
134 if (ur->low > ur->high)
135 ret = -ERRNO_TO_ERROR(EINVAL);
136 out:
137 if (ret < 0)
138 ERROR_LOG("bad uid option: %s\n", orig_arg);
139 else
140 INFO_LOG("admissible uid range: %u - %u\n", ur->low,
141 ur->high);
142 free(arg);
143 return ret;
144 }
145
146 /**
147 * Convert the --uid argument to an array of uid ranges.
148 *
149 * \param orig_arg The argument to the --uid option.
150 * \param ur Result pointer.
151 *
152 * Returns Negative on errors. On success, the number of uid ranges
153 * is returned.
154 */
155 int parse_uid_arg(const char *orig_arg, struct uid_range **ur)
156 {
157 char *arg, **argv;
158 unsigned n;
159 int i, ret = 1;
160
161 if (!orig_arg)
162 return 0;
163 arg = adu_strdup(orig_arg);
164 n = split_args(arg, &argv, ",");
165 if (!n)
166 return -E_SYNTAX;
167 *ur = adu_malloc((n + 1) * sizeof(struct uid_range));
168 for (i = 0; i < n; i++) {
169 ret = parse_uid_range(argv[i], *ur + i);
170 if (ret < 0)
171 break;
172 }
173 free(argv);
174 free(arg);
175 if (ret < 0) {
176 free(*ur);
177 *ur = NULL;
178 return ret;
179 }
180 /* an empty range indicates the end of the list */
181 (*ur)[n].low = 1;
182 (*ur)[n].high = 0;
183 return n;
184 }
185
186 static int uid_is_admissible(uint32_t uid, struct uid_range *urs)
187 {
188 struct uid_range *ur;
189 int ret = 1;
190
191 if (!urs) /* empty array means all uids are allowed */
192 return 1;
193 FOR_EACH_UID_RANGE(ur, urs)
194 if (ur->low <= uid && ur->high >= uid)
195 goto out;
196 ret = 0;
197 out:
198 DEBUG_LOG("uid %u is %sadmissible\n", (unsigned)uid,
199 ret? "" : "not ");
200 return ret;
201 }
202
203 /**
204 * Add each given user to the array of admissible users.
205 *
206 * \param users Array of user names to add.
207 * \param num_users Length of \a users.
208 * \param admissible_uids The users which are already admissible.
209 * \param num_uid_ranges The number of intervals of \a admissible_uids.
210 *
211 * For each given user, the function checks whether that user is already
212 * admissible, i.e. its uid is contained in one of the ranges given by \a
213 * admissible_uids. If it is, the function ignores that user. Otherwise, a new
214 * length-one range consisting of that uid only is appended to \a
215 * admissible_uids.
216 *
217 * \return Negative on errors, the new number of uid ranges on success.
218 */
219 int append_users(char **users, int num_users,
220 struct uid_range **admissible_uids, int num_uid_ranges)
221 {
222 int i;
223 struct uid_range *au = *admissible_uids;
224
225 for (i = 0; i < num_users; i++) {
226 char *u = users[i];
227 struct uid_range *ur;
228 struct passwd *pw = getpwnam(u);
229
230 if (!pw) {
231 ERROR_LOG("user %s not found\n", u);
232 return -ERRNO_TO_ERROR(EINVAL);
233 }
234 if (au && uid_is_admissible(pw->pw_uid, au))
235 continue; /* nothing to do */
236 /* add a range consisting of this uid only */
237 num_uid_ranges++;
238 au = adu_realloc(au, (num_uid_ranges + 1) *
239 sizeof(struct uid_range));
240 *admissible_uids = au;
241 ur = au + num_uid_ranges - 1; /* the new uid range */
242 ur->low = ur->high = pw->pw_uid;
243 /* terminate the list */
244 ur++;
245 ur->low = 1;
246 ur->high = 0;
247 }
248 return num_uid_ranges;
249 }
250
251 static inline int ui_used(struct user_info *ui)
252 {
253 return ui->flags & UI_FL_SLOT_USED;
254 }
255
256 static inline int ui_admissible(struct user_info *ui)
257 {
258 return ui->flags & UI_FL_ADMISSIBLE;
259 }
260
261 static int open_user_table(struct user_info *ui, int create)
262 {
263 int ret;
264 struct passwd *pw;
265
266 ui->desc = adu_malloc(sizeof(*ui->desc));
267 ui->desc->num_columns = NUM_UT_COLUMNS;
268 ui->desc->flags = 0;
269 ui->desc->column_descriptions = user_table_cols;
270 ui->desc->dir = adu_strdup(conf.database_dir_arg);
271 ui->desc->name = make_message("%u", (unsigned)ui->uid);
272 pw = getpwuid(ui->uid);
273 if (pw && pw->pw_name)
274 ui->pw_name = adu_strdup(pw->pw_name);
275
276 INFO_LOG("opening table for uid %u\n", (unsigned)ui->uid);
277 if (create) {
278 ret = osl(osl_create_table(ui->desc));
279 if (ret < 0)
280 goto err;
281 num_uids++;
282 }
283 ret = osl(osl_open_table(ui->desc, &ui->table));
284 if (ret < 0)
285 goto err;
286 return 1;
287 err:
288 free((char *)ui->desc->name);
289 free((char *)ui->desc->dir);
290 free(ui->pw_name);
291 free(ui->desc);
292 ui->desc->name = NULL;
293 ui->desc->dir = NULL;
294 ui->desc = NULL;
295 ui->table = NULL;
296 ui->flags = 0;
297 return ret;
298 }
299
300 /** Iterate over each user in the uid hash table. */
301 #define FOR_EACH_USER(ui) for (ui = uid_hash_table; ui < \
302 uid_hash_table + uid_hash_table_size; ui++)
303
304
305 /**
306 * Execute the given function for each admissible user.
307 *
308 * \param func The function to execute.
309 * \param data Arbitrary pointer.
310 *
311 * This function calls \a func for each admissible user in the uid hash table.
312 * The \a data pointer is passed as the second argument to \a func.
313 *
314 * \return As soon as \a func returns a negative value, the loop is terminated
315 * and that negative value is returned. Otherwise, the function returns 1.
316 */
317 int for_each_admissible_user(int (*func)(struct user_info *, void *),
318 void *data)
319 {
320 int i;
321
322 assert(uid_hash_table);
323 for (i = 0; i < uid_hash_table_size; i++) {
324 int ret;
325 struct user_info *ui = uid_hash_table + i;
326
327 if (!ui_used(ui) || !ui_admissible(ui))
328 continue;
329 ret = func(ui, data);
330 if (ret < 0)
331 return ret;
332 }
333 return 1;
334 }
335
336 /** Prime number used for calculating the slot for an uid. */
337 #define PRIME1 0xb11924e1
338 /** Prime number used for probe all slots. */
339 #define PRIME2 0x01000193
340
341 /**
342 * Create a hash table large enough of given size.
343 *
344 * \param bits Sets the maximal number of hash table entries to ^bits.
345 */
346 void create_hash_table(unsigned bits)
347 {
348 uid_hash_table_size = 1 << bits;
349 uid_hash_table = adu_calloc(uid_hash_table_size *
350 sizeof(struct user_info));
351 }
352
353 /**
354 * Close all open user tables and destroy the uid hash table.
355 *
356 * For each used slot in the uid hash table, close the osl user table if it is
357 * open. Finally, free the uid hash table.
358 */
359 void close_user_tables(void)
360 {
361 struct user_info *ui;
362
363 FOR_EACH_USER(ui) {
364 int ret;
365
366 if (!ui_used(ui))
367 continue;
368 if (!ui->table)
369 continue;
370 INFO_LOG("closing user table for uid %u\n", (unsigned)ui->uid);
371 ret = osl(osl_close_table(ui->table, OSL_MARK_CLEAN));
372 if (ret < 0)
373 ERROR_LOG("failed to close user table %u: %s\n",
374 (unsigned)ui->uid, adu_strerror(-ret));
375 free((char *)ui->desc->name);
376 ui->desc->name = NULL;
377 free((char *)ui->desc->dir);
378 ui->desc->dir = NULL;
379 free(ui->pw_name);
380 ui->pw_name = NULL;
381 free(ui->desc);
382 ui->desc = NULL;
383 ui->table = NULL;
384 ui->flags = 0;
385 }
386 free(uid_hash_table);
387 uid_hash_table = NULL;
388 }
389
390 /*
391 * We use a hash table of size s=2^uid_hash_bits to map the uids into the
392 * interval [0..s-1]. Hash collisions are treated by open addressing, i.e.
393 * unused slots in the table are used to store different uids that hash to the
394 * same slot.
395 *
396 * If a hash collision occurs, different slots are successively probed in order
397 * to find an unused slot for the new uid. Probing is implemented via a second
398 * hash function that maps the uid to h=(uid * PRIME2) | 1, which is always an
399 * odd number.
400 *
401 * An odd number is sufficient to make sure each entry of the hash table gets
402 * probed for probe_num between 0 and s-1 because s is a power of two, hence
403 * the second hash value has never a common divisor with the hash table size.
404 * IOW: h is invertible in the ring [0..s-1].
405 */
406 static uint32_t double_hash(uint32_t uid, uint32_t probe_num)
407 {
408 return (uid * PRIME1 + ((uid * PRIME2) | 1) * probe_num)
409 % uid_hash_table_size;
410 }
411
412 static struct user_info *lookup_uid(uint32_t uid)
413 {
414 uint32_t p;
415
416 for (p = 0; p < uid_hash_table_size; p++) {
417 struct user_info *ui = uid_hash_table + double_hash(uid, p);
418 if (!ui_used(ui))
419 return ui;
420 if (ui->uid == uid)
421 return ui;
422 }
423 return NULL;
424 }
425
426 /**
427 * Create and open a osl table for the given uid.
428 *
429 * \param uid The user ID.
430 * \param ui_ptr Result pointer
431 *
432 * Find out whether \a uid already exists in the uid hash table. If yes, just
433 * return the user info struct via \a ui_ptr. Otherwise, insert \a uid into the
434 * uid hash table, create and open the osl user table and also return the user
435 * info struct via \a ui_ptr.
436 *
437 * \return Standard.
438 */
439 int create_user_table(uint32_t uid, struct user_info **ui_ptr)
440 {
441 struct user_info *ui = lookup_uid(uid);
442
443 if (!ui)
444 return -E_HASH_TABLE_OVERFLOW;
445 *ui_ptr = ui;
446 if (ui_used(ui))
447 return 1;
448 ui->uid = uid;
449 ui->flags |= UI_FL_SLOT_USED;
450 return open_user_table(ui, 1);
451 }
452
453 static char *get_uid_list_name(void)
454 {
455 return make_message("%s/uid_list", conf.database_dir_arg);
456 }
457 /**
458 * Open the osl tables for all admissible uids.
459 *
460 * \param admissible_uids Determines which uids are considered admissible.
461 *
462 * Each slot in the hash table contains, among other information, a bit which
463 * specifies whether the uid of the slot is admissible in the current context.
464 *
465 * This function iterates over all entries in the hash table and checks for
466 * each used slot whether the corresponding uid is admissible with respect to
467 * \a admissible_uids. If so, it sets the admissible bit for this slot and
468 * opens the osl table of the uid.
469 *
470 * \return Stamdard.
471 */
472 int open_admissible_user_tables(struct uid_range *admissible_uids)
473 {
474 struct user_info *ui;
475
476 assert(uid_hash_table);
477 DEBUG_LOG("size: %d\n", uid_hash_table_size);
478 FOR_EACH_USER(ui) {
479 int ret;
480
481 if (!ui_used(ui))
482 continue;
483 if (!uid_is_admissible(ui->uid, admissible_uids)) {
484 DEBUG_LOG("uid %u is not admissible\n", ui->uid);
485 ui->flags &= ~UI_FL_ADMISSIBLE;
486 continue;
487 }
488 ui->flags |= UI_FL_ADMISSIBLE;
489 if (ui->table)
490 continue;
491 ret = open_user_table(ui, 0);
492 if (ret < 0)
493 return ret;
494 }
495 return 1;
496 }
497
498 /**
499 * Read the file of all possible uids.
500 *
501 * This is called from select/interactive mode. First a large hash table, large
502 * enough to store all uids contained in the uid file is created. Next, the
503 * uids are read from the uid file which was created during the creation of the
504 * database and each uid is inserted into the hash table.
505 *
506 * \sa write_uid_file().
507 *
508 * \return Standard.
509 */
510 int read_uid_file(void)
511 {
512 size_t size;
513 uint32_t n;
514 char *filename = get_uid_list_name(), *map;
515 int ret = mmap_full_file(filename, O_RDONLY, (void **)&map, &size, NULL);
516 unsigned bits;
517
518 if (ret < 0) {
519 ERROR_LOG("failed to map %s\n", filename);
520 free(filename);
521 return ret;
522 }
523 num_uids = size / 4;
524 INFO_LOG("found %u uids in %s\n", (unsigned)num_uids, filename);
525 free(filename);
526 /*
527 * Compute number of hash table bits. The hash table size must be a
528 * power of two and larger than the number of uids.
529 */
530 bits = 2;
531 while (1 << bits < num_uids)
532 bits++;
533 create_hash_table(bits);
534 for (n = 0; n < num_uids; n++) {
535 uint32_t uid = read_u32(map + n * sizeof(uid));
536 struct user_info *ui = lookup_uid(uid);
537 assert(ui);
538 if (ui_used(ui)) { /* impossible */
539 ERROR_LOG("duplicate user id!?\n");
540 ret = -EFAULT;
541 goto out;
542 }
543 ui->uid = uid;
544 ui->flags |= UI_FL_SLOT_USED;
545 }
546 ret = 1;
547 out:
548 adu_munmap(map, size);
549 return ret;
550 }
551
552 /**
553 * Write the list of uids to permanent storage.
554 *
555 * This is called from create mode after the dir table and all uer tables have
556 * been created. The file simply contains the list of all uids that own at
557 * least one regular file in the base directory and hence an osl table for this
558 * uid exists.
559 *
560 * \sa read_uid_file().
561 *
562 * \return Standard.
563 */
564 int write_uid_file(void)
565 {
566 char *buf, *p, *filename;
567 size_t size = num_uids * sizeof(uint32_t);
568 int ret;
569 struct user_info *ui;
570
571 if (!num_uids)
572 return 0;
573 buf = p = adu_malloc(size);
574 FOR_EACH_USER(ui) {
575 if (!ui_used(ui))
576 continue;
577 write_u32(p, ui->uid);
578 p += sizeof(uint32_t);
579 }
580 filename = get_uid_list_name();
581 ret = adu_write_file(filename, buf, size);
582 free(filename);
583 free(buf);
584 return ret;
585 }