1f7e04a26f32cae30636c21b04a0092a14f2c3de
[adu.git] / user.c
1 /*
2 * Copyright (C) 2008 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file user.c uid User and user ID handling. */
8
9 #include "adu.h"
10 #include <dirent.h> /* readdir() */
11 #include <sys/types.h>
12 #include <pwd.h>
13 #include "cmdline.h" /* TODO: This file should be independent of command line options */
14 #include "user.h"
15 #include "fd.h"
16 #include "string.h"
17 #include "error.h"
18
19 /**
20 * Describes one range of admissible user IDs.
21 *
22 * adu converts the admissible user ids given at the command line
23 * into an array of such structs.
24 */
25 struct uid_range {
26 /** Lowest admissible user ID. */
27 uint32_t low;
28 /** Greatest admissible user ID. */
29 uint32_t high;
30 };
31
32 #define FOR_EACH_UID_RANGE(ur, urs) for (ur = urs; ur->low <= ur->high; ur++)
33
34 /** Flags for the user hash table. */
35 enum uid_info_flags {
36 /** Whether this slot of the hash table is used. */
37 UI_FL_SLOT_USED = 1,
38 /** Whether this uid should be taken into account. */
39 UI_FL_ADMISSIBLE = 2,
40 };
41 /*
42 * Contains info for each user that owns at least one regular file.
43 *
44 * Even users that are not taken into account because of the --uid
45 * option occupy a slot in this hash table. This allows to find out
46 * quicky whether a uid is admissible. And yes, this has to be fast.
47 */
48 static struct user_info *uid_hash_table;
49
50 /** This is always a power of two. It is set in create_hash_table(). */
51 static uint32_t uid_hash_table_size;
52
53 /*
54 * The columns of the per-user tables.
55 *
56 * Adu tracks disk usage on a per-user basis. For each user, a user table is
57 * being created. The rows of the user table have three columns: The directory
58 * number that may be resolved to the path using the directory table, the
59 * number of bytes and the number of files in that directory owned by the given
60 * user.
61 */
62 static struct osl_column_description user_table_cols[] = {
63 [UT_DIR_NUM] = {
64 .storage_type = OSL_MAPPED_STORAGE,
65 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE | OSL_UNIQUE,
66 .name = "dir_num",
67 .compare_function = uint64_compare,
68 .data_size = sizeof(uint64_t)
69 },
70 [UT_BYTES] = {
71 .storage_type = OSL_MAPPED_STORAGE,
72 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE,
73 .compare_function = size_compare,
74 .name = "num_bytes",
75 .data_size = sizeof(uint64_t)
76 },
77 [UT_FILES] = {
78 .storage_type = OSL_MAPPED_STORAGE,
79 .storage_flags = OSL_RBTREE | OSL_FIXED_SIZE,
80 .compare_function = size_compare,
81 .name = "num_files",
82 .data_size = sizeof(uint64_t)
83 },
84 };
85
86 static int check_uid_arg(const char *arg, uint32_t *uid)
87 {
88 const uint32_t max = ~0U;
89 /*
90 * we need an 64-bit int for string -> uid conversion because strtoll()
91 * returns a signed value.
92 */
93 int64_t val;
94 int ret = atoi64(arg, &val);
95
96 if (ret < 0)
97 return ret;
98 if (val < 0 || val > max)
99 return -ERRNO_TO_ERROR(EINVAL);
100 *uid = val;
101 return 1;
102 }
103
104 static int parse_uid_range(const char *orig_arg, struct uid_range *ur)
105 {
106 int ret;
107 char *arg = adu_strdup(orig_arg), *p = strchr(arg, '-');
108
109 if (!p || p == arg) { /* -42 or 42 */
110 ret = check_uid_arg(p? p + 1 : arg, &ur->high);
111 if (ret < 0)
112 goto out;
113 ur->low = p? 0 : ur->high;
114 ret = 1;
115 goto out;
116 }
117 /* 42- or 42-4711 */
118 *p = '\0';
119 p++;
120 ret = check_uid_arg(arg, &ur->low);
121 if (ret < 0)
122 goto out;
123 ur->high = ~0U;
124 if (*p) { /* 42-4711 */
125 ret = check_uid_arg(p, &ur->high);
126 if (ret < 0)
127 goto out;
128 }
129 if (ur->low > ur->high)
130 ret = -ERRNO_TO_ERROR(EINVAL);
131 out:
132 if (ret < 0)
133 ERROR_LOG("bad uid option: %s\n", orig_arg);
134 else
135 INFO_LOG("admissible uid range: %u - %u\n", ur->low,
136 ur->high);
137 free(arg);
138 return ret;
139 }
140
141 int parse_uid_arg(const char *orig_arg, struct uid_range **ur)
142 {
143 char *arg, **argv;
144 unsigned n;
145 int i, ret = 1;
146
147 if (!orig_arg)
148 return 0;
149 arg = adu_strdup(orig_arg);
150 n = split_args(arg, &argv, ",");
151 if (!n)
152 return -E_SYNTAX;
153 *ur = adu_malloc((n + 1) * sizeof(struct uid_range));
154 for (i = 0; i < n; i++) {
155 ret = parse_uid_range(argv[i], *ur + i);
156 if (ret < 0)
157 break;
158 }
159 free(argv);
160 free(arg);
161 if (ret < 0) {
162 free(*ur);
163 *ur = NULL;
164 return ret;
165 }
166 /* an empty range indicates the end of the list */
167 (*ur)[n].low = 1;
168 (*ur)[n].high = 0;
169 return n;
170 }
171
172 static int uid_is_admissible(uint32_t uid, struct uid_range *urs)
173 {
174 struct uid_range *ur;
175 int ret = 1;
176
177 if (!urs) /* empty array means all uids are allowed */
178 return 1;
179 FOR_EACH_UID_RANGE(ur, urs)
180 if (ur->low <= uid && ur->high >= uid)
181 goto out;
182 ret = 0;
183 out:
184 DEBUG_LOG("uid %u is %sadmissible\n", (unsigned)uid,
185 ret? "" : "not ");
186 return ret;
187 }
188
189 int append_users(char **users, int num_users,
190 struct uid_range **admissible_uids, int num_uid_ranges)
191 {
192 int i;
193 struct uid_range *au = *admissible_uids;
194
195 for (i = 0; i < num_users; i++) {
196 char *u = users[i];
197 struct uid_range *ur;
198 struct passwd *pw = getpwnam(u);
199
200 if (!pw) {
201 ERROR_LOG("user %s not found\n", u);
202 return -ERRNO_TO_ERROR(EINVAL);
203 }
204 if (au && uid_is_admissible(pw->pw_uid, au))
205 continue; /* nothing to do */
206 /* add a range consisting of this uid only */
207 num_uid_ranges++;
208 au = adu_realloc(au, (num_uid_ranges + 1) *
209 sizeof(struct uid_range));
210 *admissible_uids = au;
211 ur = au + num_uid_ranges - 1; /* the new uid range */
212 ur->low = ur->high = pw->pw_uid;
213 /* terminate the list */
214 ur++;
215 ur->low = 1;
216 ur->high = 0;
217 }
218 return num_uid_ranges;
219 }
220
221 static inline int ui_used(struct user_info *ui)
222 {
223 return ui->flags & UI_FL_SLOT_USED;
224 }
225
226 static inline int ui_admissible(struct user_info *ui)
227 {
228 return ui->flags & UI_FL_ADMISSIBLE;
229 }
230
231 static int open_user_table(struct user_info *ui, int create)
232 {
233 int ret;
234 struct passwd *pw;
235
236 ui->desc = adu_malloc(sizeof(*ui->desc));
237 ui->desc->num_columns = NUM_UT_COLUMNS;
238 ui->desc->flags = 0;
239 ui->desc->column_descriptions = user_table_cols;
240 ui->desc->dir = adu_strdup(conf.database_dir_arg);
241 ui->desc->name = make_message("%u", (unsigned)ui->uid);
242 pw = getpwuid(ui->uid);
243 if (pw && pw->pw_name)
244 ui->pw_name = adu_strdup(pw->pw_name);
245
246 INFO_LOG(".............................uid #%u: %u\n",
247 (unsigned)num_uids, (unsigned)ui->uid);
248 if (create) {
249 ret = osl(osl_create_table(ui->desc));
250 if (ret < 0)
251 goto err;
252 num_uids++;
253 }
254 ret = osl(osl_open_table(ui->desc, &ui->table));
255 if (ret < 0)
256 goto err;
257 return 1;
258 err:
259 free((char *)ui->desc->name);
260 free((char *)ui->desc->dir);
261 free(ui->pw_name);
262 free(ui->desc);
263 ui->desc->name = NULL;
264 ui->desc->dir = NULL;
265 ui->desc = NULL;
266 ui->table = NULL;
267 ui->flags = 0;
268 return ret;
269 }
270
271 int for_each_admissible_user(int (*func)(struct user_info *, void *),
272 void *data)
273 {
274 struct user_info *ui = uid_hash_table;
275
276 if (!ui)
277 return -ERRNO_TO_ERROR(EFAULT);
278
279 for (; ui < uid_hash_table + uid_hash_table_size; ui++) {
280 int ret;
281
282 if (!ui_used(ui) || !ui_admissible(ui))
283 continue;
284 ret = func(ui, data);
285 if (ret < 0)
286 return ret;
287 }
288 return 1;
289 }
290
291 #define PRIME1 0xb11924e1
292 #define PRIME2 0x01000193
293
294 void create_hash_table(unsigned bits)
295 {
296 uid_hash_table_size = 1 << bits;
297 uid_hash_table = adu_calloc(uid_hash_table_size *
298 sizeof(struct user_info));
299 }
300
301 void free_hash_table(void)
302 {
303 free(uid_hash_table);
304 uid_hash_table = NULL;
305 }
306
307 static int close_user_table(struct user_info *ui, __a_unused void *data)
308 {
309 int ret;
310
311 ret = osl(osl_close_table(ui->table, OSL_MARK_CLEAN));
312 if (ret < 0)
313 ERROR_LOG("failed to close user table %u: %s\n",
314 (unsigned) ui->uid, adu_strerror(-ret));
315 free((char *)ui->desc->name);
316 ui->desc->name = NULL;
317 free((char *)ui->desc->dir);
318 ui->desc->dir = NULL;
319 free(ui->pw_name);
320 ui->pw_name = NULL;
321 free(ui->desc);
322 ui->desc = NULL;
323 ui->table = NULL;
324 ui->flags = 0;
325 return 1;
326 }
327
328 void close_user_tables(void)
329 {
330 for_each_admissible_user(close_user_table, NULL);
331 }
332
333 /*
334 * We use a hash table of size s=2^uid_hash_bits to map the uids into the
335 * interval [0..s]. Hash collisions are treated by open addressing, i.e.
336 * unused slots in the table are used to store different uids that hash to the
337 * same slot.
338 *
339 * If a hash collision occurs, different slots are successively probed in order
340 * to find an unused slot for the new uid. Probing is implemented via a second
341 * hash function that maps the uid to h=(uid * PRIME2) | 1, which is always an
342 * odd number.
343 *
344 * An odd number is sufficient to make sure each entry of the hash table gets
345 * probed for probe_num between 0 and s-1 because s is a power of two, hence
346 * the second hash value has never a common divisor with the hash table size.
347 * IOW: h is invertible in the ring [0..s].
348 */
349 static uint32_t double_hash(uint32_t uid, uint32_t probe_num)
350 {
351 return (uid * PRIME1 + ((uid * PRIME2) | 1) * probe_num)
352 % uid_hash_table_size;
353 }
354
355 int search_uid(uint32_t uid, struct uid_range *urs,
356 enum search_uid_flags flags, struct user_info **ui_ptr)
357 {
358 uint32_t p;
359
360 for (p = 0; p < uid_hash_table_size; p++) {
361 struct user_info *ui = uid_hash_table + double_hash(uid, p);
362
363 if (!ui_used(ui)) {
364 int ret;
365 if (!flags)
366 return -E_BAD_UID;
367 ui->uid = uid;
368 ui->flags |= UI_FL_SLOT_USED;
369 if (!uid_is_admissible(uid, urs))
370 return 0;
371 ui->flags |= UI_FL_ADMISSIBLE;
372 ret = open_user_table(ui, flags & CREATE_USER_TABLE);
373 if (ret < 0)
374 return ret;
375
376 if (ui_ptr)
377 *ui_ptr = ui;
378 return 1;
379 }
380 if (ui->uid != uid)
381 continue;
382 if (ui_ptr)
383 *ui_ptr = ui;
384 return 0;
385 }
386 return flags? -E_HASH_TABLE_OVERFLOW : -E_BAD_UID;
387 }
388
389 static char *get_uid_list_name(void)
390 {
391 return make_message("%s/uid_list", conf.database_dir_arg);
392 }
393
394 void sort_hash_table(int (*comp)(const void *, const void *))
395 {
396 qsort(uid_hash_table, uid_hash_table_size, sizeof(struct user_info),
397 comp);
398 }
399
400 int read_uid_file(struct uid_range *admissible_uids)
401 {
402 size_t size;
403 uint32_t n;
404 char *filename = get_uid_list_name(), *map;
405 int ret = mmap_full_file(filename, O_RDONLY, (void **)&map, &size, NULL);
406 unsigned bits;
407
408 if (ret < 0) {
409 INFO_LOG("failed to map %s\n", filename);
410 free(filename);
411 return ret;
412 }
413 num_uids = size / 4;
414 INFO_LOG("found %u uids in %s\n", (unsigned)num_uids, filename);
415 free(filename);
416 /*
417 * Compute number of hash table bits. The hash table size must be a
418 * power of two and larger than the number of uids.
419 */
420 bits = 2;
421 while (1 << bits < num_uids)
422 bits++;
423 create_hash_table(bits);
424 for (n = 0; n < num_uids; n++) {
425 uint32_t uid = read_u32(map + n * sizeof(uid));
426 ret = search_uid(uid, admissible_uids, OPEN_USER_TABLE, NULL);
427 if (ret < 0)
428 goto out;
429 }
430 out:
431 adu_munmap(map, size);
432 return ret;
433 }
434
435 static int write_uid(struct user_info *ui, void *data)
436 {
437 char **p = data;
438
439 write_u32(*p, ui->uid);
440 *p += sizeof(uint32_t);
441 return 1;
442 }
443
444 int write_uid_file(void)
445 {
446 char *buf, *p, *filename;
447 size_t size = num_uids * sizeof(uint32_t);
448 int ret;
449
450 if (!num_uids)
451 return 0;
452 buf = p = adu_malloc(size);
453 ret = for_each_admissible_user(write_uid, &p);
454 if (ret < 0)
455 goto out;
456 filename = get_uid_list_name();
457 ret = adu_write_file(filename, buf, size);
458 free(filename);
459 out:
460 free(buf);
461 return ret;
462 }