1 /*
2  * Copyright (C) 2016 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.
3  *
4  * This file is part of MooseFS.
5  *
6  * MooseFS is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, version 2 (only).
9  *
10  * MooseFS is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with MooseFS; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA
18  * or visit http://www.gnu.org/licenses/gpl-2.0.html
19  */
20 
21 #if defined(HAVE_CONFIG_H)
22 #  include "config.h"
23 #endif
24 #include <sys/types.h>
25 #if defined(__APPLE__) || defined(__FreeBSD__)
26 #  include <sys/sysctl.h>
27 #endif
28 #if defined(__FreeBSD__)
29 #  include <sys/user.h>
30 #endif
31 
32 #include <unistd.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <inttypes.h>
37 #include <pthread.h>
38 
39 #include "massert.h"
40 #include "getgroups.h"
41 #include "clocks.h"
42 
43 
get_groups(pid_t pid,gid_t gid,uint32_t ** gidtab)44 uint32_t get_groups(pid_t pid,gid_t gid,uint32_t **gidtab) {
45 #if defined(__linux__)
46 // Linux - supplementary groups are in file:
47 // /proc/<PID>/status
48 // line:
49 // Groups: <GID1>  <GID2> <GID3> ...
50 	char proc_filename[50];
51 	char linebuff[4096];
52 	char *ptr;
53 	uint32_t gcount,n;
54 	gid_t g;
55 	FILE *fd;
56 
57 	snprintf(proc_filename,50,"/proc/%d/status",pid);
58 
59 	fd = fopen(proc_filename,"r");
60 	if (fd==NULL) {
61 		*gidtab = malloc(sizeof(uint32_t)*1);
62 		passert(*gidtab);
63 		(*gidtab)[0] = gid;
64 		return 1;
65 	}
66 	while (fgets(linebuff,4096,fd)) {
67 		if (strncmp(linebuff,"Groups:",7)==0) {
68 			gcount = 1;
69 			ptr = linebuff+7;
70 			do {
71 				while (*ptr==' ' || *ptr=='\t') {
72 					ptr++;
73 				}
74 				if (*ptr>='0' && *ptr<='9') {
75 					g = strtoul(ptr,&ptr,10);
76 					if (g!=gid) {
77 						gcount++;
78 					}
79 				}
80 			} while (*ptr==' ' || *ptr=='\t');
81 			*gidtab = malloc(sizeof(uint32_t)*gcount);
82 			passert(*gidtab);
83 			(*gidtab)[0] = gid;
84 			n = 1;
85 			ptr = linebuff+7;
86 			do {
87 				while (*ptr==' ' || *ptr=='\t') {
88 					ptr++;
89 				}
90 				if (*ptr>='0' && *ptr<='9') {
91 					g = strtoul(ptr,&ptr,10);
92 					if (g!=gid) {
93 						(*gidtab)[n] = g;
94 						n++;
95 					}
96 				}
97 			} while ((*ptr==' ' || *ptr=='\t') && n<gcount);
98 			fclose(fd);
99 			return n;
100 		}
101 	}
102 	fclose(fd);
103 #elif defined(__sun__) || defined(__sun)
104 // Solaris - supplementary groups are in file:
105 // /proc/<PID>/cred
106 // binary format:
107 // euid:32 ruid:32 suid:32 egid:32 rgid:32 sgid:32 groups:32 gid_1:32 gid_2:32 ...
108 //
109 // the only problem ... only root can access this files for all processes !!!
110 	char proc_filename[50];
111 	uint32_t credbuff[1024];
112 	uint32_t gcount,gids,n;
113 	FILE *fd;
114 
115 	snprintf(proc_filename,50,"/proc/%d/proc",pid);
116 
117 	fd = fopen(proc_filename,"rb");
118 	if (fd==NULL) {
119 		*gidtab = malloc(sizeof(uint32_t)*1);
120 		passert(*gidtab);
121 		(*gidtab)[0] = gid;
122 		return 1;
123 	}
124 
125 	n = fread(credbuff,sizeof(uint32_t),1024,fd);
126 
127 	fclose(fd);
128 
129 	if (n<7) {
130 		*gidtab = malloc(sizeof(uint32_t)*1);
131 		passert(*gidtab);
132 		(*gidtab)[0] = gid;
133 		return 1;
134 	}
135 
136 	gcount = credbuff[6];
137 	if (gcount==n-7 && gcount>0) {
138 		gids = 1;
139 		for (n=0 ; n<gcount ; n++) {
140 			if (credbuff[n+7]!=gid) {
141 				gids++;
142 			}
143 		}
144 
145 		*gidtab = malloc(sizeof(uint32_t)*gids);
146 		passert(*gidtab);
147 		(*gidtab)[0] = gid;
148 		gids = 1;
149 		for (n=0 ; n<gcount ; n++) {
150 			if (credbuff[n+7]!=gid) {
151 				(*gidtab)[gids] = credbuff[n+7];
152 				gids++;
153 			}
154 		}
155 		return gids;
156 	}
157 #elif defined(__APPLE__) || defined(__FreeBSD__)
158 // BSD-like - supplementary groups can be obtained from sysctl:
159 // kern.proc.pid.<PID>
160 	int mibpath[4];
161 	struct kinfo_proc kp;
162 	size_t kplen;
163 	uint32_t gcount,gids,n;
164 
165 #if defined(CTL_KERN) && defined(KERN_PROC) && defined(KERN_PROC_PID)
166 	mibpath[0] = CTL_KERN;
167 	mibpath[1] = KERN_PROC;
168 	mibpath[2] = KERN_PROC_PID;
169 #else
170 	kplen = 4;
171 	sysctlnametomib("kern.proc.pid", mibpath, &kplen);
172 #endif
173 	mibpath[3] = pid;
174 
175 	kplen = sizeof(kp);
176 	memset(&kp,0,sizeof(kp));
177 	if (sysctl(mibpath,4,&kp,&kplen,NULL,0) == 0) {
178 #if defined(__APPLE__)
179 		gcount = kp.kp_eproc.e_ucred.cr_ngroups;
180 		gids = 1;
181 		for (n=0 ; n<gcount ; n++) {
182 			if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
183 				gids++;
184 			}
185 		}
186 		*gidtab = malloc(sizeof(uint32_t)*gids);
187 		passert(*gidtab);
188 		(*gidtab)[0] = gid;
189 		gids = 1;
190 		for (n=0 ; n<gcount ; n++) {
191 			if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
192 				(*gidtab)[gids] = kp.kp_eproc.e_ucred.cr_groups[n];
193 				gids++;
194 			}
195 		}
196 		return gids;
197 #else /* FreeBSD */
198 		gcount = kp.ki_ngroups;
199 		gids = 1;
200 		for (n=0 ; n<gcount ; n++) {
201 			if (kp.ki_groups[n]!=gid) {
202 				gids++;
203 			}
204 		}
205 		*gidtab = malloc(sizeof(uint32_t)*gids);
206 		passert(*gidtab);
207 		(*gidtab)[0] = gid;
208 		gids = 1;
209 		for (n=0 ; n<gcount ; n++) {
210 			if (kp.ki_groups[n]!=gid) {
211 				(*gidtab)[gids] = kp.ki_groups[n];
212 				gids++;
213 			}
214 		}
215 		return gids;
216 #endif
217 	}
218 #endif
219 	(void)pid;
220 	*gidtab = malloc(sizeof(uint32_t)*1);
221 	passert(*gidtab);
222 	(*gidtab)[0] = gid;
223 	return 1;
224 }
225 
226 #define HASHSIZE 65536
227 #define HASHFN(pid,uid,gid) (((pid*0x74BF4863+uid)*0xB435C489+gid)%(HASHSIZE))
228 
229 static groups** groups_hashtab;
230 static double to;
231 static pthread_mutex_t glock;
232 
233 static int debug_mode;
234 
groups_remove(groups * g)235 static inline void groups_remove(groups *g) {
236 	*(g->prev) = g->next;
237 	if (g->next) {
238 		g->next->prev = g->prev;
239 	}
240 	if (g->gidtab!=NULL) {
241 		free(g->gidtab);
242 	}
243 	free(g);
244 }
245 
groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode)246 groups* groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode) {
247 	double t;
248 	uint32_t h;
249 	groups *g,*gn,*gf;
250 	if (debug_mode) {
251 		fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32")\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
252 	}
253 	zassert(pthread_mutex_lock(&glock));
254 	t = monotonic_seconds();
255 	h = HASHFN(pid,uid,gid);
256 //	fprintf(stderr,"groups_get hash: %"PRIu32"\n",h);
257 	for (gf = NULL,g = groups_hashtab[h] ; g!=NULL ; g = gn) {
258 		gn = g->next;
259 		if (g->time + to < t && lockmode==0 && g->locked==0 && g->lcnt==0) {
260 //			fprintf(stderr,"groups_get remove node (%"PRIu32",%"PRIu32",%"PRIu32") insert_time: %.3lf ; current_time: %.3lf ; timeout: %.3lf\n",g->pid,g->uid,g->gid,g->time,t,to);
261 			groups_remove(g);
262 		} else {
263 //			fprintf(stderr,"groups_get check node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
264 			if (g->pid==pid && g->uid==uid && g->gid==gid) {
265 				gf = g;
266 			}
267 		}
268 	}
269 	g = gf;
270 	if (g) {
271 		if (debug_mode) {
272 			fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - found data in cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
273 		}
274 		g->lcnt++;
275 		if (lockmode==1) {
276 			g->locked = 1;
277 			if (debug_mode) {
278 				fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - lock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
279 			}
280 		}
281 		if (g->locked==0 && g->uid==0) { // refresh groups for user 'root' - only root can change groups
282 			if (debug_mode) {
283 				fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - refresh cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
284 			}
285 			if (g->gidtab) {
286 				free(g->gidtab);
287 			}
288 			g->gidcnt = get_groups(pid,gid,&(g->gidtab));
289 		}
290 		if (lockmode==2) {
291 			g->locked = 0;
292 			if (debug_mode) {
293 				fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - unlock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
294 			}
295 		}
296 	} else {
297 		g = malloc(sizeof(groups));
298 		g->time = t;
299 		g->pid = pid;
300 		g->uid = uid;
301 		g->gid = gid;
302 		g->lcnt = 1;
303 		if (lockmode==1) { // emergency case
304 			if (debug_mode) {
305 				fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - emergency mode\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
306 			}
307 			g->gidtab = malloc(sizeof(uint32_t));
308 			g->gidtab[0] = gid;
309 			g->gidcnt = 1;
310 			g->locked = 1;
311 		} else {
312 			g->gidcnt = get_groups(pid,gid,&(g->gidtab));
313 			g->locked = 0;
314 		}
315 		g->next = groups_hashtab[h];
316 		if (g->next) {
317 			g->next->prev = &(g->next);
318 		}
319 		g->prev = groups_hashtab+h;
320 		groups_hashtab[h] = g;
321 //		fprintf(stderr,"groups_get insert node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
322 	}
323 	zassert(pthread_mutex_unlock(&glock));
324 	if (debug_mode) {
325 		fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32"):",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
326 		for (h=0 ; h<g->gidcnt ; h++) {
327 			fprintf(stderr,"%c%"PRIu32,(h==0)?'(':',',g->gidtab[h]);
328 		}
329 		if (g->gidcnt==0) {
330 			fprintf(stderr,"EMPTY\n");
331 		} else {
332 			fprintf(stderr,")\n");
333 		}
334 	}
335 	return g;
336 }
337 
groups_rel(groups * g)338 void groups_rel(groups* g) {
339 	zassert(pthread_mutex_lock(&glock));
340 	if (g->lcnt>0) {
341 		g->lcnt--;
342 	}
343 	zassert(pthread_mutex_unlock(&glock));
344 }
345 
groups_init(double _to,int dm)346 void groups_init(double _to,int dm) {
347 	uint32_t i;
348 	debug_mode = dm;
349 	zassert(pthread_mutex_init(&glock,NULL));
350 	groups_hashtab = malloc(sizeof(groups*)*HASHSIZE);
351 	passert(groups_hashtab);
352 	for (i=0 ; i<HASHSIZE ; i++) {
353 		groups_hashtab[i] = NULL;
354 	}
355 	to = _to;
356 }
357 
358 /*
359 int main(int argc,char *argv[]) {
360 	groups *g;
361 	pid_t pid;
362 	uid_t uid;
363 	gid_t gid;
364 	uint32_t n;
365 
366 	if (argc==2) {
367 		pid = strtoul(argv[1],NULL,10);
368 		uid = getuid();
369 		gid = getgid();
370 	} else if (argc==4) {
371 		pid = strtoul(argv[1],NULL,10);
372 		uid = strtoul(argv[2],NULL,10);
373 		gid = strtoul(argv[3],NULL,10);
374 	} else {
375 		pid = getpid();
376 		uid = getuid();
377 		gid = getgid();
378 	}
379 
380 	groups_init(1.0,0);
381 	printf("pid: %d ; uid: %d ; gid: %d\n",pid,uid,gid);
382 	g = groups_get(pid,uid,gid);
383 	for (n=0 ; n<g->gidcnt ; n++) {
384 		printf("gid_%"PRIu32": %d\n",n,g->gidtab[n]);
385 	}
386 	groups_rel(g);
387 	return 0;
388 }
389 */
390