1 /*
2 * Copyright (C) 2016 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.
3 *
4 * This file is part of MooseFS.
5 *
6 * MooseFS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, version 2 (only).
9 *
10 * MooseFS is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with MooseFS; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA
18 * or visit http://www.gnu.org/licenses/gpl-2.0.html
19 */
20
21 #if defined(HAVE_CONFIG_H)
22 # include "config.h"
23 #endif
24 #include <sys/types.h>
25 #if defined(__APPLE__) || defined(__FreeBSD__)
26 # include <sys/sysctl.h>
27 #endif
28 #if defined(__FreeBSD__)
29 # include <sys/user.h>
30 #endif
31
32 #include <unistd.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <inttypes.h>
37 #include <pthread.h>
38
39 #include "massert.h"
40 #include "getgroups.h"
41 #include "clocks.h"
42
43
get_groups(pid_t pid,gid_t gid,uint32_t ** gidtab)44 uint32_t get_groups(pid_t pid,gid_t gid,uint32_t **gidtab) {
45 #if defined(__linux__)
46 // Linux - supplementary groups are in file:
47 // /proc/<PID>/status
48 // line:
49 // Groups: <GID1> <GID2> <GID3> ...
50 char proc_filename[50];
51 char linebuff[4096];
52 char *ptr;
53 uint32_t gcount,n;
54 gid_t g;
55 FILE *fd;
56
57 snprintf(proc_filename,50,"/proc/%d/status",pid);
58
59 fd = fopen(proc_filename,"r");
60 if (fd==NULL) {
61 *gidtab = malloc(sizeof(uint32_t)*1);
62 passert(*gidtab);
63 (*gidtab)[0] = gid;
64 return 1;
65 }
66 while (fgets(linebuff,4096,fd)) {
67 if (strncmp(linebuff,"Groups:",7)==0) {
68 gcount = 1;
69 ptr = linebuff+7;
70 do {
71 while (*ptr==' ' || *ptr=='\t') {
72 ptr++;
73 }
74 if (*ptr>='0' && *ptr<='9') {
75 g = strtoul(ptr,&ptr,10);
76 if (g!=gid) {
77 gcount++;
78 }
79 }
80 } while (*ptr==' ' || *ptr=='\t');
81 *gidtab = malloc(sizeof(uint32_t)*gcount);
82 passert(*gidtab);
83 (*gidtab)[0] = gid;
84 n = 1;
85 ptr = linebuff+7;
86 do {
87 while (*ptr==' ' || *ptr=='\t') {
88 ptr++;
89 }
90 if (*ptr>='0' && *ptr<='9') {
91 g = strtoul(ptr,&ptr,10);
92 if (g!=gid) {
93 (*gidtab)[n] = g;
94 n++;
95 }
96 }
97 } while ((*ptr==' ' || *ptr=='\t') && n<gcount);
98 fclose(fd);
99 return n;
100 }
101 }
102 fclose(fd);
103 #elif defined(__sun__) || defined(__sun)
104 // Solaris - supplementary groups are in file:
105 // /proc/<PID>/cred
106 // binary format:
107 // euid:32 ruid:32 suid:32 egid:32 rgid:32 sgid:32 groups:32 gid_1:32 gid_2:32 ...
108 //
109 // the only problem ... only root can access this files for all processes !!!
110 char proc_filename[50];
111 uint32_t credbuff[1024];
112 uint32_t gcount,gids,n;
113 FILE *fd;
114
115 snprintf(proc_filename,50,"/proc/%d/proc",pid);
116
117 fd = fopen(proc_filename,"rb");
118 if (fd==NULL) {
119 *gidtab = malloc(sizeof(uint32_t)*1);
120 passert(*gidtab);
121 (*gidtab)[0] = gid;
122 return 1;
123 }
124
125 n = fread(credbuff,sizeof(uint32_t),1024,fd);
126
127 fclose(fd);
128
129 if (n<7) {
130 *gidtab = malloc(sizeof(uint32_t)*1);
131 passert(*gidtab);
132 (*gidtab)[0] = gid;
133 return 1;
134 }
135
136 gcount = credbuff[6];
137 if (gcount==n-7 && gcount>0) {
138 gids = 1;
139 for (n=0 ; n<gcount ; n++) {
140 if (credbuff[n+7]!=gid) {
141 gids++;
142 }
143 }
144
145 *gidtab = malloc(sizeof(uint32_t)*gids);
146 passert(*gidtab);
147 (*gidtab)[0] = gid;
148 gids = 1;
149 for (n=0 ; n<gcount ; n++) {
150 if (credbuff[n+7]!=gid) {
151 (*gidtab)[gids] = credbuff[n+7];
152 gids++;
153 }
154 }
155 return gids;
156 }
157 #elif defined(__APPLE__) || defined(__FreeBSD__)
158 // BSD-like - supplementary groups can be obtained from sysctl:
159 // kern.proc.pid.<PID>
160 int mibpath[4];
161 struct kinfo_proc kp;
162 size_t kplen;
163 uint32_t gcount,gids,n;
164
165 #if defined(CTL_KERN) && defined(KERN_PROC) && defined(KERN_PROC_PID)
166 mibpath[0] = CTL_KERN;
167 mibpath[1] = KERN_PROC;
168 mibpath[2] = KERN_PROC_PID;
169 #else
170 kplen = 4;
171 sysctlnametomib("kern.proc.pid", mibpath, &kplen);
172 #endif
173 mibpath[3] = pid;
174
175 kplen = sizeof(kp);
176 memset(&kp,0,sizeof(kp));
177 if (sysctl(mibpath,4,&kp,&kplen,NULL,0) == 0) {
178 #if defined(__APPLE__)
179 gcount = kp.kp_eproc.e_ucred.cr_ngroups;
180 gids = 1;
181 for (n=0 ; n<gcount ; n++) {
182 if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
183 gids++;
184 }
185 }
186 *gidtab = malloc(sizeof(uint32_t)*gids);
187 passert(*gidtab);
188 (*gidtab)[0] = gid;
189 gids = 1;
190 for (n=0 ; n<gcount ; n++) {
191 if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
192 (*gidtab)[gids] = kp.kp_eproc.e_ucred.cr_groups[n];
193 gids++;
194 }
195 }
196 return gids;
197 #else /* FreeBSD */
198 gcount = kp.ki_ngroups;
199 gids = 1;
200 for (n=0 ; n<gcount ; n++) {
201 if (kp.ki_groups[n]!=gid) {
202 gids++;
203 }
204 }
205 *gidtab = malloc(sizeof(uint32_t)*gids);
206 passert(*gidtab);
207 (*gidtab)[0] = gid;
208 gids = 1;
209 for (n=0 ; n<gcount ; n++) {
210 if (kp.ki_groups[n]!=gid) {
211 (*gidtab)[gids] = kp.ki_groups[n];
212 gids++;
213 }
214 }
215 return gids;
216 #endif
217 }
218 #endif
219 (void)pid;
220 *gidtab = malloc(sizeof(uint32_t)*1);
221 passert(*gidtab);
222 (*gidtab)[0] = gid;
223 return 1;
224 }
225
226 #define HASHSIZE 65536
227 #define HASHFN(pid,uid,gid) (((pid*0x74BF4863+uid)*0xB435C489+gid)%(HASHSIZE))
228
229 static groups** groups_hashtab;
230 static double to;
231 static pthread_mutex_t glock;
232
233 static int debug_mode;
234
groups_remove(groups * g)235 static inline void groups_remove(groups *g) {
236 *(g->prev) = g->next;
237 if (g->next) {
238 g->next->prev = g->prev;
239 }
240 if (g->gidtab!=NULL) {
241 free(g->gidtab);
242 }
243 free(g);
244 }
245
groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode)246 groups* groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode) {
247 double t;
248 uint32_t h;
249 groups *g,*gn,*gf;
250 if (debug_mode) {
251 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32")\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
252 }
253 zassert(pthread_mutex_lock(&glock));
254 t = monotonic_seconds();
255 h = HASHFN(pid,uid,gid);
256 // fprintf(stderr,"groups_get hash: %"PRIu32"\n",h);
257 for (gf = NULL,g = groups_hashtab[h] ; g!=NULL ; g = gn) {
258 gn = g->next;
259 if (g->time + to < t && lockmode==0 && g->locked==0 && g->lcnt==0) {
260 // fprintf(stderr,"groups_get remove node (%"PRIu32",%"PRIu32",%"PRIu32") insert_time: %.3lf ; current_time: %.3lf ; timeout: %.3lf\n",g->pid,g->uid,g->gid,g->time,t,to);
261 groups_remove(g);
262 } else {
263 // fprintf(stderr,"groups_get check node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
264 if (g->pid==pid && g->uid==uid && g->gid==gid) {
265 gf = g;
266 }
267 }
268 }
269 g = gf;
270 if (g) {
271 if (debug_mode) {
272 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - found data in cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
273 }
274 g->lcnt++;
275 if (lockmode==1) {
276 g->locked = 1;
277 if (debug_mode) {
278 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - lock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
279 }
280 }
281 if (g->locked==0 && g->uid==0) { // refresh groups for user 'root' - only root can change groups
282 if (debug_mode) {
283 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - refresh cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
284 }
285 if (g->gidtab) {
286 free(g->gidtab);
287 }
288 g->gidcnt = get_groups(pid,gid,&(g->gidtab));
289 }
290 if (lockmode==2) {
291 g->locked = 0;
292 if (debug_mode) {
293 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - unlock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
294 }
295 }
296 } else {
297 g = malloc(sizeof(groups));
298 g->time = t;
299 g->pid = pid;
300 g->uid = uid;
301 g->gid = gid;
302 g->lcnt = 1;
303 if (lockmode==1) { // emergency case
304 if (debug_mode) {
305 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - emergency mode\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
306 }
307 g->gidtab = malloc(sizeof(uint32_t));
308 g->gidtab[0] = gid;
309 g->gidcnt = 1;
310 g->locked = 1;
311 } else {
312 g->gidcnt = get_groups(pid,gid,&(g->gidtab));
313 g->locked = 0;
314 }
315 g->next = groups_hashtab[h];
316 if (g->next) {
317 g->next->prev = &(g->next);
318 }
319 g->prev = groups_hashtab+h;
320 groups_hashtab[h] = g;
321 // fprintf(stderr,"groups_get insert node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
322 }
323 zassert(pthread_mutex_unlock(&glock));
324 if (debug_mode) {
325 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32"):",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
326 for (h=0 ; h<g->gidcnt ; h++) {
327 fprintf(stderr,"%c%"PRIu32,(h==0)?'(':',',g->gidtab[h]);
328 }
329 if (g->gidcnt==0) {
330 fprintf(stderr,"EMPTY\n");
331 } else {
332 fprintf(stderr,")\n");
333 }
334 }
335 return g;
336 }
337
groups_rel(groups * g)338 void groups_rel(groups* g) {
339 zassert(pthread_mutex_lock(&glock));
340 if (g->lcnt>0) {
341 g->lcnt--;
342 }
343 zassert(pthread_mutex_unlock(&glock));
344 }
345
groups_init(double _to,int dm)346 void groups_init(double _to,int dm) {
347 uint32_t i;
348 debug_mode = dm;
349 zassert(pthread_mutex_init(&glock,NULL));
350 groups_hashtab = malloc(sizeof(groups*)*HASHSIZE);
351 passert(groups_hashtab);
352 for (i=0 ; i<HASHSIZE ; i++) {
353 groups_hashtab[i] = NULL;
354 }
355 to = _to;
356 }
357
358 /*
359 int main(int argc,char *argv[]) {
360 groups *g;
361 pid_t pid;
362 uid_t uid;
363 gid_t gid;
364 uint32_t n;
365
366 if (argc==2) {
367 pid = strtoul(argv[1],NULL,10);
368 uid = getuid();
369 gid = getgid();
370 } else if (argc==4) {
371 pid = strtoul(argv[1],NULL,10);
372 uid = strtoul(argv[2],NULL,10);
373 gid = strtoul(argv[3],NULL,10);
374 } else {
375 pid = getpid();
376 uid = getuid();
377 gid = getgid();
378 }
379
380 groups_init(1.0,0);
381 printf("pid: %d ; uid: %d ; gid: %d\n",pid,uid,gid);
382 g = groups_get(pid,uid,gid);
383 for (n=0 ; n<g->gidcnt ; n++) {
384 printf("gid_%"PRIu32": %d\n",n,g->gidtab[n]);
385 }
386 groups_rel(g);
387 return 0;
388 }
389 */
390