1 /*
2 * Copyright (C) 2021 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.
3 *
4 * This file is part of MooseFS.
5 *
6 * MooseFS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, version 2 (only).
9 *
10 * MooseFS is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with MooseFS; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA
18 * or visit http://www.gnu.org/licenses/gpl-2.0.html
19 */
20
21 #if defined(HAVE_CONFIG_H)
22 # include "config.h"
23 #endif
24
25 #if defined(__NetBSD__)
26 # define _KMEMUSER
27 #endif
28
29 #include <sys/types.h>
30 #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__NetBSD__)
31 # include <sys/sysctl.h>
32 #endif
33 #if defined(__FreeBSD__)
34 # include <sys/user.h>
35 #endif
36
37 #include <unistd.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <inttypes.h>
42 #include <pthread.h>
43
44 #include "massert.h"
45 #include "getgroups.h"
46 #include "portable.h"
47 #include "clocks.h"
48
49 static pthread_t main_thread;
50 static int keep_alive;
51
get_groups(pid_t pid,gid_t gid,uint32_t ** gidtab)52 uint32_t get_groups(pid_t pid,gid_t gid,uint32_t **gidtab) {
53 #if defined(__linux__)
54 // Linux - supplementary groups are in file:
55 // /proc/<PID>/status
56 // line:
57 // Groups: <GID1> <GID2> <GID3> ...
58 //
59 // NetBSD - supplementary groups are in file:
60 // /proc/<PID>/status
61 // as comma separated list of gids at end of (single) line.
62 char proc_filename[50];
63 char linebuff[4096];
64 char *ptr;
65 uint32_t gcount,n;
66 gid_t g;
67 FILE *fd;
68
69 snprintf(proc_filename,50,"/proc/%d/status",pid);
70
71 fd = fopen(proc_filename,"r");
72 if (fd==NULL) {
73 *gidtab = malloc(sizeof(uint32_t)*1);
74 passert(*gidtab);
75 (*gidtab)[0] = gid;
76 return 1;
77 }
78 while (fgets(linebuff,4096,fd)) {
79 if (strncmp(linebuff,"Groups:",7)==0) {
80 gcount = 1;
81 ptr = linebuff+7;
82 do {
83 while (*ptr==' ' || *ptr=='\t') {
84 ptr++;
85 }
86 if (*ptr>='0' && *ptr<='9') {
87 g = strtoul(ptr,&ptr,10);
88 if (g!=gid) {
89 gcount++;
90 }
91 }
92 } while (*ptr==' ' || *ptr=='\t');
93 *gidtab = malloc(sizeof(uint32_t)*gcount);
94 passert(*gidtab);
95 (*gidtab)[0] = gid;
96 n = 1;
97 ptr = linebuff+7;
98 do {
99 while (*ptr==' ' || *ptr=='\t') {
100 ptr++;
101 }
102 if (*ptr>='0' && *ptr<='9') {
103 g = strtoul(ptr,&ptr,10);
104 if (g!=gid) {
105 (*gidtab)[n] = g;
106 n++;
107 }
108 }
109 } while ((*ptr==' ' || *ptr=='\t') && n<gcount);
110 fclose(fd);
111 return n;
112 }
113 }
114 fclose(fd);
115 #elif defined(__sun__) || defined(__sun)
116 // Solaris - supplementary groups are in file:
117 // /proc/<PID>/cred
118 // binary format:
119 // euid:32 ruid:32 suid:32 egid:32 rgid:32 sgid:32 groups:32 gid_1:32 gid_2:32 ...
120 //
121 // the only problem ... only root can access this files for all processes !!!
122 char proc_filename[50];
123 uint32_t credbuff[1024];
124 uint32_t gcount,gids,n;
125 FILE *fd;
126
127 snprintf(proc_filename,50,"/proc/%d/proc",pid);
128
129 fd = fopen(proc_filename,"rb");
130 if (fd==NULL) {
131 *gidtab = malloc(sizeof(uint32_t)*1);
132 passert(*gidtab);
133 (*gidtab)[0] = gid;
134 return 1;
135 }
136
137 n = fread(credbuff,sizeof(uint32_t),1024,fd);
138
139 fclose(fd);
140
141 if (n<7) {
142 *gidtab = malloc(sizeof(uint32_t)*1);
143 passert(*gidtab);
144 (*gidtab)[0] = gid;
145 return 1;
146 }
147
148 gcount = credbuff[6];
149 if (gcount==n-7 && gcount>0) {
150 gids = 1;
151 for (n=0 ; n<gcount ; n++) {
152 if (credbuff[n+7]!=gid) {
153 gids++;
154 }
155 }
156
157 *gidtab = malloc(sizeof(uint32_t)*gids);
158 passert(*gidtab);
159 (*gidtab)[0] = gid;
160 gids = 1;
161 for (n=0 ; n<gcount ; n++) {
162 if (credbuff[n+7]!=gid) {
163 (*gidtab)[gids] = credbuff[n+7];
164 gids++;
165 }
166 }
167 return gids;
168 }
169 #elif defined(__APPLE__) || defined(__FreeBSD__) || defined(__NetBSD__)
170 // BSD-like - supplementary groups can be obtained from sysctl:
171 // kern.proc.pid.<PID>
172 int mibpath[4];
173 struct kinfo_proc kp;
174 size_t kplen;
175 uint32_t gcount,gids,n;
176
177 #if defined(CTL_KERN) && defined(KERN_PROC) && defined(KERN_PROC_PID)
178 mibpath[0] = CTL_KERN;
179 mibpath[1] = KERN_PROC;
180 mibpath[2] = KERN_PROC_PID;
181 #else
182 kplen = 4;
183 sysctlnametomib("kern.proc.pid", mibpath, &kplen);
184 #endif
185 mibpath[3] = pid;
186
187 kplen = sizeof(kp);
188 memset(&kp,0,sizeof(kp));
189 if (sysctl(mibpath,4,&kp,&kplen,NULL,0) == 0) {
190 #if defined(__APPLE__) || defined(__NetBSD__)
191 gcount = kp.kp_eproc.e_ucred.cr_ngroups;
192 gids = 1;
193 for (n=0 ; n<gcount ; n++) {
194 if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
195 gids++;
196 }
197 }
198 *gidtab = malloc(sizeof(uint32_t)*gids);
199 passert(*gidtab);
200 (*gidtab)[0] = gid;
201 gids = 1;
202 for (n=0 ; n<gcount ; n++) {
203 if (kp.kp_eproc.e_ucred.cr_groups[n]!=gid) {
204 (*gidtab)[gids] = kp.kp_eproc.e_ucred.cr_groups[n];
205 gids++;
206 }
207 }
208 return gids;
209 #else /* FreeBSD */
210 gcount = kp.ki_ngroups;
211 gids = 1;
212 for (n=0 ; n<gcount ; n++) {
213 if (kp.ki_groups[n]!=gid) {
214 gids++;
215 }
216 }
217 *gidtab = malloc(sizeof(uint32_t)*gids);
218 passert(*gidtab);
219 (*gidtab)[0] = gid;
220 gids = 1;
221 for (n=0 ; n<gcount ; n++) {
222 if (kp.ki_groups[n]!=gid) {
223 (*gidtab)[gids] = kp.ki_groups[n];
224 gids++;
225 }
226 }
227 return gids;
228 #endif
229 }
230 #endif
231 (void)pid;
232 *gidtab = malloc(sizeof(uint32_t)*1);
233 passert(*gidtab);
234 (*gidtab)[0] = gid;
235 return 1;
236 }
237
238 #define HASHSIZE 65536
239 #define HASHFN(pid,uid,gid) (((pid*0x74BF4863+uid)*0xB435C489+gid)%(HASHSIZE))
240
241 static groups** groups_hashtab;
242 static double to;
243 static pthread_mutex_t glock;
244
245 static int debug_mode;
246
groups_remove(groups * g)247 static inline void groups_remove(groups *g) {
248 *(g->prev) = g->next;
249 if (g->next) {
250 g->next->prev = g->prev;
251 }
252 if (g->gidtab!=NULL) {
253 free(g->gidtab);
254 }
255 free(g);
256 }
257
groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode)258 groups* groups_get_x(pid_t pid,uid_t uid,gid_t gid,uint8_t lockmode) {
259 double t;
260 uint32_t h;
261 groups *g,*gn,*gf;
262 if (debug_mode) {
263 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32")\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
264 }
265 zassert(pthread_mutex_lock(&glock));
266 t = monotonic_seconds();
267 h = HASHFN(pid,uid,gid);
268 // fprintf(stderr,"groups_get hash: %"PRIu32"\n",h);
269 for (gf = NULL,g = groups_hashtab[h] ; g!=NULL ; g = gn) {
270 gn = g->next;
271 if (g->time + to < t && lockmode==0 && g->locked==0 && g->lcnt==0) {
272 // fprintf(stderr,"groups_get remove node (%"PRIu32",%"PRIu32",%"PRIu32") insert_time: %.3lf ; current_time: %.3lf ; timeout: %.3lf\n",g->pid,g->uid,g->gid,g->time,t,to);
273 groups_remove(g);
274 } else {
275 // fprintf(stderr,"groups_get check node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
276 if (g->pid==pid && g->uid==uid && g->gid==gid) {
277 gf = g;
278 }
279 }
280 }
281 g = gf;
282 if (g) {
283 if (debug_mode) {
284 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - found data in cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
285 }
286 g->lcnt++;
287 if (lockmode==1) {
288 g->locked = 1;
289 if (debug_mode) {
290 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - lock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
291 }
292 }
293 if (g->lcnt==1 && g->locked==0 && g->uid==0) { // refresh groups for user 'root' - only root can change groups
294 if (debug_mode) {
295 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - refresh cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
296 }
297 if (g->gidtab) {
298 free(g->gidtab);
299 }
300 g->gidcnt = get_groups(pid,gid,&(g->gidtab));
301 }
302 if (lockmode==2) {
303 g->locked = 0;
304 if (debug_mode) {
305 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - unlock cache\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
306 }
307 }
308 } else {
309 g = malloc(sizeof(groups));
310 g->time = t;
311 g->pid = pid;
312 g->uid = uid;
313 g->gid = gid;
314 g->lcnt = 1;
315 if (lockmode==1) { // emergency case
316 if (debug_mode) {
317 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32") - emergency mode\n",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
318 }
319 g->gidtab = malloc(sizeof(uint32_t));
320 g->gidtab[0] = gid;
321 g->gidcnt = 1;
322 g->locked = 1;
323 } else {
324 g->gidcnt = get_groups(pid,gid,&(g->gidtab));
325 g->locked = 0;
326 }
327 g->next = groups_hashtab[h];
328 if (g->next) {
329 g->next->prev = &(g->next);
330 }
331 g->prev = groups_hashtab+h;
332 groups_hashtab[h] = g;
333 // fprintf(stderr,"groups_get insert node (%"PRIu32",%"PRIu32",%"PRIu32")\n",g->pid,g->uid,g->gid);
334 }
335 zassert(pthread_mutex_unlock(&glock));
336 if (debug_mode) {
337 fprintf(stderr,"groups_get(pid=%"PRIu32",uid=%"PRIu32",gid=%"PRIu32"):",(uint32_t)pid,(uint32_t)uid,(uint32_t)gid);
338 for (h=0 ; h<g->gidcnt ; h++) {
339 fprintf(stderr,"%c%"PRIu32,(h==0)?'(':',',g->gidtab[h]);
340 }
341 if (g->gidcnt==0) {
342 fprintf(stderr,"EMPTY\n");
343 } else {
344 fprintf(stderr,")\n");
345 }
346 }
347 return g;
348 }
349
groups_rel(groups * g)350 void groups_rel(groups* g) {
351 zassert(pthread_mutex_lock(&glock));
352 if (g->lcnt>0) {
353 g->lcnt--;
354 }
355 zassert(pthread_mutex_unlock(&glock));
356 }
357
groups_cleanup_thread(void * arg)358 void* groups_cleanup_thread(void* arg) {
359 static uint32_t h = 0;
360 uint32_t i;
361 double t;
362 groups *g,*gn;
363 int ka = 1;
364 while (ka) {
365 zassert(pthread_mutex_lock(&glock));
366 t = monotonic_seconds();
367 for (i=0 ; i<16 ; i++) {
368 for (g = groups_hashtab[h] ; g!=NULL ; g = gn) {
369 gn = g->next;
370 if (g->time + to < t && g->locked==0 && g->lcnt==0) {
371 groups_remove(g);
372 }
373 }
374 h++;
375 h%=HASHSIZE;
376 }
377 ka = keep_alive;
378 zassert(pthread_mutex_unlock(&glock));
379 portable_usleep(10000);
380 }
381 return arg;
382 }
383
384 /*
385 void* groups_debug_thread(void* arg) {
386 uint32_t i,j,k;
387 uint32_t l,u;
388 groups *g;
389 while (1) {
390 zassert(pthread_mutex_lock(&glock));
391 k = 0;
392 l = 0;
393 u = 0;
394 for (i=0 ; i<HASHSIZE ; i++) {
395 j = 0;
396 if (groups_hashtab[i]!=NULL) {
397 l++;
398 }
399 for (g = groups_hashtab[i] ; g!=NULL ; g = g->next) {
400 j++;
401 u++;
402 fprintf(stderr,"hashpos: %"PRIu32" ; pid: %"PRIu32" ; uid: %"PRIu32" ; gid: %"PRIu32" ; time: %.6lf ; lcnt: %"PRIu32" ; locked: %"PRIu32" ; gidcnt: %"PRIu32"\n",i,g->pid,g->uid,g->gid,g->time,g->lcnt,g->locked,g->gidcnt);
403 }
404 if (j>k) {
405 k=j;
406 }
407 }
408 fprintf(stderr,"malloc cnt: %"PRIu32" ; free cnt: %"PRIu32" ; maxchain: %"PRIu32" ; used hashtab entries: %"PRIu32" ; data entries: %"PRIu32" ; avgchain: %.2lf / %.2lf\n",mallocs,frees,k,l,u,(double)(u)/(double)(HASHSIZE),(double)(u)/(double)(l));
409 zassert(pthread_mutex_unlock(&glock));
410 sleep(5);
411 }
412 return arg;
413 }
414 */
415
groups_term(void)416 void groups_term(void) {
417 uint32_t i;
418 #ifdef __clang_analyzer__
419 groups *gn;
420 #endif
421 zassert(pthread_mutex_lock(&glock));
422 keep_alive = 0;
423 zassert(pthread_mutex_unlock(&glock));
424 pthread_join(main_thread,NULL);
425 zassert(pthread_mutex_lock(&glock));
426 for (i=0 ; i<HASHSIZE ; i++) {
427 while (groups_hashtab[i]) {
428 #ifdef __clang_analyzer__
429 gn = groups_hashtab[i]->next;
430 #endif
431 groups_remove(groups_hashtab[i]);
432 #ifdef __clang_analyzer__
433 // groups_hashtab[i] is changed by using 'prev' pointer, so after groups_remove variable groups_hashtab[i] has different value and can be used in while !!!
434 groups_hashtab[i] = gn;
435 #endif
436 }
437 }
438 free(groups_hashtab);
439 zassert(pthread_mutex_unlock(&glock));
440 zassert(pthread_mutex_destroy(&glock));
441 }
442
groups_init(double _to,int dm)443 void groups_init(double _to,int dm) {
444 uint32_t i;
445 debug_mode = dm;
446 zassert(pthread_mutex_init(&glock,NULL));
447 groups_hashtab = malloc(sizeof(groups*)*HASHSIZE);
448 passert(groups_hashtab);
449 for (i=0 ; i<HASHSIZE ; i++) {
450 groups_hashtab[i] = NULL;
451 }
452 to = _to;
453 keep_alive = 1;
454 pthread_create(&main_thread,NULL,groups_cleanup_thread,NULL);
455 // pthread_create(&t,NULL,groups_debug_thread,NULL);
456 }
457
458 /*
459 #include <stdio.h>
460 #include "strerr.h"
461
462 int main(int argc,char *argv[]) {
463 groups *g;
464 pid_t pid;
465 uid_t uid;
466 gid_t gid;
467 uint32_t n;
468
469 strerr_init();
470 if (argc==2) {
471 pid = strtoul(argv[1],NULL,10);
472 uid = getuid();
473 gid = getgid();
474 } else if (argc==4) {
475 pid = strtoul(argv[1],NULL,10);
476 uid = strtoul(argv[2],NULL,10);
477 gid = strtoul(argv[3],NULL,10);
478 } else {
479 pid = getpid();
480 uid = getuid();
481 gid = getgid();
482 }
483
484 groups_init(1.0,0);
485 printf("pid: %d ; uid: %d ; gid: %d\n",pid,uid,gid);
486 g = groups_get(pid,uid,gid);
487 for (n=0 ; n<g->gidcnt ; n++) {
488 printf("gid_%"PRIu32": %d\n",n,g->gidtab[n]);
489 }
490 groups_rel(g);
491 return 0;
492 }
493 */
494