}
}
-void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid)
+void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type)
{
auto vsend = &mapSendGroup[uid];
auto vrecv = &mapRecvGroup[uid];
- auto vown = &mapOwnGroup[uid];
+ auto vown = (type == ItemType::GENERIC || type == ItemType::OWN) ? &mapOwnGroup[uid] : nullptr;
int ngroups = 100;
gid_t groups[100];
-
struct passwd *user_pw;
+
user_pw = getpwuid(uid);
if (!user_pw) {
if (tslog::enabled())
std::cout << "getpwuid failed" << " uid:" << uid << " gid:" << gid << "\n";
-
- (*vsend).push_back(gid);
- (*vrecv).push_back(gid);
- (*vown).push_back(gid);
-
- return ;
+ goto err;
}
if (getgrouplist(user_pw->pw_name, gid, groups, &ngroups) == -1) {
if (tslog::enabled())
std::cout << "getgrouplist failed" << " uid:" << uid << " gid:" << gid << "\n";
-
- (*vsend).push_back(gid);
- (*vrecv).push_back(gid);
- (*vown).push_back(gid);
-
- return ;
+ goto err;
}
/* insert supplementary group */
(*vsend).push_back(groups[i]);
if (m_receive_set.group.find(groups[i]) != m_receive_set.group.end())
(*vrecv).push_back(groups[i]);
- if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
- (*vown).push_back(groups[i]);
}
if ((*vsend).size() == 0 )
(*vsend).push_back(-1);
if ((*vrecv).size() == 0 )
(*vrecv).push_back(-1);
- if ((*vown).size() == 0 )
+ if (type == ItemType::GENERIC || type == ItemType::OWN) {
+ for (int i = 0; i < ngroups; i++) {
+ if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
+ (*vown).push_back(groups[i]);
+ }
+
+ if ((*vown).size() == 0 )
(*vown).push_back(-1);
+ }
+
+ return ;
+err:
+ (*vsend).push_back(gid);
+ (*vrecv).push_back(gid);
+ if (type == ItemType::GENERIC || type == ItemType::OWN)
+ (*vown).push_back(gid);
}
std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid)
{
- if (mapOwnGroup[uid].size() == 0)
- updateSupplementaryGroups(uid, gid);
- if (mapOwnGroup[uid][0] == (gid_t)-1)
- return nullptr;
-
+ gid = gid;
return &mapOwnGroup[uid];
}
std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid, ItemType type)
{
+ static gid_t mygid = getgid();
+ static uid_t myuid = getgid();
+
+ if (uid == myuid && gid ==mygid)
+ return (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
+
+ pthread_mutex_lock(&mutexGroup);
auto vgid = (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
if ((*vgid).size() == 0)
- updateSupplementaryGroups(uid, gid);
+ updateSupplementaryGroups(uid, gid, type);
+ pthread_mutex_unlock(&mutexGroup);
+
if ((*vgid)[0] == (gid_t)-1)
return nullptr;
return vgid;
}
+
+void NaivePolicyDb::updateSupGroup()
+{
+ pthread_mutex_lock(&mutexGroup);
+ updateSupplementaryGroups(getuid(), getgid(), ItemType::GENERIC);
+ pthread_mutex_unlock(&mutexGroup);
+}
\ No newline at end of file
std::map<gid_t, std::vector<gid_t>> mapOwnGroup;
std::map<gid_t, std::vector<gid_t>> mapSendGroup;
std::map<gid_t, std::vector<gid_t>> mapRecvGroup;
- void updateSupplementaryGroups(uid_t uid, gid_t gid);
+ pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER;
+ void updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type);
public:
std::vector<gid_t> * getGroups(uid_t uid, gid_t gid);
std::vector<gid_t> *getGroups(uid_t uid, gid_t gid, const ItemType type);
+ void updateSupGroup();
public:
/** Class containing policy with send/receive rules */
class PolicySR {
class XmlParser : boost::noncopyable
{
public:
- /** Parses given config file for declared bus type */
+ /** Parses given config file for declared bus type */
ErrCode parsePolicy(bool bus,
std::string const &fname) {
ErrCode err = parse(bus, fname);
return err;
}
+ void updateGroupPolicy(bool bus) {
+ __adapter.updateGroupDb(bus);
+ }
private:
/** Vector containing parsed policy */
/** Adapter which allows to access parsed policies */
DbAdapter __adapter;
- /** Parses config file and all files included in it */
+ /** Parses config file and all files included in it */
ErrCode parse(bool bus, std::string const &filename) {
ErrCode err;
std::vector<std::string> incl_files;