5 #define __STDC_FORMAT_MACROS
11 #include <sys/sysctl.h>
30 : deadline_sweep_pids_(0)
31 , deadline_sweep_creds_(0)
32 , authz_fetcher_(NULL)
76 authz_mgr->
no_pid_ = statistics->
Register(
"authz.no_pid",
"cached pids");
80 "authz.n_fetch",
"overall number of authz helper invocations");
82 "authz.n_grant",
"overall number of granted membership queries");
84 "authz.n_deny",
"overall number of denied membership queries");
98 pid_key->
sid = getsid(pid);
99 if (pid_key->
sid == static_cast<pid_t>(-1)) {
104 int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
105 struct kinfo_proc kp;
106 size_t len =
sizeof(kp);
107 retval = sysctl(mib, 4, &kp, &len, NULL, 0);
113 pid_key->
uid = kp.kp_eproc.e_pcred.p_ruid;
114 pid_key->
gid = kp.kp_eproc.e_pcred.p_rgid;
115 int64_t usec =
static_cast<int64_t
>(kp.kp_proc.p_un.__p_starttime.tv_sec)
117 usec +=
static_cast<int64_t
>(kp.kp_proc.p_un.__p_starttime.tv_usec);
123 const int kMaxProcPath = 64;
124 char pid_path[kMaxProcPath];
125 if (snprintf(pid_path, kMaxProcPath,
"/proc/%d/stat", pid) >= kMaxProcPath) {
129 FILE *fp_stat = fopen(pid_path,
"r");
130 if (fp_stat == NULL) {
132 "Failed to open status file /proc/%d/stat: (errno=%d) %s", pid,
133 errno, strerror(errno));
135 "Authorization for session %d disappeared", pid);
140 const int fd_stat = fileno(fp_stat);
146 "Failed to get stat information of running process.");
149 pid_key->
uid = info.st_uid;
150 pid_key->
gid = info.st_gid;
153 retval = fscanf(fp_stat,
154 "%*d %*s %*c %*d %*d %d %*d %*d %*u %*u %*u %*u "
155 "%*u %*u %*u %*d %*d %*d %*d %*d %*d %" SCNu64,
163 "Failed to parse status file for "
164 "pid %d: (errno=%d) %s, fscanf result %d",
165 pid, errno, strerror(errno), retval);
178 const std::string &membership) {
195 const std::string &membership) {
213 const std::string &membership,
215 assert(authz_data != NULL);
225 "cached authz data for sid %d, membership %s, status %d",
228 const bool granted = authz_data->
IsGranted(membership);
242 &(authz_data->
token), &ttl);
247 "fetched authz data for sid %d (pid %d), membership %s, status %d, "
276 assert(session_key != NULL);
288 "Session key %d/%" PRIu64
" in cache; sid=%d, bday=%" PRIu64,
295 "Session key not found in cache, getting information from OS");
297 pid_t sid = pid_key->
sid;
306 session_key->
sid = sid_key.
pid;
353 vector<SessionKey> trash_bin;
356 if (this_key != empty_key) {
358 trash_bin.push_back(this_key);
362 for (
unsigned i = 0; i < trash_bin.size(); ++i) {
375 vector<PidKey> trash_bin;
376 for (
unsigned i = 0; i <
pid2session_.capacity(); ++i) {
378 if (this_key != empty_key) {
380 trash_bin.push_back(this_key);
384 for (
unsigned i = 0; i < trash_bin.size(); ++i) {
void Dec(class Counter *counter)
Counter * Register(const std::string &name, const std::string &desc)
SmallHashDynamic< PidKey, SessionKey > pid2session_
pthread_mutex_t lock_pid2session_
bool LookupAuthzData(const PidKey &pid_key, const SessionKey &session_key, const std::string &membership, AuthzData *authz_data)
bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key)
static const unsigned kPidLifetime
static uint32_t HashSessionKey(const SessionKey &key)
void SweepCreds(uint64_t now)
virtual AuthzStatus Fetch(const QueryInfo &query_info, AuthzToken *authz_token, unsigned *ttl)=0
SmallHashDynamic< SessionKey, AuthzData > session2cred_
bool GetPidInfo(pid_t pid, PidKey *pid_key)
AuthzFetcher * authz_fetcher_
assert((mem||(size==0))&&"Out Of Memory")
AuthzToken * GetTokenCopy(const pid_t pid, const std::string &membership)
void SweepPids(uint64_t now)
void Set(const int64_t val)
uint64_t deadline_sweep_creds_
perf::Counter * no_session_
static AuthzSessionManager * Create(AuthzFetcher *authz_fetcher, perf::Statistics *statistics)
static uint32_t HashPidKey(const PidKey &key)
bool IsMemberOf(const pid_t pid, const std::string &membership)
pthread_mutex_t lock_session2cred_
void Inc(class Counter *counter)
static const unsigned kSweepInterval
uint64_t deadline_sweep_pids_
bool IsGranted(const std::string &expected_membership) const
CVMFS_EXPORT void LogCvmfs(const LogSource source, const int mask, const char *format,...)