5 #define __STDC_FORMAT_MACROS
11 #include <sys/sysctl.h>
30 : deadline_sweep_pids_(0)
31 , deadline_sweep_creds_(0)
32 , authz_fetcher_(NULL)
79 authz_mgr->
no_pid_ = statistics->
Register(
"authz.no_pid",
"cached pids");
81 "authz.no_session",
"cached sessions");
83 "authz.n_fetch",
"overall number of authz helper invocations");
85 "authz.n_grant",
"overall number of granted membership queries");
87 "authz.n_deny",
"overall number of denied membership queries");
101 pid_key->
sid = getsid(pid);
102 if (pid_key->
sid == static_cast<pid_t>(-1)) {
107 int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, pid };
108 struct kinfo_proc kp;
109 size_t len =
sizeof(kp);
110 retval = sysctl(mib, 4, &kp, &len, NULL, 0);
116 pid_key->
uid = kp.kp_eproc.e_pcred.p_ruid;
117 pid_key->
gid = kp.kp_eproc.e_pcred.p_rgid;
119 static_cast<int64_t
>(kp.kp_proc.p_un.__p_starttime.tv_sec) * 1000000;
120 usec +=
static_cast<int64_t
>(kp.kp_proc.p_un.__p_starttime.tv_usec);
126 const int kMaxProcPath = 64;
127 char pid_path[kMaxProcPath];
128 if (snprintf(pid_path, kMaxProcPath,
"/proc/%d/stat", pid) >= kMaxProcPath) {
132 FILE *fp_stat = fopen(pid_path,
"r");
133 if (fp_stat == NULL) {
135 "Failed to open status file /proc/%d/stat: (errno=%d) %s",
136 pid, errno, strerror(errno));
138 "Authorization for session %d disappeared", pid);
143 int fd_stat = fileno(fp_stat);
149 "Failed to get stat information of running process.");
152 pid_key->
uid = info.st_uid;
153 pid_key->
gid = info.st_gid;
156 retval = fscanf(fp_stat,
"%*d %*s %*c %*d %*d %d %*d %*d %*u %*u %*u %*u "
157 "%*u %*u %*u %*d %*d %*d %*d %*d %*d %" SCNu64,
165 "pid %d: (errno=%d) %s, fscanf result %d", pid, errno,
166 strerror(errno), retval);
180 const std::string &membership)
199 const std::string &membership)
219 const std::string &membership,
222 assert(authz_data != NULL);
232 "cached authz data for sid %d, membership %s, status %d",
235 const bool granted = authz_data->
IsGranted(membership);
248 &(authz_data->
token), &ttl);
253 "fetched authz data for sid %d (pid %d), membership %s, status %d, "
254 "ttl %u", session_key.
sid, pid_key.
pid,
282 assert(session_key != NULL);
294 "Session key %d/%" PRIu64
" in cache; sid=%d, bday=%" PRIu64,
301 "Session key not found in cache, getting information from OS");
303 pid_t sid = pid_key->
sid;
312 session_key->
sid = sid_key.
pid;
358 vector<SessionKey> trash_bin;
361 if (this_key != empty_key) {
363 trash_bin.push_back(this_key);
367 for (
unsigned i = 0; i < trash_bin.size(); ++i) {
380 vector<PidKey> trash_bin;
381 for (
unsigned i = 0; i <
pid2session_.capacity(); ++i) {
383 if (this_key != empty_key) {
385 trash_bin.push_back(this_key);
389 for (
unsigned i = 0; i < trash_bin.size(); ++i) {
void Dec(class Counter *counter)
Counter * Register(const std::string &name, const std::string &desc)
SmallHashDynamic< PidKey, SessionKey > pid2session_
pthread_mutex_t lock_pid2session_
bool LookupAuthzData(const PidKey &pid_key, const SessionKey &session_key, const std::string &membership, AuthzData *authz_data)
bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key)
static const unsigned kPidLifetime
static uint32_t HashSessionKey(const SessionKey &key)
void SweepCreds(uint64_t now)
virtual AuthzStatus Fetch(const QueryInfo &query_info, AuthzToken *authz_token, unsigned *ttl)=0
SmallHashDynamic< SessionKey, AuthzData > session2cred_
bool GetPidInfo(pid_t pid, PidKey *pid_key)
AuthzFetcher * authz_fetcher_
assert((mem||(size==0))&&"Out Of Memory")
AuthzToken * GetTokenCopy(const pid_t pid, const std::string &membership)
void SweepPids(uint64_t now)
void Set(const int64_t val)
uint64_t deadline_sweep_creds_
perf::Counter * no_session_
static AuthzSessionManager * Create(AuthzFetcher *authz_fetcher, perf::Statistics *statistics)
static uint32_t HashPidKey(const PidKey &key)
bool IsMemberOf(const pid_t pid, const std::string &membership)
pthread_mutex_t lock_session2cred_
void Inc(class Counter *counter)
static const unsigned kSweepInterval
uint64_t deadline_sweep_pids_
bool IsGranted(const std::string &expected_membership) const
CVMFS_EXPORT void LogCvmfs(const LogSource source, const int mask, const char *format,...)