- cache uid for each client

diff --git a/server/Client.cc b/server/Client.cc
index 28942a4354ffc4d0560c16aabea98ec02da684ea..fa541e76b2162386e67ad07de886cec734bdcb36 100644 (file)
--- a/server/Client.cc
+++ b/server/Client.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2016-2021] SUSE LLC
+ * Copyright (c) [2016-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -38,8 +38,8 @@
 boost::shared_mutex big_mutex;
 
 
-Client::Client(const string& name, const Clients& clients)
-    : name(name), clients(clients)
+Client::Client(const string& name, uid_t uid, const Clients& clients)
+    : name(name), uid(uid), clients(clients)
 {
 }
 
@@ -394,7 +394,7 @@ struct Permissions : public Exception
 void
 Client::check_permission(DBus::Connection& conn, DBus::Message& msg) const
 {
-    unsigned long uid = conn.get_unix_userid(msg);
+    // Check if the uid of the dbus-user is root.
     if (uid == 0)
        return;
 
@@ -406,14 +406,12 @@ void
 Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
                         const MetaSnapper& meta_snapper) const
 {
-    unsigned long uid = conn.get_unix_userid(msg);
-
     // Check if the uid of the dbus-user is root.
     if (uid == 0)
        return;
 
     // Check if the uid of the dbus-user is included in the allowed uids.
-    if (contains(meta_snapper.uids, uid))
+    if (contains(meta_snapper.get_allowed_uids(), uid))
        return;
 
     string username;
@@ -422,7 +420,7 @@ Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
     if (get_uid_username_gid(uid, username, gid))
     {
        // Check if the primary gid of the dbus-user is included in the allowed gids.
-       if (contains(meta_snapper.gids, gid))
+       if (contains(meta_snapper.get_allowed_gids(), gid))
            return;
 
        vector<gid_t> gids = getgrouplist(username.c_str(), gid);
@@ -430,7 +428,7 @@ Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
        // Check if any (primary or secondary) gid of the dbus-user is included in the allowed
        // gids.
        for (vector<gid_t>::const_iterator it = gids.begin(); it != gids.end(); ++it)
-           if (contains(meta_snapper.gids, *it))
+           if (contains(meta_snapper.get_allowed_gids(), *it))
                return;
     }
 
@@ -892,7 +890,7 @@ Client::create_single_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -927,7 +925,7 @@ Client::create_single_snapshot_v2(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -965,7 +963,7 @@ Client::create_single_snapshot_of_default(DBus::Connection& conn, DBus::Message&
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -999,7 +997,7 @@ Client::create_pre_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -1034,7 +1032,7 @@ Client::create_post_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
     Snapshots& snapshots = snapper->getSnapshots();
@@ -1596,7 +1594,7 @@ Client::debug(DBus::Connection& conn, DBus::Message& msg) const
     for (Clients::const_iterator it = clients.begin(); it != clients.end(); ++it)
     {
        std::ostringstream s;
-       s << "    name:'" << it->name << "'";
+       s << "    name:'" << it->name << "', uid:" << it->uid;
        if (&*it == this)
            s << ", myself";
        if (it->zombie)
@@ -1957,11 +1955,11 @@ Clients::find(const string& name)
 
 
 Clients::iterator
-Clients::add(const string& name)
+Clients::add(const string& name, uid_t uid)
 {
     assert(find(name) == entries.end());
 
-    entries.emplace_back(name, *this);
+    entries.emplace_back(name, uid, *this);
 
     return --entries.end();
 }

diff --git a/server/Client.h b/server/Client.h
index 6ed6e41c9495ea5bd6dff7dcedfa76f86f3a7f15..a647a0bb4dd12ce08a360cf06b6facad9cc9ea72 100644 (file)
--- a/server/Client.h
+++ b/server/Client.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2016,2018] SUSE LLC
+ * Copyright (c) [2016-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -120,7 +120,7 @@ public:
 
     void dispatch(DBus::Connection& conn, DBus::Message& msg);
 
-    Client(const string& name, const Clients& clients);
+    Client(const string& name, uid_t uid, const Clients& clients);
     ~Client();
 
     list<Comparison*>::iterator find_comparison(Snapper* snapper, unsigned int number1,
@@ -140,6 +140,7 @@ public:
     void remove_mount(const string& config_name, unsigned int number);
 
     const string name;
+    const uid_t uid;
 
     list<Comparison*> comparisons;
 
@@ -192,7 +193,8 @@ public:
 
     iterator find(const string& name);
 
-    iterator add(const string& name);
+    iterator add(const string& name, uid_t uid);
+
     void remove_zombies();
 
     bool has_zombies() const;

diff --git a/server/MetaSnapper.cc b/server/MetaSnapper.cc
index f87e5ed31294ded0737c95d50f73091c980442a5..8068845f44fa09a3fbed8efdc5e2d2c6cf662244 100644 (file)
--- a/server/MetaSnapper.cc
+++ b/server/MetaSnapper.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) 2018 SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -124,37 +124,37 @@ MetaSnapper::setConfigInfo(const map<string, string>& raw)
 void
 MetaSnapper::set_permissions()
 {
-    uids.clear();
+    allowed_uids.clear();
 
     vector<string> users;
     if (config_info.getValue(KEY_ALLOW_USERS, users))
     {
-       for (vector<string>::const_iterator it = users.begin(); it != users.end(); ++it)
+       for (const string& user : users)
        {
            uid_t tmp;
-           if (get_user_uid(it->c_str(), tmp))
-               uids.push_back(tmp);
+           if (get_user_uid(user.c_str(), tmp))
+               allowed_uids.push_back(tmp);
        }
     }
 
-    sort(uids.begin(), uids.end());
-    uids.erase(unique(uids.begin(), uids.end()), uids.end());
+    sort(allowed_uids.begin(), allowed_uids.end());
+    allowed_uids.erase(unique(allowed_uids.begin(), allowed_uids.end()), allowed_uids.end());
 
-    gids.clear();
+    allowed_gids.clear();
 
     vector<string> groups;
     if (config_info.getValue(KEY_ALLOW_GROUPS, groups))
     {
-       for (vector<string>::const_iterator it = groups.begin(); it != groups.end(); ++it)
+       for (const string& group : groups)
        {
            gid_t tmp;
-           if (get_group_gid(it->c_str(), tmp))
-               gids.push_back(tmp);
+           if (get_group_gid(group.c_str(), tmp))
+               allowed_gids.push_back(tmp);
        }
     }
 
-    sort(gids.begin(), gids.end());
-    gids.erase(unique(gids.begin(), gids.end()), gids.end());
+    sort(allowed_gids.begin(), allowed_gids.end());
+    allowed_gids.erase(unique(allowed_gids.begin(), allowed_gids.end()), allowed_gids.end());
 }
 
 

diff --git a/server/MetaSnapper.h b/server/MetaSnapper.h
index 69033b32aa9db42329b3a3bccb2ec8883b8a9345..ef5d4073404c2660cb67120042358d57d2f2ea0d 100644 (file)
--- a/server/MetaSnapper.h
+++ b/server/MetaSnapper.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) 2018 SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -94,8 +94,8 @@ public:
     const ConfigInfo& getConfigInfo() const { return config_info; }
     void setConfigInfo(const map<string, string>& raw);
 
-    vector<uid_t> uids;
-    vector<gid_t> gids;
+    const vector<uid_t>& get_allowed_uids() const { return allowed_uids; }
+    const vector<gid_t>& get_allowed_gids() const { return allowed_gids; }
 
     Snapper* getSnapper();
 
@@ -111,6 +111,9 @@ private:
 
     Snapper* snapper = nullptr;
 
+    vector<uid_t> allowed_uids;
+    vector<gid_t> allowed_gids;
+
 };
 
 

diff --git a/server/snapperd.cc b/server/snapperd.cc
index afc3433c74217cc0760d189867943fa7d6047497..5f63b1ffd960908ddb3d0268286f2bf6a66af946 100644 (file)
--- a/server/snapperd.cc
+++ b/server/snapperd.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2018-2021] SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -93,12 +93,14 @@ MyMainLoop::method_call(DBus::Message& msg)
     {
        boost::unique_lock<boost::shared_mutex> lock(big_mutex);
 
-       Clients::iterator client = clients.find(msg.get_sender());
+       const string name = msg.get_sender();
+
+       Clients::iterator client = clients.find(name);
        if (client == clients.end())
        {
-           y2deb("client connected invisible '" << msg.get_sender() << "'");
-           add_client_match(msg.get_sender());
-           client = clients.add(msg.get_sender());
+           y2deb("client connected invisible '" << name << "'");
+           add_client_match(name);
+           client = clients.add(name, get_unix_userid(msg));
            set_idle_timeout(seconds(-1));
        }