From 081de37af1947f4f803bc043ae860bc7c0e3dc8e Mon Sep 17 00:00:00 2001
From: Arvin Schnell <aschnell@suse.de>
Date: Fri, 28 Jan 2022 08:44:41 +0100
Subject: [PATCH] - cache uid for each client

---
 server/Client.cc      | 32 +++++++++++++++-----------------
 server/Client.h       |  8 +++++---
 server/MetaSnapper.cc | 26 +++++++++++++-------------
 server/MetaSnapper.h  |  9 ++++++---
 server/snapperd.cc    | 12 +++++++-----
 5 files changed, 46 insertions(+), 41 deletions(-)

diff --git a/server/Client.cc b/server/Client.cc
index 28942a43..fa541e76 100644
--- a/server/Client.cc
+++ b/server/Client.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2016-2021] SUSE LLC
+ * Copyright (c) [2016-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -38,8 +38,8 @@
 boost::shared_mutex big_mutex;
 
 
-Client::Client(const string& name, const Clients& clients)
-    : name(name), clients(clients)
+Client::Client(const string& name, uid_t uid, const Clients& clients)
+    : name(name), uid(uid), clients(clients)
 {
 }
 
@@ -394,7 +394,7 @@ struct Permissions : public Exception
 void
 Client::check_permission(DBus::Connection& conn, DBus::Message& msg) const
 {
-    unsigned long uid = conn.get_unix_userid(msg);
+    // Check if the uid of the dbus-user is root.
     if (uid == 0)
 	return;
 
@@ -406,14 +406,12 @@ void
 Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
 			 const MetaSnapper& meta_snapper) const
 {
-    unsigned long uid = conn.get_unix_userid(msg);
-
     // Check if the uid of the dbus-user is root.
     if (uid == 0)
 	return;
 
     // Check if the uid of the dbus-user is included in the allowed uids.
-    if (contains(meta_snapper.uids, uid))
+    if (contains(meta_snapper.get_allowed_uids(), uid))
 	return;
 
     string username;
@@ -422,7 +420,7 @@ Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
     if (get_uid_username_gid(uid, username, gid))
     {
 	// Check if the primary gid of the dbus-user is included in the allowed gids.
-	if (contains(meta_snapper.gids, gid))
+	if (contains(meta_snapper.get_allowed_gids(), gid))
 	    return;
 
 	vector<gid_t> gids = getgrouplist(username.c_str(), gid);
@@ -430,7 +428,7 @@ Client::check_permission(DBus::Connection& conn, DBus::Message& msg,
 	// Check if any (primary or secondary) gid of the dbus-user is included in the allowed
 	// gids.
 	for (vector<gid_t>::const_iterator it = gids.begin(); it != gids.end(); ++it)
-	    if (contains(meta_snapper.gids, *it))
+	    if (contains(meta_snapper.get_allowed_gids(), *it))
 		return;
     }
 
@@ -892,7 +890,7 @@ Client::create_single_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -927,7 +925,7 @@ Client::create_single_snapshot_v2(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -965,7 +963,7 @@ Client::create_single_snapshot_of_default(DBus::Connection& conn, DBus::Message&
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -999,7 +997,7 @@ Client::create_pre_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
 
@@ -1034,7 +1032,7 @@ Client::create_post_snapshot(DBus::Connection& conn, DBus::Message& msg)
     MetaSnappers::iterator it = meta_snappers.find(config_name);
 
     check_permission(conn, msg, *it);
-    scd.uid = conn.get_unix_userid(msg);
+    scd.uid = uid;
 
     Snapper* snapper = it->getSnapper();
     Snapshots& snapshots = snapper->getSnapshots();
@@ -1596,7 +1594,7 @@ Client::debug(DBus::Connection& conn, DBus::Message& msg) const
     for (Clients::const_iterator it = clients.begin(); it != clients.end(); ++it)
     {
 	std::ostringstream s;
-	s << "    name:'" << it->name << "'";
+	s << "    name:'" << it->name << "', uid:" << it->uid;
 	if (&*it == this)
 	    s << ", myself";
 	if (it->zombie)
@@ -1957,11 +1955,11 @@ Clients::find(const string& name)
 
 
 Clients::iterator
-Clients::add(const string& name)
+Clients::add(const string& name, uid_t uid)
 {
     assert(find(name) == entries.end());
 
-    entries.emplace_back(name, *this);
+    entries.emplace_back(name, uid, *this);
 
     return --entries.end();
 }
diff --git a/server/Client.h b/server/Client.h
index 6ed6e41c..a647a0bb 100644
--- a/server/Client.h
+++ b/server/Client.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2016,2018] SUSE LLC
+ * Copyright (c) [2016-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -120,7 +120,7 @@ public:
 
     void dispatch(DBus::Connection& conn, DBus::Message& msg);
 
-    Client(const string& name, const Clients& clients);
+    Client(const string& name, uid_t uid, const Clients& clients);
     ~Client();
 
     list<Comparison*>::iterator find_comparison(Snapper* snapper, unsigned int number1,
@@ -140,6 +140,7 @@ public:
     void remove_mount(const string& config_name, unsigned int number);
 
     const string name;
+    const uid_t uid;
 
     list<Comparison*> comparisons;
 
@@ -192,7 +193,8 @@ public:
 
     iterator find(const string& name);
 
-    iterator add(const string& name);
+    iterator add(const string& name, uid_t uid);
+
     void remove_zombies();
 
     bool has_zombies() const;
diff --git a/server/MetaSnapper.cc b/server/MetaSnapper.cc
index f87e5ed3..8068845f 100644
--- a/server/MetaSnapper.cc
+++ b/server/MetaSnapper.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) 2018 SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -124,37 +124,37 @@ MetaSnapper::setConfigInfo(const map<string, string>& raw)
 void
 MetaSnapper::set_permissions()
 {
-    uids.clear();
+    allowed_uids.clear();
 
     vector<string> users;
     if (config_info.getValue(KEY_ALLOW_USERS, users))
     {
-	for (vector<string>::const_iterator it = users.begin(); it != users.end(); ++it)
+	for (const string& user : users)
 	{
 	    uid_t tmp;
-	    if (get_user_uid(it->c_str(), tmp))
-		uids.push_back(tmp);
+	    if (get_user_uid(user.c_str(), tmp))
+		allowed_uids.push_back(tmp);
 	}
     }
 
-    sort(uids.begin(), uids.end());
-    uids.erase(unique(uids.begin(), uids.end()), uids.end());
+    sort(allowed_uids.begin(), allowed_uids.end());
+    allowed_uids.erase(unique(allowed_uids.begin(), allowed_uids.end()), allowed_uids.end());
 
-    gids.clear();
+    allowed_gids.clear();
 
     vector<string> groups;
     if (config_info.getValue(KEY_ALLOW_GROUPS, groups))
     {
-	for (vector<string>::const_iterator it = groups.begin(); it != groups.end(); ++it)
+	for (const string& group : groups)
 	{
 	    gid_t tmp;
-	    if (get_group_gid(it->c_str(), tmp))
-		gids.push_back(tmp);
+	    if (get_group_gid(group.c_str(), tmp))
+		allowed_gids.push_back(tmp);
 	}
     }
 
-    sort(gids.begin(), gids.end());
-    gids.erase(unique(gids.begin(), gids.end()), gids.end());
+    sort(allowed_gids.begin(), allowed_gids.end());
+    allowed_gids.erase(unique(allowed_gids.begin(), allowed_gids.end()), allowed_gids.end());
 }
 
 
diff --git a/server/MetaSnapper.h b/server/MetaSnapper.h
index 69033b32..ef5d4073 100644
--- a/server/MetaSnapper.h
+++ b/server/MetaSnapper.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) 2018 SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -94,8 +94,8 @@ public:
     const ConfigInfo& getConfigInfo() const { return config_info; }
     void setConfigInfo(const map<string, string>& raw);
 
-    vector<uid_t> uids;
-    vector<gid_t> gids;
+    const vector<uid_t>& get_allowed_uids() const { return allowed_uids; }
+    const vector<gid_t>& get_allowed_gids() const { return allowed_gids; }
 
     Snapper* getSnapper();
 
@@ -111,6 +111,9 @@ private:
 
     Snapper* snapper = nullptr;
 
+    vector<uid_t> allowed_uids;
+    vector<gid_t> allowed_gids;
+
 };
 
 
diff --git a/server/snapperd.cc b/server/snapperd.cc
index afc3433c..5f63b1ff 100644
--- a/server/snapperd.cc
+++ b/server/snapperd.cc
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) [2012-2015] Novell, Inc.
- * Copyright (c) [2018-2021] SUSE LLC
+ * Copyright (c) [2018-2022] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -93,12 +93,14 @@ MyMainLoop::method_call(DBus::Message& msg)
     {
 	boost::unique_lock<boost::shared_mutex> lock(big_mutex);
 
-	Clients::iterator client = clients.find(msg.get_sender());
+	const string name = msg.get_sender();
+
+	Clients::iterator client = clients.find(name);
 	if (client == clients.end())
 	{
-	    y2deb("client connected invisible '" << msg.get_sender() << "'");
-	    add_client_match(msg.get_sender());
-	    client = clients.add(msg.get_sender());
+	    y2deb("client connected invisible '" << name << "'");
+	    add_client_match(name);
+	    client = clients.add(name, get_unix_userid(msg));
 	    set_idle_timeout(seconds(-1));
 	}
 
-- 
2.47.3