END_TEST
START_TEST (check_fs_rid_set_scan)
{
fs_rid_set *s = fs_rid_set_new();
fail_unless(s != NULL);
int i=0;
int ELTS = 10000;
for (i=1; i <= ELTS; i++) {
fs_rid_set_add(s, (fs_rid) i);
if ((i % 2 == 0) || (i % 5 == 0))
fs_rid_set_add(s, (fs_rid) i);
}
int pass=0;
for (pass=0; pass < 2; pass++) {
fs_rid_set_rewind(s);
fs_rid e = FS_RID_NULL;
int count = 0;
while((e = fs_rid_set_next(s)) != FS_RID_NULL) {
count = count + 1;
fail_if(e <= 0 || e > (ELTS));
}
fail_if(count != ELTS);
}
fs_rid_set_free(s);
}
/**
* aux function to traverse g_hash_table of graph acls.
*/
void key_in(gpointer key, gpointer value, gpointer user_data) {
fs_rid *g = (fs_rid *)key;
struct _acl_sec_tuple *t = (struct _acl_sec_tuple *) user_data;
fs_rid_set *graph_keys = (fs_rid_set *)value;
if (!fs_rid_set_contains(graph_keys,t->user_key)) {
fs_rid_set_add(t->res,*g);
t->set_size++;
}
}
END_TEST
START_TEST (check_fs_rid_set_add_contains)
{
fs_rid_set *s = fs_rid_set_new();
fail_unless(s != NULL);
int i=0;
for (i=0; i < 1e4; i++) {
fs_rid_set_add(s, i);
}
for (i=0; i < 1e4; i++) {
fail_if(!fs_rid_set_contains(s,i));
}
fs_rid_set_free(s);
}
/**
* It loads the acl system info from the system:config graph.
* Due to link->acl_system_info manipulation this function should be
* under mutex conditions.
*/
int fs_acl_load_system_info(fsp_link *link) {
if (!fsp_acl_needs_reload(link))
return 0;
int flags = FS_BIND_SUBJECT | FS_BIND_PREDICATE | FS_BIND_OBJECT | FS_BIND_BY_SUBJECT;
fs_rid_vector *mrids = fs_rid_vector_new_from_args(1, fs_c.system_config);
fs_rid_vector *srids = fs_rid_vector_new(0);
fs_rid_vector *prids = fs_rid_vector_new_from_args(2, fs_c.fs_acl_admin, fs_c.fs_acl_access_by);
fs_rid_vector *orids = fs_rid_vector_new(0);
fs_rid_vector **result = NULL;
fsp_bind_limit_all(link, flags, mrids, srids, prids, orids, &result, -1, -1);
fs_rid_vector_free(mrids);
fs_rid_vector_free(srids);
fs_rid_vector_free(prids);
fs_rid_vector_free(orids);
int admin_users_count = 0;
fs_acl_system_info *acl_system_info = link->acl_system_info;
if (result && result[0]) {
if (!acl_system_info->acl_graph_hash || acl_system_info->admin_user_set)
link->acl_system_info = acl_system_info;
if (acl_system_info->acl_graph_hash) {
g_hash_table_steal(acl_system_info->acl_graph_hash, &fs_c.system_config);
g_hash_table_destroy(acl_system_info->acl_graph_hash);
acl_system_info->acl_graph_hash = NULL;
}
acl_system_info->acl_graph_hash = g_hash_table_new_full(fs_rid_hash,fs_rid_equal,
acl_key_destroyed, acl_value_destroyed);
if (acl_system_info->admin_user_set) {
fs_rid_set_free(acl_system_info->admin_user_set);
acl_system_info->admin_user_set = NULL;
}
acl_system_info->admin_user_set = fs_rid_set_new();
for (int row = 0; row < result[0]->length; row++) {
if(result[1]->data[row] == fs_c.fs_acl_access_by) {
/* if pred is acl_access_by then subject is the graph and object is the user rid */
gpointer users_set_ref = NULL;
fs_rid_set *users_set = NULL;
if (!(users_set_ref=g_hash_table_lookup(acl_system_info->acl_graph_hash, &result[0]->data[row]))) {
users_set = fs_rid_set_new();
fs_rid *rid_graph = malloc(sizeof(fs_rid));
*rid_graph = result[0]->data[row];
g_hash_table_insert(acl_system_info->acl_graph_hash, rid_graph, users_set);
} else
users_set = (fs_rid_set *) users_set_ref;
fs_rid_set_add(users_set, result[2]->data[row]);
} else if (result[1]->data[row] == fs_c.fs_acl_admin) {
/* if admin predicate then object contains the admin user rid id */
fs_rid_set_add(acl_system_info->admin_user_set, result[2]->data[row]);
admin_users_count++;
}
}
if (admin_users_count == 0) {
fs_error(LOG_ERR,"Added default admin user %s",FS_ACL_DEFAULT_ADMIN);
fs_rid_set_add(acl_system_info->admin_user_set, fs_c.fs_acl_default_admin);
}
/* only admin users can access system:config */
g_hash_table_insert(acl_system_info->acl_graph_hash, &fs_c.system_config, acl_system_info->admin_user_set);
}
fsp_acl_reloaded(link);
if (result) {
for (int i=0;i<3;i++) {
fs_rid_vector_free(result[i]);
}
free(result);
}
return 1;
}
/* we add models to the models set, if the matching RID is set to a wildcard */
fs_row_id fs_ptable_remove_pair(fs_ptable *pt, fs_row_id b, fs_rid pair[2], int *removed, fs_rid_set *models)
{
fs_row_id ret = b;
if (b == 0) {
fs_error(LOG_CRIT, "tried to read row 0");
return ret;
}
if (b > pt->header->length) {
fs_error(LOG_CRIT, "tried to read off end of ptable %s (%d > %d)", pt->filename, b, pt->header->length);
return ret;
}
/* NULL, NULL means remove everything */
if (pair[0] == FS_RID_NULL && pair[1] == FS_RID_NULL) {
/* loop over the chain, count length, remove entries, and set all
* models to be marked as sparse */
while (b != 0) {
(*removed)++;
row *r = &(pt->data[b]);
if (models) {
fs_rid_set_add(models, r->data[0]);
}
fs_row_id nextb = r->cont;
fs_ptable_free_row(pt, b);
b = nextb;
}
return 0;
}
row *prevr = NULL;
while (b != 0) {
row *r = &(pt->data[b]);
fs_row_id nextb = r->cont;
if (pair[0] != FS_RID_NULL && pair[1] == FS_RID_NULL) {
if (r->data[0] == pair[0]) {
if (prevr) {
prevr->cont = nextb;
} else {
ret = nextb;
}
fs_ptable_free_row(pt, b);
(*removed)++;
} else {
prevr = r;
}
} else if (pair[0] == FS_RID_NULL && pair[1] != FS_RID_NULL) {
if (r->data[1] == pair[1]) {
if (models) {
fs_rid_set_add(models, r->data[0]);
}
if (prevr) {
prevr->cont = nextb;
} else {
ret = nextb;
}
fs_ptable_free_row(pt, b);
(*removed)++;
} else {
prevr = r;
}
} else if (pair[0] != FS_RID_NULL && pair[1] != FS_RID_NULL) {
if (r->data[0] == pair[0] && r->data[1] == pair[1]) {
if (prevr) {
prevr->cont = nextb;
} else {
ret = nextb;
}
fs_ptable_free_row(pt, b);
(*removed)++;
} else {
prevr = r;
}
} else {
fs_error(LOG_CRIT, "trying to remove with unsupported pattern");
}
b = nextb;
}
return ret;
}
