END_TEST START_TEST (check_fs_rid_set_scan) { fs_rid_set *s = fs_rid_set_new(); fail_unless(s != NULL); int i=0; int ELTS = 10000; for (i=1; i <= ELTS; i++) { fs_rid_set_add(s, (fs_rid) i); if ((i % 2 == 0) || (i % 5 == 0)) fs_rid_set_add(s, (fs_rid) i); } int pass=0; for (pass=0; pass < 2; pass++) { fs_rid_set_rewind(s); fs_rid e = FS_RID_NULL; int count = 0; while((e = fs_rid_set_next(s)) != FS_RID_NULL) { count = count + 1; fail_if(e <= 0 || e > (ELTS)); } fail_if(count != ELTS); } fs_rid_set_free(s); }
/** * given an api key it returns a set of graphs not accesible by this user/api_key */ static fs_rid_set *no_access_for_user(fs_acl_system_info *acl_info, fs_rid user_rid) { if (!acl_info || is_admin(acl_info->admin_user_set, user_rid)) return NULL; if (acl_info->acl_graph_hash) { fs_rid_set *res = fs_rid_set_new(); struct _acl_sec_tuple t = { .set_size = 0, .res = res, .user_key = user_rid }; g_hash_table_foreach(acl_info->acl_graph_hash, key_in , &t); if (t.set_size) return res; return NULL; } return NULL; }
END_TEST START_TEST (check_fs_rid_set_add_contains) { fs_rid_set *s = fs_rid_set_new(); fail_unless(s != NULL); int i=0; for (i=0; i < 1e4; i++) { fs_rid_set_add(s, i); } for (i=0; i < 1e4; i++) { fail_if(!fs_rid_set_contains(s,i)); } fs_rid_set_free(s); }
/** * It loads the acl system info from the system:config graph. * Due to link->acl_system_info manipulation this function should be * under mutex conditions. */ int fs_acl_load_system_info(fsp_link *link) { if (!fsp_acl_needs_reload(link)) return 0; int flags = FS_BIND_SUBJECT | FS_BIND_PREDICATE | FS_BIND_OBJECT | FS_BIND_BY_SUBJECT; fs_rid_vector *mrids = fs_rid_vector_new_from_args(1, fs_c.system_config); fs_rid_vector *srids = fs_rid_vector_new(0); fs_rid_vector *prids = fs_rid_vector_new_from_args(2, fs_c.fs_acl_admin, fs_c.fs_acl_access_by); fs_rid_vector *orids = fs_rid_vector_new(0); fs_rid_vector **result = NULL; fsp_bind_limit_all(link, flags, mrids, srids, prids, orids, &result, -1, -1); fs_rid_vector_free(mrids); fs_rid_vector_free(srids); fs_rid_vector_free(prids); fs_rid_vector_free(orids); int admin_users_count = 0; fs_acl_system_info *acl_system_info = link->acl_system_info; if (result && result[0]) { if (!acl_system_info->acl_graph_hash || acl_system_info->admin_user_set) link->acl_system_info = acl_system_info; if (acl_system_info->acl_graph_hash) { g_hash_table_steal(acl_system_info->acl_graph_hash, &fs_c.system_config); g_hash_table_destroy(acl_system_info->acl_graph_hash); acl_system_info->acl_graph_hash = NULL; } acl_system_info->acl_graph_hash = g_hash_table_new_full(fs_rid_hash,fs_rid_equal, acl_key_destroyed, acl_value_destroyed); if (acl_system_info->admin_user_set) { fs_rid_set_free(acl_system_info->admin_user_set); acl_system_info->admin_user_set = NULL; } acl_system_info->admin_user_set = fs_rid_set_new(); for (int row = 0; row < result[0]->length; row++) { if(result[1]->data[row] == fs_c.fs_acl_access_by) { /* if pred is acl_access_by then subject is the graph and object is the user rid */ gpointer users_set_ref = NULL; fs_rid_set *users_set = NULL; if (!(users_set_ref=g_hash_table_lookup(acl_system_info->acl_graph_hash, &result[0]->data[row]))) { users_set = fs_rid_set_new(); fs_rid *rid_graph = malloc(sizeof(fs_rid)); *rid_graph = result[0]->data[row]; g_hash_table_insert(acl_system_info->acl_graph_hash, rid_graph, users_set); } else users_set = (fs_rid_set *) users_set_ref; fs_rid_set_add(users_set, result[2]->data[row]); } else if (result[1]->data[row] == fs_c.fs_acl_admin) { /* if admin predicate then object contains the admin user rid id */ fs_rid_set_add(acl_system_info->admin_user_set, result[2]->data[row]); admin_users_count++; } } if (admin_users_count == 0) { fs_error(LOG_ERR,"Added default admin user %s",FS_ACL_DEFAULT_ADMIN); fs_rid_set_add(acl_system_info->admin_user_set, fs_c.fs_acl_default_admin); } /* only admin users can access system:config */ g_hash_table_insert(acl_system_info->acl_graph_hash, &fs_c.system_config, acl_system_info->admin_user_set); } fsp_acl_reloaded(link); if (result) { for (int i=0;i<3;i++) { fs_rid_vector_free(result[i]); } free(result); } return 1; }