END_TEST
START_TEST (check_fs_rid_set_scan)
{
fs_rid_set *s = fs_rid_set_new();
fail_unless(s != NULL);
int i=0;
int ELTS = 10000;
for (i=1; i <= ELTS; i++) {
fs_rid_set_add(s, (fs_rid) i);
if ((i % 2 == 0) || (i % 5 == 0))
fs_rid_set_add(s, (fs_rid) i);
}
int pass=0;
for (pass=0; pass < 2; pass++) {
fs_rid_set_rewind(s);
fs_rid e = FS_RID_NULL;
int count = 0;
while((e = fs_rid_set_next(s)) != FS_RID_NULL) {
count = count + 1;
fail_if(e <= 0 || e > (ELTS));
}
fail_if(count != ELTS);
}
fs_rid_set_free(s);
}
/**
* given an api key it returns a set of graphs not accesible by this user/api_key
*/
static fs_rid_set *no_access_for_user(fs_acl_system_info *acl_info, fs_rid user_rid) {
if (!acl_info || is_admin(acl_info->admin_user_set, user_rid))
return NULL;
if (acl_info->acl_graph_hash) {
fs_rid_set *res = fs_rid_set_new();
struct _acl_sec_tuple t = { .set_size = 0, .res = res, .user_key = user_rid };
g_hash_table_foreach(acl_info->acl_graph_hash, key_in , &t);
if (t.set_size)
return res;
return NULL;
}
return NULL;
}
END_TEST
START_TEST (check_fs_rid_set_add_contains)
{
fs_rid_set *s = fs_rid_set_new();
fail_unless(s != NULL);
int i=0;
for (i=0; i < 1e4; i++) {
fs_rid_set_add(s, i);
}
for (i=0; i < 1e4; i++) {
fail_if(!fs_rid_set_contains(s,i));
}
fs_rid_set_free(s);
}
/**
* It loads the acl system info from the system:config graph.
* Due to link->acl_system_info manipulation this function should be
* under mutex conditions.
*/
int fs_acl_load_system_info(fsp_link *link) {
if (!fsp_acl_needs_reload(link))
return 0;
int flags = FS_BIND_SUBJECT | FS_BIND_PREDICATE | FS_BIND_OBJECT | FS_BIND_BY_SUBJECT;
fs_rid_vector *mrids = fs_rid_vector_new_from_args(1, fs_c.system_config);
fs_rid_vector *srids = fs_rid_vector_new(0);
fs_rid_vector *prids = fs_rid_vector_new_from_args(2, fs_c.fs_acl_admin, fs_c.fs_acl_access_by);
fs_rid_vector *orids = fs_rid_vector_new(0);
fs_rid_vector **result = NULL;
fsp_bind_limit_all(link, flags, mrids, srids, prids, orids, &result, -1, -1);
fs_rid_vector_free(mrids);
fs_rid_vector_free(srids);
fs_rid_vector_free(prids);
fs_rid_vector_free(orids);
int admin_users_count = 0;
fs_acl_system_info *acl_system_info = link->acl_system_info;
if (result && result[0]) {
if (!acl_system_info->acl_graph_hash || acl_system_info->admin_user_set)
link->acl_system_info = acl_system_info;
if (acl_system_info->acl_graph_hash) {
g_hash_table_steal(acl_system_info->acl_graph_hash, &fs_c.system_config);
g_hash_table_destroy(acl_system_info->acl_graph_hash);
acl_system_info->acl_graph_hash = NULL;
}
acl_system_info->acl_graph_hash = g_hash_table_new_full(fs_rid_hash,fs_rid_equal,
acl_key_destroyed, acl_value_destroyed);
if (acl_system_info->admin_user_set) {
fs_rid_set_free(acl_system_info->admin_user_set);
acl_system_info->admin_user_set = NULL;
}
acl_system_info->admin_user_set = fs_rid_set_new();
for (int row = 0; row < result[0]->length; row++) {
if(result[1]->data[row] == fs_c.fs_acl_access_by) {
/* if pred is acl_access_by then subject is the graph and object is the user rid */
gpointer users_set_ref = NULL;
fs_rid_set *users_set = NULL;
if (!(users_set_ref=g_hash_table_lookup(acl_system_info->acl_graph_hash, &result[0]->data[row]))) {
users_set = fs_rid_set_new();
fs_rid *rid_graph = malloc(sizeof(fs_rid));
*rid_graph = result[0]->data[row];
g_hash_table_insert(acl_system_info->acl_graph_hash, rid_graph, users_set);
} else
users_set = (fs_rid_set *) users_set_ref;
fs_rid_set_add(users_set, result[2]->data[row]);
} else if (result[1]->data[row] == fs_c.fs_acl_admin) {
/* if admin predicate then object contains the admin user rid id */
fs_rid_set_add(acl_system_info->admin_user_set, result[2]->data[row]);
admin_users_count++;
}
}
if (admin_users_count == 0) {
fs_error(LOG_ERR,"Added default admin user %s",FS_ACL_DEFAULT_ADMIN);
fs_rid_set_add(acl_system_info->admin_user_set, fs_c.fs_acl_default_admin);
}
/* only admin users can access system:config */
g_hash_table_insert(acl_system_info->acl_graph_hash, &fs_c.system_config, acl_system_info->admin_user_set);
}
fsp_acl_reloaded(link);
if (result) {
for (int i=0;i<3;i++) {
fs_rid_vector_free(result[i]);
}
free(result);
}
return 1;
}
