diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/ini/ini_config.c | 38 | ||||
-rw-r--r-- | common/ini/ini_config.h | 114 | ||||
-rw-r--r-- | common/ini/ini_config_ut.c | 263 | ||||
-rw-r--r-- | common/ini/ini_metadata.c | 307 |
4 files changed, 684 insertions, 38 deletions
diff --git a/common/ini/ini_config.c b/common/ini/ini_config.c index 66d2c03af..1c8e4aef3 100644 --- a/common/ini/ini_config.c +++ b/common/ini/ini_config.c @@ -87,6 +87,8 @@ #define MAX_VALUE PATH_MAX #define BUFFER_SIZE MAX_KEY + MAX_VALUE + 3 +/* Beffer length used for int to string conversions */ +#define CONVERSION_BUFFER 80 /*============================================================*/ /* The following classes moved here from the public header @@ -583,7 +585,7 @@ static int config_with_metadata(const char *application, int error_level, struct collection_item **error_list, uint32_t metaflags, - struct collection_item *metadata) + struct collection_item **metadata) { int error; int created = 0; @@ -667,8 +669,8 @@ int config_from_fd_with_metadata(const char *application, int save_error = 0; int fd = -1; FILE *config_file = NULL; - int can_free = 0; char abs_name[PATH_MAX + 1]; + char buff[CONVERSION_BUFFER]; TRACE_FLOW_STRING("config_from_fd_with_metadata", "Entry"); @@ -703,10 +705,12 @@ int config_from_fd_with_metadata(const char *application, if (save_error) { /* Record the result of the open file operation in metadata */ - error = col_add_int_property(*metadata, + snprintf(buff, CONVERSION_BUFFER, "%d", file_error); + error = col_add_str_property(*metadata, INI_META_SEC_ERROR, INI_META_KEY_READ_ERROR, - file_error); + buff, + 0); if (error) { /* Something is really wrong if we failed here */ TRACE_ERROR_NUMBER("Failed to save file open error", error); @@ -731,15 +735,17 @@ int config_from_fd_with_metadata(const char *application, } - /* Collect meta data before actually parsing the file */ - error = collect_metadata(metaflags, - metadata, - config_file, - abs_name); - if(error) { - TRACE_ERROR_NUMBER("Failed to collect metadata", error); - fclose(config_file); - return error; + if (metadata) { + /* Collect meta data before actually parsing the file */ + error = collect_metadata(metaflags, + metadata, + config_file, + abs_name); + if(error) { + TRACE_ERROR_NUMBER("Failed to collect metadata", error); + fclose(config_file); + return error; + } } if (!(metaflags & INI_META_ACTION_NOPARSE)) { @@ -751,7 +757,7 @@ int config_from_fd_with_metadata(const char *application, error_level, error_list, metaflags, - *metadata); + metadata); } /* We opened the file we close it */ @@ -1529,7 +1535,7 @@ static unsigned long long get_ullong_config_value(struct collection_item *item, char *endptr; unsigned long long val = 0; - TRACE_FLOW_STRING("get_long_config_value", "Entry"); + TRACE_FLOW_STRING("get_ullong_config_value", "Entry"); /* Do we have the item ? */ if ((item == NULL) || @@ -1561,7 +1567,7 @@ static unsigned long long get_ullong_config_value(struct collection_item *item, return def; } - TRACE_FLOW_NUMBER("get_long_config_value returning", (long)val); + TRACE_FLOW_NUMBER("get_ullong_config_value returning", (long)val); return val; } diff --git a/common/ini/ini_config.h b/common/ini/ini_config.h index c0f82d0f1..a5fd4a932 100644 --- a/common/ini/ini_config.h +++ b/common/ini/ini_config.h @@ -264,6 +264,42 @@ */ /** + * @defgroup accesscheck Access control check flags + * + * @{ + */ + +/** + * @brief Validate access mode + * + * If this flag is specified the mode parameter + * will be matched against the permissions set on the file + * using the provided mask. + */ +#define INI_ACCESS_CHECK_MODE 0x00000001 + +/** + * @brief Validate uid + * + * Provided uid will be checked against uid + * of the file. + */ +#define INI_ACCESS_CHECK_UID 0x00000002 + +/** + * @brief Validate gid + * + * Provided gid will be checked against gid + * of the file. + */ +#define INI_ACCESS_CHECK_GID 0x00000004 + +/** + * @} + */ + + +/** * @} */ @@ -485,6 +521,7 @@ const char *parsing_error_str(int parsing_error); * * @return 0 - Success. * @return EINVAL - Invalid parameter. + * @return EMOMEM - No memory. * @return Any error returned by fopen(). * */ @@ -516,6 +553,7 @@ int config_from_file(const char *application, * detected during parsing. * * @return 0 - Success. + * @return EMOMEM - No memory. * @return EINVAL - Invalid parameter. * */ @@ -567,6 +605,7 @@ int config_from_fd(const char *application, * * @return 0 - Success. * @return EINVAL - Invalid parameter. + * @return EMOMEM - No memory. * @return Any error returned by fopen(). * * @@ -622,6 +661,7 @@ int config_from_file_with_metadata( * * @return 0 - Success. * @return EINVAL - Invalid parameter. + * @return EMOMEM - No memory. * */ int config_from_fd_with_metadata( @@ -660,6 +700,7 @@ int config_from_fd_with_metadata( * * @return 0 - Success. * @return EINVAL - Invalid parameter. + * @return EMOMEM - No memory. * @return Any error returned by fopen(). */ int config_for_app(const char *application, @@ -715,6 +756,7 @@ int config_for_app(const char *application, * * @return 0 - Success. * @return EINVAL - Invalid parameter. + * @return EMOMEM - No memory. * @return Any error returned by fopen(). */ int config_for_app_with_metadata( @@ -727,6 +769,76 @@ int config_for_app_with_metadata( uint32_t metaflags, struct collection_item **meta_default, struct collection_item **meta_appini); + + +/** + * + * @brief Function to check ownership and permissions + * + * The function allow caller to make decision + * if the configuration file is from a trusted source + * or not. + * + * The flags control how to perform check. + * See \ref accesscheck "Access control check flags" + * section for more information. + * + * @param[in] metadata Meta data object. + * Can't be NULL. + * @param[in] flags How and what to check. + * Must be nonzero. + * @param[in] uid UID to check. + * @param[in] gid GID to check. + * @param[in] mode Mode to check. + * Only permission bits + * are used. + * @param[in] mask Which mode bits to check. + * If 0 all permision bits + * are checked. + * + * @return 0 - Success. + * @return EINVAL - Invalid parameter. + * @return EACCESS - File properties do not match provided + * access parameters. + */ +int config_access_check(struct collection_item *metadata, + uint32_t flags, + uid_t uid, + gid_t gid, + mode_t mode, + mode_t mask); + + +/** + * @brief Function compares two meta data objects + * + * Function compares two meta data objects + * to determine whether the configuration + * has changed since last time the meta data + * was collected. + * The function checks three things about the + * file: + * - time stamp + * - device ID + * - i-node + * If any of those changes function will indicate + * that configuration changed. + * + * @param[in] metadata Recent meta data object. + * @param[in] saved_metadata Previously saved meta + * data object. + * @param[out] changed Will be set to a nonzero value + * if the configuration has changed. + * + * @return 0 - No internal error + * @return EINVAL - Invalid argument + * @return ENOENT - Expected value is missing + * @return ENOMEM - No memory + */ +int config_changed(struct collection_item *metadata, + struct collection_item *saved_metadata, + int *changed); + /** * @brief Function to free configuration object. * @@ -747,7 +859,7 @@ void free_ini_config_errors(struct collection_item *error_set); /** * @brief Function to free metadata. * - * @param[in] error_set Configuration meta data object. + * @param[in] metadata Configuration meta data object. * */ void free_ini_config_metadata(struct collection_item *metadata); diff --git a/common/ini/ini_config_ut.c b/common/ini/ini_config_ut.c index dde1c52cc..44d633fcb 100644 --- a/common/ini/ini_config_ut.c +++ b/common/ini/ini_config_ut.c @@ -136,8 +136,10 @@ int single_file(void) &metadata); if (error) { printf("Attempt to read configuration returned error: %d\n",error); - printf("\n\nMetadata\n"); - col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + if (metadata) { + printf("\n\nMeta data\n"); + col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + } free_ini_config_metadata(metadata); return error; } @@ -146,7 +148,7 @@ int single_file(void) printf("Expected no config but got some.\n"); col_debug_collection(ini_config, COL_TRAVERSE_DEFAULT); free_ini_config(ini_config); - printf("\n\nMetadata\n"); + printf("\n\nMeta data\n"); col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); free_ini_config_metadata(metadata); return EINVAL; @@ -249,8 +251,10 @@ int single_fd(void) printf("\n\nErrors\n"); print_file_parsing_errors(stdout, error_set); free_ini_config_errors(error_set); - printf("\n\nMetadata\n"); - col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + if (metadata) { + printf("\n\nMeta data\n"); + col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + } free_ini_config_metadata(metadata); return error; } @@ -262,8 +266,6 @@ int single_fd(void) return EINVAL; } - /* FIXME get elements of the meta data and check them */ - COLOUT(printf("\n\nMeta data\n")); COLOUT(col_debug_collection(metadata, COL_TRAVERSE_DEFAULT)); @@ -1062,6 +1064,251 @@ int get_test(void) return EOK; } +/* This is an emulation of the case when daemon starts + * and one needs to parse the configuration file + * for the first time and load configuration + */ +int startup_test(void) +{ + int error; + struct collection_item *ini_config = NULL; + struct collection_item *error_set = NULL; + struct collection_item *metadata = NULL; + uint32_t flags; + + + /* At startup we can simplify our life by + * parsing configuration and then checking + * the permissions. It is less optimal from + * the performnce point of view but simple to implement. + * Since it is the start of the daemon we can + * hope that parsing the config file would + * usually not a be a wasted effort. + * If permission check fails that means we should + * exit. Ok so we just parse the INI file for nothing. + * Not a big deal, I would say... + */ + + COLOUT(printf("STARTUP TEST\n")); + + + flags = INI_META_SEC_ACCESS_FLAG | + INI_META_SEC_ERROR_FLAG; + + error = config_from_file_with_metadata("test", "./ini.conf", + &ini_config, INI_STOP_ON_NONE, + &error_set, + flags, + &metadata); + /* + * This is just for debugging. + * do not copy into your implementation + */ + if (metadata) { + COLOUT(printf("\n\nMeta data\n")); + COLOUT(col_debug_collection(metadata, COL_TRAVERSE_DEFAULT)); + } + + + if (error) { + printf("Attempt to read configuration returned error: %d\n",error); + + /* If you want to do any specific error checking, do it here. + * If you want to get the file error code from the + * metadata get it here. + */ + free_ini_config_metadata(metadata); + + /* Error reporting start ==> */ + if (error_set) { + printf("\n\nErrors\n"); + col_debug_collection(error_set, COL_TRAVERSE_DEFAULT); + } + /* <==== end */ + free_ini_config_errors(error_set); + return error; + } + + free_ini_config_errors(error_set); + + /* So we are here if we successfully got configuration. */ + /* You can check ownership and permissions here in one call */ + /* We will check just permissions here. */ + error = config_access_check(metadata, + INI_ACCESS_CHECK_MODE, /* add uid & gui flags + * in real case + */ + 0, /* <- will be real uid in real case */ + 0, /* <- will be real gid in real case */ + 0440, /* Checkling for r--r----- */ + 0); + /* This check is expected to fail since + * the actual permissions on the test file are: rw-rw-r-- + */ + + if (!error) { + printf("Expected error got success!\n"); + free_ini_config_metadata(metadata); + free_ini_config(ini_config); + return EACCES; + } + + error = config_access_check(metadata, + INI_ACCESS_CHECK_MODE, /* add uid & gui flags + * in real case + */ + 0, /* <- will be real uid in real case */ + 0, /* <- will be real gid in real case */ + 0664, /* Checkling for rw-rw-r-- */ + 0); + + if (error) { + printf("Access check failed %d!\n", error); + free_ini_config_metadata(metadata); + free_ini_config(ini_config); + return EACCES; + } + + + /* Use configuration */ + + COLOUT(printf("\n\nMeta data\n")); + COLOUT(col_debug_collection(metadata, COL_TRAVERSE_DEFAULT)); + free_ini_config_metadata(metadata); + + COLOUT(printf("\n\n----------------------\n")); + + COLOUT(printf("\n\nConfiguration\n")); + COLOUT(col_debug_collection(ini_config, COL_TRAVERSE_DEFAULT)); + free_ini_config(ini_config); + + return 0; +} + +int reload_test(void) +{ + + int error; + struct collection_item *ini_config = NULL; + struct collection_item *metadata = NULL; + struct collection_item *saved_metadata = NULL; + uint32_t flags; + int changed = 0; + int fd; + + COLOUT(printf("RELOAD TEST\n")); + + /* Assume we saved metadata at the beginning + * when we opened the file and read configuration + * for the first time. + * Here we have to emulate it. + */ + + flags = INI_META_SEC_ACCESS_FLAG | + INI_META_ACTION_NOPARSE; + + error = config_from_file_with_metadata("test", "./ini.conf", + &ini_config, + 0, + NULL, + flags, + &saved_metadata); + if (error) { + printf("Attempt to read configuration returned error: %d\n",error); + free_ini_config_metadata(saved_metadata); + return error; + } + + /*****************************************/ + + /* We are reloading so we probably doing it becuase + * we got a signal ot some kind of time out expired + * and it might be time for us to check if we need + * to reload. So assume it is time to check... + */ + + /* It is safer to open file first */ + fd = open("./ini.conf", O_RDONLY); + if (fd < 0) { + error = errno; + printf("Attempt to read configuration returned error: %d\n", error); + free_ini_config_metadata(saved_metadata); + return error; + } + + /* You migth be checking pretty frequently, once in 5 min for example + * but the config usually does not change for months + * so you do not want to do any extra processing every time you check. + */ + + /* Do permission check here right away on the file, or... */ + + + flags = INI_META_SEC_ACCESS_FLAG | + INI_META_ACTION_NOPARSE; + + error = config_from_fd_with_metadata("test", fd, + "./ini.conf", + &ini_config, + 0, + NULL, + flags, + &metadata); + if (error) { + printf("Attempt to read configuration returned error: %d\n",error); + if (metadata) { + printf("\n\nMeta data\n"); + col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + } + free_ini_config_metadata(metadata); + free_ini_config_metadata(saved_metadata); + close(fd); + return error; + } + + /* ...or you can do permission check here using the metadata + * as it is done in the startup test. + * For now we skip this part and move on. + */ + + error = config_changed(metadata, saved_metadata, &changed); + + if (error) { + printf("Internal error: %d\n",error); + printf("\n\nSaved Meta data\n"); + col_debug_collection(saved_metadata, COL_TRAVERSE_DEFAULT); + printf("\n\nMeta data\n"); + col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + free_ini_config_metadata(saved_metadata); + free_ini_config_metadata(metadata); + close(fd); + return error; + + } + + if (changed) { + + /* Read the config from the descriptor and use it. + * Discard old saved meta data and save + * the latest one for future use... + */ + + /* Here it would be an error if it is different */ + printf("Meta data is supposed to be same but different.\n"); + printf("\n\nSaved Meta data\n"); + col_debug_collection(saved_metadata, COL_TRAVERSE_DEFAULT); + printf("\n\nMeta data\n"); + col_debug_collection(metadata, COL_TRAVERSE_DEFAULT); + } + + free_ini_config_metadata(saved_metadata); + free_ini_config_metadata(metadata); + close(fd); + + return 0; +} + + int main(int argc, char *argv[]) { int error = EOK; @@ -1086,6 +1333,8 @@ int main(int argc, char *argv[]) (error = real_test(NULL)) || /* This should result in merged configuration */ (error = real_test("./ini.conf")) || + (error = startup_test()) || + (error = reload_test()) || (error = get_test())) { printf("Test failed! Error %d.\n", error); return -1; diff --git a/common/ini/ini_metadata.c b/common/ini/ini_metadata.c index a5d5109fc..3ee9fbaa4 100644 --- a/common/ini/ini_metadata.c +++ b/common/ini/ini_metadata.c @@ -33,6 +33,12 @@ #define INI_METADATA "meta" +/* Beffer length used for int to string conversions */ +#define CONVERSION_BUFFER 80 + +/* Invalid file mode */ +#define WRONG_FMODE 0x80000000 + /* Prepare metadata */ int prepare_metadata(uint32_t metaflags, struct collection_item **metadata, @@ -73,6 +79,7 @@ int prepare_metadata(uint32_t metaflags, TRACE_ERROR_NUMBER("Failed to create error section", error); col_destroy_collection(metasec); col_destroy_collection(*metadata); + *metadata = NULL; return error; } /* If we are here we would have to save file open error */ @@ -96,6 +103,7 @@ int collect_metadata(uint32_t metaflags, struct collection_item *metasec = NULL; int filedes; struct stat file_stats; + char buff[CONVERSION_BUFFER]; TRACE_FLOW_STRING("collect_metadata", "Entry"); /* Check and create section for file error if needed */ @@ -123,10 +131,13 @@ int collect_metadata(uint32_t metaflags, /* Record statistics */ /* UID */ - error = col_add_int_property(metasec, + snprintf(buff, CONVERSION_BUFFER, "%lu", + (unsigned long)file_stats.st_uid); + error = col_add_str_property(metasec, NULL, INI_META_KEY_UID, - file_stats.st_uid); + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save uid", error); col_destroy_collection(metasec); @@ -134,10 +145,13 @@ int collect_metadata(uint32_t metaflags, } /* GID */ - error = col_add_int_property(metasec, + snprintf(buff, CONVERSION_BUFFER, "%lu", + (unsigned long)file_stats.st_gid); + error = col_add_str_property(metasec, NULL, INI_META_KEY_GID, - file_stats.st_gid); + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save gid", error); col_destroy_collection(metasec); @@ -145,10 +159,13 @@ int collect_metadata(uint32_t metaflags, } /* PERMISSIONS */ - error = col_add_unsigned_property(metasec, - NULL, - INI_META_KEY_PERM, - file_stats.st_mode); + snprintf(buff, CONVERSION_BUFFER, "%lu", + (unsigned long)file_stats.st_mode); + error = col_add_str_property(metasec, + NULL, + INI_META_KEY_PERM, + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save permissions", error); col_destroy_collection(metasec); @@ -156,10 +173,13 @@ int collect_metadata(uint32_t metaflags, } /* Modification time stamp */ - error = col_add_int_property(metasec, + snprintf(buff, CONVERSION_BUFFER, "%ld", + (long int)file_stats.st_mtime); + error = col_add_str_property(metasec, NULL, INI_META_KEY_MODIFIED, - file_stats.st_mtime); + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save modification time", error); col_destroy_collection(metasec); @@ -178,11 +198,26 @@ int collect_metadata(uint32_t metaflags, return error; } + /* The device ID can actualy be bigger than + * 32-bits according to the type sizes. + * However it is probaly not going to happen + * on a real system. + * Add a check for this case. + */ + if (file_stats.st_dev > ULONG_MAX) { + TRACE_ERROR_NUMBER("Device is out of range", ERANGE); + col_destroy_collection(metasec); + return ERANGE; + } + /* Device ID */ - error = col_add_int_property(metasec, + snprintf(buff, CONVERSION_BUFFER, "%lu", + (unsigned long)file_stats.st_dev); + error = col_add_str_property(metasec, NULL, INI_META_KEY_DEV, - file_stats.st_dev); + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save inode", error); col_destroy_collection(metasec); @@ -190,10 +225,13 @@ int collect_metadata(uint32_t metaflags, } /* i-node */ - error = col_add_int_property(metasec, + snprintf(buff, CONVERSION_BUFFER, "%lu", + (unsigned long)file_stats.st_ino); + error = col_add_str_property(metasec, NULL, INI_META_KEY_INODE, - file_stats.st_ino); + buff, + 0); if (error) { TRACE_ERROR_NUMBER("Failed to save inode", error); col_destroy_collection(metasec); @@ -227,3 +265,244 @@ void free_ini_config_metadata(struct collection_item *metadata) col_destroy_collection(metadata); TRACE_FLOW_STRING("free_ini_config_metadata", "Exit"); } + +/* Function to check uid or gid */ +static int check_id(struct collection_item *metadata, + unsigned long id, + const char *key) +{ + int error = EOK; + struct collection_item *item = NULL; + unsigned long fid; + + TRACE_FLOW_STRING("check_id", "Entry"); + TRACE_INFO_STRING("Key", key); + + error = get_config_item(INI_META_SEC_ACCESS, + key, + metadata, + &item); + if (error) { + TRACE_ERROR_NUMBER("Internal collection error.", error); + return error; + } + + /* Entry is supposed to be there so it is an error + * is the item is not found. + */ + if (item == NULL) { + TRACE_ERROR_NUMBER("Expected item is not found.", ENOENT); + return ENOENT; + } + + fid = get_ulong_config_value(item, 1, -1, &error); + if ((error) || (fid == -1)) { + TRACE_ERROR_NUMBER("Conversion failed", EINVAL); + return EINVAL; + } + + if (id != fid) { + TRACE_ERROR_NUMBER("File ID:", fid); + TRACE_ERROR_NUMBER("ID passed in.", id); + TRACE_ERROR_NUMBER("Access denied.", EACCES); + return EACCES; + } + + TRACE_FLOW_STRING("check_id", "Exit"); + return EOK; +} + +/* Function to check access */ +int config_access_check(struct collection_item *metadata, + uint32_t flags, + uid_t uid, + gid_t gid, + mode_t mode, + mode_t mask) +{ + int error = EOK; + struct collection_item *item = NULL; + mode_t f_mode; + + TRACE_FLOW_STRING("config_access_check", "Entry"); + + flags &= INI_ACCESS_CHECK_MODE | + INI_ACCESS_CHECK_GID | + INI_ACCESS_CHECK_UID; + + if ((metadata == NULL) || (flags == 0)) { + TRACE_ERROR_NUMBER("Invalid parameter.", EINVAL); + return EINVAL; + + } + + /* Check that metadata is actually metadata */ + if(!col_is_of_class(metadata, COL_CLASS_INI_META)) { + TRACE_ERROR_NUMBER("Invalid collection.", EINVAL); + return EINVAL; + } + + /* Check mode */ + if (flags & INI_ACCESS_CHECK_MODE) { + + error = get_config_item(INI_META_SEC_ACCESS, + INI_META_KEY_PERM, + metadata, + &item); + if (error) { + TRACE_ERROR_NUMBER("Internal collection error.", error); + return error; + } + + /* Entry is supposed to be there so it is an error + * is the item is not found. + */ + if (item == NULL) { + TRACE_ERROR_NUMBER("Expected item is not found.", ENOENT); + return ENOENT; + } + + f_mode = (mode_t)get_ulong_config_value(item, 1, WRONG_FMODE, &error); + if ((error) || (f_mode == WRONG_FMODE)) { + TRACE_ERROR_NUMBER("Conversion failed", error); + return ENOENT; + } + + TRACE_INFO_NUMBER("File mode as saved.", f_mode); + f_mode &= S_IRWXU | S_IRWXG | S_IRWXO; + TRACE_INFO_NUMBER("File mode adjusted.", f_mode); + + TRACE_INFO_NUMBER("Mode as provided.", mode); + mode &= S_IRWXU | S_IRWXG | S_IRWXO; + TRACE_INFO_NUMBER("Mode adjusted.", mode); + + /* Adjust mask */ + if (mask == 0) mask = S_IRWXU | S_IRWXG | S_IRWXO; + else mask &= S_IRWXU | S_IRWXG | S_IRWXO; + + if ((mode & mask) != (f_mode & mask)) { + TRACE_INFO_NUMBER("File mode:", (mode & mask)); + TRACE_INFO_NUMBER("Mode adjusted.", (f_mode & mask)); + TRACE_ERROR_NUMBER("Access denied.", EACCES); + return EACCES; + } + } + + /* Check uid */ + if (flags & INI_ACCESS_CHECK_UID) { + + error = check_id(metadata, (unsigned long)uid, INI_META_KEY_UID); + if (error) { + TRACE_ERROR_NUMBER("Check for UID failed.", error); + return error; + } + } + + /* Check gid */ + if (flags & INI_ACCESS_CHECK_GID) { + + error = check_id(metadata, (unsigned long)gid, INI_META_KEY_GID); + if (error) { + TRACE_ERROR_NUMBER("Check for UID failed.", error); + return error; + } + } + + TRACE_FLOW_STRING("config_access_check", "Exit"); + return error; + +} + +static unsigned long get_checked_value(struct collection_item *metadata, + const char *key, + int *err) +{ + + int error = EOK; + struct collection_item *item = NULL; + unsigned long value; + + TRACE_FLOW_STRING("get_checked_value", "Entry"); + TRACE_INFO_STRING("Key", key); + + error = get_config_item(INI_META_SEC_ACCESS, + key, + metadata, + &item); + if (error) { + TRACE_ERROR_NUMBER("Internal collection error.", error); + *err = error; + return 0; + } + + /* Entry is supposed to be there so it is an error + * is the item is not found. + */ + if (item == NULL) { + TRACE_ERROR_NUMBER("Expected item is not found.", ENOENT); + *err = ENOENT; + return 0; + } + + value = get_ulong_config_value(item, 1, -1, &error); + if ((error) || (value == -1)) { + TRACE_ERROR_NUMBER("Conversion failed", EINVAL); + *err = EINVAL; + return 0; + } + + *err = 0; + + TRACE_FLOW_NUMBER("get_checked_value Returning", value); + return value; + +} + + +/* Function to check whether the configuration is different */ +int config_changed(struct collection_item *metadata, + struct collection_item *saved_metadata, + int *changed) +{ + int error = EOK; + struct collection_item *md[2]; + unsigned long value[3][2]; + const char *key[] = { INI_META_KEY_MODIFIED, + INI_META_KEY_DEV, + INI_META_KEY_INODE }; + int i, j; + + + TRACE_FLOW_STRING("config_changed", "Entry"); + + if ((!metadata) || + (!saved_metadata) || + (!changed) || + (!col_is_of_class(metadata, COL_CLASS_INI_META)) || + (!col_is_of_class(saved_metadata, COL_CLASS_INI_META))) { + TRACE_ERROR_NUMBER("Invalid argument.", EINVAL); + return EINVAL; + } + + md[0] = metadata; + md[1] = saved_metadata; + + /* Get three values from each collection and compare them */ + for (i = 0; i < 3; i++) { + for (j = 0; j < 2; j++) { + value[i][j] = get_checked_value(md[j], key[i] , &error); + if (error) { + TRACE_ERROR_NUMBER("Failed to get section.", error); + return error; + } + } + if (value[i][0] != value[i][1]) { + *changed = 1; + break; + } + } + + TRACE_FLOW_STRING("config_changed", "Exit"); + return error; + +} |