authpolicy/auth_data_cache.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "authpolicy/auth_data_cache.h"

 #include <utility>

 #include <base/files/file_path.h>
 #include <base/files/file_util.h>
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"

 #include "authpolicy/log_colors.h"

 namespace authpolicy {
 namespace {

 constexpr char kLogHeader[] = "Auth Data Cache: ";

 #define LOG_START(severity) \
   LOG_IF(severity, flags_->log_caches()) << kColorCaches << kLogHeader
 #define PLOG_START(severity) \
   PLOG_IF(severity, flags_->log_caches()) << kColorCaches << kLogHeader
 #define LOG_END kColorReset

 // Size limit when loading the cached data file (256 kb).
 constexpr size_t kCacheSizeLimit = 256 * 1024;

 }  // namespace

 AuthDataCache::AuthDataCache(const protos::DebugFlags* flags)
     : flags_(flags), clock_(std::make_unique<base::DefaultClock>()) {}

 AuthDataCache::~AuthDataCache() = default;

 bool AuthDataCache::Load(const base::FilePath& path) {
   data_.Clear();
   if (!enabled_)
     return true;

   if (!base::PathExists(path)) {
     LOG_START(ERROR) << "File '" << path.value() << "' does not exist"
                      << LOG_END;
     return false;
   }

   std::string data_blob;
   if (!base::ReadFileToStringWithMaxSize(path, &data_blob, kCacheSizeLimit)) {
     PLOG_START(ERROR) << "Failed to read '" << path.value() << "'" << LOG_END;
     return false;
   }

   if (!data_.ParseFromString(data_blob)) {
     LOG_START(ERROR) << "Failed to parse data from string" << LOG_END;
     return false;
   }

   LOG_START(INFO) << "Read '" << path.value() << "'" << LOG_END;
   return true;
 }

 bool AuthDataCache::Save(const base::FilePath& path) {
   if (!enabled_)
     return true;

   std::string data_blob;
   if (!data_.SerializeToString(&data_blob)) {
     LOG_START(ERROR) << "Failed to serialize data to string" << LOG_END;
     return false;
   }

   const int data_size = static_cast<int>(data_blob.size());
   if (base::WriteFile(path, data_blob.data(), data_size) != data_size) {
     LOG_START(ERROR) << "Failed to write '" << path.value() << "'" << LOG_END;
     return false;
   }

   // Lock access to authpolicyd rw.
   int mode =
       base::FILE_PERMISSION_READ_BY_USER | base::FILE_PERMISSION_WRITE_BY_USER;
   if (!base::SetPosixFilePermissions(path, mode)) {
     LOG_START(ERROR) << "Failed to set permissions on '" << path.value() << "'"
                      << LOG_END;
     return false;
   }

   LOG_START(INFO) << "Wrote '" << path.value() << "'" << LOG_END;
   return true;
 }

 void AuthDataCache::Clear() {
   data_.Clear();
 }

 base::Optional<std::string> AuthDataCache::GetWorkgroup(
     const std::string& realm) const {
   const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
   if (!realm_data || !realm_data->has_workgroup()) {
     LOG_START(INFO) << "No workgroup cached" << LOG_END;
     return base::nullopt;
   }
   LOG_START(INFO) << "Using cached workgroup" << LOG_END;
   return realm_data->workgroup();
 }

 base::Optional<std::string> AuthDataCache::GetKdcIp(
     const std::string& realm) const {
   const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
   if (!realm_data || !realm_data->has_kdc_ip()) {
     LOG_START(INFO) << "No KDC IP cached" << LOG_END;
     return base::nullopt;
   }
   LOG_START(INFO) << "Using cached KDC IP" << LOG_END;
   return realm_data->kdc_ip();
 }

 base::Optional<std::string> AuthDataCache::GetDcName(
     const std::string& realm) const {
   const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
   if (!realm_data || !realm_data->has_dc_name()) {
     LOG_START(INFO) << "No DC name cached" << LOG_END;
     return base::nullopt;
   }
   LOG_START(INFO) << "Using cached DC name" << LOG_END;
   return realm_data->dc_name();
 }

 base::Optional<bool> AuthDataCache::GetIsAffiliated(
     const std::string& realm) const {
   const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
   if (!realm_data || !realm_data->has_is_affiliated()) {
     LOG_START(INFO) << "No affiliation flag cached" << LOG_END;
     return base::nullopt;
   }
   LOG_START(INFO) << "Using cached affiliation flag" << LOG_END;
   return realm_data->is_affiliated();
 }

 void AuthDataCache::SetWorkgroup(const std::string& realm,
                                  const std::string& workgroup) {
   protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
   if (realm_data) {
     LOG_START(INFO) << "Setting workgroup" << LOG_END;
     realm_data->set_workgroup(workgroup);
   }
 }

 void AuthDataCache::SetKdcIp(const std::string& realm,
                              const std::string& kdc_ip) {
   protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
   if (realm_data) {
     LOG_START(INFO) << "Setting KDC IP" << LOG_END;
     realm_data->set_kdc_ip(kdc_ip);
   }
 }

 void AuthDataCache::SetDcName(const std::string& realm,
                               const std::string& dc_name) {
   protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
   if (realm_data) {
     LOG_START(INFO) << "Setting DC name" << LOG_END;
     realm_data->set_dc_name(dc_name);
   }
 }

 void AuthDataCache::SetIsAffiliated(const std::string& realm,
                                     bool is_affiliated) {
   protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
   if (realm_data) {
     realm_data->set_is_affiliated(is_affiliated);
     LOG_START(INFO) << "Setting affiliation flag" << LOG_END;
   }
 }

 void AuthDataCache::RemoveEntriesOlderThan(base::TimeDelta max_age) {
   base::Time now = clock_->Now();
   auto realm_data_map = data_.mutable_realm_data();
   for (auto it = realm_data_map->begin(); it != realm_data_map->end();
        /* empty */) {
     // Note: If the clock goes backwards for some reason, clear cache as well
     // just in case the clock was reset.
     protos::CachedRealmData& realm_data = it->second;
     base::TimeDelta age =
         now - base::Time::FromInternalValue(realm_data.cache_time());
     if (age < base::TimeDelta() || age >= max_age) {
       LOG_START(INFO) << "Removing entry from cache (age=" << age << ")"
                       << LOG_END;
       it = realm_data_map->erase(it);
     } else {
       ++it;
     }
   }
 }

 void AuthDataCache::SetClockForTesting(std::unique_ptr<base::Clock> clock) {
   clock_ = std::move(clock);
 }

 const protos::CachedRealmData* AuthDataCache::GetRealmDataForRead(
     const std::string& realm) const {
   if (!enabled_)
     return nullptr;
   auto it = data_.realm_data().find(realm);
   if (it == data_.realm_data().end())
     return nullptr;
   return &it->second;
 }

 protos::CachedRealmData* AuthDataCache::GetRealmDataForWrite(
     const std::string& realm) {
   if (!enabled_)
     return nullptr;
   protos::CachedRealmData* realm_data = &(*data_.mutable_realm_data())[realm];

   // Set cache time only on creation, but not on updates.
   if (!realm_data->has_cache_time())
     realm_data->set_cache_time(clock_->Now().ToInternalValue());

   return realm_data;
 }

 }  // namespace authpolicy
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "authpolicy/auth_data_cache.h"

	#include <utility>

	#include <base/files/file_path.h>
	#include <base/files/file_util.h>
	#include "base/time/clock.h"
	#include "base/time/default_clock.h"

	#include "authpolicy/log_colors.h"

	namespace authpolicy {
	namespace {

	constexpr char kLogHeader[] = "Auth Data Cache: ";

	#define LOG_START(severity) \
	LOG_IF(severity, flags_->log_caches()) << kColorCaches << kLogHeader
	#define PLOG_START(severity) \
	PLOG_IF(severity, flags_->log_caches()) << kColorCaches << kLogHeader
	#define LOG_END kColorReset

	// Size limit when loading the cached data file (256 kb).
	constexpr size_t kCacheSizeLimit = 256 * 1024;

	} // namespace

	AuthDataCache::AuthDataCache(const protos::DebugFlags* flags)
	: flags_(flags), clock_(std::make_unique<base::DefaultClock>()) {}

	AuthDataCache::~AuthDataCache() = default;

	bool AuthDataCache::Load(const base::FilePath& path) {
	data_.Clear();
	if (!enabled_)
	return true;

	if (!base::PathExists(path)) {
	LOG_START(ERROR) << "File '" << path.value() << "' does not exist"
	<< LOG_END;
	return false;
	}

	std::string data_blob;
	if (!base::ReadFileToStringWithMaxSize(path, &data_blob, kCacheSizeLimit)) {
	PLOG_START(ERROR) << "Failed to read '" << path.value() << "'" << LOG_END;
	return false;
	}

	if (!data_.ParseFromString(data_blob)) {
	LOG_START(ERROR) << "Failed to parse data from string" << LOG_END;
	return false;
	}

	LOG_START(INFO) << "Read '" << path.value() << "'" << LOG_END;
	return true;
	}

	bool AuthDataCache::Save(const base::FilePath& path) {
	if (!enabled_)
	return true;

	std::string data_blob;
	if (!data_.SerializeToString(&data_blob)) {
	LOG_START(ERROR) << "Failed to serialize data to string" << LOG_END;
	return false;
	}

	const int data_size = static_cast<int>(data_blob.size());
	if (base::WriteFile(path, data_blob.data(), data_size) != data_size) {
	LOG_START(ERROR) << "Failed to write '" << path.value() << "'" << LOG_END;
	return false;
	}

	// Lock access to authpolicyd rw.
	int mode =
	base::FILE_PERMISSION_READ_BY_USER \| base::FILE_PERMISSION_WRITE_BY_USER;
	if (!base::SetPosixFilePermissions(path, mode)) {
	LOG_START(ERROR) << "Failed to set permissions on '" << path.value() << "'"
	<< LOG_END;
	return false;
	}

	LOG_START(INFO) << "Wrote '" << path.value() << "'" << LOG_END;
	return true;
	}

	void AuthDataCache::Clear() {
	data_.Clear();
	}

	base::Optional<std::string> AuthDataCache::GetWorkgroup(
	const std::string& realm) const {
	const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
	if (!realm_data \|\| !realm_data->has_workgroup()) {
	LOG_START(INFO) << "No workgroup cached" << LOG_END;
	return base::nullopt;
	}
	LOG_START(INFO) << "Using cached workgroup" << LOG_END;
	return realm_data->workgroup();
	}

	base::Optional<std::string> AuthDataCache::GetKdcIp(
	const std::string& realm) const {
	const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
	if (!realm_data \|\| !realm_data->has_kdc_ip()) {
	LOG_START(INFO) << "No KDC IP cached" << LOG_END;
	return base::nullopt;
	}
	LOG_START(INFO) << "Using cached KDC IP" << LOG_END;
	return realm_data->kdc_ip();
	}

	base::Optional<std::string> AuthDataCache::GetDcName(
	const std::string& realm) const {
	const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
	if (!realm_data \|\| !realm_data->has_dc_name()) {
	LOG_START(INFO) << "No DC name cached" << LOG_END;
	return base::nullopt;
	}
	LOG_START(INFO) << "Using cached DC name" << LOG_END;
	return realm_data->dc_name();
	}

	base::Optional<bool> AuthDataCache::GetIsAffiliated(
	const std::string& realm) const {
	const protos::CachedRealmData* realm_data = GetRealmDataForRead(realm);
	if (!realm_data \|\| !realm_data->has_is_affiliated()) {
	LOG_START(INFO) << "No affiliation flag cached" << LOG_END;
	return base::nullopt;
	}
	LOG_START(INFO) << "Using cached affiliation flag" << LOG_END;
	return realm_data->is_affiliated();
	}

	void AuthDataCache::SetWorkgroup(const std::string& realm,
	const std::string& workgroup) {
	protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
	if (realm_data) {
	LOG_START(INFO) << "Setting workgroup" << LOG_END;
	realm_data->set_workgroup(workgroup);
	}
	}

	void AuthDataCache::SetKdcIp(const std::string& realm,
	const std::string& kdc_ip) {
	protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
	if (realm_data) {
	LOG_START(INFO) << "Setting KDC IP" << LOG_END;
	realm_data->set_kdc_ip(kdc_ip);
	}
	}

	void AuthDataCache::SetDcName(const std::string& realm,
	const std::string& dc_name) {
	protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
	if (realm_data) {
	LOG_START(INFO) << "Setting DC name" << LOG_END;
	realm_data->set_dc_name(dc_name);
	}
	}

	void AuthDataCache::SetIsAffiliated(const std::string& realm,
	bool is_affiliated) {
	protos::CachedRealmData* realm_data = GetRealmDataForWrite(realm);
	if (realm_data) {
	realm_data->set_is_affiliated(is_affiliated);
	LOG_START(INFO) << "Setting affiliation flag" << LOG_END;
	}
	}

	void AuthDataCache::RemoveEntriesOlderThan(base::TimeDelta max_age) {
	base::Time now = clock_->Now();
	auto realm_data_map = data_.mutable_realm_data();
	for (auto it = realm_data_map->begin(); it != realm_data_map->end();
	/* empty */) {
	// Note: If the clock goes backwards for some reason, clear cache as well
	// just in case the clock was reset.
	protos::CachedRealmData& realm_data = it->second;
	base::TimeDelta age =
	now - base::Time::FromInternalValue(realm_data.cache_time());
	if (age < base::TimeDelta() \|\| age >= max_age) {
	LOG_START(INFO) << "Removing entry from cache (age=" << age << ")"
	<< LOG_END;
	it = realm_data_map->erase(it);
	} else {
	++it;
	}
	}
	}

	void AuthDataCache::SetClockForTesting(std::unique_ptr<base::Clock> clock) {
	clock_ = std::move(clock);
	}

	const protos::CachedRealmData* AuthDataCache::GetRealmDataForRead(
	const std::string& realm) const {
	if (!enabled_)
	return nullptr;
	auto it = data_.realm_data().find(realm);
	if (it == data_.realm_data().end())
	return nullptr;
	return &it->second;
	}

	protos::CachedRealmData* AuthDataCache::GetRealmDataForWrite(
	const std::string& realm) {
	if (!enabled_)
	return nullptr;
	protos::CachedRealmData* realm_data = &(*data_.mutable_realm_data())[realm];

	// Set cache time only on creation, but not on updates.
	if (!realm_data->has_cache_time())
	realm_data->set_cache_time(clock_->Now().ToInternalValue());

	return realm_data;
	}

	} // namespace authpolicy