Remove unnecessary cache object

5edfd9e1 · Nik | Klampfradler · 751f4bbd · 5edfd9e1 · 5edfd9e1 · 5edfd9e1
Verified Commit 5edfd9e1 authored 4 years ago by Nik | Klampfradler
--- a/src/cache.rs
+++ b/src/cache.rs
@@ -43,45 +43,27 @@ const USER_TOKEN_FILENAME: &str = "user_token.json";
 /// Holds (partial or full) information about a user
 /// This will mostly be the context user (see `Cache`), and is filled with
 /// as much detail about the user as is available
-pub struct UserInfo<'a> {
+pub struct UserInfo {
    /// Numeric user ID
    uid: Option<uid_t>,
    /// Username as used for authentication
    username: Option<String>,
    /// Passwd struct (once full getpwnam/getpwuid resolution was possible)
-    passwd: Option<Passwd<'a>>,
+    passwd: Option<Passwd>,
    /// OAuth access token if freshly retrieved or known from disk backed storage
    access_token: Option<BasicTokenResponse>
 }

-/// In-memory structure to hold global process state
-/// Needed because the PAM and NSS components might be used chained (if NSS
-/// resolution is necessary to complete PAM authentication), and we need to
-/// remember state between the calls.
-pub struct Cache<'a> {
-    /// The user currently calling the library
-    /// For NSS, this will be the process owner; for PAM, this will be the user
-    /// logging in (after successful authentication)
-    pub context_user: UserInfo<'a>
-}
-
-impl Cache {
-    pub fn new() -> Cache {
-        let euid = unsafe {
-            geteuid()
-        };
-        Cache {
-            context_user: UserInfo {
-                uid: None,
-                username: None,
-                passwd: None,
-                access_token: None
-            }
+impl UserInfo {
+    pub fn new() -> UserInfo {
+        Self {
+            uid: None,
+            username: None,
+            passwd: None,
+            access_token: None
        }
    }
-}

-impl <'a>UserInfo<'a> {
    /// Set the information of this user object to that of the process owner
    // FIXME Move to Cache, with a from_current_user generator method here
    pub fn set_current_user(&mut self) {
@@ -189,7 +171,7 @@ impl <'a>UserInfo<'a> {
    pub fn set_username(&mut self, username: String) {
        self.username = Some(username);

-        if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap() {
+        if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap().to_string() {
            // Invalidate passwd because UID does not match anymore
            self.passwd = None;
            self.try_resolve();
@@ -202,12 +184,12 @@ impl <'a>UserInfo<'a> {

    /// Return the home directory from the passwd slot,
    /// attempting NSS resolution before doing so
-    pub fn get_home_directory(&mut self) -> Result<&str, io::Error> {
+    pub fn get_home_directory(&mut self) -> Result<String, io::Error> {
        if self.passwd.is_none() {
            self.try_resolve();
        }
        match &self.passwd {
-            Some(passwd) => Ok(passwd.pw_dir),
+            Some(passwd) => Ok(passwd.pw_dir.clone()),
            None => Err(io::Error::new(io::ErrorKind::InvalidInput, "foo"))
        }
    }
@@ -277,7 +259,7 @@ impl <'a>UserInfo<'a> {
            // Determine home directory and override $HOME to make the XDG code return
            // XDG directories for a different user
            let user_home = self.get_home_directory()?;
-            env::set_var("HOME", user_home);
+            env::set_var("HOME", &user_home);
            debug!("Home directory for UID {} is {}", uid, user_home);
        }

@@ -401,8 +383,12 @@ fn get_original_euid() -> uid_t {
 }

 lazy_static! {
-    static ref CACHE: Mutex<Cache> = Mutex::new(Cache::new());
+    /// Current context user
+    /// Needed because the PAM and NSS components might be used chained (if NSS
+    /// resolution is necessary to complete PAM authentication), and we need to
+    /// remember state between the calls.
+    static ref CONTEXT_USER: Mutex<UserInfo> = Mutex::new(UserInfo::new());
 }
-pub fn get_cache() -> MutexGuard<'static, Cache> {
-    CACHE.lock().unwrap()
+pub fn get_context_user() -> MutexGuard<'static, UserInfo> {
+    CONTEXT_USER.lock().unwrap()
 }
--- a/src/nss.rs
+++ b/src/nss.rs
@@ -18,7 +18,7 @@ use crate::config::{
    get_optional,
 };
 use config::Config;
-use crate::cache::get_cache;
+use crate::cache::get_context_user;

 use crate::logging::setup_log;

@@ -53,8 +53,8 @@ fn nss_hook_prepare() -> Config {
    // Set the context user to the current user, but only if not already set
    // When doing PAM, we might get called back into by libc to do some NSS
    // lookup, and we want to keep the PAM login user context in that case
-    if !get_cache().context_user.is_initialized() {
-        get_cache().context_user.set_current_user();
+    if !get_context_user().is_initialized() {
+        get_context_user().set_current_user();
    }

    return conf;
@@ -67,8 +67,8 @@ impl PasswdHooks for OidcPasswd {
        let conf = nss_hook_prepare();
        info!("[NSS] passwd.get_all_entries called");

-        let mut cache = get_cache();
-        let user_token_res = cache.context_user.get_access_token();
+        let mut context_user = get_context_user();
+        let user_token_res = context_user.get_access_token();
        // FIXME Implement caching of system token
        let system_token_res = get_access_token_client(&conf, "nss", "", "");
        let system_token_res = system_token_res.as_ref();
@@ -100,8 +100,8 @@ impl PasswdHooks for OidcPasswd {
        let conf = nss_hook_prepare();
        info!("[NSS] passwd.get_entry_by_uid called for {}", uid);

-        let mut cache = get_cache();
-        let user_token_res = cache.context_user.get_access_token();
+        let mut context_user = get_context_user();
+        let user_token_res = context_user.get_access_token();
        // FIXME Implement caching of system token
        let system_token_res = get_access_token_client(&conf, "nss", "", "");
        let system_token_res = system_token_res.as_ref();
@@ -133,8 +133,8 @@ impl PasswdHooks for OidcPasswd {
        let conf = nss_hook_prepare();
        info!("[NSS] passwd.get_entry_by_name called for {}", name);

-        let mut cache = get_cache();
-        let user_token_res = cache.context_user.get_access_token();
+        let mut context_user = get_context_user();
+        let user_token_res = context_user.get_access_token();
        // FIXME Implement caching of system token
        let system_token_res = get_access_token_client(&conf, "nss", "", "");
        let system_token_res = system_token_res.as_ref();

--- a/src/pam.rs
+++ b/src/pam.rs
@@ -24,7 +24,7 @@ use crate::oauth::get_access_token_password;

 use crate::logging::setup_log;

-use crate::cache::{get_cache, set_is_getpwnam_safe};
+use crate::cache::{get_context_user, set_is_getpwnam_safe};

 use pamsm::{PamServiceModule, Pam, PamFlag, PamError, PamLibExt};

@@ -91,8 +91,8 @@ impl PamServiceModule for PamOidc {
                Ok(t) => {
                    info!("Authenticated {} using Resource Owner Password Grant", username);
                    set_is_getpwnam_safe(false);
-                    get_cache().context_user.set_username(username.to_string());
-                    get_cache().context_user.set_access_token(t);
+                    get_context_user().set_username(username.to_string());
+                    get_context_user().set_access_token(t);
                    set_is_getpwnam_safe(true);
                    return PamError::SUCCESS;
                },