|
version 1.2, 2007/05/25 18:35:07
|
version 1.10, 2008/12/02 09:00:13
|
|
|
|
| /* | /* |
| //%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
| // | // |
| // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
| // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
| // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
| // IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
| // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
| // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
| // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
| // EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
| // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
| // EMC Corporation; Symantec Corporation; The Open Group. |
|
| // | // |
| // Permission is hereby granted, free of charge, to any person obtaining a copy |
// Permission is hereby granted, free of charge, to any person obtaining a |
| // of this software and associated documentation files (the "Software"), to |
// copy of this software and associated documentation files (the "Software"), |
| // deal in the Software without restriction, including without limitation the |
// to deal in the Software without restriction, including without limitation |
| // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| // sell copies of the Software, and to permit persons to whom the Software is |
// and/or sell copies of the Software, and to permit persons to whom the |
| // furnished to do so, subject to the following conditions: |
// Software is furnished to do so, subject to the following conditions: |
| // | // |
| // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// The above copyright notice and this permission notice shall be included |
| // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// in all copies or substantial portions of the Software. |
| // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
| // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
| // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
| // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
| // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
| // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
| // | // |
| //%///////////////////////////////////////////////////////////////////////////// |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
| |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
| |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
| |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
| |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| |
// |
| |
////////////////////////////////////////////////////////////////////////// |
| */ | */ |
| |
|
| #include <sys/types.h> | #include <sys/types.h> |
| #include <sys/stat.h> | #include <sys/stat.h> |
| #include <unistd.h> | #include <unistd.h> |
| #include <stdlib.h> | #include <stdlib.h> |
| #include <string.h> | #include <string.h> |
| #include <stdio.h> | #include <stdio.h> |
| |
#include <grp.h> |
| #include "Defines.h" | #include "Defines.h" |
| |
#include "Globals.h" |
| #include "Fatal.h" | #include "Fatal.h" |
| #include "Path.h" | #include "Path.h" |
| #include "Log.h" | #include "Log.h" |
|
|
|
| int argc, | int argc, |
| char** argv, | char** argv, |
| const char* path, | const char* path, |
| |
const char* userName, |
| int uid, | int uid, |
| int gid, | int gid, |
| int sock) | int sock) |
| { | { |
| char sockStr[EXECUTOR_BUFFER_SIZE]; | char sockStr[EXECUTOR_BUFFER_SIZE]; |
| char username[EXECUTOR_BUFFER_SIZE]; |
|
| char** execArgv; | char** execArgv; |
| | |
| |
globals.isChildProcess = 1; |
| |
|
| /* Build argument list, adding "--executor-socket <sock>" option if | /* Build argument list, adding "--executor-socket <sock>" option if |
| * sock non-negative. | * sock non-negative. |
| */ | */ |
| | |
| execArgv = (char**)malloc(sizeof(char*) * (argc + 3)); |
if ((execArgv = (char**)malloc(sizeof(char*) * (argc + 3))) == NULL) |
| |
{ |
| |
Fatal(FL, "Memory allocation failed"); |
| |
} |
| memcpy(execArgv + 3, argv + 1, sizeof(char*) * argc); | memcpy(execArgv + 3, argv + 1, sizeof(char*) * argc); |
| | |
| sprintf(sockStr, "%d", sock); | sprintf(sockStr, "%d", sock); |
|
|
|
| Fatal(FL, "Failed to set gid to %d", gid); | Fatal(FL, "Failed to set gid to %d", gid); |
| } | } |
| | |
| |
if (initgroups(userName, gid) != 0) |
| |
{ |
| |
Fatal(FL, "Failed to initialize groups for user %s", userName); |
| |
} |
| |
|
| if (setuid(uid) != 0) | if (setuid(uid) != 0) |
| { | { |
| Fatal(FL, "Failed to set uid to %d", uid); | Fatal(FL, "Failed to set uid to %d", uid); |
|
|
|
| | |
| /* Log user info. */ | /* Log user info. */ |
| | |
| if (GetUserName(uid, username) != 0) |
|
| Fatal(FL, "cannot resolve user from uid=%d", uid); |
|
| |
|
| Log(LL_TRACE, "%s running as %s (uid=%d, gid=%d)", CIMSERVERMAIN, | Log(LL_TRACE, "%s running as %s (uid=%d, gid=%d)", CIMSERVERMAIN, |
| username, uid, gid); |
userName, uid, gid); |
| |
|
| /* |
|
| * Precheck that cimxml.socket is owned by CIMSERVERMAIN process. If |
|
| * not, then the bind would fail in the CIMSERVERMAIN process much |
|
| * later and the cause of the error would be difficult to determine. |
|
| */ |
|
| |
|
| /* Flawfinder: ignore */ |
|
| if (access(PEGASUS_LOCAL_DOMAIN_SOCKET_PATH, F_OK) == 0) |
|
| { |
|
| struct stat st; |
|
| |
|
| if (stat(PEGASUS_LOCAL_DOMAIN_SOCKET_PATH, &st) != 0 || |
|
| (int)st.st_uid != uid || |
|
| (int)st.st_gid != gid) |
|
| { |
|
| Fatal(FL, "%s process cannot stat or does not own %s", |
|
| CIMSERVERMAIN, PEGASUS_LOCAL_DOMAIN_SOCKET_PATH); |
|
| } |
|
| } |
|
| | |
| /* Exec child process. */ | /* Exec child process. */ |
| | |
| /* Flawfinder: ignore */ | /* Flawfinder: ignore */ |
| if (execv(path, execArgv) != 0) |
execv(path, execArgv); |
| Fatal(FL, "failed to exec %s", path); |
|
| | |
| exit(0); |
/* If we are still here, the exec failed. */ |
| |
Fatal(FL, "failed to exec %s", path); |
| } | } |
Return to
Child.c
CVS log
Up to [Pegasus] / pegasus / src / Executor