version 1.2, 2007/05/25 18:35:07
|
version 1.3, 2007/05/30 20:41:27
|
|
|
#include <sys/wait.h> | #include <sys/wait.h> |
#include <unistd.h> | #include <unistd.h> |
#include <signal.h> | #include <signal.h> |
|
#include <grp.h> |
#include "Parent.h" | #include "Parent.h" |
#include "Log.h" | #include "Log.h" |
#include "Messages.h" | #include "Messages.h" |
|
|
static void HandleStartProviderAgentRequest(int sock) | static void HandleStartProviderAgentRequest(int sock) |
{ | { |
int status; | int status; |
|
int uid; |
|
int gid; |
int pid; | int pid; |
int to[2]; | int to[2]; |
int from[2]; | int from[2]; |
|
|
/* Log request. */ | /* Log request. */ |
| |
Log(LL_TRACE, "HandleStartProviderAgentRequest(): " | Log(LL_TRACE, "HandleStartProviderAgentRequest(): " |
"module=%s gid=%d uid=%d", request.module, request.gid, request.uid); |
"module=%s userName=%s", request.module, request.userName); |
| |
/* Process request. */ | /* Process request. */ |
| |
|
|
if ((path = FindMacro("cimprovagtPath")) == NULL) | if ((path = FindMacro("cimprovagtPath")) == NULL) |
Fatal(FL, "Failed to locate %s program", CIMPROVAGT); | Fatal(FL, "Failed to locate %s program", CIMPROVAGT); |
| |
|
#if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
|
|
|
/* Look up the user ID and group ID of the specified user. */ |
|
|
|
if (GetUserInfo(request.userName, &uid, &gid) != 0) |
|
{ |
|
status = -1; |
|
break; |
|
} |
|
|
|
Log(LL_TRACE, "cimprovagt user context: " |
|
"userName=%s uid=%d gid=%d", request.userName, uid, gid); |
|
|
|
#endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
|
|
/* Create "to-agent" pipe: */ | /* Create "to-agent" pipe: */ |
| |
if (pipe(to) != 0) | if (pipe(to) != 0) |
|
|
| |
if (pid == 0) | if (pid == 0) |
{ | { |
char username[EXECUTOR_BUFFER_SIZE]; |
|
struct rlimit rlim; | struct rlimit rlim; |
char arg1[32]; | char arg1[32]; |
char arg2[32]; | char arg2[32]; |
|
|
| |
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) | # if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
| |
if (request.uid != -1 && request.gid != -1) |
if ((int)getgid() != gid) |
{ | { |
if ((int)getgid() != request.gid) |
if (setgid((gid_t)gid) != 0) |
{ | { |
if (setgid(request.gid) != 0) |
Log(LL_SEVERE, "setgid(%d) failed\n", gid); |
Log(LL_SEVERE, "setgid(%d) failed\n", request.gid); |
_exit(1); |
|
} |
} | } |
| |
if ((int)getuid() != request.uid) |
if ((int)getuid() != uid) |
{ | { |
if (setuid(request.uid) != 0) |
if (initgroups(request.userName, gid) != 0) |
Log(LL_SEVERE, "setuid(%d) failed\n", request.uid); |
{ |
} |
Log(LL_SEVERE, "initgroups(%s, %d) failed\n", |
|
request.userName, |
|
gid); |
|
_exit(1); |
} | } |
| |
if (GetUserName(getuid(), username) != 0) |
if (setuid((uid_t)uid) != 0) |
Fatal(FL, "Failed to resolve username for uid=%d", getuid()); |
{ |
|
Log(LL_SEVERE, "setuid(%d) failed\n", uid); |
|
_exit(1); |
|
} |
|
} |
| |
Log(LL_TRACE, "starting %s on module %s as user %s", | Log(LL_TRACE, "starting %s on module %s as user %s", |
path, request.module, username); |
path, request.module, request.userName); |
| |
# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ | # endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
| |