|
version 1.2, 2007/05/25 18:35:07
|
version 1.3, 2007/05/30 20:41:27
|
|
|
|
| #include <sys/wait.h> | #include <sys/wait.h> |
| #include <unistd.h> | #include <unistd.h> |
| #include <signal.h> | #include <signal.h> |
| |
#include <grp.h> |
| #include "Parent.h" | #include "Parent.h" |
| #include "Log.h" | #include "Log.h" |
| #include "Messages.h" | #include "Messages.h" |
|
|
|
| static void HandleStartProviderAgentRequest(int sock) | static void HandleStartProviderAgentRequest(int sock) |
| { | { |
| int status; | int status; |
| |
int uid; |
| |
int gid; |
| int pid; | int pid; |
| int to[2]; | int to[2]; |
| int from[2]; | int from[2]; |
|
|
|
| /* Log request. */ | /* Log request. */ |
| | |
| Log(LL_TRACE, "HandleStartProviderAgentRequest(): " | Log(LL_TRACE, "HandleStartProviderAgentRequest(): " |
| "module=%s gid=%d uid=%d", request.module, request.gid, request.uid); |
"module=%s userName=%s", request.module, request.userName); |
| | |
| /* Process request. */ | /* Process request. */ |
| | |
|
|
|
| if ((path = FindMacro("cimprovagtPath")) == NULL) | if ((path = FindMacro("cimprovagtPath")) == NULL) |
| Fatal(FL, "Failed to locate %s program", CIMPROVAGT); | Fatal(FL, "Failed to locate %s program", CIMPROVAGT); |
| | |
| |
#if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
| |
|
| |
/* Look up the user ID and group ID of the specified user. */ |
| |
|
| |
if (GetUserInfo(request.userName, &uid, &gid) != 0) |
| |
{ |
| |
status = -1; |
| |
break; |
| |
} |
| |
|
| |
Log(LL_TRACE, "cimprovagt user context: " |
| |
"userName=%s uid=%d gid=%d", request.userName, uid, gid); |
| |
|
| |
#endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
| |
|
| /* Create "to-agent" pipe: */ | /* Create "to-agent" pipe: */ |
| | |
| if (pipe(to) != 0) | if (pipe(to) != 0) |
|
|
|
| | |
| if (pid == 0) | if (pid == 0) |
| { | { |
| char username[EXECUTOR_BUFFER_SIZE]; |
|
| struct rlimit rlim; | struct rlimit rlim; |
| char arg1[32]; | char arg1[32]; |
| char arg2[32]; | char arg2[32]; |
|
|
|
| | |
| # if !defined(PEGASUS_DISABLE_PROV_USERCTXT) | # if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
| | |
| if (request.uid != -1 && request.gid != -1) |
if ((int)getgid() != gid) |
| { | { |
| if ((int)getgid() != request.gid) |
if (setgid((gid_t)gid) != 0) |
| { | { |
| if (setgid(request.gid) != 0) |
Log(LL_SEVERE, "setgid(%d) failed\n", gid); |
| Log(LL_SEVERE, "setgid(%d) failed\n", request.gid); |
_exit(1); |
| |
} |
| } | } |
| | |
| if ((int)getuid() != request.uid) |
if ((int)getuid() != uid) |
| { | { |
| if (setuid(request.uid) != 0) |
if (initgroups(request.userName, gid) != 0) |
| Log(LL_SEVERE, "setuid(%d) failed\n", request.uid); |
{ |
| } |
Log(LL_SEVERE, "initgroups(%s, %d) failed\n", |
| |
request.userName, |
| |
gid); |
| |
_exit(1); |
| } | } |
| | |
| if (GetUserName(getuid(), username) != 0) |
if (setuid((uid_t)uid) != 0) |
| Fatal(FL, "Failed to resolve username for uid=%d", getuid()); |
{ |
| |
Log(LL_SEVERE, "setuid(%d) failed\n", uid); |
| |
_exit(1); |
| |
} |
| |
} |
| | |
| Log(LL_TRACE, "starting %s on module %s as user %s", | Log(LL_TRACE, "starting %s on module %s as user %s", |
| path, request.module, username); |
path, request.module, request.userName); |
| | |
| # endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ | # endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
| | |
Return to
Parent.c
CVS log
Up to [Pegasus] / pegasus / src / Executor