pegasus/src/Pegasus/Common/Executor.cpp - diff

Return to Executor.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/Executor.cpp between version 1.1.2.12 and 1.25

version 1.1.2.12, 2007/01/09 20:25:40

version 1.25, 2010/10/29 05:29:50

Line 1

//%2006////////////////////////////////////////////////////////////////////////

//%LICENSE////////////////////////////////////////////////////////////////

// Licensed to The Open Group (TOG) under one or more contributor license

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with

// this work for additional information regarding copyright ownership.

// IBM Corp.; EMC Corporation, The Open Group.

// Each contributor licenses this file to you under the OpenPegasus Open

// Source License; you may not use this file except in compliance with the

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// License.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

// deal in the Software without restriction, including without limitation the

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// sell copies of the Software, and to permit persons to whom the Software is

// furnished to do so, subject to the following conditions:

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// and/or sell copies of the Software, and to permit persons to whom the

// Software is furnished to do so, subject to the following conditions:

// The above copyright notice and this permission notice shall be included

// in all copies or substantial portions of the Software.

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//////////////////////////////////////////////////////////////////////////

//%/////////////////////////////////////////////////////////////////////////////

#include <cstdio>

#include <cstdlib>

#include <cstring>

#include <Pegasus/Common/Config.h>

#if defined(PEGASUS_OS_TYPE_WINDOWS)

# include <windows.h>

#else

# include <sys/types.h>

# include <sys/socket.h>

# include <unistd.h>

# include <fcntl.h>

# include <sys/wait.h>

# include <unistd.h>

# include <errno.h>

# include <sys/types.h>

# include <sys/time.h>

# include <sys/resource.h>

#endif

#include "Constants.h"

#if defined(PEGASUS_HAS_SIGNALS)

#include "Executor.h"

# include <sys/wait.h>

#include "Mutex.h"

#endif

#include "FileSystem.h"

#include "String.h"

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/Mutex.h>

#include <Pegasus/Common/Once.h>

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/String.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Executor.h>

#include <Executor/Strlcpy.h>

#include <Executor/Strlcat.h>

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

# include <Executor/Socket.h>

# include <Executor/Messages.h>

#endif

Line 65

Line 69

# include <Executor/PAMAuth.h>

#endif

#ifdef PEGASUS_OS_PASE

# include <as400_protos.h> // For fork400()

#endif

#ifdef PEGASUS_OS_ZOS

# include <spawn.h>

#endif

PEGASUS_NAMESPACE_BEGIN

static int _sock = -1;

////////////////////////////////////////////////////////////////////////////////

static Mutex _mutex;

// class ExecutorImpl

////////////////////////////////////////////////////////////////////////////////

class ExecutorImpl

{

public:

static int _getSock()

virtual ~ExecutorImpl()

{

int sock;

_mutex.lock();

sock = _sock;

_mutex.unlock();

return sock;

}

virtual int detectExecutor() = 0;

virtual int ping() = 0;

virtual FILE* openFile(

const char* path,

int mode) = 0;

virtual int renameFile(

const char* oldPath,

const char* newPath) = 0;

virtual int removeFile(

const char* path) = 0;

virtual int startProviderAgent(

unsigned short bitness,

const char* module,

const String& pegasusHome,

const String& userName,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe) = 0;

virtual int daemonizeExecutor() = 0;

virtual int reapProviderAgent(

int pid) = 0;

virtual int authenticatePassword(

const char* username,

const char* password) = 0;

virtual int validateUser(

const char* username) = 0;

virtual int challengeLocal(

const char* username,

char challengeFilePath[EXECUTOR_BUFFER_SIZE]) = 0;

virtual int authenticateLocal(

const char* challengeFilePath,

const char* response) = 0;

virtual int updateLogLevel(

const char* logLevel) = 0;

};

////////////////////////////////////////////////////////////////////////////////

////

//// Loopback stubs:

// class ExecutorLoopbackImpl

////

////////////////////////////////////////////////////////////////////////////////

static int Loopback_ping()

class ExecutorLoopbackImpl : public ExecutorImpl

{

public:

virtual ~ExecutorLoopbackImpl()

{

// Nothing to do.

return 0;

}

FILE* Loopback_openFile(

virtual int detectExecutor()

{

return -1;

}

virtual int ping()

{

return -1;

}

virtual FILE* openFile(

const char* path,

int mode)

{

FILE* fhandle = NULL;

switch (mode)

{

case 'r':

return fopen(path, "rb");

fhandle = fopen(path, "r");

break;

case 'w':

return fopen(path, "wb");

fhandle = fopen(path, "w");

break;

case 'a':

return fopen(path, "a+");

fhandle = fopen(path, "a+");

break;

default:

return NULL;

PEGASUS_ASSERT(fhandle);

break;

}

if(!fhandle)

{

PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,

"Open of file %s in mode %c failed: %s",path,mode,

(const char*) PEGASUS_SYSTEM_ERRORMSG.getCString()));

}

return fhandle;

}

static int Loopback_renameFile(

virtual int renameFile(

const char* oldPath,

const char* newPath)

{

return FileSystem::renameFile(oldPath, newPath) ? 0 : -1;

}

static int Loopback_removeFile(

virtual int removeFile(

const char* path)

{

return FileSystem::removeFile(path) ? 0 : -1;

}

static int _getProviderAgentPath(String& path)

virtual int startProviderAgent(

unsigned short bitness,

const char* module,

const String& pegasusHome,

const String& userName,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

// ATTN: is this really a sufficient replacement for getHomedPath().

PEG_METHOD_ENTER(TRC_SERVER,"ExecutorLoopbackImpl::startProviderAgent");

// Does getHomedPath() use the configuration file?

path = PEGASUS_PROVIDER_AGENT_PROC_NAME;

#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

if (path[0] != '/')

// Resolve full path of "cimprovagt" program.

{

const char* env = getenv("PEGASUS_HOME");

if (!env)

String path = FileSystem::getAbsolutePath(

return -1;

pegasusHome.getCString(),

bitness == PG_PROVMODULE_BITNESS_32 ?

PEGASUS_PROVIDER_AGENT32_PROC_NAME :

PEGASUS_PROVIDER_AGENT_PROC_NAME);

path = String(env) + String("/") + path;

// Create CString handles for cimprovagt arguments

}

return 0;

CString agentProgramPath = path.getCString();

}

CString userNameCString = userName.getCString();

# if defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS)

const char* setUserContextFlag = "0"; // False

# else

const char* setUserContextFlag = "1"; // True

# endif

#if defined(PEGASUS_OS_TYPE_WINDOWS)

static int Loopback_startProviderAgent(

const char* module,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

AutoMutex autoMutex(_mutex);

// Set output parameters in case of failure.

Line 166

Line 261

// Create pipes. Export handles to string.

AnonymousPipe* pipeFromAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeFromAgent(new AnonymousPipe());

AnonymousPipe* pipeToAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeToAgent(new AnonymousPipe());

char readHandle[32];

char writeHandle[32];

Line 185

Line 280

ZeroMemory(&siStartInfo, sizeof (STARTUPINFO));

siStartInfo.cb = sizeof (STARTUPINFO);

// Build full path of "cimprovagt" program.

String path;

if (_getProviderAgentPath(path) != 0)

{

delete pipeToAgent;

delete pipeFromAgent;

return -1;

}

// Format command line.

char cmdLine[2048];

sprintf(cmdLine, "\"%s\" %s %s \"%s\"",

sprintf(cmdLine, "\"%s\" %s %s %s \"%s\" \"%s\"",

(const char*)path.getCString(),

(const char*)agentProgramPath,

setUserContextFlag,

readHandle,

writeHandle,

(const char*)userNameCString,

module);

// Create provider agent proess.

Line 220

Line 306

&siStartInfo, // STARTUPINFO

&piProcInfo)) // PROCESS_INFORMATION

{

delete pipeToAgent;

PEG_METHOD_EXIT();

delete pipeFromAgent;

return -1;

}

Line 233

Line 318

pipeToAgent->closeReadHandle();

pipeFromAgent->closeWriteHandle();

readPipe = pipeFromAgent;

readPipe = pipeFromAgent.release();

writePipe = pipeToAgent;

writePipe = pipeToAgent.release();

PEG_METHOD_EXIT();

return 0;

}

#elif defined(PEGASUS_OS_OS400)

static int Loopback_startProviderAgent(

const char* module,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

// ATTN: no implementation for OS400.

return -1;

}

#else /* POSIX CASE FOLLOWS */

static int Loopback_startProviderAgent(

const SessionKey& sessionKey,

const char* module,

int uid,

int gid,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

AutoMutex autoMutex(_mutex);

// Initialize output parameters in case of error.

providerAgentSessionKey.clear();

pid = -1;

readPipe = 0;

writePipe = 0;

Line 278

Line 338

int to[2];

int from[2];

char toPipeArg[32];

char fromPipeArg[32];

{

// Resolve full path of "cimprovagt".

String path;

if (_getProviderAgentPath(path) != 0)

return -1;

// Create "to-agent" pipe:

if (pipe(to) != 0)

{

PEG_METHOD_EXIT();

return -1;

}

// Create "from-agent" pipe:

if (pipe(from) != 0)

{

PEG_METHOD_EXIT();

return -1;

}

// Fork process:

// Initialize the cimprovagt pipe arguments:

#if !defined(PEGASUS_OS_VMS)

sprintf(toPipeArg, "%d", to[0]);

sprintf(fromPipeArg, "%d", from[1]);

// Start provider agent:

# if defined(PEGASUS_OS_ZOS)

// zOS uses __spawn2() instead of fork() to start provider agent

struct __inheritance inherit;

const char *c_argv[7];

c_argv[0] = agentProgramPath;

c_argv[1] = setUserContextFlag;

c_argv[2] = toPipeArg;

c_argv[3] = fromPipeArg;

c_argv[4] = userNameCString;

c_argv[5] = module;

c_argv[6] = NULL;

// reset the inherit structure

memset(&inherit,0,sizeof(inherit));

// The provider agent should get a defined JobName.

inherit.flags=SPAWN_SETJOBNAME;

memcpy( inherit.jobname,"CFZOOPA ",

sizeof(inherit.jobname));

PEG_TRACE((TRC_SERVER, Tracer::LEVEL4,

"Starting provider agent: %s %s %s %s %s %s %s",

(const char*)agentProgramPath,

c_argv[0],

c_argv[1],

c_argv[2],

c_argv[3],

c_argv[4],

c_argv[5]));

pid = __spawn2(agentProgramPath,0,NULL,&inherit,

c_argv,(const char **)environ);

if (pid < 0)

{

PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,

"Spawn of provider agent fails:%s "

"( errno %d , reason code %08X )",

strerror(errno) ,errno,__errno2()));

PEG_METHOD_EXIT();

return -1;

}

# else // !defined(PEGASUS_OS_ZOS)

# if defined(PEGASUS_OS_VMS)

pid = (int)vfork();

# elif defined(PEGASUS_OS_PASE)

pid = (int)fork400("QUMEPRVAGT",0);

#else

pid = (int)fork();

#endif

if (pid < 0)

{

PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,

"Fork for provider agent fails: errno = %d",errno));

PEG_METHOD_EXIT();

return -1;

}

// If child proceses.

if (pid == 0)

{

// Child process

# if !defined(PEGASUS_OS_VMS)

// Close unused pipe descriptors:

close(to[1]);

close(from[0]);

#if !defined(PEGASUS_OS_VMS)

// Close unused descriptors. Leave stdin, stdout, stderr,

// and the child's pipe descriptors open.

// Close unused descriptors. Leave stdin, stdout, stderr, and the

// child's pipe descriptors open.

struct rlimit rlim;

Line 336

Line 455

#endif /* !defined(PEGASUS_OS_VMS) */

// Set uid and gid for the new provider agent process.

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT)

if (uid != -1 && gid != -1)

{

if ((int)getgid() != gid)

{

// ATTN: log failure!

setgid(gid);

}

if ((int)getuid() != uid)

{

// ATTN: log failure!

setuid(uid);

}

# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */

// Exec the cimprovagt program.

char arg1[32];

char arg2[32];

sprintf(arg1, "%d", to[0]);

sprintf(arg2, "%d", from[1]);

{

CString cstr = path.getCString();

if (execl(

execl(cstr, cstr, arg1, arg2, module, (char*)0);

agentProgramPath,

setUserContextFlag,

toPipeArg,

fromPipeArg,

(const char*)userNameCString,

module,

(char*)0) == -1)

{

PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,

"execl() failed. errno = %d.", errno));

_exit(1);

}

// ATTN: log failure!

}

# endif /* PEGASUS_OS_ZOS */

}

while (0);

PEG_TRACE((TRC_SERVER, Tracer::LEVEL4,

"Provider agent started: pid(%d).", pid));

// Close unused pipe descriptors.

close(to[0]);

Line 396

Line 502

readPipe = new AnonymousPipe(readFdStr, 0);

writePipe = new AnonymousPipe(0, writeFdStr);

# if defined(PEGASUS_HAS_SIGNALS)

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) && !defined(PEGASUS_OS_ZOS)

// The cimprovagt forks and returns right away. Clean up the zombie

// process now instead of in reapProviderAgent().

int status = 0;

while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR)

;

# endif

PEG_METHOD_EXIT();

return 0;

}

#endif /* !defined(START_PROVIDER_AGENT) */

# endif /* POSIX CASE */

static int Loopback_daemonizeExecutor()

#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */

{

// Nothing to do.

// Out-of-Process providers are never started by the cimserver process

return 0;

// when Privilege Separation is enabled.

return -1;

#endif

}

static int Loopback_changeOwner(

virtual int daemonizeExecutor()

const char* path,

const char* owner)

{

return FileSystem::changeFileOwner(path, owner) ? 0 : -1;

return -1;

}

static int Loopback_reapProviderAgent(

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

int status;

#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

int status = 0;

# if defined(PEGASUS_HAS_SIGNALS)

# if defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS)

// When provider user context is enabled, this is done in

// startProviderAgent().

while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR)

;

# endif

return status;

#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */

// Out-of-Process providers are never started by the cimserver process

// when Privilege Separation is enabled.

return -1;

#endif

}

static int Loopback_authenticatePassword(

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

sessionKey.clear();

#if defined(PEGASUS_PAM_AUTHENTICATION)

return PAMAuthenticate(username, password);

#else

// ATTN: not handled so don't call in this case.

return -1;

#endif

}

static int Loopback_validateUser(

virtual int validateUser(

const char* username)

{

#if defined(PEGASUS_PAM_AUTHENTICATION)

return PAMValidateUser(username);

#else

// ATTN: not handled so don't call in this case.

return -1;

#endif

}

////////////////////////////////////////////////////////////////////////////////

virtual int challengeLocal(

////////////////////////////////////////////////////////////////////////////////

const char* username,

////

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

//// Out-of-process stubs.

////

////////////////////////////////////////////////////////////////////////////////

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

//==============================================================================

// _recv()

// Receives *size* bytes from the given socket.

//==============================================================================

static ssize_t _recv(int sock, void* buffer, size_t size)

{

size_t r = size;

// ATTN: not handled so don't call in this case.

char* p = (char*)buffer;

if (size == 0)

return -1;

}

while (r)

virtual int authenticateLocal(

const char* challengeFilePath,

const char* response)

{

ssize_t n;

// ATTN: not handled so don't call in this case.

EXECUTOR_RESTART(read(sock, p, r), n);

if (n == -1)

return -1;

else if (n == 0)

return size - r;

r -= n;

p += n;

}

return size - r;

virtual int updateLogLevel(

const char* logLevel)

{

// If Privilege Separation is not enabled, we don't need to update

// the log level in the Executor.

return 0;

}

//==============================================================================

private:

Mutex _mutex;

};

////////////////////////////////////////////////////////////////////////////////

// _send()

// class ExecutorSocketImpl : public ExecutorImpl

// Sends *size* bytes on the given socket.

//==============================================================================

////////////////////////////////////////////////////////////////////////////////

static ssize_t _send(int sock, void* buffer, size_t size)

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

{

size_t r = size;

char* p = (char*)buffer;

while (r)

class ExecutorSocketImpl : public ExecutorImpl

{

ssize_t n;

public:

EXECUTOR_RESTART(write(sock, p, r), n);

if (n == -1)

return -1;

else if (n == 0)

return size - r;

r -= n;

ExecutorSocketImpl(int sock) : _sock(sock)

p += n;

}

return size - r;

}

static int _receiveDescriptorArray(int sock, int descriptors[], size_t count)

{

// This control data begins with a cmsghdr struct followed by the data

}

// (a descriptor in this case). The union ensures that the data is aligned

// suitably for the leading cmsghdr struct. The descriptor itself is

// properly aligned since the cmsghdr ends on a boundary that is suitably

// aligned for any type (including int).

// ControlData = [ cmsghdr | int ]

size_t size = CMSG_SPACE(sizeof(int) * count);

char* data = (char*)malloc(size);

// Define a msghdr that refers to the control data, which is filled in

// by calling recvmsg() below.

msghdr mh;

memset(&mh, 0, sizeof(mh));

mh.msg_control = data;

mh.msg_controllen = size;

// The other process sends a single-byte message. This byte is not

// used since we only need the control data (the descriptor) but we

// must request at least one byte from recvmsg().

struct iovec iov[1];

memset(iov, 0, sizeof(iov));

char dummy;

iov[0].iov_base = &dummy;

iov[0].iov_len = 1;

mh.msg_iov = iov;

mh.msg_iovlen = 1;

// Receive the message from the other process.

ssize_t n = recvmsg(sock, &mh, 0);

if (n <= 0)

return -1;

// Get a pointer to control message. Return if the header is null or does

// not contain what we expect.

cmsghdr* cmh = CMSG_FIRSTHDR(&mh);

if (!cmh ||

virtual ~ExecutorSocketImpl()

cmh->cmsg_len != CMSG_LEN(sizeof(int) * count) ||

cmh->cmsg_level != SOL_SOCKET ||

cmh->cmsg_type != SCM_RIGHTS)

{

return -1;

}

// Copy the data:

virtual int detectExecutor()

{

memcpy(descriptors, CMSG_DATA(cmh), sizeof(int) * count);

return 0;

}

static int Socket_ping()

virtual int ping()

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_PING_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

ExecutorPingResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

if (response.magic == EXECUTOR_PING_MAGIC)

Line 608

Line 660

return -1;

}

FILE* Socket_openFile(

virtual FILE* openFile(

const char* path,

int mode)

{

Line 617

Line 669

if (mode != 'r' && mode != 'w' && mode != 'a')

return NULL;

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_OPEN_FILE_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return NULL;

// _send request body.

// Send request body.

ExecutorOpenFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE);

request.mode = mode;

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return NULL;

// Receive the response

ExecutorOpenFileResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return NULL;

// Receive descriptor (if response successful).

Line 648

Line 700

{

int fds[1];

if (_receiveDescriptorArray(_getSock(), fds, 1) != 0)

if (RecvDescriptorArray(_sock, fds, 1) != 0)

return NULL;

if (fds[0] == -1)

Line 665

Line 717

return NULL;

}

static int Socket_renameFile(

virtual int renameFile(

const char* oldPath,

const char* newPath)

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_RENAME_FILE_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorRenameFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.oldPath, oldPath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.newPath, newPath, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorRenameFileResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

static int Socket_removeFile(

virtual int removeFile(

const char* path)

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_REMOVE_FILE_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorRemoveFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorRemoveFileResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

static int Socket_startProviderAgent(

virtual int startProviderAgent(

const SessionKey& sessionKey,

unsigned short bitness,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

AutoMutex autoMutex(_mutex);

providerAgentSessionKey.clear();

readPipe = 0;

writePipe = 0;

// Reject strings longer than EXECUTOR_BUFFER_SIZE.

size_t n = strlen(module);

size_t moduleNameLength = strlen(module);

if (moduleNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

CString userNameCString = userName.getCString();

size_t userNameLength = strlen(userNameCString);

if (n >= EXECUTOR_BUFFER_SIZE)

if (userNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_START_PROVIDER_AGENT_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorStartProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

memcpy(request.module, module, moduleNameLength);

memcpy(request.module, module, n);

memcpy(request.userName, userNameCString, userNameLength);

request.uid = uid;

request.moduleBitness = bitness;

request.gid = gid;

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorStartProviderAgentResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

// Get the session key.

Strlcpy((char*)providerAgentSessionKey.data(),

response.key, providerAgentSessionKey.size());

// Check response status and pid.

if (response.status != 0)

Line 798

Line 848

// Receive descriptors.

int descriptors[2];

int result = _receiveDescriptorArray(_getSock(), descriptors, 2);

int result = RecvDescriptorArray(_sock, descriptors, 2);

if (result == 0)

{

int readFd = descriptors[0];

int writeFd = descriptors[1];

// Create to and from AnonymousPipe instances to correspond to the pipe

// Create to and from AnonymousPipe instances to correspond to

// descriptors created above.

// the pipe descriptors created above.

char readFdStr[32];

char writeFdStr[32];

Line 820

Line 870

return result;

}

static int Socket_daemonizeExecutor()

virtual int daemonizeExecutor()

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_DAEMONIZE_EXECUTOR_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// Receive the response

ExecutorDaemonizeExecutorResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

static int Socket_reapProviderAgent(

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

AutoMutex autoMutex(_mutex);

// The Executor process automatically cleans up all its child

// processes, so it does not need to explicitly harvest the

// _send request header:

// exit status of the cimprovagt processes it starts.

ExecutorRequestHeader header;

header.code = EXECUTOR_REAP_PROVIDER_AGENT;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body:

ExecutorReapProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

request.pid = pid;

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorReapProviderAgentResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

return 0;

}

static int Socket_authenticatePassword(

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// Send request header:

// _send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_AUTHENTICATE_PASSWORD_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorAuthenticatePasswordRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticatePasswordResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response.status;

}

static int Socket_validateUser(

virtual int validateUser(

const char* username)

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_VALIDATE_USER_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorValidateUserRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorValidateUserResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

int Socket_challengeLocal(

virtual int challengeLocal(

const char* user,

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// Send request header:

// _send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_CHALLENGE_LOCAL_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorChallengeLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.user, user, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.user, username, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorChallengeLocalResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE);

Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE);

return response.status;

}

int Socket_authenticateLocal(

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* token)

const char* response)

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_AUTHENTICATE_LOCAL_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorAuthenticateLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE);

Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.token, token, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticateLocalResponse response;

ExecutorAuthenticateLocalResponse response_;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

int Socket_newSessionKey(

if (RecvBlock(_sock, &response_, sizeof(response_)) !=

const char username[EXECUTOR_BUFFER_SIZE],

sizeof(response_))

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_NEW_SESSION_KEY_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

ExecutorNewSessionKeyRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, sizeof(request.username));

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorNewSessionKeyResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

return -1;

}

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response_.status;

return response.status;

}

int Socket_deleteSessionKey(

virtual int updateLogLevel(

const SessionKey& sessionKey)

const char* logLevel)

{

AutoMutex autoMutex(_mutex);

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_DELETE_SESSION_KEY_MESSAGE;

header.code = EXECUTOR_UPDATE_LOG_LEVEL_MESSAGE;

if (_send(_getSock(), &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// Send request body.

// Send request body:

ExecutorDeleteSessionKeyRequest request;

ExecutorUpdateLogLevelRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

Strlcpy(request.logLevel, logLevel, EXECUTOR_BUFFER_SIZE);

if (_send(_getSock(), &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorDeleteSessionKeyResponse response;

ExecutorUpdateLogLevelResponse response;

if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

private:

int _sock;

Mutex _mutex;

};

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

////////////////////////////////////////////////////////////////////////////////

// class Executor

////////////////////////////////////////////////////////////////////////////////

////

//// Executor Methods:

static int _executorSock = -1;

////

static AutoPtr<ExecutorImpl> _executorImpl;

////////////////////////////////////////////////////////////////////////////////

static Once _executorImplOnce = PEGASUS_ONCE_INITIALIZER;

////////////////////////////////////////////////////////////////////////////////

static void _initExecutorImpl()

{

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

if (_executorSock == -1)

_executorImpl.reset(new ExecutorLoopbackImpl());

else

_executorImpl.reset(new ExecutorSocketImpl(_executorSock));

#else

_executorImpl.reset(new ExecutorLoopbackImpl());

#endif

}

void Executor::setSock(int sock)

{

_mutex.lock();

_executorSock = sock;

_sock = sock;

_mutex.unlock();

}

int Executor::detectExecutor()

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return -1;

return _executorImpl->detectExecutor();

else

return 0;

}

int Executor::ping()

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_ping();

return _executorImpl->ping();

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_ping();

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

FILE* Executor::openFile(

const char* path,

int mode)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_openFile(path, mode);

return _executorImpl->openFile(path, mode);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_openFile(path, mode);

#else

return NULL;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::renameFile(

const char* oldPath,

const char* newPath)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_renameFile(oldPath, newPath);

return _executorImpl->renameFile(oldPath, newPath);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_renameFile(oldPath, newPath);

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::removeFile(

const char* path)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_removeFile(path);

return _executorImpl->removeFile(path);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_removeFile(path);

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::startProviderAgent(

const SessionKey& sessionKey,

unsigned short bitness,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_startProviderAgent(sessionKey, module,

return _executorImpl->startProviderAgent(bitness,

uid, gid, pid, providerAgentSessionKey, readPipe, writePipe);

module, pegasusHome, userName, pid, readPipe, writePipe);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_startProviderAgent(sessionKey, module,

uid, gid, pid, providerAgentSessionKey, readPipe, writePipe);

#else

providerAgentSessionKey.clear();

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::daemonizeExecutor()

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_daemonizeExecutor();

return _executorImpl->daemonizeExecutor();

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_daemonizeExecutor();

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_reapProviderAgent(sessionKey, pid);

return _executorImpl->reapProviderAgent(pid);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_reapProviderAgent(sessionKey, pid);

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_authenticatePassword(username, password, sessionKey);

return _executorImpl->authenticatePassword(username, password);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_authenticatePassword(username, password, sessionKey);

#else

sessionKey.clear();

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::validateUser(

const char* username)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return Loopback_validateUser(username);

return _executorImpl->validateUser(username);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_validateUser(username);

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::challengeLocal(

const char* user,

char path[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return -1;

return _executorImpl->challengeLocal(user, challengeFilePath);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_challengeLocal(user, path, sessionKey);

#else

sessionKey.clear();

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

if (_getSock() == -1)

return -1;

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_authenticateLocal(sessionKey, challengeResponse);

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

if (_getSock() == -1)

{

sessionKey.clear();

once(&_executorImplOnce, _initExecutorImpl);

return 0;

return _executorImpl->authenticateLocal(challengeFilePath, response);

}

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

int Executor::updateLogLevel(

return Socket_newSessionKey(username, sessionKey);

const char* logLevel)

#else

return -1;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

int Executor::deleteSessionKey(

const SessionKey& sessionKey)

{

if (_getSock() == -1)

once(&_executorImplOnce, _initExecutorImpl);

return 0;

return _executorImpl->updateLogLevel(logLevel);

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

return Socket_deleteSessionKey(sessionKey);

#else

return 0;

#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.1.2.12
changed lines
	Added in v.1.25

No CVS admin address has been configured