version 1.1.2.9, 2007/01/07 21:39:01
|
version 1.18.4.1, 2008/07/01 15:17:57
|
|
|
| |
#include <cstdio> | #include <cstdio> |
#include <cstdlib> | #include <cstdlib> |
#include <cstdlib> |
|
#include <cstring> | #include <cstring> |
| |
|
#include <Pegasus/Common/Config.h> |
|
|
#if defined(PEGASUS_OS_TYPE_WINDOWS) | #if defined(PEGASUS_OS_TYPE_WINDOWS) |
# include <windows.h> | # include <windows.h> |
#else | #else |
# include <sys/types.h> |
|
# include <sys/socket.h> |
|
# include <unistd.h> |
|
# include <fcntl.h> |
|
# include <sys/wait.h> |
|
# include <unistd.h> | # include <unistd.h> |
|
# include <errno.h> |
|
# include <sys/types.h> |
# include <sys/time.h> | # include <sys/time.h> |
# include <sys/resource.h> | # include <sys/resource.h> |
#endif | #endif |
| |
#include "Constants.h" |
#if defined(PEGASUS_HAS_SIGNALS) |
#include "Executor.h" |
# include <sys/wait.h> |
#include "Mutex.h" |
#endif |
#include "FileSystem.h" |
|
#include "String.h" |
#include <Pegasus/Common/Constants.h> |
|
#include <Pegasus/Common/Mutex.h> |
|
#include <Pegasus/Common/Once.h> |
|
#include <Pegasus/Common/FileSystem.h> |
|
#include <Pegasus/Common/String.h> |
|
#include <Pegasus/Common/Tracer.h> |
|
#include <Pegasus/Common/System.h> |
|
#include <Pegasus/Common/Executor.h> |
|
|
#include <Executor/Strlcpy.h> | #include <Executor/Strlcpy.h> |
#include <Executor/Strlcat.h> |
|
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
# include <Executor/Socket.h> |
# include <Executor/Messages.h> | # include <Executor/Messages.h> |
#endif | #endif |
| |
|
|
# include <Executor/PAMAuth.h> | # include <Executor/PAMAuth.h> |
#endif | #endif |
| |
|
#ifdef PEGASUS_OS_PASE |
|
# include <as400_protos.h> // For fork400() |
|
#endif |
|
|
|
#ifdef PEGASUS_OS_ZOS |
|
# include <spawn.h> |
|
#endif |
|
|
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
static int _sock = -1; |
//////////////////////////////////////////////////////////////////////////////// |
static Mutex _mutex; |
// |
|
// |
|
// class ExecutorImpl |
|
// |
|
// |
|
//////////////////////////////////////////////////////////////////////////////// |
|
|
|
class ExecutorImpl |
|
{ |
|
public: |
| |
static int _getSock() |
virtual ~ExecutorImpl() |
{ | { |
int sock; |
|
_mutex.lock(); |
|
sock = _sock; |
|
_mutex.unlock(); |
|
return sock; |
|
} | } |
| |
|
virtual int detectExecutor() = 0; |
|
|
|
virtual int ping() = 0; |
|
|
|
virtual FILE* openFile( |
|
const char* path, |
|
int mode) = 0; |
|
|
|
virtual int renameFile( |
|
const char* oldPath, |
|
const char* newPath) = 0; |
|
|
|
virtual int removeFile( |
|
const char* path) = 0; |
|
|
|
virtual int startProviderAgent( |
|
const char* module, |
|
const String& pegasusHome, |
|
const String& userName, |
|
int& pid, |
|
AnonymousPipe*& readPipe, |
|
AnonymousPipe*& writePipe) = 0; |
|
|
|
virtual int daemonizeExecutor() = 0; |
|
|
|
virtual int reapProviderAgent( |
|
int pid) = 0; |
|
|
|
virtual int authenticatePassword( |
|
const char* username, |
|
const char* password) = 0; |
|
|
|
virtual int validateUser( |
|
const char* username) = 0; |
|
|
|
virtual int challengeLocal( |
|
const char* username, |
|
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) = 0; |
|
|
|
virtual int authenticateLocal( |
|
const char* challengeFilePath, |
|
const char* response) = 0; |
|
|
|
virtual int updateLogLevel( |
|
const char* logLevel) = 0; |
|
}; |
|
|
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
//////////////////////////////////////////////////////////////////////////////// |
// |
//// |
// |
//// InProcess stubs: |
// class ExecutorLoopbackImpl |
//// |
// |
//////////////////////////////////////////////////////////////////////////////// |
// |
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
| |
static int InProcess_ping() |
class ExecutorLoopbackImpl : public ExecutorImpl |
{ | { |
// Nothing to do. |
public: |
return 0; |
|
|
virtual ~ExecutorLoopbackImpl() |
|
{ |
|
} |
|
|
|
virtual int detectExecutor() |
|
{ |
|
return -1; |
} | } |
| |
FILE* InProcess_openFile( |
virtual int ping() |
|
{ |
|
return -1; |
|
} |
|
|
|
virtual FILE* openFile( |
const char* path, | const char* path, |
int mode) | int mode) |
{ | { |
switch (mode) | switch (mode) |
{ | { |
case 'r': | case 'r': |
return fopen(path, "rb"); |
return fopen(path, "r"); |
| |
case 'w': | case 'w': |
return fopen(path, "wb"); |
return fopen(path, "w"); |
| |
case 'a': | case 'a': |
return fopen(path, "a+"); | return fopen(path, "a+"); |
|
|
} | } |
} | } |
| |
static int InProcess_renameFile( |
virtual int renameFile( |
const char* oldPath, | const char* oldPath, |
const char* newPath) | const char* newPath) |
{ | { |
return FileSystem::renameFile(oldPath, newPath) ? 0 : -1; | return FileSystem::renameFile(oldPath, newPath) ? 0 : -1; |
} | } |
| |
static int InProcess_removeFile( |
|
|
virtual int removeFile( |
const char* path) | const char* path) |
{ | { |
return FileSystem::removeFile(path) ? 0 : -1; | return FileSystem::removeFile(path) ? 0 : -1; |
} | } |
| |
static int _getProviderAgentPath(String& path) |
|
|
virtual int startProviderAgent( |
|
const char* module, |
|
const String& pegasusHome, |
|
const String& userName, |
|
int& pid, |
|
AnonymousPipe*& readPipe, |
|
AnonymousPipe*& writePipe) |
{ | { |
// ATTN: is this really a sufficient replacement for getHomedPath(). |
PEG_METHOD_ENTER(TRC_SERVER,"ExecutorLoopbackImpl::startProviderAgent"); |
// Does getHomedPath() use the configuration file? |
|
| |
path = PEGASUS_PROVIDER_AGENT_PROC_NAME; |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| |
if (path[0] != '/') |
// Resolve full path of "cimprovagt" program. |
{ |
|
const char* env = getenv("PEGASUS_HOME"); |
|
| |
if (!env) |
String path = FileSystem::getAbsolutePath( |
return -1; |
pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME); |
| |
path = String(env) + String("/") + path; |
// Create CString handles for cimprovagt arguments |
} |
|
| |
return 0; |
CString agentProgramPath = path.getCString(); |
} |
CString userNameCString = userName.getCString(); |
|
|
|
# if defined(PEGASUS_DISABLE_PROV_USERCTXT) |
|
const char* setUserContextFlag = "0"; // False |
|
# else |
|
const char* setUserContextFlag = "1"; // True |
|
# endif |
| |
#if defined(PEGASUS_OS_TYPE_WINDOWS) | #if defined(PEGASUS_OS_TYPE_WINDOWS) |
| |
static int InProcess_startProviderAgent( |
|
const char* module, |
|
int uid, |
|
int gid, |
|
int& pid, |
|
AnonymousPipe*& readPipe, |
|
AnonymousPipe*& writePipe) |
|
{ |
|
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// Set output parameters in case of failure. | // Set output parameters in case of failure. |
|
|
| |
// Create pipes. Export handles to string. | // Create pipes. Export handles to string. |
| |
AnonymousPipe* pipeFromAgent = new AnonymousPipe(); |
AutoPtr<AnonymousPipe> pipeFromAgent(new AnonymousPipe()); |
AnonymousPipe* pipeToAgent = new AnonymousPipe(); |
AutoPtr<AnonymousPipe> pipeToAgent(new AnonymousPipe()); |
| |
char readHandle[32]; | char readHandle[32]; |
char writeHandle[32]; | char writeHandle[32]; |
|
|
ZeroMemory(&siStartInfo, sizeof (STARTUPINFO)); | ZeroMemory(&siStartInfo, sizeof (STARTUPINFO)); |
siStartInfo.cb = sizeof (STARTUPINFO); | siStartInfo.cb = sizeof (STARTUPINFO); |
| |
// Build full path of "cimprovagt" program. |
|
|
|
String path; |
|
|
|
if (_getProviderAgentPath(path) != 0) |
|
{ |
|
delete pipeToAgent; |
|
delete pipeFromAgent; |
|
return -1; |
|
} |
|
|
|
// Format command line. | // Format command line. |
| |
char cmdLine[2048]; | char cmdLine[2048]; |
| |
sprintf(cmdLine, "\"%s\" %s %s \"%s\"", |
sprintf(cmdLine, "\"%s\" %s %s %s \"%s\" \"%s\"", |
(const char*)path.getCString(), |
(const char*)agentProgramPath, |
|
setUserContextFlag, |
readHandle, | readHandle, |
writeHandle, | writeHandle, |
|
(const char*)userNameCString, |
module); | module); |
| |
// Create provider agent proess. | // Create provider agent proess. |
|
|
&siStartInfo, // STARTUPINFO | &siStartInfo, // STARTUPINFO |
&piProcInfo)) // PROCESS_INFORMATION | &piProcInfo)) // PROCESS_INFORMATION |
{ | { |
delete pipeToAgent; |
PEG_METHOD_EXIT(); |
delete pipeFromAgent; |
|
return -1; | return -1; |
} | } |
| |
|
|
pipeToAgent->closeReadHandle(); | pipeToAgent->closeReadHandle(); |
pipeFromAgent->closeWriteHandle(); | pipeFromAgent->closeWriteHandle(); |
| |
readPipe = pipeFromAgent; |
readPipe = pipeFromAgent.release(); |
writePipe = pipeToAgent; |
writePipe = pipeToAgent.release(); |
| |
|
PEG_METHOD_EXIT(); |
return 0; | return 0; |
} |
|
|
|
#elif defined(PEGASUS_OS_OS400) |
|
|
|
static int InProcess_startProviderAgent( |
|
const char* module, |
|
int uid, |
|
int gid, |
|
int& pid, |
|
AnonymousPipe*& readPipe, |
|
AnonymousPipe*& writePipe) |
|
{ |
|
// ATTN: no implementation for OS400. |
|
return -1; |
|
} |
|
| |
#else /* POSIX CASE FOLLOWS */ | #else /* POSIX CASE FOLLOWS */ |
| |
static int InProcess_startProviderAgent( |
|
const SessionKey& sessionKey, |
|
const char* module, |
|
int uid, |
|
int gid, |
|
int& pid, |
|
AnonymousPipe*& readPipe, |
|
AnonymousPipe*& writePipe) |
|
{ |
|
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// Initialize output parameters in case of error. | // Initialize output parameters in case of error. |
|
|
| |
int to[2]; | int to[2]; |
int from[2]; | int from[2]; |
|
char toPipeArg[32]; |
|
char fromPipeArg[32]; |
| |
do | do |
{ | { |
// Resolve full path of "cimprovagt". |
|
|
|
String path; |
|
|
|
if (_getProviderAgentPath(path) != 0) |
|
return -1; |
|
|
|
// Create "to-agent" pipe: | // Create "to-agent" pipe: |
| |
if (pipe(to) != 0) | if (pipe(to) != 0) |
|
{ |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
} |
| |
// Create "from-agent" pipe: | // Create "from-agent" pipe: |
| |
if (pipe(from) != 0) | if (pipe(from) != 0) |
|
{ |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
} |
| |
// Fork process: |
// Initialize the cimprovagt pipe arguments: |
| |
#if !defined(PEGASUS_OS_VMS) |
sprintf(toPipeArg, "%d", to[0]); |
|
sprintf(fromPipeArg, "%d", from[1]); |
|
|
|
// Start provider agent: |
|
|
|
# if defined(PEGASUS_OS_ZOS) |
|
// zOS uses __spawn2() instead of fork() to start provider agent |
|
|
|
struct __inheritance inherit; |
|
const char *c_argv[7]; |
|
|
|
c_argv[0] = agentProgramPath; |
|
c_argv[1] = setUserContextFlag; |
|
c_argv[2] = toPipeArg; |
|
c_argv[3] = fromPipeArg; |
|
c_argv[4] = userNameCString; |
|
c_argv[5] = module; |
|
c_argv[6] = NULL; |
|
|
|
// reset the inherit structure |
|
memset(&inherit,0,sizeof(inherit)); |
|
|
|
// The provider agent should get a defined JobName. |
|
inherit.flags=SPAWN_SETJOBNAME; |
|
memcpy( inherit.jobname,"CFZOOPA ", |
|
sizeof(inherit.jobname)); |
|
|
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, |
|
"Starting provider agent: %s %s %s %s %s %s %s", |
|
(const char*)agentProgramPath, |
|
c_argv[0], |
|
c_argv[1], |
|
c_argv[2], |
|
c_argv[3], |
|
c_argv[4], |
|
c_argv[5])); |
|
|
|
pid = __spawn2(agentProgramPath,0,NULL,&inherit, |
|
c_argv,(const char **)environ); |
|
|
|
if (pid < 0) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"Spawn of provider agent fails:%s " |
|
"( errno %d , reason code %08X )", |
|
strerror(errno) ,errno,__errno2())); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
|
|
# else // !defined(PEGASUS_OS_ZOS) |
|
|
|
# if defined(PEGASUS_OS_VMS) |
pid = (int)vfork(); | pid = (int)vfork(); |
|
# elif defined(PEGASUS_OS_PASE) |
|
pid = (int)fork400("QUMEPRVAGT",0); |
#else | #else |
pid = (int)fork(); | pid = (int)fork(); |
#endif | #endif |
| |
if (pid < 0) | if (pid < 0) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"Fork for provider agent fails: errno = %d",errno)); |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
} |
// If child proceses. |
|
| |
if (pid == 0) | if (pid == 0) |
{ | { |
|
// Child process |
|
|
|
# if !defined(PEGASUS_OS_VMS) |
// Close unused pipe descriptors: | // Close unused pipe descriptors: |
| |
close(to[1]); | close(to[1]); |
close(from[0]); | close(from[0]); |
| |
#if !defined(PEGASUS_OS_VMS) |
// Close unused descriptors. Leave stdin, stdout, stderr, |
|
// and the child's pipe descriptors open. |
// Close unused descriptors. Leave stdin, stdout, stderr, and the |
|
// child's pipe descriptors open. |
|
| |
struct rlimit rlim; | struct rlimit rlim; |
| |
|
|
| |
#endif /* !defined(PEGASUS_OS_VMS) */ | #endif /* !defined(PEGASUS_OS_VMS) */ |
| |
// Set uid and gid for the new provider agent process. |
|
|
|
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
|
|
|
if (uid != -1 && gid != -1) |
|
{ |
|
if ((int)getgid() != gid) |
|
{ |
|
// ATTN: log failure! |
|
setgid(gid); |
|
} |
|
|
|
if ((int)getuid() != uid) |
|
{ |
|
// ATTN: log failure! |
|
setuid(uid); |
|
} |
|
} |
|
|
|
# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
|
|
|
// Exec the cimprovagt program. | // Exec the cimprovagt program. |
| |
char arg1[32]; |
|
char arg2[32]; |
|
sprintf(arg1, "%d", to[0]); |
|
sprintf(arg2, "%d", from[1]); |
|
|
|
{ | { |
CString cstr = path.getCString(); |
if (execl( |
execl(cstr, cstr, arg1, arg2, module, (char*)0); |
agentProgramPath, |
|
agentProgramPath, |
|
setUserContextFlag, |
|
toPipeArg, |
|
fromPipeArg, |
|
(const char*)userNameCString, |
|
module, |
|
(char*)0) == -1) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"execl() failed. errno = %d.", errno)); |
_exit(1); | _exit(1); |
} | } |
|
|
// ATTN: log failure! |
|
} | } |
} | } |
|
# endif /* PEGASUS_OS_ZOS */ |
|
} |
while (0); | while (0); |
| |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, |
|
"Provider agent started: pid(%d).", pid)); |
|
|
// Close unused pipe descriptors. | // Close unused pipe descriptors. |
| |
close(to[0]); | close(to[0]); |
|
|
readPipe = new AnonymousPipe(readFdStr, 0); | readPipe = new AnonymousPipe(readFdStr, 0); |
writePipe = new AnonymousPipe(0, writeFdStr); | writePipe = new AnonymousPipe(0, writeFdStr); |
| |
|
# if defined(PEGASUS_HAS_SIGNALS) |
|
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) && !defined(PEGASUS_OS_ZOS) |
|
// The cimprovagt forks and returns right away. Clean up the zombie |
|
// process now instead of in reapProviderAgent(). |
|
int status = 0; |
|
while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
|
; |
|
# endif |
|
# endif |
|
|
|
PEG_METHOD_EXIT(); |
return 0; | return 0; |
} |
|
| |
#endif /* !defined(START_PROVIDER_AGENT) */ |
# endif /* POSIX CASE */ |
| |
static int InProcess_daemonizeExecutor() |
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */ |
{ |
|
// Nothing to do. |
// Out-of-Process providers are never started by the cimserver process |
return 0; |
// when Privilege Separation is enabled. |
|
return -1; |
|
|
|
#endif |
} | } |
| |
static int InProcess_changeOwner( |
virtual int daemonizeExecutor() |
const char* path, |
|
const char* owner) |
|
{ | { |
return FileSystem::changeFileOwner(path, owner) ? 0 : -1; |
return -1; |
} | } |
| |
static int InProcess_waitPid( |
virtual int reapProviderAgent( |
int pid) | int pid) |
{ | { |
int status; |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
|
|
int status = 0; |
| |
|
# if defined(PEGASUS_HAS_SIGNALS) |
|
# if defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS) |
|
// When provider user context is enabled, this is done in |
|
// startProviderAgent(). |
while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) | while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
; | ; |
|
# endif |
|
# endif |
| |
return status; | return status; |
|
|
|
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */ |
|
|
|
// Out-of-Process providers are never started by the cimserver process |
|
// when Privilege Separation is enabled. |
|
return -1; |
|
|
|
#endif |
} | } |
| |
static int InProcess_authenticatePassword( |
virtual int authenticatePassword( |
const char* username, | const char* username, |
const char* password, |
const char* password) |
SessionKey& sessionKey) |
|
{ | { |
sessionKey.clear(); |
|
|
|
#if defined(PEGASUS_PAM_AUTHENTICATION) | #if defined(PEGASUS_PAM_AUTHENTICATION) |
return PAMAuthenticate(username, password); | return PAMAuthenticate(username, password); |
#else | #else |
|
// ATTN: not handled so don't call in this case. |
return -1; | return -1; |
#endif | #endif |
} | } |
| |
static int InProcess_validateUser( |
virtual int validateUser( |
const char* username) | const char* username) |
{ | { |
#if defined(PEGASUS_PAM_AUTHENTICATION) | #if defined(PEGASUS_PAM_AUTHENTICATION) |
return PAMValidateUser(username); | return PAMValidateUser(username); |
#else | #else |
|
// ATTN: not handled so don't call in this case. |
return -1; | return -1; |
#endif | #endif |
} | } |
| |
//////////////////////////////////////////////////////////////////////////////// |
virtual int challengeLocal( |
//////////////////////////////////////////////////////////////////////////////// |
const char* username, |
//// |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
//// Out-of-process stubs. |
|
//// |
|
//////////////////////////////////////////////////////////////////////////////// |
|
//////////////////////////////////////////////////////////////////////////////// |
|
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
|
|
//============================================================================== |
|
// |
|
// _recv() |
|
// |
|
// Receives *size* bytes from the given socket. |
|
// |
|
//============================================================================== |
|
|
|
static ssize_t _recv(int sock, void* buffer, size_t size) |
|
{ | { |
size_t r = size; |
// ATTN: not handled so don't call in this case. |
char* p = (char*)buffer; |
|
|
|
if (size == 0) |
|
return -1; | return -1; |
|
} |
| |
while (r) |
virtual int authenticateLocal( |
|
const char* challengeFilePath, |
|
const char* response) |
{ | { |
ssize_t n; |
// ATTN: not handled so don't call in this case. |
|
|
EXECUTOR_RESTART(read(sock, p, r), n); |
|
|
|
if (n == -1) |
|
return -1; | return -1; |
else if (n == 0) |
|
return size - r; |
|
|
|
r -= n; |
|
p += n; |
|
} | } |
| |
return size - r; |
virtual int updateLogLevel( |
|
const char* logLevel) |
|
{ |
|
// If Privilege Separation is not enabled, we don't need to update |
|
// the log level in the Executor. |
|
return 0; |
} | } |
| |
//============================================================================== |
private: |
|
|
|
Mutex _mutex; |
|
}; |
|
|
|
//////////////////////////////////////////////////////////////////////////////// |
|
// |
// | // |
// _send() |
// class ExecutorSocketImpl : public ExecutorImpl |
// | // |
// Sends *size* bytes on the given socket. |
|
// | // |
//============================================================================== |
//////////////////////////////////////////////////////////////////////////////// |
| |
static ssize_t _send(int sock, void* buffer, size_t size) |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
{ |
|
size_t r = size; |
|
char* p = (char*)buffer; |
|
| |
while (r) |
class ExecutorSocketImpl : public ExecutorImpl |
{ | { |
ssize_t n; |
public: |
EXECUTOR_RESTART(write(sock, p, r), n); |
|
| |
if (n == -1) |
ExecutorSocketImpl(int sock) : _sock(sock) |
return -1; |
|
else if (n == 0) |
|
return size - r; |
|
|
|
r -= n; |
|
p += n; |
|
} |
|
|
|
return size - r; |
|
} |
|
|
|
static int _receiveDescriptorArray(int sock, int descriptors[], size_t count) |
|
{ | { |
// This control data begins with a cmsghdr struct followed by the data |
} |
// (a descriptor in this case). The union ensures that the data is aligned |
|
// suitably for the leading cmsghdr struct. The descriptor itself is |
|
// properly aligned since the cmsghdr ends on a boundary that is suitably |
|
// aligned for any type (including int). |
|
// |
|
// ControlData = [ cmsghdr | int ] |
|
|
|
size_t size = CMSG_SPACE(sizeof(int) * count); |
|
char* data = (char*)malloc(size); |
|
|
|
// Define a msghdr that refers to the control data, which is filled in |
|
// by calling recvmsg() below. |
|
|
|
msghdr mh; |
|
memset(&mh, 0, sizeof(mh)); |
|
mh.msg_control = data; |
|
mh.msg_controllen = size; |
|
|
|
// The other process sends a single-byte message. This byte is not |
|
// used since we only need the control data (the descriptor) but we |
|
// must request at least one byte from recvmsg(). |
|
|
|
struct iovec iov[1]; |
|
memset(iov, 0, sizeof(iov)); |
|
|
|
char dummy; |
|
iov[0].iov_base = &dummy; |
|
iov[0].iov_len = 1; |
|
mh.msg_iov = iov; |
|
mh.msg_iovlen = 1; |
|
|
|
// Receive the message from the other process. |
|
|
|
ssize_t n = recvmsg(sock, &mh, 0); |
|
|
|
if (n <= 0) |
|
return -1; |
|
|
|
// Get a pointer to control message. Return if the header is null or does |
|
// not contain what we expect. |
|
|
|
cmsghdr* cmh = CMSG_FIRSTHDR(&mh); |
|
| |
if (!cmh || |
virtual ~ExecutorSocketImpl() |
cmh->cmsg_len != CMSG_LEN(sizeof(int) * count) || |
|
cmh->cmsg_level != SOL_SOCKET || |
|
cmh->cmsg_type != SCM_RIGHTS) |
|
{ | { |
return -1; |
|
} | } |
| |
// Copy the data: |
virtual int detectExecutor() |
|
{ |
memcpy(descriptors, CMSG_DATA(cmh), sizeof(int) * count); |
|
|
|
return 0; | return 0; |
} | } |
| |
static int OutOfProcess_ping() |
virtual int ping() |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_PING_MESSAGE; | header.code = EXECUTOR_PING_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
ExecutorPingResponse response; | ExecutorPingResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
if (response.magic == EXECUTOR_PING_MAGIC) | if (response.magic == EXECUTOR_PING_MAGIC) |
|
|
return -1; | return -1; |
} | } |
| |
FILE* OutOfProcess_openFile( |
virtual FILE* openFile( |
const char* path, | const char* path, |
int mode) | int mode) |
{ | { |
|
|
if (mode != 'r' && mode != 'w' && mode != 'a') | if (mode != 'r' && mode != 'w' && mode != 'a') |
return NULL; | return NULL; |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_OPEN_FILE_MESSAGE; | header.code = EXECUTOR_OPEN_FILE_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return NULL; | return NULL; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorOpenFileRequest request; | ExecutorOpenFileRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE); |
request.mode = mode; | request.mode = mode; |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return NULL; | return NULL; |
| |
// Receive the response | // Receive the response |
| |
ExecutorOpenFileResponse response; | ExecutorOpenFileResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return NULL; | return NULL; |
| |
// Receive descriptor (if response successful). | // Receive descriptor (if response successful). |
|
|
{ | { |
int fds[1]; | int fds[1]; |
| |
if (_receiveDescriptorArray(_getSock(), fds, 1) != 0) |
if (RecvDescriptorArray(_sock, fds, 1) != 0) |
return NULL; | return NULL; |
| |
if (fds[0] == -1) | if (fds[0] == -1) |
|
|
return NULL; | return NULL; |
} | } |
| |
static int OutOfProcess_renameFile( |
virtual int renameFile( |
const char* oldPath, | const char* oldPath, |
const char* newPath) | const char* newPath) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_RENAME_FILE_MESSAGE; | header.code = EXECUTOR_RENAME_FILE_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorRenameFileRequest request; | ExecutorRenameFileRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.oldPath, oldPath, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.oldPath, oldPath, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.newPath, newPath, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.newPath, newPath, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorRenameFileResponse response; | ExecutorRenameFileResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_removeFile( |
virtual int removeFile( |
const char* path) | const char* path) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_REMOVE_FILE_MESSAGE; | header.code = EXECUTOR_REMOVE_FILE_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorRemoveFileRequest request; | ExecutorRemoveFileRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorRemoveFileResponse response; | ExecutorRemoveFileResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_startProviderAgent( |
virtual int startProviderAgent( |
const SessionKey& sessionKey, |
|
const char* module, | const char* module, |
int uid, |
const String& pegasusHome, |
int gid, |
const String& userName, |
int& pid, | int& pid, |
AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
|
|
| |
// Reject strings longer than EXECUTOR_BUFFER_SIZE. | // Reject strings longer than EXECUTOR_BUFFER_SIZE. |
| |
size_t n = strlen(module); |
size_t moduleNameLength = strlen(module); |
|
|
|
if (moduleNameLength >= EXECUTOR_BUFFER_SIZE) |
|
return -1; |
|
|
|
CString userNameCString = userName.getCString(); |
|
size_t userNameLength = strlen(userNameCString); |
| |
if (n >= EXECUTOR_BUFFER_SIZE) |
if (userNameLength >= EXECUTOR_BUFFER_SIZE) |
return -1; | return -1; |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_START_PROVIDER_AGENT_MESSAGE; | header.code = EXECUTOR_START_PROVIDER_AGENT_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorStartProviderAgentRequest request; | ExecutorStartProviderAgentRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.key, sessionKey.data(), sizeof(request.key)); |
memcpy(request.module, module, moduleNameLength); |
memcpy(request.module, module, n); |
memcpy(request.userName, userNameCString, userNameLength); |
request.uid = uid; |
|
request.gid = gid; |
|
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorStartProviderAgentResponse response; | ExecutorStartProviderAgentResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
// Check response status and pid. | // Check response status and pid. |
|
|
// Receive descriptors. | // Receive descriptors. |
| |
int descriptors[2]; | int descriptors[2]; |
int result = _receiveDescriptorArray(_getSock(), descriptors, 2); |
int result = RecvDescriptorArray(_sock, descriptors, 2); |
| |
if (result == 0) | if (result == 0) |
{ | { |
int readFd = descriptors[0]; | int readFd = descriptors[0]; |
int writeFd = descriptors[1]; | int writeFd = descriptors[1]; |
| |
// Create to and from AnonymousPipe instances to correspond to the pipe |
// Create to and from AnonymousPipe instances to correspond to |
// descriptors created above. |
// the pipe descriptors created above. |
| |
char readFdStr[32]; | char readFdStr[32]; |
char writeFdStr[32]; | char writeFdStr[32]; |
|
|
return result; | return result; |
} | } |
| |
static int OutOfProcess_daemonizeExecutor() |
virtual int daemonizeExecutor() |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_DAEMONIZE_EXECUTOR_MESSAGE; | header.code = EXECUTOR_DAEMONIZE_EXECUTOR_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorDaemonizeExecutorResponse response; | ExecutorDaemonizeExecutorResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_waitPid( |
virtual int reapProviderAgent( |
int pid) | int pid) |
{ | { |
AutoMutex autoMutex(_mutex); |
// The Executor process automatically cleans up all its child |
|
// processes, so it does not need to explicitly harvest the |
// _send request header: |
// exit status of the cimprovagt processes it starts. |
|
|
ExecutorRequestHeader header; |
|
header.code = EXECUTOR_WAIT_PID_MESSAGE; |
|
|
|
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
|
return -1; |
|
| |
// _send request body: |
return 0; |
|
|
ExecutorWaitPidRequest request; |
|
request.pid = pid; |
|
|
|
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
|
return -1; |
|
|
|
// Receive the response |
|
|
|
ExecutorWaitPidResponse response; |
|
|
|
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
|
return -1; |
|
|
|
return response.status; |
|
} | } |
| |
static int OutOfProcess_authenticatePassword( |
virtual int authenticatePassword( |
const char* username, | const char* username, |
const char* password, |
const char* password) |
SessionKey& sessionKey) |
|
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
sessionKey.clear(); |
// Send request header: |
|
|
// _send request header: |
|
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_AUTHENTICATE_PASSWORD_MESSAGE; | header.code = EXECUTOR_AUTHENTICATE_PASSWORD_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorAuthenticatePasswordRequest request; | ExecutorAuthenticatePasswordRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorAuthenticatePasswordResponse response; | ExecutorAuthenticatePasswordResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
|
|
|
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_validateUser( |
virtual int validateUser( |
const char* username) | const char* username) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_VALIDATE_USER_MESSAGE; | header.code = EXECUTOR_VALIDATE_USER_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorValidateUserRequest request; | ExecutorValidateUserRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorValidateUserResponse response; | ExecutorValidateUserResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
return response.status; | return response.status; |
} | } |
| |
int OutOfProcess_challengeLocal( |
virtual int challengeLocal( |
const char* user, |
const char* username, |
char challenge[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
SessionKey& sessionKey) |
|
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_CHALLENGE_LOCAL_MESSAGE; | header.code = EXECUTOR_CHALLENGE_LOCAL_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorChallengeLocalRequest request; | ExecutorChallengeLocalRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.user, user, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.user, username, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorChallengeLocalResponse response; | ExecutorChallengeLocalResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE); |
Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE); |
|
| |
return response.status; | return response.status; |
} | } |
| |
int OutOfProcess_authenticateLocal( |
virtual int authenticateLocal( |
const SessionKey& sessionKey, |
const char* challengeFilePath, |
const char* token) |
const char* response) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: |
// Send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_AUTHENTICATE_LOCAL_MESSAGE; | header.code = EXECUTOR_AUTHENTICATE_LOCAL_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. |
// Send request body. |
| |
ExecutorAuthenticateLocalRequest request; | ExecutorAuthenticateLocalRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.token, token, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
| |
// Receive the response | // Receive the response |
| |
ExecutorAuthenticateLocalResponse response; |
ExecutorAuthenticateLocalResponse response_; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
if (RecvBlock(_sock, &response_, sizeof(response_)) != |
|
sizeof(response_)) |
|
{ |
|
return -1; |
|
} |
|
|
|
return response_.status; |
|
} |
|
|
|
virtual int updateLogLevel( |
|
const char* logLevel) |
|
{ |
|
AutoMutex autoMutex(_mutex); |
|
|
|
// Send request header: |
|
|
|
ExecutorRequestHeader header; |
|
header.code = EXECUTOR_UPDATE_LOG_LEVEL_MESSAGE; |
|
|
|
if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header)) |
|
return -1; |
|
|
|
// Send request body: |
|
|
|
ExecutorUpdateLogLevelRequest request; |
|
memset(&request, 0, sizeof(request)); |
|
Strlcpy(request.logLevel, logLevel, EXECUTOR_BUFFER_SIZE); |
|
|
|
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
|
return -1; |
|
|
|
// Receive the response |
|
|
|
ExecutorUpdateLogLevelResponse response; |
|
|
|
if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
return response.status; | return response.status; |
} | } |
| |
|
private: |
|
|
|
int _sock; |
|
Mutex _mutex; |
|
}; |
|
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
| |
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
|
// |
|
// |
|
// class Executor |
|
// |
|
// |
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
//// |
|
//// Executor Methods: |
static int _executorSock = -1; |
//// |
static AutoPtr<ExecutorImpl> _executorImpl; |
//////////////////////////////////////////////////////////////////////////////// |
static Once _executorImplOnce = PEGASUS_ONCE_INITIALIZER; |
//////////////////////////////////////////////////////////////////////////////// |
|
|
static void _initExecutorImpl() |
|
{ |
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
if (_executorSock == -1) |
|
_executorImpl.reset(new ExecutorLoopbackImpl()); |
|
else |
|
_executorImpl.reset(new ExecutorSocketImpl(_executorSock)); |
|
#else |
|
_executorImpl.reset(new ExecutorLoopbackImpl()); |
|
#endif |
|
} |
| |
void Executor::setSock(int sock) | void Executor::setSock(int sock) |
{ | { |
_mutex.lock(); |
_executorSock = sock; |
_sock = sock; |
|
_mutex.unlock(); |
|
} | } |
| |
int Executor::detectExecutor() | int Executor::detectExecutor() |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return -1; |
return _executorImpl->detectExecutor(); |
else |
|
return 0; |
|
} | } |
| |
int Executor::ping() | int Executor::ping() |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_ping(); |
return _executorImpl->ping(); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_ping(); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
FILE* Executor::openFile( | FILE* Executor::openFile( |
const char* path, | const char* path, |
int mode) | int mode) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_openFile(path, mode); |
return _executorImpl->openFile(path, mode); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_openFile(path, mode); |
|
#else |
|
return NULL; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::renameFile( | int Executor::renameFile( |
const char* oldPath, | const char* oldPath, |
const char* newPath) | const char* newPath) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_renameFile(oldPath, newPath); |
return _executorImpl->renameFile(oldPath, newPath); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_renameFile(oldPath, newPath); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::removeFile( | int Executor::removeFile( |
const char* path) | const char* path) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_removeFile(path); |
return _executorImpl->removeFile(path); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_removeFile(path); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::startProviderAgent( | int Executor::startProviderAgent( |
const SessionKey& sessionKey, |
|
const char* module, | const char* module, |
int uid, |
const String& pegasusHome, |
int gid, |
const String& userName, |
int& pid, | int& pid, |
AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_startProviderAgent( |
return _executorImpl->startProviderAgent( |
sessionKey, module, uid, gid, pid, readPipe, writePipe); |
module, pegasusHome, userName, pid, readPipe, writePipe); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_startProviderAgent( |
|
sessionKey, module, uid, gid, pid, readPipe, writePipe); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::daemonizeExecutor() | int Executor::daemonizeExecutor() |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_daemonizeExecutor(); |
return _executorImpl->daemonizeExecutor(); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_daemonizeExecutor(); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::waitPid( |
int Executor::reapProviderAgent( |
int pid) | int pid) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_waitPid(pid); |
return _executorImpl->reapProviderAgent(pid); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_waitPid(pid); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::authenticatePassword( | int Executor::authenticatePassword( |
const char* username, | const char* username, |
const char* password, |
const char* password) |
SessionKey& sessionKey) |
|
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_authenticatePassword(username, password, sessionKey); |
return _executorImpl->authenticatePassword(username, password); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_authenticatePassword(username, password, sessionKey); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::validateUser( | int Executor::validateUser( |
const char* username) | const char* username) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return InProcess_validateUser(username); |
return _executorImpl->validateUser(username); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_validateUser(username); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::challengeLocal( | int Executor::challengeLocal( |
const char* user, | const char* user, |
char path[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
SessionKey& sessionKey) |
|
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return -1; |
return _executorImpl->challengeLocal(user, challengeFilePath); |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_challengeLocal(user, path, sessionKey); |
|
#else |
|
return -1; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} | } |
| |
int Executor::authenticateLocal( | int Executor::authenticateLocal( |
const SessionKey& sessionKey, |
const char* challengeFilePath, |
const char* challengeResponse) |
const char* response) |
{ | { |
if (_getSock() == -1) |
once(&_executorImplOnce, _initExecutorImpl); |
return -1; |
return _executorImpl->authenticateLocal(challengeFilePath, response); |
|
} |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
int Executor::updateLogLevel( |
return OutOfProcess_authenticateLocal(sessionKey, challengeResponse); |
const char* logLevel) |
#else |
{ |
return -1; |
once(&_executorImplOnce, _initExecutorImpl); |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
return _executorImpl->updateLogLevel(logLevel); |
} | } |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |