pegasus/src/Pegasus/Common/Executor.cpp - diff

Return to Executor.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/Executor.cpp between version 1.1.2.14 and 1.1.4.12

version 1.1.2.14, 2007/01/11 00:29:37

version 1.1.4.12, 2007/05/24 19:34:56

Line 33

#include <cstdio>

#include <cstdlib>

#include <cstring>

#include <Pegasus/Common/Config.h>

#if defined(PEGASUS_OS_TYPE_WINDOWS)

# include <windows.h>

#else

# include <sys/types.h>

# include <sys/socket.h>

# include <unistd.h>

# include <fcntl.h>

# include <sys/wait.h>

# include <unistd.h>

# include <sys/types.h>

# include <sys/time.h>

# include <sys/resource.h>

#endif

#include "Constants.h"

#if defined(PEGASUS_HAS_SIGNALS)

#include "Executor.h"

# include <sys/wait.h>

#include "Mutex.h"

#endif

#include "FileSystem.h"

#include "String.h"

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/Mutex.h>

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/String.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/Executor.h>

#include <Executor/Strlcpy.h>

#include <Executor/Strlcat.h>

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

# include <Executor/Socket.h>

# include <Executor/Messages.h>

#endif

Line 99

Line 102

const char* path) = 0;

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe) = 0;

virtual int daemonizeExecutor() = 0;

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid) = 0;

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password) = 0;

SessionKey& sessionKey) = 0;

virtual int validateUser(

const char* username) = 0;

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE]) = 0;

SessionKey& sessionKey) = 0;

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse) = 0;

const char* response) = 0;

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey) = 0;

virtual int deleteSessionKey(

const SessionKey& sessionKey) = 0;

};

////////////////////////////////////////////////////////////////////////////////

Line 201

Line 194

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

// Add logging here.

#if defined(PEGASUS_OS_TYPE_WINDOWS)

AutoMutex autoMutex(_mutex);

Line 222

Line 217

// Create pipes. Export handles to string.

AnonymousPipe* pipeFromAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeFromAgent(new AnonymousPipe());

AnonymousPipe* pipeToAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeToAgent(new AnonymousPipe());

char readHandle[32];

char writeHandle[32];

Line 243

Line 238

// Build full path of "cimprovagt" program.

String path;

String path = FileSystem::getAbsolutePath(

pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME);

if (_getProviderAgentPath(path) != 0)

{

delete pipeToAgent;

delete pipeFromAgent;

return -1;

}

// Format command line.

Line 276

Line 265

&siStartInfo, // STARTUPINFO

&piProcInfo)) // PROCESS_INFORMATION

{

delete pipeToAgent;

delete pipeFromAgent;

return -1;

}

Line 289

Line 276

pipeToAgent->closeReadHandle();

pipeFromAgent->closeWriteHandle();

readPipe = pipeFromAgent;

readPipe = pipeFromAgent.release();

writePipe = pipeToAgent;

writePipe = pipeToAgent.release();

return 0;

Line 305

Line 292

// Initialize output parameters in case of error.

providerAgentSessionKey.clear();

pid = -1;

readPipe = 0;

writePipe = 0;

Line 319

Line 305

{

// Resolve full path of "cimprovagt".

String path;

String path = FileSystem::getAbsolutePath(

pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME);

if (_getProviderAgentPath(path) != 0)

return -1;

// Create "to-agent" pipe:

Line 336

Line 320

// Fork process:

#if !defined(PEGASUS_OS_VMS)

#if defined(PEGASUS_OS_VMS)

pid = (int)vfork();

#else

pid = (int)fork();

Line 349

Line 333

if (pid == 0)

{

#if !defined(PEGASUS_OS_VMS)

// Close unused pipe descriptors:

close(to[1]);

close(from[0]);

#if !defined(PEGASUS_OS_VMS)

// Close unused descriptors. Leave stdin, stdout, stderr,

// and the child's pipe descriptors open.

Line 378

Line 362

if (uid != -1 && gid != -1)

{

if ((int)getgid() != gid)

PEG_TRACE((TRC_OS_ABSTRACTION, Tracer::LEVEL4,

"Changing user context to: userName=%s uid=%d, gid=%d",

(const char*)userName.getCString(), uid, gid));

if (setgid(gid) != 0)

{

// ATTN: log failure!

PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,

setgid(gid);

String("setgid failed: ") + String(strerror(errno)));

return -1;

}

if ((int)getuid() != uid)

if (setuid(uid) != 0)

{

// ATTN: log failure!

PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,

setuid(uid);

String("setuid failed: ") + String(strerror(errno)));

return -1;

}

Line 402

Line 392

{

CString cstr = path.getCString();

execl(cstr, cstr, arg1, arg2, module, (char*)0);

if (execl(cstr, cstr, arg1, arg2, module, (char*)0) == -1)

{

PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2,

"execl() failed. errno = %d.", errno));

_exit(1);

}

// ATTN: log failure!

}

while (0);

Line 443

Line 435

}

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

int status;

int status = 0;

#if defined(PEGASUS_HAS_SIGNALS)

while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR)

;

#endif

return status;

}

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

sessionKey.clear();

#if defined(PEGASUS_PAM_AUTHENTICATION)

return PAMAuthenticate(username, password);

#else

// ATTN: not handled so don't call in this case.

sessionKey.clear();

return -1;

#endif

}

Line 483

Line 472

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

// ATTN: not handled so don't call in this case.

sessionKey.clear();

return -1;

}

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

// ATTN: not handled so don't call in this case.

return -1;

}

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

sessionKey.clear();

return -1;

}

virtual int deleteSessionKey(

const SessionKey& sessionKey)

{

return -1;

}

private:

static int _getProviderAgentPath(String& path)

{

path = PEGASUS_PROVIDER_AGENT_PROC_NAME;

if (path[0] != '/')

{

const char* env = getenv("PEGASUS_HOME");

if (!env)

return -1;

path = String(env) + String("/") + path;

}

return 0;

}

Mutex _mutex;

};

Line 625

Line 581

{

int fds[1];

if (_receiveDescriptorArray(_sock, fds, 1) != 0)

if (RecvDescriptorArray(_sock, fds, 1) != 0)

return NULL;

if (fds[0] == -1)

Line 709

Line 665

}

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

AutoMutex autoMutex(_mutex);

providerAgentSessionKey.clear();

readPipe = 0;

writePipe = 0;

Line 743

Line 698

ExecutorStartProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

memcpy(request.module, module, n);

request.uid = uid;

request.gid = gid;

Line 758

Line 712

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

// Get the session key.

Strlcpy((char*)providerAgentSessionKey.data(),

response.key, providerAgentSessionKey.size());

// Check response status and pid.

if (response.status != 0)

Line 775

Line 724

// Receive descriptors.

int descriptors[2];

int result = _receiveDescriptorArray(_sock, descriptors, 2);

int result = RecvDescriptorArray(_sock, descriptors, 2);

if (result == 0)

{

Line 820

Line 769

}

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

AutoMutex autoMutex(_mutex);

Line 837

Line 785

ExecutorReapProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

request.pid = pid;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

Line 855

Line 802

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

Line 887

Line 831

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response.status;

}

Line 926

Line 868

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

Line 957

Line 896

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE);

Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE);

return response.status;

}

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

AutoMutex autoMutex(_mutex);

Line 981

Line 919

ExecutorAuthenticateLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE);

Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.token, challengeResponse, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticateLocalResponse response;

ExecutorAuthenticateLocalResponse response_;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (_recv(_sock, &response_, sizeof(response_)) != sizeof(response_))

return -1;

return response.status;

return response_.status;

}

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_NEW_SESSION_KEY_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

ExecutorNewSessionKeyRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, sizeof(request.username));

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorNewSessionKeyResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response.status;

}

virtual int deleteSessionKey(

const SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_DELETE_SESSION_KEY_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// Send request body.

ExecutorDeleteSessionKeyRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorDeleteSessionKeyResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

private:

Line 1116

Line 985

return size - r;

}

static int _receiveDescriptorArray(

int sock, int descriptors[], size_t count)

{

// This control data begins with a cmsghdr struct followed by the data

// (a descriptor in this case). The union ensures that the data is

// aligned suitably for the leading cmsghdr struct. The descriptor

// itself is properly aligned since the cmsghdr ends on a boundary

// that is suitably aligned for any type (including int).

// ControlData = [ cmsghdr | int ]

size_t size = CMSG_SPACE(sizeof(int) * count);

char* data = (char*)malloc(size);

// Define a msghdr that refers to the control data, which is filled in

// by calling recvmsg() below.

msghdr mh;

memset(&mh, 0, sizeof(mh));

mh.msg_control = data;

mh.msg_controllen = size;

// The other process sends a single-byte message. This byte is not

// used since we only need the control data (the descriptor) but we

// must request at least one byte from recvmsg().

struct iovec iov[1];

memset(iov, 0, sizeof(iov));

char dummy;

iov[0].iov_base = &dummy;

iov[0].iov_len = 1;

mh.msg_iov = iov;

mh.msg_iovlen = 1;

// Receive the message from the other process.

ssize_t n = recvmsg(sock, &mh, 0);

if (n <= 0)

return -1;

// Get a pointer to control message. Return if the header is null or

// does not contain what we expect.

cmsghdr* cmh = CMSG_FIRSTHDR(&mh);

if (!cmh ||

cmh->cmsg_len != CMSG_LEN(sizeof(int) * count) ||

cmh->cmsg_level != SOL_SOCKET ||

cmh->cmsg_type != SCM_RIGHTS)

{

return -1;

}

// Copy the data:

memcpy(descriptors, CMSG_DATA(cmh), sizeof(int) * count);

return 0;

}

int _sock;

Mutex _mutex;

};

Line 1192

Line 999

////////////////////////////////////////////////////////////////////////////////

static int _sock = -1;

static int _executorSock = -1;

static ExecutorImpl* _impl = 0;

static ExecutorImpl* _executorImpl = 0;

static Mutex _mutex;

static Mutex _executorMutex;

static ExecutorImpl* _getImpl()

{

// Use the double-checked locking technique to avoid the overhead of a lock

// on every call.

if (_impl == 0)

if (_executorImpl == 0)

{

_mutex.lock();

AutoMutex autoMutex(_executorMutex);

if (_impl == 0)

if (_executorImpl == 0)

{

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

if (_sock == -1)

if (_executorSock == -1)

_impl = new ExecutorLoopbackImpl();

_executorImpl = new ExecutorLoopbackImpl();

else

_impl = new ExecutorSocketImpl(_sock);

_executorImpl = new ExecutorSocketImpl(_executorSock);

#else

_impl = new ExecutorLoopbackImpl();

_executorImpl = new ExecutorLoopbackImpl();

#endif

}

_mutex.unlock();

}

return _impl;

return _executorImpl;

}

void Executor::setSock(int sock)

{

_mutex.lock();

AutoMutex autoMutex(_executorMutex);

_sock = sock;

_executorSock = sock;

_mutex.unlock();

}

int Executor::detectExecutor()

Line 1261

Line 1065

}

int Executor::startProviderAgent(

const SessionKey& sessionKey,

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

return _getImpl()->startProviderAgent(sessionKey, module,

return _getImpl()->startProviderAgent(module, pegasusHome,

uid, gid, pid, providerAgentSessionKey, readPipe, writePipe);

userName, uid, gid, pid, readPipe, writePipe);

}

int Executor::daemonizeExecutor()

Line 1280

Line 1084

}

int Executor::reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

return _getImpl()->reapProviderAgent(sessionKey, pid);

return _getImpl()->reapProviderAgent(pid);

}

int Executor::authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

return _getImpl()->authenticatePassword(username, password, sessionKey);

return _getImpl()->authenticatePassword(username, password);

}

int Executor::validateUser(

Line 1302

Line 1104

int Executor::challengeLocal(

const char* user,

char path[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

return _getImpl()->challengeLocal(user, path, sessionKey);

return _getImpl()->challengeLocal(user, challengeFilePath);

}

int Executor::authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

return _getImpl()->authenticateLocal(sessionKey, challengeResponse);

}

int Executor::newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

return _getImpl()->newSessionKey(username, sessionKey);

}

int Executor::deleteSessionKey(

const SessionKey& sessionKey)

{

return _getImpl()->deleteSessionKey(sessionKey);

return _getImpl()->authenticateLocal(challengeFilePath, response);

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.1.2.14
changed lines
	Added in v.1.1.4.12

No CVS admin address has been configured