pegasus/src/Pegasus/Common/Executor.cpp - diff

Return to Executor.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/Executor.cpp between version 1.1.4.12 and 1.12

version 1.1.4.12, 2007/05/24 19:34:56

version 1.12, 2007/08/10 21:30:25

Line 52

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/Mutex.h>

#include <Pegasus/Common/Once.h>

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/String.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Executor.h>

#include <Executor/Strlcpy.h>

Line 68

Line 70

# include <Executor/PAMAuth.h>

#endif

#ifdef PEGASUS_OS_PASE

# include <as400_protos.h> // For fork400()

#endif

PEGASUS_NAMESPACE_BEGIN

////////////////////////////////////////////////////////////////////////////////

Line 105

Line 111

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe) = 0;

Line 130

Line 134

virtual int authenticateLocal(

const char* challengeFilePath,

const char* response) = 0;

virtual int updateLogLevel(

const char* logLevel) = 0;

};

////////////////////////////////////////////////////////////////////////////////

Line 197

Line 204

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

// Add logging here.

#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

#if defined(PEGASUS_OS_TYPE_WINDOWS)

Line 281

Line 286

return 0;

#elif defined(PEGASUS_OS_OS400)

// ATTN: no implementation for OS400.

return -1;

#else /* POSIX CASE FOLLOWS */

AutoMutex autoMutex(_mutex);

Line 308

String path = FileSystem::getAbsolutePath(

pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME);

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT)

PEGASUS_UID_T newUid = (PEGASUS_UID_T)-1;

PEGASUS_GID_T newGid = (PEGASUS_GID_T)-1;

if (userName != System::getEffectiveUserName())

{

if (!System::lookupUserId(

userName.getCString(), newUid, newGid))

{

PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2,

"System::lookupUserId(%s) failed.",

(const char*)userName.getCString()));

return -1;

}

# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */

// Create "to-agent" pipe:

if (pipe(to) != 0)

Line 322

Line 341

#if defined(PEGASUS_OS_VMS)

pid = (int)vfork();

# elif defined(PEGASUS_OS_PASE)

pid = (int)fork400("QUMEPRVAGT",0);

#else

pid = (int)fork();

#endif

Line 356

Line 377

#endif /* !defined(PEGASUS_OS_VMS) */

// Set uid and gid for the new provider agent process.

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT)

if (uid != -1 && gid != -1)

// Set uid and gid for the new provider agent process.

{

PEG_TRACE((TRC_OS_ABSTRACTION, Tracer::LEVEL4,

"Changing user context to: userName=%s uid=%d, gid=%d",

(const char*)userName.getCString(), uid, gid));

if (setgid(gid) != 0)

if (newUid != (PEGASUS_UID_T)-1 && newGid != (PEGASUS_GID_T)-1)

{

PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,

if (!System::changeUserContext_SingleThreaded(

String("setgid failed: ") + String(strerror(errno)));

userName.getCString(), newUid, newGid))

return -1;

}

if (setuid(uid) != 0)

{

PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,

String("setuid failed: ") + String(strerror(errno)));

return -1;

}

Line 426

Line 435

return 0;

#endif /* !defined(START_PROVIDER_AGENT) */

# endif /* POSIX CASE */

#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */

// Out-of-Process providers are never started by the cimserver process

// when Privilege Separation is enabled.

return -1;

#endif

}

virtual int daemonizeExecutor()

Line 437

Line 454

virtual int reapProviderAgent(

int pid)

{

#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

int status = 0;

#if defined(PEGASUS_HAS_SIGNALS)

Line 445

Line 464

#endif

return status;

#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */

// Out-of-Process providers are never started by the cimserver process

// when Privilege Separation is enabled.

return -1;

#endif

}

virtual int authenticatePassword(

Line 486

Line 513

return -1;

}

virtual int updateLogLevel(

const char* logLevel)

{

// If Privilege Separation is not enabled, we don't need to update

// the log level in the Executor.

return 0;

}

private:

Mutex _mutex;

Line 522

Line 557

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_PING_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

ExecutorPingResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

if (response.magic == EXECUTOR_PING_MAGIC)

Line 550

Line 585

if (mode != 'r' && mode != 'w' && mode != 'a')

return NULL;

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_OPEN_FILE_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return NULL;

// _send request body.

// Send request body.

ExecutorOpenFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE);

request.mode = mode;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return NULL;

// Receive the response

ExecutorOpenFileResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return NULL;

// Receive descriptor (if response successful).

Line 604

Line 639

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_RENAME_FILE_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorRenameFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.oldPath, oldPath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.newPath, newPath, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorRenameFileResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

Line 637

Line 672

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_REMOVE_FILE_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorRemoveFileRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.path, path, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorRemoveFileResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

Line 668

Line 703

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

Line 681

Line 714

// Reject strings longer than EXECUTOR_BUFFER_SIZE.

size_t n = strlen(module);

size_t moduleNameLength = strlen(module);

if (n >= EXECUTOR_BUFFER_SIZE)

if (moduleNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

// _send request header:

CString userNameCString = userName.getCString();

size_t userNameLength = strlen(userNameCString);

if (userNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_START_PROVIDER_AGENT_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorStartProviderAgentRequest request;

memset(&request, 0, sizeof(request));

memcpy(request.module, module, n);

memcpy(request.module, module, moduleNameLength);

request.uid = uid;

memcpy(request.userName, userNameCString, userNameLength);

request.gid = gid;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorStartProviderAgentResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

// Check response status and pid.

Line 750

Line 788

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_DAEMONIZE_EXECUTOR_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// Receive the response

ExecutorDaemonizeExecutorResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

Line 771

Line 809

virtual int reapProviderAgent(

int pid)

{

AutoMutex autoMutex(_mutex);

// The Executor process automatically cleans up all its child

// processes, so it does not need to explicitly harvest the

// exit status of the cimprovagt processes it starts.

// _send request header:

return 0;

ExecutorRequestHeader header;

header.code = EXECUTOR_REAP_PROVIDER_AGENT;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body:

ExecutorReapProviderAgentRequest request;

memset(&request, 0, sizeof(request));

request.pid = pid;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorReapProviderAgentResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

virtual int authenticatePassword(

Line 806

Line 822

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_AUTHENTICATE_PASSWORD_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorAuthenticatePasswordRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticatePasswordResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

Line 839

Line 855

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_VALIDATE_USER_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorValidateUserRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorValidateUserResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

Line 872

Line 888

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_CHALLENGE_LOCAL_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorChallengeLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.user, username, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorChallengeLocalResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE);

Line 907

Line 923

{

AutoMutex autoMutex(_mutex);

// _send request header:

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_AUTHENTICATE_LOCAL_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

// Send request body.

ExecutorAuthenticateLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticateLocalResponse response_;

if (_recv(_sock, &response_, sizeof(response_)) != sizeof(response_))

if (RecvBlock(_sock, &response_, sizeof(response_)) !=

sizeof(response_))

{

return -1;

}

return response_.status;

}

private:

virtual int updateLogLevel(

const char* logLevel)

static ssize_t _recv(int sock, void* buffer, size_t size)

{

size_t r = size;

AutoMutex autoMutex(_mutex);

char* p = (char*)buffer;

if (size == 0)

return -1;

while (r)

// Send request header:

{

ssize_t n;

EXECUTOR_RESTART(read(sock, p, r), n);

ExecutorRequestHeader header;

header.code = EXECUTOR_UPDATE_LOG_LEVEL_MESSAGE;

if (n == -1)

if (SendBlock(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

else if (n == 0)

return size - r;

r -= n;

// Send request body:

p += n;

}

return size - r;

ExecutorUpdateLogLevelRequest request;

}

memset(&request, 0, sizeof(request));

Strlcpy(request.logLevel, logLevel, EXECUTOR_BUFFER_SIZE);

static ssize_t _send(int sock, void* buffer, size_t size)

if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))

{

return -1;

size_t r = size;

char* p = (char*)buffer;

while (r)

// Receive the response

{

ssize_t n;

ExecutorUpdateLogLevelResponse response;

EXECUTOR_RESTART(write(sock, p, r), n);

if (n == -1)

if (RecvBlock(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

else if (n == 0)

return size - r;

r -= n;

return response.status;

p += n;

}

return size - r;

private:

}

int _sock;

Mutex _mutex;

Line 1000

Line 1003

////////////////////////////////////////////////////////////////////////////////

static int _executorSock = -1;

static ExecutorImpl* _executorImpl = 0;

static AutoPtr<ExecutorImpl> _executorImpl;

static Mutex _executorMutex;

static Once _executorImplOnce = PEGASUS_ONCE_INITIALIZER;

static ExecutorImpl* _getImpl()

{

// Use the double-checked locking technique to avoid the overhead of a lock

// on every call.

if (_executorImpl == 0)

static void _initExecutorImpl()

{

AutoMutex autoMutex(_executorMutex);

if (_executorImpl == 0)

{

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

if (_executorSock == -1)

_executorImpl = new ExecutorLoopbackImpl();

_executorImpl.reset(new ExecutorLoopbackImpl());

else

_executorImpl = new ExecutorSocketImpl(_executorSock);

_executorImpl.reset(new ExecutorSocketImpl(_executorSock));

#else

_executorImpl = new ExecutorLoopbackImpl();

_executorImpl.reset(new ExecutorLoopbackImpl());

#endif

}

return _executorImpl;

}

void Executor::setSock(int sock)

{

AutoMutex autoMutex(_executorMutex);

_executorSock = sock;

}

int Executor::detectExecutor()

{

return _getImpl()->detectExecutor();

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->detectExecutor();

}

int Executor::ping()

{

return _getImpl()->ping();

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->ping();

}

FILE* Executor::openFile(

const char* path,

int mode)

{

return _getImpl()->openFile(path, mode);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->openFile(path, mode);

}

int Executor::renameFile(

const char* oldPath,

const char* newPath)

{

return _getImpl()->renameFile(oldPath, newPath);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->renameFile(oldPath, newPath);

}

int Executor::removeFile(

const char* path)

{

return _getImpl()->removeFile(path);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->removeFile(path);

}

int Executor::startProviderAgent(

const char* module,

const String& pegasusHome,

const String& userName,

int uid,

int gid,

int& pid,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

return _getImpl()->startProviderAgent(module, pegasusHome,

once(&_executorImplOnce, _initExecutorImpl);

userName, uid, gid, pid, readPipe, writePipe);

return _executorImpl->startProviderAgent(

module, pegasusHome, userName, pid, readPipe, writePipe);

}

int Executor::daemonizeExecutor()

{

return _getImpl()->daemonizeExecutor();

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->daemonizeExecutor();

}

int Executor::reapProviderAgent(

int pid)

{

return _getImpl()->reapProviderAgent(pid);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->reapProviderAgent(pid);

}

int Executor::authenticatePassword(

const char* username,

const char* password)

{

return _getImpl()->authenticatePassword(username, password);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->authenticatePassword(username, password);

}

int Executor::validateUser(

const char* username)

{

return _getImpl()->validateUser(username);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->validateUser(username);

}

int Executor::challengeLocal(

const char* user,

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

{

return _getImpl()->challengeLocal(user, challengeFilePath);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->challengeLocal(user, challengeFilePath);

}

int Executor::authenticateLocal(

const char* challengeFilePath,

const char* response)

{

return _getImpl()->authenticateLocal(challengeFilePath, response);

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->authenticateLocal(challengeFilePath, response);

}

int Executor::updateLogLevel(

const char* logLevel)

{

once(&_executorImplOnce, _initExecutorImpl);

return _executorImpl->updateLogLevel(logLevel);

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.1.4.12
changed lines
	Added in v.1.12

No CVS admin address has been configured