version 1.11, 2007/08/03 00:56:18
|
version 1.28, 2013/04/19 12:08:35
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
// Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// copy of this software and associated documentation files (the "Software"), |
// EMC Corporation; Symantec Corporation; The Open Group. |
// to deal in the Software without restriction, including without limitation |
// |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// and/or sell copies of the Software, and to permit persons to whom the |
// of this software and associated documentation files (the "Software"), to |
// Software is furnished to do so, subject to the following conditions: |
// deal in the Software without restriction, including without limitation the |
// |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// The above copyright notice and this permission notice shall be included |
// sell copies of the Software, and to permit persons to whom the Software is |
// in all copies or substantial portions of the Software. |
// furnished to do so, subject to the following conditions: |
// |
// |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
# include <windows.h> | # include <windows.h> |
#else | #else |
# include <unistd.h> | # include <unistd.h> |
|
# include <errno.h> |
# include <sys/types.h> | # include <sys/types.h> |
# include <sys/time.h> | # include <sys/time.h> |
# include <sys/resource.h> | # include <sys/resource.h> |
|
|
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/Executor.h> | #include <Pegasus/Common/Executor.h> |
| |
#include <Executor/Strlcpy.h> |
|
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
#include <Executor/Strlcpy.h> |
# include <Executor/Socket.h> | # include <Executor/Socket.h> |
# include <Executor/Messages.h> | # include <Executor/Messages.h> |
#endif | #endif |
|
|
# include <as400_protos.h> // For fork400() | # include <as400_protos.h> // For fork400() |
#endif | #endif |
| |
|
#ifdef PEGASUS_OS_ZOS |
|
# include <spawn.h> |
|
#endif |
|
|
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
|
|
const char* path) = 0; | const char* path) = 0; |
| |
virtual int startProviderAgent( | virtual int startProviderAgent( |
|
unsigned short bitness, |
const char* module, | const char* module, |
const String& pegasusHome, | const String& pegasusHome, |
const String& userName, | const String& userName, |
|
|
const char* path, | const char* path, |
int mode) | int mode) |
{ | { |
|
FILE* fhandle = NULL; |
switch (mode) | switch (mode) |
{ | { |
case 'r': | case 'r': |
return fopen(path, "rb"); |
fhandle = fopen(path, "r"); |
|
break; |
| |
case 'w': | case 'w': |
return fopen(path, "wb"); |
fhandle = fopen(path, "w"); |
|
break; |
| |
case 'a': | case 'a': |
return fopen(path, "a+"); |
fhandle = fopen(path, "a+"); |
|
break; |
| |
default: | default: |
return NULL; |
PEGASUS_ASSERT(fhandle); |
|
break; |
|
} |
|
|
|
if(!fhandle) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"Open of file %s in mode %c failed: %s",path,mode, |
|
(const char*) PEGASUS_SYSTEM_ERRORMSG.getCString())); |
} | } |
|
return fhandle; |
} | } |
| |
virtual int renameFile( | virtual int renameFile( |
|
|
| |
| |
virtual int startProviderAgent( | virtual int startProviderAgent( |
|
unsigned short bitness, |
const char* module, | const char* module, |
const String& pegasusHome, | const String& pegasusHome, |
const String& userName, | const String& userName, |
|
|
AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
{ | { |
|
PEG_METHOD_ENTER(TRC_SERVER,"ExecutorLoopbackImpl::startProviderAgent"); |
|
|
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| |
|
// Resolve full path of "cimprovagt" program. |
|
|
|
String path = FileSystem::getAbsolutePath( |
|
pegasusHome.getCString(), |
|
bitness == PG_PROVMODULE_BITNESS_32 ? |
|
PEGASUS_PROVIDER_AGENT32_PROC_NAME : |
|
PEGASUS_PROVIDER_AGENT_PROC_NAME); |
|
|
|
// Create CString handles for cimprovagt arguments |
|
|
|
CString agentProgramPath = path.getCString(); |
|
CString userNameCString = userName.getCString(); |
|
|
|
# if defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS) |
|
const char* setUserContextFlag = "0"; // False |
|
# else |
|
const char* setUserContextFlag = "1"; // True |
|
# endif |
|
|
# if defined(PEGASUS_OS_TYPE_WINDOWS) | # if defined(PEGASUS_OS_TYPE_WINDOWS) |
| |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
|
|
ZeroMemory(&siStartInfo, sizeof (STARTUPINFO)); | ZeroMemory(&siStartInfo, sizeof (STARTUPINFO)); |
siStartInfo.cb = sizeof (STARTUPINFO); | siStartInfo.cb = sizeof (STARTUPINFO); |
| |
// Build full path of "cimprovagt" program. |
|
|
|
String path = FileSystem::getAbsolutePath( |
|
pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME); |
|
|
|
// Format command line. | // Format command line. |
| |
char cmdLine[2048]; | char cmdLine[2048]; |
| |
sprintf(cmdLine, "\"%s\" %s %s \"%s\"", |
sprintf(cmdLine, "\"%s\" %s %s %s \"%s\" \"%s\"", |
(const char*)path.getCString(), |
(const char*)agentProgramPath, |
|
setUserContextFlag, |
readHandle, | readHandle, |
writeHandle, | writeHandle, |
|
(const char*)userNameCString, |
module); | module); |
| |
// Create provider agent proess. | // Create provider agent proess. |
|
|
&siStartInfo, // STARTUPINFO | &siStartInfo, // STARTUPINFO |
&piProcInfo)) // PROCESS_INFORMATION | &piProcInfo)) // PROCESS_INFORMATION |
{ | { |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
} | } |
| |
|
|
readPipe = pipeFromAgent.release(); | readPipe = pipeFromAgent.release(); |
writePipe = pipeToAgent.release(); | writePipe = pipeToAgent.release(); |
| |
|
PEG_METHOD_EXIT(); |
return 0; | return 0; |
| |
# else /* POSIX CASE FOLLOWS */ | # else /* POSIX CASE FOLLOWS */ |
|
|
| |
int to[2]; | int to[2]; |
int from[2]; | int from[2]; |
|
char toPipeArg[32]; |
|
char fromPipeArg[32]; |
| |
do | do |
{ | { |
// Resolve full path of "cimprovagt". |
// Create "to-agent" pipe: |
|
|
String path = FileSystem::getAbsolutePath( |
|
pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME); |
|
| |
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
if (pipe(to) != 0) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
| |
PEGASUS_UID_T newUid = (PEGASUS_UID_T)-1; |
// Create "from-agent" pipe: |
PEGASUS_GID_T newGid = (PEGASUS_GID_T)-1; |
|
| |
if (userName != System::getEffectiveUserName()) |
if (pipe(from) != 0) |
{ |
|
if (!System::lookupUserId( |
|
userName.getCString(), newUid, newGid)) |
|
{ | { |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2, |
PEG_METHOD_EXIT(); |
"System::lookupUserId(%s) failed.", |
|
(const char*)userName.getCString())); |
|
return -1; | return -1; |
} | } |
} |
|
| |
# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
// Initialize the cimprovagt pipe arguments: |
| |
// Create "to-agent" pipe: |
sprintf(toPipeArg, "%d", to[0]); |
|
sprintf(fromPipeArg, "%d", from[1]); |
| |
if (pipe(to) != 0) |
// Start provider agent: |
return -1; |
|
| |
// Create "from-agent" pipe: |
# if defined(PEGASUS_OS_ZOS) |
|
// zOS uses __spawn2() instead of fork() to start provider agent |
| |
if (pipe(from) != 0) |
struct __inheritance inherit; |
|
const char *c_argv[7]; |
|
|
|
c_argv[0] = agentProgramPath; |
|
c_argv[1] = setUserContextFlag; |
|
c_argv[2] = toPipeArg; |
|
c_argv[3] = fromPipeArg; |
|
c_argv[4] = userNameCString; |
|
c_argv[5] = module; |
|
c_argv[6] = NULL; |
|
|
|
// reset the inherit structure |
|
memset(&inherit,0,sizeof(inherit)); |
|
|
|
// The provider agent should get a defined JobName. |
|
inherit.flags=SPAWN_SETJOBNAME; |
|
memcpy( inherit.jobname,"CFZOOPA ", |
|
sizeof(inherit.jobname)); |
|
|
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, |
|
"Starting provider agent: %s %s %s %s %s %s %s", |
|
(const char*)agentProgramPath, |
|
c_argv[0], |
|
c_argv[1], |
|
c_argv[2], |
|
c_argv[3], |
|
c_argv[4], |
|
c_argv[5])); |
|
|
|
pid = __spawn2(agentProgramPath,0,NULL,&inherit, |
|
c_argv,(const char **)environ); |
|
|
|
if (pid < 0) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"Spawn of provider agent fails:%s " |
|
"( errno %d , reason code %08X )", |
|
strerror(errno) ,errno,__errno2())); |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
} |
| |
// Fork process: |
# else // !defined(PEGASUS_OS_ZOS) |
| |
# if defined(PEGASUS_OS_VMS) | # if defined(PEGASUS_OS_VMS) |
pid = (int)vfork(); | pid = (int)vfork(); |
|
|
# endif | # endif |
| |
if (pid < 0) | if (pid < 0) |
|
{ |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
|
"Fork for provider agent fails: errno = %d",errno)); |
|
PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
} |
// If child proceses. |
|
| |
if (pid == 0) | if (pid == 0) |
{ | { |
|
// Child process |
|
|
# if !defined(PEGASUS_OS_VMS) | # if !defined(PEGASUS_OS_VMS) |
// Close unused pipe descriptors: | // Close unused pipe descriptors: |
| |
close(to[1]); | close(to[1]); |
close(from[0]); | close(from[0]); |
| |
|
|
// Close unused descriptors. Leave stdin, stdout, stderr, | // Close unused descriptors. Leave stdin, stdout, stderr, |
// and the child's pipe descriptors open. | // and the child's pipe descriptors open. |
| |
|
|
| |
# endif /* !defined(PEGASUS_OS_VMS) */ | # endif /* !defined(PEGASUS_OS_VMS) */ |
| |
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
|
|
|
// Set uid and gid for the new provider agent process. |
|
|
|
if (newUid != (PEGASUS_UID_T)-1 && newGid != (PEGASUS_GID_T)-1) |
|
{ |
|
if (!System::changeUserContext_SingleThreaded( |
|
userName.getCString(), newUid, newGid)) |
|
{ |
|
return -1; |
|
} |
|
} |
|
|
|
# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
|
|
|
// Exec the cimprovagt program. | // Exec the cimprovagt program. |
| |
char arg1[32]; |
|
char arg2[32]; |
|
sprintf(arg1, "%d", to[0]); |
|
sprintf(arg2, "%d", from[1]); |
|
|
|
{ | { |
CString cstr = path.getCString(); |
if (execl( |
if (execl(cstr, cstr, arg1, arg2, module, (char*)0) == -1) |
agentProgramPath, |
|
agentProgramPath, |
|
setUserContextFlag, |
|
toPipeArg, |
|
fromPipeArg, |
|
(const char*)userNameCString, |
|
module, |
|
(char*)0) == -1) |
{ | { |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2, |
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1, |
"execl() failed. errno = %d.", errno)); | "execl() failed. errno = %d.", errno)); |
_exit(1); | _exit(1); |
} | } |
} | } |
} | } |
|
# endif /* PEGASUS_OS_ZOS */ |
} | } |
while (0); | while (0); |
| |
|
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, |
|
"Provider agent started: pid(%d).", pid)); |
|
|
// Close unused pipe descriptors. | // Close unused pipe descriptors. |
| |
close(to[0]); | close(to[0]); |
|
|
readPipe = new AnonymousPipe(readFdStr, 0); | readPipe = new AnonymousPipe(readFdStr, 0); |
writePipe = new AnonymousPipe(0, writeFdStr); | writePipe = new AnonymousPipe(0, writeFdStr); |
| |
|
# if defined(PEGASUS_HAS_SIGNALS) && \ |
|
!(defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS)) |
|
// The cimprovagt forks and returns right away. Clean up the zombie |
|
// process now instead of in reapProviderAgent(). |
|
int status = 0; |
|
while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
|
; |
|
# endif |
|
|
|
PEG_METHOD_EXIT(); |
return 0; | return 0; |
| |
# endif /* POSIX CASE */ | # endif /* POSIX CASE */ |
|
|
return -1; | return -1; |
} | } |
| |
virtual int reapProviderAgent( |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
int pid) |
virtual int reapProviderAgent(int) |
{ | { |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
|
|
int status = 0; |
|
|
|
# if defined(PEGASUS_HAS_SIGNALS) |
|
while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
|
; |
|
# endif |
|
|
|
return status; |
|
|
|
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */ |
|
|
|
// Out-of-Process providers are never started by the cimserver process | // Out-of-Process providers are never started by the cimserver process |
// when Privilege Separation is enabled. | // when Privilege Separation is enabled. |
return -1; | return -1; |
|
|
#endif |
|
} | } |
|
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is NOT defined */ |
|
# if defined(PEGASUS_HAS_SIGNALS) && \ |
|
(defined(PEGASUS_DISABLE_PROV_USERCTXT) || defined(PEGASUS_OS_ZOS)) |
|
virtual int reapProviderAgent(int pid) |
|
{ |
|
int status = 0; |
|
// When provider user context is enabled, this is done in |
|
// startProviderAgent(). |
|
while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
|
{ |
|
}; |
|
return status; |
|
} |
|
# else |
|
virtual int reapProviderAgent(int) |
|
{ |
|
return 0; |
|
} |
|
# endif |
|
#endif |
| |
|
|
|
#if defined(PEGASUS_PAM_AUTHENTICATION) |
virtual int authenticatePassword( | virtual int authenticatePassword( |
const char* username, | const char* username, |
const char* password) | const char* password) |
{ | { |
#if defined(PEGASUS_PAM_AUTHENTICATION) |
|
return PAMAuthenticate(username, password); | return PAMAuthenticate(username, password); |
#else |
|
// ATTN: not handled so don't call in this case. |
|
return -1; |
|
#endif |
|
} | } |
| |
virtual int validateUser( | virtual int validateUser( |
const char* username) | const char* username) |
{ | { |
#if defined(PEGASUS_PAM_AUTHENTICATION) |
|
return PAMValidateUser(username); | return PAMValidateUser(username); |
|
} |
#else | #else |
|
virtual int authenticatePassword( |
|
const char*, |
|
const char*) |
|
{ |
// ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
return -1; | return -1; |
#endif |
|
} | } |
| |
|
virtual int validateUser( |
|
const char*) |
|
{ |
|
// ATTN: not handled so don't call in this case. |
|
return -1; |
|
} |
|
#endif |
|
|
virtual int challengeLocal( | virtual int challengeLocal( |
const char* username, |
const char*, |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
char[EXECUTOR_BUFFER_SIZE]) |
{ | { |
// ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
return -1; | return -1; |
} | } |
| |
virtual int authenticateLocal( | virtual int authenticateLocal( |
const char* challengeFilePath, |
const char*, |
const char* response) |
const char*) |
{ | { |
// ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
return -1; | return -1; |
} | } |
| |
virtual int updateLogLevel( | virtual int updateLogLevel( |
const char* logLevel) |
const char*) |
{ | { |
// If Privilege Separation is not enabled, we don't need to update | // If Privilege Separation is not enabled, we don't need to update |
// the log level in the Executor. | // the log level in the Executor. |
|
|
} | } |
| |
virtual int startProviderAgent( | virtual int startProviderAgent( |
|
unsigned short bitness, |
const char* module, | const char* module, |
const String& pegasusHome, | const String& pegasusHome, |
const String& userName, | const String& userName, |
|
|
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
memcpy(request.module, module, moduleNameLength); | memcpy(request.module, module, moduleNameLength); |
memcpy(request.userName, userNameCString, userNameLength); | memcpy(request.userName, userNameCString, userNameLength); |
|
request.moduleBitness = bitness; |
| |
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) | if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) |
return -1; | return -1; |
|
|
} | } |
| |
int Executor::startProviderAgent( | int Executor::startProviderAgent( |
|
unsigned short bitness, |
const char* module, | const char* module, |
const String& pegasusHome, | const String& pegasusHome, |
const String& userName, | const String& userName, |
|
|
AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
{ | { |
once(&_executorImplOnce, _initExecutorImpl); | once(&_executorImplOnce, _initExecutorImpl); |
return _executorImpl->startProviderAgent( |
return _executorImpl->startProviderAgent(bitness, |
module, pegasusHome, userName, pid, readPipe, writePipe); | module, pegasusHome, userName, pid, readPipe, writePipe); |
} | } |
| |