pegasus/src/Pegasus/Common/Executor.cpp - diff

Return to Executor.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/Executor.cpp between version 1.1.2.15 and 1.3

version 1.1.2.15, 2007/01/12 06:31:03

version 1.3, 2007/05/30 20:41:28

Line 33

#include <cstdio>

#include <cstdlib>

#include <cstring>

#include <Pegasus/Common/Config.h>

#if defined(PEGASUS_OS_TYPE_WINDOWS)

# include <windows.h>

#else

# include <Executor/Socket.h>

# include <sys/types.h>

# include <sys/socket.h>

# include <unistd.h>

# include <fcntl.h>

# include <sys/wait.h>

# include <unistd.h>

# include <sys/types.h>

# include <sys/time.h>

# include <sys/resource.h>

#endif

#include "Constants.h"

#if defined(PEGASUS_HAS_SIGNALS)

#include "Executor.h"

# include <sys/wait.h>

#include "Mutex.h"

#endif

#include "FileSystem.h"

#include "String.h"

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/Mutex.h>

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/String.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Executor.h>

#include <Executor/Strlcpy.h>

#include <Executor/Strlcat.h>

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

# include <Executor/Socket.h>

# include <Executor/Messages.h>

#endif

Line 100

Line 103

const char* path) = 0;

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe) = 0;

virtual int daemonizeExecutor() = 0;

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid) = 0;

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password) = 0;

SessionKey& sessionKey) = 0;

virtual int validateUser(

const char* username) = 0;

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE]) = 0;

SessionKey& sessionKey) = 0;

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse) = 0;

const char* response) = 0;

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey) = 0;

virtual int deleteSessionKey(

const SessionKey& sessionKey) = 0;

};

////////////////////////////////////////////////////////////////////////////////

Line 202

Line 193

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

// Add logging here.

#if defined(PEGASUS_OS_TYPE_WINDOWS)

AutoMutex autoMutex(_mutex);

Line 223

Line 214

// Create pipes. Export handles to string.

AnonymousPipe* pipeFromAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeFromAgent(new AnonymousPipe());

AnonymousPipe* pipeToAgent = new AnonymousPipe();

AutoPtr<AnonymousPipe> pipeToAgent(new AnonymousPipe());

char readHandle[32];

char writeHandle[32];

Line 244

Line 235

// Build full path of "cimprovagt" program.

String path;

String path = FileSystem::getAbsolutePath(

pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME);

if (_getProviderAgentPath(path) != 0)

{

delete pipeToAgent;

delete pipeFromAgent;

return -1;

}

// Format command line.

Line 277

Line 262

&siStartInfo, // STARTUPINFO

&piProcInfo)) // PROCESS_INFORMATION

{

delete pipeToAgent;

delete pipeFromAgent;

return -1;

}

Line 290

Line 273

pipeToAgent->closeReadHandle();

pipeFromAgent->closeWriteHandle();

readPipe = pipeFromAgent;

readPipe = pipeFromAgent.release();

writePipe = pipeToAgent;

writePipe = pipeToAgent.release();

return 0;

Line 306

Line 289

// Initialize output parameters in case of error.

providerAgentSessionKey.clear();

pid = -1;

readPipe = 0;

writePipe = 0;

Line 320

Line 302

{

// Resolve full path of "cimprovagt".

String path;

String path = FileSystem::getAbsolutePath(

pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME);

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT)

PEGASUS_UID_T newUid = (PEGASUS_UID_T)-1;

PEGASUS_GID_T newGid = (PEGASUS_GID_T)-1;

if (_getProviderAgentPath(path) != 0)

if (userName != System::getEffectiveUserName())

{

if (!System::lookupUserId(

userName.getCString(), newUid, newGid))

{

PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2,

"System::lookupUserId(%s) failed.",

(const char*)userName.getCString()));

return -1;

}

# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */

// Create "to-agent" pipe:

Line 337

Line 336

// Fork process:

#if !defined(PEGASUS_OS_VMS)

# if defined(PEGASUS_OS_VMS)

pid = (int)vfork();

#else

pid = (int)fork();

Line 350

Line 349

if (pid == 0)

{

# if !defined(PEGASUS_OS_VMS)

// Close unused pipe descriptors:

close(to[1]);

close(from[0]);

#if !defined(PEGASUS_OS_VMS)

// Close unused descriptors. Leave stdin, stdout, stderr,

// and the child's pipe descriptors open.

Line 373

Line 372

#endif /* !defined(PEGASUS_OS_VMS) */

// Set uid and gid for the new provider agent process.

# if !defined(PEGASUS_DISABLE_PROV_USERCTXT)

if (uid != -1 && gid != -1)

// Set uid and gid for the new provider agent process.

{

if ((int)getgid() != gid)

{

// ATTN: log failure!

setgid(gid);

}

if ((int)getuid() != uid)

if (newUid != (PEGASUS_UID_T)-1 && newGid != (PEGASUS_GID_T)-1)

{

if (!System::changeUserContext_SingleThreaded(

userName.getCString(), newUid, newGid))

{

// ATTN: log failure!

return -1;

setuid(uid);

}

Line 403

Line 396

{

CString cstr = path.getCString();

execl(cstr, cstr, arg1, arg2, module, (char*)0);

if (execl(cstr, cstr, arg1, arg2, module, (char*)0) == -1)

{

PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2,

"execl() failed. errno = %d.", errno));

_exit(1);

}

// ATTN: log failure!

}

while (0);

Line 444

Line 439

}

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

int status;

int status = 0;

#if defined(PEGASUS_HAS_SIGNALS)

while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR)

;

#endif

return status;

}

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

sessionKey.clear();

#if defined(PEGASUS_PAM_AUTHENTICATION)

return PAMAuthenticate(username, password);

#else

// ATTN: not handled so don't call in this case.

sessionKey.clear();

return -1;

#endif

}

Line 484

Line 476

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

// ATTN: not handled so don't call in this case.

sessionKey.clear();

return -1;

}

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

// ATTN: not handled so don't call in this case.

return -1;

}

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

sessionKey.clear();

return -1;

}

virtual int deleteSessionKey(

const SessionKey& sessionKey)

{

return -1;

}

private:

static int _getProviderAgentPath(String& path)

{

path = PEGASUS_PROVIDER_AGENT_PROC_NAME;

if (path[0] != '/')

{

const char* env = getenv("PEGASUS_HOME");

if (!env)

return -1;

path = String(env) + String("/") + path;

}

return 0;

}

Mutex _mutex;

};

Line 710

Line 669

}

virtual int startProviderAgent(

const SessionKey& sessionKey,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

AutoMutex autoMutex(_mutex);

providerAgentSessionKey.clear();

readPipe = 0;

writePipe = 0;

// Reject strings longer than EXECUTOR_BUFFER_SIZE.

size_t n = strlen(module);

size_t moduleNameLength = strlen(module);

if (moduleNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

CString userNameCString = userName.getCString();

size_t userNameLength = strlen(userNameCString);

if (n >= EXECUTOR_BUFFER_SIZE)

if (userNameLength >= EXECUTOR_BUFFER_SIZE)

return -1;

// _send request header:

Line 744

Line 706

ExecutorStartProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

memcpy(request.module, module, moduleNameLength);

memcpy(request.module, module, n);

memcpy(request.userName, userNameCString, userNameLength);

request.uid = uid;

request.gid = gid;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

Line 759

Line 719

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

// Get the session key.

Strlcpy((char*)providerAgentSessionKey.data(),

response.key, providerAgentSessionKey.size());

// Check response status and pid.

if (response.status != 0)

Line 821

Line 776

}

virtual int reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

AutoMutex autoMutex(_mutex);

Line 838

Line 792

ExecutorReapProviderAgentRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

request.pid = pid;

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

Line 856

Line 809

virtual int authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

Line 888

Line 838

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response.status;

}

Line 927

Line 875

virtual int challengeLocal(

const char* username,

char challenge[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

Line 958

Line 903

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE);

Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE);

return response.status;

}

virtual int authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

AutoMutex autoMutex(_mutex);

Line 982

Line 926

ExecutorAuthenticateLocalRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE);

Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.token, challengeResponse, EXECUTOR_BUFFER_SIZE);

Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE);

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorAuthenticateLocalResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

return response.status;

}

virtual int newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

sessionKey.clear();

// _send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_NEW_SESSION_KEY_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// _send request body.

ExecutorNewSessionKeyRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.username, username, sizeof(request.username));

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorNewSessionKeyResponse response;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

return -1;

Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size());

return response.status;

}

virtual int deleteSessionKey(

const SessionKey& sessionKey)

{

AutoMutex autoMutex(_mutex);

// Send request header:

ExecutorRequestHeader header;

header.code = EXECUTOR_DELETE_SESSION_KEY_MESSAGE;

if (_send(_sock, &header, sizeof(header)) != sizeof(header))

return -1;

// Send request body.

ExecutorDeleteSessionKeyRequest request;

memset(&request, 0, sizeof(request));

Strlcpy(request.key, sessionKey.data(), sizeof(request.key));

if (_send(_sock, &request, sizeof(request)) != sizeof(request))

return -1;

// Receive the response

ExecutorDeleteSessionKeyResponse response;

ExecutorAuthenticateLocalResponse response_;

if (_recv(_sock, &response, sizeof(response)) != sizeof(response))

if (_recv(_sock, &response_, sizeof(response_)) != sizeof(response_))

return -1;

return response.status;

return response_.status;

}

private:

Line 1131

Line 1006

////////////////////////////////////////////////////////////////////////////////

static int _sock = -1;

static int _executorSock = -1;

static ExecutorImpl* _impl = 0;

static ExecutorImpl* _executorImpl = 0;

static Mutex _mutex;

static Mutex _executorMutex;

static ExecutorImpl* _getImpl()

{

// Use the double-checked locking technique to avoid the overhead of a lock

// on every call.

if (_impl == 0)

if (_executorImpl == 0)

{

_mutex.lock();

AutoMutex autoMutex(_executorMutex);

if (_impl == 0)

if (_executorImpl == 0)

{

#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION)

if (_sock == -1)

if (_executorSock == -1)

_impl = new ExecutorLoopbackImpl();

_executorImpl = new ExecutorLoopbackImpl();

else

_impl = new ExecutorSocketImpl(_sock);

_executorImpl = new ExecutorSocketImpl(_executorSock);

#else

_impl = new ExecutorLoopbackImpl();

_executorImpl = new ExecutorLoopbackImpl();

#endif

}

_mutex.unlock();

}

return _impl;

return _executorImpl;

}

void Executor::setSock(int sock)

{

_mutex.lock();

AutoMutex autoMutex(_executorMutex);

_sock = sock;

_executorSock = sock;

_mutex.unlock();

}

int Executor::detectExecutor()

Line 1200

Line 1072

}

int Executor::startProviderAgent(

const SessionKey& sessionKey,

const char* module,

int uid,

const String& pegasusHome,

int gid,

const String& userName,

int& pid,

SessionKey& providerAgentSessionKey,

AnonymousPipe*& readPipe,

AnonymousPipe*& writePipe)

{

return _getImpl()->startProviderAgent(sessionKey, module,

return _getImpl()->startProviderAgent(

uid, gid, pid, providerAgentSessionKey, readPipe, writePipe);

module, pegasusHome, userName, pid, readPipe, writePipe);

}

int Executor::daemonizeExecutor()

Line 1219

Line 1089

}

int Executor::reapProviderAgent(

const SessionKey& sessionKey,

int pid)

{

return _getImpl()->reapProviderAgent(sessionKey, pid);

return _getImpl()->reapProviderAgent(pid);

}

int Executor::authenticatePassword(

const char* username,

const char* password,

const char* password)

SessionKey& sessionKey)

{

return _getImpl()->authenticatePassword(username, password, sessionKey);

return _getImpl()->authenticatePassword(username, password);

}

int Executor::validateUser(

Line 1241

Line 1109

int Executor::challengeLocal(

const char* user,

char path[EXECUTOR_BUFFER_SIZE],

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

SessionKey& sessionKey)

{

return _getImpl()->challengeLocal(user, path, sessionKey);

return _getImpl()->challengeLocal(user, challengeFilePath);

}

int Executor::authenticateLocal(

const SessionKey& sessionKey,

const char* challengeFilePath,

const char* challengeResponse)

const char* response)

{

return _getImpl()->authenticateLocal(sessionKey, challengeResponse);

}

int Executor::newSessionKey(

const char username[EXECUTOR_BUFFER_SIZE],

SessionKey& sessionKey)

{

return _getImpl()->newSessionKey(username, sessionKey);

}

int Executor::deleteSessionKey(

const SessionKey& sessionKey)

{

return _getImpl()->deleteSessionKey(sessionKey);

return _getImpl()->authenticateLocal(challengeFilePath, response);

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.1.2.15
changed lines
	Added in v.1.3

No CVS admin address has been configured