|
version 1.1.2.16, 2007/01/17 18:48:54
|
version 1.7, 2007/06/13 21:21:53
|
|
|
|
| | |
| #include <cstdio> | #include <cstdio> |
| #include <cstdlib> | #include <cstdlib> |
| #include <cstdlib> |
|
| #include <cstring> | #include <cstring> |
| | |
| |
#include <Pegasus/Common/Config.h> |
| |
|
| #if defined(PEGASUS_OS_TYPE_WINDOWS) | #if defined(PEGASUS_OS_TYPE_WINDOWS) |
| # include <windows.h> | # include <windows.h> |
| #else | #else |
| # include <Executor/Socket.h> |
|
| # include <sys/types.h> |
|
| # include <sys/socket.h> |
|
| # include <unistd.h> |
|
| # include <fcntl.h> |
|
| # include <sys/wait.h> |
|
| # include <unistd.h> | # include <unistd.h> |
| |
# include <sys/types.h> |
| # include <sys/time.h> | # include <sys/time.h> |
| # include <sys/resource.h> | # include <sys/resource.h> |
| #endif | #endif |
| | |
| #include "Constants.h" |
#if defined(PEGASUS_HAS_SIGNALS) |
| #include "Executor.h" |
# include <sys/wait.h> |
| #include "Mutex.h" |
#endif |
| #include "FileSystem.h" |
|
| #include "String.h" |
#include <Pegasus/Common/Constants.h> |
| |
#include <Pegasus/Common/Mutex.h> |
| |
#include <Pegasus/Common/Once.h> |
| |
#include <Pegasus/Common/FileSystem.h> |
| |
#include <Pegasus/Common/String.h> |
| |
#include <Pegasus/Common/Tracer.h> |
| |
#include <Pegasus/Common/System.h> |
| |
#include <Pegasus/Common/Executor.h> |
| |
|
| #include <Executor/Strlcpy.h> | #include <Executor/Strlcpy.h> |
| #include <Executor/Strlcat.h> |
|
| | |
| #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| |
# include <Executor/Socket.h> |
| # include <Executor/Messages.h> | # include <Executor/Messages.h> |
| #endif | #endif |
| | |
|
|
|
| const char* path) = 0; | const char* path) = 0; |
| | |
| virtual int startProviderAgent( | virtual int startProviderAgent( |
| const SessionKey& sessionKey, |
|
| const char* module, | const char* module, |
| int uid, |
const String& pegasusHome, |
| int gid, |
const String& userName, |
| int& pid, | int& pid, |
| SessionKey& providerAgentSessionKey, |
|
| AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
| AnonymousPipe*& writePipe) = 0; | AnonymousPipe*& writePipe) = 0; |
| | |
| virtual int daemonizeExecutor() = 0; | virtual int daemonizeExecutor() = 0; |
| | |
| virtual int reapProviderAgent( | virtual int reapProviderAgent( |
| const SessionKey& sessionKey, |
|
| int pid) = 0; | int pid) = 0; |
| | |
| virtual int authenticatePassword( | virtual int authenticatePassword( |
| const char* username, | const char* username, |
| const char* password, |
const char* password) = 0; |
| SessionKey& sessionKey) = 0; |
|
| | |
| virtual int validateUser( | virtual int validateUser( |
| const char* username) = 0; | const char* username) = 0; |
| | |
| virtual int challengeLocal( | virtual int challengeLocal( |
| const char* username, | const char* username, |
| char challenge[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) = 0; |
| SessionKey& sessionKey) = 0; |
|
| | |
| virtual int authenticateLocal( | virtual int authenticateLocal( |
| const SessionKey& sessionKey, |
const char* challengeFilePath, |
| const char* challengeResponse) = 0; |
const char* response) = 0; |
| |
|
| virtual int newSessionKey( |
|
| const char username[EXECUTOR_BUFFER_SIZE], |
|
| SessionKey& sessionKey) = 0; |
|
| |
|
| virtual int deleteSessionKey( |
|
| const SessionKey& sessionKey) = 0; |
|
| |
|
| virtual int refreshPolicy() = 0; |
|
| }; | }; |
| | |
| //////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
|
|
|
| | |
| | |
| virtual int startProviderAgent( | virtual int startProviderAgent( |
| const SessionKey& sessionKey, |
|
| const char* module, | const char* module, |
| int uid, |
const String& pegasusHome, |
| int gid, |
const String& userName, |
| int& pid, | int& pid, |
| SessionKey& providerAgentSessionKey, |
|
| AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
| AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
| { | { |
| |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| |
|
| #if defined(PEGASUS_OS_TYPE_WINDOWS) | #if defined(PEGASUS_OS_TYPE_WINDOWS) |
| | |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
|
|
|
| | |
| // Create pipes. Export handles to string. | // Create pipes. Export handles to string. |
| | |
| AnonymousPipe* pipeFromAgent = new AnonymousPipe(); |
AutoPtr<AnonymousPipe> pipeFromAgent(new AnonymousPipe()); |
| AnonymousPipe* pipeToAgent = new AnonymousPipe(); |
AutoPtr<AnonymousPipe> pipeToAgent(new AnonymousPipe()); |
| | |
| char readHandle[32]; | char readHandle[32]; |
| char writeHandle[32]; | char writeHandle[32]; |
|
|
|
| | |
| // Build full path of "cimprovagt" program. | // Build full path of "cimprovagt" program. |
| | |
| String path; |
String path = FileSystem::getAbsolutePath( |
| |
pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME); |
| if (_getProviderAgentPath(path) != 0) |
|
| { |
|
| delete pipeToAgent; |
|
| delete pipeFromAgent; |
|
| return -1; |
|
| } |
|
| | |
| // Format command line. | // Format command line. |
| | |
|
|
|
| &siStartInfo, // STARTUPINFO | &siStartInfo, // STARTUPINFO |
| &piProcInfo)) // PROCESS_INFORMATION | &piProcInfo)) // PROCESS_INFORMATION |
| { | { |
| delete pipeToAgent; |
|
| delete pipeFromAgent; |
|
| return -1; | return -1; |
| } | } |
| | |
|
|
|
| pipeToAgent->closeReadHandle(); | pipeToAgent->closeReadHandle(); |
| pipeFromAgent->closeWriteHandle(); | pipeFromAgent->closeWriteHandle(); |
| | |
| readPipe = pipeFromAgent; |
readPipe = pipeFromAgent.release(); |
| writePipe = pipeToAgent; |
writePipe = pipeToAgent.release(); |
| | |
| return 0; | return 0; |
| | |
| #elif defined(PEGASUS_OS_OS400) |
|
| |
|
| // ATTN: no implementation for OS400. |
|
| return -1; |
|
| |
|
| #else /* POSIX CASE FOLLOWS */ | #else /* POSIX CASE FOLLOWS */ |
| | |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| | |
| // Initialize output parameters in case of error. | // Initialize output parameters in case of error. |
| | |
| providerAgentSessionKey.clear(); |
|
| pid = -1; | pid = -1; |
| readPipe = 0; | readPipe = 0; |
| writePipe = 0; | writePipe = 0; |
|
|
|
| { | { |
| // Resolve full path of "cimprovagt". | // Resolve full path of "cimprovagt". |
| | |
| String path; |
String path = FileSystem::getAbsolutePath( |
| |
pegasusHome.getCString(), PEGASUS_PROVIDER_AGENT_PROC_NAME); |
| | |
| if (_getProviderAgentPath(path) != 0) |
# if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
| |
|
| |
PEGASUS_UID_T newUid = (PEGASUS_UID_T)-1; |
| |
PEGASUS_GID_T newGid = (PEGASUS_GID_T)-1; |
| |
|
| |
if (userName != System::getEffectiveUserName()) |
| |
{ |
| |
if (!System::lookupUserId( |
| |
userName.getCString(), newUid, newGid)) |
| |
{ |
| |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2, |
| |
"System::lookupUserId(%s) failed.", |
| |
(const char*)userName.getCString())); |
| return -1; | return -1; |
| |
} |
| |
} |
| |
|
| |
# endif /* !defined(PEGASUS_DISABLE_PROV_USERCTXT) */ |
| | |
| // Create "to-agent" pipe: | // Create "to-agent" pipe: |
| | |
|
|
|
| | |
| // Fork process: | // Fork process: |
| | |
| #if !defined(PEGASUS_OS_VMS) |
# if defined(PEGASUS_OS_VMS) |
| pid = (int)vfork(); | pid = (int)vfork(); |
| #else | #else |
| pid = (int)fork(); | pid = (int)fork(); |
|
|
|
| | |
| if (pid == 0) | if (pid == 0) |
| { | { |
| |
# if !defined(PEGASUS_OS_VMS) |
| // Close unused pipe descriptors: | // Close unused pipe descriptors: |
| | |
| close(to[1]); | close(to[1]); |
| close(from[0]); | close(from[0]); |
| | |
| #if !defined(PEGASUS_OS_VMS) |
|
| | |
| // Close unused descriptors. Leave stdin, stdout, stderr, | // Close unused descriptors. Leave stdin, stdout, stderr, |
| // and the child's pipe descriptors open. | // and the child's pipe descriptors open. |
|
|
|
| | |
| #endif /* !defined(PEGASUS_OS_VMS) */ | #endif /* !defined(PEGASUS_OS_VMS) */ |
| | |
| // Set uid and gid for the new provider agent process. |
|
| |
|
| # if !defined(PEGASUS_DISABLE_PROV_USERCTXT) | # if !defined(PEGASUS_DISABLE_PROV_USERCTXT) |
| | |
| if (uid != -1 && gid != -1) |
// Set uid and gid for the new provider agent process. |
| { |
|
| if ((int)getgid() != gid) |
|
| { |
|
| // ATTN: log failure! |
|
| setgid(gid); |
|
| } |
|
| | |
| if ((int)getuid() != uid) |
if (newUid != (PEGASUS_UID_T)-1 && newGid != (PEGASUS_GID_T)-1) |
| |
{ |
| |
if (!System::changeUserContext_SingleThreaded( |
| |
userName.getCString(), newUid, newGid)) |
| { | { |
| // ATTN: log failure! |
return -1; |
| setuid(uid); |
|
| } | } |
| } | } |
| | |
|
|
|
| | |
| { | { |
| CString cstr = path.getCString(); | CString cstr = path.getCString(); |
| execl(cstr, cstr, arg1, arg2, module, (char*)0); |
if (execl(cstr, cstr, arg1, arg2, module, (char*)0) == -1) |
| |
{ |
| |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2, |
| |
"execl() failed. errno = %d.", errno)); |
| _exit(1); | _exit(1); |
| } | } |
| |
} |
| // ATTN: log failure! |
|
| } | } |
| } | } |
| while (0); | while (0); |
|
|
|
| | |
| return 0; | return 0; |
| | |
| #endif /* !defined(START_PROVIDER_AGENT) */ |
# endif /* POSIX CASE */ |
| |
|
| |
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */ |
| |
|
| |
// Out-of-Process providers are never started by the cimserver process |
| |
// when Privilege Separation is enabled. |
| |
return -1; |
| |
|
| |
#endif |
| } | } |
| | |
| virtual int daemonizeExecutor() | virtual int daemonizeExecutor() |
|
|
|
| } | } |
| | |
| virtual int reapProviderAgent( | virtual int reapProviderAgent( |
| const SessionKey& sessionKey, |
|
| int pid) | int pid) |
| { | { |
| int status; |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| | |
| |
int status = 0; |
| |
|
| |
# if defined(PEGASUS_HAS_SIGNALS) |
| while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) | while ((status = waitpid(pid, 0, 0)) == -1 && errno == EINTR) |
| ; | ; |
| |
# endif |
| | |
| return status; | return status; |
| |
|
| |
#else /* PEGASUS_ENABLE_PRIVILEGE_SEPARATION is defined */ |
| |
|
| |
// Out-of-Process providers are never started by the cimserver process |
| |
// when Privilege Separation is enabled. |
| |
return -1; |
| |
|
| |
#endif |
| } | } |
| | |
| virtual int authenticatePassword( | virtual int authenticatePassword( |
| const char* username, | const char* username, |
| const char* password, |
const char* password) |
| SessionKey& sessionKey) |
|
| { | { |
| sessionKey.clear(); |
|
| |
|
| #if defined(PEGASUS_PAM_AUTHENTICATION) | #if defined(PEGASUS_PAM_AUTHENTICATION) |
| return PAMAuthenticate(username, password); | return PAMAuthenticate(username, password); |
| #else | #else |
| // ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
| sessionKey.clear(); |
|
| return -1; | return -1; |
| #endif | #endif |
| } | } |
|
|
|
| | |
| virtual int challengeLocal( | virtual int challengeLocal( |
| const char* username, | const char* username, |
| char challenge[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
| SessionKey& sessionKey) |
|
| { | { |
| // ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
| sessionKey.clear(); |
|
| return -1; | return -1; |
| } | } |
| | |
| virtual int authenticateLocal( | virtual int authenticateLocal( |
| const SessionKey& sessionKey, |
const char* challengeFilePath, |
| const char* challengeResponse) |
const char* response) |
| { | { |
| // ATTN: not handled so don't call in this case. | // ATTN: not handled so don't call in this case. |
| return -1; | return -1; |
| } | } |
| | |
| virtual int newSessionKey( |
|
| const char username[EXECUTOR_BUFFER_SIZE], |
|
| SessionKey& sessionKey) |
|
| { |
|
| sessionKey.clear(); |
|
| return -1; |
|
| } |
|
| |
|
| virtual int deleteSessionKey( |
|
| const SessionKey& sessionKey) |
|
| { |
|
| return -1; |
|
| } |
|
| |
|
| virtual int refreshPolicy() |
|
| { |
|
| return -1; |
|
| } |
|
| |
|
| private: | private: |
| | |
| static int _getProviderAgentPath(String& path) |
|
| { |
|
| path = PEGASUS_PROVIDER_AGENT_PROC_NAME; |
|
| |
|
| if (path[0] != '/') |
|
| { |
|
| const char* env = getenv("PEGASUS_HOME"); |
|
| |
|
| if (!env) |
|
| return -1; |
|
| |
|
| path = String(env) + String("/") + path; |
|
| } |
|
| |
|
| return 0; |
|
| } |
|
| |
|
| Mutex _mutex; | Mutex _mutex; |
| }; | }; |
| | |
|
|
|
| } | } |
| | |
| virtual int startProviderAgent( | virtual int startProviderAgent( |
| const SessionKey& sessionKey, |
|
| const char* module, | const char* module, |
| int uid, |
const String& pegasusHome, |
| int gid, |
const String& userName, |
| int& pid, | int& pid, |
| SessionKey& providerAgentSessionKey, |
|
| AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
| AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
| { | { |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| | |
| providerAgentSessionKey.clear(); |
|
| readPipe = 0; | readPipe = 0; |
| writePipe = 0; | writePipe = 0; |
| | |
| // Reject strings longer than EXECUTOR_BUFFER_SIZE. | // Reject strings longer than EXECUTOR_BUFFER_SIZE. |
| | |
| size_t n = strlen(module); |
size_t moduleNameLength = strlen(module); |
| |
|
| |
if (moduleNameLength >= EXECUTOR_BUFFER_SIZE) |
| |
return -1; |
| |
|
| |
CString userNameCString = userName.getCString(); |
| |
size_t userNameLength = strlen(userNameCString); |
| | |
| if (n >= EXECUTOR_BUFFER_SIZE) |
if (userNameLength >= EXECUTOR_BUFFER_SIZE) |
| return -1; | return -1; |
| | |
| // _send request header: | // _send request header: |
|
|
|
| | |
| ExecutorStartProviderAgentRequest request; | ExecutorStartProviderAgentRequest request; |
| memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
| Strlcpy(request.key, sessionKey.data(), sizeof(request.key)); |
memcpy(request.module, module, moduleNameLength); |
| memcpy(request.module, module, n); |
memcpy(request.userName, userNameCString, userNameLength); |
| request.uid = uid; |
|
| request.gid = gid; |
|
| | |
| if (_send(_sock, &request, sizeof(request)) != sizeof(request)) | if (_send(_sock, &request, sizeof(request)) != sizeof(request)) |
| return -1; | return -1; |
|
|
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) | if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
| return -1; | return -1; |
| | |
| // Get the session key. |
|
| |
|
| Strlcpy((char*)providerAgentSessionKey.data(), |
|
| response.key, providerAgentSessionKey.size()); |
|
| |
|
| // Check response status and pid. | // Check response status and pid. |
| | |
| if (response.status != 0) | if (response.status != 0) |
|
|
|
| } | } |
| | |
| virtual int reapProviderAgent( | virtual int reapProviderAgent( |
| const SessionKey& sessionKey, |
|
| int pid) | int pid) |
| { | { |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
|
|
|
| | |
| ExecutorReapProviderAgentRequest request; | ExecutorReapProviderAgentRequest request; |
| memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
| Strlcpy(request.key, sessionKey.data(), sizeof(request.key)); |
|
| request.pid = pid; | request.pid = pid; |
| | |
| if (_send(_sock, &request, sizeof(request)) != sizeof(request)) | if (_send(_sock, &request, sizeof(request)) != sizeof(request)) |
|
|
|
| | |
| virtual int authenticatePassword( | virtual int authenticatePassword( |
| const char* username, | const char* username, |
| const char* password, |
const char* password) |
| SessionKey& sessionKey) |
|
| { | { |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| | |
| sessionKey.clear(); |
|
| |
|
| // _send request header: | // _send request header: |
| | |
| ExecutorRequestHeader header; | ExecutorRequestHeader header; |
|
|
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) | if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
| return -1; | return -1; |
| | |
| Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
|
| |
|
| return response.status; | return response.status; |
| } | } |
| | |
|
|
|
| | |
| virtual int challengeLocal( | virtual int challengeLocal( |
| const char* username, | const char* username, |
| char challenge[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
| SessionKey& sessionKey) |
|
| { | { |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| | |
| sessionKey.clear(); |
|
| |
|
| // _send request header: | // _send request header: |
| | |
| ExecutorRequestHeader header; | ExecutorRequestHeader header; |
|
|
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) | if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
| return -1; | return -1; |
| | |
| Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
Strlcpy(challengeFilePath, response.challenge, EXECUTOR_BUFFER_SIZE); |
| Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE); |
|
| | |
| return response.status; | return response.status; |
| } | } |
| | |
| virtual int authenticateLocal( | virtual int authenticateLocal( |
| const SessionKey& sessionKey, |
const char* challengeFilePath, |
| const char* challengeResponse) |
const char* response) |
| { | { |
| AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| | |
|
|
|
| | |
| ExecutorAuthenticateLocalRequest request; | ExecutorAuthenticateLocalRequest request; |
| memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
| Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.challenge, challengeFilePath, EXECUTOR_BUFFER_SIZE); |
| Strlcpy(request.token, challengeResponse, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.response, response, EXECUTOR_BUFFER_SIZE); |
| | |
| if (_send(_sock, &request, sizeof(request)) != sizeof(request)) | if (_send(_sock, &request, sizeof(request)) != sizeof(request)) |
| return -1; | return -1; |
| | |
| // Receive the response | // Receive the response |
| | |
| ExecutorAuthenticateLocalResponse response; |
ExecutorAuthenticateLocalResponse response_; |
| | |
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
if (_recv(_sock, &response_, sizeof(response_)) != sizeof(response_)) |
| return -1; |
|
| |
|
| return response.status; |
|
| } |
|
| |
|
| virtual int newSessionKey( |
|
| const char username[EXECUTOR_BUFFER_SIZE], |
|
| SessionKey& sessionKey) |
|
| { |
|
| AutoMutex autoMutex(_mutex); |
|
| |
|
| sessionKey.clear(); |
|
| |
|
| // _send request header: |
|
| |
|
| ExecutorRequestHeader header; |
|
| header.code = EXECUTOR_NEW_SESSION_KEY_MESSAGE; |
|
| |
|
| if (_send(_sock, &header, sizeof(header)) != sizeof(header)) |
|
| return -1; |
|
| |
|
| // _send request body. |
|
| |
|
| ExecutorNewSessionKeyRequest request; |
|
| memset(&request, 0, sizeof(request)); |
|
| Strlcpy(request.username, username, sizeof(request.username)); |
|
| |
|
| if (_send(_sock, &request, sizeof(request)) != sizeof(request)) |
|
| return -1; |
|
| |
|
| // Receive the response |
|
| |
|
| ExecutorNewSessionKeyResponse response; |
|
| |
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
|
| return -1; |
|
| |
|
| Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
|
| |
|
| return response.status; |
|
| } |
|
| |
|
| virtual int deleteSessionKey( |
|
| const SessionKey& sessionKey) |
|
| { |
|
| AutoMutex autoMutex(_mutex); |
|
| |
|
| // Send request header: |
|
| |
|
| ExecutorRequestHeader header; |
|
| header.code = EXECUTOR_DELETE_SESSION_KEY_MESSAGE; |
|
| |
|
| if (_send(_sock, &header, sizeof(header)) != sizeof(header)) |
|
| return -1; |
|
| |
|
| // Send request body. |
|
| |
|
| ExecutorDeleteSessionKeyRequest request; |
|
| memset(&request, 0, sizeof(request)); |
|
| Strlcpy(request.key, sessionKey.data(), sizeof(request.key)); |
|
| |
|
| if (_send(_sock, &request, sizeof(request)) != sizeof(request)) |
|
| return -1; |
|
| |
|
| // Receive the response |
|
| |
|
| ExecutorDeleteSessionKeyResponse response; |
|
| |
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
|
| return -1; | return -1; |
| | |
| return response.status; |
return response_.status; |
| } |
|
| |
|
| virtual int refreshPolicy() |
|
| { |
|
| AutoMutex autoMutex(_mutex); |
|
| |
|
| // _send request header: |
|
| |
|
| ExecutorRequestHeader header; |
|
| header.code = EXECUTOR_REFRESH_POLICY_MESSAGE; |
|
| |
|
| if (_send(_sock, &header, sizeof(header)) != sizeof(header)) |
|
| return -1; |
|
| |
|
| // Receive the response |
|
| |
|
| ExecutorRefreshPolicyResponse response; |
|
| |
|
| if (_recv(_sock, &response, sizeof(response)) != sizeof(response)) |
|
| return -1; |
|
| |
|
| return response.status; |
|
| } | } |
| | |
| private: | private: |
|
|
|
| // | // |
| //////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
| | |
| static int _sock = -1; |
static int _executorSock = -1; |
| static ExecutorImpl* _impl = 0; |
static AutoPtr<ExecutorImpl> _executorImpl; |
| static Mutex _mutex; |
static Once _executorImplOnce = PEGASUS_ONCE_INITIALIZER; |
| | |
| static ExecutorImpl* _getImpl() |
static void _initExecutorImpl() |
| { |
|
| // Use the double-checked locking technique to avoid the overhead of a lock |
|
| // on every call. |
|
| |
|
| if (_impl == 0) |
|
| { |
|
| _mutex.lock(); |
|
| |
|
| if (_impl == 0) |
|
| { | { |
| #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| if (_sock == -1) |
if (_executorSock == -1) |
| _impl = new ExecutorLoopbackImpl(); |
_executorImpl.reset(new ExecutorLoopbackImpl()); |
| else | else |
| _impl = new ExecutorSocketImpl(_sock); |
_executorImpl.reset(new ExecutorSocketImpl(_executorSock)); |
| #else | #else |
| _impl = new ExecutorLoopbackImpl(); |
_executorImpl.reset(new ExecutorLoopbackImpl()); |
| #endif | #endif |
| } | } |
| | |
| _mutex.unlock(); |
|
| } |
|
| |
|
| return _impl; |
|
| } |
|
| |
|
| void Executor::setSock(int sock) | void Executor::setSock(int sock) |
| { | { |
| _mutex.lock(); |
_executorSock = sock; |
| _sock = sock; |
|
| _mutex.unlock(); |
|
| } | } |
| | |
| int Executor::detectExecutor() | int Executor::detectExecutor() |
| { | { |
| return _getImpl()->detectExecutor(); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->detectExecutor(); |
| } | } |
| | |
| int Executor::ping() | int Executor::ping() |
| { | { |
| return _getImpl()->ping(); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->ping(); |
| } | } |
| | |
| FILE* Executor::openFile( | FILE* Executor::openFile( |
| const char* path, | const char* path, |
| int mode) | int mode) |
| { | { |
| return _getImpl()->openFile(path, mode); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->openFile(path, mode); |
| } | } |
| | |
| int Executor::renameFile( | int Executor::renameFile( |
| const char* oldPath, | const char* oldPath, |
| const char* newPath) | const char* newPath) |
| { | { |
| return _getImpl()->renameFile(oldPath, newPath); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->renameFile(oldPath, newPath); |
| } | } |
| | |
| int Executor::removeFile( | int Executor::removeFile( |
| const char* path) | const char* path) |
| { | { |
| return _getImpl()->removeFile(path); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->removeFile(path); |
| } | } |
| | |
| int Executor::startProviderAgent( | int Executor::startProviderAgent( |
| const SessionKey& sessionKey, |
|
| const char* module, | const char* module, |
| int uid, |
const String& pegasusHome, |
| int gid, |
const String& userName, |
| int& pid, | int& pid, |
| SessionKey& providerAgentSessionKey, |
|
| AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
| AnonymousPipe*& writePipe) | AnonymousPipe*& writePipe) |
| { | { |
| return _getImpl()->startProviderAgent(sessionKey, module, |
once(&_executorImplOnce, _initExecutorImpl); |
| uid, gid, pid, providerAgentSessionKey, readPipe, writePipe); |
return _executorImpl->startProviderAgent( |
| |
module, pegasusHome, userName, pid, readPipe, writePipe); |
| } | } |
| | |
| int Executor::daemonizeExecutor() | int Executor::daemonizeExecutor() |
| { | { |
| return _getImpl()->daemonizeExecutor(); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->daemonizeExecutor(); |
| } | } |
| | |
| int Executor::reapProviderAgent( | int Executor::reapProviderAgent( |
| const SessionKey& sessionKey, |
|
| int pid) | int pid) |
| { | { |
| return _getImpl()->reapProviderAgent(sessionKey, pid); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->reapProviderAgent(pid); |
| } | } |
| | |
| int Executor::authenticatePassword( | int Executor::authenticatePassword( |
| const char* username, | const char* username, |
| const char* password, |
const char* password) |
| SessionKey& sessionKey) |
|
| { | { |
| return _getImpl()->authenticatePassword(username, password, sessionKey); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->authenticatePassword(username, password); |
| } | } |
| | |
| int Executor::validateUser( | int Executor::validateUser( |
| const char* username) | const char* username) |
| { | { |
| return _getImpl()->validateUser(username); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->validateUser(username); |
| } | } |
| | |
| int Executor::challengeLocal( | int Executor::challengeLocal( |
| const char* user, | const char* user, |
| char path[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
| SessionKey& sessionKey) |
|
| { | { |
| return _getImpl()->challengeLocal(user, path, sessionKey); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->challengeLocal(user, challengeFilePath); |
| } | } |
| | |
| int Executor::authenticateLocal( | int Executor::authenticateLocal( |
| const SessionKey& sessionKey, |
const char* challengeFilePath, |
| const char* challengeResponse) |
const char* response) |
| { |
|
| return _getImpl()->authenticateLocal(sessionKey, challengeResponse); |
|
| } |
|
| |
|
| int Executor::newSessionKey( |
|
| const char username[EXECUTOR_BUFFER_SIZE], |
|
| SessionKey& sessionKey) |
|
| { |
|
| return _getImpl()->newSessionKey(username, sessionKey); |
|
| } |
|
| |
|
| int Executor::deleteSessionKey( |
|
| const SessionKey& sessionKey) |
|
| { |
|
| return _getImpl()->deleteSessionKey(sessionKey); |
|
| } |
|
| |
|
| int Executor::refreshPolicy() |
|
| { | { |
| return _getImpl()->refreshPolicy(); |
once(&_executorImplOnce, _initExecutorImpl); |
| |
return _executorImpl->authenticateLocal(challengeFilePath, response); |
| } | } |
| | |
| PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
Return to
Executor.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common