static int
set_user_ids_implementation( uid_t uid, gid_t gid, const char *username,
int is_quiet )
{
if( uid == 0 || gid == 0 ) {
// NOTE: we want this dprintf() even if we're in quiet
// mode, since we should *never* be allowing this.
dprintf( D_ALWAYS, "ERROR: Attempt to initialize user_priv "
"with root privileges rejected\n" );
return FALSE;
}
// So if we are not root, trying to use any user id is bogus
// since the OS will disallow it. So if we are not running as
// root, may as well just set the user id to be the real id.
// For setuid-root
// -jaeyoung 05/22/07
//if ( get_my_uid() != ROOT ) {
if ( !can_switch_ids() ) {
uid = get_my_uid();
gid = get_my_gid();
}
if( UserIdsInited && UserUid != uid && !is_quiet ) {
dprintf( D_ALWAYS,
"warning: setting UserUid to %d, was %d previously\n",
uid, UserUid );
}
UserUid = uid;
UserGid = gid;
UserIdsInited = TRUE;
// find the user login name for this uid. note we should not
// EXCEPT or log an error if we do not find it; it is OK for the
// user not to be in the passwd file for a so-called SOFT_UID_DOMAIN.
if( UserName ) {
free( UserName );
}
if ( !username ) {
if ( !(pcache()->get_user_name( UserUid, UserName )) ) {
UserName = NULL;
}
} else {
UserName = strdup( username );
}
return TRUE;
}
Condor_Auth_Base :: Condor_Auth_Base(ReliSock * sock, int mode) :
mySock_ ( sock ),
authenticated_ ( false ),
mode_ ( mode ),
isDaemon_ ( false ),
remoteUser_ ( NULL ),
remoteDomain_ ( NULL ),
remoteHost_ ( NULL ),
localDomain_ ( NULL ),
fqu_ ( NULL ),
authenticatedName_ ( NULL )
{
//if (mySock_->isClient()) {
//------------------------------------------
// There are two possible cases:
// 1. This is a user who is calling authentication
// 2. This is a daemon who is calling authentication
//
// So, we first find out whether this is a daemon or user
//------------------------------------------
//if ((strncmp(username,
// STR_DEFAULT_CONDOR_USER,
// strlen(STR_DEFAULT_CONDOR_USER)) == 0) ||
// (strncmp(username, root, strlen(root)) == 0)) {
// I am a daemon! This is a daemon-daemon authentication
// isDaemon_ = true;
//dprintf(D_ALWAYS,"This is a daemon with Condor uid:%d; my uid:%d, user uid :%d ,
// with username %s\n", get_condor_uid(), get_my_uid(), get_user_uid(), username);
//}
if (get_my_uid() == 0) {
isDaemon_ = true;
}
//}
// this will *always* succeed
localDomain_ = param( "UID_DOMAIN" );
setRemoteHost(mySock_->peer_addr().to_ip_string().Value());
//setRemoteHost(inet_ntoa(mySock_->peer_addr()->sin_addr));
// This is done for protocols such as fs, anonymous. Kerberos should
// override this with the ip address from Kerbeos
}
int
init_user_ids_implementation( const char username[], int is_quiet )
{
int scm;
uid_t usr_uid;
gid_t usr_gid;
// So if we are not root, trying to use any user id is bogus
// since the OS will disallow it. So if we are not running as
// root, may as well just set the user id to be the real id.
// For setuid-root
// -jaeyoung 05/22/07
//if ( get_my_uid() != ROOT ) {
if ( !can_switch_ids() ) {
return set_user_ids_implementation( get_my_uid(), get_my_gid(),
NULL, is_quiet );
}
/*
** N.B. if we are using the yellow pages, system calls which are
** not supported by either remote system calls or file descriptor
** mapping will occur. Thus we must be in LOCAL/UNRECORDED mode here.
*/
scm = SetSyscalls( SYS_LOCAL | SYS_UNRECORDED );
if( ! strcasecmp(username, "nobody") ) {
// There's so much special logic for user nobody that it's
// all in a seperate function now.
return init_nobody_ids( is_quiet );
}
if( !(pcache()->get_user_uid(username, usr_uid)) ||
!(pcache()->get_user_gid(username, usr_gid)) ) {
if( ! is_quiet ) {
dprintf( D_ALWAYS, "%s not in passwd file\n", username );
}
(void)endpwent();
(void)SetSyscalls( scm );
return FALSE;
}
(void)endpwent();
(void)SetSyscalls( scm );
return set_user_ids_implementation( usr_uid, usr_gid, username, is_quiet );
}
void
init_condor_ids()
{
int scm;
bool result;
char* env_val = NULL;
char* config_val = NULL;
char* val = NULL;
uid_t envCondorUid = INT_MAX;
gid_t envCondorGid = INT_MAX;
/*
** N.B. if we are using the yellow pages, system calls which are
** not supported by either remote system calls or file descriptor
** mapping will occur. Thus we must be in LOCAL/UNRECORDED mode here.
*/
scm = SetSyscalls( SYS_LOCAL | SYS_UNRECORDED );
uid_t MyUid = get_my_uid();
gid_t MyGid = get_my_gid();
/* if either of the following get_user_*() functions fail,
* the default is INT_MAX */
RealCondorUid = INT_MAX;
RealCondorGid = INT_MAX;
pcache()->get_user_uid( myDistro->Get(), RealCondorUid );
pcache()->get_user_gid( myDistro->Get(), RealCondorGid );
const char *envName = EnvGetName( ENV_UG_IDS );
if( (env_val = getenv(envName)) ) {
val = env_val;
} else if( (config_val = param_without_default(envName)) ) {
// I had to change this to param_without_default because there's no way
// to put a default value of condor.condor in the default value table.
// In the future, there should be a way to call a function to find out
// the default value for a parameter, but for now this should work.
val = config_val;
}
if( val ) {
if( sscanf(val, "%d.%d", &envCondorUid, &envCondorGid) != 2 ) {
fprintf( stderr, "ERROR: badly formed value in %s ", envName );
fprintf( stderr, "%s variable (%s).\n",
env_val ? "environment" : "config file", val );
fprintf( stderr, "Please set %s to ", envName );
fprintf( stderr, "the '.' seperated uid, gid pair that\n" );
fprintf( stderr, "should be used by %s.\n", myDistro->Get() );
exit(1);
}
if( CondorUserName != NULL ) {
free( CondorUserName );
CondorUserName = NULL;
}
result = pcache()->get_user_name( envCondorUid, CondorUserName );
if( ! result ) {
/* failure to get username */
fprintf( stderr, "ERROR: the uid specified in %s ", envName );
fprintf( stderr, "%s variable (%d)\n",
env_val ? "environment" : "config file", envCondorUid );
fprintf(stderr, "does not exist in your password information.\n" );
fprintf(stderr, "Please set %s to ", envName);
fprintf(stderr, "the '.' seperated uid, gid pair that\n");
fprintf(stderr, "should be used by %s.\n", myDistro->Get() );
exit(1);
}
}
if( config_val ) {
free( config_val );
config_val = NULL;
val = NULL;
}
/* If we're root, set the Condor Uid and Gid to the value
specified in the "CONDOR_IDS" environment variable */
if( can_switch_ids() ) {
const char *enviName = EnvGetName( ENV_UG_IDS );
if( envCondorUid != INT_MAX ) {
/* CONDOR_IDS are set, use what it said */
CondorUid = envCondorUid;
CondorGid = envCondorGid;
} else {
/* No CONDOR_IDS set, use condor.condor */
if( RealCondorUid != INT_MAX ) {
CondorUid = RealCondorUid;
CondorGid = RealCondorGid;
if( CondorUserName != NULL ) {
free( CondorUserName );
CondorUserName = NULL;
}
CondorUserName = strdup( myDistro->Get() );
if (CondorUserName == NULL) {
EXCEPT("Out of memory. Aborting.");
}
} else {
fprintf( stderr,
"Can't find \"%s\" in the password file and "
"%s not defined in %s_config or as an "
"environment variable.\n", myDistro->Get(),
enviName, myDistro->Get() );
exit(1);
}
}
/* We'd like to dprintf() here, but we can't. Since this
function is called from the initial time we try to
enter Condor priv, if we dprintf() here, we'll still be
in root priv when we service this dprintf(), and we'll
have major problems. -Derek Wright 12/21/98 */
/* dprintf(D_PRIV, "running as root; privilege switching in effect\n"); */
} else {
/* Non-root. Set the CondorUid/Gid to our current uid/gid */
CondorUid = MyUid;
CondorGid = MyGid;
if( CondorUserName != NULL ) {
free( CondorUserName );
CondorUserName = NULL;
}
result = pcache()->get_user_name( CondorUid, CondorUserName );
if( !result ) {
/* Cannot find an entry in the passwd file for this uid */
CondorUserName = strdup("Unknown");
if (CondorUserName == NULL) {
EXCEPT("Out of memory. Aborting.");
}
}
/* If CONDOR_IDS environment variable is set, and set to the same uid
that we are running as, then behave as if the daemons are running
as user "condor" -- i.e. allow any user to submit jobs to these daemons,
not just the user running the daemons.
*/
if ( MyUid == envCondorUid ) {
RealCondorUid = MyUid;
RealCondorGid = MyGid;
}
}
(void)endpwent();
(void)SetSyscalls( scm );
CondorIdsInited = TRUE;
}
// Cover our getuid...
uid_t getuid() { return get_my_uid(); }
char* getStoredCredential(const char *username, const char *domain)
{
// TODO: add support for multiple domains
if ( !username || !domain ) {
return NULL;
}
if (strcmp(username, POOL_PASSWORD_USERNAME) != 0) {
dprintf(D_ALWAYS,
"getStoredCredential: "
"only pool password is supported on UNIX\n");
return NULL;
}
char *filename = param("SEC_PASSWORD_FILE");
if (filename == NULL) {
dprintf(D_ALWAYS,
"error fetching pool password; "
"SEC_PASSWORD_FILE not defined\n");
return NULL;
}
// open the pool password file with root priv
priv_state priv = set_root_priv();
FILE* fp = safe_fopen_wrapper_follow(filename, "r");
int save_errno = errno;
set_priv(priv);
if (fp == NULL) {
dprintf(D_FULLDEBUG,
"error opening SEC_PASSWORD_FILE (%s), %s (errno: %d)\n",
filename,
strerror(save_errno),
save_errno);
free(filename);
return NULL;
}
// make sure the file owner matches our real uid
struct stat st;
if (fstat(fileno(fp), &st) == -1) {
dprintf(D_ALWAYS,
"fstat failed on SEC_PASSWORD_FILE (%s), %s (errno: %d)\n",
filename,
strerror(errno),
errno);
fclose(fp);
free(filename);
return NULL;
}
free(filename);
if (st.st_uid != get_my_uid()) {
dprintf(D_ALWAYS,
"error: SEC_PASSWORD_FILE must be owned "
"by Condor's real uid\n");
fclose(fp);
return NULL;
}
char scrambled_pw[MAX_PASSWORD_LENGTH + 1];
size_t sz = fread(scrambled_pw, 1, MAX_PASSWORD_LENGTH, fp);
fclose(fp);
if (sz == 0) {
dprintf(D_ALWAYS, "error reading pool password (file may be empty)\n");
return NULL;
}
scrambled_pw[sz] = '\0'; // ensure the last char is nil
// undo the trivial scramble
int len = strlen(scrambled_pw);
char *pw = (char *)malloc(len + 1);
simple_scramble(pw, scrambled_pw, len);
pw[len] = '\0';
return pw;
}
