int
SaveCredentialList() {
priv_state priv = set_root_priv();
FILE * fp = safe_fopen_wrapper(cred_index_file, "w");
if (!fp) {
set_priv (priv);
dprintf (D_ALWAYS, "Unable to open credential index file %s!\n", cred_index_file);
return FALSE;
}
classad::ClassAdXMLUnParser unparser;
CredentialWrapper * pCred = NULL;
// Clear the old list
credentials.Rewind();
while (credentials.Next(pCred)) {
const classad::ClassAd * pclassad = pCred->cred->GetMetadata();
classad::ClassAd temp_classad(*pclassad); // lame
std::string buff;
unparser.Unparse (buff, &temp_classad);
fprintf (fp, "%s\n", buff.c_str());
}
fclose (fp);
set_priv (priv);
return TRUE;
}
int set_backup_privs(int on)
{
int r;
r = set_priv(SE_BACKUP_NAME,on);
r &= set_priv(SE_RESTORE_NAME,on);
return r;
}
int
LoadData (const char * file_name, void *& data, int & data_size) {
priv_state priv = set_root_priv();
int fd = safe_open_wrapper_follow(file_name, O_RDONLY);
if (fd == -1) {
fprintf (stderr, "Can't open %s\n", file_name);
set_priv (priv);
return FALSE;
}
char buff [MAX_CRED_DATA_SIZE+1];
data_size = read (fd, buff, MAX_CRED_DATA_SIZE);
close (fd);
if (data_size <= 0) {
set_priv (priv);
return FALSE;
}
data = malloc (data_size);
memcpy (data, buff, data_size);
set_priv (priv);
return TRUE;
}
bool
LocalUserLog::init( const std::vector<const char*>& filename, bool is_xml,
int cluster, int proc, int subproc )
{
if( ! jic->userPrivInitialized() ) {
EXCEPT( "LocalUserLog::init() "
"called before user priv is initialized!" );
}
priv_state priv;
priv = set_user_priv();
bool ret = u_log.initialize(filename, cluster, proc, subproc, NULL);
if( ! ret ) {
dprintf( D_ALWAYS,
"Failed to initialize Starter's UserLog, aborting\n" );
set_priv( priv );
return false;
}
set_priv( priv );
u_log.setUseXML( is_xml );
for(std::vector<const char*>::const_iterator p = filename.begin();
p != filename.end(); ++p) {
dprintf( D_FULLDEBUG, "Starter's UserLog: %s\n", *p );
}
is_initialized = true;
should_log = true;
return true;
}
bool
VirshType::ResumeFromSoftSuspend(void)
{
vmprintf(D_FULLDEBUG, "Inside VirshType::ResumeFromSoftSuspend\n");
if( (m_configfile.Length() == 0)) {
return false;
}
if( m_is_soft_suspended ) {
priv_state priv = set_root_priv();
virDomainPtr dom = virDomainLookupByName(m_libvirt_connection, m_vm_name.Value());
set_priv(priv);
if(dom == NULL)
{
virErrorPtr err = virConnGetLastError(m_libvirt_connection);
vmprintf(D_ALWAYS, "Error finding domain %s: %s\n", m_vm_name.Value(), (err ? err->message : "No reason found"));
return false;
}
priv = set_root_priv();
int result = virDomainResume(dom);
virDomainFree(dom);
set_priv(priv);
if( result != 0 ) {
// unpause failed.
vmprintf(D_ALWAYS, "Unpausing VM failed in "
"VirshType::ResumeFromSoftSuspend\n");
return false;
}
m_is_soft_suspended = false;
}
return true;
}
bool
VirshType::killVMFast(const char* vmname, virConnectPtr libvirt_con)
{
vmprintf(D_FULLDEBUG, "Inside VirshType::killVMFast\n");
if( !vmname || (vmname[0] == '\0') ) {
return false;
}
priv_state priv = set_root_priv();
virDomainPtr dom = virDomainLookupByName(libvirt_con, vmname);
set_priv(priv);
if(dom == NULL)
{
virErrorPtr err = virConnGetLastError(libvirt_con);
if (err && err->code != VIR_ERR_NO_DOMAIN)
{
vmprintf(D_ALWAYS, "Error finding domain %s: %s\n", vmname, (err ? err->message : "No reason found"));
return false;
}
else
{
return true;
}
}
priv = set_root_priv();
bool ret = (virDomainDestroy(dom) == 0);
virDomainFree(dom);
set_priv(priv);
return ret;
}
void
UserProc::store_core()
{
int core_size;
char *virtual_working_dir = NULL;
MyString new_name;
int free_disk;
priv_state priv;
if( !core_created ) {
dprintf( D_FAILURE|D_ALWAYS, "No core file to send - probably ran out of disk\n");
return;
}
if ( core_name == NULL ) {
EXCEPT( "UserProc::store_core() asked to store unnamed core file that we knew existed!" );
}
priv = set_root_priv();
core_size = physical_file_size( core_name );
set_priv(priv);
if( coredump_limit_exists ) {
if( core_size > coredump_limit ) {
dprintf( D_ALWAYS, "Core file size exceeds user defined limit\n" );
dprintf( D_ALWAYS, "*NOT* sending core file.\n" );
return;
}
}
if( REMOTE_CONDOR_getwd_special(virtual_working_dir) < 0 ) {
EXCEPT( "REMOTE_CONDOR_getwd_special(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
free_disk = REMOTE_CONDOR_free_fs_blocks( virtual_working_dir);
if( free_disk < 0 ) {
EXCEPT( "REMOTE_CONDOR_free_fs_blocks(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
dprintf( D_ALWAYS, "Core file size is %d kbytes\n", core_size );
dprintf( D_ALWAYS, "Free disk on submitting machine is %d kbytes\n",
free_disk );
if( free_disk > core_size ) {
new_name.formatstr( "%s/core.%d.%d", virtual_working_dir, cluster, proc);
dprintf( D_ALWAYS, "Transferring core file to \"%s\"\n", new_name.Value() );
priv = set_root_priv();
send_a_file( core_name, new_name.Value(), REGULAR_FILE_MODE );
set_priv(priv);
core_transferred = TRUE;
} else {
dprintf( D_ALWAYS, "*NOT* Transferring core file\n" );
core_transferred = FALSE;
}
free( virtual_working_dir );
}
int
LoadCredentialList () {
CredentialWrapper * pCred;
// Clear the old list
if (!credentials.IsEmpty()) {
credentials.Rewind();
while (credentials.Next(pCred)) {
credentials.DeleteCurrent();
delete pCred;
}
}
credentials.Rewind();
classad::ClassAdXMLParser parser;
char buff[50000];
priv_state priv = set_root_priv();
FILE * fp = safe_fopen_wrapper(cred_index_file, "r");
if (!fp) {
dprintf (D_FULLDEBUG, "Credential database %s does not exist!\n", cred_index_file);
set_priv (priv);
return TRUE;
}
while (fgets(buff, 50000, fp)) {
if ((buff[0] == '\n') || (buff[0] == '\r')) {
continue;
}
classad::ClassAd * classad = parser.ParseClassAd (buff);
int type=0;
if ((!classad) || (!classad->EvaluateAttrInt ("Type", type))) {
dprintf (D_ALWAYS, "Invalid classad %s\n", buff);
set_priv (priv);
fclose (fp);
return FALSE;
}
if (type == X509_CREDENTIAL_TYPE) {
pCred = new X509CredentialWrapper (*classad);
credentials.Append (pCred);
}
else {
dprintf (D_ALWAYS, "Invalid type %d\n",type);
}
}
fclose (fp);
set_priv (priv);
return TRUE;
}
void
VMGahp::killAllProcess()
{
if( !m_jobAd ) {
// Virtual machine is absolutely not created.
return;
}
#if defined (HAVE_EXT_LIBVIRT) && !defined(VMWARE_ONLY)
if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_XEN ) == 0 ) {
priv_state priv = set_root_priv();
if( m_jobAd && XenType::checkXenParams(m_gahp_config) ) {
MyString vmname;
if( VMType::createVMName(m_jobAd, vmname) ) {
XenType::killVMFast(vmname.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
}
set_priv(priv);
} else if(strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_KVM ) == 0 ) {
priv_state priv = set_root_priv();
if( m_jobAd && KVMType::checkXenParams(m_gahp_config) ) {
MyString vmname;
if( VMType::createVMName(m_jobAd, vmname) ) {
KVMType::killVMFast(vmname.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
}
set_priv(priv);
} else
#endif
if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_VMWARE ) == 0 ) {
priv_state priv = set_user_priv();
if( VMwareType::checkVMwareParams(m_gahp_config) ) {
VMwareType::killVMFast(m_gahp_config->m_prog_for_script.Value(),
m_gahp_config->m_vm_script.Value(), m_workingdir.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
set_priv(priv);
}
// [PRAGMA] Kill Rocks VM Process
else if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_VMWARE ) == 0 ) {
priv_state priv = set_user_priv();
if( RocksType::checkRocksParams(m_gahp_config) ) {
RocksType::killVMFast(m_gahp_config->m_prog_for_script.Value(),
m_gahp_config->m_vm_script.Value(), m_workingdir.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
set_priv(priv);
}
}
void
UserProc::send_sig_no_privsep( int sig )
{
priv_state priv;
// We don't want to be root going around killing things or we
// might do something we'll regret in the morning. -Derek 8/29/97
priv = set_user_priv();
// removed some vanilla-specific code here
//
ASSERT(job_class != CONDOR_UNIVERSE_VANILLA);
if ( job_class != CONDOR_UNIVERSE_VANILLA )
{
// Make sure the process can receive the signal. So let's send it a
// SIGCONT first if applicable.
if( sig != SIGCONT ) {
if( kill(pid,SIGCONT) < 0 ) {
set_priv(priv);
if( errno == ESRCH ) { // User proc already exited
dprintf( D_ALWAYS, "UserProc::send_sig_no_privsep(): "
"Tried to send signal SIGCONT to user "
"job %d, but that process doesn't exist.\n", pid);
return;
}
perror("kill");
EXCEPT( "kill(%d,SIGCONT)", pid );
}
/* standard jobs can't fork, so.... */
pids_suspended = 1;
dprintf( D_ALWAYS, "UserProc::send_sig_no_privsep(): "
"Sent signal SIGCONT to user job %d\n", pid);
}
if( kill(pid,sig) < 0 ) {
set_priv(priv);
if( errno == ESRCH ) { // User proc already exited
dprintf( D_ALWAYS, "UserProc::send_sig_no_privsep(): "
"Tried to send signal %d to user job "
"%d, but that process doesn't exist.\n", sig, pid);
return;
}
perror("kill");
EXCEPT( "kill(%d,%d)", pid, sig );
}
}
set_priv(priv);
}
void Partition::back(char *script)
{
FILE *fin = NULL;
ArgList args;
MyString line;
priv_state priv;
dprintf(D_ALWAYS, "\t%s %s %ld %s\n",
script,
get_name().Value(),
get_size(),
pkind_xlate(get_pkind()).Value());
args.AppendArg(script);
args.AppendArg(get_name());
args.AppendArg(get_size());
args.AppendArg(pkind_xlate(get_pkind()).Value());
priv = set_root_priv();
fin = my_popen(args, "r", MY_POPEN_OPT_WANT_STDERR);
line.readLine(fin); // read back OK or NOT_OK, XXX ignore
my_pclose(fin);
set_priv(priv);
// we don't know it is backed until the
// STARTD_FACTORY_SCRIPT_AVAILABLE_PARTITIONS
// tells us it is actually backed. This prevents overcommit of a
// partition to multiple startds.
set_pstate(ASSIGNED);
}
// This is a blocking call and must provide a fully booted partition when it
// returns. Otherwise, this partition could be overcommitted given the
// nature of the use of this call.
// script partition_name size kind
void Partition::boot(char *script, PKind pkind)
{
FILE *fin = NULL;
ArgList args;
MyString line;
priv_state priv;
// we're told what kind of partition this is going to be
set_pkind(pkind);
dprintf(D_ALWAYS, "\t%s %s %ld %s\n",
script,
get_name().Value(),
get_size(),
pkind_xlate(get_pkind()).Value());
args.AppendArg(script);
args.AppendArg(get_name());
args.AppendArg(get_size());
args.AppendArg(pkind_xlate(get_pkind()).Value());
priv = set_root_priv();
fin = my_popen(args, "r", MY_POPEN_OPT_WANT_STDERR);
line.readLine(fin); // read back OK or NOT_OK, XXX ignore
my_pclose(fin);
set_priv(priv);
// Now that the script is done, mark it booted.
set_pstate(BOOTED);
}
void
JobInfoCommunicator::writeExecutionVisa( ClassAd& visa_ad )
{
int value;
if (!job_ad->EvalBool(ATTR_WANT_STARTER_EXECUTION_VISA, NULL, value) ||
!value)
{
return;
}
MyString iwd;
if (!job_ad->LookupString(ATTR_JOB_IWD, iwd)) {
dprintf(D_ALWAYS,
"writeExecutionVisa error: no IWD in job ad!\n");
return;
}
priv_state priv = set_user_priv();
MyString filename;
bool ok = classad_visa_write(&visa_ad,
get_mySubSystem()->getName(),
daemonCore->InfoCommandSinfulString(),
iwd.Value(),
&filename);
set_priv(priv);
if (ok) {
addToOutputFiles(filename.Value());
}
}
void PartitionManager::query_available_partitions(char *script)
{
FILE *fin = NULL;
ArgList args;
priv_state priv;
/* load a description of the available partitions which could be
backed, booted, or generatable. */
dprintf(D_ALWAYS, "Finding available partitions with: %s\n", script);
args.AppendArg(script);
priv = set_root_priv();
fin = my_popen(args, "r", TRUE);
if (fin == NULL) {
EXCEPT("Can't execute %s", script);
}
read_partitions(fin);
my_pclose(fin);
set_priv(priv);
}
int BaseShadow::cdToIwd() {
int iRet =0;
#if ! defined(WIN32)
priv_state p = PRIV_UNKNOWN;
if (m_RunAsNobody)
p = set_root_priv();
#endif
if (chdir(iwd.Value()) < 0) {
int chdir_errno = errno;
dprintf(D_ALWAYS, "\n\nPath does not exist.\n"
"He who travels without bounds\n"
"Can't locate data.\n\n" );
MyString hold_reason;
hold_reason.formatstr("Cannot access initial working directory %s: %s",
iwd.Value(), strerror(chdir_errno));
dprintf( D_ALWAYS, "%s\n",hold_reason.Value());
holdJobAndExit(hold_reason.Value(),CONDOR_HOLD_CODE_IwdError,chdir_errno);
iRet = -1;
}
#if ! defined(WIN32)
if ( m_RunAsNobody )
set_priv(p);
#endif
return iRet;
}
bool
BaseLinuxHibernator::writeSysFile ( const char *file, const char *str ) const
{
// Write to the "/sys or /proc" file(s)
dprintf( D_FULLDEBUG,
"LinuxHibernator: Writing '%s' to '%s'\n", str, file );
priv_state p = set_root_priv( );
int fd = safe_open_wrapper_follow( file, O_WRONLY );
set_priv( p );
if ( fd < 0 ) {
dprintf( D_ALWAYS,
"LinuxHibernator: Error writing '%s' to '%s': %s\n",
str, file, strerror(errno) );
return false;
}
int len = strlen(str);
if ( write( fd, str, len ) != len ) {
close( fd );
dprintf( D_ALWAYS,
"LinuxHibernator: Error writing '%s' to '%s': %s\n",
str, file, strerror(errno) );
return false;
}
close( fd );
return true;
}
void
VMGahp::executeCommand(VMRequest *req)
{
char *command = req->m_args.argv[0];
priv_state priv = set_user_priv();
if(strcasecmp(command, VMGAHP_COMMAND_VM_START) == 0 ) {
executeStart(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_STOP) == 0 ) {
executeStop(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_SUSPEND) == 0 ) {
executeSuspend(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_SOFT_SUSPEND) == 0 ) {
executeSoftSuspend(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_RESUME) == 0 ) {
executeResume(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_CHECKPOINT) == 0 ) {
executeCheckpoint(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_STATUS) == 0 ) {
executeStatus(req);
} else if(strcasecmp(command, VMGAHP_COMMAND_VM_GETPID) == 0 ) {
executeGetpid(req);
} else {
vmprintf(D_ALWAYS, "Unknown command(%s)\n", command);
}
set_priv(priv);
}
int
InitJobAd(int cluster, int proc)
{
if (!JobAd) { // just get the job ad from the schedd once
if ( IpcFile ) {
// get the jobad file a file
priv_state priv = set_condor_priv();
bool is_stdin = false;
FILE* ipc_fp = NULL;
if( IpcFile[0] == '-' && IpcFile[1] == '\0' ) {
ipc_fp = stdin;
is_stdin = true;
} else {
ipc_fp = safe_fopen_wrapper(IpcFile,"r");
}
dprintf( D_FULLDEBUG, "Reading job ClassAd from %s\n",
is_stdin ? "STDIN" : IpcFile );
int isEOF = 0;
int isError = 0;
int isEmpty = 0;
if ( ipc_fp ) {
JobAd = new ClassAd(ipc_fp,"***",isEOF,isError,isEmpty);
if( ! is_stdin ) {
fclose( ipc_fp );
unlink( IpcFile );
}
}
set_priv(priv);
// if constructor failed, remove the JobAd, and
// fallback on getting it via sockets.
if (isError != 0 ) {
if (JobAd) delete JobAd;
JobAd = NULL;
}
if (JobAd) {
// we're done
checkForDebugging( JobAd );
return 0;
}
// if we made it here, we wanted to get the job ad
// via the file, but failed
dprintf(D_FULLDEBUG,
"Failed to read job ad file %s, using socket\n",
IpcFile);
}
if (!ConnectQ(schedd, SHADOW_QMGMT_TIMEOUT, true)) {
EXCEPT("Failed to connect to schedd!");
}
JobAd = GetJobAd( cluster, proc );
DisconnectQ(NULL);
checkForDebugging( JobAd );
}
if (!JobAd) {
EXCEPT( "failed to get job ad" );
}
return 0;
}
/* proxy_valid_right_now()
this function is used in this object to determine if glexec should actually
be invoked. glexec will always fail with an expired proxy, and there is
overhead in invoking it.
*/
int
GLExecPrivSepHelper::proxy_valid_right_now()
{
int result = TRUE;
/* Note that set_user_priv is a no-op if condor is running as
non-root (the "usual" mode for invoking glexec) */
priv_state priv_saved = set_user_priv();
if (!m_proxy) {
dprintf(D_FULLDEBUG, "GLExecPrivSepHelper::proxy_valid_right_now: no proxy defined\n");
result = FALSE;
} else {
time_t expiration_time = x509_proxy_expiration_time(m_proxy);
time_t now = time(NULL);
if (expiration_time == -1) {
dprintf(D_FULLDEBUG, "GLExecPrivSepHelper::proxy_valid_right_now: Globus error when getting proxy %s expiration: %s.\n", m_proxy, x509_error_string());
result = FALSE;
} else if (expiration_time < now) {
dprintf(D_FULLDEBUG, "GLExecPrivSepHelper::proxy_valid_right_now: proxy %s expired %ld seconds ago!\n", m_proxy, now - expiration_time);
result = FALSE;
}
}
set_priv(priv_saved);
return result;
}
FILE *
email_open_implementation(char *Mailer, const char * final_args[])
{
priv_state priv;
int prev_umask;
FILE *mailerstream;
/* Want the letter to come from "condor" if possible */
priv = set_condor_priv();
/* there are some oddities with how popen can open a pipe. In some
arches, popen will create temp files for locking and they need to
be of the correct perms in order to be deleted. So the umask is
set to something useable for the open operation. -pete 9/11/99
*/
prev_umask = umask(022);
mailerstream = my_popenv(final_args,EMAIL_POPEN_FLAGS,FALSE);
umask(prev_umask);
/* Set priv state back */
set_priv(priv);
if ( mailerstream == NULL ) {
dprintf(D_ALWAYS,"Failed to access email program \"%s\"\n",
Mailer);
}
return mailerstream;
}
void
SharedPortEndpoint::SocketCheck()
{
if( !m_listening || m_full_name.IsEmpty() || !m_is_file_socket) {
return;
}
priv_state orig_priv = set_condor_priv();
int rc = utime(m_full_name.Value(), NULL);
int utime_errno = errno;
set_priv(orig_priv);
if( rc < 0 ) {
dprintf(D_ALWAYS,"SharedPortEndpoint: failed to touch %s: %s\n",
m_full_name.Value(), strerror(utime_errno));
if( utime_errno == ENOENT ) {
dprintf(D_ALWAYS,"SharedPortEndpoint: attempting to recreate vanished socket!\n");
StopListener();
if( !StartListener() ) {
EXCEPT("SharedPortEndpoint: failed to recreate socket");
}
}
}
}
int
GLExecPrivSepHelper::run_script(ArgList& args,MyString &error_desc)
{
if (!proxy_valid_right_now()) {
dprintf(D_ALWAYS, "GLExecPrivSepHelper::run_script: not invoking glexec since the proxy is not valid!\n");
error_desc += "The job proxy is not valid.";
return INVALID_PROXY_RC;
}
/* Note that set_user_priv is a no-op if condor is running as
non-root (the "usual" mode for invoking glexec) */
priv_state priv_saved = set_user_priv();
FILE* fp = my_popen(args, "r", TRUE);
set_priv(priv_saved);
if (fp == NULL) {
dprintf(D_ALWAYS,
"GLExecPrivSepHelper::run_script: "
"my_popen failure on %s: errno=%d (%s)\n",
args.GetArg(0),
errno,
strerror(errno));
return -1;
}
MyString str;
while (str.readLine(fp, true));
priv_saved = set_user_priv();
int ret = my_pclose(fp);
set_priv(priv_saved);
if (ret != 0) {
str.trim();
dprintf(D_ALWAYS,
"GLExecPrivSepHelper::run_script: %s exited "
"with status %d and following output:\n%s\n",
args.GetArg(0),
ret,
str.Value());
error_desc.formatstr_cat("%s exited with status %d and the following output: %s",
condor_basename(args.GetArg(0)),
ret,
str.Value());
error_desc.replaceString("\n","; ");
}
return ret;
}
bool
XenType::killVMFast(const char* vmname)
{
vmprintf(D_FULLDEBUG, "Inside XenType::killVMFast\n");
priv_state priv = set_root_priv();
virConnectPtr libvirt_connection = virConnectOpen("xen:///");
set_priv(priv);
return VirshType::killVMFast(vmname, libvirt_connection);
}
/* returns TRUE if the user profile was unloaded; otherwise, FALSE.
Also ensures the profile information is cleaned out. */
BOOL
OwnerProfile::unloadProfile () {
dprintf ( D_FULLDEBUG, "In OwnerProfile::unloadProfile()\n" );
priv_state priv;
BOOL profile_unloaded = FALSE,
ok = FALSE;
__try {
/* we must do the following as */
priv = set_condor_priv ();
/* unload the current profile */
profile_unloaded = UnloadUserProfile (
user_token_,
user_profile_.hProfile );
dprintf (
D_FULLDEBUG,
"OwnerProfile::unloadProfile: Unloading %s's "
"profile %s. (last-error = %u)\n",
user_name_,
profile_unloaded ? "succeeded" : "failed",
profile_unloaded ? 0 : GetLastError () );
if ( !profile_unloaded ) {
__leave;
}
/* if we got here then all is well in the universe */
ok = TRUE;
}
__finally {
/* we use SecureZeroMemory() here because it has a very
desirable property: it will never be optimized away, as its
cousin ZeroMemory() might be. This is of great interest to
us, as the state of the profile structure greatly influences
the behaviour of this class. */
if ( ok ) {
SecureZeroMemory (
&user_profile_,
sizeof ( PROFILEINFO ) );
}
/* return to previous privilege level */
set_priv ( priv );
}
return ok;
}
bool
SharedPortEndpoint::RemoveSocket( char const *fname )
{
priv_state orig_state = set_root_priv();
int unlink_rc = remove( fname );
set_priv( orig_state );
return unlink_rc == 0;
}
bool
SharedPortEndpoint::MakeDaemonSocketDir()
{
priv_state orig_state = set_condor_priv();
int mkdir_rc = mkdir(m_socket_dir.Value(),0755);
set_priv( orig_state );
return mkdir_rc == 0;
}
// helper method to determine whether the given execute directory
// is root-squashed. this function assumes that the given directory
// is owned and writable by condor, and that our real UID is 0. it
// returns true if we can verify that root squash is NOT in effect,
// false if not (i.e. false is returned if we detemine root squash
// is in effect or we hit an error)
//
static bool
not_root_squashed( char const *exec_path )
{
MyString test_dir;
test_dir.formatstr("%s/.root_squash_test", exec_path);
if (rmdir(test_dir.Value()) == -1) {
if (errno != ENOENT) {
dprintf(D_FULLDEBUG,
"not_root_squashed: rmdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
}
priv_state priv = set_root_priv();
int rv = mkdir(test_dir.Value(), 0755);
set_priv(priv);
if (rv == -1) {
if (errno == EACCES) {
dprintf(D_FULLDEBUG,
"execute directory %s root-squashed\n",
exec_path);
}
else {
dprintf(D_FULLDEBUG,
"not_root_squashed: mkdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
}
return false;
}
struct stat st;
if (stat(test_dir.Value(), &st) == -1) {
dprintf(D_FULLDEBUG,
"not_root_squashed: stat of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
if (rmdir(test_dir.Value()) == -1) {
dprintf(D_FULLDEBUG,
"rmdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
bool not_squashed = (st.st_uid == 0);
dprintf(D_FULLDEBUG,
"execute directory %s %s root-squashed\n",
exec_path,
not_squashed ? "not" : "");
return not_squashed;
}
int
StoreData (const char * file_name, const void * data, const int data_size) {
if (!data) {
return FALSE;
}
priv_state priv = set_root_priv();
dprintf (D_FULLDEBUG, "in StoreData(), euid=%d\n", geteuid());
int fd = safe_open_wrapper_follow(file_name, O_WRONLY | O_CREAT | O_TRUNC, 0600 );
if (fd == -1) {
dprintf (D_ALWAYS, "Unable to store in %s\n", file_name);
set_priv(priv);
return FALSE;
}
// Change to user owning the cred (assume init_user_ids() has been called)
if (fchmod (fd, S_IRUSR | S_IWUSR)) {
dprintf(D_ALWAYS, "Failed to fchmod %s to S_IRUSR | S_IWUSR: %s\n",
file_name, strerror(errno));
}
if (fchown (fd, get_user_uid(), get_user_gid())) {
dprintf(D_ALWAYS, "Failed to fchown %s to %d.%d: %s\n",
file_name, get_user_uid(), get_user_gid(), strerror(errno));
}
int written = write (fd, data, data_size);
if (written < data_size) {
dprintf (D_ALWAYS, "Can't write to %s: (%d) \n", file_name, errno);
set_priv(priv);
close(fd);
return FALSE;
}
close (fd);
set_priv(priv);
return TRUE;
}
void
VMUniverseMgr::killVM(const char *matchstring)
{
if ( !matchstring ) {
return;
}
if( !m_vm_type.Length() || !m_vmgahp_server.Length() ) {
return;
}
// vmgahp is daemonCore, so we need to add -f -t options of daemonCore.
// Then, try to execute vmgahp with
// vmtype <vmtype> match <string>"
ArgList systemcmd;
systemcmd.AppendArg(m_vmgahp_server);
systemcmd.AppendArg("-f");
char *gahp_log_file = param("VM_GAHP_LOG");
if( gahp_log_file ) {
free(gahp_log_file);
}else {
systemcmd.AppendArg("-t");
}
systemcmd.AppendArg("-M");
systemcmd.AppendArg(VMGAHP_KILL_MODE);
systemcmd.AppendArg("vmtype");
systemcmd.AppendArg(m_vm_type);
systemcmd.AppendArg("match");
systemcmd.AppendArg(matchstring);
#if !defined(WIN32)
if( can_switch_ids() ) {
MyString tmp_str;
tmp_str.formatstr("%d", (int)get_condor_uid());
SetEnv("VMGAHP_USER_UID", tmp_str.Value());
}
#endif
// execute vmgahp with root privilege
priv_state priv = set_root_priv();
int ret = my_system(systemcmd);
// restore privilege
set_priv(priv);
if( ret == 0 ) {
dprintf( D_ALWAYS, "VMUniverseMgr::killVM() is called with "
"'%s'\n", matchstring );
}else {
dprintf( D_ALWAYS, "VMUniverseMgr::killVM() failed!\n");
}
return;
}
bool
SharedPortEndpoint::ChownSocket(priv_state priv)
{
#ifndef HAVE_SHARED_PORT
return false;
#elif WIN32
return false;
#elif HAVE_SCM_RIGHTS_PASSFD
if( !can_switch_ids() ) {
return true;
}
switch( priv ) {
case PRIV_ROOT:
case PRIV_CONDOR:
case PRIV_CONDOR_FINAL:
case PRIV_UNKNOWN:
// Nothing needs to be done in this case, because the named
// socket was created with condor ownership (we assume).
return true;
case PRIV_FILE_OWNER:
case _priv_state_threshold:
// these don't really make sense, but include them so
// the compiler can warn about priv states not covered
return true;
case PRIV_USER:
case PRIV_USER_FINAL:
{
priv_state orig_priv = set_root_priv();
int rc = fchown( m_listener_sock.get_file_desc(),get_user_uid(),get_user_gid() );
if( rc != 0 ) {
dprintf(D_ALWAYS,"SharedPortEndpoint: failed to chown %s to %d:%d: %s.\n",
m_full_name.Value(),
get_user_uid(),
get_user_gid(),
strerror(errno));
}
set_priv( orig_priv );
return rc == 0;
}
}
EXCEPT("Unexpected priv state in SharedPortEndpoint(%d)",(int)priv);
return false;
#else
#error HAVE_SHARED_PORT is defined, but no method for passing fds is enabled.
#endif
}
