int UnsetEnv( const char *env_var )
{
assert( env_var );
#ifdef WIN32
if ( !SetEnvironmentVariable(env_var, NULL) ) {
dprintf(D_ALWAYS,
"UnsetEnv(%s): SetEnvironmentVariable failed, errno=%d\n",
env_var, GetLastError());
return FALSE;
}
#else
char **my_environ = GetEnviron();
for ( int i = 0 ; my_environ[i] != NULL; i++ ) {
if ( strncmp( my_environ[i], env_var, strlen(env_var) ) == 0 ) {
for ( ; my_environ[i] != NULL; i++ ) {
my_environ[i] = my_environ[i+1];
}
break;
}
}
char *hashed_var=0;
if ( EnvVars.lookup( HashKey( env_var ), hashed_var ) == 0 ) {
// found it
// remove it
EnvVars.remove( HashKey( env_var ) );
// delete it
delete [] hashed_var;
}
#endif
return TRUE;
}
void
Env::Import( void )
{
char **my_environ = GetEnviron();
for (int i=0; my_environ[i]; i++) {
const char *p = my_environ[i];
int j;
MyString varname = "";
MyString value = "";
for (j=0; ( p[j] != '\0' ) && ( p[j] != '=' ); j++) {
varname += p[j];
}
if ( p[j] == '\0' ) {
// ignore entries in the environment that do not
// contain an assignment
continue;
}
if ( varname.IsEmpty() ) {
// ignore entries in the environment that contain
// an empty variable name
continue;
}
ASSERT( p[j] == '=' );
value = p+j+1;
// Allow the application to filter the import
if ( ImportFilter( varname, value ) ) {
bool ret = SetEnv( varname, value );
ASSERT( ret ); // should never fail
}
}
}
void LoadEnvironment(EnvMap & map)
{
for (char **env = GetEnviron(); *env != NULL; ++env)
{
// split environment up into std::map[name] = value
std::string env_str = (char*)*env;
int pos = static_cast<int>(env_str.find_first_of('='));
map.insert(
EnvMap::value_type(env_str.substr(0, pos),
env_str.substr(pos+1, env_str.length()))
);
}
}
static int
privsep_create_process(const char* cmd,
const char* path,
ArgList& args,
Env* env,
const char* iwd,
int std_fds[3],
const char* std_file_names[3],
int nice_inc,
size_t* core_size_ptr,
int reaper_id,
int dc_job_opts,
FamilyInfo* family_info,
uid_t uid,
int * affinity_mask = 0)
{
// if we're using privilege separation, we have to do a bit
// of extra work to do to launch processes as other UIDs
// since we need to use the PrivSep Swtichboard. the procedure
// will be:
//
// 1) create two pipes over which we'll communicate with
// the switchboard
// 2) call create process on the switchboard
// 3) use the input pipe to give the switchboard info about
// what binary to run, what files to use for i/o, etc.
// 4) use the error pipe to see if everything went ok
// create the pipes
//
FILE* in_fp;
int child_in_fd;
FILE* err_fp;
int child_err_fd;
bool ok;
ok = privsep_create_pipes(in_fp,
child_in_fd,
err_fp,
child_err_fd);
if (!ok) {
dprintf(D_ALWAYS,
"privsep_create_process: privsep_create_pipes failure\n");
errno = 0;
return FALSE;
}
// fire up the switchboard
//
MyString sb_path;
ArgList sb_args;
privsep_get_switchboard_command(cmd,
child_in_fd,
child_err_fd,
sb_path,
sb_args);
int pipe_fds[] = {child_in_fd, child_err_fd, 0};
int pid = daemonCore->Create_Process(
sb_path.Value(), // switchboard path
sb_args, // switchboard args
PRIV_USER_FINAL, // priv states are ignored in priv sep mode
reaper_id, // reaper id
FALSE, // no command port
FALSE, // no command port
NULL, // we'll pass the job's real env via pipe
NULL, // we'll pass the job's real iwd via pipe
family_info, // tracking info for the ProcD
NULL, // no sockets to inherit
std_fds, // FDs that will become std{in,out,err}
pipe_fds, // tell DC to pass down the in/err pipe FDs
nice_inc, // niceness (TODO: need switchboard?)
NULL, // don't mess with the signal mask
dc_job_opts, // DC job options
core_size_ptr, // core size limit (TODO: need switchboard?)
affinity_mask); // Processor affinity mask
close(child_in_fd);
close(child_err_fd);
if (pid == FALSE) {
dprintf(D_ALWAYS, "privsep_create_process: DC::Create_Process error\n");
fclose(in_fp);
fclose(err_fp);
return FALSE;
}
// feed the switchboard information on how to create the new
// process
//
privsep_exec_set_uid(in_fp, uid);
privsep_exec_set_path(in_fp, path);
privsep_exec_set_args(in_fp, args);
Env tmp_env;
if (HAS_DCJOBOPT_ENV_INHERIT(dc_job_opts)) {
tmp_env.MergeFrom(GetEnviron());
if (env != NULL) {
tmp_env.MergeFrom(*env);
}
env = &tmp_env;
}
if (env != NULL) {
privsep_exec_set_env(in_fp, *env);
}
if (iwd != NULL) {
privsep_exec_set_iwd(in_fp, iwd);
}
for (int i = 0; i < 3; i++) {
if ((std_fds != NULL) && (std_fds[i] != -1)) {
privsep_exec_set_inherit_fd(in_fp, i);
}
else if (std_file_names) {
privsep_exec_set_std_file(in_fp, i, std_file_names[i]);
}
}
#if defined(LINUX)
if ((family_info != NULL) && (family_info->group_ptr != NULL)) {
privsep_exec_set_tracking_group(in_fp, *family_info->group_ptr);
}
#endif
fclose(in_fp);
// check the switchboard's error pipe for any problems
// (privsep_get_switchboard_response will fclose the error
// pipe for us)
//
if (!privsep_get_switchboard_response(err_fp)) {
dprintf(D_ALWAYS,
"privsep_create_process: "
"privsep_get_switchboard_response failure\n");
errno = 0;
return FALSE;
}
// if we've gotten here, everything worked
//
return pid;
}