bool
SpooledJobFiles::chownSpoolDirectoryToCondor(ClassAd const *job_ad)
{
bool result = true;
#ifndef WIN32
std::string sandbox;
int cluster=-1,proc=-1;
job_ad->LookupInteger(ATTR_CLUSTER_ID,cluster);
job_ad->LookupInteger(ATTR_PROC_ID,proc);
getJobSpoolPath(cluster, proc, sandbox);
uid_t src_uid = 0;
uid_t dst_uid = get_condor_uid();
gid_t dst_gid = get_condor_gid();
MyString jobOwner;
job_ad->LookupString( ATTR_OWNER, jobOwner );
passwd_cache* p_cache = pcache();
if( p_cache->get_user_uid( jobOwner.Value(), src_uid ) ) {
if( ! recursive_chown(sandbox.c_str(), src_uid,
dst_uid, dst_gid, true) )
{
dprintf( D_FULLDEBUG, "(%d.%d) Failed to chown %s from "
"%d to %d.%d. User may run into permissions "
"problems when fetching sandbox.\n",
cluster, proc, sandbox.c_str(),
src_uid, dst_uid, dst_gid );
result = false;
}
} else {
dprintf( D_ALWAYS, "(%d.%d) Failed to find UID and GID "
"for user %s. Cannot chown \"%s\". User may "
"run into permissions problems when fetching "
"job sandbox.\n", cluster, proc, jobOwner.Value(),
sandbox.c_str() );
result = false;
}
#endif
return result;
}
static gboolean recursive_chown (const gchar *directory, uid_t caller_uid, gid_t caller_gid)
{
GDir * gdir = NULL;
const gchar *fname = NULL;
GError *local_error = NULL;
gchar path[PATH_MAX + 1] = {0};
gdir = g_dir_open (directory, 0, &local_error);
if (gdir == NULL)
{
g_clear_error (&local_error);
return FALSE;
}
if (chown (directory, caller_uid, caller_gid) != 0)
{
g_dir_close (gdir);
return FALSE;
}
while ((fname = g_dir_read_name (gdir)))
{
snprintf (path, sizeof (path), "%s/%s", directory, fname);
if (g_file_test (path, G_FILE_TEST_IS_DIR))
{
if (!recursive_chown (path, caller_uid, caller_gid))
{
g_dir_close (gdir);
return FALSE;
}
}
else if (g_file_test (path, G_FILE_TEST_IS_REGULAR) && !g_file_test (path, G_FILE_TEST_IS_SYMLINK))
{
if (chown (path, caller_uid, caller_gid) != 0)
{
g_dir_close (gdir);
return FALSE;
}
}
}
g_dir_close (gdir);
return TRUE;
}
static bool
createJobSpoolDirectory(ClassAd const *job_ad,priv_state desired_priv_state,char const *spool_path)
{
int cluster=-1,proc=-1;
job_ad->LookupInteger(ATTR_CLUSTER_ID,cluster);
job_ad->LookupInteger(ATTR_PROC_ID,proc);
#ifndef WIN32
uid_t spool_path_uid;
#endif
StatInfo si( spool_path );
if( si.Error() == SINoFile ) {
if(!mkdir_and_parents_if_needed(spool_path,0755,PRIV_CONDOR) )
{
dprintf( D_ALWAYS,
"Failed to create spool directory for job %d.%d: "
"mkdir(%s): %s (errno %d)\n",
cluster, proc, spool_path, strerror(errno), errno );
return false;
}
#ifndef WIN32
spool_path_uid = get_condor_uid();
#endif
} else {
#ifndef WIN32
// spool_path already exists, check owner
spool_path_uid = si.GetOwner();
#endif
}
if( !can_switch_ids() ||
desired_priv_state == PRIV_UNKNOWN ||
desired_priv_state == PRIV_CONDOR )
{
return true; // no need/desire for chowning
}
ASSERT( desired_priv_state == PRIV_USER );
#ifndef WIN32
MyString owner;
job_ad->LookupString( ATTR_OWNER, owner );
uid_t src_uid = get_condor_uid();
uid_t dst_uid;
gid_t dst_gid;
passwd_cache* p_cache = pcache();
if( !p_cache->get_user_ids(owner.Value(), dst_uid, dst_gid) ) {
dprintf( D_ALWAYS, "(%d.%d) Failed to find UID and GID for "
"user %s. Cannot chown %s to user.\n",
cluster, proc, owner.Value(), spool_path );
return false;
}
if( (spool_path_uid != dst_uid) &&
!recursive_chown(spool_path,src_uid,dst_uid,dst_gid,true) )
{
dprintf( D_ALWAYS, "(%d.%d) Failed to chown %s from %d to %d.%d.\n",
cluster, proc, spool_path, src_uid, dst_uid, dst_gid );
return false;
}
#else /* WIN32 */
MyString owner;
job_ad->LookupString(ATTR_OWNER, owner);
MyString nt_domain;
job_ad->LookupString(ATTR_NT_DOMAIN, nt_domain);
if(!recursive_chown(spool_path, owner.Value(), nt_domain.Value()))
{
dprintf( D_ALWAYS, "(%d.%d) Failed to chown %s from to %d\\%d.\n",
cluster, proc, spool_path,
nt_domain.Value(), owner.Value() );
return false;
}
#endif
return true; // All happy paths lead here
}
gboolean take_filesystem_ownership (const gchar *device,
const gchar *fstype,
uid_t caller_uid,
gid_t caller_gid,
gboolean recursive,
GError **error)
{
gchar *mountpoint = NULL;
GError *local_error = NULL;
gboolean unmount = FALSE;
gboolean success = TRUE;
mountpoint = bd_fs_get_mountpoint (device, &local_error);
if (mountpoint == NULL)
{
if (local_error != NULL)
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Error when getting mountpoint for %s: %s.",
device, local_error->message);
g_clear_error (&local_error);
success = FALSE;
goto out;
}
else
{
/* device is not mounted, we need to mount it */
mountpoint = g_mkdtemp (g_strdup (PACKAGE_LOCALSTATE_DIR "/run/udisks2/temp-mount-XXXXXX"));
if (mountpoint == NULL)
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot create temporary mountpoint.");
success = FALSE;
goto out;
}
if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error))
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot mount %s at %s: %s",
device, mountpoint, local_error->message);
g_clear_error (&local_error);
if (g_rmdir (mountpoint) != 0)
udisks_warning ("Error removing temporary mountpoint directory %s.", mountpoint);
success = FALSE;
goto out;
}
else
unmount = TRUE; // unmount during cleanup
}
}
if (recursive)
{
if (!recursive_chown (mountpoint, caller_uid, caller_gid))
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot recursively chown %s to uid=%u and gid=%u: %m",
mountpoint, caller_uid, caller_gid);
success = FALSE;
goto out;
}
}
else
{
if (chown (mountpoint, caller_uid, caller_gid) != 0)
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot chown %s to uid=%u and gid=%u: %m",
mountpoint, caller_uid, caller_gid);
success = FALSE;
goto out;
}
}
if (chmod (mountpoint, 0700) != 0)
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot chmod %s to mode 0700: %m",
mountpoint);
success = FALSE;
goto out;
}
out:
if (unmount)
{
if (! bd_fs_unmount (mountpoint, FALSE, FALSE, NULL, &local_error))
{
udisks_warning ("Error unmounting temporary mountpoint %s: %s",
mountpoint, local_error->message);
g_clear_error (&local_error);
}
if (g_rmdir (mountpoint) != 0)
udisks_warning ("Error removing temporary mountpoint directory %s.", mountpoint);
}
g_free (mountpoint);
return success;
}
