bool SpooledJobFiles::chownSpoolDirectoryToCondor(ClassAd const *job_ad) { bool result = true; #ifndef WIN32 std::string sandbox; int cluster=-1,proc=-1; job_ad->LookupInteger(ATTR_CLUSTER_ID,cluster); job_ad->LookupInteger(ATTR_PROC_ID,proc); getJobSpoolPath(cluster, proc, sandbox); uid_t src_uid = 0; uid_t dst_uid = get_condor_uid(); gid_t dst_gid = get_condor_gid(); MyString jobOwner; job_ad->LookupString( ATTR_OWNER, jobOwner ); passwd_cache* p_cache = pcache(); if( p_cache->get_user_uid( jobOwner.Value(), src_uid ) ) { if( ! recursive_chown(sandbox.c_str(), src_uid, dst_uid, dst_gid, true) ) { dprintf( D_FULLDEBUG, "(%d.%d) Failed to chown %s from " "%d to %d.%d. User may run into permissions " "problems when fetching sandbox.\n", cluster, proc, sandbox.c_str(), src_uid, dst_uid, dst_gid ); result = false; } } else { dprintf( D_ALWAYS, "(%d.%d) Failed to find UID and GID " "for user %s. Cannot chown \"%s\". User may " "run into permissions problems when fetching " "job sandbox.\n", cluster, proc, jobOwner.Value(), sandbox.c_str() ); result = false; } #endif return result; }
static gboolean recursive_chown (const gchar *directory, uid_t caller_uid, gid_t caller_gid) { GDir * gdir = NULL; const gchar *fname = NULL; GError *local_error = NULL; gchar path[PATH_MAX + 1] = {0}; gdir = g_dir_open (directory, 0, &local_error); if (gdir == NULL) { g_clear_error (&local_error); return FALSE; } if (chown (directory, caller_uid, caller_gid) != 0) { g_dir_close (gdir); return FALSE; } while ((fname = g_dir_read_name (gdir))) { snprintf (path, sizeof (path), "%s/%s", directory, fname); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { if (!recursive_chown (path, caller_uid, caller_gid)) { g_dir_close (gdir); return FALSE; } } else if (g_file_test (path, G_FILE_TEST_IS_REGULAR) && !g_file_test (path, G_FILE_TEST_IS_SYMLINK)) { if (chown (path, caller_uid, caller_gid) != 0) { g_dir_close (gdir); return FALSE; } } } g_dir_close (gdir); return TRUE; }
static bool createJobSpoolDirectory(ClassAd const *job_ad,priv_state desired_priv_state,char const *spool_path) { int cluster=-1,proc=-1; job_ad->LookupInteger(ATTR_CLUSTER_ID,cluster); job_ad->LookupInteger(ATTR_PROC_ID,proc); #ifndef WIN32 uid_t spool_path_uid; #endif StatInfo si( spool_path ); if( si.Error() == SINoFile ) { if(!mkdir_and_parents_if_needed(spool_path,0755,PRIV_CONDOR) ) { dprintf( D_ALWAYS, "Failed to create spool directory for job %d.%d: " "mkdir(%s): %s (errno %d)\n", cluster, proc, spool_path, strerror(errno), errno ); return false; } #ifndef WIN32 spool_path_uid = get_condor_uid(); #endif } else { #ifndef WIN32 // spool_path already exists, check owner spool_path_uid = si.GetOwner(); #endif } if( !can_switch_ids() || desired_priv_state == PRIV_UNKNOWN || desired_priv_state == PRIV_CONDOR ) { return true; // no need/desire for chowning } ASSERT( desired_priv_state == PRIV_USER ); #ifndef WIN32 MyString owner; job_ad->LookupString( ATTR_OWNER, owner ); uid_t src_uid = get_condor_uid(); uid_t dst_uid; gid_t dst_gid; passwd_cache* p_cache = pcache(); if( !p_cache->get_user_ids(owner.Value(), dst_uid, dst_gid) ) { dprintf( D_ALWAYS, "(%d.%d) Failed to find UID and GID for " "user %s. Cannot chown %s to user.\n", cluster, proc, owner.Value(), spool_path ); return false; } if( (spool_path_uid != dst_uid) && !recursive_chown(spool_path,src_uid,dst_uid,dst_gid,true) ) { dprintf( D_ALWAYS, "(%d.%d) Failed to chown %s from %d to %d.%d.\n", cluster, proc, spool_path, src_uid, dst_uid, dst_gid ); return false; } #else /* WIN32 */ MyString owner; job_ad->LookupString(ATTR_OWNER, owner); MyString nt_domain; job_ad->LookupString(ATTR_NT_DOMAIN, nt_domain); if(!recursive_chown(spool_path, owner.Value(), nt_domain.Value())) { dprintf( D_ALWAYS, "(%d.%d) Failed to chown %s from to %d\\%d.\n", cluster, proc, spool_path, nt_domain.Value(), owner.Value() ); return false; } #endif return true; // All happy paths lead here }
gboolean take_filesystem_ownership (const gchar *device, const gchar *fstype, uid_t caller_uid, gid_t caller_gid, gboolean recursive, GError **error) { gchar *mountpoint = NULL; GError *local_error = NULL; gboolean unmount = FALSE; gboolean success = TRUE; mountpoint = bd_fs_get_mountpoint (device, &local_error); if (mountpoint == NULL) { if (local_error != NULL) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Error when getting mountpoint for %s: %s.", device, local_error->message); g_clear_error (&local_error); success = FALSE; goto out; } else { /* device is not mounted, we need to mount it */ mountpoint = g_mkdtemp (g_strdup (PACKAGE_LOCALSTATE_DIR "/run/udisks2/temp-mount-XXXXXX")); if (mountpoint == NULL) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Cannot create temporary mountpoint."); success = FALSE; goto out; } if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error)) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Cannot mount %s at %s: %s", device, mountpoint, local_error->message); g_clear_error (&local_error); if (g_rmdir (mountpoint) != 0) udisks_warning ("Error removing temporary mountpoint directory %s.", mountpoint); success = FALSE; goto out; } else unmount = TRUE; // unmount during cleanup } } if (recursive) { if (!recursive_chown (mountpoint, caller_uid, caller_gid)) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Cannot recursively chown %s to uid=%u and gid=%u: %m", mountpoint, caller_uid, caller_gid); success = FALSE; goto out; } } else { if (chown (mountpoint, caller_uid, caller_gid) != 0) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Cannot chown %s to uid=%u and gid=%u: %m", mountpoint, caller_uid, caller_gid); success = FALSE; goto out; } } if (chmod (mountpoint, 0700) != 0) { g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Cannot chmod %s to mode 0700: %m", mountpoint); success = FALSE; goto out; } out: if (unmount) { if (! bd_fs_unmount (mountpoint, FALSE, FALSE, NULL, &local_error)) { udisks_warning ("Error unmounting temporary mountpoint %s: %s", mountpoint, local_error->message); g_clear_error (&local_error); } if (g_rmdir (mountpoint) != 0) udisks_warning ("Error removing temporary mountpoint directory %s.", mountpoint); } g_free (mountpoint); return success; }