bool DCStartd::locateStarter( const char* global_job_id, const char *claimId, const char *schedd_public_addr, ClassAd* reply, int timeout ) { setCmdStr( "locateStarter" ); ClassAd req; // Add our own attributes to the request ad we're sending req.Assign(ATTR_COMMAND,getCommandString( CA_LOCATE_STARTER )); req.Assign(ATTR_GLOBAL_JOB_ID,global_job_id); req.Assign(ATTR_CLAIM_ID, claimId); if ( schedd_public_addr ) { req.Assign(ATTR_SCHEDD_IP_ADDR,schedd_public_addr); } // if this claim is associated with a security session ClaimIdParser cidp( claimId ); return sendCACmd( &req, reply, false, timeout, cidp.secSessionId() ); }
bool DCStartd::_suspendClaim( ) { setCmdStr( "suspendClaim" ); if( ! checkClaimId() ) { return false; } if( ! checkAddr() ) { return false; } // if this claim is associated with a security session ClaimIdParser cidp(claim_id); char const *sec_session = cidp.secSessionId(); if (IsDebugLevel(D_COMMAND)) { int cmd = SUSPEND_CLAIM; dprintf (D_COMMAND, "DCStartd::_suspendClaim(%s,...) making connection to %s\n", getCommandStringSafe(cmd), _addr ? _addr : "NULL"); } bool result; ReliSock reli_sock; reli_sock.timeout(20); // years of research... :) if( ! reli_sock.connect(_addr) ) { std::string err = "DCStartd::_suspendClaim: "; err += "Failed to connect to startd ("; err += _addr ? _addr : "NULL"; err += ')'; newError( CA_CONNECT_FAILED, err.c_str() ); return false; } int cmd = SUSPEND_CLAIM; result = startCommand( cmd, (Sock*)&reli_sock, 20, NULL, NULL, false, sec_session ); if( ! result ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::_suspendClaim: Failed to send command " ); return false; } // Now, send the ClaimId if( ! reli_sock.put_secret(claim_id) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::_suspendClaim: Failed to send ClaimId to the startd" ); return false; } if( ! reli_sock.end_of_message() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::_suspendClaim: Failed to send EOM to the startd" ); return false; } return true; }
int DCStartd::delegateX509Proxy( const char* proxy, time_t expiration_time, time_t *result_expiration_time ) { dprintf( D_FULLDEBUG, "Entering DCStartd::delegateX509Proxy()\n" ); setCmdStr( "delegateX509Proxy" ); if( ! claim_id ) { newError( CA_INVALID_REQUEST, "DCStartd::delegateX509Proxy: Called with NULL claim_id" ); return CONDOR_ERROR; } // if this claim is associated with a security session ClaimIdParser cidp(claim_id); // // 1) begin the DELEGATE_GSI_CRED_STARTD command // ReliSock* tmp = (ReliSock*)startCommand( DELEGATE_GSI_CRED_STARTD, Stream::reli_sock, 20, NULL, NULL, false, cidp.secSessionId() ); if( ! tmp ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: Failed to send command DELEGATE_GSI_CRED_STARTD to the startd" ); return CONDOR_ERROR; } // // 2) get reply from startd - OK means continue, NOT_OK means // don't bother (the startd doesn't require a delegated // proxy // tmp->decode(); int reply; if( !tmp->code(reply) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: failed to receive reply from startd (1)" ); delete tmp; return CONDOR_ERROR; } if ( !tmp->end_of_message() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: end of message error from startd (1)" ); delete tmp; return CONDOR_ERROR; } if( reply == NOT_OK ) { delete tmp; return NOT_OK; } // // 3) send over the claim id and delegate (or copy) the given proxy // tmp->encode(); int use_delegation = param_boolean( "DELEGATE_JOB_GSI_CREDENTIALS", true ) ? 1 : 0; if( !tmp->code( claim_id ) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: Failed to send claim id to the startd" ); delete tmp; return CONDOR_ERROR; } if ( !tmp->code( use_delegation ) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: Failed to send use_delegation flag to the startd" ); delete tmp; return CONDOR_ERROR; } int rv; filesize_t dont_care; if( use_delegation ) { rv = tmp->put_x509_delegation( &dont_care, proxy, expiration_time, result_expiration_time ); } else { dprintf( D_FULLDEBUG, "DELEGATE_JOB_GSI_CREDENTIALS is False; using direct copy\n"); if( ! tmp->get_encryption() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: Cannot copy: channel does not have encryption enabled" ); delete tmp; return CONDOR_ERROR; } rv = tmp->put_file( &dont_care, proxy ); } if( rv == -1 ) { newError( CA_FAILURE, "DCStartd::delegateX509Proxy: Failed to delegate proxy" ); delete tmp; return CONDOR_ERROR; } if ( !tmp->end_of_message() ) { newError( CA_FAILURE, "DCStartd::delegateX509Proxy: end of message error to startd" ); delete tmp; return CONDOR_ERROR; } // command successfully sent; now get the reply tmp->decode(); if( !tmp->code(reply) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: failed to receive reply from startd (2)" ); delete tmp; return CONDOR_ERROR; } if ( !tmp->end_of_message() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::delegateX509Proxy: end of message error from startd (2)" ); delete tmp; return CONDOR_ERROR; } delete tmp; dprintf( D_FULLDEBUG, "DCStartd::delegateX509Proxy: successfully sent command, reply is: %d\n", reply ); return reply; }
int DCStartd::activateClaim( ClassAd* job_ad, int starter_version, ReliSock** claim_sock_ptr ) { int reply; dprintf( D_FULLDEBUG, "Entering DCStartd::activateClaim()\n" ); setCmdStr( "activateClaim" ); if( claim_sock_ptr ) { // our caller wants a pointer to the socket we used to // successfully activate the claim. right now, set it to // NULL to signify error, and if everything works out, // we'll give them a pointer to the real object. *claim_sock_ptr = NULL; } if( ! claim_id ) { newError( CA_INVALID_REQUEST, "DCStartd::activateClaim: called with NULL claim_id, failing" ); return CONDOR_ERROR; } // if this claim is associated with a security session ClaimIdParser cidp(claim_id); char const *sec_session = cidp.secSessionId(); Sock* tmp; tmp = startCommand( ACTIVATE_CLAIM, Stream::reli_sock, 20, NULL, NULL, false, sec_session ); if( ! tmp ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::activateClaim: Failed to send command ACTIVATE_CLAIM to the startd" ); return CONDOR_ERROR; } if( ! tmp->put_secret(claim_id) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::activateClaim: Failed to send ClaimId to the startd" ); delete tmp; return CONDOR_ERROR; } if( ! tmp->code(starter_version) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::activateClaim: Failed to send starter_version to the startd" ); delete tmp; return CONDOR_ERROR; } if( ! putClassAd(tmp, *job_ad) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::activateClaim: Failed to send job ClassAd to the startd" ); delete tmp; return CONDOR_ERROR; } if( ! tmp->end_of_message() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::activateClaim: Failed to send EOM to the startd" ); delete tmp; return CONDOR_ERROR; } // Now, try to get the reply tmp->decode(); if( !tmp->code(reply) || !tmp->end_of_message()) { std::string err = "DCStartd::activateClaim: "; err += "Failed to receive reply from "; err += _addr ? _addr : "NULL"; newError( CA_COMMUNICATION_ERROR, err.c_str() ); delete tmp; return CONDOR_ERROR; } dprintf( D_FULLDEBUG, "DCStartd::activateClaim: " "successfully sent command, reply is: %d\n", reply ); if( reply == OK && claim_sock_ptr ) { *claim_sock_ptr = (ReliSock*)tmp; } else { // in any other case, we're going to leak this ReliSock // object if we don't delete it here... delete tmp; } return reply; }
bool DCStartd::deactivateClaim( bool graceful, bool *claim_is_closing ) { dprintf( D_FULLDEBUG, "Entering DCStartd::deactivateClaim(%s)\n", graceful ? "graceful" : "forceful" ); if( claim_is_closing ) { *claim_is_closing = false; } setCmdStr( "deactivateClaim" ); if( ! checkClaimId() ) { return false; } if( ! checkAddr() ) { return false; } // if this claim is associated with a security session ClaimIdParser cidp(claim_id); char const *sec_session = cidp.secSessionId(); if (IsDebugLevel(D_COMMAND)) { int cmd = graceful ? DEACTIVATE_CLAIM : DEACTIVATE_CLAIM_FORCIBLY; dprintf (D_COMMAND, "DCStartd::deactivateClaim(%s,...) making connection to %s\n", getCommandStringSafe(cmd), _addr ? _addr : "NULL"); } bool result; ReliSock reli_sock; reli_sock.timeout(20); // years of research... :) if( ! reli_sock.connect(_addr) ) { std::string err = "DCStartd::deactivateClaim: "; err += "Failed to connect to startd ("; err += _addr ? _addr : "NULL"; err += ')'; newError( CA_CONNECT_FAILED, err.c_str() ); return false; } int cmd; if( graceful ) { cmd = DEACTIVATE_CLAIM; } else { cmd = DEACTIVATE_CLAIM_FORCIBLY; } result = startCommand( cmd, (Sock*)&reli_sock, 20, NULL, NULL, false, sec_session ); if( ! result ) { std::string err = "DCStartd::deactivateClaim: "; err += "Failed to send command "; if( graceful ) { err += "DEACTIVATE_CLAIM"; } else { err += "DEACTIVATE_CLAIM_FORCIBLY"; } err += " to the startd"; newError( CA_COMMUNICATION_ERROR, err.c_str() ); return false; } // Now, send the ClaimId if( ! reli_sock.put_secret(claim_id) ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::deactivateClaim: Failed to send ClaimId to the startd" ); return false; } if( ! reli_sock.end_of_message() ) { newError( CA_COMMUNICATION_ERROR, "DCStartd::deactivateClaim: Failed to send EOM to the startd" ); return false; } reli_sock.decode(); ClassAd response_ad; if( !getClassAd(&reli_sock, response_ad) || !reli_sock.end_of_message() ) { dprintf( D_FULLDEBUG, "DCStartd::deactivateClaim: failed to read response ad.\n"); // The response ad is not critical and is expected to be missing // if the startd is from before 7.0.5. } else { bool start = true; response_ad.LookupBool(ATTR_START,start); if( claim_is_closing ) { *claim_is_closing = !start; } } // we're done dprintf( D_FULLDEBUG, "DCStartd::deactivateClaim: " "successfully sent command\n" ); return true; }
bool HTCondorPeek::create_session() { m_retry_sensible = false; DCSchedd schedd(m_name.size() ? m_name.c_str() : NULL, m_pool.size() ? m_pool.c_str() : NULL); dprintf(D_FULLDEBUG,"Locating daemon process\n"); if(!schedd.locate()) { if (!m_name.size()) { std::cerr << "Can't find address of local schedd" << std::endl; return false; } if (!m_pool.size()) { std::cerr << "No such schedd named " << m_name << " in local pool" << std::endl; } else { std::cerr << "No such schedd named " << m_name << " in pool " << m_pool << std::endl; } return false; } m_xfer_q = new DCTransferQueue( schedd ); MyString starter_claim_id; MyString slot_name; MyString error_msg; CondorError error_stack; int timeout = 300; // We want encryption because we will be transferring an ssh key. // must be in format expected by SecMan::ImportSecSessionInfo() char const *session_info = "[Encryption=\"YES\";Integrity=\"YES\";]"; int job_status; MyString hold_reason; bool success = schedd.getJobConnectInfo(m_id,-1,session_info,timeout,&error_stack,m_starter_addr,starter_claim_id,m_starter_version,slot_name,error_msg,m_retry_sensible,job_status,hold_reason); // turn the ssh claim id into a security session so we can use it // to authenticate ourselves to the starter SecMan secman; ClaimIdParser cidp(starter_claim_id.Value()); if( success ) { success = secman.CreateNonNegotiatedSecuritySession( DAEMON, cidp.secSessionId(), cidp.secSessionKey(), cidp.secSessionInfo(), EXECUTE_SIDE_MATCHSESSION_FQU, m_starter_addr.Value(), 0 ); if( !success ) { error_msg = "Failed to create security session to connect to starter."; } else { m_sec_session_id = cidp.secSessionId(); } } CondorVersionInfo vi(m_starter_version.Value()); if (vi.is_valid() && !vi.built_since_version(7, 9, 5)) { std::cerr << "Remote starter (version " << m_starter_version.Value() << ") is too old for condor_peek" << std::endl; return false; } if( !success ) { if ( !m_retry_sensible ) { std::cerr << error_msg.Value() << std::endl; } return false; } dprintf(D_FULLDEBUG,"Got connect info for starter %s\n", m_starter_addr.Value()); return true; }