// Look up an IP attribute in an ad, optionally fall back to an alternate bool getIpAddr( const char *ad_type, const ClassAd *ad, const char *attrname, const char *attrold, MyString &ip ) { MyString tmp; // get the IP and port of the startd if ( !adLookup( ad_type, ad, attrname, attrold, tmp, true ) ) { return false; } // If no valid string, do our own thing.. char* host; if ( ( tmp.Length() == 0 ) || (host = getHostFromAddr(tmp.Value())) == NULL ) { dprintf (D_ALWAYS, "%sAd: Invalid IP address in classAd\n", ad_type ); return false; } ip = host; free(host); return true; }
int RefreshProxyThruMyProxy(Proxy * proxy) { char * proxy_filename = proxy->proxy_filename; MyProxyEntry * myProxyEntry = NULL; MyString args_string; int pid; // Starting from the most recent myproxy entry // Find an entry with a password int found = FALSE; proxy->myproxy_entries.Rewind(); while (proxy->myproxy_entries.Next (myProxyEntry)) { if (myProxyEntry->myproxy_password || GetMyProxyPasswordFromSchedD (myProxyEntry->cluster_id, myProxyEntry->proc_id, &(myProxyEntry->myproxy_password))) { found=TRUE; //. Now move it to the front of the list proxy->myproxy_entries.DeleteCurrent(); proxy->myproxy_entries.Prepend(myProxyEntry); break; } } if (!found) { // We're screwed - can't get MyProxy passwords for any entry return FALSE; } // Make sure we're not called more often than necessary and if time_t now=time(NULL); if ((myProxyEntry->get_delegation_pid != FALSE) || (now - myProxyEntry->last_invoked_time < 30)) { dprintf (D_ALWAYS, "proxy %s too soon or myproxy-get-delegation already started\n", proxy_filename); return FALSE; } myProxyEntry->last_invoked_time=now; // If you don't have a myproxy password, ask SchedD for it if (!myProxyEntry->myproxy_password) { // Will there ever be a case when there is no MyProxy password needed at all? return FALSE; } // Initialize reaper, if needed if (myproxyGetDelegationReaperId == 0 ) { myproxyGetDelegationReaperId = daemonCore->Register_Reaper( "GetDelegationReaper", (ReaperHandler) &MyProxyGetDelegationReaper, "GetDelegation Reaper"); } // Set up environnment for myproxy-get-delegation Env myEnv; std::string buff; if (myProxyEntry->myproxy_server_dn) { formatstr( buff, "MYPROXY_SERVER_DN=%s", myProxyEntry->myproxy_server_dn); myEnv.SetEnv(buff.c_str()); dprintf (D_FULLDEBUG, "%s\n", buff.c_str()); } formatstr(buff, "X509_USER_PROXY=%s", proxy_filename); myEnv.SetEnv (buff.c_str()); dprintf (D_FULLDEBUG, "%s\n", buff.c_str()); // Print password (this will end up in stdin for myproxy-get-delegation) if (pipe (myProxyEntry->get_delegation_password_pipe)) { dprintf(D_ALWAYS, "Failed to pipe(2) in RefreshProxyThruMyProxy " "for writing password, aborting\n"); return FALSE; } int written = write (myProxyEntry->get_delegation_password_pipe[1], myProxyEntry->myproxy_password, strlen (myProxyEntry->myproxy_password)); if (written < (int) strlen (myProxyEntry->myproxy_password)) { dprintf(D_ALWAYS, "Failed to write to pipe in RefreshProxyThruMyProxy %d\n", errno); return FALSE; } written = write (myProxyEntry->get_delegation_password_pipe[1], "\n", 1); if (written < 1) { dprintf(D_ALWAYS, "Failed to write to pipe in RefreshProxyThruMyProxy %d\n", errno); return FALSE; } // Figure out user name; char * username = my_username(0); // Figure out myproxy host and port char * myproxy_host = getHostFromAddr (myProxyEntry->myproxy_host); int myproxy_port = getPortFromAddr (myProxyEntry->myproxy_host); // args ArgList args; args.AppendArg(proxy_filename); args.AppendArg("-v"); args.AppendArg("-o"); args.AppendArg(proxy_filename); args.AppendArg("-s"); args.AppendArg(myproxy_host); args.AppendArg("-d"); args.AppendArg("-t"); args.AppendArg(myProxyEntry->new_proxy_lifetime); args.AppendArg("-S"); args.AppendArg("-l"); args.AppendArg(username); // Optional port argument if (myproxy_port) { args.AppendArg("-p"); args.AppendArg(myproxy_port); } // Optional credential name argument if (myProxyEntry->myproxy_credential_name) { args.AppendArg("-k"); args.AppendArg(myProxyEntry->myproxy_credential_name); } free (username); free (myproxy_host); // Create temporary file to store myproxy-get-delegation's stderr myProxyEntry->get_delegation_err_filename = create_temp_file(); if(!myProxyEntry->get_delegation_err_filename) { dprintf( D_ALWAYS, "Failed to create temp file"); } else { MSC_SUPPRESS_WARNING_FIXME(6031) // warning: return value of 'chmod' ignored. chmod (myProxyEntry->get_delegation_err_filename, 0600); myProxyEntry->get_delegation_err_fd = safe_open_wrapper_follow(myProxyEntry->get_delegation_err_filename,O_RDWR); if (myProxyEntry->get_delegation_err_fd == -1) { dprintf (D_ALWAYS, "Error opening file %s\n", myProxyEntry->get_delegation_err_filename); } } int arrIO[3]; arrIO[0]=myProxyEntry->get_delegation_password_pipe[0]; //stdin arrIO[1]=myProxyEntry->get_delegation_err_fd; arrIO[2]=myProxyEntry->get_delegation_err_fd; // stderr char * myproxy_get_delegation_pgm = param ("MYPROXY_GET_DELEGATION"); if (!myproxy_get_delegation_pgm) { dprintf (D_ALWAYS, "MYPROXY_GET_DELEGATION not defined in config file\n"); goto error_exit; } args.GetArgsStringForDisplay(&args_string); dprintf (D_ALWAYS, "Calling %s %s\n", myproxy_get_delegation_pgm, args_string.Value()); pid = daemonCore->Create_Process ( myproxy_get_delegation_pgm, args, PRIV_USER_FINAL, myproxyGetDelegationReaperId, FALSE, &myEnv, NULL, // cwd NULL, // process family info NULL, // socket inherit arrIO); // in/out/err streams free (myproxy_get_delegation_pgm); if (pid == FALSE) { dprintf (D_ALWAYS, "Failed to run myproxy-get-delegation\n"); goto error_exit; } myProxyEntry->get_delegation_pid = pid; return TRUE; error_exit: myProxyEntry->get_delegation_pid=FALSE; if (myProxyEntry->get_delegation_err_fd >= 0) { close (myProxyEntry->get_delegation_err_fd); myProxyEntry->get_delegation_err_fd=-1; } if (myProxyEntry->get_delegation_err_filename) { MSC_SUPPRESS_WARNING_FIXME(6031) // warning: return value of 'unlink' ignored. unlink (myProxyEntry->get_delegation_err_filename);// Remove the tempora free (myProxyEntry->get_delegation_err_filename); myProxyEntry->get_delegation_err_filename=NULL; } if (myProxyEntry->get_delegation_password_pipe[0] >= 0) { close (myProxyEntry->get_delegation_password_pipe[0]); myProxyEntry->get_delegation_password_pipe[0]=-1; } if (myProxyEntry->get_delegation_password_pipe[1] >= 0 ) { close (myProxyEntry->get_delegation_password_pipe[1]); myProxyEntry->get_delegation_password_pipe[1]=-1; } return FALSE; }
int RefreshProxyThruMyProxy(X509CredentialWrapper * proxy) { const char * proxy_filename = proxy->GetStorageName(); char * myproxy_host = NULL; int status; if (((X509Credential*)proxy->cred)->GetMyProxyServerHost() == NULL) { dprintf (D_ALWAYS, "Skipping %s\n", proxy->cred->GetName()); return FALSE; } // First check if a refresh process is already running time_t now = time(NULL); if (proxy->get_delegation_pid != GET_DELEGATION_PID_NONE) { time_t time_started = proxy->get_delegation_proc_start_time; // If the old "refresh proxy" proc is still running, kill it if (now - time_started > 500) { dprintf (D_FULLDEBUG, "MyProxy refresh process pid=%d still running, " "sending signal %d\n", proxy->get_delegation_pid, SIGKILL); daemonCore->Send_Signal (proxy->get_delegation_pid, SIGKILL); // Wait for reaper to cleanup. } else { dprintf (D_FULLDEBUG, "MyProxy refresh process pid=%d still running, " "letting it finish\n", proxy->get_delegation_pid); } return FALSE; } proxy->get_delegation_proc_start_time = now; // Set up environnment for myproxy-get-delegation Env myEnv; MyString strBuff; if (((X509Credential*)proxy->cred)->GetMyProxyServerDN()) { strBuff="MYPROXY_SERVER_DN="; strBuff+= ((X509Credential*)proxy->cred)->GetMyProxyServerDN(); myEnv.SetEnv (strBuff.Value()); dprintf (D_FULLDEBUG, "%s\n", strBuff.Value()); } strBuff="X509_USER_PROXY="; strBuff+=proxy->GetStorageName(); dprintf (D_FULLDEBUG, "%s\n", strBuff.Value()); // Get password (this will end up in stdin for myproxy-get-delegation) const char * myproxy_password =((X509Credential*)proxy->cred)->GetRefreshPassword(); if (myproxy_password == NULL ) { dprintf (D_ALWAYS, "No MyProxy password specified for %s:%s\n", proxy->cred->GetName(), proxy->cred->GetOwner()); myproxy_password = ""; } status = pipe (proxy->get_delegation_password_pipe); if (status == -1) { dprintf (D_ALWAYS, "get_delegation pipe() failed: %s\n", strerror(errno) ); proxy->get_delegation_reset(); return FALSE; } // TODO: check write() return values for errors, short writes. int written = write (proxy->get_delegation_password_pipe[1], myproxy_password, strlen (myproxy_password)); if (written < (long)strlen(myproxy_password)) { dprintf (D_ALWAYS, "Write to proxy delegation pipe failed (%s)", strerror(errno)); proxy->get_delegation_reset(); return FALSE; } written = write (proxy->get_delegation_password_pipe[1], "\n", 1); if (written < 1) { dprintf (D_ALWAYS, "Write newline to proxy delegation pipe failed (%s)", strerror(errno) ); proxy->get_delegation_reset(); return FALSE; } // Figure out user name; const char * username = proxy->cred->GetOrigOwner(); // Figure out myproxy host and port myproxy_host = getHostFromAddr (((X509Credential*)proxy->cred)->GetMyProxyServerHost()); int myproxy_port = getPortFromAddr (((X509Credential*)proxy->cred)->GetMyProxyServerHost()); // construct arguments ArgList args; args.AppendArg("--verbose "); args.AppendArg("--out"); args.AppendArg(proxy_filename); args.AppendArg("--pshost"); args.AppendArg(myproxy_host); if ( myproxy_host != NULL ) { free ( myproxy_host ); } args.AppendArg("--dn_as_username"); args.AppendArg("--proxy_lifetime"); // hours args.AppendArg(6); args.AppendArg("--stdin_pass"); args.AppendArg("--username"); args.AppendArg(username); // Optional port argument if (myproxy_port) { args.AppendArg("--psport"); args.AppendArg(myproxy_port); } // Optional credential name if ( ((X509Credential*)proxy->cred)->GetCredentialName() && ( ((X509Credential*)proxy->cred)->GetCredentialName() )[0] ) { args.AppendArg("--credname"); args.AppendArg(((X509Credential*)proxy->cred)->GetCredentialName()); } // Create temporary file to store myproxy-get-delegation's stderr // The file will be owned by the "condor" user priv_state priv = set_condor_priv(); proxy->get_delegation_err_filename = create_temp_file(); if (proxy->get_delegation_err_filename == NULL) { dprintf (D_ALWAYS, "get_delegation create_temp_file() failed: %s\n", strerror(errno) ); proxy->get_delegation_reset(); return FALSE; } status = chmod (proxy->get_delegation_err_filename, 0600); if (status == -1) { dprintf (D_ALWAYS, "chmod() get_delegation_err_filename %s failed: %s\n", proxy->get_delegation_err_filename, strerror(errno) ); proxy->get_delegation_reset(); return FALSE; } proxy->get_delegation_err_fd = safe_open_wrapper_follow(proxy->get_delegation_err_filename,O_RDWR); if (proxy->get_delegation_err_fd == -1) { dprintf (D_ALWAYS, "Error opening get_delegation file %s: %s\n", proxy->get_delegation_err_filename, strerror(errno) ); proxy->get_delegation_reset(); return FALSE; } set_priv (priv); int arrIO[3]; arrIO[0]=proxy->get_delegation_password_pipe[0]; //stdin arrIO[1]=-1; //proxy->get_delegation_err_fd; arrIO[2]=proxy->get_delegation_err_fd; // stderr char * myproxy_get_delegation_pgm = param ("MYPROXY_GET_DELEGATION"); if (!myproxy_get_delegation_pgm) { dprintf (D_ALWAYS, "MYPROXY_GET_DELEGATION not defined in config file\n"); return FALSE; } MyString args_string; args.GetArgsStringForDisplay(&args_string); dprintf (D_ALWAYS, "Calling %s %s\n", myproxy_get_delegation_pgm, args_string.Value()); int pid = daemonCore->Create_Process ( myproxy_get_delegation_pgm, // name args, // args PRIV_USER_FINAL, // priv myproxyGetDelegationReaperId, // reaper_id FALSE, // want_command_port FALSE, // want_command_port &myEnv, // env NULL, // cwd NULL, // family_info NULL, // sock_inherit_list arrIO); // in/out/err streams // nice_inc // job_opt_mask free (myproxy_get_delegation_pgm); myproxy_get_delegation_pgm = NULL; if (pid == FALSE) { dprintf (D_ALWAYS, "Failed to run myproxy-get-delegation\n"); proxy->get_delegation_reset(); return FALSE; } proxy->get_delegation_pid = pid; return TRUE; }