int GetMyProxyPasswordFromSchedD (int cluster_id, int proc_id,
char ** password)
{
// This might seem not necessary, but it IS
// For some reason you can't just pass cluster_id to sock->code() directly!!!!
int cluster, proc;
cluster = cluster_id;
proc = proc_id;
dprintf ( D_FULLDEBUG, " GetMyProxyPasswordFromSchedD %d, %d\n", cluster_id, proc_id);
// Get At Schedd
Daemon schedd( DT_SCHEDD );
if( ! schedd.locate() ) {
dprintf( D_ALWAYS, "GetMyProxyPasswordFromSchedD: Can't find address of local schedd\n" );
return FALSE;
}
// Start command
Sock* sock;
if (!(sock = schedd.startCommand( GET_MYPROXY_PASSWORD, Stream::reli_sock, 0))) {
dprintf( D_ALWAYS, "GetMyProxyPasswordFromSchedD: Could not connect to local schedd\n" );
return FALSE;
}
sock->encode();
if (!sock->code (cluster) || !sock->code(proc)) {
dprintf( D_ALWAYS, "GetMyProxyPasswordFromSchedD: Could not encode clusterId, procId\n" );
return FALSE;
}
sock->end_of_message();
sock->decode();
if (!sock->code (*password)) {
dprintf( D_ALWAYS, "GetMyProxyPasswordFromSchedD: Can't retrieve password\n" );
return FALSE;
}
sock->end_of_message();
sock->close();
delete sock;
return TRUE;
}
int
DCStartd::activateClaim( ClassAd* job_ad, int starter_version,
ReliSock** claim_sock_ptr )
{
int reply;
dprintf( D_FULLDEBUG, "Entering DCStartd::activateClaim()\n" );
setCmdStr( "activateClaim" );
if( claim_sock_ptr ) {
// our caller wants a pointer to the socket we used to
// successfully activate the claim. right now, set it to
// NULL to signify error, and if everything works out,
// we'll give them a pointer to the real object.
*claim_sock_ptr = NULL;
}
if( ! claim_id ) {
newError( CA_INVALID_REQUEST,
"DCStartd::activateClaim: called with NULL claim_id, failing" );
return CONDOR_ERROR;
}
// if this claim is associated with a security session
ClaimIdParser cidp(claim_id);
char const *sec_session = cidp.secSessionId();
Sock* tmp;
tmp = startCommand( ACTIVATE_CLAIM, Stream::reli_sock, 20, NULL, NULL, false, sec_session );
if( ! tmp ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send command ACTIVATE_CLAIM to the startd" );
return CONDOR_ERROR;
}
if( ! tmp->put_secret(claim_id) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send ClaimId to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! tmp->code(starter_version) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send starter_version to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! putClassAd(tmp, *job_ad) ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send job ClassAd to the startd" );
delete tmp;
return CONDOR_ERROR;
}
if( ! tmp->end_of_message() ) {
newError( CA_COMMUNICATION_ERROR,
"DCStartd::activateClaim: Failed to send EOM to the startd" );
delete tmp;
return CONDOR_ERROR;
}
// Now, try to get the reply
tmp->decode();
if( !tmp->code(reply) || !tmp->end_of_message()) {
std::string err = "DCStartd::activateClaim: ";
err += "Failed to receive reply from ";
err += _addr ? _addr : "NULL";
newError( CA_COMMUNICATION_ERROR, err.c_str() );
delete tmp;
return CONDOR_ERROR;
}
dprintf( D_FULLDEBUG, "DCStartd::activateClaim: "
"successfully sent command, reply is: %d\n", reply );
if( reply == OK && claim_sock_ptr ) {
*claim_sock_ptr = (ReliSock*)tmp;
} else {
// in any other case, we're going to leak this ReliSock
// object if we don't delete it here...
delete tmp;
}
return reply;
}
// process ads from the collector, handing each to the callback
// callback will return 'false' if it took ownership of the ad.
QueryResult CondorQuery::
processAds (bool (*callback)(void*, ClassAd *), void* pv, const char * poolName, CondorError* errstack /*= NULL*/)
{
Sock* sock;
QueryResult result;
ClassAd queryAd(extraAttrs);
if ( !poolName ) {
return Q_NO_COLLECTOR_HOST;
}
// contact collector
Daemon my_collector( DT_COLLECTOR, poolName, NULL );
if( !my_collector.locate() ) {
// We were passed a bogus poolName, abort gracefully
return Q_NO_COLLECTOR_HOST;
}
// make the query ad
result = getQueryAd (queryAd);
if (result != Q_OK) return result;
if (IsDebugLevel(D_HOSTNAME)) {
dprintf( D_HOSTNAME, "Querying collector %s (%s) with classad:\n",
my_collector.addr(), my_collector.fullHostname() );
dPrintAd( D_HOSTNAME, queryAd );
dprintf( D_HOSTNAME, " --- End of Query ClassAd ---\n" );
}
int mytimeout = param_integer ("QUERY_TIMEOUT",60);
if (!(sock = my_collector.startCommand(command, Stream::reli_sock, mytimeout, errstack)) ||
!putClassAd (sock, queryAd) || !sock->end_of_message()) {
if (sock) {
delete sock;
}
return Q_COMMUNICATION_ERROR;
}
// get result
sock->decode ();
int more = 1;
while (more)
{
if (!sock->code (more)) {
sock->end_of_message();
delete sock;
return Q_COMMUNICATION_ERROR;
}
if (more) {
ClassAd * ad = new ClassAd;
if( !getClassAd(sock, *ad) ) {
sock->end_of_message();
delete ad;
delete sock;
return Q_COMMUNICATION_ERROR;
}
if (callback(pv, ad)) {
delete ad;
}
}
}
sock->end_of_message();
// finalize
sock->close();
delete sock;
return (Q_OK);
}
// fetch all ads from the collector that satisfy the constraints
QueryResult CondorQuery::
fetchAds (ClassAdList &adList, const char *poolName, CondorError* errstack)
{
Sock* sock;
int more;
QueryResult result;
ClassAd queryAd(extraAttrs), *ad;
if ( !poolName ) {
return Q_NO_COLLECTOR_HOST;
}
// contact collector
Daemon my_collector( DT_COLLECTOR, poolName, NULL );
if( !my_collector.locate() ) {
// We were passed a bogus poolName, abort gracefully
return Q_NO_COLLECTOR_HOST;
}
// make the query ad
result = getQueryAd (queryAd);
if (result != Q_OK) return result;
if( IsDebugLevel( D_HOSTNAME ) ) {
dprintf( D_HOSTNAME, "Querying collector %s (%s) with classad:\n",
my_collector.addr(), my_collector.fullHostname() );
queryAd.dPrint( D_HOSTNAME );
dprintf( D_HOSTNAME, " --- End of Query ClassAd ---\n" );
}
int mytimeout = param_integer ("QUERY_TIMEOUT",60);
if (!(sock = my_collector.startCommand(command, Stream::reli_sock, mytimeout, errstack)) ||
!queryAd.put (*sock) || !sock->end_of_message()) {
if (sock) {
delete sock;
}
return Q_COMMUNICATION_ERROR;
}
// get result
sock->decode ();
more = 1;
while (more)
{
if (!sock->code (more)) {
sock->end_of_message();
delete sock;
return Q_COMMUNICATION_ERROR;
}
if (more) {
ad = new ClassAd;
if( !ad->initFromStream(*sock) ) {
sock->end_of_message();
delete ad;
delete sock;
return Q_COMMUNICATION_ERROR;
}
adList.Insert (ad);
}
}
sock->end_of_message();
// finalize
sock->close();
delete sock;
return (Q_OK);
}
int
store_cred(const char* user, const char* pw, int mode, Daemon* d, bool force) {
int result;
int return_val;
Sock* sock = NULL;
// to help future debugging, print out the mode we are in
static const int mode_offset = 100;
static const char *mode_name[] = {
ADD_CREDENTIAL,
DELETE_CREDENTIAL,
QUERY_CREDENTIAL
#ifdef WIN32
, CONFIG_CREDENTIAL
#endif
};
dprintf ( D_ALWAYS,
"STORE_CRED: In mode '%s'\n",
mode_name[mode - mode_offset] );
// If we are root / SYSTEM and we want a local daemon,
// then do the work directly to the local registry.
// If not, then send the request over the wire to a remote credd or schedd.
if ( is_root() && d == NULL ) {
// do the work directly onto the local registry
return_val = store_cred_service(user,pw,mode);
} else {
// send out the request remotely.
// first see if we're operating on the pool password
int cmd = STORE_CRED;
char const *tmp = strchr(user, '@');
if (tmp == NULL || tmp == user || *(tmp + 1) == '\0') {
dprintf(D_ALWAYS, "store_cred: user not in user@domain format\n");
return FAILURE;
}
if (((mode == ADD_MODE) || (mode == DELETE_MODE)) &&
( (size_t)(tmp - user) == strlen(POOL_PASSWORD_USERNAME)) &&
(memcmp(POOL_PASSWORD_USERNAME, user, tmp - user) == 0))
{
cmd = STORE_POOL_CRED;
user = tmp + 1; // we only need to send the domain name for STORE_POOL_CRED
}
if (d == NULL) {
if (cmd == STORE_POOL_CRED) {
// need to go to the master for setting the pool password
dprintf(D_FULLDEBUG, "Storing credential to local master\n");
Daemon my_master(DT_MASTER);
sock = my_master.startCommand(cmd, Stream::reli_sock, 0);
}
else {
dprintf(D_FULLDEBUG, "Storing credential to local schedd\n");
Daemon my_schedd(DT_SCHEDD);
sock = my_schedd.startCommand(cmd, Stream::reli_sock, 0);
}
} else {
dprintf(D_FULLDEBUG, "Starting a command on a REMOTE schedd\n");
sock = d->startCommand(cmd, Stream::reli_sock, 0);
}
if( !sock ) {
dprintf(D_ALWAYS,
"STORE_CRED: Failed to start command.\n");
dprintf(D_ALWAYS,
"STORE_CRED: Unable to contact the REMOTE schedd.\n");
return FAILURE;
}
// for remote updates (which send the password), verify we have a secure channel,
// unless "force" is specified
if (((mode == ADD_MODE) || (mode == DELETE_MODE)) && !force && (d != NULL) &&
((sock->type() != Stream::reli_sock) || !((ReliSock*)sock)->triedAuthentication() || !sock->get_encryption())) {
dprintf(D_ALWAYS, "STORE_CRED: blocking attempt to update over insecure channel\n");
delete sock;
return FAILURE_NOT_SECURE;
}
if (cmd == STORE_CRED) {
result = code_store_cred(sock, const_cast<char*&>(user),
const_cast<char*&>(pw), mode);
if( result == FALSE ) {
dprintf(D_ALWAYS, "store_cred: code_store_cred failed.\n");
delete sock;
return FAILURE;
}
}
else {
// only need to send the domain and password for STORE_POOL_CRED
if (!sock->code(const_cast<char*&>(user)) ||
!sock->code(const_cast<char*&>(pw)) ||
!sock->end_of_message()) {
dprintf(D_ALWAYS, "store_cred: failed to send STORE_POOL_CRED message\n");
delete sock;
return FAILURE;
}
}
sock->decode();
result = sock->code(return_val);
if( !result ) {
dprintf(D_ALWAYS, "store_cred: failed to recv answer.\n");
delete sock;
return FAILURE;
}
result = sock->end_of_message();
if( !result ) {
dprintf(D_ALWAYS, "store_cred: failed to recv eom.\n");
delete sock;
return FAILURE;
}
} // end of case where we send out the request remotely
switch(mode)
{
case ADD_MODE:
if( return_val == SUCCESS ) {
dprintf(D_FULLDEBUG, "Addition succeeded!\n");
} else {
dprintf(D_FULLDEBUG, "Addition failed!\n");
}
break;
case DELETE_MODE:
if( return_val == SUCCESS ) {
dprintf(D_FULLDEBUG, "Delete succeeded!\n");
} else {
dprintf(D_FULLDEBUG, "Delete failed!\n");
}
break;
case QUERY_MODE:
if( return_val == SUCCESS ) {
dprintf(D_FULLDEBUG, "We have a credential stored!\n");
} else {
dprintf(D_FULLDEBUG, "Query failed!\n");
}
break;
}
if ( sock ) delete sock;
return return_val;
}
