--- pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp.obz4980 2006-03-15 16:28:36.000000000 -0500 +++ pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp 2006-05-02 15:34:36.000000000 -0400 @@ -523,6 +523,28 @@ //Out of provider support for OS400 goes here when needed. #else + +# ifndef PEGASUS_DISABLE_PROV_USERCTXT + // Get and save the effective user name and the uid/gid for the user + // context of the agent process + + String effectiveUserName = System::getEffectiveUserName(); + PEGASUS_UID_T newUid = (PEGASUS_UID_T) -1; + PEGASUS_GID_T newGid = (PEGASUS_GID_T) -1; + if (_userName != effectiveUserName) + { + if (!System::lookupUserId(_userName.getCString(), newUid, newGid)) + { + throw PEGASUS_CIM_EXCEPTION_L( + CIM_ERR_FAILED, + MessageLoaderParms( + "ProviderManager.OOPProviderManagerRouter." + "USER_CONTEXT_CHANGE_FAILED", + "Unable to change user context to \"$0\".", _userName)); + } + } +# endif + pid_t pid = fork(); if (pid < 0) { @@ -558,11 +580,11 @@ pipeToAgent->exportReadHandle(readHandle); pipeFromAgent->exportWriteHandle(writeHandle); -#ifndef PEGASUS_DISABLE_PROV_USERCTXT +# ifndef PEGASUS_DISABLE_PROV_USERCTXT // Set the user context of the Provider Agent process - if (_userName != System::getEffectiveUserName()) + if (_userName != effectiveUserName) { - if (!System::changeUserContext(_userName.getCString())) + if (!System::changeUserContext(newUid, newGid)) { Tracer::trace(TRC_DISCARDED_DATA, Tracer::LEVEL2, "System::changeUserContext() failed. userName = %s.", @@ -575,7 +597,7 @@ _exit(1); } } -#endif +# endif execl(agentCommandPathCString, agentCommandPathCString, readHandle, writeHandle, @@ -1667,7 +1689,7 @@ request->operationContext.get(IdentityContainer::NAME); userName = ic.getUserName(); } - catch (Exception& e) + catch (Exception&) { // If no IdentityContainer is present, default to the CIM // Server's user context --- pegasus/src/Pegasus/Common/SystemVms.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500 +++ pegasus/src/Pegasus/Common/SystemVms.cpp 2006-05-02 15:34:36.000000000 -0400 @@ -674,7 +674,10 @@ #endif -Boolean System::changeUserContext(const char *userName) +Boolean System::lookupUserId( + const char* userName, + PEGASUS_UID_T& uid, + PEGASUS_GID_T& gid) { const unsigned int PWD_BUFF_SIZE = 1024; struct passwd pwd; @@ -697,18 +700,28 @@ return false; } + uid = pwd.pw_uid; + gid = pwd.pw_gid; + + return true; +} + +Boolean System::changeUserContext( + const PEGASUS_UID_T& uid, + const PEGASUS_GID_T& gid) +{ Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4, "Changing user context to: uid = %d, gid = %d", - (int) pwd.pw_uid, (int) pwd.pw_gid); + (int) uid, (int) gid); - if (setgid(pwd.pw_gid) != 0) + if (setgid(gid) != 0) { PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2, String("setgid failed: ") + String(strerror(errno))); return false; } - if (setuid(pwd.pw_uid) != 0) + if (setuid(uid) != 0) { PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2, String("setuid failed: ") + String(strerror(errno))); --- pegasus/src/Pegasus/Common/SystemWindows.cpp.obz4980 2006-02-08 15:50:59.000000000 -0500 +++ pegasus/src/Pegasus/Common/SystemWindows.cpp 2006-05-02 15:34:36.000000000 -0400 @@ -838,7 +838,18 @@ return retVal; } -Boolean System::changeUserContext(const char* userName) +Boolean System::lookupUserId( + const char* userName, + PEGASUS_UID_T& uid, + PEGASUS_GID_T& gid) +{ + // ATTN: Implement this method to look up the specified user + return false; +} + +Boolean System::changeUserContext( + const PEGASUS_UID_T& uid, + const PEGASUS_GID_T& gid) { // ATTN: Implement this method to change the process user context to the // specified user --- pegasus/src/Pegasus/Common/SystemNsk.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500 +++ pegasus/src/Pegasus/Common/SystemNsk.cpp 2006-05-02 15:34:36.000000000 -0400 @@ -157,7 +157,18 @@ return true; } -Boolean System::changeUserContext(const char* userName) +Boolean System::lookupUserId( + const char* userName, + PEGASUS_UID_T& uid, + PEGASUS_GID_T& gid) +{ + // ATTN: Implement this method to look up the specified user + return false; +} + +Boolean System::changeUserContext( + const PEGASUS_UID_T& uid, + const PEGASUS_GID_T& gid) { // ATTN: Implement this method to change the process user context to the // specified user --- pegasus/src/Pegasus/Common/SystemUnix.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500 +++ pegasus/src/Pegasus/Common/SystemUnix.cpp 2006-05-02 15:34:36.000000000 -0400 @@ -1097,8 +1097,12 @@ return retVal; } + #ifndef PEGASUS_OS_OS400 -Boolean System::changeUserContext(const char* userName) +Boolean System::lookupUserId( + const char* userName, + PEGASUS_UID_T& uid, + PEGASUS_GID_T& gid) { const unsigned int PWD_BUFF_SIZE = 1024; struct passwd pwd; @@ -1129,18 +1133,28 @@ return false; } + uid = pwd.pw_uid; + gid = pwd.pw_gid; + + return true; +} + +Boolean System::changeUserContext( + const PEGASUS_UID_T& uid, + const PEGASUS_GID_T& gid) +{ Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4, "Changing user context to: uid = %d, gid = %d", - (int)pwd.pw_uid, (int)pwd.pw_gid); + (int)uid, (int)gid); - if (setgid(pwd.pw_gid) != 0) + if (setgid(gid) != 0) { PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2, String("setgid failed: ") + String(strerror(errno))); return false; } - if (setuid(pwd.pw_uid) != 0) + if (setuid(uid) != 0) { PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2, String("setuid failed: ") + String(strerror(errno))); @@ -1150,6 +1164,7 @@ return true; } #endif + Uint32 System::getPID() { // --- pegasus/src/Pegasus/Common/System.h.obz4980 2006-01-30 11:17:08.000000000 -0500 +++ pegasus/src/Pegasus/Common/System.h 2006-05-02 15:34:36.000000000 -0400 @@ -57,6 +57,16 @@ #endif #endif +#ifdef PEGASUS_OS_TYPE_UNIX +# ifndef PEGASUS_OS_OS400 +# include +# endif +# define PEGASUS_UID_T uid_t +# define PEGASUS_GID_T gid_t +#else +# define PEGASUS_UID_T Uint32 +# define PEGASUS_GID_T Uint32 +#endif // // Protocal Type @@ -246,16 +256,33 @@ static Boolean isGroupMember(const char* userName, const char* groupName); /** - Changes the process user context to the specified user. - - @param userName User name to set as the process user context. + Gets the user and group IDs associated with the specified user. + @param userName User name for which to look up user and group IDs. + @param uid User ID for the specified user name. + @param gid Group ID for the specified user name. + @return True if the user and group IDs were retrieved + successfully, false otherwise. + */ +#ifndef PEGASUS_OS_OS400 + static Boolean lookupUserId( + const char* userName, + PEGASUS_UID_T& uid, + PEGASUS_GID_T& gid); +#endif - @return True if the user context is successfully changed, - false otherwise. + /** + Changes the process user context to the specified user and group ID. + @param uid User ID to set as the process user context. + @param gid Group ID to set as the process group context. + @return True if the user context is successfully changed, + false otherwise. */ #ifndef PEGASUS_OS_OS400 - static Boolean changeUserContext(const char* userName); + static Boolean changeUserContext( + const PEGASUS_UID_T& uid, + const PEGASUS_GID_T& gid); #endif + /** This function is used to get the process ID of the calling process.