tog-pegasus/pegasus-2.5.1-obz4984.patch

270 lines
8.3 KiB
Diff

--- pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp.obz4980 2006-03-15 16:28:36.000000000 -0500
+++ pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp 2006-05-02 15:34:36.000000000 -0400
@@ -523,6 +523,28 @@
//Out of provider support for OS400 goes here when needed.
#else
+
+# ifndef PEGASUS_DISABLE_PROV_USERCTXT
+ // Get and save the effective user name and the uid/gid for the user
+ // context of the agent process
+
+ String effectiveUserName = System::getEffectiveUserName();
+ PEGASUS_UID_T newUid = (PEGASUS_UID_T) -1;
+ PEGASUS_GID_T newGid = (PEGASUS_GID_T) -1;
+ if (_userName != effectiveUserName)
+ {
+ if (!System::lookupUserId(_userName.getCString(), newUid, newGid))
+ {
+ throw PEGASUS_CIM_EXCEPTION_L(
+ CIM_ERR_FAILED,
+ MessageLoaderParms(
+ "ProviderManager.OOPProviderManagerRouter."
+ "USER_CONTEXT_CHANGE_FAILED",
+ "Unable to change user context to \"$0\".", _userName));
+ }
+ }
+# endif
+
pid_t pid = fork();
if (pid < 0)
{
@@ -558,11 +580,11 @@
pipeToAgent->exportReadHandle(readHandle);
pipeFromAgent->exportWriteHandle(writeHandle);
-#ifndef PEGASUS_DISABLE_PROV_USERCTXT
+# ifndef PEGASUS_DISABLE_PROV_USERCTXT
// Set the user context of the Provider Agent process
- if (_userName != System::getEffectiveUserName())
+ if (_userName != effectiveUserName)
{
- if (!System::changeUserContext(_userName.getCString()))
+ if (!System::changeUserContext(newUid, newGid))
{
Tracer::trace(TRC_DISCARDED_DATA, Tracer::LEVEL2,
"System::changeUserContext() failed. userName = %s.",
@@ -575,7 +597,7 @@
_exit(1);
}
}
-#endif
+# endif
execl(agentCommandPathCString, agentCommandPathCString,
readHandle, writeHandle,
@@ -1667,7 +1689,7 @@
request->operationContext.get(IdentityContainer::NAME);
userName = ic.getUserName();
}
- catch (Exception& e)
+ catch (Exception&)
{
// If no IdentityContainer is present, default to the CIM
// Server's user context
--- pegasus/src/Pegasus/Common/SystemVms.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
+++ pegasus/src/Pegasus/Common/SystemVms.cpp 2006-05-02 15:34:36.000000000 -0400
@@ -674,7 +674,10 @@
#endif
-Boolean System::changeUserContext(const char *userName)
+Boolean System::lookupUserId(
+ const char* userName,
+ PEGASUS_UID_T& uid,
+ PEGASUS_GID_T& gid)
{
const unsigned int PWD_BUFF_SIZE = 1024;
struct passwd pwd;
@@ -697,18 +700,28 @@
return false;
}
+ uid = pwd.pw_uid;
+ gid = pwd.pw_gid;
+
+ return true;
+}
+
+Boolean System::changeUserContext(
+ const PEGASUS_UID_T& uid,
+ const PEGASUS_GID_T& gid)
+{
Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4,
"Changing user context to: uid = %d, gid = %d",
- (int) pwd.pw_uid, (int) pwd.pw_gid);
+ (int) uid, (int) gid);
- if (setgid(pwd.pw_gid) != 0)
+ if (setgid(gid) != 0)
{
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
String("setgid failed: ") + String(strerror(errno)));
return false;
}
- if (setuid(pwd.pw_uid) != 0)
+ if (setuid(uid) != 0)
{
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
String("setuid failed: ") + String(strerror(errno)));
--- pegasus/src/Pegasus/Common/SystemWindows.cpp.obz4980 2006-02-08 15:50:59.000000000 -0500
+++ pegasus/src/Pegasus/Common/SystemWindows.cpp 2006-05-02 15:34:36.000000000 -0400
@@ -838,7 +838,18 @@
return retVal;
}
-Boolean System::changeUserContext(const char* userName)
+Boolean System::lookupUserId(
+ const char* userName,
+ PEGASUS_UID_T& uid,
+ PEGASUS_GID_T& gid)
+{
+ // ATTN: Implement this method to look up the specified user
+ return false;
+}
+
+Boolean System::changeUserContext(
+ const PEGASUS_UID_T& uid,
+ const PEGASUS_GID_T& gid)
{
// ATTN: Implement this method to change the process user context to the
// specified user
--- pegasus/src/Pegasus/Common/SystemNsk.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
+++ pegasus/src/Pegasus/Common/SystemNsk.cpp 2006-05-02 15:34:36.000000000 -0400
@@ -157,7 +157,18 @@
return true;
}
-Boolean System::changeUserContext(const char* userName)
+Boolean System::lookupUserId(
+ const char* userName,
+ PEGASUS_UID_T& uid,
+ PEGASUS_GID_T& gid)
+{
+ // ATTN: Implement this method to look up the specified user
+ return false;
+}
+
+Boolean System::changeUserContext(
+ const PEGASUS_UID_T& uid,
+ const PEGASUS_GID_T& gid)
{
// ATTN: Implement this method to change the process user context to the
// specified user
--- pegasus/src/Pegasus/Common/SystemUnix.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
+++ pegasus/src/Pegasus/Common/SystemUnix.cpp 2006-05-02 15:34:36.000000000 -0400
@@ -1097,8 +1097,12 @@
return retVal;
}
+
#ifndef PEGASUS_OS_OS400
-Boolean System::changeUserContext(const char* userName)
+Boolean System::lookupUserId(
+ const char* userName,
+ PEGASUS_UID_T& uid,
+ PEGASUS_GID_T& gid)
{
const unsigned int PWD_BUFF_SIZE = 1024;
struct passwd pwd;
@@ -1129,18 +1133,28 @@
return false;
}
+ uid = pwd.pw_uid;
+ gid = pwd.pw_gid;
+
+ return true;
+}
+
+Boolean System::changeUserContext(
+ const PEGASUS_UID_T& uid,
+ const PEGASUS_GID_T& gid)
+{
Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4,
"Changing user context to: uid = %d, gid = %d",
- (int)pwd.pw_uid, (int)pwd.pw_gid);
+ (int)uid, (int)gid);
- if (setgid(pwd.pw_gid) != 0)
+ if (setgid(gid) != 0)
{
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
String("setgid failed: ") + String(strerror(errno)));
return false;
}
- if (setuid(pwd.pw_uid) != 0)
+ if (setuid(uid) != 0)
{
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
String("setuid failed: ") + String(strerror(errno)));
@@ -1150,6 +1164,7 @@
return true;
}
#endif
+
Uint32 System::getPID()
{
//
--- pegasus/src/Pegasus/Common/System.h.obz4980 2006-01-30 11:17:08.000000000 -0500
+++ pegasus/src/Pegasus/Common/System.h 2006-05-02 15:34:36.000000000 -0400
@@ -57,6 +57,16 @@
#endif
#endif
+#ifdef PEGASUS_OS_TYPE_UNIX
+# ifndef PEGASUS_OS_OS400
+# include <unistd.h>
+# endif
+# define PEGASUS_UID_T uid_t
+# define PEGASUS_GID_T gid_t
+#else
+# define PEGASUS_UID_T Uint32
+# define PEGASUS_GID_T Uint32
+#endif
//
// Protocal Type
@@ -246,16 +256,33 @@
static Boolean isGroupMember(const char* userName, const char* groupName);
/**
- Changes the process user context to the specified user.
-
- @param userName User name to set as the process user context.
+ Gets the user and group IDs associated with the specified user.
+ @param userName User name for which to look up user and group IDs.
+ @param uid User ID for the specified user name.
+ @param gid Group ID for the specified user name.
+ @return True if the user and group IDs were retrieved
+ successfully, false otherwise.
+ */
+#ifndef PEGASUS_OS_OS400
+ static Boolean lookupUserId(
+ const char* userName,
+ PEGASUS_UID_T& uid,
+ PEGASUS_GID_T& gid);
+#endif
- @return True if the user context is successfully changed,
- false otherwise.
+ /**
+ Changes the process user context to the specified user and group ID.
+ @param uid User ID to set as the process user context.
+ @param gid Group ID to set as the process group context.
+ @return True if the user context is successfully changed,
+ false otherwise.
*/
#ifndef PEGASUS_OS_OS400
- static Boolean changeUserContext(const char* userName);
+ static Boolean changeUserContext(
+ const PEGASUS_UID_T& uid,
+ const PEGASUS_GID_T& gid);
#endif
+
/**
This function is used to get the process ID of the calling process.