270 lines
8.3 KiB
Diff
270 lines
8.3 KiB
Diff
--- pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp.obz4980 2006-03-15 16:28:36.000000000 -0500
|
|
+++ pegasus/src/Pegasus/ProviderManager2/OOPProviderManagerRouter.cpp 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -523,6 +523,28 @@
|
|
//Out of provider support for OS400 goes here when needed.
|
|
|
|
#else
|
|
+
|
|
+# ifndef PEGASUS_DISABLE_PROV_USERCTXT
|
|
+ // Get and save the effective user name and the uid/gid for the user
|
|
+ // context of the agent process
|
|
+
|
|
+ String effectiveUserName = System::getEffectiveUserName();
|
|
+ PEGASUS_UID_T newUid = (PEGASUS_UID_T) -1;
|
|
+ PEGASUS_GID_T newGid = (PEGASUS_GID_T) -1;
|
|
+ if (_userName != effectiveUserName)
|
|
+ {
|
|
+ if (!System::lookupUserId(_userName.getCString(), newUid, newGid))
|
|
+ {
|
|
+ throw PEGASUS_CIM_EXCEPTION_L(
|
|
+ CIM_ERR_FAILED,
|
|
+ MessageLoaderParms(
|
|
+ "ProviderManager.OOPProviderManagerRouter."
|
|
+ "USER_CONTEXT_CHANGE_FAILED",
|
|
+ "Unable to change user context to \"$0\".", _userName));
|
|
+ }
|
|
+ }
|
|
+# endif
|
|
+
|
|
pid_t pid = fork();
|
|
if (pid < 0)
|
|
{
|
|
@@ -558,11 +580,11 @@
|
|
pipeToAgent->exportReadHandle(readHandle);
|
|
pipeFromAgent->exportWriteHandle(writeHandle);
|
|
|
|
-#ifndef PEGASUS_DISABLE_PROV_USERCTXT
|
|
+# ifndef PEGASUS_DISABLE_PROV_USERCTXT
|
|
// Set the user context of the Provider Agent process
|
|
- if (_userName != System::getEffectiveUserName())
|
|
+ if (_userName != effectiveUserName)
|
|
{
|
|
- if (!System::changeUserContext(_userName.getCString()))
|
|
+ if (!System::changeUserContext(newUid, newGid))
|
|
{
|
|
Tracer::trace(TRC_DISCARDED_DATA, Tracer::LEVEL2,
|
|
"System::changeUserContext() failed. userName = %s.",
|
|
@@ -575,7 +597,7 @@
|
|
_exit(1);
|
|
}
|
|
}
|
|
-#endif
|
|
+# endif
|
|
|
|
execl(agentCommandPathCString, agentCommandPathCString,
|
|
readHandle, writeHandle,
|
|
@@ -1667,7 +1689,7 @@
|
|
request->operationContext.get(IdentityContainer::NAME);
|
|
userName = ic.getUserName();
|
|
}
|
|
- catch (Exception& e)
|
|
+ catch (Exception&)
|
|
{
|
|
// If no IdentityContainer is present, default to the CIM
|
|
// Server's user context
|
|
--- pegasus/src/Pegasus/Common/SystemVms.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
|
|
+++ pegasus/src/Pegasus/Common/SystemVms.cpp 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -674,7 +674,10 @@
|
|
|
|
#endif
|
|
|
|
-Boolean System::changeUserContext(const char *userName)
|
|
+Boolean System::lookupUserId(
|
|
+ const char* userName,
|
|
+ PEGASUS_UID_T& uid,
|
|
+ PEGASUS_GID_T& gid)
|
|
{
|
|
const unsigned int PWD_BUFF_SIZE = 1024;
|
|
struct passwd pwd;
|
|
@@ -697,18 +700,28 @@
|
|
return false;
|
|
}
|
|
|
|
+ uid = pwd.pw_uid;
|
|
+ gid = pwd.pw_gid;
|
|
+
|
|
+ return true;
|
|
+}
|
|
+
|
|
+Boolean System::changeUserContext(
|
|
+ const PEGASUS_UID_T& uid,
|
|
+ const PEGASUS_GID_T& gid)
|
|
+{
|
|
Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4,
|
|
"Changing user context to: uid = %d, gid = %d",
|
|
- (int) pwd.pw_uid, (int) pwd.pw_gid);
|
|
+ (int) uid, (int) gid);
|
|
|
|
- if (setgid(pwd.pw_gid) != 0)
|
|
+ if (setgid(gid) != 0)
|
|
{
|
|
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
|
|
String("setgid failed: ") + String(strerror(errno)));
|
|
return false;
|
|
}
|
|
|
|
- if (setuid(pwd.pw_uid) != 0)
|
|
+ if (setuid(uid) != 0)
|
|
{
|
|
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
|
|
String("setuid failed: ") + String(strerror(errno)));
|
|
--- pegasus/src/Pegasus/Common/SystemWindows.cpp.obz4980 2006-02-08 15:50:59.000000000 -0500
|
|
+++ pegasus/src/Pegasus/Common/SystemWindows.cpp 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -838,7 +838,18 @@
|
|
return retVal;
|
|
}
|
|
|
|
-Boolean System::changeUserContext(const char* userName)
|
|
+Boolean System::lookupUserId(
|
|
+ const char* userName,
|
|
+ PEGASUS_UID_T& uid,
|
|
+ PEGASUS_GID_T& gid)
|
|
+{
|
|
+ // ATTN: Implement this method to look up the specified user
|
|
+ return false;
|
|
+}
|
|
+
|
|
+Boolean System::changeUserContext(
|
|
+ const PEGASUS_UID_T& uid,
|
|
+ const PEGASUS_GID_T& gid)
|
|
{
|
|
// ATTN: Implement this method to change the process user context to the
|
|
// specified user
|
|
--- pegasus/src/Pegasus/Common/SystemNsk.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
|
|
+++ pegasus/src/Pegasus/Common/SystemNsk.cpp 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -157,7 +157,18 @@
|
|
return true;
|
|
}
|
|
|
|
-Boolean System::changeUserContext(const char* userName)
|
|
+Boolean System::lookupUserId(
|
|
+ const char* userName,
|
|
+ PEGASUS_UID_T& uid,
|
|
+ PEGASUS_GID_T& gid)
|
|
+{
|
|
+ // ATTN: Implement this method to look up the specified user
|
|
+ return false;
|
|
+}
|
|
+
|
|
+Boolean System::changeUserContext(
|
|
+ const PEGASUS_UID_T& uid,
|
|
+ const PEGASUS_GID_T& gid)
|
|
{
|
|
// ATTN: Implement this method to change the process user context to the
|
|
// specified user
|
|
--- pegasus/src/Pegasus/Common/SystemUnix.cpp.obz4980 2006-01-30 11:17:08.000000000 -0500
|
|
+++ pegasus/src/Pegasus/Common/SystemUnix.cpp 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -1097,8 +1097,12 @@
|
|
|
|
return retVal;
|
|
}
|
|
+
|
|
#ifndef PEGASUS_OS_OS400
|
|
-Boolean System::changeUserContext(const char* userName)
|
|
+Boolean System::lookupUserId(
|
|
+ const char* userName,
|
|
+ PEGASUS_UID_T& uid,
|
|
+ PEGASUS_GID_T& gid)
|
|
{
|
|
const unsigned int PWD_BUFF_SIZE = 1024;
|
|
struct passwd pwd;
|
|
@@ -1129,18 +1133,28 @@
|
|
return false;
|
|
}
|
|
|
|
+ uid = pwd.pw_uid;
|
|
+ gid = pwd.pw_gid;
|
|
+
|
|
+ return true;
|
|
+}
|
|
+
|
|
+Boolean System::changeUserContext(
|
|
+ const PEGASUS_UID_T& uid,
|
|
+ const PEGASUS_GID_T& gid)
|
|
+{
|
|
Tracer::trace(TRC_OS_ABSTRACTION, Tracer::LEVEL4,
|
|
"Changing user context to: uid = %d, gid = %d",
|
|
- (int)pwd.pw_uid, (int)pwd.pw_gid);
|
|
+ (int)uid, (int)gid);
|
|
|
|
- if (setgid(pwd.pw_gid) != 0)
|
|
+ if (setgid(gid) != 0)
|
|
{
|
|
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
|
|
String("setgid failed: ") + String(strerror(errno)));
|
|
return false;
|
|
}
|
|
|
|
- if (setuid(pwd.pw_uid) != 0)
|
|
+ if (setuid(uid) != 0)
|
|
{
|
|
PEG_TRACE_STRING(TRC_OS_ABSTRACTION, Tracer::LEVEL2,
|
|
String("setuid failed: ") + String(strerror(errno)));
|
|
@@ -1150,6 +1164,7 @@
|
|
return true;
|
|
}
|
|
#endif
|
|
+
|
|
Uint32 System::getPID()
|
|
{
|
|
//
|
|
--- pegasus/src/Pegasus/Common/System.h.obz4980 2006-01-30 11:17:08.000000000 -0500
|
|
+++ pegasus/src/Pegasus/Common/System.h 2006-05-02 15:34:36.000000000 -0400
|
|
@@ -57,6 +57,16 @@
|
|
#endif
|
|
#endif
|
|
|
|
+#ifdef PEGASUS_OS_TYPE_UNIX
|
|
+# ifndef PEGASUS_OS_OS400
|
|
+# include <unistd.h>
|
|
+# endif
|
|
+# define PEGASUS_UID_T uid_t
|
|
+# define PEGASUS_GID_T gid_t
|
|
+#else
|
|
+# define PEGASUS_UID_T Uint32
|
|
+# define PEGASUS_GID_T Uint32
|
|
+#endif
|
|
|
|
//
|
|
// Protocal Type
|
|
@@ -246,16 +256,33 @@
|
|
static Boolean isGroupMember(const char* userName, const char* groupName);
|
|
|
|
/**
|
|
- Changes the process user context to the specified user.
|
|
-
|
|
- @param userName User name to set as the process user context.
|
|
+ Gets the user and group IDs associated with the specified user.
|
|
+ @param userName User name for which to look up user and group IDs.
|
|
+ @param uid User ID for the specified user name.
|
|
+ @param gid Group ID for the specified user name.
|
|
+ @return True if the user and group IDs were retrieved
|
|
+ successfully, false otherwise.
|
|
+ */
|
|
+#ifndef PEGASUS_OS_OS400
|
|
+ static Boolean lookupUserId(
|
|
+ const char* userName,
|
|
+ PEGASUS_UID_T& uid,
|
|
+ PEGASUS_GID_T& gid);
|
|
+#endif
|
|
|
|
- @return True if the user context is successfully changed,
|
|
- false otherwise.
|
|
+ /**
|
|
+ Changes the process user context to the specified user and group ID.
|
|
+ @param uid User ID to set as the process user context.
|
|
+ @param gid Group ID to set as the process group context.
|
|
+ @return True if the user context is successfully changed,
|
|
+ false otherwise.
|
|
*/
|
|
#ifndef PEGASUS_OS_OS400
|
|
- static Boolean changeUserContext(const char* userName);
|
|
+ static Boolean changeUserContext(
|
|
+ const PEGASUS_UID_T& uid,
|
|
+ const PEGASUS_GID_T& gid);
|
|
#endif
|
|
+
|
|
/**
|
|
This function is used to get the process ID of the calling process.
|
|
|