You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:43:35 UTC
svn commit: r1077679 [1/6] - in
/hadoop/common/branches/branch-0.20-security-patches: ./
src/c++/task-controller/ src/c++/task-controller/impl/
src/c++/task-controller/test/ src/c++/task-controller/tests/
src/core/org/apache/hadoop/fs/ src/core/org/apa...
Author: omalley
Date: Fri Mar 4 04:43:33 2011
New Revision: 1077679
URL: http://svn.apache.org/viewvc?rev=1077679&view=rev
Log:
commit d52b82f73196974144eb6a1de8923ca6d7db9287
Author: Chris Douglas <cd...@apache.org>
Date: Thu Sep 16 23:06:32 2010 -0700
, : Write task initialization to avoid race conditions
leading to privilege escalation and resource leakage by performing more actions
as the user. Owen O'Malley, Devaraj Das, Chris Douglas
Added:
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.autom4te.cfg
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.gitignore
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/Makefile.am
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.h
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/main.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.h
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/test/
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/test/test-task-controller.c
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobLocalizer.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestTaskCommit.java
Removed:
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/Makefile.in
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configuration.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configuration.h.in
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configure
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/main.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/task-controller.c
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/task-controller.h
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/tests/test-task-controller.c
Modified:
hadoop/common/branches/branch-0.20-security-patches/.gitignore
hadoop/common/branches/branch-0.20-security-patches/build.xml
hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configure.ac
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/fs/LocalDirAllocator.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/util/ProcessTree.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/util/ProcfsBasedProcessTree.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/filecache/DistributedCache.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/filecache/TaskDistributedCacheManager.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/filecache/TrackerDistributedCacheManager.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/Child.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/CleanupQueue.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/DefaultTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobInProgress.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JvmManager.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/MapTask.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/MapTaskRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTaskRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/Task.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLog.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskMemoryManagerThread.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskUmbilicalProtocol.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/UserLogCleaner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/server/tasktracker/Localizer.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/server/tasktracker/userlogs/UserLogManager.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/filecache/TestTrackerDistributedCacheManager.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/ClusterWithLinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJobTrackerSafeMode.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestJvmManager.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestLinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestMiniMRWithDFS.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestTaskEnvironment.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestTaskTrackerLocalization.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestTrackerDistributedCacheManagerWithLinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/TestUserLogCleanup.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapred/UtilsForTests.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/util/TestProcfsBasedProcessTree.java
Modified: hadoop/common/branches/branch-0.20-security-patches/.gitignore
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/.gitignore?rev=1077679&r1=1077678&r2=1077679&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/.gitignore (original)
+++ hadoop/common/branches/branch-0.20-security-patches/.gitignore Fri Mar 4 04:43:33 2011
@@ -52,3 +52,4 @@ src/docs/build
src/docs/cn/build
src/docs/cn/src/documentation/sitemap.xmap
src/docs/cn/uming.conf
+src/contrib/hdfsproxy/src/test/resources
Modified: hadoop/common/branches/branch-0.20-security-patches/build.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/build.xml?rev=1077679&r1=1077678&r2=1077679&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/build.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/build.xml Fri Mar 4 04:43:33 2011
@@ -177,9 +177,10 @@
stored for compilation -->
<property name="build.c++.task-controller"
value="${build.c++}/task-controller" />
- <!-- the default install dir is build directory override it using
- -Dtask-controller.install.dir=$HADOOP_HOME/bin -->
- <property name="task-controller.install.dir" value="${dist.dir}/bin" />
+ <property name="task-controller.prefix.dir" value="${dist.dir}" />
+ <!-- the configuration directory for the linux task controller -->
+ <property name="hadoop.conf.dir" value="/etc/hadoop"/>
+
<!-- end of task-controller properties -->
<!-- jsvc properties set here -->
@@ -2272,62 +2273,34 @@
</target>
<!-- taskcontroller targets -->
- <target name="init-task-controller-build">
+ <target name="task-controller" depends="init">
+ <exec executable="autoreconf"
+ dir="${c++.task-controller.src}"
+ searchpath="yes" failonerror="yes">
+ <arg value="-i"/>
+ </exec>
<mkdir dir="${build.c++.task-controller}" />
- <copy todir="${build.c++.task-controller}">
- <fileset dir="${c++.task-controller.src}" includes="*.c"/>
- <fileset dir="${c++.task-controller.src}" includes="*.h"/>
- </copy>
- <chmod file="${c++.task-controller.src}/configure" perm="ugo+x"/>
- <condition property="task-controller.conf.dir.passed">
- <not>
- <equals arg1="${hadoop.conf.dir}" arg2="$${hadoop.conf.dir}"/>
- </not>
- </condition>
- </target>
- <target name="configure-task-controller" depends="init,
- init-task-controller-build,
- task-controller-configuration-with-confdir,
- task-controller-configuration-with-no-confdir">
- </target>
- <target name="task-controller-configuration-with-confdir"
- if="task-controller.conf.dir.passed" >
- <exec executable="${c++.task-controller.src}/configure"
- dir="${build.c++.task-controller}" failonerror="yes">
- <arg value="--prefix=${task-controller.install.dir}" />
- <arg value="--with-confdir=${hadoop.conf.dir}" />
- </exec>
- </target>
- <target name="task-controller-configuration-with-no-confdir"
- unless="task-controller.conf.dir.passed">
- <exec executable="${c++.task-controller.src}/configure"
- dir="${build.c++.task-controller}" failonerror="yes">
- <arg value="--prefix=${task-controller.install.dir}" />
+ <exec executable="${c++.task-controller.src}/configure"
+ dir="${build.c++.task-controller}">
+ <arg value="--prefix=${task-controller.prefix.dir}"/>
+ <env key="CFLAGS"
+ value="-DHADOOP_CONF_DIR=${hadoop.conf.dir}"/>
+ </exec>
+ <!-- delete main in case HADOOP_CONF_DIR is different -->
+ <delete file="${build.c++.task-controller}/impl/main.o"
+ quiet="true" failonerror="false"/>
+ <exec executable="make"
+ dir="${build.c++.task-controller}"
+ searchpath="yes" failonerror="yes">
+ <arg value="install"/>
</exec>
</target>
- <!--
- * Create the installation directory.
- * Do a make install.
- -->
- <target name="task-controller" depends="configure-task-controller">
- <mkdir dir="${task-controller.install.dir}" />
- <exec executable="${make.cmd}" dir="${build.c++.task-controller}"
- searchpath="yes" failonerror="yes">
- <arg value="install" />
- </exec>
- </target>
- <target name="test-task-controller" depends="task-controller">
- <copy todir="${build.c++.task-controller}" verbose="true">
- <fileset dir="${c++.task-controller.src}" includes="tests/"/>
- </copy>
- <exec executable="${make.cmd}" dir="${build.c++.task-controller}"
- searchpath="yes" failonerror="yes">
- <arg value="clean" />
- <arg value="test" />
- </exec>
- <exec executable="${build.c++.task-controller}/tests/test-task-controller"
- dir="${build.c++.task-controller}/tests/"
- failonerror="yes">
+
+ <target name="test-task-controller" depends="init,task-controller">
+ <exec executable="make"
+ dir="${build.c++.task-controller}"
+ searchpath="yes" failonerror="yes">
+ <arg value="check"/>
</exec>
</target>
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.autom4te.cfg
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/.autom4te.cfg?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.autom4te.cfg (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.autom4te.cfg Fri Mar 4 04:43:33 2011
@@ -0,0 +1,42 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# autom4te configuration for hadoop utils library
+#
+
+begin-language: "Autoheader-preselections"
+args: --no-cache
+end-language: "Autoheader-preselections"
+
+begin-language: "Automake-preselections"
+args: --no-cache
+end-language: "Automake-preselections"
+
+begin-language: "Autoreconf-preselections"
+args: --no-cache
+end-language: "Autoreconf-preselections"
+
+begin-language: "Autoconf-without-aclocal-m4"
+args: --no-cache
+end-language: "Autoconf-without-aclocal-m4"
+
+begin-language: "Autoconf"
+args: --no-cache
+end-language: "Autoconf"
+
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.gitignore
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/.gitignore?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.gitignore (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/.gitignore Fri Mar 4 04:43:33 2011
@@ -0,0 +1,13 @@
+Makefile
+install-sh
+aclocal.m4
+compile
+config.guess
+config.sub
+configure
+depcomp
+install-sh
+ltmain.sh
+Makefile.in
+missing
+stamp-h1
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/Makefile.am
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/Makefile.am?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/Makefile.am (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/Makefile.am Fri Mar 4 04:43:33 2011
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+AM_CFLAGS=-I$(srcdir)/impl -Wall -g -Werror
+
+# Define the programs that need to be built
+bin_PROGRAMS = task-controller
+check_PROGRAMS = test-task-controller
+
+TESTS = test-task-controller
+
+# Define the sources for the common files
+common_SOURCES = impl/configuration.c impl/task-controller.c
+
+# Define the sources for the real executable
+task_controller_SOURCES = $(common_SOURCES) impl/main.c
+
+# Define the sources for the test executable
+test_task_controller_SOURCES = $(common_SOURCES) test/test-task-controller.c
Modified: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configure.ac
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/configure.ac?rev=1077679&r1=1077678&r2=1077679&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configure.ac (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/configure.ac Fri Mar 4 04:43:33 2011
@@ -1,7 +1,3 @@
-# -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-
-#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -18,49 +14,42 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
+# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
-AC_INIT([task-controller],[0.1])
+AC_INIT(linux-task-controller, 1.0.0, mapreduce-dev@hadoop.apache.org)
+AC_GNU_SOURCE
+AC_SYS_LARGEFILE
+
+AM_INIT_AUTOMAKE([subdir-objects foreign no-dist])
+
+AC_CONFIG_SRCDIR([impl/task-controller.c])
+AC_CONFIG_FILES([Makefile])
-#changing default prefix value to empty string, so that binary does not
-#gets installed within system
-AC_PREFIX_DEFAULT(.)
-
-#add new argument called -with-confdir
-AC_ARG_WITH(confdir,[--with-confdir path to hadoop conf dir])
-AC_CONFIG_SRCDIR([task-controller.h])
-AC_CONFIG_HEADER([configuration.h])
+AC_PREFIX_DEFAULT(`pwd`/../install)
+
+CHECK_INSTALL_CFLAG
+HADOOP_UTILS_SETUP
# Checks for programs.
AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_LIBTOOL
# Checks for libraries.
# Checks for header files.
-AC_HEADER_STDC
-AC_CHECK_HEADERS([stdlib.h string.h unistd.h fcntl.h])
-
-#check for HADOOP_CONF_DIR
+AC_LANG(C)
+AC_CHECK_HEADERS([unistd.h])
-
-if test "$with_confdir" != ""
-then
-AC_DEFINE_UNQUOTED(HADOOP_CONF_DIR,"$with_confdir")
-fi
# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STDBOOL
AC_C_CONST
-AC_TYPE_PID_T
-AC_TYPE_MODE_T
+AC_TYPE_OFF_T
AC_TYPE_SIZE_T
+AC_FUNC_STRERROR_R
# Checks for library functions.
-AC_FUNC_MALLOC
-AC_FUNC_REALLOC
-AC_FUNC_CHOWN
-AC_CHECK_FUNCS([strerror memset mkdir rmdir strdup])
-
-AC_CONFIG_FILES([Makefile])
+AC_CHECK_FUNCS([mkdir uname])
AC_OUTPUT
-
-AC_HEADER_STDBOOL
-AC_PROG_MAKE_SET
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/impl/configuration.c?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.c (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.c Fri Mar 4 04:43:33 2011
@@ -0,0 +1,297 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// ensure we get the posix version of dirname by including this first
+#include <libgen.h>
+
+#include "configuration.h"
+#include "task-controller.h"
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#define INCREMENT_SIZE 1000
+#define MAX_SIZE 10
+
+struct confentry {
+ const char *key;
+ const char *value;
+};
+
+struct configuration {
+ int size;
+ struct confentry **confdetails;
+};
+
+struct configuration config={.size=0, .confdetails=NULL};
+
+//clean up method for freeing configuration
+void free_configurations() {
+ int i = 0;
+ for (i = 0; i < config.size; i++) {
+ if (config.confdetails[i]->key != NULL) {
+ free((void *)config.confdetails[i]->key);
+ }
+ if (config.confdetails[i]->value != NULL) {
+ free((void *)config.confdetails[i]->value);
+ }
+ free(config.confdetails[i]);
+ }
+ if (config.size > 0) {
+ free(config.confdetails);
+ }
+ config.size = 0;
+}
+
+/**
+ * Is the file/directory only writable by root.
+ * Returns 1 if true
+ */
+static int is_only_root_writable(const char *file) {
+ struct stat file_stat;
+ if (stat(file, &file_stat) != 0) {
+ fprintf(LOGFILE, "Can't stat file %s - %s\n", file, strerror(errno));
+ return 0;
+ }
+ if (file_stat.st_uid != 0) {
+ fprintf(LOGFILE, "File %s must be owned by root, but is owned by %d\n",
+ file, file_stat.st_uid);
+ return 0;
+ }
+ if ((file_stat.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
+ fprintf(LOGFILE,
+ "File %s must not be world or group writable, but is %03o\n",
+ file, file_stat.st_mode & (~S_IFMT));
+ return 0;
+ }
+ return 1;
+}
+
+/**
+ * Ensure that the configuration file and all of the containing directories
+ * are only writable by root. Otherwise, an attacker can change the
+ * configuration and potentially cause damage.
+ * returns 0 if permissions are ok
+ */
+int check_configuration_permissions(const char* file_name) {
+ // copy the input so that we can modify it with dirname
+ char* dir = strdup(file_name);
+ char* buffer = dir;
+ do {
+ if (!is_only_root_writable(dir)) {
+ free(buffer);
+ return -1;
+ }
+ dir = dirname(dir);
+ } while (strcmp(dir, "/") != 0);
+ free(buffer);
+ return 0;
+}
+
+//function used to load the configurations present in the secure config
+void read_config(const char* file_name) {
+ fprintf(LOGFILE, "Reading task controller config from %s\n" , file_name);
+ FILE *conf_file;
+ char *line;
+ char *equaltok;
+ char *temp_equaltok;
+ size_t linesize = 1000;
+ int size_read = 0;
+
+ if (file_name == NULL) {
+ fprintf(LOGFILE, "Null configuration filename passed in\n");
+ exit(INVALID_CONFIG_FILE);
+ }
+
+ #ifdef DEBUG
+ fprintf(LOGFILE, "read_config :Conf file name is : %s \n", file_name);
+ #endif
+
+ //allocate space for ten configuration items.
+ config.confdetails = (struct confentry **) malloc(sizeof(struct confentry *)
+ * MAX_SIZE);
+ config.size = 0;
+ conf_file = fopen(file_name, "r");
+ if (conf_file == NULL) {
+ fprintf(LOGFILE, "Invalid conf file provided : %s \n", file_name);
+ exit(INVALID_CONFIG_FILE);
+ }
+ while(!feof(conf_file)) {
+ line = (char *) malloc(linesize);
+ if(line == NULL) {
+ fprintf(LOGFILE, "malloc failed while reading configuration file.\n");
+ exit(OUT_OF_MEMORY);
+ }
+ size_read = getline(&line,&linesize,conf_file);
+ //feof returns true only after we read past EOF.
+ //so a file with no new line, at last can reach this place
+ //if size_read returns negative check for eof condition
+ if (size_read == -1) {
+ if(!feof(conf_file)){
+ fprintf(LOGFILE, "getline returned error.\n");
+ exit(INVALID_CONFIG_FILE);
+ }else {
+ free(line);
+ break;
+ }
+ }
+ //trim the ending new line
+ line[strlen(line)-1] = '\0';
+ //comment line
+ if(line[0] == '#') {
+ free(line);
+ continue;
+ }
+ //tokenize first to get key and list of values.
+ //if no equals is found ignore this line, can be an empty line also
+ equaltok = strtok_r(line, "=", &temp_equaltok);
+ if(equaltok == NULL) {
+ free(line);
+ continue;
+ }
+ config.confdetails[config.size] = (struct confentry *) malloc(
+ sizeof(struct confentry));
+ if(config.confdetails[config.size] == NULL) {
+ fprintf(LOGFILE,
+ "Failed allocating memory for single configuration item\n");
+ goto cleanup;
+ }
+
+ #ifdef DEBUG
+ fprintf(LOGFILE, "read_config : Adding conf key : %s \n", equaltok);
+ #endif
+
+ memset(config.confdetails[config.size], 0, sizeof(struct confentry));
+ config.confdetails[config.size]->key = (char *) malloc(
+ sizeof(char) * (strlen(equaltok)+1));
+ strcpy((char *)config.confdetails[config.size]->key, equaltok);
+ equaltok = strtok_r(NULL, "=", &temp_equaltok);
+ if (equaltok == NULL) {
+ fprintf(LOGFILE, "configuration tokenization failed \n");
+ goto cleanup;
+ }
+ //means value is commented so don't store the key
+ if(equaltok[0] == '#') {
+ free(line);
+ free((void *)config.confdetails[config.size]->key);
+ free(config.confdetails[config.size]);
+ continue;
+ }
+
+ #ifdef DEBUG
+ fprintf(LOGFILE, "read_config : Adding conf value : %s \n", equaltok);
+ #endif
+
+ config.confdetails[config.size]->value = (char *) malloc(
+ sizeof(char) * (strlen(equaltok)+1));
+ strcpy((char *)config.confdetails[config.size]->value, equaltok);
+ if((config.size + 1) % MAX_SIZE == 0) {
+ config.confdetails = (struct confentry **) realloc(config.confdetails,
+ sizeof(struct confentry **) * (MAX_SIZE + config.size));
+ if (config.confdetails == NULL) {
+ fprintf(LOGFILE,
+ "Failed re-allocating memory for configuration items\n");
+ goto cleanup;
+ }
+ }
+ if(config.confdetails[config.size] )
+ config.size++;
+ free(line);
+ }
+
+ //close the file
+ fclose(conf_file);
+
+ if (config.size == 0) {
+ fprintf(LOGFILE, "Invalid configuration provided in %s\n", file_name);
+ exit(INVALID_CONFIG_FILE);
+ }
+ //clean up allocated file name
+ return;
+ //free spaces alloced.
+ cleanup:
+ if (line != NULL) {
+ free(line);
+ }
+ fclose(conf_file);
+ free_configurations();
+ return;
+}
+
+/*
+ * function used to get a configuration value.
+ * The function for the first time populates the configuration details into
+ * array, next time onwards used the populated array.
+ *
+ */
+char * get_value(const char* key) {
+ int count;
+ for (count = 0; count < config.size; count++) {
+ if (strcmp(config.confdetails[count]->key, key) == 0) {
+ return strdup(config.confdetails[count]->value);
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Function to return an array of values for a key.
+ * Value delimiter is assumed to be a comma.
+ */
+char ** get_values(const char * key) {
+ char ** toPass = NULL;
+ char *value = get_value(key);
+ char *tempTok = NULL;
+ char *tempstr = NULL;
+ int size = 0;
+ int toPassSize = MAX_SIZE;
+
+ //first allocate any array of 10
+ if(value != NULL) {
+ toPass = (char **) malloc(sizeof(char *) * toPassSize);
+ tempTok = strtok_r((char *)value, ",", &tempstr);
+ while (tempTok != NULL) {
+ toPass[size++] = tempTok;
+ if(size == toPassSize) {
+ toPassSize += MAX_SIZE;
+ toPass = (char **) realloc(toPass,(sizeof(char *) *
+ (MAX_SIZE * toPassSize)));
+ }
+ tempTok = strtok_r(NULL, ",", &tempstr);
+ }
+ }
+ if (size > 0) {
+ toPass[size] = NULL;
+ }
+ return toPass;
+}
+
+// free an entry set of values
+void free_values(char** values) {
+ if (*values != NULL) {
+ free(*values);
+ }
+ if (values != NULL) {
+ free(values);
+ }
+}
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.h
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/impl/configuration.h?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.h (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/configuration.h Fri Mar 4 04:43:33 2011
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Ensure that the configuration file and all of the containing directories
+ * are only writable by root. Otherwise, an attacker can change the
+ * configuration and potentially cause damage.
+ * returns 0 if permissions are ok
+ */
+int check_configuration_permissions(const char* file_name);
+
+// read the given configuration file
+void read_config(const char* config_file);
+
+//method exposed to get the configurations
+char *get_value(const char* key);
+
+//function to return array of values pointing to the key. Values are
+//comma seperated strings.
+char ** get_values(const char* key);
+
+// free the memory returned by get_values
+void free_values(char** values);
+
+//method to free allocated configuration
+void free_configurations();
+
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/main.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/impl/main.c?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/main.c (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/main.c Fri Mar 4 04:43:33 2011
@@ -0,0 +1,191 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "configuration.h"
+#include "task-controller.h"
+
+#include <errno.h>
+#include <grp.h>
+#include <limits.h>
+#include <unistd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#define _STRINGIFY(X) #X
+#define STRINGIFY(X) _STRINGIFY(X)
+#define CONF_FILENAME "taskcontroller.cfg"
+
+void display_usage(FILE *stream) {
+ fprintf(stream,
+ "Usage: task-controller user command command-args\n");
+ fprintf(stream, "Commands:\n");
+ fprintf(stream, " initialize job: %2d jobid credentials cmd args\n",
+ INITIALIZE_JOB);
+ fprintf(stream, " launch task: %2d jobid taskid task-script\n",
+ LAUNCH_TASK_JVM);
+ fprintf(stream, " signal task: %2d task-pid signal\n",
+ SIGNAL_TASK);
+ fprintf(stream, " delete as user: %2d relative-path\n",
+ DELETE_AS_USER);
+ fprintf(stream, " delete log: %2d relative-path\n",
+ DELETE_LOG_AS_USER);
+}
+
+int main(int argc, char **argv) {
+ //Minimum number of arguments required to run the task-controller
+ if (argc < 4) {
+ display_usage(stdout);
+ return INVALID_ARGUMENT_NUMBER;
+ }
+
+ LOGFILE = stdout;
+ int command;
+ const char * job_id = NULL;
+ const char * task_id = NULL;
+ const char * cred_file = NULL;
+ const char * script_file = NULL;
+ const char * current_dir = NULL;
+ const char * job_xml = NULL;
+
+ int exit_code = 0;
+
+ char * dir_to_be_deleted = NULL;
+
+ char *executable_file = get_executable();
+
+#ifndef HADOOP_CONF_DIR
+ #error HADOOP_CONF_DIR must be defined
+#endif
+
+ char *orig_conf_file = STRINGIFY(HADOOP_CONF_DIR) "/" CONF_FILENAME;
+ char *conf_file = realpath(orig_conf_file, NULL);
+
+ if (conf_file == NULL) {
+ fprintf(LOGFILE, "Configuration file %s not found.\n", orig_conf_file);
+ return INVALID_CONFIG_FILE;
+ }
+ if (check_configuration_permissions(conf_file) != 0) {
+ return INVALID_CONFIG_FILE;
+ }
+ read_config(conf_file);
+ free(conf_file);
+
+ // look up the task tracker group in the config file
+ char *tt_group = get_value(TT_GROUP_KEY);
+ if (tt_group == NULL) {
+ fprintf(LOGFILE, "Can't get configured value for %s.\n", TT_GROUP_KEY);
+ exit(INVALID_CONFIG_FILE);
+ }
+ struct group *group_info = getgrnam(tt_group);
+ if (group_info == NULL) {
+ fprintf(LOGFILE, "Can't get group information for %s - %s.\n", tt_group,
+ strerror(errno));
+ exit(INVALID_CONFIG_FILE);
+ }
+ set_tasktracker_uid(getuid(), group_info->gr_gid);
+ // if we are running from a setuid executable, make the real uid root
+ setuid(0);
+ // set the real and effective group id to the task tracker group
+ setgid(group_info->gr_gid);
+
+ if (check_taskcontroller_permissions(executable_file) != 0) {
+ fprintf(LOGFILE, "Invalid permissions on task-controller binary.\n");
+ return INVALID_TASKCONTROLLER_PERMISSIONS;
+ }
+
+ //checks done for user name
+ if (argv[optind] == NULL) {
+ fprintf(LOGFILE, "Invalid user name \n");
+ return INVALID_USER_NAME;
+ }
+ int ret = set_user(argv[optind]);
+ if (ret != 0) {
+ return ret;
+ }
+
+ optind = optind + 1;
+ command = atoi(argv[optind++]);
+
+ fprintf(LOGFILE, "main : command provided %d\n",command);
+ fprintf(LOGFILE, "main : user is %s\n", user_detail->pw_name);
+
+ switch (command) {
+ case INITIALIZE_JOB:
+ if (argc < 7) {
+ fprintf(LOGFILE, "Too few arguments (%d vs 7) for initialize job\n",
+ argc);
+ return INVALID_ARGUMENT_NUMBER;
+ }
+ job_id = argv[optind++];
+ cred_file = argv[optind++];
+ job_xml = argv[optind++];
+ exit_code = initialize_job(user_detail->pw_name, job_id, cred_file,
+ job_xml, argv + optind);
+ break;
+ case LAUNCH_TASK_JVM:
+ if (argc < 7) {
+ fprintf(LOGFILE, "Too few arguments (%d vs 7) for launch task\n",
+ argc);
+ return INVALID_ARGUMENT_NUMBER;
+ }
+ job_id = argv[optind++];
+ task_id = argv[optind++];
+ current_dir = argv[optind++];
+ script_file = argv[optind++];
+ exit_code = run_task_as_user(user_detail->pw_name, job_id, task_id,
+ current_dir, script_file);
+ break;
+ case SIGNAL_TASK:
+ if (argc < 5) {
+ fprintf(LOGFILE, "Too few arguments (%d vs 5) for signal task\n",
+ argc);
+ return INVALID_ARGUMENT_NUMBER;
+ } else {
+ char* end_ptr = NULL;
+ char* option = argv[optind++];
+ int task_pid = strtol(option, &end_ptr, 10);
+ if (option == end_ptr || *end_ptr != '\0') {
+ fprintf(LOGFILE, "Illegal argument for task pid %s\n", option);
+ return INVALID_ARGUMENT_NUMBER;
+ }
+ option = argv[optind++];
+ int signal = strtol(option, &end_ptr, 10);
+ if (option == end_ptr || *end_ptr != '\0') {
+ fprintf(LOGFILE, "Illegal argument for signal %s\n", option);
+ return INVALID_ARGUMENT_NUMBER;
+ }
+ exit_code = signal_user_task(user_detail->pw_name, task_pid, signal);
+ }
+ break;
+ case DELETE_AS_USER:
+ dir_to_be_deleted = argv[optind++];
+ exit_code= delete_as_user(user_detail->pw_name, dir_to_be_deleted);
+ break;
+ case DELETE_LOG_AS_USER:
+ dir_to_be_deleted = argv[optind++];
+ exit_code= delete_as_user(user_detail->pw_name, dir_to_be_deleted);
+ break;
+ default:
+ exit_code = INVALID_COMMAND_PROVIDED;
+ }
+ fclose(LOGFILE);
+ return exit_code;
+}
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/impl/task-controller.c?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.c (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.c Fri Mar 4 04:43:33 2011
@@ -0,0 +1,1044 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "configuration.h"
+#include "task-controller.h"
+
+#include <dirent.h>
+#include <fcntl.h>
+#include <fts.h>
+#include <errno.h>
+#include <grp.h>
+#include <unistd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#define USER_DIR_PATTERN "%s/taskTracker/%s"
+
+#define TT_JOB_DIR_PATTERN USER_DIR_PATTERN "/jobcache/%s"
+
+#define ATTEMPT_DIR_PATTERN TT_JOB_DIR_PATTERN "/%s/work"
+
+#define TASK_SCRIPT "taskjvm.sh"
+
+#define TT_LOCAL_TASK_DIR_PATTERN "%s/taskTracker/%s/jobcache/%s/%s"
+
+#define TT_SYS_DIR_KEY "mapred.local.dir"
+
+#define TT_LOG_DIR_KEY "hadoop.log.dir"
+
+#define JOB_FILENAME "job.xml"
+
+#define CREDENTIALS_FILENAME "jobToken"
+
+#define MIN_USERID_KEY "min.user.id"
+
+static const int DEFAULT_MIN_USERID = 1000;
+
+#define BANNED_USERS_KEY "banned.users"
+
+static const char* DEFAULT_BANNED_USERS[] = {"mapred", "hdfs", "bin", 0};
+
+//struct to store the user details
+struct passwd *user_detail = NULL;
+
+FILE* LOGFILE = NULL;
+
+static uid_t tt_uid = -1;
+static gid_t tt_gid = -1;
+
+void set_tasktracker_uid(uid_t user, gid_t group) {
+ tt_uid = user;
+ tt_gid = group;
+}
+
+/**
+ * get the executable filename.
+ */
+char* get_executable() {
+ char buffer[PATH_MAX];
+ snprintf(buffer, PATH_MAX, "/proc/%u/exe", getpid());
+ char *filename = malloc(PATH_MAX);
+ ssize_t len = readlink(buffer, filename, PATH_MAX);
+ if (len == -1) {
+ fprintf(stderr, "Can't get executable name from %s - %s\n", buffer,
+ strerror(errno));
+ exit(-1);
+ } else if (len >= PATH_MAX) {
+ fprintf(LOGFILE, "Executable name %.*s is longer than %d characters.\n",
+ PATH_MAX, filename, PATH_MAX);
+ exit(-1);
+ }
+ filename[len] = '\0';
+ return filename;
+}
+
+/**
+ * Check the permissions on taskcontroller to make sure that security is
+ * promisable. For this, we need task-controller binary to
+ * * be user-owned by root
+ * * be group-owned by a configured special group.
+ * * others do not have any permissions
+ * * be setuid/setgid
+ */
+int check_taskcontroller_permissions(char *executable_file) {
+
+ errno = 0;
+ char * resolved_path = realpath(executable_file, NULL);
+ if (resolved_path == NULL) {
+ fprintf(LOGFILE,
+ "Error resolving the canonical name for the executable : %s!",
+ strerror(errno));
+ return -1;
+ }
+
+ struct stat filestat;
+ errno = 0;
+ if (stat(resolved_path, &filestat) != 0) {
+ fprintf(LOGFILE,
+ "Could not stat the executable : %s!.\n", strerror(errno));
+ return -1;
+ }
+
+ uid_t binary_euid = filestat.st_uid; // Binary's user owner
+ gid_t binary_gid = filestat.st_gid; // Binary's group owner
+
+ // Effective uid should be root
+ if (binary_euid != 0) {
+ fprintf(LOGFILE,
+ "The task-controller binary should be user-owned by root.\n");
+ return -1;
+ }
+
+ if (binary_gid != getgid()) {
+ fprintf(LOGFILE, "The configured tasktracker group %d is different from"
+ " the group of the executable %d\n", getgid(), binary_gid);
+ return -1;
+ }
+
+ // check others do not have read/write/execute permissions
+ if ((filestat.st_mode & S_IROTH) == S_IROTH || (filestat.st_mode & S_IWOTH)
+ == S_IWOTH || (filestat.st_mode & S_IXOTH) == S_IXOTH) {
+ fprintf(LOGFILE,
+ "The task-controller binary should not have read or write or"
+ " execute for others.\n");
+ return -1;
+ }
+
+ // Binary should be setuid/setgid executable
+ if ((filestat.st_mode & S_ISUID) == 0) {
+ fprintf(LOGFILE, "The task-controller binary should be set setuid.\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+/**
+ * Change the effective user id to limit damage.
+ */
+static int change_effective_user(uid_t user, gid_t group) {
+ if (geteuid() == user) {
+ return 0;
+ }
+ if (seteuid(0) != 0) {
+ return -1;
+ }
+ if (setegid(group) != 0) {
+ fprintf(LOGFILE, "Failed to set effective group id %d - %s\n", group,
+ strerror(errno));
+ return -1;
+ }
+ if (seteuid(user) != 0) {
+ fprintf(LOGFILE, "Failed to set effective user id %d - %s\n", user,
+ strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+/**
+ * Change the real and effective user and group to abandon the super user
+ * priviledges.
+ */
+int change_user(uid_t user, gid_t group) {
+ if (user == getuid() && user == geteuid() &&
+ group == getgid() && group == getegid()) {
+ return 0;
+ }
+
+ if (seteuid(0) != 0) {
+ fprintf(LOGFILE, "unable to reacquire root - %s\n", strerror(errno));
+ fprintf(LOGFILE, "Real: %d:%d; Effective: %d:%d\n",
+ getuid(), getgid(), geteuid(), getegid());
+ return SETUID_OPER_FAILED;
+ }
+ if (setgid(group) != 0) {
+ fprintf(LOGFILE, "unable to set group to %d - %s\n", group,
+ strerror(errno));
+ fprintf(LOGFILE, "Real: %d:%d; Effective: %d:%d\n",
+ getuid(), getgid(), geteuid(), getegid());
+ return SETUID_OPER_FAILED;
+ }
+ if (setuid(user) != 0) {
+ fprintf(LOGFILE, "unable to set user to %d - %s\n", user, strerror(errno));
+ fprintf(LOGFILE, "Real: %d:%d; Effective: %d:%d\n",
+ getuid(), getgid(), geteuid(), getegid());
+ return SETUID_OPER_FAILED;
+ }
+
+ return 0;
+}
+
+/**
+ * Utility function to concatenate argB to argA using the concat_pattern.
+ */
+char *concatenate(char *concat_pattern, char *return_path_name,
+ int numArgs, ...) {
+ va_list ap;
+ va_start(ap, numArgs);
+ int strlen_args = 0;
+ char *arg = NULL;
+ int j;
+ for (j = 0; j < numArgs; j++) {
+ arg = va_arg(ap, char*);
+ if (arg == NULL) {
+ fprintf(LOGFILE, "One of the arguments passed for %s in null.\n",
+ return_path_name);
+ return NULL;
+ }
+ strlen_args += strlen(arg);
+ }
+ va_end(ap);
+
+ char *return_path = NULL;
+ int str_len = strlen(concat_pattern) + strlen_args + 1;
+
+ return_path = (char *) malloc(str_len);
+ if (return_path == NULL) {
+ fprintf(LOGFILE, "Unable to allocate memory for %s.\n", return_path_name);
+ return NULL;
+ }
+ va_start(ap, numArgs);
+ vsnprintf(return_path, str_len, concat_pattern, ap);
+ va_end(ap);
+ return return_path;
+}
+
+/**
+ * Get the job-directory path from tt_root, user name and job-id
+ */
+char *get_job_directory(const char * tt_root, const char *user,
+ const char *jobid) {
+ return concatenate(TT_JOB_DIR_PATTERN, "job_dir_path", 3, tt_root, user,
+ jobid);
+}
+
+/**
+ * Get the user directory of a particular user
+ */
+char *get_user_directory(const char *tt_root, const char *user) {
+ return concatenate(USER_DIR_PATTERN, "user_dir_path", 2, tt_root, user);
+}
+
+char *get_job_work_directory(const char *job_dir) {
+ return concatenate("%s/work", "job work", 1, job_dir);
+}
+
+/**
+ * Get the attempt directory for the given attempt_id
+ */
+char *get_attempt_work_directory(const char *tt_root, const char *user,
+ const char *job_id, const char *attempt_id) {
+ return concatenate(ATTEMPT_DIR_PATTERN, "attempt_dir_path", 4,
+ tt_root, user, job_id, attempt_id);
+}
+
+char *get_task_launcher_file(const char* work_dir) {
+ return concatenate("%s/%s", "task launcher", 2, work_dir, TASK_SCRIPT);
+}
+
+/**
+ * Get the job log directory.
+ * Ensures that the result is a realpath and that it is underneath the
+ * tt log root.
+ */
+char* get_job_log_directory(const char* jobid) {
+ char* log_dir = get_value(TT_LOG_DIR_KEY);
+ if (log_dir == NULL) {
+ fprintf(LOGFILE, "Log directory %s is not configured.\n", TT_LOG_DIR_KEY);
+ return NULL;
+ }
+ char *result = concatenate("%s/userlogs/%s", "job log dir", 2, log_dir,
+ jobid);
+ if (result == NULL) {
+ fprintf(LOGFILE, "failed to get memory in get_job_log_directory for %s"
+ " and %s\n", log_dir, jobid);
+ }
+ free(log_dir);
+ return result;
+}
+
+/*
+ * Get a user subdirectory.
+ */
+char *get_user_subdirectory(const char *tt_root,
+ const char *user,
+ const char *subdir) {
+ char * user_dir = get_user_directory(tt_root, user);
+ char * result = concatenate("%s/%s", "user subdir", 2,
+ user_dir, subdir);
+ free(user_dir);
+ return result;
+}
+
+/**
+ * Ensure that the given path and all of the parent directories are created
+ * with the desired permissions.
+ */
+int mkdirs(const char* path, mode_t perm) {
+ char *buffer = strdup(path);
+ char *token;
+ int cwd = open("/", O_RDONLY);
+ if (cwd == -1) {
+ fprintf(LOGFILE, "Can't open / in %s - %s\n", path, strerror(errno));
+ free(buffer);
+ return -1;
+ }
+ for(token = strtok(buffer, "/"); token != NULL; token = strtok(NULL, "/")) {
+ if (mkdirat(cwd, token, perm) != 0) {
+ if (errno != EEXIST) {
+ fprintf(LOGFILE, "Can't create directory %s in %s - %s\n",
+ token, path, strerror(errno));
+ close(cwd);
+ free(buffer);
+ return -1;
+ }
+ }
+ int new_dir = openat(cwd, token, O_RDONLY);
+ close(cwd);
+ cwd = new_dir;
+ if (cwd == -1) {
+ fprintf(LOGFILE, "Can't open %s in %s - %s\n", token, path,
+ strerror(errno));
+ free(buffer);
+ return -1;
+ }
+ }
+ free(buffer);
+ close(cwd);
+ return 0;
+}
+
+/**
+ * Function to prepare the attempt directories for the task JVM.
+ * It creates the task work and log directories.
+ */
+static int create_attempt_directories(const char* user, const char *job_id,
+ const char *task_id) {
+ // create dirs as 0750
+ const mode_t perms = S_IRWXU | S_IRGRP | S_IXGRP;
+ if (job_id == NULL || task_id == NULL || user == NULL) {
+ fprintf(LOGFILE,
+ "Either task_id is null or the user passed is null.\n");
+ return -1;
+ }
+ int result = 0;
+
+ char **local_dir = get_values(TT_SYS_DIR_KEY);
+
+ if (local_dir == NULL) {
+ fprintf(LOGFILE, "%s is not configured.\n", TT_SYS_DIR_KEY);
+ return -1;
+ }
+
+ char **local_dir_ptr;
+ for(local_dir_ptr = local_dir; *local_dir_ptr != NULL; ++local_dir_ptr) {
+ char *task_dir = get_attempt_work_directory(*local_dir_ptr, user, job_id,
+ task_id);
+ if (task_dir == NULL) {
+ free_values(local_dir);
+ return -1;
+ }
+ if (mkdirs(task_dir, perms) != 0) {
+ // continue on to create other task directories
+ free(task_dir);
+ } else {
+ free(task_dir);
+ }
+ }
+ free_values(local_dir);
+
+ // also make the directory for the task logs
+ char *job_task_name = malloc(strlen(job_id) + strlen(task_id) + 2);
+ if (job_task_name == NULL) {
+ fprintf(LOGFILE, "Malloc of job task name failed\n");
+ result = -1;
+ } else {
+ sprintf(job_task_name, "%s/%s", job_id, task_id);
+ char *log_dir = get_job_log_directory(job_task_name);
+ free(job_task_name);
+ if (log_dir == NULL) {
+ result = -1;
+ } else if (mkdirs(log_dir, perms) != 0) {
+ result = -1;
+ }
+ free(log_dir);
+ }
+ return result;
+}
+
+/**
+ * Load the user information for a given user name.
+ */
+static struct passwd* get_user_info(const char* user) {
+ int string_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+ void* buffer = malloc(string_size + sizeof(struct passwd));
+ struct passwd *result = NULL;
+ if (getpwnam_r(user, buffer, buffer + sizeof(struct passwd), string_size,
+ &result) != 0) {
+ free(buffer);
+ fprintf(LOGFILE, "Can't get user information %s - %s\n", user,
+ strerror(errno));
+ return NULL;
+ }
+ return result;
+}
+
+/**
+ * Is the user a real user account?
+ * Checks:
+ * 1. Not root
+ * 2. UID is above the minimum configured.
+ * 3. Not in banned user list
+ * Returns NULL on failure
+ */
+struct passwd* check_user(const char *user) {
+ if (strcmp(user, "root") == 0) {
+ fprintf(LOGFILE, "Running as root is not allowed\n");
+ return NULL;
+ }
+ char *min_uid_str = get_value(MIN_USERID_KEY);
+ int min_uid = DEFAULT_MIN_USERID;
+ if (min_uid_str != NULL) {
+ char *end_ptr = NULL;
+ min_uid = strtol(min_uid_str, &end_ptr, 10);
+ if (min_uid_str == end_ptr || *end_ptr != '\0') {
+ fprintf(LOGFILE, "Illegal value of %s for %s in configuration\n",
+ min_uid_str, MIN_USERID_KEY);
+ free(min_uid_str);
+ return NULL;
+ }
+ free(min_uid_str);
+ }
+ struct passwd *user_info = get_user_info(user);
+ if (NULL == user_info) {
+ fprintf(LOGFILE, "User %s not found\n", user);
+ return NULL;
+ }
+ if (user_info->pw_uid < min_uid) {
+ fprintf(LOGFILE, "Requested user %s has id %d, which is below the "
+ "minimum allowed %d\n", user, user_info->pw_uid, min_uid);
+ free(user_info);
+ return NULL;
+ }
+ char **banned_users = get_values(BANNED_USERS_KEY);
+ char **banned_user = (banned_users == NULL) ?
+ (char**) DEFAULT_BANNED_USERS : banned_users;
+ for(; *banned_user; ++banned_user) {
+ if (strcmp(*banned_user, user) == 0) {
+ free(user_info);
+ fprintf(LOGFILE, "Requested user %s is banned\n", user);
+ return NULL;
+ }
+ }
+ if (banned_users != NULL) {
+ free_values(banned_users);
+ }
+ return user_info;
+}
+
+/**
+ * function used to populate and user_details structure.
+ */
+int set_user(const char *user) {
+ // free any old user
+ if (user_detail != NULL) {
+ free(user_detail);
+ user_detail = NULL;
+ }
+ user_detail = check_user(user);
+ if (user_detail == NULL) {
+ return -1;
+ }
+ return change_effective_user(user_detail->pw_uid, user_detail->pw_gid);
+}
+
+/**
+ * Change the ownership of the given file or directory to the new user.
+ */
+static int change_owner(const char* path, uid_t user, gid_t group) {
+ if (geteuid() == user && getegid() == group) {
+ return 0;
+ } else {
+ uid_t old_user = geteuid();
+ gid_t old_group = getegid();
+ if (change_effective_user(0, group) != 0) {
+ return -1;
+ }
+ if (chown(path, user, group) != 0) {
+ fprintf(LOGFILE, "Can't chown %s to %d:%d - %s\n", path, user, group,
+ strerror(errno));
+ return -1;
+ }
+ return change_effective_user(old_user, old_group);
+ }
+}
+
+/**
+ * Create a top level directory for the user.
+ * It assumes that the parent directory is *not* writable by the user.
+ * It creates directories with 02700 permissions owned by the user
+ * and with the group set to the task tracker group.
+ * return non-0 on failure
+ */
+int create_directory_for_user(const char* path) {
+ // set 2750 permissions and group sticky bit
+ mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP | S_ISGID;
+ uid_t user = geteuid();
+ gid_t group = getegid();
+ int ret = 0;
+ ret = change_effective_user(tt_uid, tt_gid);
+ if (ret == 0) {
+ if (mkdir(path, permissions) == 0) {
+ // need to reassert the group sticky bit
+ if (chmod(path, permissions) != 0) {
+ fprintf(LOGFILE, "Can't chmod %s to add the sticky bit - %s\n",
+ path, strerror(errno));
+ ret = -1;
+ } else if (change_owner(path, user, tt_gid) != 0) {
+ ret = -1;
+ }
+ } else if (errno == EEXIST) {
+ struct stat file_stat;
+ if (stat(path, &file_stat) != 0) {
+ fprintf(LOGFILE, "Can't stat directory %s - %s\n", path,
+ strerror(errno));
+ ret = -1;
+ } else {
+ if (file_stat.st_uid != user ||
+ file_stat.st_gid != tt_gid) {
+ fprintf(LOGFILE, "Directory %s owned by wrong user or group. "
+ "Expected %d:%d and found %d:%d.\n",
+ path, user, tt_gid, file_stat.st_uid, file_stat.st_gid);
+ ret = -1;
+ }
+ }
+ } else {
+ fprintf(LOGFILE, "Failed to create directory %s - %s\n", path,
+ strerror(errno));
+ ret = -1;
+ }
+ }
+ if (change_effective_user(user, group) != 0) {
+ ret = -1;
+ }
+ return ret;
+}
+
+/**
+ * Open a file as the tasktracker and return a file descriptor for it.
+ * Returns -1 on error
+ */
+static int open_file_as_task_tracker(const char* filename) {
+ uid_t user = geteuid();
+ gid_t group = getegid();
+ if (change_effective_user(tt_uid, tt_gid) != 0) {
+ return -1;
+ }
+ int result = open(filename, O_RDONLY);
+ if (result == -1) {
+ fprintf(LOGFILE, "Can't open file %s as task tracker - %s\n", filename,
+ strerror(errno));
+ }
+ if (change_effective_user(user, group)) {
+ result = -1;
+ }
+ return result;
+}
+
+/**
+ * Copy a file from a fd to a given filename.
+ * The new file must not exist and it is created with permissions perm.
+ * The input stream is closed.
+ * Return 0 if everything is ok.
+ */
+static int copy_file(int input, const char* in_filename,
+ const char* out_filename, mode_t perm) {
+ const int buffer_size = 128*1024;
+ char buffer[buffer_size];
+ int out_fd = open(out_filename, O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, perm);
+ if (out_fd == -1) {
+ fprintf(LOGFILE, "Can't open %s for output - %s\n", out_filename,
+ strerror(errno));
+ return -1;
+ }
+ ssize_t len = read(input, buffer, buffer_size);
+ while (len > 0) {
+ ssize_t pos = 0;
+ while (pos < len) {
+ ssize_t write_result = write(out_fd, buffer + pos, len - pos);
+ if (write_result <= 0) {
+ fprintf(LOGFILE, "Error writing to %s - %s\n", out_filename,
+ strerror(errno));
+ close(out_fd);
+ return -1;
+ }
+ pos += write_result;
+ }
+ len = read(input, buffer, buffer_size);
+ }
+ if (len < 0) {
+ fprintf(LOGFILE, "Failed to read file %s - %s\n", in_filename,
+ strerror(errno));
+ close(out_fd);
+ return -1;
+ }
+ if (close(out_fd) != 0) {
+ fprintf(LOGFILE, "Failed to close file %s - %s\n", out_filename,
+ strerror(errno));
+ return -1;
+ }
+ close(input);
+ return 0;
+}
+
+/**
+ * Function to initialize the user directories of a user.
+ */
+int initialize_user(const char *user) {
+ char **local_dir = get_values(TT_SYS_DIR_KEY);
+ if (local_dir == NULL) {
+ fprintf(LOGFILE, "%s is not configured.\n", TT_SYS_DIR_KEY);
+ return INVALID_TT_ROOT;
+ }
+
+ char *user_dir;
+ char **local_dir_ptr = local_dir;
+ int failed = 0;
+ for(local_dir_ptr = local_dir; *local_dir_ptr != 0; ++local_dir_ptr) {
+ user_dir = get_user_directory(*local_dir_ptr, user);
+ if (user_dir == NULL) {
+ fprintf(LOGFILE, "Couldn't get userdir directory for %s.\n", user);
+ failed = 1;
+ break;
+ }
+ if (create_directory_for_user(user_dir) != 0) {
+ failed = 1;
+ }
+ free(user_dir);
+ }
+ free_values(local_dir);
+ return failed ? INITIALIZE_USER_FAILED : 0;
+}
+
+/**
+ * Function to prepare the job directories for the task JVM.
+ */
+int initialize_job(const char *user, const char *jobid,
+ const char* credentials, const char* job_xml,
+ char* const* args) {
+ if (jobid == NULL || user == NULL) {
+ fprintf(LOGFILE, "Either jobid is null or the user passed is null.\n");
+ return INVALID_ARGUMENT_NUMBER;
+ }
+
+ // create the user directory
+ int result = initialize_user(user);
+ if (result != 0) {
+ return result;
+ }
+
+ // create the log directory for the job
+ char *job_log_dir = get_job_log_directory(jobid);
+ if (job_log_dir == NULL) {
+ return -1;
+ }
+ result = create_directory_for_user(job_log_dir);
+ free(job_log_dir);
+ if (result != 0) {
+ return -1;
+ }
+
+ // open up the credentials file
+ int cred_file = open_file_as_task_tracker(credentials);
+ if (cred_file == -1) {
+ return -1;
+ }
+
+ int job_file = open_file_as_task_tracker(job_xml);
+ if (job_file == -1) {
+ return -1;
+ }
+
+ // give up root privs
+ if (change_user(user_detail->pw_uid, user_detail->pw_gid) != 0) {
+ return -1;
+ }
+
+ // 750
+ mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP;
+ char **tt_roots = get_values(TT_SYS_DIR_KEY);
+
+ if (tt_roots == NULL) {
+ return INVALID_CONFIG_FILE;
+ }
+
+ char **tt_root;
+ char *primary_job_dir = NULL;
+ for(tt_root=tt_roots; *tt_root != NULL; ++tt_root) {
+ char *job_dir = get_job_directory(*tt_root, user, jobid);
+ if (job_dir == NULL) {
+ // try the next one
+ } else if (mkdirs(job_dir, permissions) != 0) {
+ free(job_dir);
+ } else if (primary_job_dir == NULL) {
+ primary_job_dir = job_dir;
+ } else {
+ free(job_dir);
+ }
+ }
+ free_values(tt_roots);
+ if (primary_job_dir == NULL) {
+ fprintf(LOGFILE, "Did not create any job directories\n");
+ return -1;
+ }
+
+ char *cred_file_name = concatenate("%s/%s", "cred file", 2,
+ primary_job_dir, CREDENTIALS_FILENAME);
+ if (cred_file_name == NULL) {
+ return -1;
+ }
+ if (copy_file(cred_file, credentials, cred_file_name, S_IRUSR|S_IWUSR) != 0){
+ return -1;
+ }
+ char *job_file_name = concatenate("%s/%s", "job file", 2,
+ primary_job_dir, JOB_FILENAME);
+ if (job_file_name == NULL) {
+ return -1;
+ }
+ if (copy_file(job_file, job_xml, job_file_name,
+ S_IRUSR|S_IWUSR|S_IRGRP) != 0) {
+ return -1;
+ }
+ fclose(stdin);
+ fflush(LOGFILE);
+ if (LOGFILE != stdout) {
+ fclose(stdout);
+ }
+ fclose(stderr);
+ chdir(primary_job_dir);
+ execvp(args[0], args);
+ fprintf(LOGFILE, "Failure to exec job initialization process - %s\n",
+ strerror(errno));
+ return -1;
+}
+
+/*
+ * Function used to launch a task as the provided user. It does the following :
+ * 1) Creates attempt work dir and log dir to be accessible by the child
+ * 2) Copies the script file from the TT to the work directory
+ * 3) Sets up the environment
+ * 4) Does an execlp on the same in order to replace the current image with
+ * task image.
+ */
+int run_task_as_user(const char *user, const char *job_id,
+ const char *task_id, const char *work_dir,
+ const char *script_name) {
+ int exit_code = -1;
+ char *task_script_path = NULL;
+ if (create_attempt_directories(user, job_id, task_id) != 0) {
+ goto cleanup;
+ }
+ int task_file_source = open_file_as_task_tracker(script_name);
+ if (task_file_source == -1) {
+ goto cleanup;
+ }
+ task_script_path = get_task_launcher_file(work_dir);
+ if (task_script_path == NULL) {
+ exit_code = OUT_OF_MEMORY;
+ goto cleanup;
+ }
+ if (copy_file(task_file_source, script_name,task_script_path,S_IRWXU) != 0) {
+ goto cleanup;
+ }
+
+ //change the user
+ fcloseall();
+ umask(0027);
+ if (chdir(work_dir) != 0) {
+ fprintf(LOGFILE, "Can't change directory to %s -%s\n", work_dir,
+ strerror(errno));
+ goto cleanup;
+ }
+ if (change_user(user_detail->pw_uid, user_detail->pw_gid) != 0) {
+ exit_code = SETUID_OPER_FAILED;
+ goto cleanup;
+ }
+
+ if (execlp(task_script_path, task_script_path, NULL) != 0) {
+ fprintf(LOGFILE, "Couldn't execute the task jvm file %s - %s",
+ task_script_path, strerror(errno));
+ exit_code = UNABLE_TO_EXECUTE_TASK_SCRIPT;
+ goto cleanup;
+ }
+ exit_code = 0;
+
+ cleanup:
+ free(task_script_path);
+ return exit_code;
+}
+
+/**
+ * Function used to signal a task launched by the user.
+ * The function sends appropriate signal to the process group
+ * specified by the task_pid.
+ */
+int signal_user_task(const char *user, int pid, int sig) {
+ if(pid <= 0) {
+ return INVALID_TASK_PID;
+ }
+
+ if (change_user(user_detail->pw_uid, user_detail->pw_gid) != 0) {
+ return SETUID_OPER_FAILED;
+ }
+
+ //Don't continue if the process-group is not alive anymore.
+ int has_group = 1;
+ if (kill(-pid,0) < 0) {
+ if (kill(pid, 0) < 0) {
+ if (errno == ESRCH) {
+ return INVALID_TASK_PID;
+ }
+ fprintf(LOGFILE, "Error signalling task %d with %d - %s\n",
+ pid, sig, strerror(errno));
+ return -1;
+ } else {
+ has_group = 0;
+ }
+ }
+
+ if (kill((has_group ? -1 : 1) * pid, sig) < 0) {
+ if(errno != ESRCH) {
+ fprintf(LOGFILE,
+ "Error signalling process group %d with signal %d - %s\n",
+ -pid, sig, strerror(errno));
+ return UNABLE_TO_KILL_TASK;
+ } else {
+ return INVALID_TASK_PID;
+ }
+ }
+ fprintf(LOGFILE, "Killing process %s%d with %d\n",
+ (has_group ? "group " :""), pid, sig);
+ return 0;
+}
+
+/**
+ * Delete a final directory as the task tracker user.
+ */
+static int rmdir_as_tasktracker(const char* path) {
+ int user_uid = geteuid();
+ int user_gid = getegid();
+ int ret = change_effective_user(tt_uid, tt_gid);
+ if (ret == 0) {
+ if (rmdir(path) != 0) {
+ fprintf(LOGFILE, "rmdir of %s failed - %s\n", path, strerror(errno));
+ ret = -1;
+ }
+ }
+ // always change back
+ if (change_effective_user(user_uid, user_gid) != 0) {
+ ret = -1;
+ }
+ return ret;
+}
+
+/**
+ * Recursively delete the given path.
+ * full_path : the path to delete
+ * needs_tt_user: the top level directory must be deleted by the tt user.
+ */
+static int delete_path(const char *full_path,
+ int needs_tt_user) {
+ int exit_code = 0;
+
+ if (full_path == NULL) {
+ fprintf(LOGFILE, "Path is null\n");
+ exit_code = UNABLE_TO_BUILD_PATH; // may be malloc failed
+ } else {
+ char *(paths[]) = {strdup(full_path), 0};
+ if (paths[0] == NULL) {
+ fprintf(LOGFILE, "Malloc failed in delete_path\n");
+ return -1;
+ }
+ // check to make sure the directory exists
+ if (access(full_path, F_OK) != 0) {
+ if (errno == ENOENT) {
+ free(paths[0]);
+ return 0;
+ }
+ }
+ FTS* tree = fts_open(paths, FTS_PHYSICAL | FTS_XDEV, NULL);
+ FTSENT* entry = NULL;
+ int ret = 0;
+
+ if (tree == NULL) {
+ fprintf(LOGFILE,
+ "Cannot open file traversal structure for the path %s:%s.\n",
+ full_path, strerror(errno));
+ free(paths[0]);
+ return -1;
+ }
+ while (((entry = fts_read(tree)) != NULL) && exit_code == 0) {
+ switch (entry->fts_info) {
+
+ case FTS_DP: // A directory being visited in post-order
+ if (!needs_tt_user ||
+ strcmp(entry->fts_path, full_path) != 0) {
+ if (rmdir(entry->fts_accpath) != 0) {
+ fprintf(LOGFILE, "Couldn't delete directory %s - %s\n",
+ entry->fts_path, strerror(errno));
+ exit_code = -1;
+ }
+ }
+ break;
+
+ case FTS_F: // A regular file
+ case FTS_SL: // A symbolic link
+ case FTS_SLNONE: // A broken symbolic link
+ case FTS_DEFAULT: // Unknown type of file
+ if (unlink(entry->fts_accpath) != 0) {
+ fprintf(LOGFILE, "Couldn't delete file %s - %s\n", entry->fts_path,
+ strerror(errno));
+ exit_code = -1;
+ }
+ break;
+
+ case FTS_DNR: // Unreadable directory
+ fprintf(LOGFILE, "Unreadable directory %s. Skipping..\n",
+ entry->fts_path);
+ break;
+
+ case FTS_D: // A directory in pre-order
+ // if the directory isn't readable, chmod it
+ if ((entry->fts_statp->st_mode & 0200) == 0) {
+ fprintf(LOGFILE, "Unreadable directory %s, chmoding.\n",
+ entry->fts_path);
+ if (chmod(entry->fts_accpath, 0700) != 0) {
+ fprintf(LOGFILE, "Error chmoding %s - %s, continuing\n",
+ entry->fts_path, strerror(errno));
+ }
+ }
+ break;
+
+ case FTS_NS: // A file with no stat(2) information
+ // usually a root directory that doesn't exist
+ fprintf(LOGFILE, "Directory not found %s\n", entry->fts_path);
+ break;
+
+ case FTS_DC: // A directory that causes a cycle
+ case FTS_DOT: // A dot directory
+ case FTS_NSOK: // No stat information requested
+ break;
+
+ case FTS_ERR: // Error return
+ fprintf(LOGFILE, "Error traversing directory %s - %s\n",
+ entry->fts_path, strerror(entry->fts_errno));
+ exit_code = -1;
+ break;
+ break;
+ default:
+ exit_code = -1;
+ break;
+ }
+ }
+ ret = fts_close(tree);
+ if (exit_code == 0 && ret != 0) {
+ fprintf(LOGFILE, "Error in fts_close while deleting %s\n", full_path);
+ exit_code = -1;
+ }
+ if (needs_tt_user) {
+ // If the delete failed, try a final rmdir as root on the top level.
+ // That handles the case where the top level directory is in a directory
+ // that is owned by the task tracker.
+ exit_code = rmdir_as_tasktracker(full_path);
+ }
+ free(paths[0]);
+ }
+ return exit_code;
+}
+
+/**
+ * Delete the given directory as the user from each of the tt_root directories
+ * user: the user doing the delete
+ * subdir: the subdir to delete
+ */
+int delete_as_user(const char *user,
+ const char *subdir) {
+ int ret = 0;
+
+ char** tt_roots = get_values(TT_SYS_DIR_KEY);
+ char** ptr;
+ if (tt_roots == NULL || *tt_roots == NULL) {
+ fprintf(LOGFILE, "No %s defined in the configuration\n", TT_SYS_DIR_KEY);
+ return INVALID_CONFIG_FILE;
+ }
+
+ // do the delete
+ for(ptr = tt_roots; *ptr != NULL; ++ptr) {
+ char* full_path = get_user_subdirectory(*ptr, user, subdir);
+ if (full_path == NULL) {
+ return -1;
+ }
+ int this_ret = delete_path(full_path, strlen(subdir) == 0);
+ free(full_path);
+ // delete as much as we can, but remember the error
+ if (this_ret != 0) {
+ ret = this_ret;
+ }
+ }
+ free_values(tt_roots);
+ return ret;
+}
+
+/**
+ * delete a given log directory
+ */
+int delete_log_directory(const char *subdir) {
+ char* log_subdir = get_job_log_directory(subdir);
+ int ret = -1;
+ if (log_subdir != NULL) {
+ ret = delete_path(log_subdir, strchr(subdir, '/') == NULL);
+ }
+ free(log_subdir);
+ return ret;
+}
Added: hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.h
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/c%2B%2B/task-controller/impl/task-controller.h?rev=1077679&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.h (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/c++/task-controller/impl/task-controller.h Fri Mar 4 04:43:33 2011
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <pwd.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+//command definitions
+enum command {
+ INITIALIZE_JOB = 0,
+ LAUNCH_TASK_JVM = 1,
+ SIGNAL_TASK = 2,
+ DELETE_AS_USER = 3,
+ DELETE_LOG_AS_USER = 4
+};
+
+enum errorcodes {
+ INVALID_ARGUMENT_NUMBER = 1,
+ INVALID_USER_NAME, //2
+ INVALID_COMMAND_PROVIDED, //3
+ SUPER_USER_NOT_ALLOWED_TO_RUN_TASKS, //4
+ INVALID_TT_ROOT, //5
+ SETUID_OPER_FAILED, //6
+ UNABLE_TO_EXECUTE_TASK_SCRIPT, //7
+ UNABLE_TO_KILL_TASK, //8
+ INVALID_TASK_PID, //9
+ ERROR_RESOLVING_FILE_PATH, //10
+ RELATIVE_PATH_COMPONENTS_IN_FILE_PATH, //11
+ UNABLE_TO_STAT_FILE, //12
+ FILE_NOT_OWNED_BY_TASKTRACKER, //13
+ PREPARE_ATTEMPT_DIRECTORIES_FAILED, //14
+ INITIALIZE_JOB_FAILED, //15
+ PREPARE_TASK_LOGS_FAILED, //16
+ INVALID_TT_LOG_DIR, //17
+ OUT_OF_MEMORY, //18
+ INITIALIZE_DISTCACHEFILE_FAILED, //19
+ INITIALIZE_USER_FAILED, //20
+ UNABLE_TO_BUILD_PATH, //21
+ INVALID_TASKCONTROLLER_PERMISSIONS, //22
+ PREPARE_JOB_LOGS_FAILED, //23
+ INVALID_CONFIG_FILE, // 24
+};
+
+#define TT_GROUP_KEY "mapreduce.tasktracker.group"
+
+extern struct passwd *user_detail;
+
+// the log file for error messages
+extern FILE *LOGFILE;
+
+// get the executable's filename
+char* get_executable();
+
+int check_taskcontroller_permissions(char *executable_file);
+
+/**
+ * delete a given log directory as a user
+ */
+int delete_log_directory(const char *log_dir);
+
+// initialize the job directory
+int initialize_job(const char *user, const char *jobid,
+ const char *credentials,
+ const char *job_xml, char* const* args);
+
+// run the task as the user
+int run_task_as_user(const char * user, const char *jobid, const char *taskid,
+ const char *work_dir, const char *script_name);
+
+// send a signal as the user
+int signal_user_task(const char *user, int pid, int sig);
+
+// delete a directory (or file) recursively as the user.
+int delete_as_user(const char *user,
+ const char *dir_to_be_deleted);
+
+// set the task tracker's uid and gid
+void set_tasktracker_uid(uid_t user, gid_t group);
+
+/**
+ * Is the user a real user account?
+ * Checks:
+ * 1. Not root
+ * 2. UID is above the minimum configured.
+ * 3. Not in banned user list
+ * Returns NULL on failure
+ */
+struct passwd* check_user(const char *user);
+
+// set the user
+int set_user(const char *user);
+
+// methods to get the directories
+
+char *get_user_directory(const char *tt_root, const char *user);
+
+char *get_job_directory(const char * tt_root, const char *user,
+ const char *jobid);
+
+char *get_attempt_work_directory(const char *tt_root, const char *user,
+ const char *job_dir, const char *attempt_id);
+
+char *get_task_launcher_file(const char* work_dir);
+
+/**
+ * Get the job log directory.
+ * Ensures that the result is a realpath and that it is underneath the
+ * tt log root.
+ */
+char* get_job_log_directory(const char* jobid);
+
+char *get_task_log_dir(const char *log_dir, const char *job_id,
+ const char *attempt_id);
+
+/**
+ * Ensure that the given path and all of the parent directories are created
+ * with the desired permissions.
+ */
+int mkdirs(const char* path, mode_t perm);
+
+/**
+ * Function to initialize the user directories of a user.
+ */
+int initialize_user(const char *user);
+
+/**
+ * Create a top level directory for the user.
+ * It assumes that the parent directory is *not* writable by the user.
+ * It creates directories with 02700 permissions owned by the user
+ * and with the group set to the task tracker group.
+ * return non-0 on failure
+ */
+int create_directory_for_user(const char* path);
+
+int change_user(uid_t user, gid_t group);