| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #include "task-controller.h" |
| |
| void open_log_file(const char *log_file) { |
| if (log_file == NULL) { |
| LOGFILE = stdout; |
| } else { |
| LOGFILE = fopen(log_file, "a"); |
| if (LOGFILE == NULL) { |
| fprintf(stdout, "Unable to open LOGFILE : %s \n", log_file); |
| LOGFILE = stdout; |
| } |
| if (LOGFILE != stdout) { |
| if (chmod(log_file, S_IREAD | S_IEXEC | S_IWRITE | S_IROTH | S_IWOTH |
| | S_IRGRP | S_IWGRP) < 0) { |
| fprintf(stdout, "Unable to change permission of the log file %s \n", |
| log_file); |
| fclose(LOGFILE); |
| fprintf(stdout, "changing log file to stdout"); |
| LOGFILE = stdout; |
| } |
| } |
| } |
| } |
| |
| void display_usage(FILE *stream) { |
| fprintf(stream, |
| "Usage: task-controller [-l logfile] user command command-args\n"); |
| } |
| |
| /** |
| * Check the permissions on taskcontroller to make sure that security is |
| * promisable. For this, we need task-controller binary to |
| * * be user-owned by root |
| * * be group-owned by a configured special group. |
| * * others do not have write or execute permissions |
| * * be setuid |
| */ |
| int check_taskcontroller_permissions(char *executable_file) { |
| |
| errno = 0; |
| char * resolved_path = (char *) canonicalize_file_name(executable_file); |
| if (resolved_path == NULL) { |
| fprintf(LOGFILE, |
| "Error resolving the canonical name for the executable : %s!", |
| strerror(errno)); |
| return -1; |
| } |
| |
| struct stat filestat; |
| errno = 0; |
| if (stat(resolved_path, &filestat) != 0) { |
| fprintf(LOGFILE, "Could not stat the executable : %s!.\n", strerror(errno)); |
| return -1; |
| } |
| |
| uid_t binary_euid = filestat.st_uid; // Binary's user owner |
| gid_t binary_egid = filestat.st_gid; // Binary's group owner |
| |
| // Effective uid should be root |
| if (binary_euid != 0) { |
| fprintf(LOGFILE, |
| "The task-controller binary should be user-owned by root.\n"); |
| return -1; |
| } |
| |
| // Get the group entry for the special_group |
| errno = 0; |
| struct group *special_group_entry = getgrgid(binary_egid); |
| if (special_group_entry == NULL) { |
| fprintf(LOGFILE, |
| "Unable to get information for effective group of the binary : %s\n", |
| strerror(errno)); |
| return -1; |
| } |
| |
| char * binary_group = special_group_entry->gr_name; |
| // verify that the group name of the special group |
| // is same as the one in configuration |
| if (check_variable_against_config(TT_GROUP_KEY, binary_group) != 0) { |
| fprintf(LOGFILE, |
| "Group of the binary does not match with that in configuration\n"); |
| return -1; |
| } |
| |
| // check others do not have write/execute permissions |
| if ((filestat.st_mode & S_IWOTH) == S_IWOTH || |
| (filestat.st_mode & S_IXOTH) == S_IXOTH) { |
| fprintf(LOGFILE, |
| "The task-controller binary should not have write or execute for others.\n"); |
| return -1; |
| } |
| |
| // Binary should be setuid executable |
| if ((filestat.st_mode & S_ISUID) != S_ISUID) { |
| fprintf(LOGFILE, |
| "The task-controller binary should be set setuid.\n"); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| int main(int argc, char **argv) { |
| int command; |
| int next_option = 0; |
| const char * job_id = NULL; |
| const char * task_id = NULL; |
| const char * tt_root = NULL; |
| const char *log_dir = NULL; |
| const char * unique_string = NULL; |
| int exit_code = 0; |
| const char * task_pid = NULL; |
| const char* const short_options = "l:"; |
| const struct option long_options[] = { { "log", 1, NULL, 'l' }, { NULL, 0, |
| NULL, 0 } }; |
| |
| const char* log_file = NULL; |
| char * dir_to_be_deleted = NULL; |
| int conf_dir_len = 0; |
| |
| char *executable_file = argv[0]; |
| #ifndef HADOOP_CONF_DIR |
| conf_dir_len = (strlen(executable_file) - strlen(EXEC_PATTERN)) + 1; |
| if (conf_dir_len < 1) { |
| // We didn't get an absolute path to our executable_file; bail. |
| printf("Cannot find configuration directory.\n"); |
| printf("This program must be run with its full absolute path.\n"); |
| return INVALID_CONF_DIR; |
| } else { |
| hadoop_conf_dir = (char *) malloc (sizeof(char) * conf_dir_len); |
| strncpy(hadoop_conf_dir, executable_file, |
| (strlen(executable_file) - strlen(EXEC_PATTERN))); |
| hadoop_conf_dir[(strlen(executable_file) - strlen(EXEC_PATTERN))] = '\0'; |
| } |
| #endif |
| do { |
| next_option = getopt_long(argc, argv, short_options, long_options, NULL); |
| switch (next_option) { |
| case 'l': |
| log_file = optarg; |
| default: |
| break; |
| } |
| } while (next_option != -1); |
| |
| open_log_file(log_file); |
| |
| if (check_taskcontroller_permissions(executable_file) != 0) { |
| fprintf(LOGFILE, "Invalid permissions on task-controller binary.\n"); |
| return INVALID_TASKCONTROLLER_PERMISSIONS; |
| } |
| |
| //Minimum number of arguments required to run the task-controller |
| //command-name user command tt-root |
| if (argc < 3) { |
| display_usage(stdout); |
| return INVALID_ARGUMENT_NUMBER; |
| } |
| |
| //checks done for user name |
| //checks done if the user is root or not. |
| if (argv[optind] == NULL) { |
| fprintf(LOGFILE, "Invalid user name \n"); |
| return INVALID_USER_NAME; |
| } |
| if (get_user_details(argv[optind]) != 0) { |
| return INVALID_USER_NAME; |
| } |
| //implicit conversion to int instead of __gid_t and __uid_t |
| if (user_detail->pw_gid == 0 || user_detail->pw_uid == 0) { |
| fprintf(LOGFILE, "Cannot run tasks as super user\n"); |
| return SUPER_USER_NOT_ALLOWED_TO_RUN_TASKS; |
| } |
| optind = optind + 1; |
| command = atoi(argv[optind++]); |
| |
| fprintf(LOGFILE, "main : command provided %d\n",command); |
| fprintf(LOGFILE, "main : user is %s\n", user_detail->pw_name); |
| |
| switch (command) { |
| case INITIALIZE_USER: |
| exit_code = initialize_user(user_detail->pw_name); |
| break; |
| case INITIALIZE_JOB: |
| job_id = argv[optind++]; |
| exit_code = initialize_job(job_id, user_detail->pw_name); |
| break; |
| case INITIALIZE_DISTRIBUTEDCACHE_FILE: |
| tt_root = argv[optind++]; |
| unique_string = argv[optind++]; |
| exit_code = initialize_distributed_cache_file(tt_root, unique_string, |
| user_detail->pw_name); |
| break; |
| case LAUNCH_TASK_JVM: |
| tt_root = argv[optind++]; |
| job_id = argv[optind++]; |
| task_id = argv[optind++]; |
| exit_code |
| = run_task_as_user(user_detail->pw_name, job_id, task_id, tt_root); |
| break; |
| case INITIALIZE_TASK: |
| job_id = argv[optind++]; |
| task_id = argv[optind++]; |
| exit_code = initialize_task(job_id, task_id, user_detail->pw_name); |
| break; |
| case TERMINATE_TASK_JVM: |
| task_pid = argv[optind++]; |
| exit_code = kill_user_task(user_detail->pw_name, task_pid, SIGTERM); |
| break; |
| case KILL_TASK_JVM: |
| task_pid = argv[optind++]; |
| exit_code = kill_user_task(user_detail->pw_name, task_pid, SIGKILL); |
| break; |
| case RUN_DEBUG_SCRIPT: |
| tt_root = argv[optind++]; |
| job_id = argv[optind++]; |
| task_id = argv[optind++]; |
| exit_code |
| = run_debug_script_as_user(user_detail->pw_name, job_id, task_id, tt_root); |
| break; |
| case SIGQUIT_TASK_JVM: |
| task_pid = argv[optind++]; |
| exit_code = kill_user_task(user_detail->pw_name, task_pid, SIGQUIT); |
| break; |
| case ENABLE_TASK_FOR_CLEANUP: |
| tt_root = argv[optind++]; |
| job_id = argv[optind++]; |
| dir_to_be_deleted = argv[optind++]; |
| exit_code = enable_task_for_cleanup(tt_root, user_detail->pw_name, job_id, |
| dir_to_be_deleted); |
| break; |
| case ENABLE_JOB_FOR_CLEANUP: |
| tt_root = argv[optind++]; |
| job_id = argv[optind++]; |
| exit_code = enable_job_for_cleanup(tt_root, user_detail->pw_name, job_id); |
| break; |
| default: |
| exit_code = INVALID_COMMAND_PROVIDED; |
| } |
| fflush(LOGFILE); |
| fclose(LOGFILE); |
| return exit_code; |
| } |