storm-core/src/native/worker-launcher/impl/worker-launcher.h - storm - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #include <pwd.h>
 #include <stdio.h>
 #include <sys/types.h>

 enum errorcodes {
   INVALID_ARGUMENT_NUMBER = 1,
   INVALID_USER_NAME, //2
   INVALID_COMMAND_PROVIDED, //3
   // SUPER_USER_NOT_ALLOWED_TO_RUN_TASKS (NOT USED) 4
   INVALID_NM_ROOT_DIRS = 5,
   SETUID_OPER_FAILED, //6
   UNABLE_TO_EXECUTE_CONTAINER_SCRIPT, //7
   UNABLE_TO_SIGNAL_CONTAINER, //8
   INVALID_CONTAINER_PID, //9
   // ERROR_RESOLVING_FILE_PATH (NOT_USED) 10
   // RELATIVE_PATH_COMPONENTS_IN_FILE_PATH (NOT USED) 11
   // UNABLE_TO_STAT_FILE (NOT USED) 12
   // FILE_NOT_OWNED_BY_ROOT (NOT USED) 13
   // PREPARE_CONTAINER_DIRECTORIES_FAILED (NOT USED) 14
   // INITIALIZE_CONTAINER_FAILED (NOT USED) 15
   // PREPARE_CONTAINER_LOGS_FAILED (NOT USED) 16
   // INVALID_LOG_DIR (NOT USED) 17
   OUT_OF_MEMORY = 18,
   // INITIALIZE_DISTCACHEFILE_FAILED (NOT USED) 19
   INITIALIZE_USER_FAILED = 20,
   UNABLE_TO_BUILD_PATH, //21
   INVALID_CONTAINER_EXEC_PERMISSIONS, //22
   // PREPARE_JOB_LOGS_FAILED (NOT USED) 23
   INVALID_CONFIG_FILE =  24,
   SETSID_OPER_FAILED = 25,
   WRITE_PIDFILE_FAILED = 26
 };

 #define LAUNCHER_GROUP_KEY "storm.worker-launcher.group"

 #define USER_DIR_PATTERN "%s/usercache/%s"
 #define NM_APP_DIR_PATTERN USER_DIR_PATTERN "/appcache/%s"
 #define CONTAINER_DIR_PATTERN NM_APP_DIR_PATTERN "/%s"
 #define CONTAINER_SCRIPT "launch_container.sh"
 #define CREDENTIALS_FILENAME "container_tokens"
 #define MIN_USERID_KEY "min.user.id"
 #define BANNED_USERS_KEY "banned.users"
 #define TMP_DIR "tmp"

 extern struct passwd *user_detail;

 // the log file for messages
 extern FILE *LOGFILE;
 // the log file for error messages
 extern FILE *ERRORFILE;

 int setup_stormdist_dir(const char* local_dir);

 int exec_as_user(const char * working_dir, const char * args);

 int fork_as_user(const char * working_dir, const char * args);

 // delete a directory (or file) recursively as the user. The directory
 // could optionally be relative to the baseDir set of directories (if the same
 // directory appears on multiple disk volumes, the disk volumes should be passed
 // as the baseDirs). If baseDirs is not specified, then dir_to_be_deleted is
 // assumed as the absolute path
 int delete_as_user(const char *user,
                    const char *dir_to_be_deleted,
                    char* const* baseDirs);

 // get the executable's filename
 char* get_executable();

 /**
  * Check the permissions on the worker-launcher to make sure that security is
  * permissible. For this, we need worker-launcher binary to
  *    * be user-owned by root
  *    * be group-owned by a configured special group.
  *    * others do not have any permissions
  *    * be setuid/setgid
  * @param executable_file the file to check
  * @return -1 on error 0 on success.
  */
 int check_executor_permissions(char *executable_file);

 /**
  * Function used to signal a container launched by the user.
  * The function sends appropriate signal to the process group
  * specified by the pid.
  * @param user the user to send the signal as.
  * @param pid the process id to send the signal to.
  * @param sig the signal to send.
  * @return an errorcode enum value on error, or 0 on success.
  */
 int signal_container_as_user(const char *user, int pid, int sig);

 // set the uid and gid of the launcher.  This is used when doing some
 // priviledged operations for setting the effective uid and gid.
 void set_launcher_uid(uid_t user, gid_t group);

 /**
  * Is the user a real user account?
  * Checks:
  *   1. Not root
  *   2. UID is above the minimum configured.
  *   3. Not in banned user list
  * Returns NULL on failure
  */
 struct passwd* check_user(const char *user);

 // set the user
 int set_user(const char *user);

 // methods to get the directories

 char *get_container_launcher_file(const char* work_dir);

 int change_user(uid_t user, gid_t group);
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	#include <pwd.h>
	#include <stdio.h>
	#include <sys/types.h>

	enum errorcodes {
	INVALID_ARGUMENT_NUMBER = 1,
	INVALID_USER_NAME, //2
	INVALID_COMMAND_PROVIDED, //3
	// SUPER_USER_NOT_ALLOWED_TO_RUN_TASKS (NOT USED) 4
	INVALID_NM_ROOT_DIRS = 5,
	SETUID_OPER_FAILED, //6
	UNABLE_TO_EXECUTE_CONTAINER_SCRIPT, //7
	UNABLE_TO_SIGNAL_CONTAINER, //8
	INVALID_CONTAINER_PID, //9
	// ERROR_RESOLVING_FILE_PATH (NOT_USED) 10
	// RELATIVE_PATH_COMPONENTS_IN_FILE_PATH (NOT USED) 11
	// UNABLE_TO_STAT_FILE (NOT USED) 12
	// FILE_NOT_OWNED_BY_ROOT (NOT USED) 13
	// PREPARE_CONTAINER_DIRECTORIES_FAILED (NOT USED) 14
	// INITIALIZE_CONTAINER_FAILED (NOT USED) 15
	// PREPARE_CONTAINER_LOGS_FAILED (NOT USED) 16
	// INVALID_LOG_DIR (NOT USED) 17
	OUT_OF_MEMORY = 18,
	// INITIALIZE_DISTCACHEFILE_FAILED (NOT USED) 19
	INITIALIZE_USER_FAILED = 20,
	UNABLE_TO_BUILD_PATH, //21
	INVALID_CONTAINER_EXEC_PERMISSIONS, //22
	// PREPARE_JOB_LOGS_FAILED (NOT USED) 23
	INVALID_CONFIG_FILE = 24,
	SETSID_OPER_FAILED = 25,
	WRITE_PIDFILE_FAILED = 26
	};

	#define LAUNCHER_GROUP_KEY "storm.worker-launcher.group"

	#define USER_DIR_PATTERN "%s/usercache/%s"
	#define NM_APP_DIR_PATTERN USER_DIR_PATTERN "/appcache/%s"
	#define CONTAINER_DIR_PATTERN NM_APP_DIR_PATTERN "/%s"
	#define CONTAINER_SCRIPT "launch_container.sh"
	#define CREDENTIALS_FILENAME "container_tokens"
	#define MIN_USERID_KEY "min.user.id"
	#define BANNED_USERS_KEY "banned.users"
	#define TMP_DIR "tmp"

	extern struct passwd *user_detail;

	// the log file for messages
	extern FILE *LOGFILE;
	// the log file for error messages
	extern FILE *ERRORFILE;

	int setup_stormdist_dir(const char* local_dir);

	int exec_as_user(const char * working_dir, const char * args);

	int fork_as_user(const char * working_dir, const char * args);

	// delete a directory (or file) recursively as the user. The directory
	// could optionally be relative to the baseDir set of directories (if the same
	// directory appears on multiple disk volumes, the disk volumes should be passed
	// as the baseDirs). If baseDirs is not specified, then dir_to_be_deleted is
	// assumed as the absolute path
	int delete_as_user(const char *user,
	const char *dir_to_be_deleted,
	char* const* baseDirs);

	// get the executable's filename
	char* get_executable();

	/**
	* Check the permissions on the worker-launcher to make sure that security is
	* permissible. For this, we need worker-launcher binary to
	* * be user-owned by root
	* * be group-owned by a configured special group.
	* * others do not have any permissions
	* * be setuid/setgid
	* @param executable_file the file to check
	* @return -1 on error 0 on success.
	*/
	int check_executor_permissions(char *executable_file);

	/**
	* Function used to signal a container launched by the user.
	* The function sends appropriate signal to the process group
	* specified by the pid.
	* @param user the user to send the signal as.
	* @param pid the process id to send the signal to.
	* @param sig the signal to send.
	* @return an errorcode enum value on error, or 0 on success.
	*/
	int signal_container_as_user(const char *user, int pid, int sig);

	// set the uid and gid of the launcher. This is used when doing some
	// priviledged operations for setting the effective uid and gid.
	void set_launcher_uid(uid_t user, gid_t group);

	/**
	* Is the user a real user account?
	* Checks:
	* 1. Not root
	* 2. UID is above the minimum configured.
	* 3. Not in banned user list
	* Returns NULL on failure
	*/
	struct passwd* check_user(const char *user);

	// set the user
	int set_user(const char *user);

	// methods to get the directories

	char get_container_launcher_file(const char work_dir);

	int change_user(uid_t user, gid_t group);