#include <sbuild-session.h>
Public Types | |
enum | operation { OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RECOVER, OPERATION_END, OPERATION_RUN } |
Session operations. More... | |
enum | error_code { CHDIR, CHDIR_FB, CHILD_CORE, CHILD_FAIL, CHILD_FORK, CHILD_SIGNAL, CHILD_WAIT, CHROOT, CHROOT_ALIAS, CHROOT_LOCK, CHROOT_SETUP, CHROOT_UNKNOWN, CHROOT_UNLOCK, COMMAND_ABS, EXEC, GROUP_GET_SUP, GROUP_GET_SUPC, GROUP_SET, GROUP_SET_SUP, GROUP_UNKNOWN, PAM, ROOT_DROP, SET_SESSION_ID, SHELL, SHELL_FB, SIGNAL_CATCH, SIGNAL_SET, USER_SET, USER_SWITCH } |
Error codes. More... | |
typedef custom_error< error_code > | error |
Exception type. | |
typedef std::tr1::shared_ptr < chroot_config > | config_ptr |
A shared_ptr to a chroot_config object. | |
typedef std::tr1::shared_ptr < session > | ptr |
A shared_ptr to a session object. | |
Public Member Functions | |
session (std::string const &service, config_ptr &config, operation operation, string_list const &chroots) | |
The constructor. | |
virtual | ~session () |
The destructor. | |
config_ptr const & | get_config () const |
Get the configuration associated with this session. | |
void | set_config (config_ptr &config) |
Set the configuration associated with this session. | |
string_list const & | get_chroots () const |
Get the chroots to use in this session. | |
void | set_chroots (string_list const &chroots) |
Set the chroots to use in this session. | |
operation | get_operation () const |
Get the operation this session will perform. | |
void | set_operation (operation operation) |
Set the operation this session will perform. | |
std::string const & | get_session_id () const |
Get the session identifier. | |
void | set_session_id (std::string const &session_id) |
Set the session identifier. | |
bool | get_force () const |
Get the force status of this session. | |
void | set_force (bool force) |
Set the force status of this session. | |
void | save_termios () |
Save terminal state. | |
void | restore_termios () |
Restore terminal state. | |
int | get_child_status () const |
Get the exit (wait) status of the last child process to run in this session. | |
virtual sbuild::auth::status | get_auth_status () const |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account. | |
Protected Member Functions | |
virtual auth::status | get_chroot_auth_status (auth::status status, chroot::ptr const &chroot) const |
Check if authentication is required for a single chroot, taking users, groups, root-users and root-groups membership into account. | |
virtual void | run_impl () |
Run a session. | |
virtual string_list | get_login_directories () const |
Get a list of directories to change to when running a login shell. | |
virtual string_list | get_command_directories () const |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks. | |
virtual std::string | get_shell () const |
Get the shell to run. | |
virtual void | get_command (chroot::ptr &session_chroot, std::string &file, string_list &command) const |
Get the command to run. | |
virtual void | get_login_command (chroot::ptr &session_chroot, std::string &file, string_list &command) const |
Get the command to run a login shell. | |
virtual void | get_user_command (chroot::ptr &session_chroot, std::string &file, string_list &command) const |
Get the command to run a user command. | |
Protected Attributes | |
std::string | cwd |
Current working directory. | |
Private Member Functions | |
void | setup_chroot (chroot::ptr &session_chroot, chroot::setup_type setup_type) |
Setup a chroot. | |
void | run_chroot (chroot::ptr &session_chroot) |
Run command or login shell in the specified chroot. | |
void | run_child (chroot::ptr &session_chroot) |
Run a command or login shell as a child process in the specified chroot. | |
void | wait_for_child (pid_t pid, int &child_status) |
Wait for a child process to complete, and check its exit status. | |
void | set_sighup_handler () |
Set the SIGHUP handler. | |
void | clear_sighup_handler () |
Restore the state of SIGHUP prior to setting the handler. | |
void | set_sigterm_handler () |
Set the SIGTERM handler. | |
void | clear_sigterm_handler () |
Restore the state of SIGTERM prior to setting the handler. | |
void | set_signal_handler (int signal, struct sigaction *saved_signal, void(*handler)(int)) |
Set a signal handler. | |
void | clear_signal_handler (int signal, struct sigaction *saved_signal) |
Restore the state of the signal prior to setting the handler. | |
Private Attributes | |
config_ptr | config |
The chroot configuration. | |
string_list | chroots |
The chroots to run the session operation in. | |
int | chroot_status |
The current chroot status. | |
bool | lock_status |
Lock status for locks acquired during chroot setup. | |
int | child_status |
The child exit status. | |
operation | session_operation |
The session operation to perform. | |
std::string | session_id |
The session identifier. | |
bool | force |
The session force status. | |
struct sigaction | saved_sighup_signal |
Signal saved while sighup handler is set. | |
struct sigaction | saved_sigterm_signal |
Signal saved while sigterm handler is set. | |
struct termios | saved_termios |
Saved terminal settings. | |
bool | termios_ok |
Are the saved terminal settings valid? |
This class provides the session handling for schroot. It derives from auth, which performs all the necessary PAM actions, specialising it by overriding its virtual functions. This allows more sophisticated handling of user authorisation (users, groups, root-users and root-groups membership in the configuration file) and session management (setting up the session, entering the chroot and running the requested command or shell).
typedef custom_error<error_code> sbuild::session::error |
typedef std::tr1::shared_ptr<chroot_config> sbuild::session::config_ptr |
A shared_ptr to a chroot_config object.
typedef std::tr1::shared_ptr<session> sbuild::session::ptr |
A shared_ptr to a session object.
Error codes.
CHDIR | Failed to change to directory. |
CHDIR_FB | Falling back to directory. |
CHILD_CORE | Child dumped core. |
CHILD_FAIL | Child exited abnormally (reason unknown). |
CHILD_FORK | Failed to fork child. |
CHILD_SIGNAL | Child terminated by signal. |
CHILD_WAIT | Wait for child failed. |
CHROOT | Failed to change root to directory. |
CHROOT_ALIAS | No chroot found matching alias. |
CHROOT_LOCK | Failed to lock chroot. |
CHROOT_SETUP | Setup failed. |
CHROOT_UNKNOWN | Failed to find chroot. |
CHROOT_UNLOCK | Failed to unlock chroot. |
COMMAND_ABS | Command must have an absolute path. |
EXEC | Failed to execute. |
GROUP_GET_SUP | Failed to get supplementary groups. |
GROUP_GET_SUPC | Failed to get supplementary group count. |
GROUP_SET | Failed to set group. |
GROUP_SET_SUP | Failed to set supplementary groups. |
GROUP_UNKNOWN | Group not found. |
PAM | PAM error. |
ROOT_DROP | Failed to drop root permissions. |
SET_SESSION_ID | Chroot does not support setting a session ID. |
SHELL | Shell not available. |
SHELL_FB | Falling back to shell. |
SIGNAL_CATCH | Caught signal. |
SIGNAL_SET | Failed to set signal handler. |
USER_SET | Failed to set user. |
USER_SWITCH | User switching is not permitted. |
Reimplemented from sbuild::auth.
session::session | ( | std::string const & | service, | |
config_ptr & | config, | |||
operation | operation, | |||
sbuild::string_list const & | chroots | |||
) |
session::~session | ( | ) | [virtual] |
The destructor.
session::config_ptr const & session::get_config | ( | ) | const |
void session::set_config | ( | config_ptr & | config | ) |
Set the configuration associated with this session.
config | a shared_ptr to the configuration. |
string_list const & session::get_chroots | ( | ) | const |
void session::set_chroots | ( | string_list const & | chroots | ) |
session::operation session::get_operation | ( | ) | const |
void session::set_operation | ( | operation | operation | ) |
Set the operation this session will perform.
operation | the operation. |
References session_operation.
std::string const & session::get_session_id | ( | ) | const |
Get the session identifier.
The session identifier is a unique string to identify a session.
References session_id.
Referenced by run_impl().
void session::set_session_id | ( | std::string const & | session_id | ) |
Set the session identifier.
The session identifier is a unique string to identify a session.
session_id | the session id. |
Referenced by run_impl().
bool session::get_force | ( | ) | const |
void session::set_force | ( | bool | force | ) |
void session::save_termios | ( | ) |
Save terminal state.
References sbuild::auth::command, sbuild::CTTY_FILENO, sbuild::auth::get_command(), sbuild::log_warning(), saved_termios, and termios_ok.
Referenced by run_impl().
void session::restore_termios | ( | ) |
Restore terminal state.
References sbuild::auth::command, sbuild::CTTY_FILENO, sbuild::auth::get_command(), sbuild::log_warning(), saved_termios, and termios_ok.
Referenced by run_impl().
int session::get_child_status | ( | ) | const |
Get the exit (wait) status of the last child process to run in this session.
References child_status.
auth::status session::get_chroot_auth_status | ( | auth::status | status, | |
chroot::ptr const & | chroot | |||
) | const [protected, virtual] |
Check if authentication is required for a single chroot, taking users, groups, root-users and root-groups membership into account.
References sbuild::auth::change_auth(), sbuild::DEBUG_INFO, sbuild::auth::get_ruid(), sbuild::auth::get_ruser(), sbuild::auth::get_uid(), is_group_member(), sbuild::log_debug(), sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, and sbuild::auth::STATUS_USER.
Referenced by get_auth_status().
auth::status session::get_auth_status | ( | ) | const [virtual] |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account.
Reimplemented from sbuild::auth.
References sbuild::auth::change_auth(), CHROOT_ALIAS, chroots, config, get_chroot_auth_status(), sbuild::log_exception_warning(), sbuild::auth::STATUS_FAIL, and sbuild::auth::STATUS_NONE.
void session::run_impl | ( | ) | [protected, virtual] |
Run a session.
If a command has been specified, this will be run in each of the specified chroots. If no command has been specified, a login shell will run in the specified chroot.
An error will be thrown on failure.
Implements sbuild::auth.
References child_status, CHROOT_UNKNOWN, chroots, clear_sighup_handler(), clear_sigterm_handler(), sbuild::auth::close_session(), config, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::dirname(), sbuild::chroot::EXEC_START, sbuild::chroot::EXEC_STOP, sbuild::chroot_block_device::get_device(), sbuild::chroot::get_run_setup_scripts(), get_session_id(), sbuild::log_debug(), sbuild::log_exception_warning(), sbuild::auth::open_session(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RUN, restore_termios(), run_chroot(), save_termios(), sbuild::chroot::SESSION_CREATE, session_id, session_operation, set_session_id(), SET_SESSION_ID, set_sighup_handler(), set_sigterm_handler(), sbuild::chroot_lvm_snapshot::set_snapshot_device(), setup_chroot(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sighup_called, and sigterm_called.
string_list session::get_login_directories | ( | ) | const [protected, virtual] |
Get a list of directories to change to when running a login shell.
Multiple directories are used as fallbacks.
References cwd, sbuild::environment::get(), sbuild::auth::get_home(), sbuild::auth::get_pam_environment(), sbuild::auth::get_wd(), sbuild::auth::home, and sbuild::auth::wd.
Referenced by run_child().
string_list session::get_command_directories | ( | ) | const [protected, virtual] |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks.
References cwd, sbuild::auth::get_wd(), and sbuild::auth::wd.
Referenced by run_child().
std::string session::get_shell | ( | ) | const [protected, virtual] |
Get the shell to run.
This finds a suitable shell to run in the chroot, falling back to /bin/sh if necessary. Note that it assumes it is inside the chroot when called.
Reimplemented from sbuild::auth.
References sbuild::auth::get_shell(), sbuild::log_exception_warning(), SHELL, sbuild::auth::shell, and SHELL_FB.
Referenced by get_login_command(), and run_child().
void session::get_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command | |||
) | const [protected, virtual] |
Get the command to run.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). |
References get_login_command(), and get_user_command().
void session::get_login_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command | |||
) | const [protected, virtual] |
Get the command to run a login shell.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). |
References sbuild::basename(), sbuild::DEBUG_NOTICE, sbuild::auth::get_environment(), sbuild::auth::get_ruid(), sbuild::auth::get_ruser(), get_shell(), sbuild::auth::get_uid(), sbuild::auth::get_user(), sbuild::auth::get_verbosity(), sbuild::log_debug(), sbuild::log_info(), sbuild::auth::shell, and sbuild::auth::VERBOSITY_QUIET.
Referenced by get_command().
void session::get_user_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command | |||
) | const [protected, virtual] |
Get the command to run a user command.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). |
References sbuild::DEBUG_NOTICE, sbuild::find_program_in_path(), sbuild::environment::get(), sbuild::auth::get_pam_environment(), sbuild::auth::get_ruid(), sbuild::auth::get_ruser(), sbuild::auth::get_uid(), sbuild::auth::get_user(), sbuild::auth::get_verbosity(), sbuild::log_debug(), sbuild::log_info(), sbuild::string_list_to_string(), and sbuild::auth::VERBOSITY_QUIET.
Referenced by get_command().
void session::setup_chroot | ( | chroot::ptr & | session_chroot, | |
chroot::setup_type | setup_type | |||
) | [private] |
Setup a chroot.
This runs all of the commands in setup.d or run.d.
The environment variables CHROOT_NAME, CHROOT_DESCRIPTION, CHROOT_LOCATION, AUTH_USER and AUTH_VERBOSITY are set for use in setup scripts. See schroot-setup(5) for a complete list.
An error will be thrown on failure.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. | |
setup_type | the type of setup to perform. |
References sbuild::environment::add(), CHILD_FORK, CHROOT_LOCK, CHROOT_SETUP, chroot_status, CHROOT_UNLOCK, sbuild::DEBUG_CRITICAL, sbuild::DEBUG_INFO, sbuild::chroot::EXEC_START, sbuild::chroot::EXEC_STOP, sbuild::auth::get_user(), sbuild::auth::get_verbosity(), lock_status, sbuild::log_debug(), sbuild::log_error(), sbuild::log_exception_error(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_END, OPERATION_RECOVER, OPERATION_RUN, sbuild::run_parts::run(), session_id, session_operation, sbuild::run_parts::set_reverse(), sbuild::run_parts::set_verbose(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::auth::VERBOSITY_NORMAL, sbuild::auth::VERBOSITY_QUIET, sbuild::auth::VERBOSITY_VERBOSE, and wait_for_child().
Referenced by run_impl().
void session::run_chroot | ( | chroot::ptr & | session_chroot | ) | [private] |
Run command or login shell in the specified chroot.
An error will be thrown on failure.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. |
References CHILD_FORK, child_status, sbuild::log_error(), sbuild::log_exception_error(), run_child(), and wait_for_child().
Referenced by run_impl().
void session::run_child | ( | chroot::ptr & | session_chroot | ) | [private] |
Run a command or login shell as a child process in the specified chroot.
This method is only ever to be run in a child process, and will never return.
session_chroot | the chroot to setup. This must be present in the chroot list and the chroot configuration object. |
References sbuild::environment::add(), CHDIR, CHDIR_FB, CHROOT, sbuild::auth::command, cwd, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, EXEC, sbuild::exec(), sbuild::auth::get_command(), get_command_directories(), sbuild::auth::get_gid(), get_login_directories(), sbuild::auth::get_pam_environment(), sbuild::auth::get_rgid(), sbuild::auth::get_rgroup(), sbuild::auth::get_ruid(), sbuild::auth::get_ruser(), get_shell(), sbuild::auth::get_uid(), sbuild::auth::get_user(), getcwd(), GROUP_SET, GROUP_SET_SUP, sbuild::log_debug(), sbuild::log_exception_warning(), sbuild::auth::pam, ROOT_DROP, sbuild::environment::set_filter(), sbuild::string_list_to_string(), and USER_SET.
Referenced by run_chroot().
void session::wait_for_child | ( | pid_t | pid, | |
int & | child_status | |||
) | [private] |
Wait for a child process to complete, and check its exit status.
An error will be thrown on failure.
pid | the pid to wait for. | |
child_status | the place to store the child exit status. |
References CHILD_CORE, CHILD_FAIL, CHILD_SIGNAL, CHILD_WAIT, chroot_status, sbuild::log_exception_error(), sighup_called, SIGNAL_CATCH, and sigterm_called.
Referenced by run_chroot(), and setup_chroot().
void session::set_sighup_handler | ( | ) | [private] |
Set the SIGHUP handler.
An error will be thrown on failure.
References saved_sighup_signal, set_signal_handler(), and sighup_handler().
Referenced by run_impl().
void session::clear_sighup_handler | ( | ) | [private] |
Restore the state of SIGHUP prior to setting the handler.
References clear_signal_handler(), and saved_sighup_signal.
Referenced by run_impl().
void session::set_sigterm_handler | ( | ) | [private] |
Set the SIGTERM handler.
An error will be thrown on failure.
References saved_sigterm_signal, set_signal_handler(), and sigterm_handler().
Referenced by run_impl().
void session::clear_sigterm_handler | ( | ) | [private] |
Restore the state of SIGTERM prior to setting the handler.
References clear_signal_handler(), and saved_sigterm_signal.
Referenced by run_impl().
void session::set_signal_handler | ( | int | signal, | |
struct sigaction * | saved_signal, | |||
void(*)(int) | handler | |||
) | [private] |
Set a signal handler.
An error will be thrown on failure.
signal | the signal number. | |
saved_signal | the location to save the current handler. | |
handler | the signal handler to install. |
References SIGNAL_SET.
Referenced by set_sighup_handler(), and set_sigterm_handler().
void session::clear_signal_handler | ( | int | signal, | |
struct sigaction * | saved_signal | |||
) | [private] |
Restore the state of the signal prior to setting the handler.
signal | the signal number. | |
saved_signal | the location from which to restore the saved handler. |
Referenced by clear_sighup_handler(), and clear_sigterm_handler().
config_ptr sbuild::session::config [private] |
string_list sbuild::session::chroots [private] |
The chroots to run the session operation in.
Referenced by get_auth_status(), get_chroots(), and run_impl().
int sbuild::session::chroot_status [private] |
bool sbuild::session::lock_status [private] |
int sbuild::session::child_status [private] |
operation sbuild::session::session_operation [private] |
The session operation to perform.
Referenced by get_operation(), run_impl(), set_operation(), and setup_chroot().
std::string sbuild::session::session_id [private] |
bool sbuild::session::force [private] |
struct sigaction sbuild::session::saved_sighup_signal [read, private] |
Signal saved while sighup handler is set.
Referenced by clear_sighup_handler(), and set_sighup_handler().
struct sigaction sbuild::session::saved_sigterm_signal [read, private] |
Signal saved while sigterm handler is set.
Referenced by clear_sigterm_handler(), and set_sigterm_handler().
struct termios sbuild::session::saved_termios [read, private] |
bool sbuild::session::termios_ok [private] |
std::string sbuild::session::cwd [protected] |
Current working directory.
Referenced by get_command_directories(), get_login_directories(), and run_child().