Menu
▾
▴
[Radmind-commit] radmind-assistant/rsm RAServerAuth.h, 1.7, 1.8 RAServerAuth.m, 1.17, 1.18
|
From: Andrew M. <fit...@us...> - 2008-06-24 20:07:08
|
Update of /cvsroot/radmind/radmind-assistant/rsm In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv9993 Modified Files: RAServerAuth.h RAServerAuth.m Log Message: Using AMAuthorization. Improved resource cleanup and error reporting. Index: RAServerAuth.m =================================================================== RCS file: /cvsroot/radmind/radmind-assistant/rsm/RAServerAuth.m,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** RAServerAuth.m 24 Jun 2008 06:18:35 -0000 1.17 --- RAServerAuth.m 24 Jun 2008 20:07:05 -0000 1.18 *************** *** 26,30 **** extern int errno; static int threadID = 0; - static AuthorizationRef rsmAuthRef = NULL; @implementation RAServerAuth --- 26,29 ---- *************** *** 79,83 **** { self = [ super init ]; ! rascontroller = nil; return( self ); --- 78,82 ---- { self = [ super init ]; ! rascontroller = nil; return( self ); *************** *** 98,130 **** } ! - ( oneway void )executeCommand: ( int )cmd withArguments: ( NSArray * )args controller: ( id )controller { ! AuthorizationItem right = { "edu.umich.radmind.generic", 0, ! NULL, 0 }; ! int rc; ! ! if ( rascontroller ) { ! rascontroller = nil; ! } ! rascontroller = controller; ! ! rc = [ self prepareAuthorizedCommand: cmd withRight: right ! andArguments: args ]; ! ! if ( rc == -2 ) { ! [ rascontroller authorizationFailedInThreadWithID: [ self threadID ]]; ! return; ! } ! ! [ rascontroller command: cmd finishedWithStatus: rc ! inThread: [ self threadID ]]; ! } ! ! - ( int )executeAuthorizedCommand: ( int )command ! withRef: ( AuthorizationRef )authRef ! andArguments: ( NSArray * )args; ! { char buf[ MAXPATHLEN ]; char **execargs; --- 97,108 ---- } ! - ( oneway void )executeCommand: ( int )command withArguments: ( NSArray * )args controller: ( id )controller { ! AMAuthorization *auth; ! AuthorizationExternalForm externalForm; ! NSString *error = nil; ! NSString *output = nil; char buf[ MAXPATHLEN ]; char **execargs; *************** *** 132,269 **** NSString *authToolPath; int wfd[ 2 ], rfd[ 2 ], efd[ 2 ]; ! int status, ac, i; pid_t pid; fd_set readmask; FILE *rf = NULL, *ef = NULL; - - AuthorizationExternalForm extAuth; if (( authToolPath = [[ NSBundle mainBundle ] pathForResource: @"rsmauthtool" ofType: nil ] ) == nil ) { ! NSLog( @"rsmauthtool couldn't be found." ); ! return( -1 ); } ! av = [[ NSMutableArray alloc ] init ]; [ av addObject: authToolPath ]; [ av addObjectsFromArray: args ]; - - if ( AuthorizationMakeExternalForm( authRef, &extAuth ) != 0 ) { - NSLog( @"Failed to make external auth form" ); - return( -1 ); - } ! if ( pipe( wfd ) != 0 ) { ! NSLog( @"pipe failed: %s", strerror( errno )); ! return( -1 ); ! } ! if ( pipe( rfd ) != 0 ) { ! NSLog( @"pipe failed: %s", strerror( errno )); ! return( -1 ); ! } ! if ( pipe( efd ) != 0 ) { ! NSLog( @"pipe failed: %s", strerror( errno )); ! return( -1 ); } if ( chdir( "/" ) != 0 ) { ! NSLog( @"chdir to / failed: %s\n", strerror( errno )); ! return( -1 ); } if (( ac = [ av argv: &execargs ] ) == 0 ) { ! [ rascontroller toolError: "Nothing to execute." ! fromThreadWithID: [ self threadID ]]; ! /* XXXX cleanup */ ! return( -1 ); } - [ av release ]; switch (( pid = fork())) { case 0: ! ( void )close( wfd[ 1 ] ); ! if ( dup2( wfd[ 0 ], 0 ) < 0 ) { ! syslog( LOG_ERR, "dup2 failed: %s", strerror( errno )); ! _exit( 2 ); ! } ! ! ( void )close( rfd[ 0 ] ); ! if ( dup2( rfd[ 1 ], 1 ) < 0 ) { ! syslog( LOG_ERR, "dup2 failed: %s", strerror( errno )); ! _exit( 2 ); } setvbuf( stdout, NULL, _IONBF, 0 ); ! ( void )close( efd[ 0 ] ); ! if ( dup2( efd[ 1 ], 2 ) < 0 ) { ! syslog( LOG_ERR, "dup2 failed: %s", strerror( errno )); ! _exit( 2 ); ! } ! ( void )close( efd[ 1 ] ); ! ( void )close( wfd[ 0 ] ); ! ( void )close( rfd[ 1 ] ); if ( setpgid( getpid(), getpid()) < 0 ) { ! syslog( LOG_ERR, "setpgid failed: %s", strerror( errno )); ! _exit( 2 ); } execve( execargs[ 0 ], execargs, NULL ); ! syslog( LOG_ERR, "execve: %s: %s", execargs[ 0 ], strerror( errno )); _exit( 2 ); case -1: ! syslog( LOG_ERR, "fork() failed: %s", strerror( errno )); ! ( void )close( wfd[ 0 ] ); ! ( void )close( wfd[ 1 ] ); ! ( void )close( efd[ 0 ] ); ! ( void )close( efd[ 1 ] ); ! ( void )close( rfd[ 0 ] ); ! ( void )close( rfd[ 1 ] ); ! ! return( -1 ); default: break; } - - for ( i = 0; i <= ac; i++ ) { - free( execargs[ i ] ); - } - free( execargs ); - - signal( SIGPIPE, SIG_IGN ); ! [ rascontroller setCurrentCommandPID: pid threadID: [ self threadID ]]; ! ( void )close( wfd[ 0 ] ); ! ( void )close( rfd[ 1 ] ); ! ( void )close( efd[ 1 ] ); ! if ( write( wfd[ 1 ], &extAuth, sizeof( extAuth )) != sizeof( extAuth )) { ! syslog( LOG_ERR, "write failed: %s", strerror( errno )); ! ( void )close( wfd[ 1 ] ); ! return( -1 ); } ! ( void )close( wfd[ 1 ] ); ! ! if ( fcntl( rfd[ 0 ], F_SETFL, O_NONBLOCK ) < 0 ) { ! [ rascontroller toolError: ! "Failed to set non-blocking I/O on read descriptor." ! fromThreadWithID: [ self threadID ]]; ! return( -1 ); ! } ! if ( fcntl( efd[ 0 ], F_SETFL, O_NONBLOCK ) < 0 ) { ! NSLog( @"non-block: %s", strerror( errno )); ! return( -1 ); } ! if (( rf = fdopen( rfd[ 0 ], "r" )) == NULL ) { ! NSLog( @"fdopen rfd[ 0 ]: %s", strerror( errno )); ! return( -1 ); } ! if (( ef = fdopen( efd[ 0 ], "r" )) == NULL ) { ! NSLog( @"fdopen efd[ 0 ]: %s", strerror( errno )); ! return( -1 ); } --- 110,238 ---- NSString *authToolPath; int wfd[ 2 ], rfd[ 2 ], efd[ 2 ]; ! int status, i, ac = -1; ! int rc = -1; pid_t pid; fd_set readmask; FILE *rf = NULL, *ef = NULL; + auth = [ AMAuthorization authorizationWithName: @"edu.umich.radmind.generic" + preAuthorize: YES allowInteraction: YES + extendRights: YES ]; + if ( auth == nil ) { + [ controller authorizationFailedInThreadWithID: [ self threadID ]]; + return; + } + [ auth externalForm: &externalForm ]; + if (( authToolPath = [[ NSBundle mainBundle ] pathForResource: @"rsmauthtool" ofType: nil ] ) == nil ) { ! error = [ NSString stringWithString: ! @"rsmauthtool couldn't be found." ]; ! goto execute_command_cleanup; } ! av = [[[ NSMutableArray alloc ] init ] autorelease ]; [ av addObject: authToolPath ]; [ av addObjectsFromArray: args ]; ! wfd[ 0 ] = wfd[ 1 ] = rfd[ 0 ] = rfd[ 1 ] = efd[ 0 ] = efd[ 1 ] = -1; ! if ( pipe( wfd ) != 0 || pipe( rfd ) != 0 || pipe( efd ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"pipe failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } if ( chdir( "/" ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"chdir / failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } if (( ac = [ av argv: &execargs ] ) == 0 ) { ! error = [ NSString stringWithFormat: ! @"chdir / failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } switch (( pid = fork())) { case 0: ! if ( close( wfd[ 1 ] ) != 0 || close( rfd[ 0 ] ) != 0 || ! close( efd[ 0 ] ) != 0 ) { ! fprintf( stderr, "child: close failed: %s\n", strerror( errno )); ! fflush( stderr ); ! exit( 2 ); ! } ! if ( dup2( wfd[ 0 ], 0 ) < 0 || dup2( rfd[ 1 ], 1 ) < 0 || ! dup2( efd[ 1 ], 2 ) < 0 ) { ! fprintf( stderr, "child: dup2 failed: %s\n", strerror( errno )); ! fflush( stderr ); ! exit( 2 ); } setvbuf( stdout, NULL, _IONBF, 0 ); ! ! if ( close( wfd[ 0 ] ) != 0 || close( rfd[ 1 ] ) != 0 || ! close( efd[ 1 ] ) != 0 ) { ! fprintf( stderr, "child: close failed: %s\n", strerror( errno )); ! fflush( stderr ); ! exit( 2 ); ! } if ( setpgid( getpid(), getpid()) < 0 ) { ! fprintf( stderr, "child: setpgid failed: %s", strerror( errno )); ! fflush( stderr ); ! exit( 2 ); } execve( execargs[ 0 ], execargs, NULL ); ! fprintf( stderr, "execve %s: %s\n", execargs[ 0 ], strerror( errno )); ! fflush( stderr ); _exit( 2 ); case -1: ! error = [ NSString stringWithFormat: @"fork failed: %s", ! strerror( errno ) ]; ! goto execute_command_cleanup; default: break; } ! signal( SIGPIPE, SIG_IGN ); ! [ controller setCurrentCommandPID: pid threadID: [ self threadID ]]; ! if ( close( wfd[ 0 ] ) != 0 || close( rfd[ 1 ] ) != 0 || ! close( efd[ 1 ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; ! } ! wfd[ 0 ] = rfd[ 1 ] = efd[ 1 ] = -1; ! if ( write( wfd[ 1 ], &externalForm, sizeof( AuthorizationExternalForm )) ! != sizeof( AuthorizationExternalForm )) { ! error = [ NSString stringWithFormat: ! @"write failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } ! if ( close( wfd[ 1 ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } ! wfd[ 1 ] = -1; ! ! if ( fcntl( rfd[ 0 ], F_SETFL, O_NONBLOCK ) < 0 || ! fcntl( efd[ 0 ], F_SETFL, O_NONBLOCK ) < 0 ) { ! error = [ NSString stringWithFormat: ! @"fcntl failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } ! if (( rf = fdopen( rfd[ 0 ], "r" )) == NULL || ! ( ef = fdopen( efd[ 0 ], "r" )) == NULL ) { ! error = [ NSString stringWithFormat: ! @"fdopen failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; } *************** *** 287,292 **** &readmask, NULL, NULL, &tv )) { case -1: ! NSLog( @"select: %s", strerror( errno )); ! return( -1 ); case 0: --- 256,262 ---- &readmask, NULL, NULL, &tv )) { case -1: ! error = [ NSString stringWithFormat: ! @"select failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; case 0: *************** *** 302,318 **** if ( FD_ISSET( rfd[ 0 ], &readmask )) { - NSString *s = nil; - ! while ( fgets(( char * )buf, MAXPATHLEN, rf ) != NULL ) { buf[ strlen( buf ) - 1 ] = '\0'; ! s = [ NSString stringWithUTF8String: buf ]; ! if ( [ s characterAtIndex: 0 ] == '%' ) { ! [ rascontroller updateToolProgressWithString: s threadID: [ self threadID ]]; } else { ! [ rascontroller updateDisplayWithString: s threadID: [ self threadID ]]; } --- 272,286 ---- if ( FD_ISSET( rfd[ 0 ], &readmask )) { ! while ( fgets( buf, MAXPATHLEN, rf ) != NULL ) { buf[ strlen( buf ) - 1 ] = '\0'; ! output = [ NSString stringWithUTF8String: buf ]; ! if ( [ output characterAtIndex: 0 ] == '%' ) { ! [ controller updateToolProgressWithString: output threadID: [ self threadID ]]; } else { ! [ controller updateDisplayWithString: output threadID: [ self threadID ]]; } *************** *** 322,386 **** } } else if ( FD_ISSET( efd[ 0 ], &readmask )) { ! if ( fgets(( char * )buf, MAXPATHLEN, ef ) != NULL ) { ! [ rascontroller toolError: buf fromThreadWithID: [ self threadID ]]; ! } } } ! ( void )close( efd[ 0 ] ); ! ( void )close( rfd[ 0 ] ); pid = wait( &status ); ! return( WEXITSTATUS( status )); ! } ! ! ! - ( int )prepareAuthorizedCommand: ( int )command ! withRight: ( AuthorizationItem )right ! andArguments: ( NSArray * )args ! { ! int err; ! AuthorizationRights rights = { 1, &right }; ! OSStatus status; ! AuthorizationFlags flags = ! kAuthorizationFlagDefaults | ! kAuthorizationFlagPreAuthorize | ! kAuthorizationFlagInteractionAllowed | ! kAuthorizationFlagExtendRights; ! ! if ( rsmAuthRef == NULL ) { ! status = AuthorizationCreate( ! NULL, ! kAuthorizationEmptyEnvironment, ! kAuthorizationFlagDefaults, ! &rsmAuthRef ); ! ! if ( status != errAuthorizationSuccess ) { ! NSLog( @"AuthorizationCreate failed: error %d", (int)status ); ! return( -1 ); } } ! status = AuthorizationCopyRights( ! rsmAuthRef, ! &rights, ! kAuthorizationEmptyEnvironment, ! flags, ! NULL ); ! ! if ( status != errAuthorizationSuccess ) { ! NSLog( @"AuthorizationCopyRights failed: error %d", (int)status ); ! AuthorizationFree( rsmAuthRef, kAuthorizationFlagDefaults ); ! rsmAuthRef = NULL; ! return( -2 ); } - - err = [ self executeAuthorizedCommand: command withRef: rsmAuthRef - andArguments: args ]; - - //AuthorizationFree( authRef, kAuthorizationFlagDefaults ); ! return( err ); } --- 290,351 ---- } } else if ( FD_ISSET( efd[ 0 ], &readmask )) { ! /* just get the first line of error output */ ! fgets( buf, MAXPATHLEN, ef ); ! if ( ferror( ef )) { ! error = [ NSString stringWithFormat: ! @"fgets: %s", strerror( errno ) ]; ! goto execute_command_cleanup; ! } ! error = [ NSString stringWithUTF8String: buf ]; ! break; } } ! if ( close( rfd[ 0 ] ) != 0 || close( efd[ 0 ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close failed: %s", strerror( errno ) ]; ! goto execute_command_cleanup; ! } ! rfd[ 0 ] = efd[ 0 ] = -1; pid = wait( &status ); ! rc = WEXITSTATUS( status ); ! ! execute_command_cleanup: ! if ( execargs != NULL ) { ! for ( i = 0; i <= ac; i++ ) { ! free( execargs[ i ] ); } + free( execargs ); } ! for ( i = 0; i < 2; i++ ) { ! if ( wfd[ i ] != -1 && close( wfd[ i ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close: %s", strerror( errno ) ]; ! break; ! } ! } ! for ( i = 0; i < 2; i++ ) { ! if ( rfd[ i ] != -1 && close( rfd[ i ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close: %s", strerror( errno ) ]; ! break; ! } ! } ! for ( i = 0; i < 2; i++ ) { ! if ( efd[ i ] != -1 && close( efd[ i ] ) != 0 ) { ! error = [ NSString stringWithFormat: ! @"close: %s", strerror( errno ) ]; ! break; ! } } ! if ( error ) { ! [ controller toolError: error fromThreadWithID: [ self threadID ]]; ! } ! [ controller command: command finishedWithStatus: rc ! inThread: [ self threadID ]]; } Index: RAServerAuth.h =================================================================== RCS file: /cvsroot/radmind/radmind-assistant/rsm/RAServerAuth.h,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** RAServerAuth.h 24 Jun 2008 06:18:35 -0000 1.7 --- RAServerAuth.h 24 Jun 2008 20:07:05 -0000 1.8 *************** *** 57,68 **** - ( int )threadID; - - ( int )executeAuthorizedCommand: ( int )command - withRef: ( AuthorizationRef )authRef - andArguments: ( NSArray * )args; - - - ( int )prepareAuthorizedCommand: ( int )command - withRight: ( AuthorizationItem )right - andArguments: ( NSArray * )args; - - ( int )cancelTask: ( pid_t )pidno error: ( NSString ** )error; --- 57,60 ---- |
