sbuild  1.6.10
Classes | Public Types | Public Member Functions | Protected Member Functions | Protected Attributes | Private Member Functions | Private Attributes | List of all members
sbuild::session Class Reference

Session handler. More...

#include <sbuild-session.h>

+ Collaboration diagram for sbuild::session:

Classes

struct  chroot_list_entry
 

Public Types

enum  operation {
  OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RECOVER, OPERATION_END,
  OPERATION_RUN
}
 Session operations. More...
 
enum  error_code {
  CHDIR, CHDIR_FB, CHILD_CORE, CHILD_FAIL,
  CHILD_FORK, CHILD_SIGNAL, CHILD_WAIT, CHROOT,
  CHROOT_ALIAS, CHROOT_LOCK, CHROOT_NOTFOUND, CHROOT_SETUP,
  CHROOT_UNLOCK, COMMAND_ABS, EXEC, GROUP_GET_SUP,
  GROUP_GET_SUPC, GROUP_SET, GROUP_SET_SUP, GROUP_UNKNOWN,
  PAM, ROOT_DROP, SET_SESSION_ID, SHELL,
  SHELL_FB, SIGNAL_CATCH, SIGNAL_SET, USER_SET,
  USER_SWITCH
}
 Error codes. More...
 
typedef std::vector< chroot_list_entrychroot_list
 A list of chroots.
 
typedef custom_error< error_codeerror
 Exception type.
 
typedef std::shared_ptr< sessionptr
 A shared_ptr to a session object.
 

Public Member Functions

 session (std::string const &service, operation operation, chroot_list const &chroots)
 The constructor. More...
 
virtual ~session ()
 The destructor.
 
auth::ptr const & get_auth () const
 Get the authentication state associated with this session. More...
 
void set_auth (auth::ptr &auth)
 Set the authentication state associated with this session. More...
 
chroot_list const & get_chroots () const
 Get the chroots to use in this session. More...
 
void set_chroots (chroot_list const &chroots)
 Set the chroots to use in this session. More...
 
operation get_operation () const
 Get the operation this session will perform. More...
 
void set_operation (operation operation)
 Set the operation this session will perform. More...
 
std::string const & get_session_id () const
 Get the session identifier. More...
 
void set_session_id (std::string const &session_id)
 Set the session identifier. More...
 
std::string const & get_verbosity () const
 Get the message verbosity. More...
 
void set_verbosity (std::string const &verbosity)
 Set the message verbosity. More...
 
bool get_preserve_environment () const
 Check if the environment should be preserved in the chroot. More...
 
void set_preserve_environment (bool preserve_environment)
 Set if the environment should be preserved in the chroot. More...
 
std::string const & get_shell_override () const
 Get user-specified login shell. More...
 
void set_shell_override (std::string const &shell)
 Set user-specified login shell. More...
 
string_map const & get_user_options () const
 Get user options. More...
 
void set_user_options (string_map const &user_options)
 Set user options. More...
 
bool get_force () const
 Get the force status of this session. More...
 
void set_force (bool force)
 Set the force status of this session. More...
 
void save_termios ()
 Save terminal state.
 
void restore_termios ()
 Restore terminal state.
 
int get_child_status () const
 Get the exit (wait) status of the last child process to run in this session. More...
 
bool is_group_member (std::string const &groupname) const
 Check group membership. More...
 
virtual sbuild::auth::status get_auth_status () const
 Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account. More...
 
void run ()
 Run a session. More...
 

Protected Member Functions

void get_chroot_membership (chroot::ptr const &chroot, bool &in_users, bool &in_root_users, bool &in_groups, bool &in_root_groups) const
 Get the chroot authentication properties the user is included in.
 
virtual auth::status get_chroot_auth_status (auth::status status, chroot::ptr const &chroot) const
 Check if authentication is required for a single chroot, taking users, groups, root-users and root-groups membership into account.
 
virtual void run_impl ()
 Run a session. More...
 
virtual string_list get_login_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const
 Get a list of directories to change to when running a login shell. More...
 
virtual string_list get_command_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const
 Get a list of directories to change to when running a command Multiple directories are used as fallbacks. More...
 
virtual string_list get_shells (sbuild::chroot::ptr &session_chroot) const
 Get a list of candidate shells to run. More...
 
virtual std::string get_shell (sbuild::chroot::ptr &session_chroot) const
 Get the shell to run. More...
 
virtual void get_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment &env) const
 Get the command to run. More...
 
virtual void get_login_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment &env) const
 Get the command to run a login shell. More...
 
virtual void get_user_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment const &env) const
 Get the command to run a user command. More...
 

Protected Attributes

std::string cwd
 Current working directory.
 

Private Member Functions

void setup_chroot (chroot::ptr &session_chroot, chroot::setup_type setup_type)
 Setup a chroot. More...
 
void run_chroot (chroot::ptr &session_chroot)
 Run command or login shell in the specified chroot. More...
 
void run_child (chroot::ptr &session_chroot)
 Run a command or login shell as a child process in the specified chroot. More...
 
void wait_for_child (pid_t pid, int &child_status)
 Wait for a child process to complete, and check its exit status. More...
 
void set_sighup_handler ()
 Set the SIGHUP handler. More...
 
void clear_sighup_handler ()
 Restore the state of SIGHUP prior to setting the handler.
 
void set_sigint_handler ()
 Set the SIGINT handler. More...
 
void clear_sigint_handler ()
 Restore the state of SIGINT prior to setting the handler.
 
void set_sigterm_handler ()
 Set the SIGTERM handler. More...
 
void clear_sigterm_handler ()
 Restore the state of SIGTERM prior to setting the handler.
 
void set_signal_handler (int signal, struct sigaction *saved_signal, void(*handler)(int))
 Set a signal handler. More...
 
void clear_signal_handler (int signal, struct sigaction *saved_signal)
 Restore the state of the signal prior to setting the handler. More...
 

Private Attributes

auth::ptr authstat
 Authentication state.
 
chroot_list chroots
 The chroots to run the session operation in.
 
int chroot_status
 The current chroot status.
 
bool lock_status
 Lock status for locks acquired during chroot setup.
 
int child_status
 The child exit status.
 
operation session_operation
 The session operation to perform.
 
std::string session_id
 The session identifier.
 
bool force
 The session force status.
 
struct sigaction saved_sighup_signal
 Signal saved while sighup handler is set.
 
struct sigaction saved_sigint_signal
 Signal saved while sigint handler is set.
 
struct sigaction saved_sigterm_signal
 Signal saved while sigterm handler is set.
 
struct termios saved_termios
 Saved terminal settings.
 
bool termios_ok
 Are the saved terminal settings valid?
 
std::string verbosity
 Message verbosity.
 
bool preserve_environment
 Preserve environment?
 
std::string shell
 Login shell.
 
string_map user_options
 User-defined options.
 

Detailed Description

Session handler.

This class provides the session handling for schroot. It uses auth, which performs all the necessary PAM actions. This allows more sophisticated handling of user authorisation (users, groups, root-users and root-groups membership in the configuration file) and session management (setting up the session, entering the chroot and running the requested command or shell).

Member Enumeration Documentation

Error codes.

Enumerator
CHDIR 

Failed to change to directory.

CHDIR_FB 

Falling back to directory.

CHILD_CORE 

Child dumped core.

CHILD_FAIL 

Child exited abnormally (reason unknown)

CHILD_FORK 

Failed to fork child.

CHILD_SIGNAL 

Child terminated by signal.

CHILD_WAIT 

Wait for child failed.

CHROOT 

Failed to change root to directory.

CHROOT_ALIAS 

No chroot found matching alias.

CHROOT_LOCK 

Failed to lock chroot.

CHROOT_NOTFOUND 

Chroot not found.

CHROOT_SETUP 

Setup failed.

CHROOT_UNLOCK 

Failed to unlock chroot.

COMMAND_ABS 

Command must have an absolute path.

EXEC 

Failed to execute.

GROUP_GET_SUP 

Failed to get supplementary groups.

GROUP_GET_SUPC 

Failed to get supplementary group count.

GROUP_SET 

Failed to set group.

GROUP_SET_SUP 

Failed to set supplementary groups.

GROUP_UNKNOWN 

Group not found.

PAM 

PAM error.

ROOT_DROP 

Failed to drop root permissions.

SET_SESSION_ID 

Chroot does not support setting a session ID.

SHELL 

Shell not available.

SHELL_FB 

Falling back to shell.

SIGNAL_CATCH 

Caught signal.

SIGNAL_SET 

Failed to set signal handler.

USER_SET 

Failed to set user.

USER_SWITCH 

User switching is not permitted.

Session operations.

Enumerator
OPERATION_AUTOMATIC 

Begin, end and run a session automatically.

OPERATION_BEGIN 

Begin a session.

OPERATION_RECOVER 

Recover an existing (but inactive) session.

OPERATION_END 

End a session.

OPERATION_RUN 

Run a command in an existing session.

Constructor & Destructor Documentation

session::session ( std::string const &  service,
operation  operation,
chroot_list const &  chroots 
)

The constructor.

Parameters
servicethe PAM service name.
operationthe session operation to perform.
chrootsthe chroots to act upon.

Member Function Documentation

void session::clear_signal_handler ( int  signal,
struct sigaction *  saved_signal 
)
private

Restore the state of the signal prior to setting the handler.

Parameters
signalthe signal number.
saved_signalthe location from which to restore the saved handler.

Referenced by clear_sighup_handler(), clear_sigint_handler(), and clear_sigterm_handler().

+ Here is the caller graph for this function:

auth::ptr const & session::get_auth ( ) const

Get the authentication state associated with this session.

Returns
a shared_ptr to the authentication state.

References authstat.

auth::status session::get_auth_status ( ) const
virtual

Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account.

Todo:
Use set difference rather than iteration and is_group_member.

References sbuild::auth::change_auth(), chroots, get_chroot_auth_status(), and sbuild::auth::STATUS_NONE.

Referenced by run().

+ Here is the caller graph for this function:

int session::get_child_status ( ) const

Get the exit (wait) status of the last child process to run in this session.

Returns
the exit status.

References child_status.

session::chroot_list const & session::get_chroots ( ) const

Get the chroots to use in this session.

Returns
a list of chroots.

References chroots.

void session::get_command ( chroot::ptr session_chroot,
std::string &  file,
string_list command,
environment env 
) const
protectedvirtual

Get the command to run.

Parameters
session_chrootthe chroot to setup.
filethe filename to pass to execve(2).
commandthe argv to pass to execve(2).
envthe environment to use for PATH.

References get_login_command(), and get_user_command().

Referenced by run_child().

+ Here is the caller graph for this function:

string_list session::get_command_directories ( sbuild::chroot::ptr session_chroot,
environment const &  env 
) const
protectedvirtual

Get a list of directories to change to when running a command Multiple directories are used as fallbacks.

Parameters
session_chrootthe chroot to setup.
envthe environment to use for HOME
Returns
a list of directories

References authstat, and cwd.

Referenced by run_child().

+ Here is the caller graph for this function:

bool session::get_force ( ) const

Get the force status of this session.

Returns
true if operation will be forced, otherwise false.

References force.

void session::get_login_command ( chroot::ptr session_chroot,
std::string &  file,
string_list command,
environment env 
) const
protectedvirtual

Get the command to run a login shell.

Parameters
session_chrootthe chroot to setup.
filethe filename to pass to execve(2).
commandthe argv to pass to execve(2).
envthe environment to set SHELL.

References sbuild::_(), sbuild::environment::add(), authstat, sbuild::basename(), sbuild::DEBUG_NOTICE, get_preserve_environment(), get_shell(), sbuild::log_debug(), sbuild::log_info(), shell, and sbuild::chroot::VERBOSITY_VERBOSE.

Referenced by get_command().

+ Here is the caller graph for this function:

string_list session::get_login_directories ( sbuild::chroot::ptr session_chroot,
environment const &  env 
) const
protectedvirtual

Get a list of directories to change to when running a login shell.

Multiple directories are used as fallbacks.

Parameters
session_chrootthe chroot to setup.
envthe environment to use for HOME
Returns
a list of directories

References authstat, cwd, and sbuild::environment::get().

Referenced by run_child().

+ Here is the caller graph for this function:

session::operation session::get_operation ( ) const

Get the operation this session will perform.

Returns
the operation.

References session_operation.

bool session::get_preserve_environment ( ) const

Check if the environment should be preserved in the chroot.

Returns
true to preserve or false to clean.

References preserve_environment.

Referenced by get_login_command(), get_shells(), and run_child().

+ Here is the caller graph for this function:

std::string const & session::get_session_id ( ) const

Get the session identifier.

The session identifier is a unique string to identify a session.

Returns
the session id.

References session_id.

Referenced by run_impl().

+ Here is the caller graph for this function:

std::string session::get_shell ( sbuild::chroot::ptr session_chroot) const
protectedvirtual

Get the shell to run.

This finds a suitable shell to run in the chroot, falling back to /bin/sh if necessary. Note that it assumes it is inside the chroot when called.

Parameters
session_chrootthe chroot to setup.
Returns
the shell.

References sbuild::stat::check(), get_shells(), sbuild::log_exception_warning(), SHELL, shell, and SHELL_FB.

Referenced by get_login_command().

+ Here is the caller graph for this function:

std::string const & session::get_shell_override ( ) const

Get user-specified login shell.

Returns
true to preserve or false to clean.

References shell.

string_list session::get_shells ( sbuild::chroot::ptr session_chroot) const
protectedvirtual

Get a list of candidate shells to run.

This is typically the user login shell, plus /bin/bash and/or /bin/sh if these are not already present as the user's login shell.

Parameters
session_chrootthe chroot to setup.
Returns
a list of shells.

References authstat, get_preserve_environment(), and shell.

Referenced by get_shell().

+ Here is the caller graph for this function:

void session::get_user_command ( chroot::ptr session_chroot,
std::string &  file,
string_list command,
environment const &  env 
) const
protectedvirtual

Get the command to run a user command.

Parameters
session_chrootthe chroot to setup.
filethe filename to pass to execve(2).
commandthe argv to pass to execve(2).
envthe environment to use for PATH

References sbuild::_(), authstat, sbuild::DEBUG_NOTICE, sbuild::find_program_in_path(), sbuild::environment::get(), sbuild::log_debug(), sbuild::log_info(), sbuild::string_list_to_string(), and sbuild::chroot::VERBOSITY_VERBOSE.

Referenced by get_command().

+ Here is the caller graph for this function:

string_map const & session::get_user_options ( ) const

Get user options.

Returns
map of user options.

References user_options.

std::string const & session::get_verbosity ( ) const

Get the message verbosity.

Returns
the message verbosity.

References verbosity.

bool session::is_group_member ( std::string const &  groupname) const

Check group membership.

Parameters
groupnamethe group to check for.
Returns
true if the user is a member of group, otherwise false.
Parameters
groupthe group to check for.
Returns
true if the user is a member of group, otherwise false.

References sbuild::DEBUG_INFO, GROUP_GET_SUP, GROUP_GET_SUPC, and sbuild::log_debug().

Referenced by get_chroot_membership().

+ Here is the caller graph for this function:

void session::run ( )

Run a session.

The user will be asked for authentication if required, and then the run_impl virtual method will be called.

An auth::error will be thrown on failure.

References authstat, get_auth_status(), and run_impl().

void session::run_child ( chroot::ptr session_chroot)
private
void session::run_chroot ( chroot::ptr session_chroot)
private

Run command or login shell in the specified chroot.

An error will be thrown on failure.

Parameters
session_chrootthe chroot to setup.

References sbuild::_(), CHILD_FORK, child_status, sbuild::log_error(), sbuild::log_exception_error(), run_child(), and wait_for_child().

Referenced by run_impl().

+ Here is the caller graph for this function:

void session::run_impl ( )
protectedvirtual
void session::set_auth ( auth::ptr auth)

Set the authentication state associated with this session.

Parameters
autha shared_ptr to the authentication state.

References authstat.

void session::set_chroots ( chroot_list const &  chroots)

Set the chroots to use in this session.

Parameters
chrootsa list of chroots.

References chroots.

void session::set_force ( bool  force)

Set the force status of this session.

Parameters
forcetrue to force operation, otherwise false.

References force.

void session::set_operation ( operation  operation)

Set the operation this session will perform.

Parameters
operationthe operation.

References session_operation.

void session::set_preserve_environment ( bool  preserve_environment)

Set if the environment should be preserved in the chroot.

Parameters
preserve_environmenttrue to preserve or false to clean.

References preserve_environment.

void session::set_session_id ( std::string const &  session_id)

Set the session identifier.

The session identifier is a unique string to identify a session.

Parameters
session_idthe session id.

References session_id.

void session::set_shell_override ( std::string const &  shell)

Set user-specified login shell.

Parameters
shelltrue to preserve or false to clean.

References shell.

void session::set_sighup_handler ( )
private

Set the SIGHUP handler.

An error will be thrown on failure.

References saved_sighup_signal, and set_signal_handler().

Referenced by run_impl().

+ Here is the caller graph for this function:

void session::set_sigint_handler ( )
private

Set the SIGINT handler.

An error will be thrown on failure.

References saved_sigint_signal, and set_signal_handler().

Referenced by run_impl().

+ Here is the caller graph for this function:

void session::set_signal_handler ( int  signal,
struct sigaction *  saved_signal,
void(*)(int)  handler 
)
private

Set a signal handler.

An error will be thrown on failure.

Parameters
signalthe signal number.
saved_signalthe location to save the current handler.
handlerthe signal handler to install.

References SIGNAL_SET.

Referenced by set_sighup_handler(), set_sigint_handler(), and set_sigterm_handler().

+ Here is the caller graph for this function:

void session::set_sigterm_handler ( )
private

Set the SIGTERM handler.

An error will be thrown on failure.

References saved_sigterm_signal, and set_signal_handler().

Referenced by run_impl().

+ Here is the caller graph for this function:

void session::set_user_options ( string_map const &  user_options)

Set user options.

Parameters
user_optionsmap of user options.

References user_options.

void session::set_verbosity ( std::string const &  verbosity)

Set the message verbosity.

This will override the chroot message verbosity if set.

Parameters
verbositythe message verbosity.

References verbosity.

void session::setup_chroot ( chroot::ptr session_chroot,
chroot::setup_type  setup_type 
)
private

Setup a chroot.

This runs all of the commands in setup.d or run.d.

The environment variables CHROOT_NAME, CHROOT_DESCRIPTION, CHROOT_LOCATION, AUTH_USER and AUTH_VERBOSITY are set for use in setup scripts. See schroot-setup(5) for a complete list.

An error will be thrown on failure.

Parameters
session_chrootthe chroot to setup.
setup_typethe type of setup to perform.

References sbuild::_(), sbuild::environment::add(), authstat, CHDIR, CHILD_FORK, CHROOT_LOCK, CHROOT_SETUP, chroot_status, CHROOT_UNLOCK, sbuild::DEBUG_INFO, lock_status, sbuild::log_debug(), sbuild::log_error(), sbuild::log_exception_error(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_END, OPERATION_RECOVER, sbuild::run_parts::run(), session_operation, sbuild::run_parts::set_reverse(), sbuild::run_parts::set_verbose(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::chroot::VERBOSITY_VERBOSE, and wait_for_child().

Referenced by run_impl().

+ Here is the caller graph for this function:

void session::wait_for_child ( pid_t  pid,
int &  child_status 
)
private

Wait for a child process to complete, and check its exit status.

An error will be thrown on failure.

Parameters
pidthe pid to wait for.
child_statusthe place to store the child exit status.

References sbuild::_(), CHILD_CORE, CHILD_FAIL, CHILD_SIGNAL, CHILD_WAIT, chroot_status, sbuild::log_exception_error(), and SIGNAL_CATCH.

Referenced by run_chroot(), and setup_chroot().

+ Here is the caller graph for this function:


The documentation for this class was generated from the following files: