sbuild
1.6.10
|
Session handler. More...
#include <sbuild-session.h>
Classes | |
struct | chroot_list_entry |
Public Types | |
enum | operation { OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RECOVER, OPERATION_END, OPERATION_RUN } |
Session operations. More... | |
enum | error_code { CHDIR, CHDIR_FB, CHILD_CORE, CHILD_FAIL, CHILD_FORK, CHILD_SIGNAL, CHILD_WAIT, CHROOT, CHROOT_ALIAS, CHROOT_LOCK, CHROOT_NOTFOUND, CHROOT_SETUP, CHROOT_UNLOCK, COMMAND_ABS, EXEC, GROUP_GET_SUP, GROUP_GET_SUPC, GROUP_SET, GROUP_SET_SUP, GROUP_UNKNOWN, PAM, ROOT_DROP, SET_SESSION_ID, SHELL, SHELL_FB, SIGNAL_CATCH, SIGNAL_SET, USER_SET, USER_SWITCH } |
Error codes. More... | |
typedef std::vector< chroot_list_entry > | chroot_list |
A list of chroots. | |
typedef custom_error< error_code > | error |
Exception type. | |
typedef std::shared_ptr< session > | ptr |
A shared_ptr to a session object. | |
Public Member Functions | |
session (std::string const &service, operation operation, chroot_list const &chroots) | |
The constructor. More... | |
virtual | ~session () |
The destructor. | |
auth::ptr const & | get_auth () const |
Get the authentication state associated with this session. More... | |
void | set_auth (auth::ptr &auth) |
Set the authentication state associated with this session. More... | |
chroot_list const & | get_chroots () const |
Get the chroots to use in this session. More... | |
void | set_chroots (chroot_list const &chroots) |
Set the chroots to use in this session. More... | |
operation | get_operation () const |
Get the operation this session will perform. More... | |
void | set_operation (operation operation) |
Set the operation this session will perform. More... | |
std::string const & | get_session_id () const |
Get the session identifier. More... | |
void | set_session_id (std::string const &session_id) |
Set the session identifier. More... | |
std::string const & | get_verbosity () const |
Get the message verbosity. More... | |
void | set_verbosity (std::string const &verbosity) |
Set the message verbosity. More... | |
bool | get_preserve_environment () const |
Check if the environment should be preserved in the chroot. More... | |
void | set_preserve_environment (bool preserve_environment) |
Set if the environment should be preserved in the chroot. More... | |
std::string const & | get_shell_override () const |
Get user-specified login shell. More... | |
void | set_shell_override (std::string const &shell) |
Set user-specified login shell. More... | |
string_map const & | get_user_options () const |
Get user options. More... | |
void | set_user_options (string_map const &user_options) |
Set user options. More... | |
bool | get_force () const |
Get the force status of this session. More... | |
void | set_force (bool force) |
Set the force status of this session. More... | |
void | save_termios () |
Save terminal state. | |
void | restore_termios () |
Restore terminal state. | |
int | get_child_status () const |
Get the exit (wait) status of the last child process to run in this session. More... | |
bool | is_group_member (std::string const &groupname) const |
Check group membership. More... | |
virtual sbuild::auth::status | get_auth_status () const |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account. More... | |
void | run () |
Run a session. More... | |
Protected Member Functions | |
void | get_chroot_membership (chroot::ptr const &chroot, bool &in_users, bool &in_root_users, bool &in_groups, bool &in_root_groups) const |
Get the chroot authentication properties the user is included in. | |
virtual auth::status | get_chroot_auth_status (auth::status status, chroot::ptr const &chroot) const |
Check if authentication is required for a single chroot, taking users, groups, root-users and root-groups membership into account. | |
virtual void | run_impl () |
Run a session. More... | |
virtual string_list | get_login_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const |
Get a list of directories to change to when running a login shell. More... | |
virtual string_list | get_command_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks. More... | |
virtual string_list | get_shells (sbuild::chroot::ptr &session_chroot) const |
Get a list of candidate shells to run. More... | |
virtual std::string | get_shell (sbuild::chroot::ptr &session_chroot) const |
Get the shell to run. More... | |
virtual void | get_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment &env) const |
Get the command to run. More... | |
virtual void | get_login_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment &env) const |
Get the command to run a login shell. More... | |
virtual void | get_user_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment const &env) const |
Get the command to run a user command. More... | |
Protected Attributes | |
std::string | cwd |
Current working directory. | |
Private Member Functions | |
void | setup_chroot (chroot::ptr &session_chroot, chroot::setup_type setup_type) |
Setup a chroot. More... | |
void | run_chroot (chroot::ptr &session_chroot) |
Run command or login shell in the specified chroot. More... | |
void | run_child (chroot::ptr &session_chroot) |
Run a command or login shell as a child process in the specified chroot. More... | |
void | wait_for_child (pid_t pid, int &child_status) |
Wait for a child process to complete, and check its exit status. More... | |
void | set_sighup_handler () |
Set the SIGHUP handler. More... | |
void | clear_sighup_handler () |
Restore the state of SIGHUP prior to setting the handler. | |
void | set_sigint_handler () |
Set the SIGINT handler. More... | |
void | clear_sigint_handler () |
Restore the state of SIGINT prior to setting the handler. | |
void | set_sigterm_handler () |
Set the SIGTERM handler. More... | |
void | clear_sigterm_handler () |
Restore the state of SIGTERM prior to setting the handler. | |
void | set_signal_handler (int signal, struct sigaction *saved_signal, void(*handler)(int)) |
Set a signal handler. More... | |
void | clear_signal_handler (int signal, struct sigaction *saved_signal) |
Restore the state of the signal prior to setting the handler. More... | |
Private Attributes | |
auth::ptr | authstat |
Authentication state. | |
chroot_list | chroots |
The chroots to run the session operation in. | |
int | chroot_status |
The current chroot status. | |
bool | lock_status |
Lock status for locks acquired during chroot setup. | |
int | child_status |
The child exit status. | |
operation | session_operation |
The session operation to perform. | |
std::string | session_id |
The session identifier. | |
bool | force |
The session force status. | |
struct sigaction | saved_sighup_signal |
Signal saved while sighup handler is set. | |
struct sigaction | saved_sigint_signal |
Signal saved while sigint handler is set. | |
struct sigaction | saved_sigterm_signal |
Signal saved while sigterm handler is set. | |
struct termios | saved_termios |
Saved terminal settings. | |
bool | termios_ok |
Are the saved terminal settings valid? | |
std::string | verbosity |
Message verbosity. | |
bool | preserve_environment |
Preserve environment? | |
std::string | shell |
Login shell. | |
string_map | user_options |
User-defined options. | |
Session handler.
This class provides the session handling for schroot. It uses auth, which performs all the necessary PAM actions. This allows more sophisticated handling of user authorisation (users, groups, root-users and root-groups membership in the configuration file) and session management (setting up the session, entering the chroot and running the requested command or shell).
Error codes.
session::session | ( | std::string const & | service, |
operation | operation, | ||
chroot_list const & | chroots | ||
) |
The constructor.
service | the PAM service name. |
operation | the session operation to perform. |
chroots | the chroots to act upon. |
|
private |
Restore the state of the signal prior to setting the handler.
signal | the signal number. |
saved_signal | the location from which to restore the saved handler. |
Referenced by clear_sighup_handler(), clear_sigint_handler(), and clear_sigterm_handler().
auth::ptr const & session::get_auth | ( | ) | const |
Get the authentication state associated with this session.
References authstat.
|
virtual |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account.
References sbuild::auth::change_auth(), chroots, get_chroot_auth_status(), and sbuild::auth::STATUS_NONE.
Referenced by run().
int session::get_child_status | ( | ) | const |
Get the exit (wait) status of the last child process to run in this session.
References child_status.
session::chroot_list const & session::get_chroots | ( | ) | const |
|
protectedvirtual |
Get the command to run.
session_chroot | the chroot to setup. |
file | the filename to pass to execve(2). |
command | the argv to pass to execve(2). |
env | the environment to use for PATH. |
References get_login_command(), and get_user_command().
Referenced by run_child().
|
protectedvirtual |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks.
session_chroot | the chroot to setup. |
env | the environment to use for HOME |
Referenced by run_child().
bool session::get_force | ( | ) | const |
Get the force status of this session.
References force.
|
protectedvirtual |
Get the command to run a login shell.
session_chroot | the chroot to setup. |
file | the filename to pass to execve(2). |
command | the argv to pass to execve(2). |
env | the environment to set SHELL. |
References sbuild::_(), sbuild::environment::add(), authstat, sbuild::basename(), sbuild::DEBUG_NOTICE, get_preserve_environment(), get_shell(), sbuild::log_debug(), sbuild::log_info(), shell, and sbuild::chroot::VERBOSITY_VERBOSE.
Referenced by get_command().
|
protectedvirtual |
Get a list of directories to change to when running a login shell.
Multiple directories are used as fallbacks.
session_chroot | the chroot to setup. |
env | the environment to use for HOME |
References authstat, cwd, and sbuild::environment::get().
Referenced by run_child().
session::operation session::get_operation | ( | ) | const |
bool session::get_preserve_environment | ( | ) | const |
Check if the environment should be preserved in the chroot.
References preserve_environment.
Referenced by get_login_command(), get_shells(), and run_child().
std::string const & session::get_session_id | ( | ) | const |
Get the session identifier.
The session identifier is a unique string to identify a session.
References session_id.
Referenced by run_impl().
|
protectedvirtual |
Get the shell to run.
This finds a suitable shell to run in the chroot, falling back to /bin/sh if necessary. Note that it assumes it is inside the chroot when called.
session_chroot | the chroot to setup. |
References sbuild::stat::check(), get_shells(), sbuild::log_exception_warning(), SHELL, shell, and SHELL_FB.
Referenced by get_login_command().
std::string const & session::get_shell_override | ( | ) | const |
|
protectedvirtual |
Get a list of candidate shells to run.
This is typically the user login shell, plus /bin/bash and/or /bin/sh if these are not already present as the user's login shell.
session_chroot | the chroot to setup. |
References authstat, get_preserve_environment(), and shell.
Referenced by get_shell().
|
protectedvirtual |
Get the command to run a user command.
session_chroot | the chroot to setup. |
file | the filename to pass to execve(2). |
command | the argv to pass to execve(2). |
env | the environment to use for PATH |
References sbuild::_(), authstat, sbuild::DEBUG_NOTICE, sbuild::find_program_in_path(), sbuild::environment::get(), sbuild::log_debug(), sbuild::log_info(), sbuild::string_list_to_string(), and sbuild::chroot::VERBOSITY_VERBOSE.
Referenced by get_command().
string_map const & session::get_user_options | ( | ) | const |
std::string const & session::get_verbosity | ( | ) | const |
bool session::is_group_member | ( | std::string const & | groupname | ) | const |
Check group membership.
groupname | the group to check for. |
group | the group to check for. |
References sbuild::DEBUG_INFO, GROUP_GET_SUP, GROUP_GET_SUPC, and sbuild::log_debug().
Referenced by get_chroot_membership().
void session::run | ( | ) |
Run a session.
The user will be asked for authentication if required, and then the run_impl virtual method will be called.
An auth::error will be thrown on failure.
References authstat, get_auth_status(), and run_impl().
|
private |
Run a command or login shell as a child process in the specified chroot.
This method is only ever to be run in a child process, and will never return.
session_chroot | the chroot to setup. |
References sbuild::_(), authstat, CHDIR, CHDIR_FB, CHROOT, cwd, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, EXEC, sbuild::exec(), sbuild::find_program_in_path(), get_command(), get_command_directories(), get_login_directories(), sbuild::chroot_facet_personality::get_persona(), get_preserve_environment(), sbuild::getcwd(), GROUP_SET, GROUP_SET_SUP, sbuild::log_debug(), sbuild::log_exception_warning(), ROOT_DROP, sbuild::personality::set(), sbuild::environment::set_filter(), sbuild::error_base::set_reason(), sbuild::string_list_to_string(), and USER_SET.
Referenced by run_chroot().
|
private |
Run command or login shell in the specified chroot.
An error will be thrown on failure.
session_chroot | the chroot to setup. |
References sbuild::_(), CHILD_FORK, child_status, sbuild::log_error(), sbuild::log_exception_error(), run_child(), and wait_for_child().
Referenced by run_impl().
|
protectedvirtual |
Run a session.
If a command has been specified, this will be run in each of the specified chroots. If no command has been specified, a login shell will run in the specified chroot.
An error will be thrown on failure.
References authstat, child_status, CHROOT_NOTFOUND, chroots, clear_sighup_handler(), clear_sigint_handler(), clear_sigterm_handler(), sbuild::chroot::clone_session(), sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, get_chroot_membership(), sbuild::chroot::get_facet(), sbuild::chroot::get_name(), get_session_id(), sbuild::log_debug(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RUN, restore_termios(), run_chroot(), save_termios(), sbuild::chroot::SESSION_CREATE, session_operation, sbuild::chroot_facet_userdata::set_root_data(), set_sighup_handler(), set_sigint_handler(), set_sigterm_handler(), sbuild::chroot::set_verbosity(), setup_chroot(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::unique_identifier(), user_options, and verbosity.
Referenced by run().
void session::set_auth | ( | auth::ptr & | auth | ) |
Set the authentication state associated with this session.
auth | a shared_ptr to the authentication state. |
References authstat.
void session::set_chroots | ( | chroot_list const & | chroots | ) |
void session::set_force | ( | bool | force | ) |
Set the force status of this session.
force | true to force operation, otherwise false. |
References force.
void session::set_operation | ( | operation | operation | ) |
Set the operation this session will perform.
operation | the operation. |
References session_operation.
void session::set_preserve_environment | ( | bool | preserve_environment | ) |
Set if the environment should be preserved in the chroot.
preserve_environment | true to preserve or false to clean. |
References preserve_environment.
void session::set_session_id | ( | std::string const & | session_id | ) |
Set the session identifier.
The session identifier is a unique string to identify a session.
session_id | the session id. |
References session_id.
void session::set_shell_override | ( | std::string const & | shell | ) |
Set user-specified login shell.
shell | true to preserve or false to clean. |
References shell.
|
private |
Set the SIGHUP handler.
An error will be thrown on failure.
References saved_sighup_signal, and set_signal_handler().
Referenced by run_impl().
|
private |
Set the SIGINT handler.
An error will be thrown on failure.
References saved_sigint_signal, and set_signal_handler().
Referenced by run_impl().
|
private |
Set a signal handler.
An error will be thrown on failure.
signal | the signal number. |
saved_signal | the location to save the current handler. |
handler | the signal handler to install. |
References SIGNAL_SET.
Referenced by set_sighup_handler(), set_sigint_handler(), and set_sigterm_handler().
|
private |
Set the SIGTERM handler.
An error will be thrown on failure.
References saved_sigterm_signal, and set_signal_handler().
Referenced by run_impl().
void session::set_user_options | ( | string_map const & | user_options | ) |
void session::set_verbosity | ( | std::string const & | verbosity | ) |
Set the message verbosity.
This will override the chroot message verbosity if set.
verbosity | the message verbosity. |
References verbosity.
|
private |
Setup a chroot.
This runs all of the commands in setup.d or run.d.
The environment variables CHROOT_NAME, CHROOT_DESCRIPTION, CHROOT_LOCATION, AUTH_USER and AUTH_VERBOSITY are set for use in setup scripts. See schroot-setup(5) for a complete list.
An error will be thrown on failure.
session_chroot | the chroot to setup. |
setup_type | the type of setup to perform. |
References sbuild::_(), sbuild::environment::add(), authstat, CHDIR, CHILD_FORK, CHROOT_LOCK, CHROOT_SETUP, chroot_status, CHROOT_UNLOCK, sbuild::DEBUG_INFO, lock_status, sbuild::log_debug(), sbuild::log_error(), sbuild::log_exception_error(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_END, OPERATION_RECOVER, sbuild::run_parts::run(), session_operation, sbuild::run_parts::set_reverse(), sbuild::run_parts::set_verbose(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::chroot::VERBOSITY_VERBOSE, and wait_for_child().
Referenced by run_impl().
|
private |
Wait for a child process to complete, and check its exit status.
An error will be thrown on failure.
pid | the pid to wait for. |
child_status | the place to store the child exit status. |
References sbuild::_(), CHILD_CORE, CHILD_FAIL, CHILD_SIGNAL, CHILD_WAIT, chroot_status, sbuild::log_exception_error(), and SIGNAL_CATCH.
Referenced by run_chroot(), and setup_chroot().