#include <sbuild-session.h>
Public Types | |
enum | operation { OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RECOVER, OPERATION_END, OPERATION_RUN } |
Session operations. More... | |
enum | error_code { CHDIR, CHDIR_FB, CHILD_CORE, CHILD_FAIL, CHILD_FORK, CHILD_SIGNAL, CHILD_WAIT, CHROOT, CHROOT_ALIAS, CHROOT_LOCK, CHROOT_NOTFOUND, CHROOT_SETUP, CHROOT_UNLOCK, COMMAND_ABS, EXEC, GROUP_GET_SUP, GROUP_GET_SUPC, GROUP_SET, GROUP_SET_SUP, GROUP_UNKNOWN, PAM, ROOT_DROP, SET_SESSION_ID, SHELL, SHELL_FB, SIGNAL_CATCH, SIGNAL_SET, USER_SET, USER_SWITCH } |
Error codes. More... | |
typedef std::vector< chroot::ptr > | chroot_list |
A list of chroots. | |
typedef custom_error< error_code > | error |
Exception type. | |
typedef std::tr1::shared_ptr < session > | ptr |
A shared_ptr to a session object. | |
Public Member Functions | |
session (std::string const &service, operation operation, chroot_list const &chroots) | |
The constructor. | |
virtual | ~session () |
The destructor. | |
auth::ptr const & | get_auth () const |
Get the authentication state associated with this session. | |
void | set_auth (auth::ptr &auth) |
Set the authentication state associated with this session. | |
chroot_list const & | get_chroots () const |
Get the chroots to use in this session. | |
void | set_chroots (chroot_list const &chroots) |
Set the chroots to use in this session. | |
operation | get_operation () const |
Get the operation this session will perform. | |
void | set_operation (operation operation) |
Set the operation this session will perform. | |
std::string const & | get_session_id () const |
Get the session identifier. | |
void | set_session_id (std::string const &session_id) |
Set the session identifier. | |
std::string const & | get_verbosity () const |
Get the message verbosity. | |
void | set_verbosity (std::string const &verbosity) |
Set the message verbosity. | |
bool | get_preserve_environment () const |
Check if the environment should be preserved in the chroot. | |
void | set_preserve_environment (bool preserve_environment) |
Set if the environment should be preserved in the chroot. | |
bool | get_force () const |
Get the force status of this session. | |
void | set_force (bool force) |
Set the force status of this session. | |
void | save_termios () |
Save terminal state. | |
void | restore_termios () |
Restore terminal state. | |
int | get_child_status () const |
Get the exit (wait) status of the last child process to run in this session. | |
virtual sbuild::auth::status | get_auth_status () const |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account. | |
void | run () |
Run a session. | |
Protected Member Functions | |
void | get_chroot_membership (chroot::ptr const &chroot, bool &in_users, bool &in_root_users, bool &in_groups, bool &in_root_groups) const |
Get the chroot authentication properties the user is included in. | |
virtual auth::status | get_chroot_auth_status (auth::status status, chroot::ptr const &chroot) const |
Check if authentication is required for a single chroot, taking users, groups, root-users and root-groups membership into account. | |
virtual void | run_impl () |
Run a session. | |
virtual string_list | get_login_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const |
Get a list of directories to change to when running a login shell. | |
virtual string_list | get_command_directories (sbuild::chroot::ptr &session_chroot, environment const &env) const |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks. | |
virtual std::string | get_shell () const |
Get the shell to run. | |
virtual void | get_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment const &env) const |
Get the command to run. | |
virtual void | get_login_command (chroot::ptr &session_chroot, std::string &file, string_list &command) const |
Get the command to run a login shell. | |
virtual void | get_user_command (chroot::ptr &session_chroot, std::string &file, string_list &command, environment const &env) const |
Get the command to run a user command. | |
Protected Attributes | |
std::string | cwd |
Current working directory. | |
Private Member Functions | |
void | setup_chroot (chroot::ptr &session_chroot, chroot::setup_type setup_type) |
Setup a chroot. | |
void | run_chroot (chroot::ptr &session_chroot) |
Run command or login shell in the specified chroot. | |
void | run_child (chroot::ptr &session_chroot) |
Run a command or login shell as a child process in the specified chroot. | |
void | wait_for_child (pid_t pid, int &child_status) |
Wait for a child process to complete, and check its exit status. | |
void | set_sighup_handler () |
Set the SIGHUP handler. | |
void | clear_sighup_handler () |
Restore the state of SIGHUP prior to setting the handler. | |
void | set_sigint_handler () |
Set the SIGINT handler. | |
void | clear_sigint_handler () |
Restore the state of SIGINT prior to setting the handler. | |
void | set_sigterm_handler () |
Set the SIGTERM handler. | |
void | clear_sigterm_handler () |
Restore the state of SIGTERM prior to setting the handler. | |
void | set_signal_handler (int signal, struct sigaction *saved_signal, void(*handler)(int)) |
Set a signal handler. | |
void | clear_signal_handler (int signal, struct sigaction *saved_signal) |
Restore the state of the signal prior to setting the handler. | |
Private Attributes | |
auth::ptr | authstat |
Authentication state. | |
chroot_list | chroots |
The chroots to run the session operation in. | |
int | chroot_status |
The current chroot status. | |
bool | lock_status |
Lock status for locks acquired during chroot setup. | |
int | child_status |
The child exit status. | |
operation | session_operation |
The session operation to perform. | |
std::string | session_id |
The session identifier. | |
bool | force |
The session force status. | |
struct sigaction | saved_sighup_signal |
Signal saved while sighup handler is set. | |
struct sigaction | saved_sigint_signal |
Signal saved while sigint handler is set. | |
struct sigaction | saved_sigterm_signal |
Signal saved while sigterm handler is set. | |
struct termios | saved_termios |
Saved terminal settings. | |
bool | termios_ok |
Are the saved terminal settings valid? | |
std::string | verbosity |
Message verbosity. | |
bool | preserve_environment |
Preserve environment? |
This class provides the session handling for schroot. It uses auth, which performs all the necessary PAM actions. This allows more sophisticated handling of user authorisation (users, groups, root-users and root-groups membership in the configuration file) and session management (setting up the session, entering the chroot and running the requested command or shell).
Error codes.
CHDIR | Failed to change to directory. |
CHDIR_FB | Falling back to directory. |
CHILD_CORE | Child dumped core. |
CHILD_FAIL | Child exited abnormally (reason unknown). |
CHILD_FORK | Failed to fork child. |
CHILD_SIGNAL | Child terminated by signal. |
CHILD_WAIT | Wait for child failed. |
CHROOT | Failed to change root to directory. |
CHROOT_ALIAS | No chroot found matching alias. |
CHROOT_LOCK | Failed to lock chroot. |
CHROOT_NOTFOUND | Chroot not found. |
CHROOT_SETUP | Setup failed. |
CHROOT_UNLOCK | Failed to unlock chroot. |
COMMAND_ABS | Command must have an absolute path. |
EXEC | Failed to execute. |
GROUP_GET_SUP | Failed to get supplementary groups. |
GROUP_GET_SUPC | Failed to get supplementary group count. |
GROUP_SET | Failed to set group. |
GROUP_SET_SUP | Failed to set supplementary groups. |
GROUP_UNKNOWN | Group not found. |
PAM | PAM error. |
ROOT_DROP | Failed to drop root permissions. |
SET_SESSION_ID | Chroot does not support setting a session ID. |
SHELL | Shell not available. |
SHELL_FB | Falling back to shell. |
SIGNAL_CATCH | Caught signal. |
SIGNAL_SET | Failed to set signal handler. |
USER_SET | Failed to set user. |
USER_SWITCH | User switching is not permitted. |
session::session | ( | std::string const & | service, | |
operation | operation, | |||
chroot_list const & | chroots | |||
) |
The constructor.
service | the PAM service name. | |
operation | the session operation to perform. | |
chroots | the chroots to act upon. |
References sbuild::getcwd().
auth::ptr const & session::get_auth | ( | ) | const |
void session::set_auth | ( | auth::ptr & | auth | ) |
session::chroot_list const & session::get_chroots | ( | ) | const |
void session::set_chroots | ( | chroot_list const & | chroots | ) |
session::operation session::get_operation | ( | ) | const |
void session::set_operation | ( | operation | operation | ) |
Set the operation this session will perform.
operation | the operation. |
References session_operation.
std::string const & session::get_session_id | ( | ) | const |
Get the session identifier.
The session identifier is a unique string to identify a session.
References session_id.
Referenced by run_impl().
void session::set_session_id | ( | std::string const & | session_id | ) |
std::string const & session::get_verbosity | ( | ) | const |
void session::set_verbosity | ( | std::string const & | verbosity | ) |
Set the message verbosity.
This will override the chroot message verbosity if set.
verbosity | the message verbosity. |
bool session::get_preserve_environment | ( | ) | const |
Check if the environment should be preserved in the chroot.
References preserve_environment.
Referenced by get_login_command(), and run_child().
void session::set_preserve_environment | ( | bool | preserve_environment | ) |
Set if the environment should be preserved in the chroot.
preserve_environment | true to preserve or false to clean. |
bool session::get_force | ( | ) | const |
void session::set_force | ( | bool | force | ) |
int session::get_child_status | ( | ) | const |
Get the exit (wait) status of the last child process to run in this session.
References child_status.
auth::status session::get_auth_status | ( | ) | const [virtual] |
Check if authentication is required, taking users, groups, root-users and root-groups membership of all chroots specified into account.
References sbuild::auth::change_auth(), chroots, get_chroot_auth_status(), and sbuild::auth::STATUS_NONE.
Referenced by run().
void session::run | ( | ) |
Run a session.
The user will be asked for authentication if required, and then the run_impl virtual method will be called.
An auth::error will be thrown on failure.
References authstat, get_auth_status(), and run_impl().
void session::run_impl | ( | ) | [protected, virtual] |
Run a session.
If a command has been specified, this will be run in each of the specified chroots. If no command has been specified, a login shell will run in the specified chroot.
An error will be thrown on failure.
References authstat, child_status, CHROOT_NOTFOUND, chroots, clear_sighup_handler(), clear_sigint_handler(), clear_sigterm_handler(), sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, get_chroot_membership(), get_session_id(), sbuild::log_debug(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_RUN, restore_termios(), run_chroot(), save_termios(), sbuild::chroot::SESSION_CREATE, session_operation, set_sighup_handler(), set_sigint_handler(), set_sigterm_handler(), setup_chroot(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::unique_identifier(), and verbosity.
Referenced by run().
string_list session::get_login_directories | ( | sbuild::chroot::ptr & | session_chroot, | |
environment const & | env | |||
) | const [protected, virtual] |
Get a list of directories to change to when running a login shell.
Multiple directories are used as fallbacks.
session_chroot | the chroot to setup. | |
env | the environment to use for HOME |
References authstat, cwd, and sbuild::environment::get().
Referenced by run_child().
string_list session::get_command_directories | ( | sbuild::chroot::ptr & | session_chroot, | |
environment const & | env | |||
) | const [protected, virtual] |
Get a list of directories to change to when running a command Multiple directories are used as fallbacks.
session_chroot | the chroot to setup. | |
env | the environment to use for HOME |
Referenced by run_child().
std::string session::get_shell | ( | ) | const [protected, virtual] |
Get the shell to run.
This finds a suitable shell to run in the chroot, falling back to /bin/sh if necessary. Note that it assumes it is inside the chroot when called.
References authstat, sbuild::log_exception_warning(), SHELL, and SHELL_FB.
Referenced by get_login_command(), and run_child().
void session::get_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command, | |||
environment const & | env | |||
) | const [protected, virtual] |
Get the command to run.
session_chroot | the chroot to setup. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). | |
env | the environment to use for PATH |
References get_login_command(), and get_user_command().
Referenced by run_child().
void session::get_login_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command | |||
) | const [protected, virtual] |
Get the command to run a login shell.
session_chroot | the chroot to setup. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). |
References authstat, sbuild::basename(), sbuild::DEBUG_NOTICE, get_preserve_environment(), get_shell(), sbuild::log_debug(), sbuild::log_info(), and sbuild::chroot::VERBOSITY_VERBOSE.
Referenced by get_command().
void session::get_user_command | ( | chroot::ptr & | session_chroot, | |
std::string & | file, | |||
string_list & | command, | |||
environment const & | env | |||
) | const [protected, virtual] |
Get the command to run a user command.
session_chroot | the chroot to setup. | |
file | the filename to pass to execve(2). | |
command | the argv to pass to execve(2). | |
env | the environment to use for PATH |
References authstat, sbuild::DEBUG_NOTICE, sbuild::find_program_in_path(), sbuild::environment::get(), sbuild::log_debug(), sbuild::log_info(), sbuild::string_list_to_string(), and sbuild::chroot::VERBOSITY_VERBOSE.
Referenced by get_command().
void session::setup_chroot | ( | chroot::ptr & | session_chroot, | |
chroot::setup_type | setup_type | |||
) | [private] |
Setup a chroot.
This runs all of the commands in setup.d or run.d.
The environment variables CHROOT_NAME, CHROOT_DESCRIPTION, CHROOT_LOCATION, AUTH_USER and AUTH_VERBOSITY are set for use in setup scripts. See schroot-setup(5) for a complete list.
An error will be thrown on failure.
session_chroot | the chroot to setup. | |
setup_type | the type of setup to perform. |
References sbuild::environment::add(), authstat, CHILD_FORK, CHROOT_LOCK, CHROOT_SETUP, chroot_status, CHROOT_UNLOCK, sbuild::DEBUG_INFO, lock_status, sbuild::log_debug(), sbuild::log_error(), sbuild::log_exception_error(), OPERATION_AUTOMATIC, OPERATION_BEGIN, OPERATION_END, OPERATION_RECOVER, sbuild::run_parts::run(), session_operation, sbuild::run_parts::set_reverse(), sbuild::run_parts::set_verbose(), sbuild::chroot::SETUP_RECOVER, sbuild::chroot::SETUP_START, sbuild::chroot::SETUP_STOP, sbuild::chroot::VERBOSITY_VERBOSE, and wait_for_child().
Referenced by run_impl().
void session::run_chroot | ( | chroot::ptr & | session_chroot | ) | [private] |
Run command or login shell in the specified chroot.
An error will be thrown on failure.
session_chroot | the chroot to setup. |
References CHILD_FORK, child_status, sbuild::log_error(), sbuild::log_exception_error(), run_child(), and wait_for_child().
Referenced by run_impl().
void session::run_child | ( | chroot::ptr & | session_chroot | ) | [private] |
Run a command or login shell as a child process in the specified chroot.
This method is only ever to be run in a child process, and will never return.
session_chroot | the chroot to setup. |
References authstat, CHDIR, CHDIR_FB, CHROOT, cwd, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, EXEC, sbuild::exec(), sbuild::find_program_in_path(), get_command(), get_command_directories(), get_login_directories(), get_preserve_environment(), get_shell(), sbuild::getcwd(), GROUP_SET, GROUP_SET_SUP, sbuild::log_debug(), sbuild::log_exception_warning(), ROOT_DROP, sbuild::string_list_to_string(), and USER_SET.
Referenced by run_chroot().
void session::wait_for_child | ( | pid_t | pid, | |
int & | child_status | |||
) | [private] |
Wait for a child process to complete, and check its exit status.
An error will be thrown on failure.
pid | the pid to wait for. | |
child_status | the place to store the child exit status. |
References CHILD_CORE, CHILD_FAIL, CHILD_SIGNAL, CHILD_WAIT, chroot_status, sbuild::log_exception_error(), and SIGNAL_CATCH.
Referenced by run_chroot(), and setup_chroot().
void session::set_sighup_handler | ( | ) | [private] |
Set the SIGHUP handler.
An error will be thrown on failure.
References saved_sighup_signal, and set_signal_handler().
Referenced by run_impl().
void session::set_sigint_handler | ( | ) | [private] |
Set the SIGINT handler.
An error will be thrown on failure.
References saved_sigint_signal, and set_signal_handler().
Referenced by run_impl().
void session::set_sigterm_handler | ( | ) | [private] |
Set the SIGTERM handler.
An error will be thrown on failure.
References saved_sigterm_signal, and set_signal_handler().
Referenced by run_impl().
void session::set_signal_handler | ( | int | signal, | |
struct sigaction * | saved_signal, | |||
void(*)(int) | handler | |||
) | [private] |
Set a signal handler.
An error will be thrown on failure.
signal | the signal number. | |
saved_signal | the location to save the current handler. | |
handler | the signal handler to install. |
References SIGNAL_SET.
Referenced by set_sighup_handler(), set_sigint_handler(), and set_sigterm_handler().
void session::clear_signal_handler | ( | int | signal, | |
struct sigaction * | saved_signal | |||
) | [private] |
Restore the state of the signal prior to setting the handler.
signal | the signal number. | |
saved_signal | the location from which to restore the saved handler. |
Referenced by clear_sighup_handler(), clear_sigint_handler(), and clear_sigterm_handler().