YARN-4245. Generalize config file handling in container-executor. Contributed by Sidharta Seethana.
This commit is contained in:
parent
e51a8c1056
commit
8ed2e060e8
@ -34,34 +34,22 @@
|
||||
|
||||
#define MAX_SIZE 10
|
||||
|
||||
struct confentry {
|
||||
const char *key;
|
||||
const char *value;
|
||||
};
|
||||
|
||||
struct configuration {
|
||||
int size;
|
||||
struct confentry **confdetails;
|
||||
};
|
||||
|
||||
struct configuration config={.size=0, .confdetails=NULL};
|
||||
|
||||
//clean up method for freeing configuration
|
||||
void free_configurations() {
|
||||
void free_configurations(struct configuration *cfg) {
|
||||
int i = 0;
|
||||
for (i = 0; i < config.size; i++) {
|
||||
if (config.confdetails[i]->key != NULL) {
|
||||
free((void *)config.confdetails[i]->key);
|
||||
for (i = 0; i < cfg->size; i++) {
|
||||
if (cfg->confdetails[i]->key != NULL) {
|
||||
free((void *)cfg->confdetails[i]->key);
|
||||
}
|
||||
if (config.confdetails[i]->value != NULL) {
|
||||
free((void *)config.confdetails[i]->value);
|
||||
if (cfg->confdetails[i]->value != NULL) {
|
||||
free((void *)cfg->confdetails[i]->value);
|
||||
}
|
||||
free(config.confdetails[i]);
|
||||
free(cfg->confdetails[i]);
|
||||
}
|
||||
if (config.size > 0) {
|
||||
free(config.confdetails);
|
||||
if (cfg->size > 0) {
|
||||
free(cfg->confdetails);
|
||||
}
|
||||
config.size = 0;
|
||||
cfg->size = 0;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -133,8 +121,8 @@ int check_configuration_permissions(const char* file_name) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
//function used to load the configurations present in the secure config
|
||||
void read_config(const char* file_name) {
|
||||
|
||||
void read_config(const char* file_name, struct configuration *cfg) {
|
||||
FILE *conf_file;
|
||||
char *line;
|
||||
char *equaltok;
|
||||
@ -152,9 +140,9 @@ void read_config(const char* file_name) {
|
||||
#endif
|
||||
|
||||
//allocate space for ten configuration items.
|
||||
config.confdetails = (struct confentry **) malloc(sizeof(struct confentry *)
|
||||
cfg->confdetails = (struct confentry **) malloc(sizeof(struct confentry *)
|
||||
* MAX_SIZE);
|
||||
config.size = 0;
|
||||
cfg->size = 0;
|
||||
conf_file = fopen(file_name, "r");
|
||||
if (conf_file == NULL) {
|
||||
fprintf(ERRORFILE, "Invalid conf file provided : %s \n", file_name);
|
||||
@ -196,9 +184,9 @@ void read_config(const char* file_name) {
|
||||
free(line);
|
||||
continue;
|
||||
}
|
||||
config.confdetails[config.size] = (struct confentry *) malloc(
|
||||
cfg->confdetails[cfg->size] = (struct confentry *) malloc(
|
||||
sizeof(struct confentry));
|
||||
if(config.confdetails[config.size] == NULL) {
|
||||
if(cfg->confdetails[cfg->size] == NULL) {
|
||||
fprintf(LOGFILE,
|
||||
"Failed allocating memory for single configuration item\n");
|
||||
goto cleanup;
|
||||
@ -208,10 +196,10 @@ void read_config(const char* file_name) {
|
||||
fprintf(LOGFILE, "read_config : Adding conf key : %s \n", equaltok);
|
||||
#endif
|
||||
|
||||
memset(config.confdetails[config.size], 0, sizeof(struct confentry));
|
||||
config.confdetails[config.size]->key = (char *) malloc(
|
||||
memset(cfg->confdetails[cfg->size], 0, sizeof(struct confentry));
|
||||
cfg->confdetails[cfg->size]->key = (char *) malloc(
|
||||
sizeof(char) * (strlen(equaltok)+1));
|
||||
strcpy((char *)config.confdetails[config.size]->key, equaltok);
|
||||
strcpy((char *)cfg->confdetails[cfg->size]->key, equaltok);
|
||||
equaltok = strtok_r(NULL, "=", &temp_equaltok);
|
||||
if (equaltok == NULL) {
|
||||
fprintf(LOGFILE, "configuration tokenization failed \n");
|
||||
@ -220,8 +208,8 @@ void read_config(const char* file_name) {
|
||||
//means value is commented so don't store the key
|
||||
if(equaltok[0] == '#') {
|
||||
free(line);
|
||||
free((void *)config.confdetails[config.size]->key);
|
||||
free(config.confdetails[config.size]);
|
||||
free((void *)cfg->confdetails[cfg->size]->key);
|
||||
free(cfg->confdetails[cfg->size]);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -229,27 +217,29 @@ void read_config(const char* file_name) {
|
||||
fprintf(LOGFILE, "read_config : Adding conf value : %s \n", equaltok);
|
||||
#endif
|
||||
|
||||
config.confdetails[config.size]->value = (char *) malloc(
|
||||
cfg->confdetails[cfg->size]->value = (char *) malloc(
|
||||
sizeof(char) * (strlen(equaltok)+1));
|
||||
strcpy((char *)config.confdetails[config.size]->value, equaltok);
|
||||
if((config.size + 1) % MAX_SIZE == 0) {
|
||||
config.confdetails = (struct confentry **) realloc(config.confdetails,
|
||||
sizeof(struct confentry **) * (MAX_SIZE + config.size));
|
||||
if (config.confdetails == NULL) {
|
||||
strcpy((char *)cfg->confdetails[cfg->size]->value, equaltok);
|
||||
if((cfg->size + 1) % MAX_SIZE == 0) {
|
||||
cfg->confdetails = (struct confentry **) realloc(cfg->confdetails,
|
||||
sizeof(struct confentry **) * (MAX_SIZE + cfg->size));
|
||||
if (cfg->confdetails == NULL) {
|
||||
fprintf(LOGFILE,
|
||||
"Failed re-allocating memory for configuration items\n");
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
if(config.confdetails[config.size] )
|
||||
config.size++;
|
||||
if(cfg->confdetails[cfg->size]) {
|
||||
cfg->size++;
|
||||
}
|
||||
|
||||
free(line);
|
||||
}
|
||||
|
||||
//close the file
|
||||
fclose(conf_file);
|
||||
|
||||
if (config.size == 0) {
|
||||
if (cfg->size == 0) {
|
||||
fprintf(ERRORFILE, "Invalid configuration provided in %s\n", file_name);
|
||||
exit(INVALID_CONFIG_FILE);
|
||||
}
|
||||
@ -262,7 +252,7 @@ void read_config(const char* file_name) {
|
||||
free(line);
|
||||
}
|
||||
fclose(conf_file);
|
||||
free_configurations();
|
||||
free_configurations(cfg);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -272,11 +262,11 @@ void read_config(const char* file_name) {
|
||||
* array, next time onwards used the populated array.
|
||||
*
|
||||
*/
|
||||
char * get_value(const char* key) {
|
||||
char * get_value(const char* key, struct configuration *cfg) {
|
||||
int count;
|
||||
for (count = 0; count < config.size; count++) {
|
||||
if (strcmp(config.confdetails[count]->key, key) == 0) {
|
||||
return strdup(config.confdetails[count]->value);
|
||||
for (count = 0; count < cfg->size; count++) {
|
||||
if (strcmp(cfg->confdetails[count]->key, key) == 0) {
|
||||
return strdup(cfg->confdetails[count]->value);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
@ -286,11 +276,21 @@ char * get_value(const char* key) {
|
||||
* Function to return an array of values for a key.
|
||||
* Value delimiter is assumed to be a ','.
|
||||
*/
|
||||
char ** get_values(const char * key) {
|
||||
char *value = get_value(key);
|
||||
char ** get_values(const char * key, struct configuration *cfg) {
|
||||
char *value = get_value(key, cfg);
|
||||
return extract_values_delim(value, ",");
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to return an array of values for a key, using the specified
|
||||
delimiter.
|
||||
*/
|
||||
char ** get_values_delim(const char * key, struct configuration *cfg,
|
||||
const char *delim) {
|
||||
char *value = get_value(key, cfg);
|
||||
return extract_values_delim(value, delim);
|
||||
}
|
||||
|
||||
char ** extract_values_delim(char *value, const char *delim) {
|
||||
char ** toPass = NULL;
|
||||
char *tempTok = NULL;
|
||||
|
@ -37,15 +37,33 @@ int check_configuration_permissions(const char* file_name);
|
||||
*/
|
||||
char *resolve_config_path(const char* file_name, const char *root);
|
||||
|
||||
// read the given configuration file
|
||||
void read_config(const char* config_file);
|
||||
// Config data structures.
|
||||
struct confentry {
|
||||
const char *key;
|
||||
const char *value;
|
||||
};
|
||||
|
||||
struct configuration {
|
||||
int size;
|
||||
struct confentry **confdetails;
|
||||
};
|
||||
|
||||
// read the given configuration file into the specified config struct.
|
||||
void read_config(const char* config_file, struct configuration *cfg);
|
||||
|
||||
//method exposed to get the configurations
|
||||
char *get_value(const char* key);
|
||||
char *get_value(const char* key, struct configuration *cfg);
|
||||
|
||||
//function to return array of values pointing to the key. Values are
|
||||
//comma seperated strings.
|
||||
char ** get_values(const char* key);
|
||||
char ** get_values(const char* key, struct configuration *cfg);
|
||||
|
||||
/**
|
||||
* Function to return an array of values for a key, using the specified
|
||||
delimiter.
|
||||
*/
|
||||
char ** get_values_delim(const char * key, struct configuration *cfg,
|
||||
const char *delim);
|
||||
|
||||
// Extracts array of values from the comma separated list of values.
|
||||
char ** extract_values(char *value);
|
||||
@ -56,7 +74,7 @@ char ** extract_values_delim(char *value, const char *delim);
|
||||
void free_values(char** values);
|
||||
|
||||
//method to free allocated configuration
|
||||
void free_configurations();
|
||||
void free_configurations(struct configuration *cfg);
|
||||
|
||||
/**
|
||||
* If str is a string of the form key=val, find 'key'
|
||||
|
@ -59,6 +59,8 @@ FILE* ERRORFILE = NULL;
|
||||
static uid_t nm_uid = -1;
|
||||
static gid_t nm_gid = -1;
|
||||
|
||||
struct configuration executor_cfg = {.size=0, .confdetails=NULL};
|
||||
|
||||
char *concatenate(char *concat_pattern, char *return_path_name,
|
||||
int numArgs, ...);
|
||||
|
||||
@ -67,6 +69,21 @@ void set_nm_uid(uid_t user, gid_t group) {
|
||||
nm_gid = group;
|
||||
}
|
||||
|
||||
//function used to load the configurations present in the secure config
|
||||
void read_executor_config(const char* file_name) {
|
||||
read_config(file_name, &executor_cfg);
|
||||
}
|
||||
|
||||
//function used to free executor configuration data
|
||||
void free_executor_configurations() {
|
||||
free_configurations(&executor_cfg);
|
||||
}
|
||||
|
||||
//Lookup nodemanager group from container executor configuration.
|
||||
char *get_nodemanager_group() {
|
||||
return get_value(NM_GROUP_KEY, &executor_cfg);
|
||||
}
|
||||
|
||||
/**
|
||||
* get the executable filename.
|
||||
*/
|
||||
@ -658,7 +675,7 @@ static struct passwd* get_user_info(const char* user) {
|
||||
}
|
||||
|
||||
int is_whitelisted(const char *user) {
|
||||
char **whitelist = get_values(ALLOWED_SYSTEM_USERS_KEY);
|
||||
char **whitelist = get_values(ALLOWED_SYSTEM_USERS_KEY, &executor_cfg);
|
||||
char **users = whitelist;
|
||||
if (whitelist != NULL) {
|
||||
for(; *users; ++users) {
|
||||
@ -686,7 +703,7 @@ struct passwd* check_user(const char *user) {
|
||||
fflush(LOGFILE);
|
||||
return NULL;
|
||||
}
|
||||
char *min_uid_str = get_value(MIN_USERID_KEY);
|
||||
char *min_uid_str = get_value(MIN_USERID_KEY, &executor_cfg);
|
||||
int min_uid = DEFAULT_MIN_USERID;
|
||||
if (min_uid_str != NULL) {
|
||||
char *end_ptr = NULL;
|
||||
@ -713,7 +730,7 @@ struct passwd* check_user(const char *user) {
|
||||
free(user_info);
|
||||
return NULL;
|
||||
}
|
||||
char **banned_users = get_values(BANNED_USERS_KEY);
|
||||
char **banned_users = get_values(BANNED_USERS_KEY, &executor_cfg);
|
||||
banned_users = banned_users == NULL ?
|
||||
(char**) DEFAULT_BANNED_USERS : banned_users;
|
||||
char **banned_user = banned_users;
|
||||
@ -1062,7 +1079,7 @@ char* parse_docker_command_file(const char* command_file) {
|
||||
|
||||
int run_docker(const char *command_file) {
|
||||
char* docker_command = parse_docker_command_file(command_file);
|
||||
char* docker_binary = get_value(DOCKER_BINARY_KEY);
|
||||
char* docker_binary = get_value(DOCKER_BINARY_KEY, &executor_cfg);
|
||||
char* docker_command_with_binary = calloc(sizeof(char), EXECUTOR_PATH_MAX);
|
||||
snprintf(docker_command_with_binary, EXECUTOR_PATH_MAX, "%s %s", docker_binary, docker_command);
|
||||
char **args = extract_values_delim(docker_command_with_binary, " ");
|
||||
@ -1224,7 +1241,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
|
||||
char buffer[BUFFER_SIZE];
|
||||
|
||||
char *docker_command = parse_docker_command_file(command_file);
|
||||
char *docker_binary = get_value(DOCKER_BINARY_KEY);
|
||||
char *docker_binary = get_value(DOCKER_BINARY_KEY, &executor_cfg);
|
||||
if (docker_binary == NULL) {
|
||||
docker_binary = "docker";
|
||||
}
|
||||
|
@ -95,10 +95,15 @@ extern FILE *LOGFILE;
|
||||
// the log file for error messages
|
||||
extern FILE *ERRORFILE;
|
||||
|
||||
|
||||
// get the executable's filename
|
||||
char* get_executable();
|
||||
|
||||
//function used to load the configurations present in the secure config
|
||||
void read_executor_config(const char* file_name);
|
||||
|
||||
//Lookup nodemanager group from container executor configuration.
|
||||
char *get_nodemanager_group();
|
||||
|
||||
/**
|
||||
* Check the permissions on the container-executor to make sure that security is
|
||||
* permissible. For this, we need container-executor binary to
|
||||
@ -111,6 +116,12 @@ char* get_executable();
|
||||
*/
|
||||
int check_executor_permissions(char *executable_file);
|
||||
|
||||
//function used to load the configurations present in the secure config.
|
||||
void read_executor_config(const char* file_name);
|
||||
|
||||
//function used to free executor configuration data
|
||||
void free_executor_configurations();
|
||||
|
||||
// initialize the application directory
|
||||
int initialize_app(const char *user, const char *app_id,
|
||||
const char *credentials, char* const* local_dirs,
|
||||
|
@ -112,11 +112,11 @@ static void assert_valid_setup(char *current_executable) {
|
||||
flush_and_close_log_files();
|
||||
exit(INVALID_CONFIG_FILE);
|
||||
}
|
||||
read_config(conf_file);
|
||||
read_executor_config(conf_file);
|
||||
free(conf_file);
|
||||
|
||||
// look up the node manager group in the config file
|
||||
char *nm_group = get_value(NM_GROUP_KEY);
|
||||
char *nm_group = get_nodemanager_group();
|
||||
if (nm_group == NULL) {
|
||||
fprintf(ERRORFILE, "Can't get configured value for %s.\n", NM_GROUP_KEY);
|
||||
flush_and_close_log_files();
|
||||
|
@ -873,7 +873,7 @@ int main(int argc, char **argv) {
|
||||
if (write_config_file(TEST_ROOT "/test.cfg", 1) != 0) {
|
||||
exit(1);
|
||||
}
|
||||
read_config(TEST_ROOT "/test.cfg");
|
||||
read_executor_config(TEST_ROOT "/test.cfg");
|
||||
|
||||
local_dirs = extract_values(strdup(NM_LOCAL_DIRS));
|
||||
log_dirs = extract_values(strdup(NM_LOG_DIRS));
|
||||
@ -945,14 +945,14 @@ int main(int argc, char **argv) {
|
||||
seteuid(0);
|
||||
// test_delete_user must run as root since that's how we use the delete_as_user
|
||||
test_delete_user();
|
||||
free_configurations();
|
||||
free_executor_configurations();
|
||||
|
||||
printf("\nTrying banned default user()\n");
|
||||
if (write_config_file(TEST_ROOT "/test.cfg", 0) != 0) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
read_config(TEST_ROOT "/test.cfg");
|
||||
read_executor_config(TEST_ROOT "/test.cfg");
|
||||
username = "bin";
|
||||
test_check_user(1);
|
||||
|
||||
@ -963,6 +963,6 @@ int main(int argc, char **argv) {
|
||||
printf("\nFinished tests\n");
|
||||
|
||||
free(current_username);
|
||||
free_configurations();
|
||||
free_executor_configurations();
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user