From 67574e1c7f067b30026139e92e6d1ee00a289f9a Mon Sep 17 00:00:00 2001 From: David McKnight Date: Thu, 15 Oct 2009 14:49:22 +0000 Subject: [PATCH] [287305] [dstore] Need to set proper uid for commands when using SecuredThread and single server for multiple clients[ --- .../miners/command/CommandMinerThread.java | 216 +++++++++++------- .../miners/command/OutputHandler.java | 7 +- 2 files changed, 132 insertions(+), 91 deletions(-) diff --git a/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/CommandMinerThread.java b/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/CommandMinerThread.java index 83fc0a108c8..cb7390dfc65 100644 --- a/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/CommandMinerThread.java +++ b/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/CommandMinerThread.java @@ -23,6 +23,7 @@ * David McKnight (IBM) [284179] [dstore] commands have a hard coded line length limit of 100 characters * David McKnight (IBM) - [286671] Dstore shell service interprets < and > sequences * David McKnight (IBM) [290743] [dstore][shells] allow bash shells and custom shell invocation + * David McKnight (IBM) [287305] [dstore] Need to set proper uid for commands when using SecuredThread and single server for multiple clients[ *******************************************************************************/ package org.eclipse.rse.internal.dstore.universal.miners.command; @@ -42,6 +43,7 @@ import java.util.Hashtable; import java.util.List; import org.eclipse.dstore.core.miners.MinerThread; +import org.eclipse.dstore.core.model.Client; import org.eclipse.dstore.core.model.DE; import org.eclipse.dstore.core.model.DataElement; import org.eclipse.dstore.core.model.DataStoreAttributes; @@ -98,6 +100,7 @@ public class CommandMinerThread extends MinerThread _isDone = false; _status = status; _descriptors = descriptors; + boolean isBash = false; _subject = theElement; @@ -132,14 +135,23 @@ public class CommandMinerThread extends MinerThread } try - { - String userHome = null; - if (_dataStore.getClient() != null){ - userHome = _dataStore.getClient().getProperty("user.home");//$NON-NLS-1$ - } - else { - userHome = System.getProperty("user.home");//$NON-NLS-1$ + { + String suCommand = null; + String userHome = null; + Client client = _dataStore.getClient(); + + if (client != null){ + String clientActualUserId = client.getProperty("user.name");//$NON-NLS-1$ + String clientUserId = client.getUserid(); + + userHome = client.getProperty("user.home");//$NON-NLS-1$ + if (clientUserId != null && !clientActualUserId.equals(clientUserId)){ + suCommand = "su " + clientUserId + " -c "; //$NON-NLS-1$ + } } + else { + userHome = System.getProperty("user.home");//$NON-NLS-1$ + } _cwdStr = theElement.getSource(); if (_cwdStr == null || _cwdStr.length() == 0) @@ -176,12 +188,16 @@ public class CommandMinerThread extends MinerThread { _isTTY = false; } + + + + + _patterns.setIsTerminal(_isTTY); String property = "SHELL="; //$NON-NLS-1$ String[] env = getEnvironment(_subject); - boolean isBash = false; boolean isBashonZ = false; boolean isSHonZ = false; @@ -229,17 +245,20 @@ public class CommandMinerThread extends MinerThread if (_invocation.equals(">")) //$NON-NLS-1$ { _invocation = "sh"; //$NON-NLS-1$ + _isShell = true; if (isZ) isSHonZ = true; } + + if (_isTTY) { if (isSHonZ) - { + { String args[] = new String[3]; args[0] = PSEUDO_TERMINAL; - args[1] = _invocation; + args[1] = "sh"; //$NON-NLS-1$ args[2] = "-L"; //$NON-NLS-1$ try { @@ -252,14 +271,28 @@ public class CommandMinerThread extends MinerThread } else { - String args[] = new String[2]; - args[0] = PSEUDO_TERMINAL; - args[1] = _invocation; + List argsList = new ArrayList(); + + if (suCommand != null){ + String[] suSplit = suCommand.split(" "); //$NON-NLS-1$ + for (int i = 0; i < suSplit.length; i++){ // su before terminal + argsList.add(suSplit[i]); + } + } + argsList.add(PSEUDO_TERMINAL); + argsList.add(invocation); + + + String args[] = (String[])argsList.toArray(new String[argsList.size()]); _theProcess = Runtime.getRuntime().exec(args, env, theDirectory); } } else { + //VRB: for Linux on System z we end up here + if (suCommand!=null) + _invocation = suCommand + _invocation; + _theProcess = Runtime.getRuntime().exec(_invocation, env, theDirectory); } } @@ -268,51 +301,51 @@ public class CommandMinerThread extends MinerThread if (_invocation.equals(">")) //$NON-NLS-1$ { _invocation = theShell; - + + _isShell = true; if (_isTTY) { - String args[] = null; - if (isBashonZ) - { - args = new String[5]; - args[0] = PSEUDO_TERMINAL; - args[1] = "-w"; //$NON-NLS-1$ - args[2] = "256"; //$NON-NLS-1$ - args[3] = _invocation; - args[4] = "--login"; //$NON-NLS-1$ + List argsList = new ArrayList(); + + if (!isBashonZ && !isSHonZ && suCommand != null){ + // su before starting rseterm + String[] suArgs = suCommand.split(" "); //$NON-NLS-1$ + for (int i = 0; i < suArgs.length; i++){ + argsList.add(suArgs[i]); + } + } + argsList.add(PSEUDO_TERMINAL); + + if (!isBashonZ && !isSHonZ && suCommand != null){ + // need sh -c before invocation + argsList.add("sh"); //$NON-NLS-1$ + argsList.add("-c"); //$NON-NLS-1$ + } + else { + + argsList.add("-w"); //$NON-NLS-1$ + argsList.add(""+_maxLineLength); //$NON-NLS-1$ + } + + argsList.add(_invocation); + + if (isBashonZ){ + argsList.add("--login"); //$NON-NLS-1$ didLogin = true; - } - else if (isBash) - { - args = new String[5]; - args[0] = PSEUDO_TERMINAL; - args[1] = "-w"; //$NON-NLS-1$ - args[2] = "256"; //$NON-NLS-1$ - args[3] = _invocation; - args[4] = "-l"; //$NON-NLS-1$ + } + else if (isBash){ + argsList.add("-l"); //$NON-NLS-1$ didLogin = true; - } - else if (isSHonZ) - { - args = new String[5]; - args[0] = PSEUDO_TERMINAL; - args[1] = "-w"; //$NON-NLS-1$ - args[2] = "256"; //$NON-NLS-1$ - args[3] = _invocation; - args[4] = "-L"; //$NON-NLS-1$ + } + else if (isSHonZ){ + argsList.add("-L"); //$NON-NLS-1$ didLogin = true; - } - else - { - args = new String[4]; - args[0] = PSEUDO_TERMINAL; - args[1] = "-w"; //$NON-NLS-1$ - args[2] = "256"; //$NON-NLS-1$ - args[3] = _invocation; - } - + } + + String args[] = (String[])argsList.toArray(new String[argsList.size()]); + try { _theProcess = Runtime.getRuntime().exec(args, env, theDirectory); } @@ -323,6 +356,10 @@ public class CommandMinerThread extends MinerThread } else { + if (!isBashonZ && !isSHonZ && suCommand != null){ + _invocation = suCommand + _invocation; + } + if (customShellInvocation != null && customShellInvocation.length() > 0){ // all handled in the custom shell invocation _theProcess = Runtime.getRuntime().exec(_invocation, env, theDirectory); @@ -352,32 +389,21 @@ public class CommandMinerThread extends MinerThread } else { - _isTTY = false; - - - - //String[] inv = parseArgs(_invocation); - if (_isTTY) - { - String args[] = new String[4]; - args[0] = PSEUDO_TERMINAL; - args[1] = theShell; - args[2] = "-c"; //$NON-NLS-1$ - args[3] = _invocation; - - _theProcess = Runtime.getRuntime().exec(args, env, theDirectory); + if (suCommand != null){ + theShell = suCommand + theShell; } - else - { - - String args[] = new String[3]; - args[0] = theShell; - args[1] = "-c"; //$NON-NLS-1$ - args[2] = _invocation; - - - _theProcess = Runtime.getRuntime().exec(args, env, theDirectory); + + List argsList = new ArrayList(); + + String[] shellArray = theShell.split(" "); //$NON-NLS-1$ + for (int i = 0; i < shellArray.length; i++){ + argsList.add(shellArray[i]); } + argsList.add("-c"); //$NON-NLS-1$ + argsList.add(_invocation); + + String args[] = (String[])argsList.toArray(new String[argsList.size()]); + _theProcess = Runtime.getRuntime().exec(args, env, theDirectory); } } } @@ -472,10 +498,19 @@ public class CommandMinerThread extends MinerThread _stdOutputHandler.setDataStore(_dataStore); _stdErrorHandler.start(); - if (didLogin && !userHome.equals(_cwdStr)) + // initialization + if (didLogin || _isTTY) { + String initCmd = ""; //$NON-NLS-1$ + if (_isTTY){ + initCmd = "export PS1='$PWD>';" ; //$NON-NLS-1$ + } + if (didLogin && !userHome.equals(_cwdStr)){ + initCmd += "cd " + _cwdStr; //$NON-NLS-1$ + } + // need to CD to the correct directory - final String cdCmd = "cd " + _cwdStr; //$NON-NLS-1$ + final String finitCmd = initCmd; Thread cdThread = new Thread( new Runnable() { @@ -490,7 +525,7 @@ public class CommandMinerThread extends MinerThread { } - sendInput(cdCmd); + sendInput(finitCmd); } }); cdThread.start(); @@ -506,7 +541,7 @@ public class CommandMinerThread extends MinerThread catch (IOException e) { _theProcess = null; - e.printStackTrace(); + _dataStore.trace(e); createObject("command", e.getMessage()); //$NON-NLS-1$ status.setAttribute(DE.A_NAME, "done"); //$NON-NLS-1$ return; @@ -650,11 +685,13 @@ public class CommandMinerThread extends MinerThread if (!_isWindows && (input.startsWith("cd ") || input.equals("cd"))) //$NON-NLS-1$ //$NON-NLS-2$ { - queryCWD(); + if (!_isTTY) + queryCWD(); } else if (!_didInitialCWDQuery) { - queryCWD(); + if (!_isTTY) + queryCWD(); } if (!_isWindows && !_isTTY) { @@ -732,8 +769,11 @@ public class CommandMinerThread extends MinerThread if (_isTTY) { - varTable.put("PS1","$PWD/>"); //$NON-NLS-1$ //$NON-NLS-2$ - varTable.put("COLUMNS","256"); //$NON-NLS-1$ //$NON-NLS-2$ + varTable.put("PS1","'$PWD/>'"); //$NON-NLS-1$ //$NON-NLS-2$ + + //if (_maxLineLength ) + + varTable.put("COLUMNS","" + _maxLineLength); //$NON-NLS-1$ //$NON-NLS-2$ } @@ -846,7 +886,7 @@ public class CommandMinerThread extends MinerThread } catch (Throwable e) { - e.printStackTrace(); + _dataStore.trace(e); } return theValue.toString(); } @@ -992,7 +1032,7 @@ public class CommandMinerThread extends MinerThread } } catch (IllegalThreadStateException e) - { //e.printStackTrace(); + { exitcode = -1; _theProcess.destroy(); } @@ -1027,7 +1067,7 @@ public class CommandMinerThread extends MinerThread } catch (IOException e) { - e.printStackTrace(); + _dataStore.trace(e); } } @@ -1118,7 +1158,7 @@ public class CommandMinerThread extends MinerThread } catch (Throwable e) { - e.printStackTrace(); + _dataStore.trace(e); } if (parsedMsg == null) { @@ -1175,7 +1215,7 @@ public class CommandMinerThread extends MinerThread } catch (NumberFormatException e) { - e.printStackTrace(); + _dataStore.trace(e); } } } diff --git a/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/OutputHandler.java b/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/OutputHandler.java index ec9f6cb78eb..069d0ab0374 100644 --- a/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/OutputHandler.java +++ b/rse/plugins/org.eclipse.rse.services.dstore/miners/org/eclipse/rse/internal/dstore/universal/miners/command/OutputHandler.java @@ -17,6 +17,7 @@ * David McKnight (IBM) [249715] [dstore][shells] Unix shell does not echo command * David McKnight (IBM) - [282919] [dstore] server shutdown results in exception in shell io reading * David McKnight (IBM) - [286671] Dstore shell service interprets < and > sequences + * David McKnight (IBM) [287305] [dstore] Need to set proper uid for commands when using SecuredThread and single server for multiple clients[ *******************************************************************************/ package org.eclipse.rse.internal.dstore.universal.miners.command; @@ -153,7 +154,7 @@ public class OutputHandler extends Handler { } } } catch (IOException e) { - e.printStackTrace(); + _commandThread._dataStore.trace(e); } } @@ -317,11 +318,11 @@ public class OutputHandler extends Handler { return output; } } catch (Exception e) { - e.printStackTrace(); + _commandThread._dataStore.trace(e); } } } catch (Exception e) { - e.printStackTrace(); + _commandThread._dataStore.trace(e); } return output; }