From b3bd744ef484110a6b9ffd4c6fed723d19c96c4b Mon Sep 17 00:00:00 2001 From: eleonore12345 Date: Fri, 9 Aug 2024 18:11:36 +0200 Subject: [PATCH] added user creation and deploy as in BashModule --- src/BashModule.cpp | 116 ++++++++++++++++--- src/main.cpp | 1 - testenv/services/test.sh8s.sh/deploy.sh | 0 testenv/services/test.sh8s.sh/deploy_user.sh | 3 +- 4 files changed, 99 insertions(+), 21 deletions(-) mode change 100644 => 100755 testenv/services/test.sh8s.sh/deploy.sh diff --git a/src/BashModule.cpp b/src/BashModule.cpp index 955a3cd..aedbf02 100644 --- a/src/BashModule.cpp +++ b/src/BashModule.cpp @@ -6,6 +6,7 @@ #include #include #include +#include #include "BashModule.h" #include "BashManager.h" @@ -21,26 +22,97 @@ BashModule::BashModule() int BashModule::executeScript(string serviceUsername) { //this method is called in deploy(), it executes the script deploy.sh if it exists - string deployscript="./services/"+serviceUsername+"/deploy.sh"; - if(filesystem::exists(deployscript)){ - pid_t pid = fork(); - if (pid == -1) { - cerr << "Error when forking." << endl; - return -1; - } else if (pid > 0) { - int status; - waitpid(-1,&status,0); - if(status==-1){ - cerr << "Error when executing " << deployscript << endl; + string deployScript="./services/"+serviceUsername+"/deploy.sh"; + if(!filesystem::exists(deployScript)){ + cout << "No deploy.sh script for this service."; + return 0; + } else { + //check that the file is of type regular + if (filesystem::status(deployScript).type()!=filesystem::file_type::regular){ + cerr << "Error. The file deploy_user.sh is not regular." << endl; + return -1; + } else { + //check if the owner has the execute permission + if ((filesystem::status(deployScript).permissions() & filesystem::perms::owner_exec)==filesystem::perms::none){ + cerr << "Error. The owner of file deploy_user.sh does not have permission to execute it. Please change the permission or remove/rename the file." << endl; + return -1; + }else{ + //executing the script in a separate process + pid_t pid = fork(); + if (pid == -1) { + cerr << "Error when forking." << endl; + return -1; + } else if (pid > 0) { + //parent process + int status; + waitpid(-1,&status,0); + if(status==-1){ + cerr << "Error when executing " << deployScript << endl; + } + return status; + } else { + //child process + if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", deployScript.c_str(), (char *)0)==-1) + { + cerr << "Error in the execl call of " << deployScript << endl; + } + } } - cout << "status vaut " << status << endl; - return status; - } else { - if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", deployscript.c_str(), (char *)0)==-1) - { - cerr << "Error in the execl call of " << deployscript << endl; + } + return 0; + } +} + +int BashModule::executeScriptAs(string serviceUsername) +{ + //this method is called in deploy(), it executes the script deploy_user.sh if it exists, as the user associated with the service + string deployAsScript="./services/"+serviceUsername+"/deploy_user.sh"; + //check that the file exists + if(!filesystem::exists(deployAsScript)){ + cout << "No deploy_user.sh script for this service."; + return 0; + } else { + //check that the file is of type regular + if (filesystem::status(deployAsScript).type()!=filesystem::file_type::regular){ + cerr << "Error. The file deploy_user.sh is not regular." << endl; + return -1; + } else { + //check if the owner has the execute permission + if ((filesystem::status(deployAsScript).permissions() & filesystem::perms::owner_exec)==filesystem::perms::none){ + cerr << "Error. The owner of file deploy_user.sh does not have permission to execute it. Please change the permission or remove/rename the file." << endl; + return -1; } - } + } + //getting the connection information for the user + struct passwd * p=getpwnam(serviceUsername.c_str()); + if (p==NULL){ + cerr << "Error. The user dedicated to the service is not found when trying to execute the bash script." << endl; + return -1; + }else{ + //executing the script in a separate process + pid_t pid = fork(); + if (pid == -1) { + cerr << "Error when forking." << endl; + return -1; + } else if (pid > 0) { + //parent process + int status; + waitpid(-1,&status,0); + if(status==-1){ + cerr << "Error when executing " << deployAsScript << endl; + } + return status; + } else { + //child process + //executing as the user corresponding to the service + setgid(p->pw_gid); + setuid(p->pw_uid); + if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", deployAsScript.c_str(), serviceUsername, (char *)0)==-1) + { + cerr << "Error in the execl call of " << deployAsScript << endl; + } + } + } } return 0; } @@ -54,7 +126,13 @@ int BashModule::prepare() int BashModule::deploy (string serviceUsername) { cout << "deploy in bash module called" << endl; - executeScript(serviceUsername); + if (executeScript(serviceUsername)!=0){ + cerr << "Error in BashModule::deploy." << endl; + return -1; + }else if (executeScriptAs(serviceUsername)!=0){ + cerr << "Error in BashModule::deploy." << endl; + return -1; + } return 0; } diff --git a/src/main.cpp b/src/main.cpp index 21c6834..186a4d5 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -72,7 +72,6 @@ int deployAll(){ int deployService(string serviceUsername){ //this method deploys indicated service if it is on this server - //TO DO: faire des boucles if cohérentes if (isServiceOnServer(serviceUsername)==0){ //bash user creation if(int userCreated = createUser(serviceUsername);userCreated!=0){ diff --git a/testenv/services/test.sh8s.sh/deploy.sh b/testenv/services/test.sh8s.sh/deploy.sh old mode 100644 new mode 100755 diff --git a/testenv/services/test.sh8s.sh/deploy_user.sh b/testenv/services/test.sh8s.sh/deploy_user.sh index 4fa8124..33d20c1 100755 --- a/testenv/services/test.sh8s.sh/deploy_user.sh +++ b/testenv/services/test.sh8s.sh/deploy_user.sh @@ -1,3 +1,4 @@ #!/bin/bash set -euo pipefail -git_update.sh -r -d "$HTTP_DIR" "$GIT_SOURCE_REPO" +#git_update.sh -r -d "$HTTP_DIR" "$GIT_SOURCE_REPO" +touch done2