public void error(org.jruby.ext.posix.POSIX.ERRORS errors, String s) { throw new PosixException(s,errors); }
/** * @deprecated use {@link #jnr} and {@link POSIX#isNative} */ @Deprecated public boolean isNative() { return supportsNative(); }
@Override public void error(Errno error, String extraData) { throw new PosixException("native error " + error.description() + " " + extraData, convert(error)); } @Override public void error(Errno error, String methodName, String extraData) {
return newLocalChannel(); // TODO: perhaps use RunAs to run as an Administrator? return p; }.start(listener,rootPassword); }.start(listener,rootUsername==null?null:rootPassword); return newLocalChannel();
VirtualChannel start(TaskListener listener, String rootPassword) throws IOException, InterruptedException { final int uid = LIBC.geteuid(); if(uid==0) // already running as root return newLocalChannel(); String javaExe = System.getProperty("java.home") + "/bin/java"; File slaveJar = Which.jarFile(Launcher.class); ArgumentListBuilder args = new ArgumentListBuilder().add(javaExe); if(slaveJar.isFile()) args.add("-jar").add(slaveJar); else // in production code this never happens, but during debugging this is convenient args.add("-cp").add(slaveJar).add(hudson.remoting.Launcher.class.getName()); if(rootPassword==null) { // try sudo, in the hope that the user has the permission to do so without password return new LocalLauncher(listener).launchChannel( args.prepend(sudoExe()).toCommandArray(), listener.getLogger(), null, Collections.<String, String>emptyMap()); } else { // try sudo with the given password. Also run in pfexec so that we can elevate the privileges Process proc = sudoWithPass(args); return Channels.forProcess(args.toStringWithQuote(), Computer.threadPoolForRemoting, proc, listener.getLogger() ); } } }
/** * Starts a new privilege-escalated environment, execute a closure, and shut it down. */ public static <V,T extends Throwable> V execute(TaskListener listener, String rootUsername, String rootPassword, final Callable<V, T> closure) throws T, IOException, InterruptedException { VirtualChannel ch = start(listener, rootUsername, rootPassword); try { return ch.call(closure); } finally { ch.close(); ch.join(3000); // give some time for orderly shutdown, but don't block forever. } }
/** * Creates a ZFS file system to migrate the data to. * * <p> * This has to be done while we still have an interactive access with the user, since it involves the password. * * <p> * An exception will be thrown if the operation fails. A normal completion means a success. * * @return * The ZFS dataset name to migrate the data to. */ private String createZfsFileSystem(final TaskListener listener, String rootUsername, String rootPassword) throws IOException, InterruptedException, ZFSException { // capture the UID that Hudson runs under // so that we can allow this user to do everything on this new partition final int uid = LIBC.geteuid(); final int gid = LIBC.getegid(); passwd pwd = LIBC.getpwuid(uid); if(pwd==null) throw new IOException("Failed to obtain the current user information for "+uid); final String userName = pwd.pw_name; final File home = Jenkins.getInstance().getRootDir(); // this is the actual creation of the file system. // return true indicating a success return SU.execute(listener, rootUsername, rootPassword, new Create(listener, home, uid, gid, userName)); } private static class Create extends MasterToSlaveCallable<String, IOException> {
protected Process sudoWithPass(ArgumentListBuilder args) throws IOException { listener.getLogger().println("Running with embedded_su"); ProcessBuilder pb = new ProcessBuilder(args.prepend(sudoExe()).toCommandArray()); return EmbeddedSu.startWithSu(rootUsername, rootPassword, pb); } // in solaris, pfexec never asks for a password, so username==null means
protected Process sudoWithPass(ArgumentListBuilder args) throws IOException { args.prepend(sudoExe(),"-S"); listener.getLogger().println("$ "+Util.join(args.toList()," ")); ProcessBuilder pb = new ProcessBuilder(args.toCommandArray()); Process p = pb.start(); // TODO: use -p to detect prompt // TODO: detect if the password didn't work PrintStream ps = new PrintStream(p.getOutputStream()); ps.println(rootPassword); ps.println(rootPassword); ps.println(rootPassword); return p; } }.start(listener,rootPassword);
/** * Gets the mode of a file/directory, if appropriate. Only includes read, write, and * execute permissions for the owner, group, and others, i.e. the max return value * is 0777. Consider using {@link Files#getPosixFilePermissions} instead if you only * care about access permissions. * <p>If the file is symlink, the mode is that of the link target, not the link itself. * @return a file mode, or -1 if not on Unix * @throws PosixException if the file could not be statted, e.g. broken symlink */ public static int mode(File f) throws PosixException { if(Functions.isWindows()) return -1; try { if (Util.NATIVE_CHMOD_MODE) { return PosixAPI.jnr().stat(f.getPath()).mode(); } else { return Util.permissionsToMode(Files.getPosixFilePermissions(fileToPath(f))); } } catch (IOException cause) { PosixException e = new PosixException("Unable to get file permissions", null); e.initCause(cause); throw e; } }
/** * Change permissions via NIO. */ private static void _chmod(File f, int mask) throws IOException { // TODO WindowsPosix actually does something here (WindowsLibC._wchmod); should we let it? // Anyway the existing calls already skip this method if on Windows. if (File.pathSeparatorChar==';') return; // noop if (Util.NATIVE_CHMOD_MODE) { PosixAPI.jnr().chmod(f.getAbsolutePath(), mask); } else { Files.setPosixFilePermissions(fileToPath(f), Util.modeToPermissions(mask)); } }
/** * Starts a new priviledge-escalated environment, execute a closure, and * shut it down. */ public static <V, T extends Throwable> V execute(TaskListener listener, String rootUsername, String rootPassword, final Callable<V, T> closure) throws T, IOException, InterruptedException { VirtualChannel ch = start(listener, rootUsername, rootPassword); try { return ch.call(closure); } finally { ch.close(); ch.join(3000); // give some time for orderly shutdown, but don't block forever. } }
@Override public void error(Errno error, String methodName, String extraData) { throw new PosixException("native error calling " + methodName + ": " + error.description() + " " + extraData, convert(error)); } private org.jruby.ext.posix.POSIX.ERRORS convert(Errno error) {
public void error(org.jruby.ext.posix.POSIX.ERRORS errors, String s) { throw new PosixException(s,errors); }
/** * @deprecated use {@link #jnr} and {@link POSIX#isNative} */ @Deprecated public boolean isNative() { return supportsNative(); }
/** * Starts a new privilege-escalated environment, execute a closure, and shut it down. */ public static <V,T extends Throwable> V execute(TaskListener listener, String rootUsername, String rootPassword, final Callable<V, T> closure) throws T, IOException, InterruptedException { VirtualChannel ch = start(listener, rootUsername, rootPassword); try { return ch.call(closure); } finally { ch.close(); ch.join(3000); // give some time for orderly shutdown, but don't block forever. } }
@Override public void error(Errno error, String extraData) { throw new PosixException("native error " + error.description() + " " + extraData, convert(error)); } @Override public void error(Errno error, String methodName, String extraData) {
public void error(ERRORS errors, String s) { throw new PosixException(s,errors); }
@Override public void error(Errno error, String methodName, String extraData) { throw new PosixException("native error calling " + methodName + ": " + error.description() + " " + extraData, convert(error)); } private org.jruby.ext.posix.POSIX.ERRORS convert(Errno error) {
public void error(ERRORS errors, String s) { throw new PosixException(s,errors); }