YARN-4245. Generalize config file handling in container-executor. Contributed by Sidharta Seethana.

This commit is contained in:
Varun Vasudev 2016-03-07 16:18:35 +05:30
parent e51a8c1056
commit 8ed2e060e8
6 changed files with 112 additions and 66 deletions

View File

@ -34,34 +34,22 @@
#define MAX_SIZE 10
struct confentry {
const char *key;
const char *value;
};
struct configuration {
int size;
struct confentry **confdetails;
};
struct configuration config={.size=0, .confdetails=NULL};
//clean up method for freeing configuration
void free_configurations() {
void free_configurations(struct configuration *cfg) {
int i = 0;
for (i = 0; i < config.size; i++) {
if (config.confdetails[i]->key != NULL) {
free((void *)config.confdetails[i]->key);
for (i = 0; i < cfg->size; i++) {
if (cfg->confdetails[i]->key != NULL) {
free((void *)cfg->confdetails[i]->key);
}
if (config.confdetails[i]->value != NULL) {
free((void *)config.confdetails[i]->value);
if (cfg->confdetails[i]->value != NULL) {
free((void *)cfg->confdetails[i]->value);
}
free(config.confdetails[i]);
free(cfg->confdetails[i]);
}
if (config.size > 0) {
free(config.confdetails);
if (cfg->size > 0) {
free(cfg->confdetails);
}
config.size = 0;
cfg->size = 0;
}
/**
@ -133,8 +121,8 @@ int check_configuration_permissions(const char* file_name) {
return 0;
}
//function used to load the configurations present in the secure config
void read_config(const char* file_name) {
void read_config(const char* file_name, struct configuration *cfg) {
FILE *conf_file;
char *line;
char *equaltok;
@ -152,9 +140,9 @@ void read_config(const char* file_name) {
#endif
//allocate space for ten configuration items.
config.confdetails = (struct confentry **) malloc(sizeof(struct confentry *)
cfg->confdetails = (struct confentry **) malloc(sizeof(struct confentry *)
* MAX_SIZE);
config.size = 0;
cfg->size = 0;
conf_file = fopen(file_name, "r");
if (conf_file == NULL) {
fprintf(ERRORFILE, "Invalid conf file provided : %s \n", file_name);
@ -196,9 +184,9 @@ void read_config(const char* file_name) {
free(line);
continue;
}
config.confdetails[config.size] = (struct confentry *) malloc(
cfg->confdetails[cfg->size] = (struct confentry *) malloc(
sizeof(struct confentry));
if(config.confdetails[config.size] == NULL) {
if(cfg->confdetails[cfg->size] == NULL) {
fprintf(LOGFILE,
"Failed allocating memory for single configuration item\n");
goto cleanup;
@ -208,10 +196,10 @@ void read_config(const char* file_name) {
fprintf(LOGFILE, "read_config : Adding conf key : %s \n", equaltok);
#endif
memset(config.confdetails[config.size], 0, sizeof(struct confentry));
config.confdetails[config.size]->key = (char *) malloc(
memset(cfg->confdetails[cfg->size], 0, sizeof(struct confentry));
cfg->confdetails[cfg->size]->key = (char *) malloc(
sizeof(char) * (strlen(equaltok)+1));
strcpy((char *)config.confdetails[config.size]->key, equaltok);
strcpy((char *)cfg->confdetails[cfg->size]->key, equaltok);
equaltok = strtok_r(NULL, "=", &temp_equaltok);
if (equaltok == NULL) {
fprintf(LOGFILE, "configuration tokenization failed \n");
@ -220,8 +208,8 @@ void read_config(const char* file_name) {
//means value is commented so don't store the key
if(equaltok[0] == '#') {
free(line);
free((void *)config.confdetails[config.size]->key);
free(config.confdetails[config.size]);
free((void *)cfg->confdetails[cfg->size]->key);
free(cfg->confdetails[cfg->size]);
continue;
}
@ -229,27 +217,29 @@ void read_config(const char* file_name) {
fprintf(LOGFILE, "read_config : Adding conf value : %s \n", equaltok);
#endif
config.confdetails[config.size]->value = (char *) malloc(
cfg->confdetails[cfg->size]->value = (char *) malloc(
sizeof(char) * (strlen(equaltok)+1));
strcpy((char *)config.confdetails[config.size]->value, equaltok);
if((config.size + 1) % MAX_SIZE == 0) {
config.confdetails = (struct confentry **) realloc(config.confdetails,
sizeof(struct confentry **) * (MAX_SIZE + config.size));
if (config.confdetails == NULL) {
strcpy((char *)cfg->confdetails[cfg->size]->value, equaltok);
if((cfg->size + 1) % MAX_SIZE == 0) {
cfg->confdetails = (struct confentry **) realloc(cfg->confdetails,
sizeof(struct confentry **) * (MAX_SIZE + cfg->size));
if (cfg->confdetails == NULL) {
fprintf(LOGFILE,
"Failed re-allocating memory for configuration items\n");
goto cleanup;
}
}
if(config.confdetails[config.size] )
config.size++;
if(cfg->confdetails[cfg->size]) {
cfg->size++;
}
free(line);
}
//close the file
fclose(conf_file);
if (config.size == 0) {
if (cfg->size == 0) {
fprintf(ERRORFILE, "Invalid configuration provided in %s\n", file_name);
exit(INVALID_CONFIG_FILE);
}
@ -262,7 +252,7 @@ void read_config(const char* file_name) {
free(line);
}
fclose(conf_file);
free_configurations();
free_configurations(cfg);
return;
}
@ -272,11 +262,11 @@ void read_config(const char* file_name) {
* array, next time onwards used the populated array.
*
*/
char * get_value(const char* key) {
char * get_value(const char* key, struct configuration *cfg) {
int count;
for (count = 0; count < config.size; count++) {
if (strcmp(config.confdetails[count]->key, key) == 0) {
return strdup(config.confdetails[count]->value);
for (count = 0; count < cfg->size; count++) {
if (strcmp(cfg->confdetails[count]->key, key) == 0) {
return strdup(cfg->confdetails[count]->value);
}
}
return NULL;
@ -286,11 +276,21 @@ char * get_value(const char* key) {
* Function to return an array of values for a key.
* Value delimiter is assumed to be a ','.
*/
char ** get_values(const char * key) {
char *value = get_value(key);
char ** get_values(const char * key, struct configuration *cfg) {
char *value = get_value(key, cfg);
return extract_values_delim(value, ",");
}
/**
* Function to return an array of values for a key, using the specified
delimiter.
*/
char ** get_values_delim(const char * key, struct configuration *cfg,
const char *delim) {
char *value = get_value(key, cfg);
return extract_values_delim(value, delim);
}
char ** extract_values_delim(char *value, const char *delim) {
char ** toPass = NULL;
char *tempTok = NULL;

View File

@ -37,15 +37,33 @@ int check_configuration_permissions(const char* file_name);
*/
char *resolve_config_path(const char* file_name, const char *root);
// read the given configuration file
void read_config(const char* config_file);
// Config data structures.
struct confentry {
const char *key;
const char *value;
};
struct configuration {
int size;
struct confentry **confdetails;
};
// read the given configuration file into the specified config struct.
void read_config(const char* config_file, struct configuration *cfg);
//method exposed to get the configurations
char *get_value(const char* key);
char *get_value(const char* key, struct configuration *cfg);
//function to return array of values pointing to the key. Values are
//comma seperated strings.
char ** get_values(const char* key);
char ** get_values(const char* key, struct configuration *cfg);
/**
* Function to return an array of values for a key, using the specified
delimiter.
*/
char ** get_values_delim(const char * key, struct configuration *cfg,
const char *delim);
// Extracts array of values from the comma separated list of values.
char ** extract_values(char *value);
@ -56,7 +74,7 @@ char ** extract_values_delim(char *value, const char *delim);
void free_values(char** values);
//method to free allocated configuration
void free_configurations();
void free_configurations(struct configuration *cfg);
/**
* If str is a string of the form key=val, find 'key'

View File

@ -59,6 +59,8 @@ FILE* ERRORFILE = NULL;
static uid_t nm_uid = -1;
static gid_t nm_gid = -1;
struct configuration executor_cfg = {.size=0, .confdetails=NULL};
char *concatenate(char *concat_pattern, char *return_path_name,
int numArgs, ...);
@ -67,6 +69,21 @@ void set_nm_uid(uid_t user, gid_t group) {
nm_gid = group;
}
//function used to load the configurations present in the secure config
void read_executor_config(const char* file_name) {
read_config(file_name, &executor_cfg);
}
//function used to free executor configuration data
void free_executor_configurations() {
free_configurations(&executor_cfg);
}
//Lookup nodemanager group from container executor configuration.
char *get_nodemanager_group() {
return get_value(NM_GROUP_KEY, &executor_cfg);
}
/**
* get the executable filename.
*/
@ -658,7 +675,7 @@ static struct passwd* get_user_info(const char* user) {
}
int is_whitelisted(const char *user) {
char **whitelist = get_values(ALLOWED_SYSTEM_USERS_KEY);
char **whitelist = get_values(ALLOWED_SYSTEM_USERS_KEY, &executor_cfg);
char **users = whitelist;
if (whitelist != NULL) {
for(; *users; ++users) {
@ -686,7 +703,7 @@ struct passwd* check_user(const char *user) {
fflush(LOGFILE);
return NULL;
}
char *min_uid_str = get_value(MIN_USERID_KEY);
char *min_uid_str = get_value(MIN_USERID_KEY, &executor_cfg);
int min_uid = DEFAULT_MIN_USERID;
if (min_uid_str != NULL) {
char *end_ptr = NULL;
@ -713,7 +730,7 @@ struct passwd* check_user(const char *user) {
free(user_info);
return NULL;
}
char **banned_users = get_values(BANNED_USERS_KEY);
char **banned_users = get_values(BANNED_USERS_KEY, &executor_cfg);
banned_users = banned_users == NULL ?
(char**) DEFAULT_BANNED_USERS : banned_users;
char **banned_user = banned_users;
@ -1062,7 +1079,7 @@ char* parse_docker_command_file(const char* command_file) {
int run_docker(const char *command_file) {
char* docker_command = parse_docker_command_file(command_file);
char* docker_binary = get_value(DOCKER_BINARY_KEY);
char* docker_binary = get_value(DOCKER_BINARY_KEY, &executor_cfg);
char* docker_command_with_binary = calloc(sizeof(char), EXECUTOR_PATH_MAX);
snprintf(docker_command_with_binary, EXECUTOR_PATH_MAX, "%s %s", docker_binary, docker_command);
char **args = extract_values_delim(docker_command_with_binary, " ");
@ -1224,7 +1241,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
char buffer[BUFFER_SIZE];
char *docker_command = parse_docker_command_file(command_file);
char *docker_binary = get_value(DOCKER_BINARY_KEY);
char *docker_binary = get_value(DOCKER_BINARY_KEY, &executor_cfg);
if (docker_binary == NULL) {
docker_binary = "docker";
}

View File

@ -95,10 +95,15 @@ extern FILE *LOGFILE;
// the log file for error messages
extern FILE *ERRORFILE;
// get the executable's filename
char* get_executable();
//function used to load the configurations present in the secure config
void read_executor_config(const char* file_name);
//Lookup nodemanager group from container executor configuration.
char *get_nodemanager_group();
/**
* Check the permissions on the container-executor to make sure that security is
* permissible. For this, we need container-executor binary to
@ -111,6 +116,12 @@ char* get_executable();
*/
int check_executor_permissions(char *executable_file);
//function used to load the configurations present in the secure config.
void read_executor_config(const char* file_name);
//function used to free executor configuration data
void free_executor_configurations();
// initialize the application directory
int initialize_app(const char *user, const char *app_id,
const char *credentials, char* const* local_dirs,

View File

@ -112,11 +112,11 @@ static void assert_valid_setup(char *current_executable) {
flush_and_close_log_files();
exit(INVALID_CONFIG_FILE);
}
read_config(conf_file);
read_executor_config(conf_file);
free(conf_file);
// look up the node manager group in the config file
char *nm_group = get_value(NM_GROUP_KEY);
char *nm_group = get_nodemanager_group();
if (nm_group == NULL) {
fprintf(ERRORFILE, "Can't get configured value for %s.\n", NM_GROUP_KEY);
flush_and_close_log_files();

View File

@ -873,7 +873,7 @@ int main(int argc, char **argv) {
if (write_config_file(TEST_ROOT "/test.cfg", 1) != 0) {
exit(1);
}
read_config(TEST_ROOT "/test.cfg");
read_executor_config(TEST_ROOT "/test.cfg");
local_dirs = extract_values(strdup(NM_LOCAL_DIRS));
log_dirs = extract_values(strdup(NM_LOG_DIRS));
@ -945,14 +945,14 @@ int main(int argc, char **argv) {
seteuid(0);
// test_delete_user must run as root since that's how we use the delete_as_user
test_delete_user();
free_configurations();
free_executor_configurations();
printf("\nTrying banned default user()\n");
if (write_config_file(TEST_ROOT "/test.cfg", 0) != 0) {
exit(1);
}
read_config(TEST_ROOT "/test.cfg");
read_executor_config(TEST_ROOT "/test.cfg");
username = "bin";
test_check_user(1);
@ -963,6 +963,6 @@ int main(int argc, char **argv) {
printf("\nFinished tests\n");
free(current_username);
free_configurations();
free_executor_configurations();
return 0;
}