// ExtendTaoName is the server stub for Tao.ExtendTaoName.
func (server linuxHostTaoServerStub) ExtendTaoName(r *RPCRequest, s *RPCResponse) error {
ext, err := auth.UnmarshalSubPrin(r.Data)
if err != nil {
return err
}
return server.lh.ExtendTaoName(server.child, ext)
}
// StartHostedProgram is the client stub for LinuxHost.StartHostedProgram.
func (client LinuxHostAdminClient) StartHostedProgram(spec *HostedProgramSpec) (auth.SubPrin, int, error) {
req := &LinuxHostAdminRPCRequest{
Path: proto.String(spec.Path),
Dir: proto.String(spec.Dir),
ContainerArgs: spec.ContainerArgs,
Args: spec.Args,
// TODO: pass uid and gid?
}
var fds []int
if spec.Stdin != nil {
req.Stdin = proto.Int32(int32(len(fds)))
fds = append(fds, int(spec.Stdin.Fd()))
}
if spec.Stdin != nil {
req.Stdout = proto.Int32(int32(len(fds)))
fds = append(fds, int(spec.Stdout.Fd()))
}
if spec.Stdin != nil {
req.Stderr = proto.Int32(int32(len(fds)))
fds = append(fds, int(spec.Stderr.Fd()))
}
resp := new(LinuxHostAdminRPCResponse)
client.oob.ShareFDs(fds...)
err := client.Call("LinuxHost.StartHostedProgram", req, resp)
if err != nil {
return auth.SubPrin{}, 0, err
}
if len(resp.Child) != 1 {
return auth.SubPrin{}, 0, newError("invalid response")
}
subprin, err := auth.UnmarshalSubPrin(resp.Child[0].Subprin)
return subprin, int(*resp.Child[0].Pid), err
}
// KillHostedProgram is the server stub for LinuxHost.KillHostedProgram.
func (server linuxHostAdminServerStub) KillHostedProgram(r *LinuxHostAdminRPCRequest, s *LinuxHostAdminRPCResponse) error {
ucred := server.oob.PeerCred()
// TODO(kwalsh): also authorize owner of child
if ucred.Uid != 0 && int(ucred.Uid) != os.Geteuid() {
return newError("unauthorized: only root or owner can kill hosted programs")
}
subprin, err := auth.UnmarshalSubPrin(r.Subprin)
if err != nil {
return err
}
return server.lh.KillHostedProgram(subprin)
}
// ListHostedPrograms is the client stub for LinuxHost.ListHostedPrograms.
func (client LinuxHostAdminClient) ListHostedPrograms() (name []auth.SubPrin, pid []int, err error) {
req := &LinuxHostAdminRPCRequest{}
resp := new(LinuxHostAdminRPCResponse)
err = client.Call("LinuxHost.ListHostedPrograms", req, resp)
if err != nil {
return nil, nil, err
}
name = make([]auth.SubPrin, len(resp.Child))
pid = make([]int, len(resp.Child))
for i, child := range resp.Child {
pid[i] = int(*child.Pid)
name[i], err = auth.UnmarshalSubPrin(child.Subprin)
if err != nil {
return nil, nil, err
}
}
return name, pid, nil
}
// KillHostedProgram is the server stub for LinuxHost.KillHostedProgram.
func (server linuxHostAdminServerStub) KillHostedProgram(r *LinuxHostAdminRPCRequest, s *LinuxHostAdminRPCResponse) error {
defer RecoverTPMResources()
ucred := server.oob.PeerCred()
if ucred == nil {
// TODO(kwalsh): Some kernels don't pass a ucred. Figure this
// out later...
ucred = &syscall.Ucred{0, 0, 0}
}
// TODO(kwalsh): also authorize owner of child
if ucred.Uid != 0 && int(ucred.Uid) != os.Geteuid() {
return newError("unauthorized: only root or owner can kill hosted programs")
}
subprin, err := auth.UnmarshalSubPrin(r.Subprin)
if err != nil {
return err
}
return server.lh.KillHostedProgram(subprin)
}
// WaitHostedProgram is the server stub for LinuxHost.WaitHostedProgram.
func (server linuxHostAdminServerStub) WaitHostedProgram(r *LinuxHostAdminRPCRequest, s *LinuxHostAdminRPCResponse) error {
// ucred := server.oob.PeerCred()
// TODO(kwalsh): also authorize owner of child
// if ucred.Uid != 0 && int(ucred.Uid) != os.Geteuid() {
// return newError("unauthorized: only root or owner can wait for hosted programs")
// }
if r.Pid == nil {
return newError("required pid is nil")
}
pid := int(*r.Pid)
subprin, err := auth.UnmarshalSubPrin(r.Subprin)
if err != nil {
return err
}
status, err := server.lh.WaitHostedProgram(pid, subprin)
if err != nil {
return err
}
s.Status = proto.Int32(int32(status))
return nil
}
