Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / e569193d47a07b4af5e08055c85df59141e661ab / . / src / utils / exec.cpp
blob: 1d45a3f3bb22c175b7865468ecdcfe88ffe001e1 [file] [log] [blame]
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]1/*
2 * Copyright (C) 2021 CESNET, https://photonics.cesnet.cz/
3 *
4 * Written by Václav Kubernát <kubernat@cesnet.cz>
5 *
6*/
7
8#include <boost/algorithm/string/join.hpp>
9#include <boost/process.hpp>
10#include <boost/process/extend.hpp>
11#include "exec.h"
12#include "log.h"
13#include "system_vars.h"
14
Václav Kubernáte5691932021-02-18 04:05:45 +0100[diff] [blame^]15std::string velia::utils::execAndWait(
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]16 velia::Log logger,
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]17 const std::string& absolutePath,
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]18 std::initializer_list<std::string> args,
19 std::string_view std_in,
20 const std::set<ExecOptions> opts)
21{
22 namespace bp = boost::process;
23 bp::pipe stdinPipe;
Václav Kubernáte5691932021-02-18 04:05:45 +0100[diff] [blame^]24 bp::ipstream stdoutStream;
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]25 bp::ipstream stderrStream;
26
27 auto onExecSetup = [opts] (const auto&) {
28 if (opts.count(ExecOptions::DropRoot) == 1) {
29 if (getuid() == 0) {
30 if (setgid(NOBODY_GID) == -1) {
31 perror("couldn't drop root privileges");
32 exit(1);
33 }
34
35 if (setuid(NOBODY_UID) == -1) {
36 perror("couldn't drop root privileges");
37 exit(1);
38 }
39 }
40 }
41 };
42
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]43 logger->trace("exec: {} {}", absolutePath, boost::algorithm::join(args, " "));
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]44 bp::child c(
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]45 absolutePath,
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]46 boost::process::args=std::move(args),
Václav Kubernáte5691932021-02-18 04:05:45 +0100[diff] [blame^]47 bp::std_in < stdinPipe, bp::std_out > stdoutStream, bp::std_err > stderrStream,
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]48 bp::extend::on_exec_setup=onExecSetup);
49
50 stdinPipe.write(std_in.data(), std_in.size());
51 stdinPipe.close();
52
53 c.wait();
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]54 logger->trace("{} exited", absolutePath);
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]55
56 if (c.exit_code()) {
57 std::istreambuf_iterator<char> begin(stderrStream), end;
58 std::string stderrOutput(begin, end);
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]59 logger->critical("{} ended with a non-zero exit code. stderr: {}", absolutePath, stderrOutput);
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]60
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]61 throw std::runtime_error(absolutePath + " returned non-zero exit code " + std::to_string(c.exit_code()));
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]62 }
Václav Kubernáte5691932021-02-18 04:05:45 +0100[diff] [blame^]63
64 std::istreambuf_iterator<char> begin(stdoutStream), end;
65 return {begin, end};
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]66}