Esempio n. 1
0
 private function startProcess(AppExecutionContext $appContext)
 {
     $appProcess = $appContext->getProcess();
     // if no process is already present in the context, create a new one
     if ($appProcess === null) {
         $appMeta = $appContext->getApplicationDescriptor()->getMeta();
         if ($appMeta === null) {
             throw new EyeNullPointerException('Missing metadata for application "' . $appContext->getApplicationDescriptor()->getName() . '"');
         }
         $sysParams = $appMeta->get('eyeos.application.systemParameters');
         if ($appContext->getParentProcess() === null) {
             // TODO should we also prevent anonymous execution to JS-only apps?
             if (!isset($sysParams['anonymous']) || $sysParams['anonymous'] != 'true') {
                 self::$Logger->warn('Execution without checknum denied for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
                 throw new EyeMMapException($appContext->getApplicationDescriptor()->getName() . ' application cannot be executed without a checknum.');
             }
         }
         // execute new process
         $appProcess = new Process($appContext->getApplicationDescriptor()->getName());
         ProcManager::getInstance()->execute($appProcess);
         $appContext->setProcess($appProcess);
         // SUID
         if (isset($sysParams['suid']) && $sysParams['suid'] == 'true' && !empty($sysParams['owner'])) {
             try {
                 $owner = UMManager::getInstance()->getUserByName($sysParams['owner']);
                 // force login with owner
                 try {
                     $subject = new Subject();
                     $subject->getPrivateCredentials()->append(new EyeosPasswordCredential($sysParams['owner'], $owner->getPassword(), false));
                     $loginContext = new LoginContext('eyeos-login', $subject);
                     $loginContext->login();
                 } catch (Exception $e) {
                     self::$Logger->error('Exception caught while trying to elevate privileges by SUID to owner ' . $sysParams['owner'] . ' in application "' . $appContext->getApplicationDescriptor()->getName() . '".');
                     // kill unfinished process
                     ProcManager::getInstance()->kill($appContext->getProcess());
                     throw $e;
                 }
                 if (self::$Logger->isInfoEnabled()) {
                     self::$Logger->info('Privileges elevation successful with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
                 }
                 ProcManager::getInstance()->setProcessLoginContext($appProcess->getPid(), $loginContext);
             } catch (Exception $e) {
                 self::$Logger->error('Cannot elevate privileges with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
                 throw $e;
             }
         }
     }
 }