private function startProcess(AppExecutionContext $appContext) { $appProcess = $appContext->getProcess(); // if no process is already present in the context, create a new one if ($appProcess === null) { $appMeta = $appContext->getApplicationDescriptor()->getMeta(); if ($appMeta === null) { throw new EyeNullPointerException('Missing metadata for application "' . $appContext->getApplicationDescriptor()->getName() . '"'); } $sysParams = $appMeta->get('eyeos.application.systemParameters'); if ($appContext->getParentProcess() === null) { // TODO should we also prevent anonymous execution to JS-only apps? if (!isset($sysParams['anonymous']) || $sysParams['anonymous'] != 'true') { self::$Logger->warn('Execution without checknum denied for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); throw new EyeMMapException($appContext->getApplicationDescriptor()->getName() . ' application cannot be executed without a checknum.'); } } // execute new process $appProcess = new Process($appContext->getApplicationDescriptor()->getName()); ProcManager::getInstance()->execute($appProcess); $appContext->setProcess($appProcess); // SUID if (isset($sysParams['suid']) && $sysParams['suid'] == 'true' && !empty($sysParams['owner'])) { try { $owner = UMManager::getInstance()->getUserByName($sysParams['owner']); // force login with owner try { $subject = new Subject(); $subject->getPrivateCredentials()->append(new EyeosPasswordCredential($sysParams['owner'], $owner->getPassword(), false)); $loginContext = new LoginContext('eyeos-login', $subject); $loginContext->login(); } catch (Exception $e) { self::$Logger->error('Exception caught while trying to elevate privileges by SUID to owner ' . $sysParams['owner'] . ' in application "' . $appContext->getApplicationDescriptor()->getName() . '".'); // kill unfinished process ProcManager::getInstance()->kill($appContext->getProcess()); throw $e; } if (self::$Logger->isInfoEnabled()) { self::$Logger->info('Privileges elevation successful with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); } ProcManager::getInstance()->setProcessLoginContext($appProcess->getPid(), $loginContext); } catch (Exception $e) { self::$Logger->error('Cannot elevate privileges with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".'); throw $e; } } } }
private static function startLogin(MMapResponse $response) { // start Process $loginProcess = new Process('login'); ProcManager::getInstance()->execute($loginProcess); // prepare context and execute application $loginAppDesc = new EyeosApplicationDescriptor('login'); $appContext = new AppExecutionContext(); $appContext->setApplicationDescriptor($loginAppDesc); $appContext->setIncludeBody(true); $appContext->setProcess($loginProcess); MMapGetApp::getInstance()->processRequest(MMapManager::getCurrentRequest(), $response, $appContext); }