private static function startLogin(MMapResponse $response)
{
// start Process
$loginProcess = new Process('login');
ProcManager::getInstance()->execute($loginProcess);
// prepare context and execute application
$loginAppDesc = new EyeMobileApplicationDescriptor('login');
$appContext = new AppMobileExecutionContext();
$appContext->setApplicationDescriptor($loginAppDesc);
$appContext->setIncludeBody(true);
$appContext->setProcess($loginProcess);
MMapMobileGetApp::getInstance()->processRequest(MMapManager::getCurrentRequest(), $response, $appContext);
}
private function startProcess(AppMobileExecutionContext $appContext)
{
$appProcess = $appContext->getProcess();
// if no process is already present in the context, create a new one
if ($appProcess === null) {
$appMeta = $appContext->getApplicationDescriptor()->getMeta();
if ($appMeta === null) {
throw new EyeNullPointerException('Missing metadata for application "' . $appContext->getApplicationDescriptor()->getName() . '"');
}
$sysParams = $appMeta->get('eyeos.application.systemParameters');
if ($appContext->getParentProcess() === null) {
// TODO should we also prevent anonymous execution to JS-only apps?
if (!isset($sysParams['anonymous']) || $sysParams['anonymous'] != 'true') {
self::$Logger->warn('Execution without checknum denied for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
throw new EyeMMapException($appContext->getApplicationDescriptor()->getName() . ' application cannot be executed without a checknum.');
}
}
// execute new process
$appProcess = new Process($appContext->getApplicationDescriptor()->getName());
ProcManager::getInstance()->execute($appProcess);
$appContext->setProcess($appProcess);
// SUID
if (isset($sysParams['suid']) && $sysParams['suid'] == 'true' && !empty($sysParams['owner'])) {
try {
$owner = UMManager::getInstance()->getUserByName($sysParams['owner']);
// force login with owner
try {
$subject = new Subject();
$subject->getPrivateCredentials()->append(new EyeosPasswordCredential($sysParams['owner'], $owner->getPassword(), false));
$loginContext = new LoginContext('eyeos-login', $subject);
$loginContext->login();
} catch (Exception $e) {
self::$Logger->error('Exception caught while trying to elevate privileges by SUID to owner ' . $sysParams['owner'] . ' in application "' . $appContext->getApplicationDescriptor()->getName() . '".');
// kill unfinished process
ProcManager::getInstance()->kill($appContext->getProcess());
throw $e;
}
if (self::$Logger->isInfoEnabled()) {
self::$Logger->info('Privileges elevation successful with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
}
ProcManager::getInstance()->setProcessLoginContext($appProcess->getPid(), $loginContext);
} catch (Exception $e) {
self::$Logger->error('Cannot elevate privileges with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
throw $e;
}
}
}
}
