4 commits - kolabd/__init__.py pykolab/auth pykolab/logger.py saslauthd/__init__.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Sun Feb 16 02:23:04 CET 2014
kolabd/__init__.py | 3
pykolab/auth/ldap/auth_cache.py | 39 ++++++++-
pykolab/logger.py | 11 --
saslauthd/__init__.py | 160 ++++++++++++++++++++--------------------
4 files changed, 119 insertions(+), 94 deletions(-)
New commits:
commit b9af239a82d36b3013e976956e2b3b7715e76a54
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Feb 16 02:22:11 2014 +0100
Fix inifinite loop for initially connecting
diff --git a/kolabd/__init__.py b/kolabd/__init__.py
index 5b3c5fa..a6d9865 100644
--- a/kolabd/__init__.py
+++ b/kolabd/__init__.py
@@ -223,7 +223,8 @@ class KolabDaemon(object):
connected = False
while not connected:
try:
- connected = primary_auth.connect()
+ primary_auth.connect()
+ connected = True
except Exception, errmsg:
connected = False
log.error(_("Could not connect to LDAP, is it running?"))
commit 67284e13dd1a7504e20b8f22fb8895cea9a66f1d
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Feb 16 01:46:24 2014 +0100
Allow the auth_cache database to be regenerated automatically when
sqlite on the local filesystem gives errors
diff --git a/pykolab/auth/ldap/auth_cache.py b/pykolab/auth/ldap/auth_cache.py
index 488deac..bcf38dc 100644
--- a/pykolab/auth/ldap/auth_cache.py
+++ b/pykolab/auth/ldap/auth_cache.py
@@ -88,12 +88,29 @@ mapper(Entry, entry_table)
def del_entry(key):
db = init_db()
- _entries = db.query(Entry).filter_by(key=key).delete()
+
+ try:
+ _entries = db.query(Entry).filter_by(key=key).delete()
+ except sqlalchemy.exc.OperationalError, errmsg:
+ db = init_db(reinit=True)
+ except: sqlalchemy.exc.InvalidRequest, errmsg:
+ db = init_db(reinit=True)
+ finally:
+ _entries = db.query(Entry).filter_by(key=key).delete()
+
db.commit()
def get_entry(key):
db = init_db()
- _entries = db.query(Entry).filter_by(key=key).all()
+
+ try:
+ _entries = db.query(Entry).filter_by(key=key).all()
+ except sqlalchemy.exc.OperationalError, errmsg:
+ db = init_db(reinit=True)
+ except: sqlalchemy.exc.InvalidRequest, errmsg:
+ db = init_db(reinit=True)
+ finally:
+ _entries = db.query(Entry).filter_by(key=key).all()
if len(_entries) == 0:
return None
@@ -107,7 +124,14 @@ def get_entry(key):
def set_entry(key, value):
db = init_db()
- _entries = db.query(Entry).filter_by(key=key).all()
+ try:
+ _entries = db.query(Entry).filter_by(key=key).all()
+ except sqlalchemy.exc.OperationalError, errmsg:
+ db = init_db(reinit=True)
+ except: sqlalchemy.exc.InvalidRequest, errmsg:
+ db = init_db(reinit=True)
+ finally:
+ _entries = db.query(Entry).filter_by(key=key).all()
if len(_entries) == 0:
db.add(
@@ -129,19 +153,24 @@ def purge_entries(db):
db.query(Entry).filter(Entry.last_change <= (datetime.datetime.now() - datetime.timedelta(1))).delete()
db.commit()
-def init_db():
+def init_db(reinit=False):
"""
Returns a SQLAlchemy Session() instance.
"""
global db
- if not db == None:
+ if not db == None and not reinit:
return db
db_uri = conf.get('ldap', 'auth_cache_uri')
if db_uri == None:
db_uri = 'sqlite:///%s/auth_cache.db' % (KOLAB_LIB_PATH)
+ if reinit:
+ import os
+ os.path.isfile('%s/auth_cache.db' % (KOLAB_LIB_PATH)):
+ os.unlink('%s/auth_cache.db' % (KOLAB_LIB_PATH))
+
echo = conf.debuglevel > 8
engine = create_engine(db_uri, echo=echo)
metadata.create_all(engine)
commit f5ce4bf8d795d38acc033489b33f9a77bba2ae39
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sat Feb 15 23:17:43 2014 +0100
First ensure our socket directory is writeable, then drop privileges
diff --git a/saslauthd/__init__.py b/saslauthd/__init__.py
index 69accce..d952bdb 100644
--- a/saslauthd/__init__.py
+++ b/saslauthd/__init__.py
@@ -108,78 +108,9 @@ class SASLAuthDaemon(object):
exitcode = 0
- try:
- try:
- (ruid, euid, suid) = os.getresuid()
- (rgid, egid, sgid) = os.getresgid()
- except AttributeError, errmsg:
- ruid = os.getuid()
- rgid = os.getgid()
-
- if ruid == 0:
- # Means we can setreuid() / setregid() / setgroups()
- if rgid == 0:
- # Get group entry details
- try:
- (
- group_name,
- group_password,
- group_gid,
- group_members
- ) = grp.getgrnam(conf.process_groupname)
-
- except KeyError:
- print >> sys.stderr, _("Group %s does not exist") % (
- conf.process_groupname
- )
-
- sys.exit(1)
-
- # Set real and effective group if not the same as current.
- if not group_gid == rgid:
- log.debug(
- _("Switching real and effective group id to %d") % (
- group_gid
- ),
- level=8
- )
-
- os.setregid(group_gid, group_gid)
-
- if ruid == 0:
- # Means we haven't switched yet.
- try:
- (
- user_name,
- user_password,
- user_uid,
- user_gid,
- user_gecos,
- user_homedir,
- user_shell
- ) = pwd.getpwnam(conf.process_username)
-
- except KeyError:
- print >> sys.stderr, _("User %s does not exist") % (
- conf.process_username
- )
-
- sys.exit(1)
+ self._ensure_socket_dir()
-
- # Set real and effective user if not the same as current.
- if not user_uid == ruid:
- log.debug(
- _("Switching real and effective user id to %d") % (
- user_uid
- ),
- level=8
- )
-
- os.setreuid(user_uid, user_uid)
-
- except:
- log.error(_("Could not change real and effective uid and/or gid"))
+ self._drop_privileges()
try:
pid = 1
@@ -228,12 +159,6 @@ class SASLAuthDaemon(object):
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- utils.ensure_directory(
- '/var/run/saslauthd/',
- conf.process_username,
- conf.process_groupname
- )
-
# TODO: The saslauthd socket path could be a setting.
try:
os.remove('/var/run/saslauthd/mux')
@@ -334,3 +259,84 @@ class SASLAuthDaemon(object):
fp = open(conf.pidfile,'w')
fp.write("%d\n" % (pid))
fp.close()
+
+ def _ensure_socket_dir(self):
+ utils.ensure_directory(
+ '/var/run/saslauthd/',
+ conf.process_username,
+ conf.process_groupname
+ )
+
+ def _drop_privileges(self):
+ try:
+ try:
+ (ruid, euid, suid) = os.getresuid()
+ (rgid, egid, sgid) = os.getresgid()
+ except AttributeError, errmsg:
+ ruid = os.getuid()
+ rgid = os.getgid()
+
+ if ruid == 0:
+ # Means we can setreuid() / setregid() / setgroups()
+ if rgid == 0:
+ # Get group entry details
+ try:
+ (
+ group_name,
+ group_password,
+ group_gid,
+ group_members
+ ) = grp.getgrnam(conf.process_groupname)
+
+ except KeyError:
+ print >> sys.stderr, _("Group %s does not exist") % (
+ conf.process_groupname
+ )
+
+ sys.exit(1)
+
+ # Set real and effective group if not the same as current.
+ if not group_gid == rgid:
+ log.debug(
+ _("Switching real and effective group id to %d") % (
+ group_gid
+ ),
+ level=8
+ )
+
+ os.setregid(group_gid, group_gid)
+
+ if ruid == 0:
+ # Means we haven't switched yet.
+ try:
+ (
+ user_name,
+ user_password,
+ user_uid,
+ user_gid,
+ user_gecos,
+ user_homedir,
+ user_shell
+ ) = pwd.getpwnam(conf.process_username)
+
+ except KeyError:
+ print >> sys.stderr, _("User %s does not exist") % (
+ conf.process_username
+ )
+
+ sys.exit(1)
+
+
+ # Set real and effective user if not the same as current.
+ if not user_uid == ruid:
+ log.debug(
+ _("Switching real and effective user id to %d") % (
+ user_uid
+ ),
+ level=8
+ )
+
+ os.setreuid(user_uid, user_uid)
+
+ except:
+ log.error(_("Could not change real and effective uid and/or gid"))
commit afb2fa1b5cb7443956545578b7a5bcf61b7277a6
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sat Feb 15 13:49:25 2014 +0100
Do not actually switch gid in logger
diff --git a/pykolab/logger.py b/pykolab/logger.py
index fc396cb..ef38f4f 100644
--- a/pykolab/logger.py
+++ b/pykolab/logger.py
@@ -142,17 +142,6 @@ class Logger(logging.Logger):
sys.exit(1)
- # Set real and effective group if not the same as current.
- if not group_gid == rgid:
- self.debug(
- _("Switching real and effective group id to %d") % (
- group_gid
- ),
- level=8
- )
-
- os.setregid(group_gid, group_gid)
-
if ruid == 0:
# Means we haven't switched yet.
try:
More information about the commits
mailing list