Branch 'pykolab-0.6' - 7 commits - configure.ac kolabd/__init__.py pykolab/auth pykolab/conf pykolab/logger.py saslauthd/__init__.py

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Sun Feb 16 02:31:44 CET 2014


 configure.ac                    |    2 
 kolabd/__init__.py              |    3 
 pykolab/auth/ldap/__init__.py   |    1 
 pykolab/auth/ldap/auth_cache.py |   39 ++++++++-
 pykolab/conf/__init__.py        |    6 +
 pykolab/logger.py               |   11 --
 saslauthd/__init__.py           |  160 ++++++++++++++++++++--------------------
 7 files changed, 126 insertions(+), 96 deletions(-)

New commits:
commit bfaca366702ac2beec253f7a322fb366289f335d
Author: Paul Boddie <paul at boddie.org.uk>
Date:   Sun Feb 16 02:31:25 2014 +0100

    Added missing initialisation operations.

diff --git a/pykolab/conf/__init__.py b/pykolab/conf/__init__.py
index 239c0dd..675944a 100644
--- a/pykolab/conf/__init__.py
+++ b/pykolab/conf/__init__.py
@@ -446,11 +446,15 @@ class Conf(object):
             setattr(self,option,self.cli_parser.defaults[option])
 
     def has_section(self, section):
-        self.read_config()
+        if not self.cfg_parser:
+            self.read_config()
 
         return self.cfg_parser.has_section(section)
 
     def has_option(self, section, option):
+        if not self.cfg_parser:
+            self.read_config()
+
         return self.cfg_parser.has_option(section, option)
 
     def get_list(self, section, key):


commit 46bf18a4a34e4486afdd5eca01a01699c7c8c33b
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Feb 16 02:27:19 2014 +0100

    Fix delivery_address_attribute not having been set

diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index ec7e9fe..c0c3297 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -1789,6 +1789,7 @@ class LDAP(pykolab.base.Base):
                     entry['kolabmailfolderaclentry']
                 )
 
+        delivery_address_attribute = self.config_get('sharedfolder_delivery_address_attribute')
         if entry.has_key(delivery_address_attribute) and \
                 not entry[delivery_address_attribute] == None:
             self.imap.set_acl(folder_path, 'anyone', '+p')


commit d32e9a537df6d6badd444f9e727d30a0dae725dd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Feb 16 02:22:11 2014 +0100

    Fix inifinite loop for initially connecting

diff --git a/kolabd/__init__.py b/kolabd/__init__.py
index 5b3c5fa..a6d9865 100644
--- a/kolabd/__init__.py
+++ b/kolabd/__init__.py
@@ -223,7 +223,8 @@ class KolabDaemon(object):
             connected = False
             while not connected:
                 try:
-                    connected = primary_auth.connect()
+                    primary_auth.connect()
+                    connected = True
                 except Exception, errmsg:
                     connected = False
                     log.error(_("Could not connect to LDAP, is it running?"))


commit 10785ecebb741406b9403b1d0c32c1343b9acfd0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Feb 16 01:46:24 2014 +0100

    Allow the auth_cache database to be regenerated automatically when
    sqlite on the local filesystem gives errors

diff --git a/pykolab/auth/ldap/auth_cache.py b/pykolab/auth/ldap/auth_cache.py
index 488deac..bcf38dc 100644
--- a/pykolab/auth/ldap/auth_cache.py
+++ b/pykolab/auth/ldap/auth_cache.py
@@ -88,12 +88,29 @@ mapper(Entry, entry_table)
 
 def del_entry(key):
     db = init_db()
-    _entries = db.query(Entry).filter_by(key=key).delete()
+
+    try:
+        _entries = db.query(Entry).filter_by(key=key).delete()
+    except sqlalchemy.exc.OperationalError, errmsg:
+        db = init_db(reinit=True)
+    except: sqlalchemy.exc.InvalidRequest, errmsg:
+        db = init_db(reinit=True)
+    finally:
+        _entries = db.query(Entry).filter_by(key=key).delete()
+
     db.commit()
 
 def get_entry(key):
     db = init_db()
-    _entries = db.query(Entry).filter_by(key=key).all()
+
+    try:
+        _entries = db.query(Entry).filter_by(key=key).all()
+    except sqlalchemy.exc.OperationalError, errmsg:
+        db = init_db(reinit=True)
+    except: sqlalchemy.exc.InvalidRequest, errmsg:
+        db = init_db(reinit=True)
+    finally:
+        _entries = db.query(Entry).filter_by(key=key).all()
 
     if len(_entries) == 0:
         return None
@@ -107,7 +124,14 @@ def get_entry(key):
 
 def set_entry(key, value):
     db = init_db()
-    _entries = db.query(Entry).filter_by(key=key).all()
+    try:
+        _entries = db.query(Entry).filter_by(key=key).all()
+    except sqlalchemy.exc.OperationalError, errmsg:
+        db = init_db(reinit=True)
+    except: sqlalchemy.exc.InvalidRequest, errmsg:
+        db = init_db(reinit=True)
+    finally:
+        _entries = db.query(Entry).filter_by(key=key).all()
 
     if len(_entries) == 0:
         db.add(
@@ -129,19 +153,24 @@ def purge_entries(db):
     db.query(Entry).filter(Entry.last_change <= (datetime.datetime.now() - datetime.timedelta(1))).delete()
     db.commit()
 
-def init_db():
+def init_db(reinit=False):
     """
         Returns a SQLAlchemy Session() instance.
     """
     global db
 
-    if not db == None:
+    if not db == None and not reinit:
         return db
 
     db_uri = conf.get('ldap', 'auth_cache_uri')
     if db_uri == None:
         db_uri = 'sqlite:///%s/auth_cache.db' % (KOLAB_LIB_PATH)
 
+        if reinit:
+            import os
+            os.path.isfile('%s/auth_cache.db' % (KOLAB_LIB_PATH)):
+                os.unlink('%s/auth_cache.db' % (KOLAB_LIB_PATH))
+
     echo = conf.debuglevel > 8
     engine = create_engine(db_uri, echo=echo)
     metadata.create_all(engine)


commit fa5709b1a24432a0015f8ba48896f6615077dc87
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sat Feb 15 23:17:43 2014 +0100

    First ensure our socket directory is writeable, then drop privileges

diff --git a/saslauthd/__init__.py b/saslauthd/__init__.py
index 69accce..d952bdb 100644
--- a/saslauthd/__init__.py
+++ b/saslauthd/__init__.py
@@ -108,78 +108,9 @@ class SASLAuthDaemon(object):
 
         exitcode = 0
 
-        try:
-            try:
-                (ruid, euid, suid) = os.getresuid()
-                (rgid, egid, sgid) = os.getresgid()
-            except AttributeError, errmsg:
-                ruid = os.getuid()
-                rgid = os.getgid()
-
-            if ruid == 0:
-                # Means we can setreuid() / setregid() / setgroups()
-                if rgid == 0:
-                    # Get group entry details
-                    try:
-                        (
-                                group_name,
-                                group_password,
-                                group_gid,
-                                group_members
-                            ) = grp.getgrnam(conf.process_groupname)
-
-                    except KeyError:
-                        print >> sys.stderr, _("Group %s does not exist") % (
-                                conf.process_groupname
-                            )
-
-                        sys.exit(1)
-
-                    # Set real and effective group if not the same as current.
-                    if not group_gid == rgid:
-                        log.debug(
-                                _("Switching real and effective group id to %d") % (
-                                        group_gid
-                                    ),
-                                level=8
-                            )
-
-                        os.setregid(group_gid, group_gid)
-
-                if ruid == 0:
-                    # Means we haven't switched yet.
-                    try:
-                        (
-                                user_name,
-                                user_password,
-                                user_uid,
-                                user_gid,
-                                user_gecos,
-                                user_homedir,
-                                user_shell
-                            ) = pwd.getpwnam(conf.process_username)
-
-                    except KeyError:
-                        print >> sys.stderr, _("User %s does not exist") % (
-                                conf.process_username
-                            )
-
-                        sys.exit(1)
+        self._ensure_socket_dir()
 
-
-                    # Set real and effective user if not the same as current.
-                    if not user_uid == ruid:
-                        log.debug(
-                                _("Switching real and effective user id to %d") % (
-                                        user_uid
-                                    ),
-                                level=8
-                            )
-
-                        os.setreuid(user_uid, user_uid)
-
-        except:
-            log.error(_("Could not change real and effective uid and/or gid"))
+        self._drop_privileges()
 
         try:
             pid = 1
@@ -228,12 +159,6 @@ class SASLAuthDaemon(object):
 
         s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 
-        utils.ensure_directory(
-                '/var/run/saslauthd/',
-                conf.process_username,
-                conf.process_groupname
-            )
-
         # TODO: The saslauthd socket path could be a setting.
         try:
             os.remove('/var/run/saslauthd/mux')
@@ -334,3 +259,84 @@ class SASLAuthDaemon(object):
         fp = open(conf.pidfile,'w')
         fp.write("%d\n" % (pid))
         fp.close()
+
+    def _ensure_socket_dir(self):
+        utils.ensure_directory(
+                '/var/run/saslauthd/',
+                conf.process_username,
+                conf.process_groupname
+            )
+
+    def _drop_privileges(self):
+        try:
+            try:
+                (ruid, euid, suid) = os.getresuid()
+                (rgid, egid, sgid) = os.getresgid()
+            except AttributeError, errmsg:
+                ruid = os.getuid()
+                rgid = os.getgid()
+
+            if ruid == 0:
+                # Means we can setreuid() / setregid() / setgroups()
+                if rgid == 0:
+                    # Get group entry details
+                    try:
+                        (
+                                group_name,
+                                group_password,
+                                group_gid,
+                                group_members
+                            ) = grp.getgrnam(conf.process_groupname)
+
+                    except KeyError:
+                        print >> sys.stderr, _("Group %s does not exist") % (
+                                conf.process_groupname
+                            )
+
+                        sys.exit(1)
+
+                    # Set real and effective group if not the same as current.
+                    if not group_gid == rgid:
+                        log.debug(
+                                _("Switching real and effective group id to %d") % (
+                                        group_gid
+                                    ),
+                                level=8
+                            )
+
+                        os.setregid(group_gid, group_gid)
+
+                if ruid == 0:
+                    # Means we haven't switched yet.
+                    try:
+                        (
+                                user_name,
+                                user_password,
+                                user_uid,
+                                user_gid,
+                                user_gecos,
+                                user_homedir,
+                                user_shell
+                            ) = pwd.getpwnam(conf.process_username)
+
+                    except KeyError:
+                        print >> sys.stderr, _("User %s does not exist") % (
+                                conf.process_username
+                            )
+
+                        sys.exit(1)
+
+
+                    # Set real and effective user if not the same as current.
+                    if not user_uid == ruid:
+                        log.debug(
+                                _("Switching real and effective user id to %d") % (
+                                        user_uid
+                                    ),
+                                level=8
+                            )
+
+                        os.setreuid(user_uid, user_uid)
+
+        except:
+            log.error(_("Could not change real and effective uid and/or gid"))


commit ecf74101ee461d16a46626c02237152633a2a802
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sat Feb 15 13:49:25 2014 +0100

    Do not actually switch gid in logger

diff --git a/pykolab/logger.py b/pykolab/logger.py
index fc396cb..ef38f4f 100644
--- a/pykolab/logger.py
+++ b/pykolab/logger.py
@@ -142,17 +142,6 @@ class Logger(logging.Logger):
 
                         sys.exit(1)
 
-                    # Set real and effective group if not the same as current.
-                    if not group_gid == rgid:
-                        self.debug(
-                                _("Switching real and effective group id to %d") % (
-                                        group_gid
-                                    ),
-                                level=8
-                            )
-
-                        os.setregid(group_gid, group_gid)
-
                 if ruid == 0:
                     # Means we haven't switched yet.
                     try:


commit fae4e05bc1e0dc387d91717a375473332d5394c2
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sat Feb 15 11:52:18 2014 +0100

    Release 0.6.12

diff --git a/configure.ac b/configure.ac
index 63f947b..acc0b4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([pykolab], 0.6.11)
+AC_INIT([pykolab], 0.6.12)
 AC_SUBST([RELEASE], 1)
 
 AC_CONFIG_SRCDIR(pykolab/constants.py.in)




More information about the commits mailing list