Branch 'pykolab-0.4' - 3 commits - configure.ac kolabd/__init__.py pykolab/logger.py saslauthd/kolab-saslauthd.sysconfig wallace/__init__.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Wed May 30 11:02:21 CEST 2012
configure.ac | 2
kolabd/__init__.py | 120 +++++++++++++++++++++---
pykolab/logger.py | 9 +
saslauthd/kolab-saslauthd.sysconfig | 5 +
wallace/__init__.py | 179 +++++++++++++++++++++++++++---------
5 files changed, 258 insertions(+), 57 deletions(-)
New commits:
commit 8fe9ce543fcc3dee8dc03547f70936d504a008b8
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Wed May 30 11:01:15 2012 +0200
Add kolab-saslauthd.sysconfig
diff --git a/saslauthd/kolab-saslauthd.sysconfig b/saslauthd/kolab-saslauthd.sysconfig
new file mode 100644
index 0000000..0bfb4bc
--- /dev/null
+++ b/saslauthd/kolab-saslauthd.sysconfig
@@ -0,0 +1,5 @@
+# Configuration file for the Kolab SASL Autentication daemon.
+#
+# See kolab-saslauthd --help for more flags.
+#
+FLAGS="--fork -l warning"
\ No newline at end of file
commit 11ccbb5f7656088a947f8d6555f077283e670d6c
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue May 29 10:54:30 2012 +0200
Bump release
diff --git a/configure.ac b/configure.ac
index 3b83e52..2d4af20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_INIT([pykolab], 0.4.8)
-AC_SUBST([RELEASE], 1)
+AC_SUBST([RELEASE], 2)
AC_CONFIG_SRCDIR(pykolab/constants.py.in)
commit fed1128ba32918f31bd7a3ccda4b8a2db9d9c94a
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue May 29 10:47:39 2012 +0200
Make sure we use no functions that have been introduced in Python > 2.6 (#803)
Conflicts:
kolabd/__init__.py
wallace/__init__.py
diff --git a/kolabd/__init__.py b/kolabd/__init__.py
index 2d3f94f..662819b 100644
--- a/kolabd/__init__.py
+++ b/kolabd/__init__.py
@@ -45,17 +45,42 @@ class KolabDaemon(object):
daemon_group = conf.add_cli_parser_option_group(_("Daemon Options"))
- daemon_group.add_option( "--fork",
- dest = "fork_mode",
- action = "store_true",
- default = False,
- help = _("Fork to the background."))
-
- daemon_group.add_option( "-p", "--pid-file",
- dest = "pidfile",
- action = "store",
- default = "/var/run/kolabd/kolabd.pid",
- help = _("Path to the PID file to use."))
+ daemon_group.add_option(
+ "--fork",
+ dest = "fork_mode",
+ action = "store_true",
+ default = False,
+ help = _("Fork to the background.")
+ )
+
+ daemon_group.add_option(
+ "-p",
+ "--pid-file",
+ dest = "pidfile",
+ action = "store",
+ default = "/var/run/kolabd/kolabd.pid",
+ help = _("Path to the PID file to use.")
+ )
+
+ daemon_group.add_option(
+ "-u",
+ "--user",
+ dest = "process_username",
+ action = "store",
+ default = "kolab",
+ help = _("Run as user USERNAME"),
+ metavar = "USERNAME"
+ )
+
+ daemon_group.add_option(
+ "-g",
+ "--group",
+ dest = "process_groupname",
+ action = "store",
+ default = "kolab",
+ help = _("Run as group GROUPNAME"),
+ metavar = "GROUPNAME"
+ )
conf.finalize_conf()
@@ -65,6 +90,79 @@ class KolabDaemon(object):
exitcode = 0
try:
+ try:
+ (ruid, euid, suid) = os.getresuid()
+ (rgid, egid, sgid) = os.getresgid()
+ except AttributeError, errmsg:
+ ruid = os.getuid()
+ rgid = os.getgid()
+
+ if ruid == 0:
+ # Means we can setreuid() / setregid() / setgroups()
+ if rgid == 0:
+ # Get group entry details
+ try:
+ (
+ group_name,
+ group_password,
+ group_gid,
+ group_members
+ ) = grp.getgrnam(conf.process_groupname)
+
+ except KeyError:
+ print >> sys.stderr, _("Group %s does not exist") % (
+ conf.process_groupname
+ )
+
+ sys.exit(1)
+
+ # Set real and effective group if not the same as current.
+ if not group_gid == rgid:
+ log.debug(
+ _("Switching real and effective group id to %d") % (
+ group_gid
+ ),
+ level=8
+ )
+
+ os.setregid(group_gid, group_gid)
+
+ if ruid == 0:
+ # Means we haven't switched yet.
+ try:
+ (
+ user_name,
+ user_password,
+ user_uid,
+ user_gid,
+ user_gecos,
+ user_homedir,
+ user_shell
+ ) = pwd.getpwnam(conf.process_username)
+
+ except KeyError:
+ print >> sys.stderr, _("User %s does not exist") % (
+ conf.process_username
+ )
+
+ sys.exit(1)
+
+
+ # Set real and effective user if not the same as current.
+ if not user_uid == ruid:
+ log.debug(
+ _("Switching real and effective user id to %d") % (
+ user_uid
+ ),
+ level=8
+ )
+
+ os.setreuid(user_uid, user_uid)
+
+ except:
+ log.error(_("Could not change real and effective uid and/or gid"))
+
+ try:
pid = 1
if conf.fork_mode:
pid = os.fork()
diff --git a/pykolab/logger.py b/pykolab/logger.py
index 94a84fb..878f79f 100644
--- a/pykolab/logger.py
+++ b/pykolab/logger.py
@@ -92,8 +92,13 @@ class Logger(logging.Logger):
fhandle.close()
# Make sure (read: attempt to change) the permissions
- (ruid, euid, suid) = os.getresuid()
- (rgid, egid, sgid) = os.getresgid()
+ try:
+ (ruid, euid, suid) = os.getresuid()
+ (rgid, egid, sgid) = os.getresgid()
+ except AttributeError, errmsg:
+ ruid = os.getuid()
+ rgid = os.getgid()
+
if ruid == 0 or rgid == 0:
try:
os.chown(
diff --git a/wallace/__init__.py b/wallace/__init__.py
index 6677613..05d536e 100644
--- a/wallace/__init__.py
+++ b/wallace/__init__.py
@@ -53,6 +53,16 @@ class WallaceDaemon(object):
)
daemon_group.add_option(
+ "-g",
+ "--group",
+ dest = "process_groupname",
+ action = "store",
+ default = "kolab",
+ help = _("Run as group GROUPNAME"),
+ metavar = "GROUPNAME"
+ )
+
+ daemon_group.add_option(
"-p", "--pid-file",
dest = "pidfile",
action = "store",
@@ -68,6 +78,16 @@ class WallaceDaemon(object):
help = _("Port that Wallace is supposed to use.")
)
+ daemon_group.add_option(
+ "-u",
+ "--user",
+ dest = "process_username",
+ action = "store",
+ default = "kolab",
+ help = _("Run as user USERNAME"),
+ metavar = "USERNAME"
+ )
+
conf.finalize_conf()
import modules
@@ -184,49 +204,6 @@ class WallaceDaemon(object):
log.debug(_("Executing module %s") % (module), level=8)
modules.execute(module, filename)
- def run(self):
- """
- Run the SASL authentication daemon.
- """
-
- exitcode = 0
-
- try:
- pid = 1
- if conf.fork_mode:
- self.thread_count += 1
- self.write_pid()
- self.set_signal_handlers()
- pid = os.fork()
-
- if pid == 0:
- log.remove_stdout_handler()
-
- self.do_wallace()
-
- except SystemExit, e:
- exitcode = e
- except KeyboardInterrupt:
- exitcode = 1
- log.info(_("Interrupted by user"))
- except AttributeError, e:
- exitcode = 1
- traceback.print_exc()
- print >> sys.stderr, _("Traceback occurred, please report a " + \
- "bug at http://bugzilla.kolabsys.com")
-
- except TypeError, e:
- exitcode = 1
- traceback.print_exc()
- log.error(_("Type Error: %s") % e)
- except:
- exitcode = 2
- traceback.print_exc()
- print >> sys.stderr, _("Traceback occurred, please report a " + \
- "bug at http://bugzilla.kolabsys.com")
-
- sys.exit(exitcode)
-
def pickup_defer(self):
wallace_modules = conf.get_list('wallace', 'modules')
@@ -440,6 +417,122 @@ class WallaceDaemon(object):
os.remove(conf.pidfile)
raise SystemExit
+ def run(self):
+ """
+ Run the Wallace daemon.
+ """
+
+ exitcode = 0
+
+ try:
+ try:
+ (ruid, euid, suid) = os.getresuid()
+ (rgid, egid, sgid) = os.getresgid()
+ except AttributeError, errmsg:
+ ruid = os.getuid()
+ rgid = os.getgid()
+
+ if ruid == 0:
+ # Means we can setreuid() / setregid() / setgroups()
+ if rgid == 0:
+ # Get group entry details
+ try:
+ (
+ group_name,
+ group_password,
+ group_gid,
+ group_members
+ ) = grp.getgrnam(conf.process_groupname)
+
+ except KeyError:
+ print >> sys.stderr, _("Group %s does not exist") % (
+ conf.process_groupname
+ )
+
+ sys.exit(1)
+
+ # Set real and effective group if not the same as current.
+ if not group_gid == rgid:
+ log.debug(
+ _("Switching real and effective group id to %d") % (
+ group_gid
+ ),
+ level=8
+ )
+
+ os.setregid(group_gid, group_gid)
+
+ if ruid == 0:
+ # Means we haven't switched yet.
+ try:
+ (
+ user_name,
+ user_password,
+ user_uid,
+ user_gid,
+ user_gecos,
+ user_homedir,
+ user_shell
+ ) = pwd.getpwnam(conf.process_username)
+
+ except KeyError:
+ print >> sys.stderr, _("User %s does not exist") % (
+ conf.process_username
+ )
+
+ sys.exit(1)
+
+
+ # Set real and effective user if not the same as current.
+ if not user_uid == ruid:
+ log.debug(
+ _("Switching real and effective user id to %d") % (
+ user_uid
+ ),
+ level=8
+ )
+
+ os.setreuid(user_uid, user_uid)
+
+ except:
+ log.error(_("Could not change real and effective uid and/or gid"))
+
+ try:
+ pid = 1
+ if conf.fork_mode:
+ self.thread_count += 1
+ self.write_pid()
+ self.set_signal_handlers()
+ pid = os.fork()
+
+ if pid == 0:
+ log.remove_stdout_handler()
+
+ self.do_wallace()
+
+ except SystemExit, e:
+ exitcode = e
+ except KeyboardInterrupt:
+ exitcode = 1
+ log.info(_("Interrupted by user"))
+ except AttributeError, e:
+ exitcode = 1
+ traceback.print_exc()
+ print >> sys.stderr, _("Traceback occurred, please report a " + \
+ "bug at http://bugzilla.kolabsys.com")
+
+ except TypeError, e:
+ exitcode = 1
+ traceback.print_exc()
+ log.error(_("Type Error: %s") % e)
+ except:
+ exitcode = 2
+ traceback.print_exc()
+ print >> sys.stderr, _("Traceback occurred, please report a " + \
+ "bug at http://bugzilla.kolabsys.com")
+
+ sys.exit(exitcode)
+
def set_signal_handlers(self):
import signal
signal.signal(signal.SIGHUP, self.reload_config)
More information about the commits
mailing list