Commit e3d07f9d authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[2067] when -u is specified make sure gid is changed to the user's group ID.

parent 4c6ec1df
......@@ -160,6 +160,11 @@ The boss module is sending a SIGKILL signal to the given process.
% BIND10_SEND_SIGTERM sending SIGTERM to %1 (PID %2)
The boss module is sending a SIGTERM signal to the given process.
% BIND10_SETGID setting GID to %1
The boss switches the process group ID to the given value. This happens
when BIND 10 starts with -u option, and the group ID should be of the group
the specified user.
% BIND10_SETUID setting UID to %1
The boss switches the user it runs as to the given UID.
......
......@@ -169,8 +169,8 @@ class BoB:
def __init__(self, msgq_socket_file=None, data_path=None,
config_filename=None, clear_config=False, nocache=False,
verbose=False, nokill=False, setuid=None, username=None,
cmdctl_port=None, wait_time=10):
verbose=False, nokill=False, setuid=None, setgid=None,
username=None, cmdctl_port=None, wait_time=10):
"""
Initialize the Boss of BIND. This is a singleton (only one can run).
......@@ -208,6 +208,7 @@ class BoB:
self.components_to_restart = []
self.runnable = False
self.uid = setuid
self.gid = setgid
self.username = username
self.verbose = verbose
self.nokill = nokill
......@@ -1162,6 +1163,7 @@ def main():
try:
pw_ent = pwd.getpwuid(int(options.user))
setuid = pw_ent.pw_uid
setgid = pw_ent.pw_gid
username = pw_ent.pw_name
except ValueError:
pass
......@@ -1175,6 +1177,7 @@ def main():
try:
pw_ent = pwd.getpwnam(options.user)
setuid = pw_ent.pw_uid
setgid = pw_ent.pw_gid
username = pw_ent.pw_name
except KeyError:
pass
......@@ -1205,7 +1208,7 @@ def main():
boss_of_bind = BoB(options.msgq_socket_file, options.data_path,
options.config_file, options.clear_config,
options.nocache, options.verbose, options.nokill,
setuid, username, options.cmdctl_port,
setuid, setgid, username, options.cmdctl_port,
options.wait_time)
startup_result = boss_of_bind.startup()
if startup_result:
......
......@@ -37,6 +37,7 @@ class SockCreator(BaseComponent):
BaseComponent.__init__(self, boss, kind)
self.__creator = None
self.__uid = boss.uid
self.__gid = boss.gid
def _start_internal(self):
self._boss.curproc = 'b10-sockcreator'
......@@ -45,6 +46,9 @@ class SockCreator(BaseComponent):
self._boss.register_process(self.pid(), self)
self._boss.set_creator(self.__creator)
self._boss.log_started(self.pid())
if self.__gid is not None:
logger.info(BIND10_SETGID, self.__gid)
posix.setgid(self.__gid)
if self.__uid is not None:
logger.info(BIND10_SETUID, self.__uid)
posix.setuid(self.__uid)
......
......@@ -104,6 +104,8 @@ class ComponentTests(BossUtils, unittest.TestCase):
self.__stop_process_params = None
self.__start_simple_params = None
# Pretending to be boss
self.gid = None
self.__gid_set = None
self.uid = None
self.__uid_set = None
......@@ -609,6 +611,9 @@ class ComponentTests(BossUtils, unittest.TestCase):
self.assertTrue(process.killed)
self.assertFalse(process.terminated)
def setgid(self, gid):
self.__gid_set = gid
def setuid(self, uid):
self.__uid_set = uid
......@@ -637,7 +642,9 @@ class ComponentTests(BossUtils, unittest.TestCase):
"""
component = isc.bind10.special_component.SockCreator(None, self,
'needed', None)
orig_setgid = isc.bind10.special_component.posix.setgid
orig_setuid = isc.bind10.special_component.posix.setuid
isc.bind10.special_component.posix.setgid = self.setgid
isc.bind10.special_component.posix.setuid = self.setuid
orig_creator = \
isc.bind10.special_component.isc.bind10.sockcreator.Creator
......@@ -645,18 +652,22 @@ class ComponentTests(BossUtils, unittest.TestCase):
isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
lambda path: self.FakeCreator()
component.start()
# No uid set in boss, nothing called.
# No gid/uid set in boss, nothing called.
self.assertIsNone(self.__gid_set)
self.assertIsNone(self.__uid_set)
# Doesn't do anything, but doesn't crash
component.stop()
component.kill()
component.kill(True)
self.gid = 42
self.uid = 42
component = isc.bind10.special_component.SockCreator(None, self,
'needed', None)
component.start()
# This time, it get's called
self.assertEqual(42, self.__gid_set)
self.assertEqual(42, self.__uid_set)
isc.bind10.special_component.posix.setgid = orig_setgid
isc.bind10.special_component.posix.setuid = orig_setuid
isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
orig_creator
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment