[PATCH] make sure we use proper tempdirs and work correctly for users who are not root and cannot access the minion dirs - in certain situations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

this facilitates non-root people with proper keys/certs using func
and being able to track async jobs sanely.
---
 func/forkbomb.py        |    3 ++-
 func/index_db.py        |    9 +++------
 func/jobthing.py        |    2 +-
 func/overlord/client.py |    8 ++++++++
 func/utils.py           |   31 +++++++++++++++++++++++++++++++
 5 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/func/forkbomb.py b/func/forkbomb.py
index d682300..13e6a4e 100644
--- a/func/forkbomb.py
+++ b/func/forkbomb.py
@@ -20,9 +20,10 @@ import dbm
 import sys
 import tempfile
 import fcntl
+from func import utils
 
 DEFAULT_FORKS = 4
-DEFAULT_CACHE_DIR = "/var/lib/func"
+DEFAULT_CACHE_DIR = utils.getCacheDir()
 
 def __get_storage(dir):
     """
diff --git a/func/index_db.py b/func/index_db.py
index 51d7c0d..86e96f8 100644
--- a/func/index_db.py
+++ b/func/index_db.py
@@ -1,8 +1,8 @@
 import shelve
 import dbm
 import fcntl
+from func import utils
 
-MY_STORE = "/var/lib/func"
 INTERNAL_DB_FILE = "log_matcher"
 
 class IndexDb(object):
@@ -19,17 +19,14 @@ class IndexDb(object):
         """
         self.__storage = None
         self.__handle = None
-        self.__dir = dir
+        self.__dir = utils.getCacheDir()
 
     def __load_index(self):
         """
         Gets the store object for that instance
         """
         import os
-        if not self.__dir or not os.path.exists(self.__dir):
-            filename=os.path.join(MY_STORE,INTERNAL_DB_FILE)
-        else:
-            filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
+        filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
         try:
             self.__handle = open(filename,self.__mode)
         except IOError, e:
diff --git a/func/jobthing.py b/func/jobthing.py
index 11de4c6..c75ee00 100644
--- a/func/jobthing.py
+++ b/func/jobthing.py
@@ -37,7 +37,7 @@ JOB_ID_REMOTE_ERROR = 4
 RETAIN_INTERVAL = 60 * 60
 
 # where to store the internal job id database
-CACHE_DIR = "/var/lib/func"
+CACHE_DIR = utils.getCacheDir()
 
 def __update_status(jobid, status, results, clear=False):
     return __access_status(jobid=jobid, status=status, results=results, write=True)
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 2d0aba0..80df7fd 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -157,6 +157,14 @@ class Minions(object):
                 return tmp_hosts,tmp_certs
             else:
                 each_gloob = shortest_path[0]
+        
+        if not os.access(self.cm_config.certroot, os.R_OK):
+            if self.overlord_config.allow_unknown_minions:
+                tmp_hosts.add(each_gloob)
+            else:
+                sys.stderr.write("Cannot read certs dir: %s and cannot use unknown minion\n" % (self.cm_config.certroot))
+            
+            return tmp_hosts,tmp_certs
 
         #actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, each_gloob, self.cm_config.cert_extension)
         certs = func_utils.find_files_by_hostname(each_gloob, self.cm_config.certroot, self.cm_config.cert_extension)
diff --git a/func/utils.py b/func/utils.py
index fd456c1..64a7a83 100644
--- a/func/utils.py
+++ b/func/utils.py
@@ -12,11 +12,16 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 import inspect
 import os
+import pwd
 import socket
 import string
 import sys
 import re
 import fnmatch
+import tempfile
+import glob
+from stat import *
+
 
 from certmaster.config import read_config
 from certmaster.commonconfig import MinionConfig
@@ -215,6 +220,32 @@ def re_glob(s):
     if _re_compiled_glob_match is None:
         _re_compiled_glob_match = re.compile('[*?]|\[.+\]').search
     return _re_compiled_glob_match(s)
+    
+def getCacheDir(tmpdir='/var/tmp', reuse=True, prefix='func-'):
+    """return a path to a valid and safe cachedir - only used when not running
+       as root or when --tempcache is set"""
+    
+    uid = os.geteuid()
+    try:
+        usertup = pwd.getpwuid(uid)
+        username = usertup[0]
+    except KeyError:
+        return None # if it returns None then, well, it's bollocksed
+
+    if reuse:
+        # check for /var/tmp/func-username-* - 
+        prefix = '%s%s-' % (prefix, username)
+        dirpath = '%s/%s*' % (tmpdir, prefix)
+        cachedirs = sorted(glob.glob(dirpath))
+        for thisdir in cachedirs:
+            stats = os.lstat(thisdir)
+            if S_ISDIR(stats[0]) and S_IMODE(stats[0]) == 448 and stats[4] == uid:
+                return thisdir
+
+    # make the dir (tempfile.mkdtemp())
+    cachedir = tempfile.mkdtemp(prefix=prefix, dir=tmpdir)
+    return cachedir
+
 
 #################### PROGRESS BAR ##################################
 # The code below can be used for progress bar purposes as we will do
-- 
1.7.4

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux