BIND 10 trac1508, updated. 6ce0d2a309b5032305ae13528ad0a71494558b58 [1508] Remove the documentation
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Dec 27 15:01:03 UTC 2011
The branch, trac1508 has been updated
via 6ce0d2a309b5032305ae13528ad0a71494558b58 (commit)
via 04dca588b5ec0f63e91800c612f6f616422cc9df (commit)
via 9e43c8d7558c31febb16c412a4ce425cac5257b5 (commit)
from 0cc0fe82ac433701d239a5ca1e8307cfcb9c7825 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6ce0d2a309b5032305ae13528ad0a71494558b58
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Dec 27 15:52:56 2011 +0100
[1508] Remove the documentation
commit 04dca588b5ec0f63e91800c612f6f616422cc9df
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Dec 27 15:41:53 2011 +0100
[1508] The specification
It no longer contains the setuid component, as it is gone and not
needed.
commit 9e43c8d7558c31febb16c412a4ce425cac5257b5
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Dec 27 15:26:27 2011 +0100
[1508] Move the dropping root into the socket creator
And removed the setuid component
-----------------------------------------------------------------------
Summary of changes:
doc/guide/bind10-guide.xml | 18 +--------
src/bin/bind10/bob.spec | 7 +---
src/lib/python/isc/bind10/special_component.py | 34 ++--------------
src/lib/python/isc/bind10/tests/component_test.py | 42 +++++++++++++++++----
4 files changed, 41 insertions(+), 60 deletions(-)
-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index b186111..9f816a2 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -810,7 +810,6 @@ Debian and Ubuntu:
<row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative server</entry></row>
<row><entry>b10-resolver</entry><entry>resolver</entry><entry>The resolver</entry></row>
<row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>The command control (remote control interface)</entry></row>
- <row><entry>setuid</entry><entry>setuid</entry><entry>Virtual component, see below</entry></row>
<!-- TODO Either add xfrin and xfrout as well or clean up the workarounds in boss before the release -->
</tbody>
</tgroup>
@@ -838,6 +837,7 @@ Debian and Ubuntu:
The priority defines order in which the components should start.
The ones with higher number are started sooner than the ones with
lower ones. If you don't set it, 0 (zero) is used as the priority.
+ Usually, leaving it at the default is enough.
</para>
<para>
@@ -895,22 +895,6 @@ address, but the usual ones don't." mean? -->
</para>
</note>
- <para>
- Now, to the mysterious setuid virtual component. If you
- use the <command>-u</command> option to start the
- <command>bind10</command> as root, but change the user
- later, we need to start the <command>b10-auth</command> or
- <command>b10-resolver</command> as root (until the socket
- creator is finished).<!-- TODO --> So we need to specify
- the time when the switch from root do the given user happens
- and that's what the setuid component is for. The switch is
- done at the time the setuid component would be started, if
- it was a process. The default configuration contains the
- setuid component with priority 5, <command>b10-auth</command>
- has 10 to be started before the switch and everything else
- is without priority, so it is started after the switch.
- </para>
-
</section>
</chapter>
diff --git a/src/bin/bind10/bob.spec b/src/bin/bind10/bob.spec
index adc9798..29b1f40 100644
--- a/src/bin/bind10/bob.spec
+++ b/src/bin/bind10/bob.spec
@@ -8,12 +8,7 @@
"item_type": "named_set",
"item_optional": false,
"item_default": {
- "b10-auth": { "special": "auth", "kind": "needed", "priority": 10 },
- "setuid": {
- "special": "setuid",
- "priority": 5,
- "kind": "dispensable"
- },
+ "b10-auth": { "special": "auth", "kind": "needed" },
"b10-xfrin": { "address": "Xfrin", "kind": "dispensable" },
"b10-xfrout": { "address": "Xfrout", "kind": "dispensable" },
"b10-zonemgr": { "address": "Zonemgr", "kind": "dispensable" },
diff --git a/src/lib/python/isc/bind10/special_component.py b/src/lib/python/isc/bind10/special_component.py
index c9c7683..4c86ff2 100644
--- a/src/lib/python/isc/bind10/special_component.py
+++ b/src/lib/python/isc/bind10/special_component.py
@@ -36,6 +36,7 @@ class SockCreator(BaseComponent):
def __init__(self, process, boss, kind, address=None, params=None):
BaseComponent.__init__(self, boss, kind)
self.__creator = None
+ self.__uid = boss.uid
def _start_internal(self):
self._boss.curproc = 'b10-sockcreator'
@@ -44,6 +45,9 @@ class SockCreator(BaseComponent):
self._boss.register_process(self.pid(), self)
self._boss.set_creator(self.__creator)
self._boss.log_started(self.pid())
+ if self.__uid is not None:
+ logger.info(BIND10_SETUID, self.__uid)
+ posix.setuid(self.__uid)
def _stop_internal(self):
self.__creator.terminate()
@@ -108,32 +112,6 @@ class CmdCtl(Component):
def __init__(self, process, boss, kind, address=None, params=None):
Component.__init__(self, process, boss, kind, 'Cmdctl', None,
boss.start_cmdctl)
-
-class SetUID(BaseComponent):
- """
- This is a pseudo-component which drops root privileges when started
- and sets the uid stored in boss.
-
- This component does nothing when stopped.
- """
- def __init__(self, process, boss, kind, address=None, params=None):
- BaseComponent.__init__(self, boss, kind)
- self.uid = boss.uid
-
- def _start_internal(self):
- if self.uid is not None:
- logger.info(BIND10_SETUID, self.uid)
- posix.setuid(self.uid)
-
- def _stop_internal(self): pass
- def kill(self, forceful=False): pass
-
- def name(self):
- return "Set UID"
-
- def pid(self):
- return None
-
def get_specials():
"""
List of specially started components. Each one should be the class than can
@@ -147,7 +125,5 @@ def get_specials():
# They should not have any parameters anyway
'auth': Auth,
'resolver': Resolver,
- 'cmdctl': CmdCtl,
- # TODO: Remove when not needed, workaround before sockcreator works
- 'setuid': SetUID
+ 'cmdctl': CmdCtl
}
diff --git a/src/lib/python/isc/bind10/tests/component_test.py b/src/lib/python/isc/bind10/tests/component_test.py
index 3b49b18..3782813 100644
--- a/src/lib/python/isc/bind10/tests/component_test.py
+++ b/src/lib/python/isc/bind10/tests/component_test.py
@@ -507,8 +507,7 @@ class ComponentTests(BossUtils, unittest.TestCase):
isc.bind10.special_component.CfgMgr,
isc.bind10.special_component.Auth,
isc.bind10.special_component.Resolver,
- isc.bind10.special_component.CmdCtl,
- isc.bind10.special_component.SetUID]:
+ isc.bind10.special_component.CmdCtl]:
component = component_type('none', self, 'needed')
self.assertIsNone(component.pid())
@@ -611,14 +610,38 @@ class ComponentTests(BossUtils, unittest.TestCase):
def setuid(self, uid):
self.__uid_set = uid
- def test_setuid(self):
+ class FakeCreator:
+ def pid(self):
+ return 42
+ def terminate(self): pass
+ def kill(self): pass
+
+ def set_creator(self, creator):
+ """
+ Part of faking being the boss. Check the creator (faked as well)
+ is passed here.
+ """
+ self.assertTrue(isinstance(creator, self.FakeCreator))
+
+ def log_started(self, pid):
+ """
+ Part of faking the boss. Check the pid is the one of the fake creator.
+ """
+ self.assertEqual(42, pid)
+
+ def test_creator(self):
"""
- Some tests around the SetUID pseudo-component.
+ Some tests around the SockCreator component.
"""
- component = isc.bind10.special_component.SetUID(None, self, 'needed',
- None)
+ component = isc.bind10.special_component.SockCreator(None, self, 'needed',
+ None)
orig_setuid = isc.bind10.special_component.posix.setuid
isc.bind10.special_component.posix.setuid = self.setuid
+ orig_creator = \
+ isc.bind10.special_component.isc.bind10.sockcreator.Creator
+ # Just ignore the creator call
+ isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
+ lambda path: self.FakeCreator()
component.start()
# No uid set in boss, nothing called.
self.assertIsNone(self.__uid_set)
@@ -627,11 +650,14 @@ class ComponentTests(BossUtils, unittest.TestCase):
component.kill()
component.kill(True)
self.uid = 42
- component = isc.bind10.special_component.SetUID(None, self, 'needed',
- None)
+ component = isc.bind10.special_component.SockCreator(None, self, 'needed',
+ None)
component.start()
# This time, it get's called
self.assertEqual(42, self.__uid_set)
+ isc.bind10.special_component.posix.setuid = orig_setuid
+ isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
+ orig_creator
class TestComponent(BaseComponent):
"""
More information about the bind10-changes
mailing list