BIND 10 master, updated. 34521105b0e83da5f2c6682481330a97beb082f5 [2067] use different test gid than that for uid
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Jun 19 19:32:46 UTC 2012
The branch, master has been updated
via 34521105b0e83da5f2c6682481330a97beb082f5 (commit)
via 2d9a5fab35616e4bde53e1767e2ddbbcca5b3a93 (commit)
via e3d07f9d5f238cacb5941ead19923fa386399ff9 (commit)
from 4c6ec1df4afb3f59a22ec4c9d1a824089aa23aa4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 34521105b0e83da5f2c6682481330a97beb082f5
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Tue Jun 19 12:05:40 2012 -0700
[2067] use different test gid than that for uid
commit 2d9a5fab35616e4bde53e1767e2ddbbcca5b3a93
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Tue Jun 19 12:04:28 2012 -0700
[2067] make sure 'setgid' is initialized in main()
commit e3d07f9d5f238cacb5941ead19923fa386399ff9
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Tue Jun 19 11:11:53 2012 -0700
[2067] when -u is specified make sure gid is changed to the user's group ID.
-----------------------------------------------------------------------
Summary of changes:
src/bin/bind10/bind10_messages.mes | 5 +++++
src/bin/bind10/bind10_src.py.in | 10 +++++++---
src/lib/python/isc/bind10/special_component.py | 4 ++++
src/lib/python/isc/bind10/tests/component_test.py | 13 ++++++++++++-
4 files changed, 28 insertions(+), 4 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/bind10/bind10_messages.mes b/src/bin/bind10/bind10_messages.mes
index 4e7b49b..c751583 100644
--- a/src/bin/bind10/bind10_messages.mes
+++ b/src/bin/bind10/bind10_messages.mes
@@ -160,6 +160,11 @@ The boss module is sending a SIGKILL signal to the given process.
% BIND10_SEND_SIGTERM sending SIGTERM to %1 (PID %2)
The boss module is sending a SIGTERM signal to the given process.
+% BIND10_SETGID setting GID to %1
+The boss switches the process group ID to the given value. This happens
+when BIND 10 starts with the -u option, and the group ID will be set to
+that of the specified user.
+
% BIND10_SETUID setting UID to %1
The boss switches the user it runs as to the given UID.
diff --git a/src/bin/bind10/bind10_src.py.in b/src/bin/bind10/bind10_src.py.in
index 08e16c6..b9dbc36 100755
--- a/src/bin/bind10/bind10_src.py.in
+++ b/src/bin/bind10/bind10_src.py.in
@@ -169,8 +169,8 @@ class BoB:
def __init__(self, msgq_socket_file=None, data_path=None,
config_filename=None, clear_config=False, nocache=False,
- verbose=False, nokill=False, setuid=None, username=None,
- cmdctl_port=None, wait_time=10):
+ verbose=False, nokill=False, setuid=None, setgid=None,
+ username=None, cmdctl_port=None, wait_time=10):
"""
Initialize the Boss of BIND. This is a singleton (only one can run).
@@ -208,6 +208,7 @@ class BoB:
self.components_to_restart = []
self.runnable = False
self.uid = setuid
+ self.gid = setgid
self.username = username
self.verbose = verbose
self.nokill = nokill
@@ -1156,12 +1157,14 @@ def main():
# Check user ID.
setuid = None
+ setgid = None
username = None
if options.user:
# Try getting information about the user, assuming UID passed.
try:
pw_ent = pwd.getpwuid(int(options.user))
setuid = pw_ent.pw_uid
+ setgid = pw_ent.pw_gid
username = pw_ent.pw_name
except ValueError:
pass
@@ -1175,6 +1178,7 @@ def main():
try:
pw_ent = pwd.getpwnam(options.user)
setuid = pw_ent.pw_uid
+ setgid = pw_ent.pw_gid
username = pw_ent.pw_name
except KeyError:
pass
@@ -1205,7 +1209,7 @@ def main():
boss_of_bind = BoB(options.msgq_socket_file, options.data_path,
options.config_file, options.clear_config,
options.nocache, options.verbose, options.nokill,
- setuid, username, options.cmdctl_port,
+ setuid, setgid, username, options.cmdctl_port,
options.wait_time)
startup_result = boss_of_bind.startup()
if startup_result:
diff --git a/src/lib/python/isc/bind10/special_component.py b/src/lib/python/isc/bind10/special_component.py
index ebdc07f..688ccf5 100644
--- a/src/lib/python/isc/bind10/special_component.py
+++ b/src/lib/python/isc/bind10/special_component.py
@@ -37,6 +37,7 @@ class SockCreator(BaseComponent):
BaseComponent.__init__(self, boss, kind)
self.__creator = None
self.__uid = boss.uid
+ self.__gid = boss.gid
def _start_internal(self):
self._boss.curproc = 'b10-sockcreator'
@@ -45,6 +46,9 @@ class SockCreator(BaseComponent):
self._boss.register_process(self.pid(), self)
self._boss.set_creator(self.__creator)
self._boss.log_started(self.pid())
+ if self.__gid is not None:
+ logger.info(BIND10_SETGID, self.__gid)
+ posix.setgid(self.__gid)
if self.__uid is not None:
logger.info(BIND10_SETUID, self.__uid)
posix.setuid(self.__uid)
diff --git a/src/lib/python/isc/bind10/tests/component_test.py b/src/lib/python/isc/bind10/tests/component_test.py
index ec0e8af..af529f8 100644
--- a/src/lib/python/isc/bind10/tests/component_test.py
+++ b/src/lib/python/isc/bind10/tests/component_test.py
@@ -104,6 +104,8 @@ class ComponentTests(BossUtils, unittest.TestCase):
self.__stop_process_params = None
self.__start_simple_params = None
# Pretending to be boss
+ self.gid = None
+ self.__gid_set = None
self.uid = None
self.__uid_set = None
@@ -609,6 +611,9 @@ class ComponentTests(BossUtils, unittest.TestCase):
self.assertTrue(process.killed)
self.assertFalse(process.terminated)
+ def setgid(self, gid):
+ self.__gid_set = gid
+
def setuid(self, uid):
self.__uid_set = uid
@@ -637,7 +642,9 @@ class ComponentTests(BossUtils, unittest.TestCase):
"""
component = isc.bind10.special_component.SockCreator(None, self,
'needed', None)
+ orig_setgid = isc.bind10.special_component.posix.setgid
orig_setuid = isc.bind10.special_component.posix.setuid
+ isc.bind10.special_component.posix.setgid = self.setgid
isc.bind10.special_component.posix.setuid = self.setuid
orig_creator = \
isc.bind10.special_component.isc.bind10.sockcreator.Creator
@@ -645,18 +652,22 @@ class ComponentTests(BossUtils, unittest.TestCase):
isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
lambda path: self.FakeCreator()
component.start()
- # No uid set in boss, nothing called.
+ # No gid/uid set in boss, nothing called.
+ self.assertIsNone(self.__gid_set)
self.assertIsNone(self.__uid_set)
# Doesn't do anything, but doesn't crash
component.stop()
component.kill()
component.kill(True)
+ self.gid = 4200
self.uid = 42
component = isc.bind10.special_component.SockCreator(None, self,
'needed', None)
component.start()
# This time, it get's called
+ self.assertEqual(4200, self.__gid_set)
self.assertEqual(42, self.__uid_set)
+ isc.bind10.special_component.posix.setgid = orig_setgid
isc.bind10.special_component.posix.setuid = orig_setuid
isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
orig_creator
More information about the bind10-changes
mailing list