Example #1
1
	def store(self, sender, reciever, message):
		if not self.owner:
			if 'filepermissions' in config and 'owner' in config['filepermissions']:
				self.owner = config['filepermissions']['owner']
			else:
				self.owner = getpass.getuser()
		if not self.group:
			if 'filepermissions' in config and 'group' in config['filepermissions']:
				self.group = config['filepermissions']['group']
			else:
				self.group = getpass.getuser()

		print('Mail will be stored as {}.{}'.format(self.owner, self.group))

		if not self.uid:
			self.uid = pwd.getpwnam(self.owner).pw_uid
		if not self.gid:
			self.gid = grp.getgrnam(self.group).gr_gid
		chown(self.path, self.uid, self.gid)

		destination = '{}/{}.mail'.format(self.path, generate_UID())
		log('Stored mail from {} to reciever {} under \'{}\''.format(sender, reciever, destination), product='slimSMTP', handler='storage_maildir', level=3)
		with open(destination, 'wb') as mail:
			mail.write(message)

		chown(destination, self.uid, self.gid)

		return True
Example #2
0
    def _create_bench_dir(self):
        """Create the directory for a benchmark."""
        # Get group_id if available (given by JUBE_GROUP_NAME)
        group_id = jube2.util.check_and_get_group_id()
        # Check if outpath exists
        if not (os.path.exists(self._outpath) and
                os.path.isdir(self._outpath)):
            os.makedirs(self._outpath)
            if group_id is not None:
                os.chown(self._outpath, os.getuid(), group_id)
        # Generate unique ID in outpath
        if self._id < 0:
            self._id = jube2.util.get_current_id(self._outpath) + 1
        if os.path.exists(self.bench_dir):
            raise RuntimeError("Benchmark directory \"{0}\" already exist"
                               .format(self.bench_dir))

        os.makedirs(self.bench_dir)
        # If JUBE_GROUP_NAME is given, set GID-Bit and change group
        if group_id is not None:
            os.chmod(self.bench_dir,
                     os.stat(self.bench_dir).st_mode | stat.S_ISGID)
            os.chown(self.bench_dir, os.getuid(), group_id)
        self.write_benchmark_configuration(
            os.path.join(self.bench_dir, jube2.conf.CONFIGURATION_FILENAME))
        jube2.util.update_timestamps(os.path.join(self.bench_dir,
                                                  jube2.conf.TIMESTAMPS_INFO),
                                     "start", "change")
def ensure_permissions(path, user, group, permissions, maxdepth=-1):
    """Ensure permissions for path.

    If path is a file, apply to file and return. If path is a directory,
    apply recursively (if required) to directory contents and return.

    :param user: user name
    :param group: group name
    :param permissions: octal permissions
    :param maxdepth: maximum recursion depth. A negative maxdepth allows
                     infinite recursion and maxdepth=0 means no recursion.
    :returns: None
    """
    if not os.path.exists(path):
        log("File '%s' does not exist - cannot set permissions" % (path),
            level=WARNING)
        return

    _user = pwd.getpwnam(user)
    os.chown(path, _user.pw_uid, grp.getgrnam(group).gr_gid)
    os.chmod(path, permissions)

    if maxdepth == 0:
        log("Max recursion depth reached - skipping further recursion",
            level=DEBUG)
        return
    elif maxdepth > 0:
        maxdepth -= 1

    if os.path.isdir(path):
        contents = glob.glob("%s/*" % (path))
        for c in contents:
            ensure_permissions(c, user=user, group=group,
                               permissions=permissions, maxdepth=maxdepth)
Example #4
0
    def download(self, url, get={}, post={}, ref=True, cookies=True, disposition=False):
        """Downloads the content at url to download folder

        :param url:
        :param get:
        :param post:
        :param ref:
        :param cookies:
        :param disposition: if True and server provides content-disposition header\
        the filename will be changed if needed
        :return: The location where the file was saved
        """

        self.checkForSameFiles()

        self.pyfile.setStatus("downloading")

        download_folder = self.config['general']['download_folder']

        location = save_join(download_folder, self.pyfile.package().folder)

        if not exists(location):
            makedirs(location, int(self.core.config["permission"]["folder"], 8))

            if self.core.config["permission"]["change_dl"] and os.name != "nt":
                try:
                    uid = getpwnam(self.config["permission"]["user"])[2]
                    gid = getgrnam(self.config["permission"]["group"])[2]

                    chown(location, uid, gid)
                except Exception, e:
                    self.log.warning(_("Setting User and Group failed: %s") % str(e))
Example #5
0
    def _init_log_file(self):
        if self._log_file is not None:
            self._log_file.close()

        if os.getuid() == 0 and not is_sudoed:
            logs_dir = SYSTEM_LOGS_DIR
        else:
            logs_dir = USER_LOGS_DIR

        if not os.path.exists(logs_dir):
            os.makedirs(logs_dir)

            # Fix permissions in case we need to create the dir with sudo
            if is_sudoed:
                uid = pwd.getpwnam(usr).pw_uid
                gid = grp.getgrnam(usr).gr_gid
                os.chown(logs_dir, uid, gid)

        log_fn = "{}/{}.log".format(logs_dir, self._app_name)

        # Fix permissions in case we need to create the file with sudo
        if not os.path.isfile(log_fn) and is_sudoed:
            # touch
            with open(log_fn, 'a'):
                pass

            uid = pwd.getpwnam(usr).pw_uid
            gid = grp.getgrnam(usr).gr_gid
            os.chown(log_fn, uid, gid)

        self._log_file = open("{}/{}.log".format(logs_dir, self._app_name), "a")
Example #6
0
	def store(self):
		"""
		Store data for next runs, set the attributes listed in :py:const:`waflib.Build.SAVED_ATTRS`. Uses a temporary
		file to avoid problems on ctrl+c.
		"""
		data = {}
		for x in SAVED_ATTRS:
			data[x] = getattr(self, x)
		db = os.path.join(self.variant_dir, Context.DBFILE)

		try:
			Node.pickle_lock.acquire()
			Node.Nod3 = self.node_class
			x = cPickle.dumps(data, PROTOCOL)
		finally:
			Node.pickle_lock.release()

		Utils.writef(db + '.tmp', x, m='wb')

		try:
			st = os.stat(db)
			os.remove(db)
			if not Utils.is_win32: # win32 has no chown but we're paranoid
				os.chown(db + '.tmp', st.st_uid, st.st_gid)
		except (AttributeError, OSError):
			pass

		# do not use shutil.move (copy is not thread-safe)
		os.rename(db + '.tmp', db)
Example #7
0
    def __setup_principal(self):
        dns_principal = "DNS/" + self.fqdn + "@" + self.realm
        installutils.kadmin_addprinc(dns_principal)

        # Store the keytab on disk
        self.fstore.backup_file(paths.NAMED_KEYTAB)
        installutils.create_keytab(paths.NAMED_KEYTAB, dns_principal)
        p = self.move_service(dns_principal)
        if p is None:
            # the service has already been moved, perhaps we're doing a DNS reinstall
            dns_principal = DN(('krbprincipalname', dns_principal),
                               ('cn', 'services'), ('cn', 'accounts'), self.suffix)
        else:
            dns_principal = p

        # Make sure access is strictly reserved to the named user
        pent = pwd.getpwnam(self.named_user)
        os.chown(paths.NAMED_KEYTAB, pent.pw_uid, pent.pw_gid)
        os.chmod(paths.NAMED_KEYTAB, 0o400)

        # modify the principal so that it is marked as an ipa service so that
        # it can host the memberof attribute, then also add it to the
        # dnsserver role group, this way the DNS is allowed to perform
        # DNS Updates
        dns_group = DN(('cn', 'DNS Servers'), ('cn', 'privileges'), ('cn', 'pbac'), self.suffix)
        mod = [(ldap.MOD_ADD, 'member', dns_principal)]

        try:
            self.admin_conn.modify_s(dns_group, mod)
        except ldap.TYPE_OR_VALUE_EXISTS:
            pass
        except Exception, e:
            root_logger.critical("Could not modify principal's %s entry: %s" \
                    % (dns_principal, str(e)))
            raise
Example #8
0
    def _deploy(self, purpose, x509, pkey, path, group):
        """Write one certificate to the filesystem."""
        try:
            groupid = grp.getgrnam(group).gr_gid
        except KeyError:
            log.info("Not deploying %r to %s: group %s not found.",
                    purpose, path, group)
            return

        fobj = cny_util.AtomicFile(path, chmod=0640)
        os.chown(fobj.name, 0, groupid)

        ext = path.split('.')[-1]
        assert ext in ('pem', 'crt', 'key')
        if ext in ('pem', 'crt'):
            fobj.write(x509)
        if ext in ('pem', 'key'):
            fobj.write(pkey)

        if self.dry_run:
            fobj.close()
            log.debug("Would deploy %r to %s (group %s)", purpose, path, group)
        else:
            fobj.commit()
            log.debug("Deployed %r to %s (group %s)", purpose, path, group)
Example #9
0
    def makedirs(self, path, chown=True):
        log = self._log('makedirs')
        if os.path.exists(path) and not os.path.isdir(path):
            try:
                log("moving %s", path)
                os.rename(path, path+".backup")
            except:
                log("ok, then remove %s", path)
                os.unlink(path)

        if not os.path.exists(path):
            log("creating %s"%path)
            os.chdir(self.project_path)
            def makedirs(name):  # modified from os.makedirs to chown each newly created path segment
                head, tail = os.path.split(name)
                if not tail:
                    head, tail = os.path.split(head)
                if head and tail and not os.path.exists(head):
                    try:
                        makedirs(head)
                    except OSError, e:
                        # be happy if someone already created the path
                        if e.errno != errno.EEXIST:
                            raise
                    if tail == os.curdir:           # xxx/newdir/. exists if xxx/newdir exists
                        return
                try:
                    os.mkdir(name, 0700)
                except OSError, e:
                    if e.errno != errno.EEXIST:
                        raise
                if not self._dev:
                    os.chown(name, self.uid, self.uid)
Example #10
0
def chown(filename, owner=None, group=None):
    # -1 to chown means don't change it

    uid = pwd.getpwnam(owner).pw_uid if owner else -1
    gid = grp.getgrnam(group).gr_gid if group else -1

    os.chown(filename, uid, gid)
Example #11
0
def setPermsPath(path, user='******', group='root', chmod=0750):
    """chown user.group and set permissions to chmod"""
    if not os.path.exists(path):
        raise OSError, "*** ERROR: Path doesn't exist (can't set permissions): %s" % path
        sys.exit(-1)

    # If non-root, don't bother to change owners
    if os.getuid() != 0:
        return

    gc = GecosCache()
    uid = gc.getuid(user)
    if uid is None:
        raise OSError, "*** ERROR: user '%s' doesn't exist. Cannot set permissions properly." % user
        sys.exit(-1)

    gid = gc.getgid(group)
    if gid is None:
        raise OSError, "*** ERROR: group '%s' doesn't exist. Cannot set permissions properly." % group
        sys.exit(-1)

    uid_, gid_ = os.stat(path)[4:6]
    if uid_ != uid or gid_ != gid:
        os.chown(path, uid, gid)
    os.chmod(path, chmod)
Example #12
0
 def ensure_file_exists(self, src, target):
     target = os.path.abspath(target)
     if not os.path.exists(target):
         self.makedirs(os.path.split(target)[0])
         shutil.copyfile(src, target)
         if USERNAME == "root":
             os.chown(target, self.uid, self.uid)
Example #13
0
def createMountPoint():
    sys.stdout.write("Création de %s..." % (mount_point))
    if not os.path.exists(mount_point):
        os.mkdir(mount_point)
    os.chown(mount_point, uid, gid)
    os.chmod(mount_point, 0775)
    print "OK"
Example #14
0
File: uid.py Project: yujiabe/mock
 def changeOwner(self, path, uid=None, gid=None):
     self._elevatePrivs()
     if uid is None:
         uid = self.unprivUid
     if gid is None:
         gid = self.unprivGid
     os.chown(path, uid, gid)
 def configure(self):
     if os.path.isfile(installation_path + "/conf/user_data.yaml.tmpl"):
         userdatayaml = installation_path + "/user-data/" + self.username
         if os.path.isfile(userdatayaml):
             userdatayaml_data_stream = open(userdatayaml, "r")
             yaml_parsed_userdata = yaml.safe_load(userdatayaml_data_stream)
             userdatayaml_data_stream.close()
             myversion = yaml_parsed_userdata.get("PHP")
             backend_config_file = installation_path + "/conf/backends.yaml"
             backend_data_yaml = open(backend_config_file, "r")
             backend_data_yaml_parsed = yaml.safe_load(backend_data_yaml)
             backend_data_yaml.close()
             if "PHP" in backend_data_yaml_parsed:
                 php_backends_dict = backend_data_yaml_parsed["PHP"]
                 php_path = php_backends_dict.get(myversion)
                 php_profile_set(self.username, php_path)
                 path_to_socket = php_path + "/var/run/" + self.username + ".sock"
                 if os.path.islink("/opt/fpmsockets/" + self.username + ".sock"):
                     os.remove("/opt/fpmsockets/" + self.username + ".sock")
                     os.symlink(path_to_socket, "/opt/fpmsockets/" + self.username + ".sock")
                 else:
                     os.symlink(path_to_socket, "/opt/fpmsockets/" + self.username + ".sock")
             else:
                 print("ERROR:: PHP Backends missing")
         else:
             subprocess.call("cp " + installation_path + "/conf/user_data.yaml.tmpl " + userdatayaml, shell=True)
             cpuser_uid = pwd.getpwnam(self.username).pw_uid
             cpuser_gid = grp.getgrnam(self.username).gr_gid
             os.chown(userdatayaml, cpuser_uid, cpuser_gid)
             os.chmod(userdatayaml, 0660)
             self.configure()
     else:
         sys.exit(0)
Example #16
0
    def _create_cookie(self, timefunc=time.time):
        
        lockfd = self._get_lock()

        cookies = self._get_cookies(timefunc)

        cookie_id = 1
        for tpl in cookies:
            if int(tpl[0]) >= cookie_id:
                cookie_id = int(tpl[0]) + 1

        cookie = hexlify(os.urandom(24))
        
        cookies.append( (str(cookie_id), str(int(timefunc())), cookie) )

        for c in cookies:
            os.write(lockfd, ' '.join(c).encode('ascii') + b'\n')

        os.close(lockfd)
        if os.geteuid() == 0:
            os.chown(self.lock_file, self.uid, self.gid)

        os.rename(self.lock_file, self.cookie_file)

        self.cookieId = cookie_id
        self.cookie   = cookie
Example #17
0
def archive(config, srcPath, uid, gid):
    """
    Move srcPath into dataroot/archived, giving the destination a unique
    (sequentially numbered) name in the case of duplicates.
    """

    archiveDir = os.path.join(config.DataRoot, "archived")

    if not os.path.exists(archiveDir):
        os.mkdir(archiveDir)
    os.chown(archiveDir, uid, gid)

    baseName = os.path.basename(srcPath)
    newName = baseName
    count = 0
    destPath = os.path.join(archiveDir, newName)
    while os.path.exists(destPath):
        count += 1
        newName = "%s.%d" % (baseName, count)
        destPath = os.path.join(archiveDir, newName)

    try:
        os.rename(srcPath, destPath)
    except OSError:
        # Can't rename, must copy/delete
        shutil.copy2(srcPath, destPath)
        os.remove(srcPath)
Example #18
0
	def changeOwner(self, filePath, user, group):
		if os.path.exists(filePath):
			uid = pwd.getpwnam(user).pw_uid
			gid = grp.getgrnam(group).gr_gid
			os.chown(filePath, uid, gid)
			return 1
		return 0
Example #19
0
 def _chown(self):
     if self.owner is not None:
         try:
             os.chown(self.path, self.owner[0], self.owner[1])
         except Exception, e:
             raise ValueError("Could not change ownership of socket file: "
                                 + "%s" % (e))
Example #20
0
def upgradeData(config):

    docRoot = config.DocumentRoot

    versionFilePath = os.path.join(docRoot, ".calendarserver_version")

    onDiskVersion = 0
    if os.path.exists(versionFilePath):
        try:
            with open(versionFilePath) as versionFile:
                onDiskVersion = int(versionFile.read().strip())
        except IOError:
            log.error("Cannot open %s; skipping migration" %
                (versionFilePath,))
        except ValueError:
            log.error("Invalid version number in %s; skipping migration" %
                (versionFilePath,))

    uid, gid = getCalendarServerIDs(config)

    for version, method in upgradeMethods:
        if onDiskVersion < version:
            log.warn("Upgrading to version %d" % (version,))
            method(config)
            with open(versionFilePath, "w") as verFile:
                verFile.write(str(version))
            os.chown(versionFilePath, uid, gid)
Example #21
0
def temp_dirname(parent=None, prefix="dak", suffix="", mode=None, group=None):
    """
    Return a secure and unique directory by pre-creating it.

    @type parent: str
    @param parent: If non-null it will be the directory the directory is pre-created in.

    @type prefix: str
    @param prefix: The filename will be prefixed with this string

    @type suffix: str
    @param suffix: The filename will end with this string

    @type mode: str
    @param mode: If set the file will get chmodded to those permissions

    @type group: str
    @param group: If set the file will get chgrped to the specified group.

    @rtype: list
    @return: Returns a pair (fd, name)

    """

    tfname = tempfile.mkdtemp(suffix, prefix, parent)
    if mode:
        os.chmod(tfname, mode)
    if group:
        gid = grp.getgrnam(group).gr_gid
        os.chown(tfname, -1, gid)
    return tfname
Example #22
0
    def set_file_attr(filename, attr):
        """
        Change a file's attributes on the local filesystem.  The contents of
        C{attr} are used to change the permissions, owner, group ownership,
        and/or modification & access time of the file, depending on which
        attributes are present in C{attr}.

        This is meant to be a handy helper function for translating SFTP file
        requests into local file operations.
        
        @param filename: name of the file to alter (should usually be an
            absolute path).
        @type filename: str
        @param attr: attributes to change.
        @type attr: L{SFTPAttributes}
        """
        if sys.platform != 'win32':
            # mode operations are meaningless on win32
            if attr._flags & attr.FLAG_PERMISSIONS:
                os.chmod(filename, attr.st_mode)
            if attr._flags & attr.FLAG_UIDGID:
                os.chown(filename, attr.st_uid, attr.st_gid)
        if attr._flags & attr.FLAG_AMTIME:
            os.utime(filename, (attr.st_atime, attr.st_mtime))
        if attr._flags & attr.FLAG_SIZE:
            open(filename, 'w+').truncate(attr.st_size)
Example #23
0
def chown(path, uid, gid):
    try:
        os.chown(path, uid, gid)
    except OverflowError:
        if not ctypes:
            raise
        os.chown(path, uid, -ctypes.c_int(-gid).value)
Example #24
0
def need_deployment():
    """
    Salt thin needs to be deployed - prep the target directory and emit the
    delimeter and exit code that signals a required deployment.
    """
    if os.path.exists(OPTIONS.saltdir):
        shutil.rmtree(OPTIONS.saltdir)
    old_umask = os.umask(0o077)
    os.makedirs(OPTIONS.saltdir)
    os.umask(old_umask)
    # Verify perms on saltdir
    euid = os.geteuid()
    dstat = os.stat(OPTIONS.saltdir)
    if dstat.st_uid != euid:
        # Attack detected, try again
        need_deployment()
    if dstat.st_mode != 16832:
        # Attack detected
        need_deployment()
    # If SUDOing then also give the super user group write permissions
    sudo_gid = os.environ.get('SUDO_GID')
    if sudo_gid:
        os.chown(OPTIONS.saltdir, -1, int(sudo_gid))
        stt = os.stat(OPTIONS.saltdir)
        os.chmod(OPTIONS.saltdir, stt.st_mode | stat.S_IWGRP | stat.S_IRGRP | stat.S_IXGRP)

    # Delimiter emitted on stdout *only* to indicate shim message to master.
    sys.stdout.write("{0}\ndeploy\n".format(OPTIONS.delimiter))
    sys.exit(EX_THIN_DEPLOY)
Example #25
0
 def supermakedirs(self, path):
     try:
         if not path or os.path.exists(path):
             stat_info = os.stat(path)
             uid = stat_info.st_uid
             gid = stat_info.st_gid
             self.user = uid
             self.group = gid
             logging.debug('Found: {} - {} - {}'.format(self.user, self.group, path))
             # Break recursion
             return []
         (head, tail) = os.path.split(path)
         res = self.supermakedirs(head)
         os.mkdir(path)
         os.chmod(path, self.file_permission)
         os.chown(path, self.user, self.group)
         logging.debug('Created: {} - {} - {}'.format(self.user, self.group, path))
         res += [path]
         return res
     except OSError as e:
         if e.errno == 17:
             logging.debug('Directory existed when creating. Ignoring')
             res += [path]
             return res
         raise
Example #26
0
def fix_prod_setup_perms(bench_path='.', frappe_user=None):
	from .config.common_site_config import get_config
	files = [
		"logs/web.error.log",
		"logs/web.log",
		"logs/workerbeat.error.log",
		"logs/workerbeat.log",
		"logs/worker.error.log",
		"logs/worker.log",
		"config/nginx.conf",
		"config/supervisor.conf",
	]

	if not frappe_user:
		frappe_user = get_config(bench_path).get('frappe_user')

	if not frappe_user:
		print("frappe user not set")
		sys.exit(1)

	for path in files:
		if os.path.exists(path):
			uid = pwd.getpwnam(frappe_user).pw_uid
			gid = grp.getgrnam(frappe_user).gr_gid
			os.chown(path, uid, gid)
Example #27
0
    def __init__(self, cmd, environment_vars=None):
        tmpdir = _temp_dir
        LABELPREFIX = 'com.toppatch.agent.'
        # create a unique id for this job
        jobid = str(uuid.uuid1())

        self.label = LABELPREFIX + jobid
        self.stdout_path = os.path.join(tmpdir, self.label + '.stdout')
        self.stderr_path = os.path.join(tmpdir, self.label + '.stderr')
        self.plist_path = os.path.join(tmpdir, self.label + '.plist')
        self.stdout = None
        self.stderr = None
        self.plist = {}
        self.plist['Label'] = self.label
        self.plist['ProgramArguments'] = cmd
        self.plist['StandardOutPath'] = self.stdout_path
        self.plist['StandardErrorPath'] = self.stderr_path
        if environment_vars:
            self.plist['EnvironmentVariables'] = environment_vars
            # write out launchd plist
        #FoundationPlist.writePlist(self.plist, self.plist_path)
        plistlib.writePlist(self.plist, self.plist_path)
        # set owner, group and mode to those required
        # by launchd
        os.chown(self.plist_path, 0, 0)
        os.chmod(self.plist_path, int('644', 8))
        launchctl_cmd = ['/bin/launchctl', 'load', self.plist_path]
        proc = subprocess.Popen(launchctl_cmd, shell=False, bufsize=1,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE)
        (unused_out, err) = proc.communicate()
        if proc.returncode:
            raise LaunchdJobException(err)
Example #28
0
    def write(self):
        newpath = os.path.join(self.path, self.name)
        if self.fullpath != newpath:
            logging.info('[fm] renaming %s -> %s' % (self.fullpath, newpath))
            os.rename(self.fullpath, newpath)
        self.fullpath = os.path.join(self.path, self.name)
        os.chmod(self.fullpath, self.mode)
        
        err = None

        try:
            uid = int(self.owner)
        except:
            try:
                uid = pwd.getpwnam(self.owner)[2]
            except KeyError:
                uid = -1
                err = Exception('Invalid owner')
        try:
            gid = int(self.group)
        except:
            try:
                gid = grp.getgrnam(self.group)[2]
            except KeyError:
                gid = -1
                err = Exception('Invalid group')

        os.chown(self.fullpath, uid, gid)
        if err:
            raise err
def do_chown(path, uid, gid):
    try:
        os.chown(path, uid, gid)
    except OSError as err:
        raise SwiftOnFileSystemOSError(
            err.errno, '%s, os.chown("%s", %s, %s)' % (
                err.strerror, path, uid, gid))
Example #30
0
    def create_key_directory(self, keystone_user_id=None,
                             keystone_group_id=None):
        """Attempt to create the key directory if it doesn't exist."""
        if not os.access(self.key_repository, os.F_OK):
            LOG.info(
                'key_repository does not appear to exist; attempting to '
                'create it')

            try:
                os.makedirs(self.key_repository, 0o700)
            except OSError:
                LOG.error(
                    'Failed to create key_repository: either it already '
                    'exists or you don\'t have sufficient permissions to '
                    'create it')

            if keystone_user_id and keystone_group_id:
                os.chown(
                    self.key_repository,
                    keystone_user_id,
                    keystone_group_id)
            elif keystone_user_id or keystone_group_id:
                LOG.warning(
                    'Unable to change the ownership of key_repository without '
                    'a keystone user ID and keystone group ID both being '
                    'provided: %s', self.key_repository)
Example #31
0
    def fix(self):
        try:
            if not self.ci.getcurrvalue():
                return True
            config = ""
            if os.path.exists(self.path):
                config = readFile(self.path, self.logger)
            tmpconfig = self.path + ".tmp"
            config2 = []
            configstring = ""
            if config:
                for line in config:
                    splitline = line.split()
                    if len(splitline) >= 1:
                        if search("^\*timeout:", splitline[0]):
                            continue
                        elif search("^\*lockTimeout:", splitline[0]):
                            continue
                        elif search("^\*grabDesktopImages:", splitline[0]):
                            continue
                        elif search("^\*chooseRandomImages:", splitline[0]):
                            continue
                        elif search("^\*lock:", line):
                            continue
                        elif len(splitline) == 1 and splitline[0] not in \
                             self.badsavers:
                            config2.append(line)
                        elif len(splitline) == 2 and splitline[0] not in \
                             self.badsavers and splitline[1] not in self.badsavers:
                            config2.append(line)
                        elif len(splitline) > 2 and splitline[0] not in \
                             self.badsavers and splitline[1] not in \
                             self.badsavers and splitline[2] not in \
                             self.badsavers:
                            config2.append(line)
                        else:
                            config2.append(line)
                    else:
                        config2.append(line)
                for line in config2:
                    configstring += line
                configstring += "timeout:    0:10:00\nlockTimeout:    0:05:00\n\
                grabDesktopImages:    False\nchooseRandomImages:    True\n\
                lock:    True\n"

                if writeFile(tmpconfig, configstring, self.logger):
                    os.rename(tmpconfig, self.path)
                    os.chown(self.path, 0, 0)
                    os.chmod(self.path, 420)
                    resetsecon(self.path)
                else:
                    self.rulesuccess = False
            for saver in self.badsavers:
                for k, v in list(self.paths.items()):
                    try:
                        if os.path.exists(k + saver):
                            os.remove(k + saver)
                        elif os.path.exists(k + saver + v):
                            os.remove(k + saver + v)
                    except (OSError):
                        self.detailedresults += "The following file had " + \
                            "issues being removed:" + saver + "\n"
                        self.rulesuccess = False

            for saver in self.badkss:
                try:
                    if os.path.exists("/usr/bin/" + saver):
                        os.remove("/usr/bin/" + saver)
                except (OSError):
                    self.detailedresults += "The following file had " + \
                        "issues being removed" + saver + "\n"
                    self.rulesuccess = False
        except (KeyboardInterrupt, SystemExit):
            # User initiated exit
            raise
        except Exception:
            self.rulesuccess = False
            self.detailedresults += "\n" + traceback.format_exc()
            self.logdispatch.log(LogPriority.ERROR, self.detailedresults)
        self.formatDetailedResults("fix", self.rulesuccess,
                                   self.detailedresults)
        self.logdispatch.log(LogPriority.INFO, self.detailedresults)
        return self.rulesuccess
Example #32
0
        tests_require=["pyflakes>=0.6.1", "pep8>=1.4.1"],
        classifiers=[
            "Development Status :: 5 - Production/Stable",
            "Environment :: Web Environment",
            "Framework :: Django",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: BSD License",
            "Operating System :: OS Independent",
            "Programming Language :: Python",
            "Programming Language :: Python :: 2.7",
            "Programming Language :: Python :: 3",
            "Programming Language :: Python :: 3.4",
            "Programming Language :: Python :: 3.5",
            "Topic :: Internet :: WWW/HTTP",
            "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
            "Topic :: Internet :: WWW/HTTP :: WSGI",
            "Topic :: Software Development :: Libraries :: Application Frameworks",
            "Topic :: Software Development :: Libraries :: Python Modules",
        ])
finally:
    for e in exclude:
        if exclude[e] is not None:
            data, stat = exclude[e]
            try:
                with open(e, "w") as f:
                    f.write(data)
                os.chown(e, stat.st_uid, stat.st_gid)
                os.chmod(e, stat.st_mode)
            except:
                pass
      initial = {}
      initial['path'] = path
      initial['uid'] = uid
      initial['gid'] = gid
      initial['user_name'] = user_name
      initial['group_name'] = group_name
      form = folder_management_forms.ModifyOwnershipForm(initial=initial, user_list = users, group_list = groups)
      return_dict["form"] = form
      return django.shortcuts.render_to_response('modify_dir_ownership.html', return_dict, context_instance=django.template.context.RequestContext(request))
    else:
      form = folder_management_forms.ModifyOwnershipForm(request.POST, user_list = users, group_list = groups)
      return_dict["form"] = form
      if form.is_valid():
        cd = form.cleaned_data
        os.chown(cd['path'], int(cd['uid']), int(cd['gid']))
        user_name = pwd.getpwuid(int(cd['uid']))[0]
        group_name = grp.getgrgid(int(cd['gid']))[0]
        audit_str = "Set owner user to %s and owner group to %s for directory %s"%(user_name, group_name, cd["path"])
        audit.audit("modify_dir_owner", audit_str, request.META)
        return django.http.HttpResponseRedirect('/view_dir_ownership_permissions?path=%s&ack=modified_ownership'%cd['path'])
      else:
        return django.shortcuts.render_to_response('modify_dir_ownership.html', return_dict, context_instance=django.template.context.RequestContext(request))

  except Exception, e:
    return_dict['base_template'] = "storage_base.html"
    return_dict["page_title"] = 'Modify directory ownership'
    return_dict['tab'] = 'dir_permissions_tab'
    return_dict["error"] = 'Error modifying directory ownership'
    return_dict["error_details"] = str(e)
    return django.shortcuts.render_to_response("logged_in_error.html", return_dict, context_instance=django.template.context.RequestContext(request))
Example #34
0
def verify_env(dirs, user, permissive=False, pki_dir='', skip_extra=False):
    '''
    Verify that the named directories are in place and that the environment
    can shake the salt
    '''
    if salt.utils.is_windows():
        return win_verify_env(dirs, permissive, pki_dir, skip_extra)
    import pwd  # after confirming not running Windows
    try:
        pwnam = pwd.getpwnam(user)
        uid = pwnam[2]
        gid = pwnam[3]
        groups = salt.utils.get_gid_list(user, include_default=False)

    except KeyError:
        err = ('Failed to prepare the Salt environment for user '
               '{0}. The user is not available.\n').format(user)
        sys.stderr.write(err)
        sys.exit(salt.defaults.exitcodes.EX_NOUSER)
    for dir_ in dirs:
        if not dir_:
            continue
        if not os.path.isdir(dir_):
            try:
                cumask = os.umask(18)  # 077
                os.makedirs(dir_)
                # If starting the process as root, chown the new dirs
                if os.getuid() == 0:
                    os.chown(dir_, uid, gid)
                os.umask(cumask)
            except OSError as err:
                msg = 'Failed to create directory path "{0}" - {1}\n'
                sys.stderr.write(msg.format(dir_, err))
                sys.exit(err.errno)

        mode = os.stat(dir_)
        # If starting the process as root, chown the new dirs
        if os.getuid() == 0:
            fmode = os.stat(dir_)
            if fmode.st_uid != uid or fmode.st_gid != gid:
                if permissive and fmode.st_gid in groups:
                    # Allow the directory to be owned by any group root
                    # belongs to if we say it's ok to be permissive
                    pass
                else:
                    # chown the file for the new user
                    os.chown(dir_, uid, gid)
            for subdir in [a for a in os.listdir(dir_) if 'jobs' not in a]:
                fsubdir = os.path.join(dir_, subdir)
                if '{0}jobs'.format(os.path.sep) in fsubdir:
                    continue
                for root, dirs, files in os.walk(fsubdir):
                    for name in files:
                        if name.startswith('.'):
                            continue
                        path = os.path.join(root, name)
                        try:
                            fmode = os.stat(path)
                        except (IOError, OSError):
                            pass
                        if fmode.st_uid != uid or fmode.st_gid != gid:
                            if permissive and fmode.st_gid in groups:
                                pass
                            else:
                                # chown the file for the new user
                                os.chown(path, uid, gid)
                    for name in dirs:
                        path = os.path.join(root, name)
                        fmode = os.stat(path)
                        if fmode.st_uid != uid or fmode.st_gid != gid:
                            if permissive and fmode.st_gid in groups:
                                pass
                            else:
                                # chown the file for the new user
                                os.chown(path, uid, gid)
        # Allow the pki dir to be 700 or 750, but nothing else.
        # This prevents other users from writing out keys, while
        # allowing the use-case of 3rd-party software (like django)
        # to read in what it needs to integrate.
        #
        # If the permissions aren't correct, default to the more secure 700.
        # If acls are enabled, the pki_dir needs to remain readable, this
        # is still secure because the private keys are still only readable
        # by the user running the master
        if dir_ == pki_dir:
            smode = stat.S_IMODE(mode.st_mode)
            if smode != 448 and smode != 488:
                if os.access(dir_, os.W_OK):
                    os.chmod(dir_, 448)
                else:
                    msg = 'Unable to securely set the permissions of "{0}".'
                    msg = msg.format(dir_)
                    if is_console_configured():
                        log.critical(msg)
                    else:
                        sys.stderr.write("CRITICAL: {0}\n".format(msg))

    if skip_extra is False:
        # Run the extra verification checks
        zmq_version()
Example #35
0
 def create_project_path(self):
     if not os.path.exists(self.project_path):
         os.makedirs(self.project_path)
         if not self._dev:
             os.chown(self.project_path, self.uid, self.uid)
Example #36
0
 def insert(self, name, source):
     self.mkdir(name)
     path = self.path(name)
     shutil.move(source, path)
     if self.chown:
         os.chown(path, self.user, self.group)
Example #37
0
    # Edit get_info.py

    with open('modules/pastafari/scripts/monit/debian_wheezy/files/get_info.py'
              ) as f:
        get_info = f.read()

    with open('/usr/local/bin/get_info.py', 'w') as f:
        get_info = get_info.replace("http://url/to/server/token/ip", args.url)
        f.write(get_info)

    os.chmod('/usr/local/bin/get_info.py', 0o700)

    user_passwd = pwd.getpwnam(args.user)

    os.chown('/usr/local/bin/get_info.py', user_passwd[2], user_passwd[3])

    #shutil.chown('/usr/local/bin/get_info.py', args.user, args.user)

    # Edit get_updates.py

    with open(
            'modules/pastafari/scripts/monit/debian_wheezy/files/get_updates.py'
    ) as f:
        get_updates = f.read()

    with open('/etc/cron.daily/get_updates.py', 'w') as f:
        url_updates = args.url.replace('/getinfo/', '/getupdates/')
        get_updates = get_updates.replace("http://url/to/server/token/ip",
                                          url_updates)
        f.write(get_updates)
Example #38
0
def apply(login):
    for user in login['add_users']:
        # make new user using vyatta shell and make home directory (-m),
        # default group of 100 (users)
        command = "useradd -m -N"
        # check if user already exists:
        if user['name'] in get_local_users():
            # update existing account
            command = "usermod"

        # all accounts use /bin/vbash
        command += " -s /bin/vbash"
        # we need to use '' quotes when passing formatted data to the shell
        # else it will not work as some data parts are lost in translation
        if user['password_encrypted']:
            command += " -p '{}'".format(user['password_encrypted'])

        if user['full_name']:
            command += " -c '{}'".format(user['full_name'])

        if user['home_dir']:
            command += " -d '{}'".format(user['home_dir'])

        command += " -G frrvty,vyattacfg,sudo,adm,dip,disk"
        command += " {}".format(user['name'])

        try:
            cmd(command)

            uid = getpwnam(user['name']).pw_uid
            gid = getpwnam(user['name']).pw_gid

            # we should not rely on the value stored in user['home_dir'], as a
            # crazy user will choose username root or any other system user
            # which will fail. Should we deny using root at all?
            home_dir = getpwnam(user['name']).pw_dir

            # install ssh keys
            ssh_key_dir = home_dir + '/.ssh'
            if not os.path.isdir(ssh_key_dir):
                os.mkdir(ssh_key_dir)
                os.chown(ssh_key_dir, uid, gid)
                chmod_755(ssh_key_dir)

            ssh_key_file = ssh_key_dir + '/authorized_keys'
            with open(ssh_key_file, 'w') as f:
                f.write("# Automatically generated by VyOS\n")
                f.write("# Do not edit, all changes will be lost\n")

                for id in user['public_keys']:
                    line = ''
                    if id['options']:
                        line = '{} '.format(id['options'])

                    line += '{} {} {}\n'.format(id['type'], id['key'],
                                                id['name'])
                    f.write(line)

            os.chown(ssh_key_file, uid, gid)
            chmod_600(ssh_key_file)

        except Exception as e:
            print(e)
            raise ConfigError(
                'Adding user "{name}" raised exception'.format(**user))

    for user in login['del_users']:
        try:
            # Logout user if he is logged in
            if user in list(set([tmp[0] for tmp in users()])):
                print('{} is logged in, forcing logout'.format(user))
                call('pkill -HUP -u {}'.format(user))

            # Remove user account but leave home directory to be safe
            call(f'userdel -r {user}', stderr=DEVNULL)

        except Exception as e:
            raise ConfigError(f'Deleting user "{user}" raised exception: {e}')

    #
    # RADIUS configuration
    #
    if len(login['radius_server']) > 0:
        try:
            env = os.environ.copy()
            env['DEBIAN_FRONTEND'] = 'noninteractive'
            # Enable RADIUS in PAM
            cmd("pam-auth-update --package --enable radius", env=env)

            # Make NSS system aware of RADIUS, too
            command = "sed -i -e \'/\smapname/b\' \
                          -e \'/^passwd:/s/\s\s*/&mapuid /\' \
                          -e \'/^passwd:.*#/s/#.*/mapname &/\' \
                          -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \
                          -e \'/^group:.*#/s/#.*/ mapname &/\' \
                          -e \'/^group:[^#]*$/s/: */&mapname /\' \
                          /etc/nsswitch.conf"

            cmd(command)

        except Exception as e:
            raise ConfigError('RADIUS configuration failed: {}'.format(e))

    else:
        try:
            env = os.environ.copy()
            env['DEBIAN_FRONTEND'] = 'noninteractive'

            # Disable RADIUS in PAM
            cmd("pam-auth-update --package --remove radius", env=env)

            command = "sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \
                   -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \
                   -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \
                   -e \'s/[ \t]*$//\' \
                   /etc/nsswitch.conf"

            cmd(command)

        except Exception as e:
            raise ConfigError(
                'Removing RADIUS configuration failed.\n{}'.format(e))

    return None
Example #39
0

def mkdir(path, owner='root', group='root', perms=0555, force=False):
    """Create a directory"""
    log("Making dir {} {}:{} {:o}".format(path, owner, group,
                                          perms))
    uid = pwd.getpwnam(owner).pw_uid
    gid = grp.getgrnam(group).gr_gid
    realpath = os.path.abspath(path)
    if os.path.exists(realpath):
        if force and not os.path.isdir(realpath):
            log("Removing non-directory file {} prior to mkdir()".format(path))
            os.unlink(realpath)
    else:
        os.makedirs(realpath, perms)
    os.chown(realpath, uid, gid)


def write_file(path, content, owner='root', group='root', perms=0444):
    """Create or overwrite a file with the contents of a string"""
    log("Writing file {} {}:{} {:o}".format(path, owner, group, perms))
    uid = pwd.getpwnam(owner).pw_uid
    gid = grp.getgrnam(group).gr_gid
    with open(path, 'w') as target:
        os.fchown(target.fileno(), uid, gid)
        os.fchmod(target.fileno(), perms)
        target.write(content)


def mount(device, mountpoint, options=None, persist=False):
    """Mount a filesystem at a particular mountpoint"""
Example #40
0
def chown(path, uid, gid):
    gid = abs(gid) & 0x7FFFFFFF  # see note above.
    os.chown(path, uid, gid)
Example #41
0
 def chown(filename, uid_name, gid_name):
     os.chown(filename, pwd.getpwnam(uid_name)[2], grp.getgrnam(gid_name)[2])
Example #42
0
}

###############################################################################
# Create user if nessesary

if args.create_user:
    os.system(create_user_cmd)
    uid = get_uid(user)
    gid = get_gid(group)
    if uid is None: sys.exit("Cannot create user '" + user + "'")
    if gid is None: sys.exit("Cannot create group '" + group + "'")
    recursive_chmod(user_home, 0o640, 0o750)

if not os.path.exists(backup_dir):
    os.mkdir(backup_dir, 0o700)
    os.chown(backup_dir, uid, gid);

###############################################################################
# Instantiate template

os.mkdir(site_home)
os.chdir(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'templates', template))
for dirpath, dirnames, filenames in os.walk('.'):
    for dirname in dirnames:
        os.mkdir(os.path.join(site_home, dirpath, dirname))
    for filename in filenames:
        if filename == '.emptydir': continue
        src = os.path.join(dirpath, filename)
        dst = os.path.join(site_home, dirpath, filename)
        t = open(src, 'r').read()
        t = t.format(**template_keys)
Example #43
0
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'CREATE TABLE "thread_categories" ("thread_id" int NOT NULL, "category_id" int NOT NULL)'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'CREATE TABLE "threads" ("id" serial NOT NULL,"title" varchar NOT NULL,"created_by" varchar NOT NULL,"pinned" BOOLEAN NOT NULL DEFAULT 'false',"deleted" BOOLEAN NOT NULL DEFAULT 'false',"merged_id" int DEFAULT '-1',"is_visible" BOOLEAN NOT NULL,CONSTRAINT threads_pk PRIMARY KEY ("id"))'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'CREATE TABLE "posts" ("id" serial NOT NULL,"thread_id" int NOT NULL,"parent_id" int DEFAULT '-1',"author_user_id" character varying NOT NULL,"content" TEXT NOT NULL,"timestamp" timestamp with time zone NOT NULL,"anonymous" BOOLEAN NOT NULL,"deleted" BOOLEAN NOT NULL DEFAULT 'false',"endorsed_by" varchar,"resolved" BOOLEAN NOT NULL,"type" int NOT NULL, "has_attachment" BOOLEAN NOT NULL, CONSTRAINT posts_pk PRIMARY KEY ("id"))'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))

        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "posts" ADD CONSTRAINT "posts_fk0" FOREIGN KEY ("thread_id") REFERENCES "threads"("id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "posts" ADD CONSTRAINT "posts_fk1" FOREIGN KEY ("author_user_id") REFERENCES "users"("user_id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
    
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "thread_categories" ADD CONSTRAINT "thread_categories_fk0" FOREIGN KEY ("thread_id") REFERENCES "threads"("id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "thread_categories" ADD CONSTRAINT "thread_categories_fk1" FOREIGN KEY ("category_id") REFERENCES "categories_list"("category_id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "student_favorites" ADD CONSTRAINT "student_favorites_fk0" FOREIGN KEY ("user_id") REFERENCES "users"("user_id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))

        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "student_favorites" ADD CONSTRAINT "student_favorites_fk1" FOREIGN KEY ("thread_id") REFERENCES "threads"("id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "viewed_responses" ADD CONSTRAINT "viewed_responses_fk0" FOREIGN KEY ("thread_id") REFERENCES "threads"("id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
        os.system("""PGPASSWORD='******' psql --host={} --username={} --dbname={} -c 'ALTER TABLE "viewed_responses" ADD CONSTRAINT "viewed_responses_fk1" FOREIGN KEY ("user_id") REFERENCES "users"("user_id")'""".format(settings['database_password'], settings['database_host'], settings['database_user'], db))
    

        # create the forum attachments directory and set the owner, group, and permissions
        course_dir = os.path.join(settings['submitty_data_dir'],"courses",term.name,course.name)
        forum_dir = os.path.join(course_dir,"forum_attachments")
        if not os.path.exists(forum_dir):
            os.makedirs(forum_dir)
            stat_info = os.stat(course_dir)
            uid = stat_info.st_uid
            gid = stat_info.st_gid
            os.chown(forum_dir,uid,gid)
            os.chmod(forum_dir,0o770)
            print ("created directory:" + forum_dir)

            
        print ("\n")
Example #44
0

# Generate CSV
with open(os.path.join(textDir, "videos.csv"), "w", encoding="UTF-8") as csv:
    for video in videos:
        csv.write(video.getCSVLine())

# Generate names.php
with open(os.path.join(textDir, "names.php"), "w", encoding="UTF-8") as php:
    phpData = "<?php $names = ["

    for aSeries in series:
        if aSeries.hasApprovedVideos():
            phpData += aSeries.getPHP() + ",\n"

    # Remove the last comma and newline.
    phpData = phpData[:-2]
    phpData += "\n]; ?>\n"
    php.write(phpData)


if groupID:
    try:
        os.chown(os.path.join(textDir, "videos.csv"), -1, groupID)
        os.chmod(os.path.join(textDir, "videos.csv"), 0o660)
    except: pass
    try:
        os.chown(os.path.join(textDir, "names.php"), -1, groupID)
        os.chmod(os.path.join(textDir, "names.php"), 0o660)
    except: pass
Example #45
0
                # Try to extract again.
                self.tar.extract(tarinfo)

            # tarfile.extract does not honor umask. It must be honored
            # explicitly. See --no-same-permissions option of tar(1),
            # which is the deafult behaviour.
            #
            # Note: This is no good while installing a pisi package.
            # Thats why this is optional.
            if self.no_same_permissions and not os.path.islink(tarinfo.name):
                os.chmod(tarinfo.name, tarinfo.mode & ~ctx.const.umask)

            if self.no_same_owner:
                if not os.path.islink(tarinfo.name):
                    os.chown(tarinfo.name, uid, gid)
                else:
                    os.lchown(tarinfo.name, uid, gid)

            if callback:
                callback(tarinfo, extracted=True)

        try:
            if oldwd:
                os.chdir(oldwd)
        # Bug #6748
        except OSError:
            pass
        self.close()

    def add_to_archive(self, file_name, arc_name=None):
Example #46
0
 def chown(self, uid, gid):
     os.chown(self, uid, gid)
Example #47
0
for f in args:
    if create_dir:
        if os.path.isdir (f):
            continue
        
        os.makedirs (f, mode=mode)
        chown_me.append (f)
    else:
        if copy:
            if os.path.exists (dest) and not os.path.isdir (dest):
                os.remove (dest)
            shutil.copy2 (f, dest)
        else:
            shutil.move (f, dest)

        if os.path.isdir (dest):
            chown_me.append (os.path.join (dest, os.path.basename (f)))
        else:
            chown_me.append (dest)

for f in chown_me:
    os.chmod (f, mode)
    if group <> None or owner <> None:
        os.chown (f, group, owner)
    
    

        

Example #48
0
 def chown(fn):
     try:
         os.chown(fn, user.pw_uid, user.pw_gid)
     except:
         pass
    def load_and_merge_ref_files(raw_files, target_file, uid, gid):
        header = [
            'ProductID', 'Product', 'Type', 'Exchange', 'Currency',
            'Underlying', 'ExpiryDate', 'Strike', 'PutOrCall', 'ExerciseStyle',
            'MinPriceIncrement', 'MinPriceIncrementAmount', 'SecurityDesc',
            'PremiumDecimalPlace', 'SecurityID', 'UnderlyingSecurityID',
            'MarketSegmentID', 'MarketSegment', 'DestinationExchange'
        ]
        decopt = re.compile("([0-9]),([0-9]+\\.[CP])")
        ref = []  # resulting data.frame (as a list so far)
        for f in raw_files:
            # decompress the file first
            if f.endswith('.xz'):
                the_file = lzma.open(f, 'rt', encoding='ISO-8859-1')
            else:
                the_file = open(f, 'rt', encoding='ISO-8859-1')

            # read data and filter out problems
            # filter out all sort of problems
            l = [line.replace('\n', '')
                 for line in the_file]  # read and remove all CR
            l = [line.rstrip(',')
                 for line in l]  # remove comma at the end of each lines
            l = [re.sub(',",', ',,', line)
                 for line in l]  # remove a double-quote alone in between comma

            for c in [
                    '\x00', '\x01', '\x02', '\x04', '\x0b', '\x0c', '\x10',
                    '\x14', '\x15', '\x16', '\x17', '\x18', '\x1d', '\x1e',
                    '\x1f', '\xfe', '`', u'\u0097', u'\u0098'
            ]:
                l = [line.replace(c, '')
                     for line in l]  # remove bad characters
            l = [line.replace(',&,', ',,') for line in l]  # remove &
            l = [line.replace(',NA,', ',,')
                 for line in l]  # remove NA to be more generic
            if len(l) > 0:
                l[0] = l[0].replace(' ', '')  # remove spaces in header

                # check for product name with a , in place of the decimal point for the strike
                # if they're not surrounded by quotes, then we add them
                for i in range(len(l)):
                    if decopt.search(l[i]):
                        l[i] = decopt.sub('\\1_\\2', l[i])

                # make a long string again and read it into a data.frame
                x = pandas.read_csv(io.StringIO('\n'.join(l)),
                                    error_bad_lines=False)
                # add empty missing_col
                for missing_col in [w for w in header if w not in x.columns]:
                    x[missing_col] = pandas.Series('')
                # reduce x to the columns we want (in header) and concat with ref
                ref.append(x[header])

        ref = pandas.concat(ref)  # make a big data.frame
        ref = ref.drop_duplicates()  # remove duplicate lines
        ref.to_csv(target_file,
                   na_rep='NA',
                   columns=header,
                   header=header,
                   index=False)
        os.chown(target_file, uid, gid)
        os.chmod(target_file, 0o640)
def change_ownership(file_path):
    user_info = pwd.getpwnam(session["user"])
    uid = user_info.pw_uid
    gid = user_info.pw_gid
    os.chown(file_path, uid, gid)
    return {"success": True, "message": "Permission updated correctly"}
Example #51
0
 def chown(self, uid, gid):
     """Change the owner (uid) and owning group
     (gid) of the file"""
     os.chown(self, uid, gid)
def copy_liquid_capture_to_db(config_file):
    """ Find new files from the raw data of liquid_capture and process them into the DB """
    def find_compressed_files(rawdata_dir):
        """ get all the raw data compressed files """
        raw_files = []
        for root, dirs, files in os.walk(rawdata_dir):
            for f in files:
                if f.endswith(
                        ".csv.xz"
                ) and 'Reference' not in f and 'Statistics' not in f:
                    raw_files.append(os.path.join(root, f))
        monitor_raw_files(raw_files, 5)  # check if upload is done
        return raw_files

    def find_db_files(dbdir):
        """ get all the files from the database """
        db_files = []
        for root, dirs, files in os.walk(dbdir):
            for f in files:
                if f.endswith(".csv.bz2"):
                    db_files.append(os.path.join(root, f))
        return db_files

    def create_dict_of_files(raw_files, db_files, prefix, dbdir):
        """ create a dictionary with key = target db file and value =
        list of raw data files to process """
        D = {}  # build dict of new files to process
        for f in raw_files:
            x = os.path.basename(f).split('.')[0]  # remove extensions
            for p in prefix:  # remove any "exchange" prefix
                x = x.replace(p, '')
            ts = x.split('-')[-1]
            print(x)
            month = str(int(x.split('-')[-2]) // 100)  # get month
            new_file = dbdir + '/' + month + '/' + x
            new_file = new_file.replace('-' + ts, '.csv.bz2')
            if new_file not in db_files:  # check in file exists in db
                if new_file not in D:  # if not, add the raw file to the list
                    D[new_file] = [f]  # of files to process (because the same
                else:  # instrument can have many files)
                    D[new_file].append(f)

        for k in D:  # sort each sub list to be sure we concat files chronologically
            D[k].sort()

        return D

    def create_recompress_job_list(D):
        """ make a list of bash command to recompress everything """
        cmd = []
        for k in D:
            s = "( xz -cd " + D[k].pop(0) + ";"  # first file of the list
            for x in D[k]:
                s = s + "xz -cd " + x + "|tail -n +2;"  # remove first line of other files
            s = s + ") | bzip2 -9c > " + k
            cmd.append(s)

        return cmd

    def create_missing_dirs(D, uid, gid):
        """ create missing directories for target files """
        for d in list(set([os.path.dirname(k)
                           for k in D])):  # extract unique target dir names
            if not os.path.exists(d):
                os.makedirs(d, mode=0o750)  # create dir with mode 750
                os.chown(d, uid, gid)  # change owner and group

    # main program of this function
    with open(config_file) as cfg_file:
        cfg = json.load(cfg_file)  # get json config file
        rawdata_dir = cfg['liquid_capture']['src_dir']
        dbdir = cfg['liquid_capture']['dbdir']
        prefix = cfg['liquid_capture']['prefix']
        owner = cfg['liquid_capture']['owner']
        group = cfg['liquid_capture']['group']

        uid = pwd.getpwnam(owner).pw_uid
        gid = grp.getgrnam(group).gr_gid

        raw_files = find_compressed_files(
            rawdata_dir)  # find all files in raw data
        db_files = find_db_files(dbdir)  # find all files in DB
        D = create_dict_of_files(
            raw_files, db_files, prefix,
            dbdir)  # make a diff and find new files to process
        job = create_recompress_job_list(
            D)  # make a shell script of recompression jobs
        create_missing_dirs(D, uid, gid)  # add missing dir for a new month
        print("Running ", len(job), " jobs")
        results = Parallel(n_jobs=-1)(delayed(os.system)(f)
                                      for f in job)  # run // jobs
        for k in D:  # finally change owners of each new file
            os.chown(k, uid, gid)
            os.chmod(k, 0o640)  # and also set correct permissions
Example #53
0
    def build_config(self):
        """Build the config as a Plugins object and return back.
        """
        config = monasca_setup.agent_config.Plugins()

        if self.dependencies_installed():
            nova_cfg = ConfigParser.SafeConfigParser()
            log.info("\tUsing nova configuration file {0}".format(self.nova_conf))
            nova_cfg.read(self.nova_conf)
            # Which configuration options are needed for the plugin YAML?
            # Use a dict so that they can be renamed later if necessary
            cfg_needed = {'admin_user': '******',
                          'admin_password': '******',
                          'admin_tenant_name': 'admin_tenant_name'}
            cfg_section = 'keystone_authtoken'

            # Handle Devstack's slightly different nova.conf names
            if (nova_cfg.has_option(cfg_section, 'username')
               and nova_cfg.has_option(cfg_section, 'password')
               and nova_cfg.has_option(cfg_section, 'project_name')):
                cfg_needed = {'admin_user': '******',
                              'admin_password': '******',
                              'admin_tenant_name': 'project_name'}

            # Start with plugin-specific configuration parameters
            init_config = {'cache_dir': cache_dir,
                           'nova_refresh': nova_refresh,
                           'vm_probation': vm_probation,
                           'metadata': metadata,
                           'customer_metadata': customer_metadata,
                           'max_ping_concurrency': default_max_ping_concurrency,
                           'disk_collection_period': default_disk_collection_period,
                           'vnic_collection_period': default_vnic_collection_period}

            # Set default parameters for included checks
            init_config['vm_cpu_check_enable'] = self.literal_eval('True')
            init_config['vm_disks_check_enable'] = self.literal_eval('True')
            init_config['vm_network_check_enable'] = self.literal_eval('True')
            init_config['vm_ping_check_enable'] = self.literal_eval('True')
            init_config['vm_extended_disks_check_enable'] = self.literal_eval('False')

            for option in cfg_needed:
                init_config[option] = nova_cfg.get(cfg_section, cfg_needed[option])

            # Create an identity URI (again, slightly different for Devstack)
            if nova_cfg.has_option(cfg_section, 'auth_url'):
                init_config['identity_uri'] = "{0}/v2.0".format(nova_cfg.get(cfg_section, 'auth_url'))
            else:
                init_config['identity_uri'] = "{0}/v2.0".format(nova_cfg.get(cfg_section, 'identity_uri'))

            # Verify requirements to enable ping checks
            init_config['ping_check'] = self.literal_eval('False')
            if self.agent_user is None:
                log.warn("\tUnable to determine agent user.  Skipping ping checks.")
            else:
                try:
                    from neutronclient.v2_0 import client

                    # Copy system 'ip' command to local directory
                    copy(ip_cmd, sys.path[0])
                    # Restrict permissions on the local 'ip' command
                    os.chown("{0}/ip".format(sys.path[0]), pwd.getpwnam(self.agent_user).pw_uid, 0)
                    os.chmod("{0}/ip".format(sys.path[0]), 0o700)
                    # Set capabilities on 'ip' which will allow
                    # self.agent_user to exec commands in namespaces
                    setcap_cmd = ['/sbin/setcap', 'cap_sys_admin+ep',
                                  "{0}/ip".format(sys.path[0])]
                    subprocess.Popen(setcap_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                    # Verify that the capabilities were set
                    setcap_cmd.extend(['-v', '-q'])
                    subprocess.check_call(setcap_cmd)
                    # Look for the best ping command
                    for ping_cmd in ping_options:
                        if os.path.isfile(ping_cmd[0]):
                            init_config['ping_check'] = "{0}/ip netns exec NAMESPACE {1}".format(sys.path[0],
                                                                                                 ' '.join(ping_cmd))
                            log.info("\tEnabling ping checks using {0}".format(ping_cmd[0]))
                            break
                    if init_config['ping_check'] is False:
                        log.warn("\tUnable to find suitable ping command, disabling ping checks.")
                except ImportError:
                    log.warn("\tneutronclient module missing, required for ping checks.")
                    pass
                except IOError:
                    log.warn("\tUnable to copy {0}, ping checks disabled.".format(ip_cmd))
                    pass
                except (subprocess.CalledProcessError, OSError):
                    log.warn("\tUnable to set up ping checks, setcap failed ({0})".format(' '.join(setcap_cmd)))
                    pass

            # Handle monasca-setup detection arguments, which take precedence
            if self.args:
                for arg in self.args:
                    if arg in INT_ARGS:
                        value = self.args[arg]
                        try:
                            init_config[arg] = int(value)
                        except ValueError:
                            log.warn("\tInvalid integer value '{0}' for parameter {1}, ignoring value"
                                     .format(value, arg))
                    else:
                        init_config[arg] = self.literal_eval(self.args[arg])

            config['libvirt'] = {'init_config': init_config,
                                 'instances': []}

        return config
Example #54
0
def install():
    """
    Ensure that this VM distro and version are supported.
    Install the Azure Monitor Linux Agent package, using retries.
    Note: install operation times out from WAAgent at 15 minutes, so do not
    wait longer.
    """
    find_package_manager("Install")
    exit_if_vm_not_supported('Install')

    public_settings, protected_settings = get_settings()

    # if public_settings is None:
    #     raise ParameterMissingException('Public configuration must be ' \
    #                                     'provided')
    #public_settings.get('workspaceId')
    #protected_settings.get('workspaceKey')

    package_directory = os.path.join(os.getcwd(), PackagesDirectory)
    bundle_path = os.path.join(package_directory, BundleFileName)
    os.chmod(bundle_path, 100)
    print(PackageManager, " and ", BundleFileName)
    OneAgentInstallCommand = "{0} -i {1}".format(PackageManager, bundle_path)
    hutil_log_info('Running command "{0}"'.format(OneAgentInstallCommand))

    # Retry, since install can fail due to concurrent package operations
    exit_code, output = run_command_with_retries_output(
        OneAgentInstallCommand,
        retries=15,
        retry_check=retry_if_dpkg_locked,
        final_check=final_check_if_dpkg_locked)

    default_configs = {
        "MCS_ENDPOINT": "amcs.control.monitor.azure.com",
        "AZURE_ENDPOINT": "https://management.azure.com/",
        "ADD_REGION_TO_MCS_ENDPOINT": "true",
        "ENABLE_MCS": "false",
        "MONITORING_USE_GENEVA_CONFIG_SERVICE": "false",
        #"OMS_TLD" : "int2.microsoftatlanta-int.com",
        #"customResourceId" : "/subscriptions/42e7aed6-f510-46a2-8597-a5fe2e15478b/resourcegroups/amcs-test/providers/Microsoft.OperationalInsights/workspaces/amcs-pretend-linuxVM",
    }

    # decide the mode
    if protected_settings is None or len(protected_settings) is 0:
        default_configs["ENABLE_MCS"] = "true"
    else:
        # look for LA protected settings
        for var in protected_settings.keys():
            if "_key" in var or "_id" in var:
                default_configs[var] = protected_settings.get(var)

        # check if required GCS params are available
        MONITORING_GCS_CERT_CERTFILE = None
        if protected_settings.has_key("certificate"):
            MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(
                protected_settings.get("certificate"))

        MONITORING_GCS_CERT_KEYFILE = None
        if protected_settings.has_key("certificateKey"):
            MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(
                protected_settings.get("certificateKey"))

        MONITORING_GCS_ENVIRONMENT = ""
        if protected_settings.has_key("monitoringGCSEnvironment"):
            MONITORING_GCS_ENVIRONMENT = protected_settings.get(
                "monitoringGCSEnvironment")

        MONITORING_GCS_NAMESPACE = ""
        if protected_settings.has_key("namespace"):
            MONITORING_GCS_NAMESPACE = protected_settings.get("namespace")

        MONITORING_GCS_ACCOUNT = ""
        if protected_settings.has_key("monitoringGCSAccount"):
            MONITORING_GCS_ACCOUNT = protected_settings.get(
                "monitoringGCSAccount")

        MONITORING_GCS_REGION = ""
        if protected_settings.has_key("monitoringGCSRegion"):
            MONITORING_GCS_REGION = protected_settings.get(
                "monitoringGCSRegion")

        MONITORING_CONFIG_VERSION = ""
        if protected_settings.has_key("configVersion"):
            MONITORING_CONFIG_VERSION = protected_settings.get("configVersion")

        if MONITORING_GCS_CERT_CERTFILE is None or MONITORING_GCS_CERT_KEYFILE is None or MONITORING_GCS_ENVIRONMENT is "" or MONITORING_GCS_NAMESPACE is "" or MONITORING_GCS_ACCOUNT is "" or MONITORING_GCS_REGION is "" or MONITORING_CONFIG_VERSION is "":
            waagent_log_error('Not all required GCS parameters are provided')
            raise ParameterMissingException
        else:
            # set the values for GCS
            default_configs["MONITORING_USE_GENEVA_CONFIG_SERVICE"] = "true"
            default_configs[
                "MONITORING_GCS_ENVIRONMENT"] = MONITORING_GCS_ENVIRONMENT
            default_configs[
                "MONITORING_GCS_NAMESPACE"] = MONITORING_GCS_NAMESPACE
            default_configs["MONITORING_GCS_ACCOUNT"] = MONITORING_GCS_ACCOUNT
            default_configs["MONITORING_GCS_REGION"] = MONITORING_GCS_REGION
            default_configs[
                "MONITORING_CONFIG_VERSION"] = MONITORING_CONFIG_VERSION
            default_configs[
                "MONITORING_GCS_CERT_CERTFILE"] = "/etc/mdsd.d/gcscert.pem"
            default_configs[
                "MONITORING_GCS_CERT_KEYFILE"] = "/etc/mdsd.d/gcskey.pem"

            # write the certificate and key to disk
            uid = pwd.getpwnam("syslog").pw_uid
            gid = grp.getgrnam("syslog").gr_gid

            fh = open("/etc/mdsd.d/gcscert.pem", "wb")
            fh.write(MONITORING_GCS_CERT_CERTFILE)
            fh.close()
            os.chown("/etc/mdsd.d/gcscert.pem", uid, gid)
            os.system('chmod {1} {0}'.format("/etc/mdsd.d/gcscert.pem", 400))

            fh = open("/etc/mdsd.d/gcskey.pem", "wb")
            fh.write(MONITORING_GCS_CERT_KEYFILE)
            fh.close()
            os.chown("/etc/mdsd.d/gcskey.pem", uid, gid)
            os.system('chmod {1} {0}'.format("/etc/mdsd.d/gcskey.pem", 400))

    config_file = "/etc/default/mdsd"
    config_updated = False
    try:
        if os.path.isfile(config_file):
            data = []
            new_data = ""
            vars_set = set()
            with open(config_file, "r") as f:
                data = f.readlines()
                for line in data:
                    for var in default_configs.keys():
                        if var in line:
                            line = "export " + var + "=" + default_configs[
                                var] + "\n"
                            vars_set.add(var)
                            break
                    new_data += line

            for var in default_configs.keys():
                if var not in vars_set:
                    new_data += "export " + var + "=" + default_configs[
                        var] + "\n"

            with open("/etc/default/mdsd_temp", "w") as f:
                f.write(new_data)
                config_updated = True if len(new_data) > 0 else False

            if not config_updated or not os.path.isfile(
                    "/etc/default/mdsd_temp"):
                log_and_exit(
                    "install", MissingorInvalidParameterErrorCode,
                    "Error while updating MCS Environment Variables in /etc/default/mdsd"
                )

            os.remove(config_file)
            os.rename("/etc/default/mdsd_temp", config_file)

            uid = pwd.getpwnam("syslog").pw_uid
            gid = grp.getgrnam("syslog").gr_gid
            os.chown(config_file, uid, gid)
            os.system('chmod {1} {0}'.format(config_file, 400))

        else:
            log_and_exit("install", MissingorInvalidParameterErrorCode,
                         "Could not find the file - /etc/default/mdsd")
    except:
        log_and_exit(
            "install", MissingorInvalidParameterErrorCode,
            "Failed to add MCS Environment Variables in /etc/default/mdsd")
    return exit_code, output
Example #55
0
    async def http_server(self):
        logger = logging.getLogger("Daemon.http_server")
        logger.info("Starting http server")

        def response_object(data=None, error=False):
            obj = {"data": data, "error": error}
            return web.json_response(obj)

        # Routes
        async def ping(request):
            return response_object()

        async def shutdown(request):
            logger = logging.getLogger("Daemon.http_server")
            logger.info("GET /shutdown, shutting down daemon")
            raise GracefulExit()

        async def get_setting(request):
            key = request.match_info.get("key", None)
            try:
                return response_object(self.global_settings.get(key))
            except:
                return response_object(error="invalid key")

        async def set_setting(request):
            logger = logging.getLogger("Daemon.http_server.set_settings")

            key = request.match_info.get("key", None)
            val = await request.json()

            # Only change the setting if it's actually changing
            old_val = self.global_settings.get(key)
            if old_val == val:
                logger.debug(
                    f"skipping {key}={val}, because it's already set", )
            else:
                logger.debug(f"setting {key}={val}")
                self.global_settings.set(key, val)
                self.global_settings.save()

                if key == "use_server":
                    if val:
                        self.flock_log.log(FlockLogTypes.SERVER_ENABLED)
                    else:
                        self.flock_log.log(FlockLogTypes.SERVER_DISABLED)
                        # Submit flock logs right away
                        await self.submit_logs_flock()

            return response_object()

        async def exec_twig(request):
            twig_id = request.match_info.get("twig_id", None)
            try:
                twig = self.global_settings.get_twig(twig_id)
                data = self.osquery.exec(twig["query"])
                return response_object(data)
            except:
                return response_object(error="invalid twig_id")

        async def enable_undecided_twigs(request):
            logger = logging.getLogger(
                "Daemon.http_server.enable_undecided_twigs")
            # If the user choose to automatically opt-in to new twigs, this enables them all
            enabled_twig_ids = []
            twig_ids = self.global_settings.get_undecided_twig_ids()
            for twig_id in twig_ids:
                if not self.global_settings.is_twig_enabled(twig_id):
                    self.global_settings.enable_twig(twig_id)
                    enabled_twig_ids.append(twig_id)

            if enabled_twig_ids:
                logger.debug(f"enabled twigs: {enabled_twig_ids}")
                self.global_settings.save()
                self.osquery.refresh_osqueryd()
                self.flock_log.log(FlockLogTypes.TWIGS_ENABLED,
                                   enabled_twig_ids)

            return response_object()

        async def get_decided_twig_ids(request):
            return response_object(self.global_settings.get_decided_twig_ids())

        async def get_undecided_twig_ids(request):
            return response_object(
                self.global_settings.get_undecided_twig_ids())

        async def get_enabled_twig_ids(request):
            return response_object(self.global_settings.get_enabled_twig_ids())

        async def get_twig_enabled_statuses(request):
            return response_object(
                self.global_settings.get_twig_enabled_statuses())

        async def update_twig_status(request):
            logger = logging.getLogger("Daemon.update_twig_status")
            twig_status = await request.json()

            # Validate twig_status
            if type(twig_status) != dict:
                return response_object(error="twig_status must be a dict")
            for twig_id in twig_status:
                if twig_id not in self.global_settings.settings["twigs"]:
                    return response_object(
                        error="twig_status contains invalid twig_ids")
                if type(twig_status[twig_id]) != bool:
                    return response_object(
                        error="twig_status is in an invalid format")

            enabled_twig_ids = []
            disabled_twig_ids = []

            for twig_id in twig_status:
                if twig_status[
                        twig_id] and not self.global_settings.is_twig_enabled(
                            twig_id):
                    self.global_settings.enable_twig(twig_id)
                    enabled_twig_ids.append(twig_id)
                if not twig_status[twig_id] and (
                        self.global_settings.is_twig_enabled(twig_id)
                        or self.global_settings.is_twig_undecided(twig_id)):
                    self.global_settings.disable_twig(twig_id)
                    disabled_twig_ids.append(twig_id)

            if enabled_twig_ids or disabled_twig_ids:
                self.global_settings.save()
                self.osquery.refresh_osqueryd()

            if enabled_twig_ids:
                logger.info(f"enabled twigs: {enabled_twig_ids}")
                self.flock_log.log(FlockLogTypes.TWIGS_ENABLED,
                                   enabled_twig_ids)
            if disabled_twig_ids:
                logger.info(f"disabled twigs: {disabled_twig_ids}")
                self.flock_log.log(FlockLogTypes.TWIGS_DISABLED,
                                   disabled_twig_ids)

            return response_object()

        async def exec_health(request):
            health_item_name = request.match_info.get("health_item_name", None)
            query = None
            for health_item in health_items[Platform.current()]:
                if health_item["name"] == health_item_name:
                    query = health_item["query"]
                    break
            if query:
                try:
                    data = self.osquery.exec(query)
                    return response_object(data)
                except:
                    return response_object(
                        error="error executing health item query")
            else:
                return response_object(error="invalid health_item_name")

        async def register_server(request):
            data = await request.json()
            try:
                name = data["name"]
                server_url = data["server_url"]
            except:
                return response_object(error="Invalid request to daemon")

            # Validate server URL
            o = urlparse(server_url)
            if ((o.scheme != "http" and o.scheme != "https")
                    or (o.path != "" and o.path != "/") or o.params != ""
                    or o.query != "" or o.fragment != ""):
                return response_object(error="Invalid server URL")

            # Save the server URL in settings
            self.global_settings.set("gateway_url", server_url)
            self.global_settings.save()

            # Try to register
            try:
                self.api_client.register(name)
                self.api_client.ping()
                return response_object()
            except PermissionDenied:
                return response_object(error="Permission denied")
            except BadStatusCode as e:
                return response_object(error=f"Bad status code: {e}")
            except ResponseIsNotJson:
                return response_object(error="Server response is not JSON")
            except RespondedWithError as e:
                return response_object(error=f"Server error: {e}")
            except InvalidResponse:
                return response_object(
                    error="Server returned an invalid response")
            except ConnectionError:
                return response_object(error="Error connecting to server")

            # Anything else was an unknown failure
            return response_object(error="Unknown error")

        app = web.Application()
        app.router.add_get("/ping", ping)
        app.router.add_post("/shutdown", shutdown)
        app.router.add_get("/setting/{key}", get_setting)
        app.router.add_post("/setting/{key}", set_setting)
        app.router.add_get("/exec_twig/{twig_id}", exec_twig)
        app.router.add_post("/enable_undecided_twigs", enable_undecided_twigs)
        app.router.add_get("/decided_twig_ids", get_decided_twig_ids)
        app.router.add_get("/undecided_twig_ids", get_undecided_twig_ids)
        app.router.add_get("/enabled_twig_ids", get_enabled_twig_ids)
        app.router.add_get("/twig_enabled_statuses", get_twig_enabled_statuses)
        app.router.add_post("/update_twig_status", update_twig_status)
        app.router.add_get("/exec_health/{health_item_name}", exec_health)
        app.router.add_post("/register_server", register_server)

        loop = asyncio.get_event_loop()
        await loop.create_unix_server(app.make_handler(),
                                      self.unix_socket_path)

        # Change permissions of unix socket
        os.chmod(self.unix_socket_path, 0o660)
        os.chown(self.unix_socket_path, 0, self.gid)

        logger.info("Started http server")
Example #56
0

try:
    os.chdir('/satori_test')
    DIRS = [
        ('secure', 0, 0, 0o700),
        ('aux', 0, 0, 0o755),
        ('src', 0, 0, 0o755),
        ('build', 0, 0, 0o755),
        ('bin', 0, 0, 0o755),
        ('tool', 0, 0, 0o755),
    ]

    for d, u, g, r in DIRS:
        os.makedirs(d, exist_ok=True)
        os.chown(d, u, g)
        os.chmod(d, r)

    submit = communicate('submit')
    test = communicate('test')

    filename = submit['content']
    if len(filename.split('.')) < 2:
        communicate('result', {'status': 'EXT'})
        sys.exit(0)
    filebase = '.'.join(filename.split('.')[:-1])
    fileext = filename.split('.')[-1].lower()
    time_limit = parse_time(test['time'])
    memory_limit = parse_memory(test['memory'])
    has_stack = 'stack' in test
    if has_stack:
Example #57
0
    print(os.path.realpath('to.txt'))
    os.remove('from.txt')
    os.remove('to.txt')

    # chmod()
    fp = open('file.txt', 'wt')
    fp.close()
    os.chmod('file.txt', 0o400)
    os.remove('file.txt')

    # chown(), getuid(), getgid()
    fp = open('file.txt', 'wt')
    fp.close()
    uid = os.getuid()
    gid = os.getgid()
    os.chown('file.txt', uid, gid)
    os.remove('file.txt')

    # getpid(), getcwd()
    print(os.getpid())
    print(os.getcwd())

    # abspath()
    print(os.path.abspath('.'))

    # mkdir(), rmdir()
    os.mkdir('test_dir')
    print(os.path.exists('test_dir'))
    os.rmdir('test_dir')
    print(os.path.exists('test_dir'))
Example #58
0
 def chown(self, path, uid, gid):
     full_path = self._full_path(path)
     return os.chown(full_path, uid, gid)
Example #59
0
def main():
    debug = os.environ.get('DEBUG', '') in ['1', 'true', 'on', 'ON']
    args = parse_args()

    logging.basicConfig(
        format='%(asctime)s - bootstrapping - %(levelname)s - %(message)s',
        level=('DEBUG' if debug else (args.get('loglevel') or 'INFO').upper()))

    provider = get_provider()
    placeholders = get_placeholders(provider)
    logging.info('Looks like your running %s', provider)

    if (provider == PROVIDER_LOCAL and not USE_KUBERNETES
            and 'ETCD_HOST' not in placeholders
            and 'ETCD_HOSTS' not in placeholders
            and 'ETCD_URL' not in placeholders
            and 'ETCD_PROXY' not in placeholders
            and 'ETCD_DISCOVERY_DOMAIN' not in placeholders):
        write_etcd_configuration(placeholders)

    config = yaml.load(pystache_render(TEMPLATE, placeholders))
    config.update(get_dcs_config(config, placeholders))

    user_config = yaml.load(
        os.environ.get('SPILO_CONFIGURATION',
                       os.environ.get('PATRONI_CONFIGURATION', ''))) or {}
    if not isinstance(user_config, dict):
        config_var_name = 'SPILO_CONFIGURATION' if 'SPILO_CONFIGURATION' in os.environ else 'PATRONI_CONFIGURATION'
        raise ValueError('{0} should contain a dict, yet it is a {1}'.format(
            config_var_name, type(user_config)))

    user_config_copy = deepcopy(user_config)
    config = deep_update(user_config_copy, config)

    # try to build bin_dir from PGVERSION environment variable if postgresql.bin_dir wasn't set in SPILO_CONFIGURATION
    if 'bin_dir' not in config['postgresql']:
        bin_dir = os.path.join('/usr/lib/postgresql',
                               os.environ.get('PGVERSION', ''), 'bin')
        postgres = os.path.join(bin_dir, 'postgres')
        if os.path.isfile(postgres) and os.access(
                postgres,
                os.X_OK):  # check that there is postgres binary inside
            config['postgresql']['bin_dir'] = bin_dir

    version = float(get_binary_version(config['postgresql'].get('bin_dir')))
    if 'shared_preload_libraries' not in user_config.get('postgresql', {}).get(
            'parameters', {}):
        libraries = [
            ',' + n for n, v in extensions.items()
            if version >= v[0] and version <= v[1] and v[2]
        ]
        config['postgresql']['parameters'][
            'shared_preload_libraries'] += ''.join(libraries)
    if 'extwlist.extensions' not in user_config.get('postgresql',
                                                    {}).get('parameters', {}):
        extwlist = [
            ',' + n for n, v in extensions.items()
            if version >= v[0] and version <= v[1] and v[3]
        ]
        config['postgresql']['parameters']['extwlist.extensions'] += ''.join(
            extwlist)

    # Ensure replication is available
    if 'pg_hba' in config['bootstrap'] and not any(
        ['replication' in i for i in config['bootstrap']['pg_hba']]):
        rep_hba = 'hostssl replication {} all md5'.\
            format(config['postgresql']['authentication']['replication']['username'])
        config['bootstrap']['pg_hba'].insert(0, rep_hba)

    patroni_configfile = os.path.join(placeholders['PGHOME'], 'postgres.yml')

    for section in args['sections']:
        logging.info('Configuring %s', section)
        if section == 'patroni':
            write_file(yaml.dump(config, default_flow_style=False, width=120),
                       patroni_configfile, args['force'])
            link_runit_service(placeholders, 'patroni')
            pg_socket_dir = '/run/postgresql'
            if not os.path.exists(pg_socket_dir):
                os.makedirs(pg_socket_dir)
                st = os.stat(placeholders['PGHOME'])
                os.chown(pg_socket_dir, st.st_uid, st.st_gid)
                os.chmod(pg_socket_dir, 0o2775)

            # It is a recurring and very annoying problem with crashes (host/pod/container)
            # while the backup is taken in the exclusive mode which leaves the backup_label
            # in the PGDATA. Having the backup_label file in the PGDATA makes postgres think
            # that we are restoring from the backup and it puts this information into the
            # pg_control. Effectively it makes it impossible to start postgres in recovery
            # with such PGDATA because the recovery never-ever-ever-ever finishes.
            #
            # As a workaround we will remove the backup_label file from PGDATA if we know
            # for sure that the Postgres was already running with exactly this PGDATA.
            # As proof that the postgres was running we will use the presence of postmaster.pid
            # in the PGDATA, because it is 100% known that neither pg_basebackup nor
            # wal-e/wal-g are backing up/restoring this file.
            #
            # We are not doing such trick in the Patroni (removing backup_label) because
            # we have absolutely no idea what software people use for backup/recovery.
            # In case of some home-grown solution they might end up in copying postmaster.pid...
            pgdata = config['postgresql']['data_dir']
            postmaster_pid = os.path.join(pgdata, 'postmaster.pid')
            backup_label = os.path.join(pgdata, 'backup_label')
            if os.path.isfile(postmaster_pid) and os.path.isfile(backup_label):
                os.unlink(backup_label)
        elif section == 'pgqd':
            link_runit_service(placeholders, 'pgqd')
        elif section == 'log':
            if bool(placeholders.get('LOG_S3_BUCKET')):
                write_log_environment(placeholders)
        elif section == 'wal-e':
            if placeholders['USE_WALE']:
                write_wale_environment(placeholders, '', args['force'])
        elif section == 'certificate':
            write_certificates(placeholders, args['force'])
        elif section == 'crontab':
            write_crontab(placeholders, args['force'])
        elif section == 'pam-oauth2':
            write_pam_oauth2_configuration(placeholders, args['force'])
        elif section == 'pgbouncer':
            write_pgbouncer_configuration(placeholders, args['force'])
        elif section == 'bootstrap':
            if placeholders['CLONE_WITH_WALE']:
                update_and_write_wale_configuration(placeholders, 'CLONE_',
                                                    args['force'])
            if placeholders['CLONE_WITH_BASEBACKUP']:
                write_clone_pgpass(placeholders, args['force'])
        elif section == 'standby-cluster':
            if placeholders['STANDBY_WITH_WALE']:
                update_and_write_wale_configuration(placeholders, 'STANDBY_',
                                                    args['force'])
        else:
            raise Exception('Unknown section: {}'.format(section))

    # We will abuse non zero exit code as an indicator for the launch.sh that it should not even try to create a backup
    sys.exit(int(not placeholders['USE_WALE']))
Example #60
0
    def spawn(self, deployer):

        try:
            PKISPAWN_STARTUP_TIMEOUT_SECONDS = \
                int(os.environ['PKISPAWN_STARTUP_TIMEOUT_SECONDS'])
        except (KeyError, ValueError):
            PKISPAWN_STARTUP_TIMEOUT_SECONDS = 60
        if PKISPAWN_STARTUP_TIMEOUT_SECONDS <= 0:
            PKISPAWN_STARTUP_TIMEOUT_SECONDS = 60

        if config.str2bool(deployer.mdict['pki_skip_configuration']):
            config.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__,
                                extra=config.PKI_INDENTATION_LEVEL_1)
            return

        config.pki_log.info(log.CONFIGURATION_SPAWN_1, __name__,
                            extra=config.PKI_INDENTATION_LEVEL_1)

        # Place "slightly" less restrictive permissions on
        # the top-level client directory ONLY
        deployer.directory.create(
            deployer.mdict['pki_client_subsystem_dir'],
            uid=0, gid=0,
            perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
        # Since 'certutil' does NOT strip the 'token=' portion of
        # the 'token=password' entries, create a client password file
        # which ONLY contains the 'password' for the purposes of
        # allowing 'certutil' to generate the security databases
        deployer.password.create_password_conf(
            deployer.mdict['pki_client_password_conf'],
            deployer.mdict['pki_client_database_password'], pin_sans_token=True)
        deployer.file.modify(
            deployer.mdict['pki_client_password_conf'],
            uid=0, gid=0)
        # Similarly, create a simple password file containing the
        # PKCS #12 password used when exporting the "Admin Certificate"
        # into a PKCS #12 file
        deployer.password.create_client_pkcs12_password_conf(
            deployer.mdict['pki_client_pkcs12_password_conf'])
        deployer.file.modify(deployer.mdict['pki_client_pkcs12_password_conf'])
        deployer.directory.create(
            deployer.mdict['pki_client_database_dir'],
            uid=0, gid=0)
        deployer.certutil.create_security_databases(
            deployer.mdict['pki_client_database_dir'],
            password_file=deployer.mdict['pki_client_password_conf'])

        instance = pki.server.PKIInstance(deployer.mdict['pki_instance_name'])
        instance.load()

        subsystem = instance.get_subsystem(
            deployer.mdict['pki_subsystem'].lower())

        ocsp_uri = deployer.mdict.get('pki_default_ocsp_uri')
        if ocsp_uri:
            subsystem.config['ca.defaultOcspUri'] = ocsp_uri
            subsystem.save()

        # set ephemeral requests if needed
        if subsystem.name == 'kra':
            if config.str2bool(deployer.mdict['pki_kra_ephemeral_requests']):
                config.pki_log.info(
                    "setting ephemeral requests to true",
                    extra=config.PKI_INDENTATION_LEVEL_1)
                subsystem.config['kra.ephemeralRequests'] = 'true'
                subsystem.save()

        token = deployer.mdict['pki_token_name']
        nssdb = instance.open_nssdb()

        existing = deployer.configuration_file.existing
        external = deployer.configuration_file.external
        standalone = deployer.configuration_file.standalone
        step_one = deployer.configuration_file.external_step_one
        step_two = deployer.configuration_file.external_step_two
        clone = deployer.configuration_file.clone

        try:
            if (external or standalone) and step_one:

                self.generate_system_cert_requests(deployer, nssdb, subsystem)

                # This is needed by IPA to detect step 1 completion.
                # See is_step_one_done() in ipaserver/install/cainstance.py.

                subsystem.config['preop.ca.type'] = 'otherca'

                subsystem.save()

                # End of step 1.
                return

            if existing or (external or standalone) and step_two:

                self.import_system_cert_requests(deployer, subsystem)
                self.import_system_certs(deployer, nssdb, subsystem)

                self.configure_system_certs(deployer, subsystem)
                self.update_system_certs(deployer, nssdb, subsystem)
                subsystem.save()

                self.validate_system_certs(deployer, nssdb, subsystem)

            else:  # self-signed CA

                # To be implemented in ticket #1692.

                # Generate CA cert request.
                # Self sign CA cert.
                # Import self-signed CA cert into NSS database.

                pass

        finally:
            nssdb.close()

        create_temp_sslserver_cert = self.create_temp_sslserver_cert(deployer, instance)

        # Start/Restart this Tomcat PKI Process
        # Optionally prepare to enable a java debugger
        # (e. g. - 'eclipse'):
        if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
            config.prepare_for_an_external_java_debugger(
                deployer.mdict['pki_target_tomcat_conf_instance_id'])
        tomcat_instance_subsystems = \
            len(deployer.instance.tomcat_instance_subsystems())
        if tomcat_instance_subsystems == 1:
            deployer.systemd.start()
        elif tomcat_instance_subsystems > 1:
            deployer.systemd.restart()

        # Configure status request timeout.  This is used for each
        # status request in wait_for_startup
        value = deployer.mdict['pki_status_request_timeout']
        if len(value) == 0:
            status_request_timeout = None
        else:
            status_request_timeout = int(value)
            if status_request_timeout <= 0:
                raise ValueError("timeout must be greater than zero")

        # wait for startup
        status = deployer.instance.wait_for_startup(
            PKISPAWN_STARTUP_TIMEOUT_SECONDS,
            request_timeout=status_request_timeout,
        )
        if status is None:
            config.pki_log.error(
                "server failed to restart",
                extra=config.PKI_INDENTATION_LEVEL_2)
            raise Exception("server failed to restart")

        # Optionally wait for debugger to attach (e. g. - 'eclipse'):
        if config.str2bool(deployer.mdict['pki_enable_java_debugger']):
            config.wait_to_attach_an_external_java_debugger()

        # Construct PKI Subsystem Configuration Data
        nssdb = instance.open_nssdb(token)
        try:
            data = deployer.config_client.construct_pki_configuration_data(nssdb)

        finally:
            nssdb.close()

        # Configure the subsystem
        request = json.dumps(data, cls=pki.encoder.CustomTypeEncoder)

        connection = pki.client.PKIConnection(
            protocol='https',
            hostname=deployer.mdict['pki_hostname'],
            port=deployer.mdict['pki_https_port'],
            subsystem=deployer.mdict['pki_subsystem_type'],
            trust_env=False)

        client = pki.system.SystemConfigClient(connection)

        config.pki_log.info(
            'Configuring %s subsystem', subsystem.type,
            extra=config.PKI_INDENTATION_LEVEL_0)

        response = client.configure(request)

        config.pki_log.info(
            "Setting up security domain",
            extra=config.PKI_INDENTATION_LEVEL_0)

        client.setupSecurityDomain(request)

        config.pki_log.info(
            "Setting up database user",
            extra=config.PKI_INDENTATION_LEVEL_0)

        client.setupDatabaseUser(request)

        config.pki_log.info(
            "Finalizing %s configuration", subsystem.type,
            extra=config.PKI_INDENTATION_LEVEL_0)

        client.finalizeConfiguration(request)

        config.pki_log.info(
            '%s configuration complete', subsystem.type,
            extra=config.PKI_INDENTATION_LEVEL_0)

        # Create an empty file that designates the fact that although
        # this server instance has been configured, it has NOT yet
        # been restarted!

        restart_server = os.path.join(instance.conf_dir, 'restart_server_after_configuration')
        config.pki_log.debug(
            'creating %s', restart_server,
            extra=config.PKI_INDENTATION_LEVEL_2)

        open(restart_server, 'a').close()
        os.chown(restart_server, instance.uid, instance.gid)
        os.chmod(restart_server, 0o660)

        try:
            certs = response['systemCerts']
        except KeyError:
            # no system certs created
            config.pki_log.debug(
                "No new system certificates generated.",
                extra=config.PKI_INDENTATION_LEVEL_2)
            certs = []

        if not isinstance(certs, list):
            certs = [certs]

        sslserver = subsystem.get_subsystem_cert('sslserver')

        for cdata in certs:

            if cdata['tag'] == 'sslserver':
                sslserver['data'] = cdata['cert']
                sslserver['request'] = cdata['request']

            if standalone and not step_two:

                # Stand-alone PKI (Step 1)

                if cdata['tag'].lower() == "audit_signing":
                    # Save Stand-alone PKI 'Audit Signing Certificate' CSR
                    # (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_2,
                        deployer.mdict['pki_audit_signing_csr_path'],
                        subsystem.name)

                elif cdata['tag'].lower() == "signing":
                    # Save Stand-alone PKI OCSP 'OCSP Signing Certificate'
                    # CSR (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING_1,
                        deployer.mdict['pki_signing_csr_path'])

                elif cdata['tag'].lower() == "sslserver":
                    # Save Stand-alone PKI 'SSL Server Certificate' CSR
                    # (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_2,
                        deployer.mdict['pki_sslserver_csr_path'],
                        subsystem.name)

                elif cdata['tag'].lower() == "storage":
                    # Save Stand-alone PKI KRA 'Storage Certificate' CSR
                    # (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE_1,
                        deployer.mdict['pki_storage_csr_path'])

                elif cdata['tag'].lower() == "subsystem":
                    # Save Stand-alone PKI 'Subsystem Certificate' CSR
                    # (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_2,
                        deployer.mdict['pki_subsystem_csr_path'],
                        subsystem.name)

                elif cdata['tag'].lower() == "transport":
                    # Save Stand-alone PKI KRA 'Transport Certificate' CSR
                    # (Step 1)
                    deployer.config_client.save_system_csr(
                        cdata['request'],
                        log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT_1,
                        deployer.mdict['pki_transport_csr_path'])

            else:
                config.pki_log.debug(
                    '%s cert: %s', cdata['tag'], cdata['cert'],
                    extra=config.PKI_INDENTATION_LEVEL_0)
                config.pki_log.debug(
                    '%s request: %s', cdata['tag'], cdata['request'],
                    extra=config.PKI_INDENTATION_LEVEL_0)

        # Cloned PKI subsystems do not return an Admin Certificate
        if not clone:

            if external or standalone:
                if not step_two:
                    # NOTE:  Do nothing for Stand-alone PKI (Step 1)
                    #        as this has already been addressed
                    #        in 'set_admin_parameters()'
                    pass
                else:
                    admin_cert = response['adminCert']['cert']
                    deployer.config_client.process_admin_cert(admin_cert)

            elif not config.str2bool(deployer.mdict['pki_import_admin_cert']):
                admin_cert = response['adminCert']['cert']
                deployer.config_client.process_admin_cert(admin_cert)

        # If temp SSL server cert was created and there's a new perm cert,
        # replace it with the perm cert.
        if create_temp_sslserver_cert and sslserver and sslserver['data']:
            deployer.systemd.stop()

            # Remove temp SSL server cert.
            self.remove_temp_sslserver_cert(instance, sslserver)

            # Import perm SSL server cert unless it's already imported
            # earlier in external/standalone installation.

            if not (standalone or external and subsystem.name in ['kra', 'ocsp']):

                nickname = sslserver['nickname']
                token = sslserver['token']
                instance.set_sslserver_cert_nickname(nickname, token)

                self.import_perm_sslserver_cert(instance, sslserver)

            deployer.systemd.start()

        elif config.str2bool(deployer.mdict['pki_restart_configured_instance']):
            # Optionally, programmatically 'restart' the configured PKI instance
            deployer.systemd.restart()

        # wait for startup
        status = None

        if deployer.fips.is_fips_enabled():
            # must use 'http' protocol when FIPS mode is enabled
            status = deployer.instance.wait_for_startup(
                PKISPAWN_STARTUP_TIMEOUT_SECONDS,
                request_timeout=status_request_timeout,
                secure_connection=False,
            )

        else:
            status = deployer.instance.wait_for_startup(
                PKISPAWN_STARTUP_TIMEOUT_SECONDS,
                request_timeout=status_request_timeout,
                secure_connection=True,
            )

        if not status:
            config.pki_log.error(
                "server failed to restart",
                extra=config.PKI_INDENTATION_LEVEL_1)
            raise RuntimeError("server failed to restart")