Exemple #1
0
def removeLinuxEnvironment(scope, name):
	assert scope in ('user', 'system')
	
	files = []
	
	if os.geteuid() == 0:
		if len(os_user_name) > 0:
			files.append("%s/.bashrc" % (pwd.getpwnam(username).pw_dir))
			files.append("%s/.bash_profile" % (pwd.getpwnam(username).pw_dir))
			files.append("%s/.bash_profile" % (pwd.getpwnam(username).pw_dir))
	else:
		files.extend(["~/.bashrc", "~/.bash_profile", "~/.bash_profile"])
	
	for file in files:
		bodys = []
		f = open(os.path.expanduser(file))
		#INFO_MSG("find %s: %s" % (file, name))
		for x in f.readlines():
			if name in x:
				INFO_MSG("remove %s: %s" % (file, x))
				continue
				
			bodys.append(x)
		
		f.close()
		f = open(os.path.expanduser(file), "w")
		f.writelines(bodys)
		f.close()
		
		if os.geteuid() != 0:
			syscommand('bash -c \'source %s\'' % file, False)
Exemple #2
0
    def check_requirements(self):
        req_ok = []
        if SysAttribute.get_os() in self.req_supported_os:
            req_ok.append(True)
        else:
            req_ok.append(False)
            self.supported = False
            return False

        if SysAttribute.is_linux() and self.req_needs_root_linux:
            if os.geteuid()==0:
                req_ok.append(True)
            else:
                req_ok.append(False)
        elif SysAttribute.is_solaris() and self.req_needs_root_solaris:
            if os.geteuid()==0:
                req_ok.append(True)
            else:
                req_ok.append(False)

        if self.req_physical_hardware:
            if not self.is_virtual():
                req_ok.append(True)
            else:
                req_ok.append(False)

        if False in req_ok:
            self.supported = False
            return False
        else:
            self.supported = True
            return True
Exemple #3
0
 def create_uninstaller(self):
     base = self.opts.staging_bindir
     if not os.access(base, os.W_OK) and getattr(sys, "frozen_path", False):
         base = sys.frozen_path
     dest = os.path.join(base, "calibre-uninstall")
     self.info("Creating un-installer:", dest)
     raw = UNINSTALL.format(
         python="/usr/bin/python",
         euid=os.geteuid(),
         manifest=self.manifest,
         icon_resources=self.icon_resources,
         mime_resources=self.mime_resources,
         menu_resources=self.menu_resources,
         appdata_resources=self.appdata_resources,
         frozen_path=getattr(sys, "frozen_path", None),
     )
     try:
         with open(dest, "wb") as f:
             f.write(raw)
         os.chmod(dest, stat.S_IRWXU | stat.S_IRGRP | stat.S_IROTH)
         if os.geteuid() == 0:
             os.chown(dest, 0, 0)
     except:
         if self.opts.fatal_errors:
             raise
         self.task_failed("Creating uninstaller failed")
Exemple #4
0
def setEnvironment(scope, name, value):
	assert scope in ('user', 'system')
	#INFO_MSG('set environment: name=%s, value=%s' % (name, value))

	if platform.system() == 'Windows':
		root, subkey = getWindowsEnvironmentKey(scope)
		# Note: for 'system' scope, you must run this as Administrator
		key = winreg.OpenKey(root, subkey, 0, winreg.KEY_ALL_ACCESS)
		winreg.SetValueEx(key, name, 0, winreg.REG_EXPAND_SZ, value)
		winreg.CloseKey(key)
	else:
		if name.lower() == 'uid':
			uid, username = value
			if uid != str(os.geteuid()):
				ret, cret = syscommand('bash -c \'usermod -d /home/%s/ -u %s %s\'' % (pwd.getpwnam(username).pw_dir, uid, username), True)
				INFO_MSG(ret)
				INFO_MSG(cret)
			return
		
		userhome = "~"
		if len(os_user_name) > 0:
			userhome = pwd.getpwnam(os_user_name).pw_dir 
		
		f = open('%s/.bash_profile' % userhome, 'a')
		f.write("export %s=%s\n\n" % (name, value))
		f.close()
		
		if os.geteuid() > 0:
			syscommand('bash -c \'source %s/.bash_profile\'' % userhome, False)
Exemple #5
0
 def get_uid_gid(username):
     # Get the uid/gid from username to drop into post-startup
     if not username:
         return None, None
     try:
         pwrec = pwd.getpwnam(username)
     except KeyError:
         try:
             pwrec = pwd.getpwuid(int(username))
         except (KeyError, ValueError):
             logs.append((logging.WARNING,
                 'Invalid or unknown daemon.effective_user: `%r`',
                 username))
             return None, None
     if os.geteuid() == 0:
         logs.append((logging.INFO,
             'Found daemon.effective_user: %s (uid=%d).',
             pwrec[0], pwrec[2]))
         return pwrec[2], pwrec[3]
     if os.geteuid() == pwrec[2]:
         logs.append((logging.INFO,
             'Already running as daemon.effective_user: %s (uid=%d).',
             pwrec[0], pwrec[2]))
         return None, None
     logs.append((logging.WARNING,
         'Process owner is not root; daemon.effective_user ignored.'))
Exemple #6
0
 def test_mode(self):
     path = pjoin(self.dir, 'mode', 'mode')
     assert osutils.ensure_dirs(path, mode=0o700)
     self.check_dir(path, os.geteuid(), os.getegid(), 0o700)
     # unrestrict it
     osutils.ensure_dirs(path)
     self.check_dir(path, os.geteuid(), os.getegid(), 0o777)
def maybe_drop_privileges(uid=None, gid=None):
    """Change process privileges to new user/group.

    If UID and GID is specified, the real user/group is changed.

    If only UID is specified, the real user is changed, and the group is
    changed to the users primary group.

    If only GID is specified, only the group is changed.
    """
    if sys.platform == 'win32':
        return
    if os.geteuid():
        # no point trying to setuid unless we're root.
        if not os.getuid():
            raise SecurityError('contact support')
    uid = uid and parse_uid(uid)
    gid = gid and parse_gid(gid)

    if uid:
        _setuid(uid, gid)
    else:
        gid and setgid(gid)

    if uid and not os.getuid() and not os.geteuid():
        raise SecurityError('Still root uid after drop privileges!')
    if gid and not os.getgid() and not os.getegid():
        raise SecurityError('Still root gid after drop privileges!')
Exemple #8
0
def drop_privileges(user: pwd.struct_passwd, group: grp.struct_group, permanent: bool = True):
    """
    Drop root privileges and change to something more safe.

    :param user: The tuple with user info
    :param group: The tuple with group info
    :param permanent: Whether we want to drop just the euid (temporary), or all uids (permanent)
    """
    # Restore euid=0 if we have previously changed it
    if os.geteuid() != 0 and os.getuid() == 0:
        restore_privileges()

    if os.geteuid() != 0:
        raise RuntimeError("Not running as root: cannot change uid/gid to {}/{}".format(user.pw_name, group.gr_name))

    # Remove group privileges
    os.setgroups([])

    if permanent:
        os.setgid(group.gr_gid)
        os.setuid(user.pw_uid)
    else:
        os.setegid(group.gr_gid)
        os.seteuid(user.pw_uid)

    # Ensure a very conservative umask
    os.umask(0o077)

    if permanent:
        logger.debug("Permanently dropped privileges to {}/{}".format(user.pw_name, group.gr_name))
    else:
        logger.debug("Dropped privileges to {}/{}".format(user.pw_name, group.gr_name))
    def run_as_user(self, user_id, script_file):
        """Restarts this process with the same arguments as the specified user.

        This will re-run the entire Python script so that it is executing as the specified user.
        It will also add in the '--no-change-user' option which can be used by the script being executed with the
        next proces that it was the result of restart so that it probably shouldn't do that again.

        @param user_id: The user id to run as, typically 0 for root.
        @param script_file: The path to the Python script file that was executed.

        @type user_id: int
        @type script_file: str
        """
        user_name = pwd.getpwuid(user_id).pw_name
        if os.geteuid() != user_id:
            if os.geteuid() != 0:
                print >>sys.stderr, ('Failing, cannot start scalyr_agent as correct user.  The current user (%s) does '
                                     'not own the config file and cannot change to that user because '
                                     'not root.' % user_name)
                sys.exit(1)
            # Use sudo to re-execute this script with the correct user.  We also pass in --no-change-user to prevent
            # us from re-executing the script again to change the user, to
            # head of any potential bugs that could cause infinite loops.
            arguments = ['sudo', '-u', user_name, sys.executable, script_file, '--no-change-user'] + sys.argv[1:]

            print >>sys.stderr, ('Running as %s' % user_name)
            os.execvp("sudo", arguments)
Exemple #10
0
def drop_root(uid):
    if os.geteuid() > 0:
        logging.info('Did not start as root.')
        return
    os.setuid(uid)
    os.seteuid(uid)
    logging.info('UID=%d EUID=%d', os.getuid(), os.geteuid())
Exemple #11
0
  def GetFacter(self, open_fn=open):
    """Return facter contents.

    Args:
      open_fn: func, optional, supply an open() function
    Returns:
      dict, facter contents
    """
    if self.facter_cache_path is None:
      return {}

    if not os.path.isfile(self.facter_cache_path):
      logging.info('GetFacter: facter cache file does not exist.')
      return {}

    facter = {}
    use_facter_cache = False
    try:
      st = os.stat(self.facter_cache_path)
      # if we are root, and the writer of the cache was not root, OR
      # if we are not root, the cache was not written by root, and
      # the cache was not written by ourselves
      if (os.geteuid() == 0 and st.st_uid != 0) or (
          os.geteuid() != 0 and st.st_uid != 0 and os.geteuid() != st.st_uid):
        # don't trust this file.  be paranoid.
        logging.info('GetFacter: Untrusted facter cache, ignoring')
        use_facter_cache = False
      else:
        use_facter_cache = True
        cache_mtime = datetime.datetime.fromtimestamp(st.st_mtime)
        logging.debug('GetFacter: facter cache mtime is %s', cache_mtime)
    except OSError, e:
      logging.info('GetFacter: OSError from os.stat(): %s', str(e))
      use_facter_cache = False
    def get_home_dir(self):
        ''' Gets the home dir and create it if it doesn't. '''

        if self.gpg_home == None:
            self.gpg_home = self.GPG_HOME_DIR

        try:
            # create gpg's parent directories, if they don't already exist
            parent_dir = os.path.dirname(self.gpg_home)
            if not os.path.exists(parent_dir):
                statinfo = os.stat(os.path.dirname(parent_dir))
                if statinfo.st_uid == os.geteuid():
                    os.makedirs(parent_dir, 0o770)
                    self.log_message('created parent of home dir: {}'.format(parent_dir))
                else:
                    self.log_message('unable to create parent of home dir as {}: {}'.format(os.geteuid(), parent_dir))

            #  create gpg's home directory, if it doesn't exist already
            if not os.path.exists(self.gpg_home):
                statinfo = os.stat(os.path.dirname(self.gpg_home))
                if statinfo.st_uid == os.geteuid():
                    os.mkdir(self.gpg_home, 0o700)
                    self.log_message('created home dir: {}'.format(self.gpg_home))
        except OSError:
            record_exception()
            self.log_message('EXCEPTION - see syr.exception.log for details')
        except Exception as exception:
            self.log_message(exception)
            self.log_message('EXCEPTION - see syr.exception.log for details')
            record_exception()

        return self.gpg_home
    def set_permissions(self, **kwargs):
        '''set permission'''
        user = kwargs.get('user', self.settings.process_user)
        group = kwargs.get('group', self.settings.process_group)
        env_path = kwargs.get('path', self.virtualenv.dir)
        Colored.echo("Configuring permission on web application files", 'purple')

        mod_perms = [(self.settings.settings_file, 700), \
                     (self.media_root, 755), \
                     (os.path.join(self.settings.settings_dir, \
                        self.settings.project_name+'.db'), 700)]

        chown_cmd = ['sudo'] if os.geteuid() != 0 else []
        chmod_cmd = ['sudo', 'chmod'] if os.geteuid() != 0 else []

        chown_cmd.extend(['chown', '-R', '%s:%s'%(user, group), env_path])
               
        try:
            subprocess.check_call(chown_cmd)
            for i in self.settings.apache_protected_locations:
                mod_perms.append((os.path.join(self.media_root, i), 700))

            for i in mod_perms:
                path, perm = i
                if os.path.exists(path):
                    subprocess.check_call(chmod_cmd+[str(perm), path])
        except subprocess.CalledProcessError as _error:
            print _error
Exemple #14
0
 def run(self):
     self.mkpath(self.install_dir)
     for f in self.data_files:
         # it's a tuple with dict to install to and a list of files
         tdict = f[0]
         dir = convert_path(tdict['path'])
         if not os.path.isabs(dir):
             dir = os.path.join(self.install_dir, dir)
         elif self.root:
             dir = change_root(self.root, dir)
         self.mkpath(dir)
         os.chmod(dir, tdict['mode'])
         if(os.geteuid() == 0):
             try:
                 uinfo = pwd.getpwnam(tdict['owner'])
             except KeyError:
                 print "Error: Unkown user %s" % tdict['owner']
                 sys.exit(1)
             uid, gid = uinfo[2], uinfo[3]
             os.chown(dir, uid, gid)
         if f[1] == []:
             # If there are no files listed, the user must be
             # trying to create an empty directory, so add the
             # directory to the list of output files.
             self.outfiles.append(dir)
         else:
             # Copy files, adding them to the list of output files.
             for data, mode in f[1]:
                 data = convert_path(data)
                 (out, _) = self.copy_file(data, dir)
                 self.outfiles.append(out)
                 os.chmod(out, mode)
                 if(os.geteuid() == 0):
                     os.chown(out, uid, gid)
         self.run_command('install_locales')
Exemple #15
0
def main(cli_args=sys.argv[1:]):
    """Command line argument parsing and main script execution."""
    sys.excepthook = functools.partial(_handle_exception, args=None)

    # note: arg parser internally handles --help (and exits afterwards)
    plugins = plugins_disco.PluginsRegistry.find_all()
    parser, tweaked_cli_args = create_parser(plugins, cli_args)
    args = parser.parse_args(tweaked_cli_args)
    config = configuration.NamespaceConfig(args)
    zope.component.provideUtility(config)

    # Setup logging ASAP, otherwise "No handlers could be found for
    # logger ..." TODO: this should be done before plugins discovery
    for directory in config.config_dir, config.work_dir:
        le_util.make_or_verify_dir(
            directory, constants.CONFIG_DIRS_MODE, os.geteuid(),
            "--strict-permissions" in cli_args)
    # TODO: logs might contain sensitive data such as contents of the
    # private key! #525
    le_util.make_or_verify_dir(
        args.logs_dir, 0o700, os.geteuid(), "--strict-permissions" in cli_args)
    setup_logging(args, _cli_log_handler, logfile='letsencrypt.log')

    # do not log `args`, as it contains sensitive data (e.g. revoke --key)!
    logger.debug("Arguments: %r", cli_args)
    logger.debug("Discovered plugins: %r", plugins)

    sys.excepthook = functools.partial(_handle_exception, args=args)

    # Displayer
    if args.text_mode:
        displayer = display_util.FileDisplay(sys.stdout)
    else:
        displayer = display_util.NcursesDisplay()
    zope.component.provideUtility(displayer)

    # Reporter
    report = reporter.Reporter()
    zope.component.provideUtility(report)
    atexit.register(report.atexit_print_messages)

    # TODO: remove developer EULA prompt for the launch
    if not config.eula:
        eula = pkg_resources.resource_string("letsencrypt", "EULA")
        if not zope.component.getUtility(interfaces.IDisplay).yesno(
                eula, "Agree", "Cancel"):
            raise errors.Error("Must agree to TOS")

    if not os.geteuid() == 0:
        logger.warning(
            "Root (sudo) is required to run most of letsencrypt functionality.")
        # check must be done after arg parsing as --help should work
        # w/o root; on the other hand, e.g. "letsencrypt run
        # --authenticator dns" or "letsencrypt plugins" does not
        # require root as well
        #return (
        #    "{0}Root is required to run letsencrypt.  Please use sudo.{0}"
        #    .format(os.linesep))

    return args.func(args, config, plugins)
Exemple #16
0
def main(argv):
    args = docopt(__doc__, argv=argv[1:], version=__version__)
    if args["-u"] and os.geteuid() != 0:
        stderr('Must be run as root with "-u".')
        return
    if not args["-u"] and os.geteuid() == 0:
        stderr('WARNING: Running as root without "-u".')

    password = None
    if args["--password"]:
        stderr("Password: "******"", flush=True)
        use_getpass = sys.stdin.isatty() or args["--getpass"]
        password = getpass("") if use_getpass else input()
        if not use_getpass:
            stderr("Received password.")

    bot = Shellbot(
        lines=int(args["-m"]), timeout=float(args["-t"]), prefix=args["-p"],
        queries=args["--queries"], user=args["-u"], cwd=args["-d"])
    if args["--path"]:
        bot.runner.path += ":" + args["--path"]

    start(bot, args, password)
    while args["--loop"]:
        start(bot, args, password)
Exemple #17
0
def main(cli_args=sys.argv[1:]):
    """Command line argument parsing and main script execution."""
    # note: arg parser internally handles --help (and exits afterwards)
    plugins = plugins_disco.PluginsRegistry.find_all()
    args = create_parser(plugins, cli_args).parse_args(cli_args)
    config = configuration.NamespaceConfig(args)

    # Setup logging ASAP, otherwise "No handlers could be found for
    # logger ..." TODO: this should be done before plugins discovery
    for directory in config.config_dir, config.work_dir:
        le_util.make_or_verify_dir(directory, constants.CONFIG_DIRS_MODE, os.geteuid())
    # TODO: logs might contain sensitive data such as contents of the
    # private key! #525
    le_util.make_or_verify_dir(args.logs_dir, 0o700, os.geteuid())
    _setup_logging(args)

    def handle_exception_common():
        """Logs the exception and reraises it if in debug mode."""
        logger.debug("Exiting abnormally", exc_info=True)
        if args.debug:
            raise

    try:
        return main2(cli_args, args, config, plugins)
    except errors.Error as error:
        handle_exception_common()
        return error
    except Exception:  # pylint: disable=broad-except
        handle_exception_common()
        return "An unexpected error occured. Please see the logfiles in {0} " "for more details.".format(args.logs_dir)
Exemple #18
0
def setupLogs(options):
    logger = logging.getLogger()

    if options.trace or options.logfile:
        loglevel = getattr(logging, options.loglevel.upper())

        f = logging.Formatter('%(asctime)s %(filename)s %(levelname)s %(message)s', datefmt='%Y-%m-%dT%H:%M:%S')

        logger.setLevel(loglevel)

        if options.trace:
            s = logging.StreamHandler()
            s.setLevel(loglevel)
            s.setFormatter(f)

            logging.getLogger('').addHandler(s)

        if options.logfile:
            fh = logging.FileHandler(options.logfile)
            fh.setLevel(loglevel)
            fh.setFormatter(f)

            logging.getLogger('').addHandler(fh)

    logger.debug('workdir = {}'.format(options.workdir))
    logger.debug('oedir = {}'.format(options.oedir))
    logger.debug('svnloc = {}'.format(options.svnloc))
    logger.debug('attemptsdir = {}'.format(options.attemptsdir))
    logger.debug('uid = {} = {}'.format(os.getuid(), pwd.getpwuid(os.getuid()).pw_name))
    logger.debug('euid = {} = {}'.format(os.geteuid(), pwd.getpwuid(os.geteuid()).pw_name))
    logger.debug('gid = {} = {}'.format(os.getgid(), grp.getgrgid(os.getgid()).gr_name))
    logger.debug('egid = {} = {}'.format(os.getegid(), grp.getgrgid(os.getegid()).gr_name))

    return logger
Exemple #19
0
def checkKeyPerm(keyfile):
    try:
        if not os.path.exists(keyfile):
            log.warn("launcher %s: the ssh key file %s does not exists" % (LauncherConfig().name, keyfile))
            return False
        stats = os.stat(keyfile)
    except:
        log.warn("launcher %s: something goes wrong while performing stat() on %s !" % (LauncherConfig().name, keyfile))
        return False

    if stats.st_uid != os.getuid():
        log.debug(
            "launcher %s: ssh key '%s' owner is %s, my uid is %s, dropping the key from the keyring"
            % (LauncherConfig().name, keyfile, stats.st_uid, os.getuid())
        )
        return False

    if stats.st_uid != os.geteuid():
        log.debug(
            "launcher %s: ssh key '%s' owner is %s, my euid is %s, dropping the key from the keyring"
            % (LauncherConfig().name, keyfile, stats.st_uid, os.geteuid())
        )
        return False

    if stat.S_IMODE(os.stat(keyfile).st_mode) & ~(stat.S_IRUSR | stat.S_IWUSR):  # check if perm are at most rw-------
        log.debug(
            "launcher %s: ssh key '%s' perms are not *exactly* rw-------, dropping the key from the keyring"
            % (LauncherConfig().name, keyfile)
        )
        return False

    return True
Exemple #20
0
def set_euid():
    """
    Set settings.DROPLET_USER effective UID for the current process

    This adds some security, but nothing magic, an attacker can still
    gain root access, but at least we only elevate privileges when needed

    See root context manager
    """
    current = os.geteuid()
    logger.debug("Current EUID is %s" % current)

    if settings.DROPLET_USER is None:
        logger.info("Not changing EUID, DROPLET_USER is None")
        return

    uid = int(pwd.getpwnam(settings.DROPLET_USER).pw_uid)
    if current != uid:
        try:
            os.seteuid(uid)
            logger.info("Set EUID to %s (%s)" %
                        (settings.DROPLET_USER, os.geteuid()))
        except:
            current_user = pwd.getpwuid(os.getuid()).pw_name
            logger.error("Failed to set '%s' EUID, running as '%s'" %
                         (settings.DROPLET_USER, current_user))
    else:
        logger.debug("Didn't set EUID, it was already correct")
Exemple #21
0
def access(filename,mode):
    if mode == os.F_OK: return exists(filename)

    st = stat(filename)
    filemode = st.st_mode
    uid = st.st_uid
    gid = st.st_gid
    if mode & os.R_OK:
        rOK = ( filemode & statconsts.S_IROTH ) or \
              ( filemode & statconsts.S_IRGRP and os.getgid()  == gid ) or \
              ( filemode & statconsts.S_IRUSR and os.getuid()  == uid ) or \
              ( filemode & statconsts.S_ISGID and os.getegid() == gid ) or \
              ( filemode & statconsts.S_ISUID and os.geteuid() == uid )
    else:
        rOK = True

    if mode & os.W_OK:
        wOK = ( filemode & statconsts.S_IWOTH ) or \
              ( filemode & statconsts.S_IWGRP and os.getgid()  == gid ) or \
              ( filemode & statconsts.S_IWUSR and os.getuid()  == uid ) or \
              ( filemode & statconsts.S_ISGID and os.getegid() == gid ) or \
              ( filemode & statconsts.S_ISUID and os.geteuid() == uid )
    else:
        wOK = True

    if mode & os.X_OK:
        xOK = ( filemode & statconsts.S_IXOTH ) or \
              ( filemode & statconsts.S_IXGRP and os.getgid()  == gid ) or \
              ( filemode & statconsts.S_IXUSR and os.getuid()  == uid ) or \
              ( filemode & statconsts.S_ISGID and os.getegid() == gid ) or \
              ( filemode & statconsts.S_ISUID and os.geteuid() == uid )
    else:
        xOK = True

    return rOK and wOK and xOK
Exemple #22
0
    def test_executeAsUser_Unix(self):
        """
        Test executing as a different user.
        """
        initial_uid, initial_gid = os.geteuid(), os.getegid()
        initial_groups = os.getgroups()
        test_user = mk.getTestUser(u'normal')
        self.assertNotEqual(
            sorted(self.getGroupsIDForTestAccount()),
            sorted(os.getgroups()),
            )

        with system_users.executeAsUser(username=test_user.name):
            import pwd
            import grp
            uid, gid = os.geteuid(), os.getegid()
            impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8')
            impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8')
            impersonated_groups = os.getgroups()
            self.assertEqual(test_user.name, impersonated_username)
            self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname)
            self.assertNotEqual(initial_uid, uid)
            self.assertNotEqual(initial_gid, gid)
            self.assertNotEqual(initial_groups, impersonated_groups)
            if self.os_name != 'osx':
                # On OSX newer than 10.5 get/set groups are useless.
                self.assertEqual(
                    sorted(self.getGroupsIDForTestAccount()),
                    sorted(impersonated_groups),
                    )

        self.assertEqual(initial_uid, os.geteuid())
        self.assertEqual(initial_gid, os.getegid())
        self.assertEqual(initial_groups, os.getgroups())
Exemple #23
0
def main(args=None):
    '''Control a mounted S3QL File System.'''

    if args is None:
        args = sys.argv[1:]

    options = parse_args(args)
    setup_logging(options)

    path = options.mountpoint
    
    if not os.path.exists(path):
        raise QuietError('Mountpoint %r does not exist' % path)
    
    ctrlfile = os.path.join(path, CTRL_NAME)
    if not (CTRL_NAME not in llfuse.listdir(path)
            and os.path.exists(ctrlfile)):
        raise QuietError('Mountpoint is not an S3QL file system')

    if os.stat(ctrlfile).st_uid != os.geteuid() and os.geteuid() != 0:
        raise QuietError('Only root and the mounting user may run s3qlctrl.')
    
    if options.action == 'flushcache':
        llfuse.setxattr(ctrlfile, 's3ql_flushcache!', 'dummy')

    if options.action == 'upload-meta':
        llfuse.setxattr(ctrlfile, 'upload-meta', 'dummy')
        
    elif options.action == 'log':
        llfuse.setxattr(ctrlfile, 'logging', 
                      pickle.dumps((options.level, options.modules),
                                   pickle.HIGHEST_PROTOCOL))

    elif options.action == 'cachesize':
        llfuse.setxattr(ctrlfile, 'cachesize', pickle.dumps(options.cachesize*1024))    
Exemple #24
0
def set_auth_key(
        user,
        key,
        enc='ssh-rsa',
        comment='',
        options=None,
        config='.ssh/authorized_keys'):
    '''
    Add a key to the authorized_keys file. The "key" parameter must only be the
    string of text that is the encoded key. If the key begins with "ssh-rsa"
    or ends with user@host, remove those from the key before passing it to this
    function.

    CLI Example::

        salt '*' ssh.set_auth_key <user> '<key>' enc='dsa'
    '''
    if len(key.split()) > 1:
        return 'invalid'

    enc = _refine_enc(enc)
    uinfo = __salt__['user.info'](user)
    if not uinfo:
        return 'fail'
    status = check_key(user, key, enc, comment, options, config)
    if status == 'update':
        _replace_auth_key(user, key, enc, comment, options or [], config)
        return 'replace'
    elif status == 'exists':
        return 'no change'
    else:
        auth_line = _format_auth_line(key, enc, comment, options)
        if not os.path.isdir(uinfo.get('home', '')):
            return 'fail'
        fconfig = os.path.join(uinfo['home'], config)
        if not os.path.isdir(os.path.dirname(fconfig)):
            dpath = os.path.dirname(fconfig)
            os.makedirs(dpath)
            if os.geteuid() == 0:
                os.chown(dpath, uinfo['uid'], uinfo['gid'])
            os.chmod(dpath, 448)

        if not os.path.isfile(fconfig):
            new_file = True
        else:
            new_file = False

        try:
            with salt.utils.fopen(fconfig, 'a+') as _fh:
                _fh.write('{0}'.format(auth_line))
        except (IOError, OSError) as exc:
            msg = 'Could not write to key file: {0}'
            raise CommandExecutionError(msg.format(str(exc)))

        if new_file:
            if os.geteuid() == 0:
                os.chown(fconfig, uinfo['uid'], uinfo['gid'])
            os.chmod(fconfig, 384)
        return 'new'
Exemple #25
0
def getUserName(UID=None):
# ###################################################################################################################

    if not UID:
        UID = os.geteuid()

    user = pwd.getpwuid(os.geteuid()).pw_name
    return user
 def test_get_ssh_dir(self):
     config = {}
     username = getpwuid(os.geteuid()).pw_name
     sshdir = os.path.join(getpwuid(os.geteuid()).pw_dir, '.ssh')
     if not os.path.isdir(sshdir):
         sshdir = None
     result = get_ssh_dir(config, username)
     self.assertEqual(result, sshdir)
Exemple #27
0
def set_auth_key(
        user,
        key,
        enc='ssh-rsa',
        comment='',
        options=[],
        config='.ssh/authorized_keys'):
    '''
    Add a key to the authorized_keys file. The "key" parameter must only be the
    string of text that is the encoded key. If the key begins with "ssh-rsa"
    or ends with user@host, remove those from the key before passing it to this
    function.

    CLI Example::

        salt '*' ssh.set_auth_key <user> '<key>' enc='dsa'
    '''
    if len(key.split()) > 1:
        return 'invalid'

    enc = _refine_enc(enc)
    uinfo = __salt__['user.info'](user)
    status = check_key(user, key, enc, comment, options, config)
    if status == 'update':
        _replace_auth_key(
                user,
                key,
                enc,
                comment,
                options,
                config)
        return 'replace'
    elif status == 'exists':
        return 'no change'
    else:
        auth_line = _format_auth_line(
                    key,
                    enc,
                    comment,
                    options)
        if not os.path.isdir(uinfo['home']):
            return 'fail'
        fconfig = os.path.join(uinfo['home'], config)
        if not os.path.isdir(os.path.dirname(fconfig)):
            dpath = os.path.dirname(fconfig)
            os.makedirs(dpath)
            if os.geteuid() == 0:
                os.chown(dpath, uinfo['uid'], uinfo['gid'])
            os.chmod(dpath, 448)

        if not os.path.isfile(fconfig):
            open(fconfig, 'a+').write('{0}'.format(auth_line))
            if os.geteuid() == 0:
                os.chown(fconfig, uinfo['uid'], uinfo['gid'])
            os.chmod(fconfig, 384)
        else:
            open(fconfig, 'a+').write('{0}'.format(auth_line))
        return 'new'
Exemple #28
0
def format():
    output = ''
    output += 'Effective UID: ' + str(os.geteuid()) + " (" + pwd.getpwuid(os.geteuid())[0] + ")" + '<br>'
    output += '__file__: ' + __file__
    output += '<h1>Python Info</h1>\n'
    output += format_version()
    output += format_python_path()
    output += format_environ(os.environ)
    return output
Exemple #29
0
def main():
	banner()
	print ""
	if os.geteuid() != 0:
		print "\nNot running as root. Only logz accessible by non privileged users will be edited."
		
	raw_input("Press enter to get started...\n")
	
	validlogs()
	
	choice = raw_input("\nDo you want to search for more logs? [yes or no] ")
	if choice == "yes" or choice == "YES" or choice == "Yes":
		hollaback = 1
		morelogz()
	elif choice == "no" or choice == "NO" or choice == "No":
		hollaback = 2
		pass
	else:
		sys.exit("It's really not that difficult. Choose either yes or no f****r!\n")
		
	global hitme
	global ipaddr
	global host
	choice1 = raw_input("\nWould you like to remove a IP address or Hostname? [ip or hostname] ")
	if choice1 == "IP" or choice1 == "ip":
		hitme = 1
		ipaddr = raw_input("\tWhat IP address would you like removed from the logs? ")
		while IPChk(ipaddr) != True:
			print "\n\tInvalid IP! Try again!"
			ipaddr = raw_input("\tWhat IP address would you like removed from the logs? ")
		else:
			if hollaback == 1:
				searchanddestroy()
				searchanddestroy2()
			else:
				searchanddestroy()
	elif choice1 == "HOSTNAME" or choice1 == "hostname":
		hitme = 2
		host = raw_input("\tWhat Hostname would you like removed from the logs? ")
		if hollaback == 1:
			searchanddestroy()
			searchanddestroy2()
		else:
			searchanddestroy()
	else:
		sys.exit("It's really not that difficult. Choose either ip or hostname f****r!\n")
		
	if os.geteuid() == 0:
		w = open("/root/.bash_history", 'w')
		w.write("")
		w.close()

	else:
		user = os.getenv('USERNAME')
		w = open("/home/"+user+"/.bash_history", 'w')
		w.write("")
		w.close()
Exemple #30
0
 def __init__(self):
     self.app_name = 'srvApp'
     self.stdin_path = '/dev/null'
     self.stdout_path = '/dev/null'
     self.stderr_path = '/dev/null'
     self.pidfile_path = '/tmp/%s_%s.pid' % (self.app_name, os.geteuid())
     self.pidfile_timeout = 5
     self.log_file = '/tmp/%s_%s.log' % (self.app_name, os.geteuid())
     self.foreground = False
Exemple #31
0
def startup_checks():
    # Splash
    print("             _     _     _ _ _  \n" +
          "            | |   | |   (_) | | \n" +
          "  _   _  ___| |__ | |  _ _| | | \n" +
          " | | | |/___)  _ \| |_/ ) | | | \n" +
          " | |_| |___ | |_) )  _ (| | | | \n" +
          " |____/(___/|____/|_| \_)_|\_)_)\n")

    # Check arguments
    args = sys.argv[1:]

    # Check for help
    if '-h' in args or '--help' in args:
        sys.exit(help_message)

    if '--version' in args:
        print('usbkill', __version__)
        sys.exit(0)

    copy_settings = False
    if '--cs' in args:
        args.remove('--cs')
        copy_settings = True

    shut_down = True
    if '--no-shut-down' in args:
        print(
            "[NOTICE] Ready to execute all the (potentially destructive) commands, but NOT shut down the computer."
        )
        args.remove('--no-shut-down')
        shut_down = False

    # Check all other args
    if len(args) > 0:
        sys.exit("\n[ERROR] Argument not understood. Can only understand -h\n")

    # Check if program is run as root, else exit.
    # Root is needed to power off the computer.
    if not os.geteuid() == 0:
        sys.exit("\n[ERROR] This program needs to run as root.\n")

    # Warn the user if he does not have FileVault
    if CURRENT_PLATFORM.startswith("DARWIN"):
        try:
            # fdesetup return exit code 0 when true and 1 when false
            subprocess.check_output(["/usr/bin/fdesetup", "isactive"])
        except subprocess.CalledProcessError:
            print(
                "[NOTICE] FileVault is disabled. Sensitive data SHOULD be encrypted."
            )

    # On first time use copy usbkill.ini to /etc/usebkill.ini
    # If dev-mode, always copy and don't remove old settings
    if not os.path.isfile(SETTINGS_FILE) or copy_settings:
        sources_path = os.path.dirname(os.path.realpath(__file__))
        if not os.path.isfile(os.path.join(sources_path,
                                           "install/usbkill.ini")):
            sys.exit(
                "\n[ERROR] You have lost your settings file. Get a new copy of the usbkill.ini and place it in /etc/ or in "
                + sources_path + "/\n")
        print("[NOTICE] Copying install/setting.ini to " + SETTINGS_FILE)
        os.system("cp " + sources_path + "install/usbkill.ini " +
                  SETTINGS_FILE)

    # Load settings
    settings = load_settings(SETTINGS_FILE)
    settings['shut_down'] = shut_down

    # Make sure no spaces a present in paths to be wiped.
    for name in settings['folders_to_remove'] + settings['files_to_remove']:
        if ' ' in name:
            msg += "[ERROR][WARNING] '" + name + "'as specified in your usbkill.ini contains a space.\n"
            sys.exit(msg)

    # Make sure srm is present if it will be used.
    if settings['melt_usbkill'] or len(settings['folders_to_remove'] +
                                       settings['files_to_remove']) > 0:
        if not program_present('srm'):
            sys.exit(
                "[ERROR] usbkill configured to destroy data, but srm not installed.\n"
            )
        if not settings['remove_file_cmd'].startswith('srm'):
            sys.exit(
                "[ERROR] remove_file_command should start with `srm'. srm should be used for automated data overwrite.\n"
            )
    # Make sure sdmem is present if it will be used.
    if settings['do_wipe_ram']:
        if not program_present('sdmem'):
            sys.exit(
                "[ERROR] usbkill configured to destroy data, but srm not installed.\n"
            )
        if not settings['wipe_ram_cmd'].startswith('sdmem'):
            sys.exit(
                "[ERROR] wipe_ram_cmd should start with `sdmem'. sdmem should be used for automated data overwrite.\n"
            )
    # Make sure sswap is present if it will be used.
    if settings['do_wipe_swap']:
        if not program_present('sswap'):
            sys.exit(
                "[ERROR] usbkill configured to destroy data, but srm not installed.\n"
            )
        if not settings['wipe_swap_cmd'].startswith('sswap'):
            sys.exit(
                "[ERROR] wipe_swap_cmd should start with `sswap'. sswap should be used for automated data overwrite.\n"
            )

    # Make sure there is a logging folder
    log_folder = os.path.dirname(settings['log_file'])
    if not os.path.isdir(log_folder):
        os.mkdir(log_folder)

    return settings
Exemple #32
0
    def _get_metadata_proxy_user_group(cls, conf):
        user = conf.metadata_proxy_user or str(os.geteuid())
        group = conf.metadata_proxy_group or str(os.getegid())

        return user, group
Exemple #33
0
def consutil():
    """consutil - Command-line utility for interacting with switches via console device"""

    if os.geteuid() != 0:
        click.echo("Root privileges are required for this operation")
        sys.exit(1)
Exemple #34
0
                   stdout=subprocess.PIPE,
                   shell=True)

    print('Cleaning Downloads Dir')
    subprocess.run('rm -f ' + path, stdout=subprocess.PIPE, shell=True)


def get_code(name):
    if name == 'phpstorm':
        code = 'PS'
    elif name == 'datagrip':
        code = 'DG'
    elif name == 'pycharm':
        code = 'PC'
    elif name == 'webstorm':
        code = 'WS'
    else:
        exit('unkown app name')

    return code


if __name__ == '__main__':
    if (os.geteuid() != 0):
        exit('Need to be root')

    if len(sys.argv) < 2:
        exit('Need to pass in app name')

    main()
Exemple #35
0
 def some_security(self):
     if (os.geteuid() == 0 and not self.conf['allow_root_commands']
             and self.conf['user'] == None):
         raise getmailConfigurationError(
             'refuse to invoke external commands as root by default')
Exemple #36
0
def _is_root():
    try:
        return os.geteuid() == 0
    except AttributeError:
        return False  # assume not an admin on non-Unix platforms
Exemple #37
0
    def _docker_run(self, docker_image_name, cmd, user=None, env=None):
        "Runs a command and returns the return code or None if it timed out."
        errors = []
        if user not in ('grade_oven', 'root', None):
            raise ValueError(
                'User "{}" must be "grade_oven" or "root".'.format(user))
        if env is None:
            env = {}
        docker_cmd = [
            'docker',
            'run',
            '--hostname',
            'gradeoven',
            '--memory',
            str(self.max_mem_bytes),
            # TODO: figure out why I need to set nproc so high
            #  If I didn't set nproc > 500 docker wouldn't even start
            '--ulimit',
            'nproc=1000:1000',
            '--ulimit',
            'nice=19:19',
            '--ulimit',
            'nofile={}:{}'.format(self.max_num_files, self.max_num_files),
            '--name',
            self.container_id,
            '--net',
            'none',
            '--read-only=true',
            '--restart=no',
            '--detach',
            '--volume',
            u'{}/grade_oven:/grade_oven'.format(self.host_dir),
            '--volume',
            u'{}/tmp:/tmp'.format(self.host_dir),
            '--workdir',
            '/grade_oven/submission',
            '--cpu-shares',
            '128'
        ]
        # If a user is not specified, run as the effective user of this process.
        # If this code breaks, you can use 'grade_oven' in a --prod run but not
        # a --debug run.
        docker_cmd.extend(['--user', user or str(os.geteuid())])
        for key, val in env.items():
            docker_cmd.append('--env')
            try:
                val = six.text_type(val, errors='replace')
            except TypeError:
                pass
            docker_cmd.append('{}={}'.format(key, val.encode('utf-8')))
        if user == 'root':
            docker_cmd.append('--volume')
            docker_cmd.append(u'{}/root:/root'.format(self.host_dir))
        docker_cmd.append(docker_image_name)
        docker_cmd.extend(cmd)
        logging.info('Starting Docker container: %s', docker_cmd)
        proc = subprocess.Popen(docker_cmd,
                                bufsize=-1,
                                close_fds=True,
                                cwd=self.host_dir,
                                env={})
        proc.wait()

        logging.info('Waiting for Docker container: %s', self.container_id)
        docker_cmd = [
            'timeout',
            str(self.timeout_seconds), 'docker', 'wait', self.container_id
        ]
        proc = subprocess.Popen(docker_cmd,
                                stdout=subprocess.PIPE,
                                bufsize=-1,
                                close_fds=True,
                                cwd=self.host_dir,
                                env={})
        return_code_raw, _ = proc.communicate()
        try:
            return_code = int(return_code_raw)
        except ValueError:
            errors.append(
                'Command "{}" did not finish in {} seconds and timed out.'.
                format(join_cmd_parts(cmd), self.timeout_seconds))
            return_code = None

        logging.info('Stopping Docker container: %s', self.container_id)
        docker_cmd = ['docker', 'stop', '--time', '5', self.container_id]
        proc = subprocess.Popen(docker_cmd,
                                bufsize=-1,
                                close_fds=True,
                                cwd=self.host_dir,
                                env={})
        proc.wait()

        logging.info('Reading Docker logs from container: %s',
                     self.container_id)
        docker_cmd = ['docker', 'logs', self.container_id]
        proc = subprocess.Popen(docker_cmd,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.STDOUT,
                                bufsize=4096,
                                close_fds=True,
                                cwd=self.host_dir,
                                env={})
        output, err = read_proc_summarized_stdout(proc, 4096)
        if err:
            errors.append(err)

        logging.info('Removing Docker container: %s', self.container_id)
        docker_cmd = ['docker', 'rm', '--force', self.container_id]
        proc = subprocess.Popen(docker_cmd,
                                bufsize=-1,
                                close_fds=True,
                                cwd=self.host_dir,
                                env={})
        proc.wait()

        return return_code, output, errors
Exemple #38
0
command = {cmd}
ret = subprocess.call(command)

import xml.etree.ElementTree as ElementTree, glob, re
for file in glob.glob('logs/*/surefire.xml'):
    tree = ElementTree.parse(file)
    for suite in tree.findall('.//testsuite'):
        for test in suite.findall('testcase'):
            match = re.match('(init|end)_per_suite', test.attrib['name'])
            if match is not None:
                suite.remove(test)
    tree.write(file)

sys.exit(ret)
'''
command = command.format(uid=os.geteuid(),
                         gid=os.getegid(),
                         cmd=ct_command,
                         shed_privileges=(platform.system() == 'Linux'))

volumes = []
if os.path.isdir(expanduser('~/.docker')):
    volumes += [(expanduser('~/.docker'), '/tmp/docker_config', 'ro')]

remove_dockers_and_volumes()

ret = docker.run(tty=True,
                 rm=True,
                 interactive=True,
                 workdir=os.path.join(script_dir, 'test_distributed'),
                 volumes=volumes,
def checkPermission():
    if os.geteuid() is 0:
        configureInterfaces()
    else:
        print("User must be root")
Exemple #40
0
if log_level is not None:
    if not log.set_level(log_level):
        usage()

log_file = os.path.normpath('/var/log/hp/hplip-uninstall.log')
if os.getuid() != 0:
    log.error(
        "To run 'hp-uninstall' utility, you must have root privileges.(Try using 'sudo' or 'su -c')"
    )
    sys.exit(1)

if os.path.exists(log_file):
    os.remove(log_file)

log.set_logfile(log_file)
log.set_where(log.LOG_TO_CONSOLE_AND_FILE)

log.debug("Log file=%s" % log_file)
log.debug("euid = %d" % os.geteuid())

utils.log_title(__title__, __version__, True)

log.info("Uninstaller log saved in: %s" % log.bold(log_file))
log.info("")

core = CoreInstall(MODE_CHECK, INTERACTIVE_MODE)
core.init()

core.uninstall(mode)
def icmp_exfiltration_handler(url, http_request_method):
  # Check injection state
  settings.DETECTION_PHASE = True
  settings.EXPLOITATION_PHASE = False
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    err_msg = "You need to have root privileges to run this option."
    print(settings.print_critical_msg(err_msg) + "\n")
    os._exit(0)

  if http_request_method == "GET":
    #url = parameters.do_GET_check(url)
    request = _urllib.request.Request(url)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_GET_param(url)
    
  else:
    parameter = menu.options.data
    parameter = _urllib.parse.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = _urllib.request.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except _urllib.error.HTTPError as err_msg:
      if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
        response = False  
      elif settings.IGNORE_ERR_MSG == False:
        err = str(err_msg) + "."
        print("\n") + settings.print_critical_msg(err)
        continue_tests = checks.continue_tests(err_msg)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)

  # Check if defined Tor.
  elif menu.options.tor:
    try:
      response = tor.use_tor(request)
    except _urllib.error.HTTPError as err_msg:
      if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
        response = False  
      elif settings.IGNORE_ERR_MSG == False:
        err = str(err_msg) + "."
        print("\n") + settings.print_critical_msg(err)
        continue_tests = checks.continue_tests(err_msg)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)

  else:
    try:
      response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
    except _urllib.error.HTTPError as err_msg:
      if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
        response = False  
      elif settings.IGNORE_ERR_MSG == False:
        err = str(err_msg) + "."
        print("\n") + settings.print_critical_msg(err)
        continue_tests = checks.continue_tests(err_msg)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)

  if settings.TARGET_OS == "win":
    err_msg = "This module's payloads are not suppoted by "
    err_msg += "the identified target operating system."
    print(settings.print_critical_msg(err_msg) + "\n")
    os._exit(0)

  else:
    technique = "ICMP exfiltration module"
    info_msg ="Loading the " + technique + ". \n"
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()

    ip_data = menu.options.ip_icmp_data

    #  Source IP address
    ip_src =  re.findall(r"ip_src=(.*),", ip_data)
    ip_src = ''.join(ip_src)

    # Destination IP address
    ip_dst =  re.findall(r"ip_dst=(.*)", ip_data)
    ip_dst = ''.join(ip_dst)
    
    exploitation(ip_dst, ip_src, url, http_request_method, vuln_parameter, technique)
# Ejercicio 104: Obtener el ID de usuario, el ID de grupo, y grupos complementarios en Linux.

import os

print('El ID de usuario es: %d' % os.geteuid())
print('El ID de grupo es: %d' % os.getegid())
print('Los IDs de grupos complementarios son: {}'.format(str(os.getgroups())))
Exemple #43
0
class PipStateTest(integration.ModuleCase, integration.SaltReturnAssertsMixIn):
    def setUp(self):
        super(PipStateTest, self).setUp()
        ret = self.run_function('cmd.has_exec', ['virtualenv'])
        if not ret:
            self.skipTest('virtualenv not installed')

    def test_pip_installed_errors(self):
        venv_dir = os.path.join(integration.SYS_TMP_DIR,
                                'pip-installed-errors')
        try:
            # Since we don't have the virtualenv created, pip.installed will
            # thrown and error.
            # Example error strings:
            #  * "Error installing 'supervisor': /tmp/pip-installed-errors: not found"
            #  * "Error installing 'supervisor': /bin/sh: 1: /tmp/pip-installed-errors: not found"
            #  * "Error installing 'supervisor': /bin/bash: /tmp/pip-installed-errors: No such file or directory"
            os.environ['SHELL'] = '/bin/sh'
            ret = self.run_function('state.sls', mods='pip-installed-errors')
            self.assertSaltFalseReturn(ret)
            self.assertSaltCommentRegexpMatches(
                ret, 'Error installing \'supervisor\':(?:.*)'
                '/tmp/pip-installed-errors(?:.*)'
                '([nN]o such file or directory|not found)')

            # We now create the missing virtualenv
            ret = self.run_function('virtualenv.create', [venv_dir])
            self.assertEqual(ret['retcode'], 0)

            # The state should not have any issues running now
            ret = self.run_function('state.sls', mods='pip-installed-errors')
            self.assertSaltTrueReturn(ret)
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

    def test_pip_installed_weird_install(self):
        ographite = '/opt/graphite'
        if os.path.isdir(ographite):
            self.skipTest(
                'You already have \'{0}\'. This test would overwrite this '
                'directory'.format(ographite))
        try:
            os.makedirs(ographite)
        except OSError as err:
            if err.errno == 13:
                # Permission denied
                self.skipTest(
                    'You don\'t have the required permissions to run this test'
                )
        finally:
            if os.path.isdir(ographite):
                shutil.rmtree(ographite)

        venv_dir = os.path.join(integration.SYS_TMP_DIR,
                                'pip-installed-weird-install')
        try:
            # Since we don't have the virtualenv created, pip.installed will
            # thrown and error.
            ret = self.run_function('state.sls',
                                    mods='pip-installed-weird-install')
            self.assertSaltTrueReturn(ret)

            # We cannot use assertInSaltComment here because we need to skip
            # some of the state return parts
            for key in ret.keys():
                self.assertTrue(ret[key]['result'])
                if ret[key]['comment'] == 'Created new virtualenv':
                    continue
                self.assertEqual(
                    ret[key]['comment'],
                    'There was no error installing package \'carbon\' '
                    'although it does not show when calling \'pip.freeze\'.')
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)
            if os.path.isdir('/opt/graphite'):
                shutil.rmtree('/opt/graphite')

    def test_issue_2028_pip_installed_state(self):
        ret = self.run_function('state.sls', mods='issue-2028-pip-installed')

        venv_dir = os.path.join(integration.SYS_TMP_DIR,
                                'issue-2028-pip-installed')

        try:
            self.assertSaltTrueReturn(ret)
            self.assertTrue(
                os.path.isfile(os.path.join(venv_dir, 'bin', 'supervisord')))
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

    def test_issue_2087_missing_pip(self):
        venv_dir = os.path.join(integration.SYS_TMP_DIR,
                                'issue-2087-missing-pip')

        try:
            # Let's create the testing virtualenv
            ret = self.run_function('virtualenv.create', [venv_dir])
            self.assertEqual(ret['retcode'], 0)

            # Let's remove the pip binary
            pip_bin = os.path.join(venv_dir, 'bin', 'pip')
            if not os.path.isfile(pip_bin):
                self.skipTest(
                    'Failed to find the pip binary to the test virtualenv')
            os.remove(pip_bin)

            # Let's run the state which should fail because pip is missing
            ret = self.run_function('state.sls', mods='issue-2087-missing-pip')
            self.assertSaltFalseReturn(ret)
            self.assertInSaltComment(
                'Error installing \'pep8\': Could not find a `pip` binary',
                ret)
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

    def test_issue_5940_multiple_pip_mirrors(self):
        ret = self.run_function('state.sls',
                                mods='issue-5940-multiple-pip-mirrors')

        venv_dir = os.path.join(integration.SYS_TMP_DIR,
                                '5940-multiple-pip-mirrors')

        try:
            self.assertSaltTrueReturn(ret)
            self.assertTrue(
                os.path.isfile(os.path.join(venv_dir, 'bin', 'pep8')))
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    @with_system_account('issue-6912', on_existing='delete', delete=True)
    def test_issue_6912_wrong_owner(self, username):
        venv_dir = os.path.join(integration.SYS_TMP_DIR, '6912-wrong-owner')
        # ----- Using runas ------------------------------------------------->
        venv_create = self.run_function('virtualenv.create', [venv_dir],
                                        runas=username)
        if venv_create['retcode'] > 0:
            self.skipTest(
                'Failed to create testcase virtual environment: {0}'.format(
                    ret))

        # Using the package name.
        try:
            ret = self.run_state('pip.installed',
                                 name='pep8',
                                 runas=username,
                                 bin_env=venv_dir)
            self.assertSaltTrueReturn(ret)
            uinfo = pwd.getpwnam(username)
            for globmatch in (os.path.join(venv_dir, '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '*', '**', 'pep8*')):
                for path in glob.glob(globmatch):
                    self.assertEqual(uinfo.pw_uid, os.stat(path).st_uid)

        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

        # Using a requirements file
        venv_create = self.run_function('virtualenv.create', [venv_dir],
                                        runas=username)
        if venv_create['retcode'] > 0:
            self.skipTest(
                'Failed to create testcase virtual environment: {0}'.format(
                    ret))
        req_filename = os.path.join(integration.TMP_STATE_TREE,
                                    'issue-6912-requirements.txt')
        with open(req_filename, 'wb') as f:
            f.write('pep8')

        try:
            ret = self.run_state(
                'pip.installed',
                name='',
                runas=username,
                bin_env=venv_dir,
                requirements='salt://issue-6912-requirements.txt')
            self.assertSaltTrueReturn(ret)
            uinfo = pwd.getpwnam(username)
            for globmatch in (os.path.join(venv_dir, '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '*', '**', 'pep8*')):
                for path in glob.glob(globmatch):
                    self.assertEqual(uinfo.pw_uid, os.stat(path).st_uid)

        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)
            os.unlink(req_filename)
        # <---- Using runas --------------------------------------------------

        # ----- Using user -------------------------------------------------->
        venv_create = self.run_function('virtualenv.create', [venv_dir],
                                        runas=username)
        if venv_create['retcode'] > 0:
            self.skipTest(
                'Failed to create testcase virtual environment: {0}'.format(
                    ret))

        # Using the package name
        try:
            ret = self.run_state('pip.installed',
                                 name='pep8',
                                 user=username,
                                 bin_env=venv_dir)
            self.assertSaltTrueReturn(ret)
            uinfo = pwd.getpwnam(username)
            for globmatch in (os.path.join(venv_dir, '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '*', '**', 'pep8*')):
                for path in glob.glob(globmatch):
                    self.assertEqual(uinfo.pw_uid, os.stat(path).st_uid)

        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)

        # Using a requirements file
        venv_create = self.run_function('virtualenv.create', [venv_dir],
                                        runas=username)
        if venv_create['retcode'] > 0:
            self.skipTest(
                'Failed to create testcase virtual environment: {0}'.format(
                    ret))
        req_filename = os.path.join(integration.TMP_STATE_TREE,
                                    'issue-6912-requirements.txt')
        with open(req_filename, 'wb') as f:
            f.write('pep8')

        try:
            ret = self.run_state(
                'pip.installed',
                name='',
                user=username,
                bin_env=venv_dir,
                requirements='salt://issue-6912-requirements.txt')
            self.assertSaltTrueReturn(ret)
            uinfo = pwd.getpwnam(username)
            for globmatch in (os.path.join(venv_dir, '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '**', 'pep8*'),
                              os.path.join(venv_dir, '*', '*', '**', 'pep8*')):
                for path in glob.glob(globmatch):
                    self.assertEqual(uinfo.pw_uid, os.stat(path).st_uid)

        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)
            os.unlink(req_filename)
        # <---- Using user ---------------------------------------------------

    def test_issue_6833_pip_upgrade_pip(self):
        # Create the testing virtualenv
        venv_dir = os.path.join(integration.TMP, '6833-pip-upgrade-pip')
        ret = self.run_function('virtualenv.create', [venv_dir])
        try:
            try:
                self.assertEqual(ret['retcode'], 0)
                self.assertIn('New python executable', ret['stdout'])
            except AssertionError:
                import pprint
                pprint.pprint(ret)
                raise

            # Let's install a fixed version pip over whatever pip was
            # previously installed
            ret = self.run_function('pip.install', ['pip==1.3.1'],
                                    upgrade=True,
                                    ignore_installed=True,
                                    bin_env=venv_dir)
            try:
                self.assertEqual(ret['retcode'], 0)
                self.assertIn('Successfully installed pip', ret['stdout'])
            except AssertionError:
                import pprint
                pprint.pprint(ret)
                raise

            # Le't make sure we have pip 1.3.1 installed
            self.assertEqual(
                self.run_function('pip.list', ['pip'], bin_env=venv_dir),
                {'pip': '1.3.1'})

            # Now the actual pip upgrade pip test
            ret = self.run_state('pip.installed',
                                 name='pip==1.4.1',
                                 upgrade=True,
                                 bin_env=venv_dir)
            try:
                self.assertSaltTrueReturn(ret)
                self.assertInSaltReturn('Installed', ret,
                                        ['changes', 'pip==1.4.1'])
            except AssertionError:
                import pprint
                pprint.pprint(ret)
                raise
        finally:
            if os.path.isdir(venv_dir):
                shutil.rmtree(venv_dir)
Exemple #44
0
    def create_runtime(
        self, env: MutableMapping[str, str], runtimeContext: RuntimeContext
    ) -> Tuple[List[str], Optional[str]]:
        any_path_okay = self.builder.get_requirement("DockerRequirement")[1] or False
        user_space_docker_cmd = runtimeContext.user_space_docker_cmd
        if user_space_docker_cmd:
            if "udocker" in user_space_docker_cmd and not runtimeContext.debug:
                runtime = [user_space_docker_cmd, "--quiet", "run"]
                # udocker 1.1.1 will output diagnostic messages to stdout
                # without this
            else:
                runtime = [user_space_docker_cmd, "run"]
        else:
            runtime = ["docker", "run", "-i"]
        self.append_volume(
            runtime, os.path.realpath(self.outdir), self.builder.outdir, writable=True
        )
        tmpdir = "/tmp"  # nosec
        self.append_volume(
            runtime, os.path.realpath(self.tmpdir), tmpdir, writable=True
        )
        self.add_volumes(
            self.pathmapper,
            runtime,
            any_path_okay=True,
            secret_store=runtimeContext.secret_store,
            tmpdir_prefix=runtimeContext.tmpdir_prefix,
        )
        if self.generatemapper is not None:
            self.add_volumes(
                self.generatemapper,
                runtime,
                any_path_okay=any_path_okay,
                secret_store=runtimeContext.secret_store,
                tmpdir_prefix=runtimeContext.tmpdir_prefix,
            )

        if user_space_docker_cmd:
            runtime = [x.replace(":ro", "") for x in runtime]
            runtime = [x.replace(":rw", "") for x in runtime]

        runtime.append(
            "--workdir=%s" % (docker_windows_path_adjust(self.builder.outdir))
        )
        if not user_space_docker_cmd:

            if not runtimeContext.no_read_only:
                runtime.append("--read-only=true")

            if self.networkaccess:
                if runtimeContext.custom_net:
                    runtime.append("--net={0}".format(runtimeContext.custom_net))
            else:
                runtime.append("--net=none")

            if self.stdout is not None:
                runtime.append("--log-driver=none")

            euid, egid = docker_vm_id()
            if not onWindows():
                # MS Windows does not have getuid() or geteuid() functions
                euid, egid = euid or os.geteuid(), egid or os.getgid()

            if runtimeContext.no_match_user is False and (
                euid is not None and egid is not None
            ):
                runtime.append("--user=%d:%d" % (euid, egid))

        if runtimeContext.rm_container:
            runtime.append("--rm")

        runtime.append("--env=TMPDIR=/tmp")

        # spec currently says "HOME must be set to the designated output
        # directory." but spec might change to designated temp directory.
        # runtime.append("--env=HOME=/tmp")
        runtime.append("--env=HOME=%s" % self.builder.outdir)

        # add parameters to docker to write a container ID file
        if runtimeContext.user_space_docker_cmd is None:
            if runtimeContext.cidfile_dir:
                cidfile_dir = runtimeContext.cidfile_dir
                if not os.path.exists(str(cidfile_dir)):
                    _logger.error(
                        "--cidfile-dir %s error:\n%s",
                        cidfile_dir,
                        "directory doesn't exist, please create it first",
                    )
                    exit(2)
                if not os.path.isdir(cidfile_dir):
                    _logger.error(
                        "--cidfile-dir %s error:\n%s",
                        cidfile_dir,
                        cidfile_dir + " is not a directory, " "please check it first",
                    )
                    exit(2)
            else:
                tmp_dir, tmp_prefix = os.path.split(runtimeContext.tmpdir_prefix)
                cidfile_dir = tempfile.mkdtemp(prefix=tmp_prefix, dir=tmp_dir)

            cidfile_name = datetime.datetime.now().strftime("%Y%m%d%H%M%S-%f") + ".cid"
            if runtimeContext.cidfile_prefix is not None:
                cidfile_name = str(runtimeContext.cidfile_prefix + "-" + cidfile_name)
            cidfile_path = os.path.join(cidfile_dir, cidfile_name)
            runtime.append("--cidfile=%s" % cidfile_path)
        else:
            cidfile_path = None
        for key, value in self.environment.items():
            runtime.append("--env=%s=%s" % (key, value))

        if runtimeContext.strict_memory_limit and not user_space_docker_cmd:
            runtime.append("--memory=%dm" % self.builder.resources["ram"])
        elif not user_space_docker_cmd:
            res_req, _ = self.builder.get_requirement("ResourceRequirement")
            if res_req is not None and ("ramMin" in res_req or "ramMax" is res_req):
                _logger.warning(
                    "[job %s] Skipping Docker software container '--memory' limit "
                    "despite presence of ResourceRequirement with ramMin "
                    "and/or ramMax setting. Consider running with "
                    "--strict-memory-limit for increased portability "
                    "assurance.",
                    self.name,
                )

        return runtime, cidfile_path
Exemple #45
0
    java_home = common_config.get("DEFAULT", "JAVA_HOME")
    hadoop_home = common_config.get("DEFAULT", "HADOOP_HOME")
    rsync_module = common_config.get("DEFAULT", "RSYNC_MODULE")
    assert (rsync_module != "")

    local_dir = config.get("DEFAULT", "LOCAL_DIR")
    assert (local_dir != "")
    fileno = config.get("DEFAULT", "FILENO")
    destno = config.get("DEFAULT", "DESTNO")
    host_groupnos = config.get("DEFAULT", "HOST_GROUPNO").split("\t")
    user = config.get("DEFAULT", "USER")
    group = config.get("DEFAULT", "GROUP")

    command_prefix = ""
    if os.geteuid() == 0:
        command_prefix = "sudo -u %s JAVA_HOME=%s " % (user, java_home)

    local_tmp_dir = os.path.join(local_dir, fileno)
    print local_tmp_dir
    if os.path.exists(local_tmp_dir):
        shutil.rmtree(local_tmp_dir)
    os.mkdir(local_tmp_dir)
    os.chown(local_tmp_dir, getpwnam(user).pw_uid, getpwnam(user).pw_gid)

    file = "part-%05d" % int(fileno)

    if check_interval < 0:
        check_interval = config.getint("DEFAULT", "CHECK_INTERVAL")

    if check_times < 0:
Exemple #46
0
class UserTest(integration.ModuleCase, integration.SaltReturnAssertsMixIn):
    '''
    test for user absent
    '''
    def test_user_absent(self):
        ret = self.run_state('user.absent', name='unpossible')
        self.assertSaltTrueReturn(ret)

    def test_user_if_present(self):
        ret = self.run_state('user.present', name='nobody')
        self.assertSaltTrueReturn(ret)

    def test_user_if_present_with_gid(self):
        if self.run_function('group.info', ['nobody']):
            ret = self.run_state('user.present', name='nobody', gid='nobody')
        elif self.run_function('group.info', ['nogroup']):
            ret = self.run_state('user.present', name='nobody', gid='nogroup')
        else:
            self.skipTest(
                'Neither \'nobody\' nor \'nogroup\' are valid groups')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_not_present(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the minion.
        And then destroys that user.
        Assume that it will break any system you run it on.
        '''
        ret = self.run_state('user.present', name='salt_test')
        self.assertSaltTrueReturn(ret)
        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_present_when_home_dir_does_not_18843(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the minion.
        And then destroys that user.
        Assume that it will break any system you run it on.
        '''
        HOMEDIR = '/home/home_of_salt_test'
        ret = self.run_state('user.present', name='salt_test', home=HOMEDIR)
        self.assertSaltTrueReturn(ret)

        self.run_function('file.absent', name=HOMEDIR)
        ret = self.run_state('user.present', name='salt_test', home=HOMEDIR)
        self.assertSaltTrueReturn(ret)

        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_present_nondefault(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the on the minion.
        '''
        ret = self.run_state('user.present',
                             name='salt_test',
                             home='/var/lib/salt_test')
        self.assertSaltTrueReturn(ret)
        self.assertTrue(os.path.isdir('/var/lib/salt_test'))
        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    @requires_system_grains
    def test_user_present_gid_from_name_default(self, grains=None):
        '''
        This is a DESTRUCTIVE TEST. It creates a new user on the on the minion.
        This is an integration test. Not all systems will automatically create
        a group of the same name as the user, but I don't have access to any.
        If you run the test and it fails, please fix the code it's testing to
        work on your operating system.
        '''
        ret = self.run_state('user.present',
                             name='salt_test',
                             gid_from_name=True,
                             home='/var/lib/salt_test')
        self.assertSaltTrueReturn(ret)

        ret = self.run_function('user.info', ['salt_test'])
        self.assertReturnNonEmptySaltType(ret)
        group_name = grp.getgrgid(ret['gid']).gr_name

        self.assertTrue(os.path.isdir('/var/lib/salt_test'))
        if grains['os_family'] in ('Suse', ):
            self.assertEqual(group_name, 'users')
        else:
            self.assertEqual(group_name, 'salt_test')

        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_present_gid_from_name(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the on the minion.
        This is a unit test, NOT an integration test. We create a group of the
        same name as the user beforehand, so it should all run smoothly.
        '''
        ret = self.run_state('group.present', name='salt_test')
        self.assertSaltTrueReturn(ret)
        ret = self.run_state('user.present',
                             name='salt_test',
                             gid_from_name=True,
                             home='/var/lib/salt_test')
        self.assertSaltTrueReturn(ret)

        ret = self.run_function('user.info', ['salt_test'])
        self.assertReturnNonEmptySaltType(ret)
        group_name = grp.getgrgid(ret['gid']).gr_name

        self.assertTrue(os.path.isdir('/var/lib/salt_test'))
        self.assertEqual(group_name, 'salt_test')
        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)
        ret = self.run_state('group.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_present_gecos(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the on the minion.

        It ensures that numeric GECOS data will be properly coerced to strings,
        otherwise the state will fail because the GECOS fields are written as
        strings (and show up in the user.info output as such). Thus the
        comparison will fail, since '12345' != 12345.
        '''
        ret = self.run_state('user.present',
                             name='salt_test',
                             fullname=12345,
                             roomnumber=123,
                             workphone=1234567890,
                             homephone=1234567890)
        self.assertSaltTrueReturn(ret)
        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)

    @destructiveTest
    @skipIf(os.geteuid() != 0, 'you must be root to run this test')
    def test_user_present_gecos_none_fields(self):
        '''
        This is a DESTRUCTIVE TEST it creates a new user on the on the minion.

        It ensures that if no GECOS data is supplied, the fields will be coerced
        into empty strings as opposed to the string "None".
        '''
        ret = self.run_state('user.present',
                             name='salt_test',
                             fullname=None,
                             roomnumber=None,
                             workphone=None,
                             homephone=None)
        self.assertSaltTrueReturn(ret)

        ret = self.run_function('user.info', ['salt_test'])
        self.assertReturnNonEmptySaltType(ret)
        self.assertEqual('', ret['fullname'])
        self.assertEqual('', ret['roomnumber'])
        self.assertEqual('', ret['workphone'])
        self.assertEqual('', ret['homephone'])

        ret = self.run_state('user.absent', name='salt_test')
        self.assertSaltTrueReturn(ret)
Exemple #47
0
def isRoot():
    if not os.geteuid() == 0:
        sys.exit("{RED}[!] Installer must be run as root")
Exemple #48
0
def __get_username():
    """ Returns the effective username of the current process. """
    if WINDOWS:
        return getpass.getuser()
    import pwd
    return pwd.getpwuid(os.geteuid()).pw_name
Exemple #49
0
def main(cli_args=sys.argv[1:]):
    """Command line argument parsing and main script execution."""
    sys.excepthook = functools.partial(_handle_exception, args=None)

    # note: arg parser internally handles --help (and exits afterwards)
    plugins = plugins_disco.PluginsRegistry.find_all()
    args = prepare_and_parse_args(plugins, cli_args)
    config = configuration.NamespaceConfig(args)
    zope.component.provideUtility(config)

    # Setup logging ASAP, otherwise "No handlers could be found for
    # logger ..." TODO: this should be done before plugins discovery
    for directory in config.config_dir, config.work_dir:
        le_util.make_or_verify_dir(directory, constants.CONFIG_DIRS_MODE,
                                   os.geteuid(), "--strict-permissions"
                                   in cli_args)
    # TODO: logs might contain sensitive data such as contents of the
    # private key! #525
    le_util.make_or_verify_dir(args.logs_dir, 0o700, os.geteuid(),
                               "--strict-permissions" in cli_args)
    setup_logging(args, _cli_log_handler, logfile='letsencrypt.log')

    logger.debug("letsencrypt version: %s", letsencrypt.__version__)
    # do not log `args`, as it contains sensitive data (e.g. revoke --key)!
    logger.debug("Arguments: %r", cli_args)
    logger.debug("Discovered plugins: %r", plugins)

    sys.excepthook = functools.partial(_handle_exception, args=args)

    # Displayer
    if args.text_mode:
        displayer = display_util.FileDisplay(sys.stdout)
    else:
        displayer = display_util.NcursesDisplay()
    zope.component.provideUtility(displayer)

    # Reporter
    report = reporter.Reporter()
    zope.component.provideUtility(report)
    atexit.register(report.atexit_print_messages)

    # TODO: remove developer preview prompt for the launch
    if not config.agree_dev_preview:
        disclaimer = pkg_resources.resource_string("letsencrypt", "DISCLAIMER")
        if not zope.component.getUtility(interfaces.IDisplay).yesno(
                disclaimer, "Agree", "Cancel"):
            raise Error("Must agree to TOS")

    if not os.geteuid() == 0:
        logger.warning(
            "Root (sudo) is required to run most of letsencrypt functionality."
        )
        # check must be done after arg parsing as --help should work
        # w/o root; on the other hand, e.g. "letsencrypt run
        # --authenticator dns" or "letsencrypt plugins" does not
        # require root as well
        #return (
        #    "{0}Root is required to run letsencrypt.  Please use sudo.{0}"
        #    .format(os.linesep))

    return args.func(args, config, plugins)
Exemple #50
0
def main(argv=None):
    if os.geteuid() != 0:
        print("It looks like this command wasn't run with root privileges. Perhaps you didn't use `sudo -E`?")

    if argv is None:
        argv = sys.argv[1:]

    from .log import init_logging
    try:
        init_logging()
    except Exception as e:
        print(str(e))
        print("Perhaps you didn't use `sudo -E`?")

    argparser = argparse.ArgumentParser()
    argparser.add_argument(
        '--config-path',
        default=CONFIG_FILE,
        help='Path to TLJH config.yaml file'
    )
    subparsers = argparser.add_subparsers(dest='action')

    show_parser = subparsers.add_parser(
        'show',
        help='Show current configuration'
    )

    unset_parser = subparsers.add_parser(
        'unset',
        help='Unset a configuration property'
    )
    unset_parser.add_argument(
        'key_path',
        help='Dot separated path to configuration key to unset'
    )

    set_parser = subparsers.add_parser(
        'set',
        help='Set a configuration property'
    )
    set_parser.add_argument(
        'key_path',
        help='Dot separated path to configuration key to set'
    )
    set_parser.add_argument(
        'value',
        help='Value to set the configuration key to'
    )

    add_item_parser = subparsers.add_parser(
        'add-item',
        help='Add a value to a list for a configuration property'
    )
    add_item_parser.add_argument(
        'key_path',
        help='Dot separated path to configuration key to add value to'
    )
    add_item_parser.add_argument(
        'value',
        help='Value to add to the configuration key'
    )

    remove_item_parser = subparsers.add_parser(
        'remove-item',
        help='Remove a value from a list for a configuration property'
    )
    remove_item_parser.add_argument(
        'key_path',
        help='Dot separated path to configuration key to remove value from'
    )
    remove_item_parser.add_argument(
        'value',
        help='Value to remove from key_path'
    )

    reload_parser = subparsers.add_parser(
        'reload',
        help='Reload a component to apply configuration change'
    )
    reload_parser.add_argument(
        'component',
        choices=('hub', 'proxy'),
        help='Which component to reload',
        default='hub',
        nargs='?'
    )

    args = argparser.parse_args(argv)

    if args.action == 'show':
        show_config(args.config_path)
    elif args.action == 'set':
        set_config_value(args.config_path, args.key_path, parse_value(args.value))
    elif args.action == 'unset':
        unset_config_value(args.config_path, args.key_path)
    elif args.action == 'add-item':
        add_config_value(args.config_path, args.key_path, parse_value(args.value))
    elif args.action == 'remove-item':
        remove_config_value(args.config_path, args.key_path, parse_value(args.value))
    elif args.action == 'reload':
        reload_component(args.component)
    else:
        argparser.print_help()
Exemple #51
0
def execute(*cmd, **kwargs):
    """Helper method to shell out and execute a command through subprocess.

    Allows optional retry.

    :param cmd:             Passed to subprocess.Popen.
    :type cmd:              string
    :param process_input:   Send to opened process.
    :type process_input:    string
    :param env_variables:   Environment variables and their values that
                            will be set for the process.
    :type env_variables:    dict
    :param check_exit_code: Single bool, int, or list of allowed exit
                            codes.  Defaults to [0].  Raise
                            :class:`ProcessExecutionError` unless
                            program exits with one of these code.
    :type check_exit_code:  boolean, int, or [int]
    :param delay_on_retry:  True | False. Defaults to True. If set to True,
                            wait a short amount of time before retrying.
    :type delay_on_retry:   boolean
    :param attempts:        How many times to retry cmd.
    :type attempts:         int
    :param run_as_root:     True | False. Defaults to False. If set to True,
                            the command is prefixed by the command specified
                            in the root_helper kwarg.
    :type run_as_root:      boolean
    :param root_helper:     command to prefix to commands called with
                            run_as_root=True
    :type root_helper:      string
    :param shell:           whether or not there should be a shell used to
                            execute this command. Defaults to false.
    :type shell:            boolean
    :param loglevel:        log level for execute commands.
    :type loglevel:         int.  (Should be logging.DEBUG or logging.INFO)
    :returns:               (stdout, stderr) from process execution
    :raises:                :class:`UnknownArgumentError` on
                            receiving unknown arguments
    :raises:                :class:`ProcessExecutionError`
    """

    process_input = kwargs.pop('process_input', None)
    env_variables = kwargs.pop('env_variables', None)
    check_exit_code = kwargs.pop('check_exit_code', [0])
    ignore_exit_code = False
    delay_on_retry = kwargs.pop('delay_on_retry', True)
    attempts = kwargs.pop('attempts', 1)
    run_as_root = kwargs.pop('run_as_root', False)
    root_helper = kwargs.pop('root_helper', '')
    shell = kwargs.pop('shell', False)
    loglevel = kwargs.pop('loglevel', logging.DEBUG)

    if isinstance(check_exit_code, bool):
        ignore_exit_code = not check_exit_code
        check_exit_code = [0]
    elif isinstance(check_exit_code, int):
        check_exit_code = [check_exit_code]

    if kwargs:
        raise UnknownArgumentError(_('Got unknown keyword args: %r') % kwargs)

    if run_as_root and hasattr(os, 'geteuid') and os.geteuid() != 0:
        if not root_helper:
            raise NoRootWrapSpecified(
                message=_('Command requested root, but did not '
                          'specify a root helper.'))
        cmd = shlex.split(root_helper) + list(cmd)

    cmd = map(str, cmd)
    sanitized_cmd = strutils.mask_password(' '.join(cmd))

    while attempts > 0:
        attempts -= 1
        try:
            LOG.log(loglevel, _('Running cmd (subprocess): %s'), sanitized_cmd)
            _PIPE = subprocess.PIPE  # pylint: disable=E1101

            if os.name == 'nt':
                preexec_fn = None
                close_fds = False
            else:
                preexec_fn = _subprocess_setup
                close_fds = True

            obj = subprocess.Popen(cmd,
                                   stdin=_PIPE,
                                   stdout=_PIPE,
                                   stderr=_PIPE,
                                   close_fds=close_fds,
                                   preexec_fn=preexec_fn,
                                   shell=shell,
                                   env=env_variables)
            result = None
            for _i in six.moves.range(20):
                # NOTE(russellb) 20 is an arbitrary number of retries to
                # prevent any chance of looping forever here.
                try:
                    if process_input is not None:
                        result = obj.communicate(process_input)
                    else:
                        result = obj.communicate()
                except OSError as e:
                    if e.errno in (errno.EAGAIN, errno.EINTR):
                        continue
                    raise
                break
            obj.stdin.close()  # pylint: disable=E1101
            _returncode = obj.returncode  # pylint: disable=E1101
            LOG.log(loglevel, 'Result was %s' % _returncode)
            if not ignore_exit_code and _returncode not in check_exit_code:
                (stdout, stderr) = result
                sanitized_stdout = strutils.mask_password(stdout)
                sanitized_stderr = strutils.mask_password(stderr)
                raise ProcessExecutionError(exit_code=_returncode,
                                            stdout=sanitized_stdout,
                                            stderr=sanitized_stderr,
                                            cmd=sanitized_cmd)
            return result
        except ProcessExecutionError:
            if not attempts:
                raise
            else:
                LOG.log(loglevel, _('%r failed. Retrying.'), sanitized_cmd)
                if delay_on_retry:
                    greenthread.sleep(random.randint(20, 200) / 100.0)
        finally:
            # NOTE(termie): this appears to be necessary to let the subprocess
            #               call clean something up in between calls, without
            #               it two execute calls in a row hangs the second one
            greenthread.sleep(0)
Exemple #52
0
def cli_init(ctx):
    if os.geteuid() != ROOT_UID:
        cli_abort(ctx, "Root privileges are required")

    ctx.ensure_object(dict)
Exemple #53
0
def set_known_host(
    user=None,
    hostname=None,
    fingerprint=None,
    key=None,
    port=None,
    enc=None,
    config=None,
    hash_known_hosts=True,
    timeout=5,
    fingerprint_hash_type=None,
):
    """
    Download SSH public key from remote host "hostname", optionally validate
    its fingerprint against "fingerprint" variable and save the record in the
    known_hosts file.

    If such a record does already exists in there, do nothing.

    user
        The user who owns the ssh authorized keys file to modify

    hostname
        The name of the remote host (e.g. "github.com")

    fingerprint
        The fingerprint of the key which must be present in the known_hosts
        file (optional if key specified)

    key
        The public key which must be presented in the known_hosts file
        (optional if fingerprint specified)

    port
        optional parameter, denoting the port of the remote host, which will be
        used in case, if the public key will be requested from it. By default
        the port 22 is used.

    enc
        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
        or ssh-dss

    config
        The location of the authorized keys file relative to the user's home
        directory, defaults to ".ssh/known_hosts". If no user is specified,
        defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
        absolute path when a user is not specified.

    hash_known_hosts : True
        Hash all hostnames and addresses in the known hosts file.

    timeout : int
        Set the timeout for connection attempts.  If ``timeout`` seconds have
        elapsed since a connection was initiated to a host or since the last
        time anything was read from that host, then the connection is closed
        and the host in question considered unavailable.  Default is 5 seconds.

        .. versionadded:: 2016.3.0

    fingerprint_hash_type
        The public key fingerprint hash type that the public key fingerprint
        was originally hashed with. This defaults to ``sha256`` if not specified.

        .. versionadded:: 2016.11.4
        .. versionchanged:: 2017.7.0: default changed from ``md5`` to ``sha256``

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa' config='.ssh/known_hosts'
    """
    if not hostname:
        return {"status": "error", "error": "hostname argument required"}

    if port is not None and port != DEFAULT_SSH_PORT and hash_known_hosts:
        return {
            "status": "error",
            "error": "argument port can not be used in "
            "conjunction with argument hash_known_hosts",
        }

    update_required = False
    check_required = False
    stored_host_entries = get_known_host_entries(
        user,
        hostname,
        config=config,
        port=port,
        fingerprint_hash_type=fingerprint_hash_type,
    )
    stored_keys = [h["key"] for h in stored_host_entries] if stored_host_entries else []
    stored_fingerprints = (
        [h["fingerprint"] for h in stored_host_entries] if stored_host_entries else []
    )

    if not stored_host_entries:
        update_required = True
    elif fingerprint and fingerprint not in stored_fingerprints:
        update_required = True
    elif key and key not in stored_keys:
        update_required = True
    elif key is None and fingerprint is None:
        check_required = True

    if not update_required and not check_required:
        return {"status": "exists", "keys": stored_keys}

    if not key:
        remote_host_entries = recv_known_host_entries(
            hostname,
            enc=enc,
            port=port,
            hash_known_hosts=hash_known_hosts,
            timeout=timeout,
            fingerprint_hash_type=fingerprint_hash_type,
        )
        # pylint: disable=not-an-iterable
        known_keys = (
            [h["key"] for h in remote_host_entries] if remote_host_entries else []
        )
        known_fingerprints = (
            [h["fingerprint"] for h in remote_host_entries]
            if remote_host_entries
            else []
        )
        # pylint: enable=not-an-iterable
        if not remote_host_entries:
            return {"status": "error", "error": "Unable to receive remote host keys"}

        if fingerprint and fingerprint not in known_fingerprints:
            return {
                "status": "error",
                "error": (
                    "Remote host public keys found but none of their "
                    "fingerprints match the one you have provided"
                ),
            }

        if check_required:
            for key in known_keys:
                if key in stored_keys:
                    return {"status": "exists", "keys": stored_keys}

    full = _get_known_hosts_file(config=config, user=user)

    if isinstance(full, dict):
        return full

    if os.path.isfile(full):
        origmode = os.stat(full).st_mode

        # remove existing known_host entry with matching hostname and encryption key type
        # use ssh-keygen -F to find the specific line(s) for this host + enc combo
        ssh_hostname = _hostname_and_port_to_ssh_hostname(hostname, port)
        cmd = ["ssh-keygen", "-F", ssh_hostname, "-f", full]
        lines = __salt__["cmd.run"](
            cmd, ignore_retcode=True, python_shell=False
        ).splitlines()
        remove_lines = list(_get_matched_host_line_numbers(lines, enc))

        if remove_lines:
            try:
                with salt.utils.files.fopen(full, "r+") as ofile:
                    known_hosts_lines = salt.utils.data.decode(list(ofile))
                    # Delete from last line to first to avoid invalidating earlier indexes
                    for line_no in sorted(remove_lines, reverse=True):
                        del known_hosts_lines[line_no - 1]
                    # Write out changed known_hosts file
                    ofile.seek(0)
                    ofile.truncate()
                    ofile.writelines(
                        salt.utils.data.decode(known_hosts_lines, to_str=True)
                    )
            except OSError as exception:
                raise CommandExecutionError(
                    "Couldn't remove old entry(ies) from known hosts file: '{}'".format(
                        exception
                    )
                )
    else:
        origmode = None

    # set up new value
    if key:
        remote_host_entries = [{"hostname": hostname, "enc": enc, "key": key}]

    lines = []
    for entry in remote_host_entries:
        if (
            hash_known_hosts
            or port in [DEFAULT_SSH_PORT, None]
            or ":" in entry["hostname"]
        ):
            line = "{hostname} {enc} {key}\n".format(**entry)
        else:
            entry["port"] = port
            line = "[{hostname}]:{port} {enc} {key}\n".format(**entry)
        lines.append(line)

    # ensure ~/.ssh exists
    ssh_dir = os.path.dirname(full)
    if user:
        uinfo = __salt__["user.info"](user)

    try:
        log.debug('Ensuring ssh config dir "%s" exists', ssh_dir)
        os.makedirs(ssh_dir)
    except OSError as exc:
        if exc.args[1] == "Permission denied":
            log.error("Unable to create directory %s: " "%s", ssh_dir, exc.args[1])
        elif exc.args[1] == "File exists":
            log.debug("%s already exists, no need to create " "it", ssh_dir)
    else:
        # set proper ownership/permissions
        if user:
            os.chown(ssh_dir, uinfo["uid"], uinfo["gid"])
            os.chmod(ssh_dir, 0o700)

    # write line to known_hosts file
    try:
        with salt.utils.files.fopen(full, "ab") as ofile:
            ofile.writelines(salt.utils.data.encode(lines))
    except OSError as exception:
        raise CommandExecutionError(
            "Couldn't append to known hosts file: '{}'".format(exception)
        )

    if not salt.utils.platform.is_windows():
        if os.geteuid() == 0 and user:
            os.chown(full, uinfo["uid"], uinfo["gid"])
        if origmode:
            os.chmod(full, origmode)
        else:
            os.chmod(full, 0o600)

    if key and hash_known_hosts:
        cmd_result = __salt__["ssh.hash_known_hosts"](user=user, config=full)

    rval = {"status": "updated", "old": stored_host_entries, "new": remote_host_entries}
    return rval
Exemple #54
0
#!/usr/bin/env python2.7

import os
import time

if os.geteuid() != 0:
    exit("You isn't root, is it.")

vhost = raw_input('Enter name of new vhost to setup: ')

vhost_path = "/Users/jim/www/"
vhost_dir = vhost_path + vhost + "/public_html/"
print "Ok attempting to setup [%s] as a new vhost in dir [%s]" % (vhost,
                                                                  vhost_dir)

#os.makedirs(vhost_dir)

os.mkdir(vhost_path + vhost + "/logs/")
os.system("chown -R jim:staff " + vhost_path + vhost)

print "New vhost directory should be listed below:"
os.system('ls -l ' + vhost_path)

print "Writing apache conf file..."
fd = open("/etc/apache2/vhosts/default.local", "r")
fn = open("/etc/apache2/vhosts/" + vhost + ".conf", "w")

for line in fd:
    fn.write(line.replace('hostname', vhost))

fd.close()
def main():
    """Main."""
    if os.geteuid() == 0:  # root privileges are not needed
        sys.exit("Please do not run this program as root.")

    args = parse_args()

    if args.store:
        tc_db_table_name = "zephyr_" + str(args.board)
    else:
        tc_db_table_name = None

    callback_thread = autoptsclient.init_core()

    ptses = []
    for ip, local in zip(args.ip_addr, args.local_addr):
        ptses.append(
            autoptsclient.init_pts(ip, args.workspace, args.bd_addr,
                                   args.enable_max_logs, callback_thread,
                                   tc_db_table_name, local))

    btp.init(get_iut)
    autoprojects.iutctl.init(args.kernel_image, args.tty_file, args.board)

    stack.init_stack()
    stack_inst = stack.get_stack()
    stack_inst.synch_init(callback_thread.set_pending_response,
                          callback_thread.clear_pending_responses)

    # Setup project PIXITS
    autoprojects.gap.set_pixits(ptses[0])
    autoprojects.gatt.set_pixits(ptses[0])
    autoprojects.sm.set_pixits(ptses[0])
    autoprojects.l2cap.set_pixits(ptses[0])
    if len(ptses) >= 2:
        autoprojects.mesh.set_pixits(ptses)

    test_cases = autoprojects.gap.test_cases(ptses[0])
    test_cases += autoprojects.gatt.test_cases(ptses[0])
    test_cases += autoprojects.sm.test_cases(ptses[0])
    test_cases += autoprojects.l2cap.test_cases(ptses[0])
    if len(ptses) >= 2:
        mesh_test_cases, additional_mesh_test_cases \
            = autoprojects.mesh.test_cases(ptses)
        test_cases += mesh_test_cases
        additional_test_cases = additional_mesh_test_cases
    else:
        additional_test_cases = []

    if args.test_cases or args.excluded:
        test_cases = autoptsclient.get_test_cases_subset(
            test_cases, args.test_cases, args.excluded)

    autoptsclient.run_test_cases(ptses, test_cases, additional_test_cases,
                                 args.retry)

    autoprojects.iutctl.cleanup()

    print "\nBye!"
    sys.stdout.flush()

    for pts in ptses:
        pts.unregister_xmlrpc_ptscallback()

    # not the cleanest but the easiest way to exit the server thread
    os._exit(0)
Exemple #56
0
def set_auth_key(
    user,
    key,
    enc="ssh-rsa",
    comment="",
    options=None,
    config=".ssh/authorized_keys",
    cache_keys=None,
    fingerprint_hash_type=None,
):
    """
    Add a key to the authorized_keys file. The "key" parameter must only be the
    string of text that is the encoded key. If the key begins with "ssh-rsa"
    or ends with user@host, remove those from the key before passing it to this
    function.

    CLI Example:

    .. code-block:: bash

        salt '*' ssh.set_auth_key <user> '<key>' enc='dsa'
    """
    if cache_keys is None:
        cache_keys = []
    if len(key.split()) > 1:
        return "invalid"

    enc = _refine_enc(enc)
    uinfo = __salt__["user.info"](user)
    if not uinfo:
        return "fail"

    # A 'valid key' to us pretty much means 'decodable as base64', which is
    # the same filtering done when reading the authorized_keys file. Apply
    # the same check to ensure we don't insert anything that will not
    # subsequently be read)
    key_is_valid = _fingerprint(key, fingerprint_hash_type) is not None
    if not key_is_valid:
        return "Invalid public key"

    status = check_key(
        user,
        key,
        enc,
        comment,
        options,
        config=config,
        cache_keys=cache_keys,
        fingerprint_hash_type=fingerprint_hash_type,
    )
    if status == "update":
        _replace_auth_key(user, key, enc, comment, options or [], config)
        return "replace"
    elif status == "exists":
        return "no change"
    else:
        auth_line = _format_auth_line(key, enc, comment, options)
        fconfig = _get_config_file(user, config)
        # Fail if the key lives under the user's homedir, and the homedir
        # doesn't exist
        udir = uinfo.get("home", "")
        if fconfig.startswith(udir) and not os.path.isdir(udir):
            return "fail"
        if not os.path.isdir(os.path.dirname(fconfig)):
            dpath = os.path.dirname(fconfig)
            os.makedirs(dpath)
            if not salt.utils.platform.is_windows():
                if os.geteuid() == 0:
                    os.chown(dpath, uinfo["uid"], uinfo["gid"])
                os.chmod(dpath, 448)
            # If SELINUX is available run a restorecon on the file
            rcon = salt.utils.path.which("restorecon")
            if rcon:
                cmd = [rcon, dpath]
                subprocess.call(cmd)

        if not os.path.isfile(fconfig):
            new_file = True
        else:
            new_file = False

        try:
            with salt.utils.files.fopen(fconfig, "ab+") as _fh:
                if new_file is False:
                    # Let's make sure we have a new line at the end of the file
                    _fh.seek(0, 2)
                    if _fh.tell() > 0:
                        # File isn't empty, check if last byte is a newline
                        # If not, add one
                        _fh.seek(-1, 2)
                        if _fh.read(1) != b"\n":
                            _fh.write(b"\n")
                _fh.write(salt.utils.stringutils.to_bytes(auth_line))
        except OSError as exc:
            msg = "Could not write to key file: {0}"
            raise CommandExecutionError(msg.format(exc))

        if new_file:
            if not salt.utils.platform.is_windows():
                if os.geteuid() == 0:
                    os.chown(fconfig, uinfo["uid"], uinfo["gid"])
                os.chmod(fconfig, 384)
            # If SELINUX is available run a restorecon on the file
            rcon = salt.utils.path.which("restorecon")
            if rcon:
                cmd = [rcon, fconfig]
                subprocess.call(cmd)
        return "new"
Exemple #57
0
def check_root():
    if hasattr(os, "getuid"):
        if os.geteuid() == 0:
            console.logger.info("streamlink is running as root! Be careful!")
Exemple #58
0
group.add_argument('-a',
                   '--all',
                   dest='nukeitall',
                   action='store_true',
                   default=False,
                   help='Remove all documents from all indices.')
parser.add_argument(
    '-r',
    '--reload',
    dest='reload',
    action='store_true',
    default=False,
    help='Reload source files from SOF-ELK(R) filesystem.  Requires "-f".')
args = parser.parse_args()

if args.reload and os.geteuid() != 0:
    print "Reload functionality requires administrative privileges.  Run with 'sudo'."
    exit(1)

# create Elasticsearch handle
es = Elasticsearch([{'host': 'localhost', 'port': 9200}])

# get list of top-level indices if requested
if args.index == 'list':
    populated_indices = get_es_indices(es)
    if len(populated_indices) == 0:
        print 'There are no active data indices in Elasticsearch'
    else:
        print 'The following indices are currently active in Elasticsearch:'
        for index in populated_indices:
            print '- %s' % (index)
Exemple #59
0
    BASE_INFO.update(getattr(fun, n))
    os.chdir(SITES_HOME)
except:
    print('trying to import base_info from %s/config failed' % SITES_HOME)
    sys.exit()

DATA_HOME = BASE_INFO['erp_server_data_path']
#docker run -it -v /home/robert/odoo_projects_data:/mnt/sites -v /home/robert/erp_workbench/dumper/:/mnt/sites/dumper  --rm=true --link db:db  dbdumper -s
dd = {
    'data_home': DATA_HOME,
    'sites_home': SITES_HOME,
    'cmd': dumper_cmd,
    'dbname': dbname,
    'runsudo': ''
}
if not os.geteuid() == 0:
    dd['runsudo'] = 'sudo'
if dumper_cmd in ['-h', '-s']:
    cmd_line = '%(runsudo)s docker run -v %(data_home)s:/mnt/sites  -v %(sites_home)s/dumper/:/mnt/sites/dumper --rm=true --link db:db  dbdumper %(cmd)s' % dd
else:
    cmd_line = '%(runsudo)s docker run -v %(data_home)s:/mnt/sites  -v %(sites_home)s/dumper/:/mnt/sites/dumper --rm=true --link db:db  dbdumper %(cmd)s %(dbname)s' % dd

(DATA_HOME, SITES_HOME, dumper_cmd, dbname)
if verbose:
    print('--------- rundocker start ----------')
    print(cmd_line)
    cmd_line = cmd_line + ' -v'
p = subprocess.Popen(cmd_line,
                     stdout=subprocess.PIPE,
                     stderr=subprocess.PIPE,
                     shell=True)
Exemple #60
0
 def check_user(self):
     if os.geteuid() == 0:
         self.msg_box(
             "This is the root user. Please use the ordinary user to run this program"
         )
         gtk.main_quit()