def getCurrentPrivilegesDescription(self):
"""
Return a text describing current privileges.
On Unix it informs if the process has root capabilities.
"""
if self.impersonate_local_account:
return _(u'root capabilities enabled.')
else:
return _(u'root capabilities disabled.')
def home_segments(self):
'''See `ILocalFilesystem`.'''
if not self._avatar:
return self._pathSplitRecursive(str(os.path.expanduser('~')))
if self._avatar.root_folder_path is None:
return self._pathSplitRecursive(self._avatar.home_folder_path)
home_lower = self._avatar.home_folder_path.lower()
root_lower = self._avatar.root_folder_path.rstrip('/\\').lower()
# Check that we have a valid home folder.
if not home_lower.startswith(root_lower):
raise CompatError(
20019,
_(
'User home folder "%s" is not withing the root folder '
'"%s".' % (
self._avatar.home_folder_path,
self._avatar.root_folder_path),
),
)
path = self._avatar.home_folder_path[len(root_lower):]
return self._pathSplitRecursive(path)
def _change_effective_privileges(username=None, euid=None, egid=None):
"""
Change current process effective user and group.
"""
if username:
username_encoded = username.encode('utf-8')
try:
pwnam = pwd.getpwnam(username_encoded)
except KeyError:
raise ChangeUserException(_(u'User does not exists.'))
euid = pwnam.pw_uid
egid = pwnam.pw_gid
else:
assert euid is not None
pwnam = pwd.getpwuid(euid)
username_encoded = pwnam.pw_name
uid, gid = os.geteuid(), os.getegid()
if uid == euid and gid == egid:
return
try:
if uid != 0:
# We set root euid first to get full permissions.
os.seteuid(0)
os.setegid(0)
# Make sure to set user euid as the last action. Otherwise we will no
# longer have permissions to change egid.
os.initgroups(username_encoded, egid)
os.setegid(egid)
os.seteuid(euid)
except OSError:
raise ChangeUserException(u'Could not switch user.')
def raiseFailedToSetOwner(self, owner, path, message=u''):
"""
Helper for raising the exception from a single place.
"""
raise CompatError(
1016,
_(u'Failed to set owner to "%s" for "%s". %s' % (
owner, path, message)),
)
def raiseFailedToAddGroup(self, group, path, message=u''):
"""
Helper for raising the exception from a single place.
"""
raise CompatError(
1017,
_(u'Failed to add group "%s" for "%s". %s' % (
group, path, message)),
)
def _get_euid_and_egid(username_encoded):
"""
Return a tuple of (euid, egid) for username.
"""
try:
pwnam = pwd.getpwnam(username_encoded)
except KeyError:
raise ChangeUserException(_(u'User does not exists.'))
return (pwnam.pw_uid, pwnam.pw_gid)
def getHomeFolder(self, username, token=None):
'''Get home folder for local (or NIS) user.'''
try:
username_encoded = username.encode('utf-8')
home_folder = pwd.getpwnam(
username_encoded).pw_dir.decode('utf-8')
return home_folder.rstrip('/')
except KeyError:
self.raiseFailedToGetHomeFolder(
username, _(u'Username not found.'))
def install_nt_service(service_class, options):
"""Install an NT service."""
try:
module_path = sys.modules[service_class.__module__].__file__
except AttributeError:
# maybe py2exe went by.
from sys import executable
module_path = executable
module_file = os.path.splitext(os.path.abspath(module_path))[0]
service_class._svc_reg_class_ = "%s.%s" % (module_file, service_class.__name__)
try:
win32serviceutil.InstallService(
service_class._svc_reg_class_,
service_class._svc_name_,
service_class._svc_display_name_,
startType=win32service.SERVICE_AUTO_START,
)
print(
_(
'Service "%s" successfully installed.\n'
'Please use "sc" command or Windows Services to manage '
"this service." % (service_class._svc_name_)
)
)
except pywintypes.error as error:
if error[0] == 5:
print(
_(
"You do not have permissions to install this service.\n"
"Please install the service as an administrator."
)
)
else:
print(
_(
"Failed to install the service %s:%s.\n"
"%s:%d %s"
% (service_class._svc_name_, service_class._svc_display_name_, error[1], error[0], error[2])
)
)
def __init__(self, username=None, euid=0, egid=0):
'''Initialize the context manager.'''
if username is not None:
try:
pwnam = pwd.getpwnam(username.encode('utf-8'))
except KeyError:
raise ChangeUserException(_(u'User does not exists.'))
euid = pwnam.pw_uid
egid = pwnam.pw_gid
self.euid = euid
self.egid = egid
self.initial_euid = os.geteuid()
self.initial_egid = os.getegid()
def _writePID(self):
"""
Write process ID in pid file.
"""
pid_path = os.path.abspath(self.options.pid)
pid_segments = local_filesystem.getSegmentsFromRealPath(pid_path)
try:
pid_file = local_filesystem.openFileForWriting(pid_segments)
pid_file.write('%d' % os.getpid())
pid_file.close()
except (OSError, IOError):
raise CompatError(
1008,
_(u'Could not write PID file at %s.' % (pid_path)),
)
def _impersonateUser(self):
"""
Returns an impersonation context for current user.
"""
if not self._avatar:
return NoOpContext()
try:
return self._avatar.getImpersonationContext()
except ChangeUserException:
raise CompatError(
1006,
_(u'Could not switch process to local account "%s".' % (
self._avatar.name)),
)
