Changeset 3276 for pykota/trunk

Timestamp:

01/08/08 00:03:01 (17 years ago)

Author:

jerome

Message:

Doesn't drop and regain priviledges anymore : no added security since we could regain them (we needed to regain them for PAM and some end user scripts). This is also more consistent.
Removed SGTERM handling stuff in cupspykota : now only SIGINT can be used.
Now outputs an error message when printing (but doesn't fail) if CUPS is
not v1.3.4 or higher : we need 1.3.4 or higher because it fixes some
problematic charset handling bugs (by only accepting ascii and utf-8,
but this is a different story...)
Now ensures only the supported exit codes are returned by cupspykota :
we used to exit -1 in some cases (see man backend for details).

Location:

pykota/trunk

Files:

• bin/cupspykota (modified) (18 diffs)
• bin/pkinvoice (modified) (1 diff)
• bin/pknotify (modified) (2 diffs)
• bin/pkprinters (modified) (2 diffs)
• bin/pkrefund (modified) (1 diff)
• pykota/storage.py (modified) (1 diff)
• pykota/tool.py (modified) (4 diffs)

pykota/trunk/bin/cupspykota

@@ -72 +72 @@
         signal.signal(signal.SIGTERM, signal.SIG_IGN)
         signal.signal(signal.SIGPIPE, signal.SIG_IGN)
+        self.oldSigIntHandler = signal.signal(signal.SIGINT, signal.SIG_IGN)
         self.MyName = "PyKota"
         self.myname = "cupspykota"
@@ -84 +85 @@
         if not self.config.isAdmin :
             from pykota import config
-            username = self.originalUserName
+            username = self.effectiveUserName
             raise config.PyKotaConfigError, _("User %(username)s is not allowed to read ~pykota/pykotadmin.conf, you must check the permissions.") % locals()
-        self.gotSigTerm = 0
-        self.disableSigInt()
-        self.installSigTermHandler()
-        
-    def sigtermHandler(self, signum, frame) :
-        """Sets an attribute whenever SIGTERM is received."""
-        self.gotSigTerm = 1
-        self.printInfo(_("SIGTERM received, job %s cancelled.") % self.Ticket.JobId)
-        os.environ["PYKOTASTATUS"] = "CANCELLED"
-        
-    def deinstallSigTermHandler(self) :           
-        """Deinstalls the SIGTERM handler."""
-        self.logdebug("Deinstalling SIGTERM handler...")
-        signal.signal(signal.SIGTERM, signal.SIG_IGN)
-        self.logdebug("SIGTERM handler deinstalled.")
-        
-    def installSigTermHandler(self) :           
-        """Installs the SIGTERM handler."""
-        self.logdebug("Installing SIGTERM handler...")
-        signal.signal(signal.SIGTERM, self.sigtermHandler)
-        self.logdebug("SIGTERM handler installed.")
-        
-    def disableSigInt(self) :    
-        """Disables the SIGINT signal (which raises KeyboardInterrupt)."""
-        self.logdebug("Disabling SIGINT...")
-        self.oldSigIntHandler = signal.signal(signal.SIGINT, signal.SIG_IGN)
-        self.logdebug("SIGINT disabled.")
         
     def enableSigInt(self) :    
         """Enables the SIGINT signal (which raises KeyboardInterrupt)."""
-        self.logdebug("Enabling SIGINT...")
         signal.signal(signal.SIGINT, self.oldSigIntHandler)
-        self.logdebug("SIGINT enabled.")
         
     def waitForLock(self) :    
@@ -153 +125 @@
            Executes each existing backend in turn in device enumeration mode.
            Returns the list of available backends.
+           
+           Unfortunately this method can't output any debug information
+           to stdout or stderr, else CUPS considers that the device is
+           not available.
         """
-        # Unfortunately this method can't output any debug information
-        # to stdout or stderr, else CUPS considers that the device is
-        # not available.
         available = []
         (directory, myname) = os.path.split(sys.argv[0])
@@ -226 +199 @@
         return available
                         
+    def checkCUPSVersion(self) :                    
+        """Checks if CUPS is not v1.3.4 or higher."""
+        fullversion = os.environ.get("SOFTWARE", "")
+        if fullversion.startswith("CUPS/") :
+            vnum = fullversion.split("/")[1]
+            try :
+               (major, minor, release) = [int(p) for p in vnum.split(".")]
+            except ValueError :   
+                pass
+            else :    
+                return (major > 1) \
+                        or ((major == 1) and (minor > 3)) \
+                        or ((major == 1) and (minor == 3) and (release >= 4))
+        return False
+        
     def initBackendParameters(self) :    
         """Initializes the backend's attributes."""
@@ -233 +221 @@
         # the environment before launching the real backend 
         self.logdebug("Initializing backend...")
+        
+        if not self.checkCUPSVersion() :
+            self.printInfo("BEWARE : CUPS is too old. You must use CUPS v1.3.4 or higher.", "error")
         
         self.PrinterName = os.environ.get("PRINTER", "")
@@ -410 +401 @@
             self.logdebug("Launching subprocess [%s] to overwrite the job ticket." \
                                      % jobticketcommand)
-            self.regainPriv()                         
             inputfile = os.popen(jobticketcommand, "r")
             try :
@@ -433 +423 @@
                 self.logdebug("IOError while reading subprocess' output : %s" % msg)
             inputfile.close()    
-            self.dropPriv()
             
             # now overwrite the job's ticket if new data was supplied
@@ -458 +447 @@
         outfile = open(self.DataFile, "wb")    
         if self.Ticket.FileName is not None :
-            self.regainPriv()
             infile = open(self.Ticket.FileName, "rb")
             self.logdebug("Reading input datas from %s" % self.Ticket.FileName)
@@ -481 +469 @@
         if mustclose :    
             infile.close()
-            self.dropPriv()
             
         outfile.close()
@@ -494 +481 @@
         """Cleans up the place."""
         self.logdebug("Cleaning up...")
-        self.regainPriv()
-        self.deinstallSigTermHandler()
         if (self.DataFile is not None) and os.path.exists(self.DataFile) :
             try :
@@ -933 +918 @@
             if mailto == "EXTERNAL" :
                 # TODO : clean this again
-                self.regainPriv()
                 self.externalMailTo(arguments, self.Action, self.User, self.Printer, self.Reason)
-                self.dropPriv()
             else :    
                 # TODO : clean this again
@@ -1114 +1097 @@
         else :
             self.printInfo(_("Job accounting begins."))
-            self.deinstallSigTermHandler()
             self.accounter.beginJob(self.Printer)
-            self.installSigTermHandler()
         
         # handle starting banner pages with accounting
         if (self.Action != "CANCEL") and accountbanner in ["STARTING", "BOTH"] :
-            if not self.gotSigTerm :
-                self.handleBanner("starting", 1)
-        
-        # pass the job's data to the real backend    
-        if (not self.gotSigTerm) and (self.Action in ["ALLOW", "WARN"]) :
+            self.handleBanner("starting", 1)
+        
+        # pass the job's data to the real backend if needed   
+        if self.Action in ("ALLOW", "WARN") :
             retcode = self.printJobDatas()
         else :        
@@ -1134 +1114 @@
         # handle ending banner pages with accounting
         if (self.Action != "CANCEL") and accountbanner in ["ENDING", "BOTH"] :
-            if not self.gotSigTerm :
-                self.handleBanner("ending", 1)
+            self.handleBanner("ending", 1)
         
         # stops accounting
@@ -1143 +1122 @@
             self.printInfo(_("Job cancelled, no accounting has been done."))
         else :
-            self.deinstallSigTermHandler()
             self.accounter.endJob(self.Printer)
-            self.installSigTermHandler()
             self.printInfo(_("Job accounting ends."))
         
@@ -1284 +1261 @@
         
         self.logdebug("Starting original backend %s with args %s" % (originalbackend, " ".join(['"%s"' % a for a in arguments])))
-        self.regainPriv()    
         pid = os.fork()
         self.logdebug("Forked !")
@@ -1298 +1274 @@
             self.logdebug("We shouldn't be there !!!")    
             os._exit(-1)
-        self.dropPriv()    
         
         self.logdebug("Waiting for original backend to exit...")    
-        killed = 0
+        killed = False
         status = -1
         while status == -1 :
@@ -1307 +1282 @@
                 status = os.waitpid(pid, 0)[1]
             except OSError, (err, msg) :
-                if (err == 4) and self.gotSigTerm :
-                    os.kill(pid, signal.SIGTERM)
-                    killed = 1
+                if err == 4 :
+                    killed = True
                     
         if os.WIFEXITED(status) :
@@ -1325 +1299 @@
             self.Reason = "CUPS backend %s died abnormally." % originalbackend
             self.printInfo(self.Reason, "error")
-            return -1
+            return 1
         else :
             self.Reason = "CUPS backend %s was killed." % originalbackend

pykota/trunk/bin/pkinvoice

@@ -198 +198 @@
                                         pageCompression=1)
         
-        c.setAuthor(self.originalUserName)
+        c.setAuthor(self.effectiveUserName)
         c.setTitle("PyKota invoices")
         c.setSubject("Invoices generated with PyKota")

pykota/trunk/bin/pknotify

@@ -180 +180 @@
             retcode = False
             self.password = password
-            self.regainPriv()
             auth = PAM.pam()
             auth.start("passwd")
@@ -195 +194 @@
                 self.logdebug(_("Password correct for user %s") % username)
                 retcode = True
-            self.dropPriv()    
             return retcode
             

pykota/trunk/bin/pkprinters

@@ -171 +171 @@
         if uri and (not self.isPrinterCaptured(deviceuri=uri)) :
              newuri = "cupspykota://%s" % uri
-             self.regainPriv() # to avoid having to enter password.
              os.system('lpadmin -p "%s" -v "%s"' % (printer.Name, newuri))
              self.logdebug("Printer %s rerouted to %s" % (printer.Name, newuri))
-             self.dropPriv()
              
     def deroutePrinterFromPyKota(self, printer) :    
@@ -183 +181 @@
              if newuri.startswith("//") :
                  newuri = newuri[2:]
-             self.regainPriv() # to avoid having to enter password.
              os.system('lpadmin -p "%s" -v "%s"' % (printer.Name, newuri))
              self.logdebug("Printer %s rerouted to %s" % (printer.Name, newuri))
-             self.dropPriv()    
                                      
     def main(self, names, options) :

pykota/trunk/bin/pkrefund

@@ -209 +209 @@
                                         pageCompression=1)
         
-        c.setAuthor(self.originalUserName)
+        c.setAuthor(self.effectiveUserName)
         c.setTitle("PyKota print job refunding receipts")
         c.setSubject("Print job refunding receipts generated with PyKota")

pykota/trunk/pykota/storage.py

@@ -489 +489 @@
                         % (self.JobSize,
                            self.JobPrice,
-                           self.parent.tool.originalUserName,
+                           self.parent.tool.effectiveUserName,
                            os.getlogin(),
                            str(DateTime.now())[:19])

pykota/trunk/pykota/tool.py

@@ -132 +132 @@
         self.logger = logger.openLogger("stderr")
         
-        # did we drop priviledges ?
-        self.privdropped = 0
-        
         # locale stuff
         try :
@@ -167 +164 @@
         # pykota specific stuff
         self.documentation = doc
+        
+        # Extract the effective username
+        uid = os.geteuid()
+        try :
+            self.effectiveUserName = pwd.getpwuid(uid)[0]
+        except (KeyError, IndexError), msg :    
+            self.printInfo(_("Strange problem with uid(%s) : %s") % (uid, msg), "warn")
+            self.effectiveUserName = os.getlogin()
         
     def deferredInit(self) :        
@@ -190 +195 @@
         self.logger = logger.openLogger(self.config.getLoggingBackend())
             
-        # now drop priviledge if possible
-        self.dropPriv()    
-        
         # We NEED this here, even when not in an accounting filter/backend    
         self.softwareJobSize = 0
@@ -208 +210 @@
         arguments = " ".join(['"%s"' % arg for arg in sys.argv])
         self.logdebug("Command line arguments : %s" % arguments)
-        
-    def dropPriv(self) :    
-        """Drops priviledges."""
-        uid = os.geteuid()
-        try :
-            self.originalUserName = pwd.getpwuid(uid)[0]
-        except (KeyError, IndexError), msg :    
-            self.printInfo(_("Strange problem with uid(%s) : %s") % (uid, msg), "warn")
-            self.originalUserName = None
-        else :
-            if uid :
-                self.logdebug(_("Running as user '%s'.") % self.originalUserName)
-            else :
-                if self.pykotauser is None :
-                    self.logdebug(_("No user named 'pykota'. Not dropping priviledges."))
-                else :    
-                    try :
-                        os.setegid(self.pykotauser[3])
-                        os.seteuid(self.pykotauser[2])
-                    except OSError, msg :    
-                        self.printInfo(_("Impossible to drop priviledges : %s") % msg, "warn")
-                    else :    
-                        self.logdebug(_("Priviledges dropped. Now running as user 'pykota'."))
-                        self.privdropped = 1
-            
-    def regainPriv(self) :    
-        """Drops priviledges."""
-        if self.privdropped :
-            try :
-                os.seteuid(0)
-                os.setegid(0)
-            except OSError, msg :    
-                self.printInfo(_("Impossible to regain priviledges : %s") % msg, "warn")
-            else :    
-                self.logdebug(_("Regained priviledges. Now running as root."))
-                self.privdropped = 0
         
     def UTF8ToUserCharset(self, text) :