Changeset 3276 for pykota/trunk/pykota/tool.py

Timestamp:

01/08/08 00:03:01 (16 years ago)

Author:

jerome

Message:

Doesn't drop and regain priviledges anymore : no added security since we could regain them (we needed to regain them for PAM and some end user scripts). This is also more consistent.
Removed SGTERM handling stuff in cupspykota : now only SIGINT can be used.
Now outputs an error message when printing (but doesn't fail) if CUPS is
not v1.3.4 or higher : we need 1.3.4 or higher because it fixes some
problematic charset handling bugs (by only accepting ascii and utf-8,
but this is a different story...)
Now ensures only the supported exit codes are returned by cupspykota :
we used to exit -1 in some cases (see man backend for details).

Files:

• pykota/trunk/pykota/tool.py (modified) (4 diffs)

pykota/trunk/pykota/tool.py

@@ -132 +132 @@
         self.logger = logger.openLogger("stderr")
         
-        # did we drop priviledges ?
-        self.privdropped = 0
-        
         # locale stuff
         try :
@@ -167 +164 @@
         # pykota specific stuff
         self.documentation = doc
+        
+        # Extract the effective username
+        uid = os.geteuid()
+        try :
+            self.effectiveUserName = pwd.getpwuid(uid)[0]
+        except (KeyError, IndexError), msg :    
+            self.printInfo(_("Strange problem with uid(%s) : %s") % (uid, msg), "warn")
+            self.effectiveUserName = os.getlogin()
         
     def deferredInit(self) :        
@@ -190 +195 @@
         self.logger = logger.openLogger(self.config.getLoggingBackend())
             
-        # now drop priviledge if possible
-        self.dropPriv()    
-        
         # We NEED this here, even when not in an accounting filter/backend    
         self.softwareJobSize = 0
@@ -208 +210 @@
         arguments = " ".join(['"%s"' % arg for arg in sys.argv])
         self.logdebug("Command line arguments : %s" % arguments)
-        
-    def dropPriv(self) :    
-        """Drops priviledges."""
-        uid = os.geteuid()
-        try :
-            self.originalUserName = pwd.getpwuid(uid)[0]
-        except (KeyError, IndexError), msg :    
-            self.printInfo(_("Strange problem with uid(%s) : %s") % (uid, msg), "warn")
-            self.originalUserName = None
-        else :
-            if uid :
-                self.logdebug(_("Running as user '%s'.") % self.originalUserName)
-            else :
-                if self.pykotauser is None :
-                    self.logdebug(_("No user named 'pykota'. Not dropping priviledges."))
-                else :    
-                    try :
-                        os.setegid(self.pykotauser[3])
-                        os.seteuid(self.pykotauser[2])
-                    except OSError, msg :    
-                        self.printInfo(_("Impossible to drop priviledges : %s") % msg, "warn")
-                    else :    
-                        self.logdebug(_("Priviledges dropped. Now running as user 'pykota'."))
-                        self.privdropped = 1
-            
-    def regainPriv(self) :    
-        """Drops priviledges."""
-        if self.privdropped :
-            try :
-                os.seteuid(0)
-                os.setegid(0)
-            except OSError, msg :    
-                self.printInfo(_("Impossible to regain priviledges : %s") % msg, "warn")
-            else :    
-                self.logdebug(_("Regained priviledges. Now running as root."))
-                self.privdropped = 0
         
     def UTF8ToUserCharset(self, text) :