[Pkg-puppet-devel] [facter] 07/352: (#22349) Read from user's home when non-root
Stig Sandbeck Mathisen
ssm at debian.org
Sun Apr 6 22:21:26 UTC 2014
This is an automated email from the git hooks/post-receive script.
ssm pushed a commit to branch master
in repository facter.
commit 178e2c616b87892eb54a031d2f20699e9797a132
Author: Andrew Parker <andy at puppetlabs.com>
Date: Fri Aug 30 09:46:45 2013 -0700
(#22349) Read from user's home when non-root
The external facts directory always assumed that the user was root, or
at least had read access to the global facts.d directory. This created
problems for users with restricted permissions when running as non-root.
Instead of trying to handle the permissions problem, which would have
made facter run, this changes facter to follow the same non-root style
as puppet, which is to look in the home directory for a .facter/facts.d
external facts directory. Simply handling the error would have had two
undesirable consequences: 1) it would have hidden a problem from the
user and 2) it would have made external facts cumbersome to use as
non-root as the user would always have to specify --external-dir, which
is not currently possible when facter is used by puppet.
---
Gemfile | 1 +
lib/facter/util/config.rb | 16 +++++++++++-----
lib/facter/util/unix_root.rb | 5 +++++
lib/facter/util/windows_root.rb | 37 +++++++++++++++++++++++++++++++++++++
spec/unit/util/config_spec.rb | 9 +++++++++
5 files changed, 63 insertions(+), 5 deletions(-)
diff --git a/Gemfile b/Gemfile
index d2d5db1..51e3614 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,6 +22,7 @@ group :development, :test do
end
platform :mswin, :mingw do
+ gem "sys-admin", "~> 1.5.6"
gem "win32-api", "~> 1.4.8"
gem "win32-dir", "~> 0.3.7"
gem "windows-api", "~> 0.4.1"
diff --git a/lib/facter/util/config.rb b/lib/facter/util/config.rb
index 4c95dd6..26c2c85 100644
--- a/lib/facter/util/config.rb
+++ b/lib/facter/util/config.rb
@@ -30,16 +30,22 @@ module Facter::Util::Config
end
def self.external_facts_dirs
- windows_dir = windows_data_dir
- if windows_dir.nil? then
- ["/etc/facter/facts.d", "/etc/puppetlabs/facter/facts.d"]
+ if Facter::Util::Root.root?
+ windows_dir = windows_data_dir
+ if windows_dir.nil? then
+ ["/etc/facter/facts.d", "/etc/puppetlabs/facter/facts.d"]
+ else
+ [File.join(windows_dir, 'PuppetLabs', 'facter', 'facts.d')]
+ end
else
- [File.join(windows_dir, 'PuppetLabs', 'facter', 'facts.d')]
+ [File.expand_path(File.join("~", ".facter", "facts.d"))]
end
end
end
if Facter::Util::Config.is_windows?
- require 'rubygems'
require 'win32/dir'
+ require 'facter/util/windows_root'
+else
+ require 'facter/util/unix_root'
end
diff --git a/lib/facter/util/unix_root.rb b/lib/facter/util/unix_root.rb
new file mode 100644
index 0000000..c7be2ff
--- /dev/null
+++ b/lib/facter/util/unix_root.rb
@@ -0,0 +1,5 @@
+module Facter::Util::Root
+ def self.root?
+ Process.uid == 0
+ end
+end
diff --git a/lib/facter/util/windows_root.rb b/lib/facter/util/windows_root.rb
new file mode 100644
index 0000000..ad7500e
--- /dev/null
+++ b/lib/facter/util/windows_root.rb
@@ -0,0 +1,37 @@
+require 'windows/system_info'
+require 'windows/security'
+require 'sys/admin'
+
+module Facter::Util::Root
+ extend ::Windows::SystemInfo
+ extend ::Windows::Security
+
+ def self.root?
+ # if Vista or later, check for unrestricted process token
+ return Win32::Security.elevated_security? unless windows_version < 6.0
+
+ # otherwise 2003 or less
+ check_token_membership
+ end
+
+ def self.check_token_membership
+ sid = 0.chr * 80
+ size = [80].pack('L')
+ member = 0.chr * 4
+
+ unless CreateWellKnownSid(WinBuiltinAdministratorsSid, nil, sid, size)
+ raise "Failed to create administrators SID"
+ end
+
+ unless IsValidSid(sid)
+ raise "Invalid SID"
+ end
+
+ unless CheckTokenMembership(nil, sid, member)
+ raise "Failed to check membership"
+ end
+
+ # Is administrators SID enabled in calling thread's access token?
+ member.unpack('L')[0] == 1
+ end
+end
diff --git a/spec/unit/util/config_spec.rb b/spec/unit/util/config_spec.rb
index b0caabd..25afcf0 100644
--- a/spec/unit/util/config_spec.rb
+++ b/spec/unit/util/config_spec.rb
@@ -34,6 +34,10 @@ describe Facter::Util::Config do
end
describe "external_facts_dirs" do
+ before :each do
+ Facter::Util::Root.stubs(:root?).returns(true)
+ end
+
it "should return the default value for linux" do
Facter::Util::Config.stubs(:is_windows?).returns(false)
Facter::Util::Config.stubs(:windows_data_dir).returns(nil)
@@ -51,5 +55,10 @@ describe Facter::Util::Config do
Facter::Util::Config.stubs(:windows_data_dir).returns("C:\\Documents")
Facter::Util::Config.external_facts_dirs.should == [File.join("C:\\Documents", 'PuppetLabs', 'facter', 'facts.d')]
end
+
+ it "returns the users home directory when not root" do
+ Facter::Util::Root.stubs(:root?).returns(false)
+ Facter::Util::Config.external_facts_dirs.should == [File.expand_path(File.join("~", ".facter", "facts.d"))]
+ end
end
end
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-puppet/facter.git
More information about the Pkg-puppet-devel
mailing list