[Pkg-puppet-devel] [facter] 07/352: (#22349) Read from user's home when non-root

Stig Sandbeck Mathisen ssm at debian.org
Sun Apr 6 22:21:26 UTC 2014 

This is an automated email from the git hooks/post-receive script.

ssm pushed a commit to branch master
in repository facter.

commit 178e2c616b87892eb54a031d2f20699e9797a132
Author: Andrew Parker <andy at puppetlabs.com>
Date:   Fri Aug 30 09:46:45 2013 -0700

    (#22349) Read from user's home when non-root
    
    The external facts directory always assumed that the user was root, or
    at least had read access to the global facts.d directory. This created
    problems for users with restricted permissions when running as non-root.
    Instead of trying to handle the permissions problem, which would have
    made facter run, this changes facter to follow the same non-root style
    as puppet, which is to look in the home directory for a .facter/facts.d
    external facts directory. Simply handling the error would have had two
    undesirable consequences: 1) it would have hidden a problem from the
    user and 2) it would have made external facts cumbersome to use as
    non-root as the user would always have to specify --external-dir, which
    is not currently possible when facter is used by puppet.
---
 Gemfile                         |  1 +
 lib/facter/util/config.rb       | 16 +++++++++++-----
 lib/facter/util/unix_root.rb    |  5 +++++
 lib/facter/util/windows_root.rb | 37 +++++++++++++++++++++++++++++++++++++
 spec/unit/util/config_spec.rb   |  9 +++++++++
 5 files changed, 63 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index d2d5db1..51e3614 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,6 +22,7 @@ group :development, :test do
 end
 
 platform :mswin, :mingw do
+  gem "sys-admin", "~> 1.5.6"
   gem "win32-api", "~> 1.4.8"
   gem "win32-dir", "~> 0.3.7"
   gem "windows-api", "~> 0.4.1"
diff --git a/lib/facter/util/config.rb b/lib/facter/util/config.rb
index 4c95dd6..26c2c85 100644
--- a/lib/facter/util/config.rb
+++ b/lib/facter/util/config.rb
@@ -30,16 +30,22 @@ module Facter::Util::Config
   end
 
   def self.external_facts_dirs
-    windows_dir = windows_data_dir
-    if windows_dir.nil? then
-      ["/etc/facter/facts.d", "/etc/puppetlabs/facter/facts.d"]
+    if Facter::Util::Root.root?
+      windows_dir = windows_data_dir
+      if windows_dir.nil? then
+        ["/etc/facter/facts.d", "/etc/puppetlabs/facter/facts.d"]
+      else
+        [File.join(windows_dir, 'PuppetLabs', 'facter', 'facts.d')]
+      end
     else
-      [File.join(windows_dir, 'PuppetLabs', 'facter', 'facts.d')]
+      [File.expand_path(File.join("~", ".facter", "facts.d"))]
     end
   end
 end
 
 if Facter::Util::Config.is_windows?
-  require 'rubygems'
   require 'win32/dir'
+  require 'facter/util/windows_root'
+else
+  require 'facter/util/unix_root'
 end
diff --git a/lib/facter/util/unix_root.rb b/lib/facter/util/unix_root.rb
new file mode 100644
index 0000000..c7be2ff
--- /dev/null
+++ b/lib/facter/util/unix_root.rb
@@ -0,0 +1,5 @@
+module Facter::Util::Root
+  def self.root?
+    Process.uid == 0
+  end
+end
diff --git a/lib/facter/util/windows_root.rb b/lib/facter/util/windows_root.rb
new file mode 100644
index 0000000..ad7500e
--- /dev/null
+++ b/lib/facter/util/windows_root.rb
@@ -0,0 +1,37 @@
+require 'windows/system_info'
+require 'windows/security'
+require 'sys/admin'
+
+module Facter::Util::Root
+  extend ::Windows::SystemInfo
+  extend ::Windows::Security
+
+  def self.root?
+    # if Vista or later, check for unrestricted process token
+    return Win32::Security.elevated_security? unless windows_version < 6.0
+
+    # otherwise 2003 or less
+    check_token_membership
+  end
+
+  def self.check_token_membership
+    sid = 0.chr * 80
+    size = [80].pack('L')
+    member = 0.chr * 4
+
+    unless CreateWellKnownSid(WinBuiltinAdministratorsSid, nil, sid, size)
+      raise "Failed to create administrators SID"
+    end
+
+    unless IsValidSid(sid)
+      raise "Invalid SID"
+    end
+
+    unless CheckTokenMembership(nil, sid, member)
+      raise "Failed to check membership"
+    end
+
+    # Is administrators SID enabled in calling thread's access token?
+    member.unpack('L')[0] == 1
+  end
+end
diff --git a/spec/unit/util/config_spec.rb b/spec/unit/util/config_spec.rb
index b0caabd..25afcf0 100644
--- a/spec/unit/util/config_spec.rb
+++ b/spec/unit/util/config_spec.rb
@@ -34,6 +34,10 @@ describe Facter::Util::Config do
   end
 
   describe "external_facts_dirs" do
+    before :each do
+      Facter::Util::Root.stubs(:root?).returns(true)
+    end
+
     it "should return the default value for linux" do
       Facter::Util::Config.stubs(:is_windows?).returns(false)
       Facter::Util::Config.stubs(:windows_data_dir).returns(nil)
@@ -51,5 +55,10 @@ describe Facter::Util::Config do
       Facter::Util::Config.stubs(:windows_data_dir).returns("C:\\Documents")
       Facter::Util::Config.external_facts_dirs.should == [File.join("C:\\Documents", 'PuppetLabs', 'facter', 'facts.d')]
     end
+
+    it "returns the users home directory when not root" do
+      Facter::Util::Root.stubs(:root?).returns(false)
+      Facter::Util::Config.external_facts_dirs.should == [File.expand_path(File.join("~", ".facter", "facts.d"))]
+    end
   end
 end

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-puppet/facter.git

More information about the Pkg-puppet-devel mailing list