[CalendarServer-changes] [4788] CalendarServer/branches/release/CalendarServer-2.4-dev
source_changes at macosforge.org
source_changes at macosforge.org
Fri Nov 20 08:50:32 PST 2009
Revision: 4788
http://trac.macosforge.org/projects/calendarserver/changeset/4788
Author: glyph at apple.com
Date: 2009-11-20 08:50:30 -0800 (Fri, 20 Nov 2009)
Log Message:
-----------
Pulled up 4787 from trunk.
Modified Paths:
--------------
CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py
CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py
Property Changed:
----------------
CalendarServer/branches/release/CalendarServer-2.4-dev/
Property changes on: CalendarServer/branches/release/CalendarServer-2.4-dev
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773
+ /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773,4787
Modified: CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py 2009-11-20 16:38:16 UTC (rev 4787)
+++ CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py 2009-11-20 16:50:30 UTC (rev 4788)
@@ -335,6 +335,30 @@
)
+
+class GroupOwnedUNIXServer(UNIXServer, object):
+ """
+ A L{GroupOwnedUNIXServer} is a L{UNIXServer} which changes the group
+ ownership of its socket immediately after binding its port.
+
+ @ivar gid: the group ID which should own the socket after it is bound.
+ """
+ def __init__(self, gid, *args, **kw):
+ super(GroupOwnedUNIXServer, self).__init__(*args, **kw)
+ self.gid = gid
+
+
+ def privilegedStartService(self):
+ """
+ Bind the UNIX socket and then change its group.
+ """
+ super(GroupOwnedUNIXServer, self).privilegedStartService()
+ fileName = self._port.port # Unfortunately, there's no public way to
+ # access this. -glyph
+ os.chown(fileName, os.getuid(), self.gid)
+
+
+
class CalDAVServiceMaker (LoggingMixIn):
implements(IPlugin, IServiceMaker)
@@ -855,8 +879,14 @@
logger = AMPLoggingFactory(
RotatingFileAccessLoggingObserver(config.AccessLogFile)
)
+ if config.GroupName:
+ gid = getgrnam(config.GroupName).gr_gid
+ else:
+ gid = os.getgid()
if config.ControlSocket:
- loggingService = UNIXServer(config.ControlSocket, logger, mode=0600)
+ loggingService = GroupOwnedUNIXServer(
+ gid, config.ControlSocket, logger, mode=0660
+ )
else:
loggingService = ControlPortTCPServer(
config.ControlPort, logger, interface="127.0.0.1"
@@ -1136,7 +1166,9 @@
stats = CalDAVStatisticsServer(logger)
- statsService = UNIXServer(config.GlobalStatsSocket, stats, mode=0600)
+ statsService = GroupOwnedUNIXServer(
+ gid, config.GlobalStatsSocket, stats, mode=0660
+ )
statsService.setName("stats")
statsService.setServiceParent(s)
Modified: CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py 2009-11-20 16:38:16 UTC (rev 4787)
+++ CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py 2009-11-20 16:50:30 UTC (rev 4788)
@@ -15,10 +15,18 @@
##
import os
+import stat
+import grp
+
from os.path import dirname, abspath
+from twisted.trial.unittest import TestCase as BaseTestCase
+
from twisted.python.usage import Options, UsageError
from twisted.python.reflect import namedAny
+
+from twisted.internet.protocol import ServerFactory
+
from twisted.application.service import IService
from twisted.application import internet
@@ -34,7 +42,8 @@
from twistedcaldav.directory.directory import UnknownRecordTypeError
from twistedcaldav.test.util import TestCase
-from calendarserver.tap.caldav import CalDAVOptions, CalDAVServiceMaker, CalDAVService
+from calendarserver.tap.caldav import (CalDAVOptions, CalDAVServiceMaker,
+ CalDAVService, GroupOwnedUNIXServer)
# Points to top of source tree.
@@ -234,6 +243,37 @@
return service.services[0].args[1].protocolArgs["requestFactory"]
+
+def determineAppropriateGroupID():
+ """
+ Determine a secondary group ID which can be used for testing.
+ """
+ return os.getgroups()[1]
+
+
+
+class SocketGroupOwnership(BaseTestCase):
+ """
+ Tests for L{GroupOwnedUNIXServer}.
+ """
+
+ def test_groupOwnedUNIXSocket(self):
+ """
+ When a L{GroupOwnedUNIXServer} is started, it will change the group of
+ its socket.
+ """
+ alternateGroup = determineAppropriateGroupID()
+ socketName = self.mktemp()
+ gous = GroupOwnedUNIXServer(alternateGroup, socketName, ServerFactory(), mode=0660)
+ gous.privilegedStartService()
+ self.addCleanup(gous.stopService)
+ filestat = os.stat(socketName)
+ self.assertTrue(stat.S_ISSOCK(filestat.st_mode))
+ self.assertEquals(filestat.st_gid, alternateGroup)
+ self.assertEquals(filestat.st_uid, os.getuid())
+
+
+
class CalDAVServiceMakerTests(BaseServiceMakerTests):
"""
Test the service maker's behavior
@@ -265,18 +305,21 @@
"""
self.config["HTTPPort"] = 0 # Don't conflict with the test above.
+ alternateGroup = determineAppropriateGroupID()
+ self.config.GroupName = grp.getgrgid(alternateGroup).gr_name
self.config["ProcessType"] = "Combined"
self.writeConfig()
svc = self.makeService()
for serviceName in ["logging", "stats"]:
socketService = svc.getServiceNamed(serviceName)
- self.assertIsInstance(socketService, internet.UNIXServer)
+ self.assertIsInstance(socketService, GroupOwnedUNIXServer)
m = socketService.kwargs.get("mode", 0666)
self.assertEquals(
- m, int("600", 8),
+ m, int("660", 8),
"Wrong mode on %s: %s" % (serviceName, oct(m))
)
+ self.assertEquals(socketService.gid, alternateGroup)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091120/53003068/attachment.html>
More information about the calendarserver-changes
mailing list