[CalendarServer-changes] [4788] CalendarServer/branches/release/CalendarServer-2.4-dev

source_changes at macosforge.org source_changes at macosforge.org
Fri Nov 20 08:50:32 PST 2009 

Revision: 4788
          http://trac.macosforge.org/projects/calendarserver/changeset/4788
Author:   glyph at apple.com
Date:     2009-11-20 08:50:30 -0800 (Fri, 20 Nov 2009)
Log Message:
-----------
Pulled up 4787 from trunk.

Modified Paths:
--------------
    CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py
    CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py

Property Changed:
----------------
    CalendarServer/branches/release/CalendarServer-2.4-dev/


Property changes on: CalendarServer/branches/release/CalendarServer-2.4-dev
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773
   + /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773,4787

Modified: CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py	2009-11-20 16:38:16 UTC (rev 4787)
+++ CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/caldav.py	2009-11-20 16:50:30 UTC (rev 4788)
@@ -335,6 +335,30 @@
             )
 
 
+
+class GroupOwnedUNIXServer(UNIXServer, object):
+    """
+    A L{GroupOwnedUNIXServer} is a L{UNIXServer} which changes the group
+    ownership of its socket immediately after binding its port.
+
+    @ivar gid: the group ID which should own the socket after it is bound.
+    """
+    def __init__(self, gid, *args, **kw):
+        super(GroupOwnedUNIXServer, self).__init__(*args, **kw)
+        self.gid = gid
+
+
+    def privilegedStartService(self):
+        """
+        Bind the UNIX socket and then change its group.
+        """
+        super(GroupOwnedUNIXServer, self).privilegedStartService()
+        fileName = self._port.port # Unfortunately, there's no public way to
+                                   # access this. -glyph
+        os.chown(fileName, os.getuid(), self.gid)
+
+
+
 class CalDAVServiceMaker (LoggingMixIn):
     implements(IPlugin, IServiceMaker)
 
@@ -855,8 +879,14 @@
         logger = AMPLoggingFactory(
             RotatingFileAccessLoggingObserver(config.AccessLogFile)
         )
+        if config.GroupName:
+            gid = getgrnam(config.GroupName).gr_gid
+        else:
+            gid = os.getgid()
         if config.ControlSocket:
-            loggingService = UNIXServer(config.ControlSocket, logger, mode=0600)
+            loggingService = GroupOwnedUNIXServer(
+                gid, config.ControlSocket, logger, mode=0660
+            )
         else:
             loggingService = ControlPortTCPServer(
                 config.ControlPort, logger, interface="127.0.0.1"
@@ -1136,7 +1166,9 @@
 
 
         stats = CalDAVStatisticsServer(logger) 
-        statsService = UNIXServer(config.GlobalStatsSocket, stats, mode=0600)
+        statsService = GroupOwnedUNIXServer(
+            gid, config.GlobalStatsSocket, stats, mode=0660
+        )
         statsService.setName("stats")
         statsService.setServiceParent(s)
 

Modified: CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py	2009-11-20 16:38:16 UTC (rev 4787)
+++ CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/tap/test/test_caldav.py	2009-11-20 16:50:30 UTC (rev 4788)
@@ -15,10 +15,18 @@
 ##
 
 import os
+import stat
+import grp
+
 from os.path import dirname, abspath
 
+from twisted.trial.unittest import TestCase as BaseTestCase
+
 from twisted.python.usage import Options, UsageError
 from twisted.python.reflect import namedAny
+
+from twisted.internet.protocol import ServerFactory
+
 from twisted.application.service import IService
 from twisted.application import internet
 
@@ -34,7 +42,8 @@
 from twistedcaldav.directory.directory import UnknownRecordTypeError
 from twistedcaldav.test.util import TestCase
 
-from calendarserver.tap.caldav import CalDAVOptions, CalDAVServiceMaker, CalDAVService
+from calendarserver.tap.caldav import (CalDAVOptions, CalDAVServiceMaker,
+                                       CalDAVService, GroupOwnedUNIXServer)
 
 
 # Points to top of source tree.
@@ -234,6 +243,37 @@
         return service.services[0].args[1].protocolArgs["requestFactory"]
 
 
+
+def determineAppropriateGroupID():
+    """
+    Determine a secondary group ID which can be used for testing.
+    """
+    return os.getgroups()[1]
+
+
+
+class SocketGroupOwnership(BaseTestCase):
+    """
+    Tests for L{GroupOwnedUNIXServer}.
+    """
+
+    def test_groupOwnedUNIXSocket(self):
+        """
+        When a L{GroupOwnedUNIXServer} is started, it will change the group of
+        its socket.
+        """
+        alternateGroup = determineAppropriateGroupID()
+        socketName = self.mktemp()
+        gous = GroupOwnedUNIXServer(alternateGroup, socketName, ServerFactory(), mode=0660)
+        gous.privilegedStartService()
+        self.addCleanup(gous.stopService)
+        filestat = os.stat(socketName)
+        self.assertTrue(stat.S_ISSOCK(filestat.st_mode))
+        self.assertEquals(filestat.st_gid, alternateGroup)
+        self.assertEquals(filestat.st_uid, os.getuid())
+
+
+
 class CalDAVServiceMakerTests(BaseServiceMakerTests):
     """
     Test the service maker's behavior
@@ -265,18 +305,21 @@
         """
 
         self.config["HTTPPort"] = 0 # Don't conflict with the test above.
+        alternateGroup = determineAppropriateGroupID()
+        self.config.GroupName = grp.getgrgid(alternateGroup).gr_name
 
         self.config["ProcessType"] = "Combined"
         self.writeConfig()
         svc = self.makeService()
         for serviceName in ["logging", "stats"]:
             socketService = svc.getServiceNamed(serviceName)
-            self.assertIsInstance(socketService, internet.UNIXServer)
+            self.assertIsInstance(socketService, GroupOwnedUNIXServer)
             m = socketService.kwargs.get("mode", 0666)
             self.assertEquals(
-                m, int("600", 8),
+                m, int("660", 8),
                 "Wrong mode on %s: %s" % (serviceName, oct(m))
             )
+            self.assertEquals(socketService.gid, alternateGroup)
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091120/53003068/attachment.html>

More information about the calendarserver-changes mailing list