summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorerikh <erikh@980ebf18-57e1-0310-9a29-db15c13687c0>2006-09-22 17:19:02 +0000
committererikh <erikh@980ebf18-57e1-0310-9a29-db15c13687c0>2006-09-22 17:19:02 +0000
commit6f11dee740e6e9ebc5fffed779212d24584ce6c4 (patch)
tree75f266040521abfc23df7e458e8fea8bd4748d2e
parent320ac389de52e67283fbe455a3ec6917bdd3a348 (diff)
downloadpuppet-6f11dee740e6e9ebc5fffed779212d24584ce6c4.tar.gz
puppet-6f11dee740e6e9ebc5fffed779212d24584ce6c4.tar.xz
puppet-6f11dee740e6e9ebc5fffed779212d24584ce6c4.zip
+ Puppet::SUIDManager - This replaces all calls to the built-in ruby 'Process' library for uid/gid/euid/egid operations, including (not surprisingly) Puppet::Util#asuser and a method to run commands and capture output. This is due to many inconsistencies (through bugfixes) between ruby versions in the 1.8.x branch. This is included in the core puppet library and can be used by all puppet types and providers.
! Modified Puppet::Util#uid to check (and warn) if passed a nil value. ! Changes to use Puppet::SUIDManager instead of Process and relevant Puppet::Util calls. ! Removed Puppet::Util#asuser. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1666 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat
-rw-r--r--lib/puppet.rb3
-rw-r--r--lib/puppet/config.rb12
-rwxr-xr-xlib/puppet/filetype.rb8
-rw-r--r--lib/puppet/sslcertificates/ca.rb2
-rw-r--r--lib/puppet/suidmanager.rb74
-rwxr-xr-xlib/puppet/type/exec.rb23
-rw-r--r--lib/puppet/type/pfile.rb4
-rwxr-xr-xlib/puppet/type/pfile/ensure.rb2
-rwxr-xr-xlib/puppet/type/pfile/source.rb2
-rw-r--r--lib/puppet/type/pfile/target.rb2
-rwxr-xr-xlib/puppet/type/pfile/uid.rb2
-rw-r--r--lib/puppet/util.rb96
-rwxr-xr-xtest/executables/puppetca.rb2
-rwxr-xr-xtest/language/interpreter.rb2
-rw-r--r--test/lib/puppettest/exetest.rb4
-rw-r--r--test/lib/puppettest/support/helpers.rb4
-rwxr-xr-xtest/other/config.rb8
-rwxr-xr-xtest/providers/group.rb2
-rw-r--r--test/providers/package.rb2
-rw-r--r--test/providers/user.rb2
-rwxr-xr-xtest/puppet/defaults.rb2
-rw-r--r--test/puppet/suidmanager.rb71
-rwxr-xr-xtest/types/cron.rb2
-rwxr-xr-xtest/types/exec.rb2
-rw-r--r--test/types/file.rb2
-rwxr-xr-xtest/types/mount.rb2
-rw-r--r--test/types/package.rb2
-rw-r--r--test/types/service.rb2
-rwxr-xr-xtest/types/user.rb2
-rwxr-xr-xtest/types/zone.rb2
-rwxr-xr-xtest/util/utiltest.rb26
31 files changed, 215 insertions, 156 deletions
diff --git a/lib/puppet.rb b/lib/puppet.rb
index f6debc0b1..e0d8a8e6c 100644
--- a/lib/puppet.rb
+++ b/lib/puppet.rb
@@ -5,6 +5,7 @@ require 'puppet/event-loop'
require 'puppet/util'
require 'puppet/log'
require 'puppet/config'
+require 'puppet/suidmanager'
#------------------------------------------------------------
# the top-level module
@@ -74,7 +75,7 @@ module Puppet
# use basedirs that are in the user's home directory.
conf = nil
var = nil
- if self.name == "puppet" and Process.uid != 0
+ if self.name == "puppet" and Puppet::SUIDManager.uid != 0
conf = File.expand_path("~/.puppet")
var = File.expand_path("~/.puppet/var")
else
diff --git a/lib/puppet/config.rb b/lib/puppet/config.rb
index 81ec4fe85..337a50bbc 100644
--- a/lib/puppet/config.rb
+++ b/lib/puppet/config.rb
@@ -203,7 +203,7 @@ class Config
raise ArgumentError, "Default %s is not a file" % default
end
- Puppet::Util.asuser(obj.owner, obj.group) do
+ Puppet::SUIDManager.asuser(obj.owner, obj.group) do
mode = obj.mode || 0750
Dir.mkdir(obj.value, mode)
end
@@ -629,12 +629,12 @@ Generated on #{Time.now}.
end
chown = nil
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
chown = [obj.owner, obj.group]
else
chown = [nil, nil]
end
- Puppet::Util.asuser(*chown) do
+ Puppet::SUIDManager.asuser(*chown) do
mode = obj.mode || 0640
if args.empty?
@@ -662,13 +662,13 @@ Generated on #{Time.now}.
end
chown = nil
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
chown = [obj.owner, obj.group]
else
chown = [nil, nil]
end
- Puppet::Util.asuser(*chown) do
+ Puppet::SUIDManager.asuser(*chown) do
mode = obj.mode || 0640
if args.empty?
args << "w"
@@ -878,7 +878,7 @@ Generated on #{Time.now}.
}
# Only chown or chgrp when root
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
[:group, :owner].each { |var|
if value = self.send(var)
obj[var] = value
diff --git a/lib/puppet/filetype.rb b/lib/puppet/filetype.rb
index 081448f33..d05c1469d 100755
--- a/lib/puppet/filetype.rb
+++ b/lib/puppet/filetype.rb
@@ -174,7 +174,7 @@ module Puppet
# does not think I should be allowed to set the @path to my own user name
def cmdbase
cmd = nil
- if @uid == Process.uid
+ if @uid == Puppet::SUIDManager.uid
return "crontab"
else
return "crontab -u #{@path}"
@@ -187,14 +187,14 @@ module Puppet
newfiletype(:suntab) do
# Read a specific @path's cron tab.
def read
- Puppet::Util.asuser(@path) {
+ Puppet::SUIDManager.asuser(@path) {
%x{crontab -l 2>/dev/null}
}
end
# Remove a specific @path's cron tab.
def remove
- Puppet::Util.asuser(@path) {
+ Puppet::SUIDManager.asuser(@path) {
%x{crontab -r 2>/dev/null}
}
end
@@ -202,7 +202,7 @@ module Puppet
# Overwrite a specific @path's cron tab; must be passed the @path name
# and the text with which to create the cron tab.
def write(text)
- Puppet::Util.asuser(@path) {
+ Puppet::SUIDManager.asuser(@path) {
IO.popen("crontab", "w") { |p|
p.print text
}
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index b1c5b34e6..19ea27228 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -265,7 +265,7 @@ class Puppet::SSLCertificates::CA
)
# This creates the cakey file
- Puppet::Util.asuser(Puppet[:user], Puppet[:group]) do
+ Puppet::SUIDManager.asuser(Puppet[:user], Puppet[:group]) do
@cert = cert.mkselfsigned
end
Puppet.config.write(:cacert) do |f|
diff --git a/lib/puppet/suidmanager.rb b/lib/puppet/suidmanager.rb
new file mode 100644
index 000000000..2f4d428e3
--- /dev/null
+++ b/lib/puppet/suidmanager.rb
@@ -0,0 +1,74 @@
+require 'facter'
+require 'puppet'
+
+module Puppet
+ module SUIDManager
+ platform = Facter["kernel"].value
+ [:uid=, :uid, :gid=, :gid].each do |method|
+ define_method(method) do |*args|
+ if platform == "Darwin" and (Facter['rubyversion'] <=> "1.8.5") < 0
+ Puppet.warning "Cannot change real UID on Darwin on Ruby versions earlier than 1.8.5"
+ method = ("e" + method.to_s).intern unless method.to_s[0] == 'e'
+ end
+
+ return Process.send(method, *args)
+ end
+ module_function method
+ end
+
+ [:euid=, :euid, :egid=, :egid].each do |method|
+ define_method(method) do |*args|
+ Process.send(method, *args)
+ end
+ module_function method
+ end
+
+ def run_and_capture(command, new_uid=self.euid, new_gid=self.egid)
+ output = nil
+
+ asuser(new_uid, new_gid) do
+ # capture both stdout and stderr unless we are on ruby < 1.8.4
+ # NOTE: this would be much better facilitated with a specialized popen()
+ # (see the test suite for more details.)
+ if (Facter['rubyversion'].value <=> "1.8.4") < 0
+ unless @@alreadywarned
+ Puppet.warning "Cannot capture STDERR when running as another user on Ruby < 1.8.4"
+ @@alreadywarned = true
+ end
+ output = %x{#{command}}
+ else
+ output = %x{#{command} 2>&1}
+ end
+ end
+
+ [output, $?.dup]
+ end
+
+ module_function :run_and_capture
+
+ def system(command, new_uid=self.euid, new_gid=self.egid)
+ asuser(new_uid, new_gid) do
+ Kernel.system(command)
+ end
+ end
+
+ module_function :system
+
+ def asuser(new_euid, new_egid)
+ new_euid = Puppet::Util.uid(new_euid)
+ new_egid = Puppet::Util.uid(new_egid)
+
+ old_euid, old_egid = [ self.euid, self.egid ]
+ self.egid = new_egid ? new_egid : old_egid
+ self.euid = new_euid ? new_euid : old_euid
+ output = yield
+ self.egid = old_egid
+ self.euid = old_euid
+
+ output
+ end
+
+ module_function :asuser
+ end
+end
+
diff --git a/lib/puppet/type/exec.rb b/lib/puppet/type/exec.rb
index 442eb311f..8b964cbb3 100755
--- a/lib/puppet/type/exec.rb
+++ b/lib/puppet/type/exec.rb
@@ -186,7 +186,7 @@ module Puppet
is because of a bug within Ruby."
munge do |user|
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
self.fail "Only root can execute commands as other users"
end
require 'etc'
@@ -537,26 +537,9 @@ module Puppet
end
withenv env do
- # The user and group default to nil, which 'asuser'
- # handlers correctly
- Puppet::Util.asuser(self[:user], self[:group]) {
- # capture both stdout and stderr
- if self[:user]
- unless defined? @@alreadywarned
- Puppet.warning(
- "Cannot capture STDERR when running as another user"
- )
- @@alreadywarned = true
- end
- output = %x{#{command}}
- else
- output = %x{#{command} 2>&1}
- end
- }
- status = $?.dup
-
+ output, status = Puppet::SUIDManager.run_and_capture(command, self[:user], self[:group])
# The shell returns 127 if the command is missing.
- if $?.exitstatus == 127
+ if status.exitstatus == 127
raise ArgumentError, output
end
end
diff --git a/lib/puppet/type/pfile.rb b/lib/puppet/type/pfile.rb
index 7ce384077..5d7a3e881 100644
--- a/lib/puppet/type/pfile.rb
+++ b/lib/puppet/type/pfile.rb
@@ -226,7 +226,7 @@ module Puppet
# Determine the user to write files as.
def asuser
if self.should(:owner) and ! self.should(:owner).is_a?(Symbol)
- writeable = Puppet::Util.asuser(self.should(:owner)) {
+ writeable = Puppet::SUIDManager.asuser(self.should(:owner)) {
FileTest.writable?(File.dirname(self[:path]))
}
@@ -930,7 +930,7 @@ module Puppet
end
# As the correct user and group
- Puppet::Util.asuser(asuser(), self.should(:group)) do
+ Puppet::SUIDManager.asuser(asuser(), self.should(:group)) do
f = nil
# Open our file with the correct modes
if mode
diff --git a/lib/puppet/type/pfile/ensure.rb b/lib/puppet/type/pfile/ensure.rb
index ac045dfd6..2e48e0165 100755
--- a/lib/puppet/type/pfile/ensure.rb
+++ b/lib/puppet/type/pfile/ensure.rb
@@ -67,7 +67,7 @@ module Puppet
"Cannot create %s; parent directory %s does not exist" %
[@parent[:path], parent]
end
- Puppet::Util.asuser(@parent.asuser()) {
+ Puppet::SUIDManager.asuser(@parent.asuser()) {
if mode
Puppet::Util.withumask(000) do
Dir.mkdir(@parent[:path],mode)
diff --git a/lib/puppet/type/pfile/source.rb b/lib/puppet/type/pfile/source.rb
index 65aec1dfd..9ee236850 100755
--- a/lib/puppet/type/pfile/source.rb
+++ b/lib/puppet/type/pfile/source.rb
@@ -71,7 +71,7 @@ module Puppet
}
# we can't manage ownership as root, so don't even try
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
args.delete(:owner)
end
diff --git a/lib/puppet/type/pfile/target.rb b/lib/puppet/type/pfile/target.rb
index 23fb30390..a2d174c2e 100644
--- a/lib/puppet/type/pfile/target.rb
+++ b/lib/puppet/type/pfile/target.rb
@@ -45,7 +45,7 @@ module Puppet
end
end
Dir.chdir(File.dirname(@parent[:path])) do
- Puppet::Util.asuser(@parent.asuser()) do
+ Puppet::SUIDManager.asuser(@parent.asuser()) do
mode = @parent.should(:mode)
if mode
Puppet::Util.withumask(000) do
diff --git a/lib/puppet/type/pfile/uid.rb b/lib/puppet/type/pfile/uid.rb
index 166adac32..72d2a7e03 100755
--- a/lib/puppet/type/pfile/uid.rb
+++ b/lib/puppet/type/pfile/uid.rb
@@ -117,7 +117,7 @@ module Puppet
end
def sync
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
unless defined? @@notifieduid
self.notice "Cannot manage ownership unless running as root"
#@parent.delete(self.name)
diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb
index c6ad30e3b..049d66b49 100644
--- a/lib/puppet/util.rb
+++ b/lib/puppet/util.rb
@@ -19,83 +19,6 @@ module Util
return @@syncresources[resource]
end
- # Execute a block as a given user or group
- def self.asuser(user = nil, group = nil)
- require 'etc'
-
- uid = nil
- gid = nil
- olduid = nil
- oldgid = nil
-
- # If they're running as a normal user, then just execute as that same
- # user.
- unless Process.uid == 0
- retval = yield
- return retval
- end
-
- begin
- # the groupid, if we got passed a group
- # The gid has to be changed first, because, well, otherwise we won't
- # be able to
- if group
- if group.is_a? Integer
- gid = group
- else
- gid = self.gid(group)
- end
-
- if gid
- if Process.gid != gid
- oldgid = Process.gid
- begin
- Process.egid = gid
- rescue => detail
- raise Puppet::Error, "Could not change GID: %s" % detail
- end
- end
- else
- Puppet.warning "Could not retrieve GID for %s" % group
- end
- end
-
- if user
- if user.is_a? Integer
- uid = user
- else
- uid = self.uid(user)
- end
- uid = self.uid(user)
-
- if uid
- # Now change the uid
- if Process.uid != uid
- olduid = Process.uid
- begin
- Process.euid = uid
- rescue => detail
- raise Puppet::Error, "Could not change UID: %s" % detail
- end
- end
- else
- Puppet.warning "Could not retrieve UID for %s" % user
- end
- end
- retval = yield
- ensure
- if olduid
- Process.euid = olduid
- end
-
- if oldgid
- Process.egid = oldgid
- end
- end
-
- return retval
- end
-
# Change the process to a different user
def self.chuser
if Facter["operatingsystem"].value == "Darwin"
@@ -107,10 +30,10 @@ module Util
unless group
raise Puppet::Error, "No such group %s" % Puppet[:group]
end
- unless Process.gid == group
+ unless Puppet::SUIDManager.gid == group
begin
- Process.egid = group
- Process.gid = group
+ Puppet::SUIDManager.egid = group
+ Puppet::SUIDManager.gid = group
rescue => detail
Puppet.warning "could not change to group %s: %s" %
[group.inspect, detail]
@@ -128,10 +51,10 @@ module Util
unless user
raise Puppet::Error, "No such user %s" % Puppet[:user]
end
- unless Process.uid == user
+ unless Puppet::SUIDManager.uid == user
begin
- Process.uid = user
- Process.euid = user
+ Puppet::SUIDManager.uid = user
+ Puppet::SUIDManager.euid = user
rescue
$stderr.puts "could not change to user %s" % user
exit(74)
@@ -221,6 +144,13 @@ module Util
# Get the UID of a given user, whether a UID or name is provided
def self.uid(user)
uid = nil
+
+ # if we don't have any user info, warn and GTFO.
+ if !user
+ Puppet.warning "Username provided for lookup is nil"
+ return nil
+ end
+
if user =~ /^\d+$/
user = Integer(user)
end
diff --git a/test/executables/puppetca.rb b/test/executables/puppetca.rb
index a6ea9aae4..d7a6933b4 100755
--- a/test/executables/puppetca.rb
+++ b/test/executables/puppetca.rb
@@ -68,7 +68,7 @@ class TestPuppetCA < Test::Unit::TestCase
uid = Puppet::Util.uid(Puppet[:user])
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
assert(! FileTest.owned?(signedfile), "cert is owned by root")
end
assert_nothing_raised {
diff --git a/test/language/interpreter.rb b/test/language/interpreter.rb
index 37b4e9022..c127ab517 100755
--- a/test/language/interpreter.rb
+++ b/test/language/interpreter.rb
@@ -212,7 +212,7 @@ class TestInterpreter < Test::Unit::TestCase
}
end
- if Process.uid == 0 and Facter["hostname"].value == "culain"
+ if Puppet::SUIDManager.uid == 0 and Facter["hostname"].value == "culain"
def test_ldapreconnect
Puppet[:ldapbase] = "ou=hosts, dc=madstop, dc=com"
Puppet[:ldapnodes] = true
diff --git a/test/lib/puppettest/exetest.rb b/test/lib/puppettest/exetest.rb
index 5f155b47f..94e8ec8c9 100644
--- a/test/lib/puppettest/exetest.rb
+++ b/test/lib/puppettest/exetest.rb
@@ -47,8 +47,8 @@ module PuppetTest::ExeTest
args += " --confdir %s" % Puppet[:confdir]
args += " --vardir %s" % Puppet[:vardir]
args += " --masterport %s" % @@port
- args += " --user %s" % Process.uid
- args += " --group %s" % Process.gid
+ args += " --user %s" % Puppet::SUIDManager.uid
+ args += " --group %s" % Puppet::SUIDManager.gid
args += " --nonodes"
args += " --autosign true"
diff --git a/test/lib/puppettest/support/helpers.rb b/test/lib/puppettest/support/helpers.rb
index 7fae994d9..cbcbcb1f6 100644
--- a/test/lib/puppettest/support/helpers.rb
+++ b/test/lib/puppettest/support/helpers.rb
@@ -3,7 +3,7 @@ require 'puppettest'
module PuppetTest
def nonrootuser
Etc.passwd { |user|
- if user.uid != Process.uid and user.uid > 0
+ if user.uid != Puppet::SUIDManager.uid and user.uid > 0
return user
end
}
@@ -11,7 +11,7 @@ module PuppetTest
def nonrootgroup
Etc.group { |group|
- if group.gid != Process.gid and group.gid > 0
+ if group.gid != Puppet::SUIDManager.gid and group.gid > 0
return group
end
}
diff --git a/test/other/config.rb b/test/other/config.rb
index 3e2c125c7..0afe8979b 100755
--- a/test/other/config.rb
+++ b/test/other/config.rb
@@ -524,7 +524,7 @@ yay = /a/path
user = nonrootuser()
group = nonrootgroup()
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
args[:owner] = user.name
args[:group] = group.name
end
@@ -540,7 +540,7 @@ yay = /a/path
assert_equal(mode, filemode(path), "Modes are not equal")
# OS X is broken in how it chgrps files
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
assert_equal(user.uid, File.stat(path).uid, "UIDS are not equal")
case Facter["operatingsystem"].value
@@ -562,7 +562,7 @@ yay = /a/path
user = nonrootuser()
group = nonrootgroup()
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
args[:owner] = user.name
args[:group] = group.name
end
@@ -577,7 +577,7 @@ yay = /a/path
# OS X and *BSD is broken in how it chgrps files
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
assert_equal(user.uid, File.stat(path).uid, "UIDS are not equal")
case Facter["operatingsystem"].value
diff --git a/test/providers/group.rb b/test/providers/group.rb
index 63aafc1f7..1948dbdc4 100755
--- a/test/providers/group.rb
+++ b/test/providers/group.rb
@@ -173,7 +173,7 @@ class TestGroupProvider < Test::Unit::TestCase
}
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
def test_mkgroup
gobj = nil
comp = nil
diff --git a/test/providers/package.rb b/test/providers/package.rb
index 1c3621909..64c443c00 100644
--- a/test/providers/package.rb
+++ b/test/providers/package.rb
@@ -18,7 +18,7 @@ class TestPackageProvider < Test::Unit::TestCase
def test_nothing
end
- if Facter["operatingsystem"].value == "Solaris" and Process.uid == 0
+ if Facter["operatingsystem"].value == "Solaris" and Puppet::SUIDManager.uid == 0
if Puppet.type(:package).provider(:blastwave).suitable?
# FIXME The packaging crap needs to be rewritten to support testing
# multiple package types on the same platform.
diff --git a/test/providers/user.rb b/test/providers/user.rb
index 15fc202f5..1244f6acd 100644
--- a/test/providers/user.rb
+++ b/test/providers/user.rb
@@ -399,7 +399,7 @@ class TestUserProvider < Test::Unit::TestCase
assert_equal(main.sort, list.sort, "Group list is not equal")
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
def test_simpleuser
name = "pptest"
diff --git a/test/puppet/defaults.rb b/test/puppet/defaults.rb
index 46accc9c6..250fd29c0 100755
--- a/test/puppet/defaults.rb
+++ b/test/puppet/defaults.rb
@@ -63,7 +63,7 @@ class TestPuppetDefaults < Test::Unit::TestCase
# we don't want user defaults in /, or root defaults in ~
def testDefaultsInCorrectRoots
notval = nil
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
notval = Regexp.new(File.expand_path("~"))
else
notval = /^\/var|^\/etc/
diff --git a/test/puppet/suidmanager.rb b/test/puppet/suidmanager.rb
new file mode 100644
index 000000000..f5cb8496e
--- /dev/null
+++ b/test/puppet/suidmanager.rb
@@ -0,0 +1,71 @@
+require 'test/unit'
+require 'puppettest'
+
+class TestProcess < Test::Unit::TestCase
+ def setup
+ if Process.uid != 0
+ $stderr.puts "Process tests must be run as root"
+ @run = false
+ else
+ @run = true
+ end
+ end
+
+ def test_id_set
+ if @run
+ # FIXME: use the test framework uid finder
+ assert_nothing_raised do
+ Puppet::SUIDManager.egid = 501
+ Puppet::SUIDManager.euid = 501
+ end
+
+ assert_equal(Puppet::SUIDManager.euid, Process.euid)
+ assert_equal(Puppet::SUIDManager.egid, Process.egid)
+
+ assert_nothing_raised do
+ Puppet::SUIDManager.euid = 0
+ Puppet::SUIDManager.egid = 0
+ end
+
+ assert_uid_gid(501, 501)
+ end
+ end
+
+ def test_asuser
+ if @run
+ uid, gid = [nil, nil]
+
+ assert_nothing_raised do
+ Puppet::SUIDManager.asuser(501, 501) do
+ uid = Puppet::SUIDManager.euid
+ gid = Puppet::SUIDManager.egid
+ end
+ end
+
+ assert_equal(501, uid)
+ assert_equal(501, gid)
+ end
+ end
+
+ def test_system
+ # NOTE: not sure what shells this will work on..
+ # FIXME: use the test framework uid finder, however the uid needs to be < 255
+ if @run
+ Puppet::SUIDManager.system("exit $EUID", 10, 10)
+ assert_equal($?.exitstatus, 10)
+ end
+ end
+
+ def test_run_and_capture
+ if (RUBY_VERSION <=> "1.8.4") < 0
+ warn "Cannot run this test on ruby < 1.8.4"
+ else
+ # NOTE: because of the way that run_and_capture currently
+ # works, we cannot just blindly echo to stderr. This little
+ # hack gets around our problem, but the real problem is the
+ # way that run_and_capture works.
+ output = Puppet::SUIDManager.run_and_capture("ruby -e '$stderr.puts \"foo\"'")[0].chomp
+ assert_equal(output, 'foo')
+ end
+ end
+end
diff --git a/test/types/cron.rb b/test/types/cron.rb
index b802a1c77..2794ec358 100755
--- a/test/types/cron.rb
+++ b/test/types/cron.rb
@@ -360,7 +360,7 @@ class TestCron < Test::Unit::TestCase
obj = nil
assert_nothing_raised {
- obj = type.new(Process.uid)
+ obj = type.new(Puppet::SUIDManager.uid)
}
txt = nil
diff --git a/test/types/exec.rb b/test/types/exec.rb
index 615dd86cd..c5decb80a 100755
--- a/test/types/exec.rb
+++ b/test/types/exec.rb
@@ -305,7 +305,7 @@ class TestExec < Test::Unit::TestCase
assert_events([:executed_command], comp)
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
# Verify that we can execute commands as a special user
def mknverify(file, user, group = nil, id = true)
args = {
diff --git a/test/types/file.rb b/test/types/file.rb
index d2c593c8b..71a04a40d 100644
--- a/test/types/file.rb
+++ b/test/types/file.rb
@@ -103,7 +103,7 @@ class TestFile < Test::Unit::TestCase
}
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
def test_createasuser
dir = tmpdir()
diff --git a/test/types/mount.rb b/test/types/mount.rb
index e0838e072..78a5443b2 100755
--- a/test/types/mount.rb
+++ b/test/types/mount.rb
@@ -156,7 +156,7 @@ class TestMounts < Test::Unit::TestCase
assert_events([:mount_changed], fs)
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
def test_mountfs
fs = nil
case Facter["hostname"].value
diff --git a/test/types/package.rb b/test/types/package.rb
index 38bb3b08d..e290d12ad 100644
--- a/test/types/package.rb
+++ b/test/types/package.rb
@@ -191,7 +191,7 @@ class TestPackages < Test::Unit::TestCase
end
end
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
$stderr.puts "Run as root to perform package installation tests"
else
def test_installpkg
diff --git a/test/types/service.rb b/test/types/service.rb
index f9d6251ad..79ec0c40c 100644
--- a/test/types/service.rb
+++ b/test/types/service.rb
@@ -227,7 +227,7 @@ class TestLocalService < Test::Unit::TestCase
}
end
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
puts "run as root to test service start/stop"
else
def test_servicestartstop
diff --git a/test/types/user.rb b/test/types/user.rb
index 703004f57..9a2781308 100755
--- a/test/types/user.rb
+++ b/test/types/user.rb
@@ -64,7 +64,7 @@ class TestUser < Test::Unit::TestCase
user = Puppet.type(:user).create(
:name => name,
:comment => "Puppet Testing User",
- :gid => Process.gid,
+ :gid => Puppet::SUIDManager.gid,
:shell => findshell(),
:home => "/home/%s" % name
)
diff --git a/test/types/zone.rb b/test/types/zone.rb
index 46f411ef3..b0d02d748 100755
--- a/test/types/zone.rb
+++ b/test/types/zone.rb
@@ -186,7 +186,7 @@ end"
"Got incorrect config text")
end
- if Process.uid == 0
+ if Puppet::SUIDManager.uid == 0
# Make sure our ensure process actually works.
def test_ensure_sync
zone = mkzone("ensuretesting")
diff --git a/test/util/utiltest.rb b/test/util/utiltest.rb
index b3a356429..f18f16906 100755
--- a/test/util/utiltest.rb
+++ b/test/util/utiltest.rb
@@ -73,7 +73,7 @@ class TestPuppetUtil < Test::Unit::TestCase
# know them
def test_gidbyunknownid
gid = nil
- group = Process.gid
+ group = Puppet::SUIDManager.gid
assert_nothing_raised {
gid = Puppet::Util.gid(group)
}
@@ -85,7 +85,7 @@ class TestPuppetUtil < Test::Unit::TestCase
def user
require 'etc'
unless defined? @user
- obj = Etc.getpwuid(Process.uid)
+ obj = Etc.getpwuid(Puppet::SUIDManager.uid)
@user = obj.name
end
return @user
@@ -101,7 +101,7 @@ class TestPuppetUtil < Test::Unit::TestCase
}
assert(uid, "Could not retrieve uid for %s" % user)
- assert_equal(Process.uid, uid, "UIDs did not match")
+ assert_equal(Puppet::SUIDManager.uid, uid, "UIDs did not match")
assert(Puppet.type(:user)[user], "Util did not create %s" % user)
end
@@ -127,7 +127,7 @@ class TestPuppetUtil < Test::Unit::TestCase
# know them
def test_uidbyunknownid
uid = nil
- user = Process.uid
+ user = Puppet::SUIDManager.uid
assert_nothing_raised {
uid = Puppet::Util.uid(user)
}
@@ -179,7 +179,7 @@ class TestPuppetUtil < Test::Unit::TestCase
end
end
- unless Process.uid == 0
+ unless Puppet::SUIDManager.uid == 0
$stderr.puts "Run as root to perform Utility tests"
def test_nothing
end
@@ -213,23 +213,23 @@ class TestPuppetUtil < Test::Unit::TestCase
if group
gid = group.gid
else
- gid = Process.gid
+ gid = Puppet::SUIDManager.gid
end
uid = nil
if user
uid = user.uid
else
- uid = Process.uid
+ uid = Puppet::SUIDManager.uid
end
assert_nothing_raised {
- Puppet::Util.asuser(*args) {
- assert_equal(Process.euid, uid, "UID is %s instead of %s" %
- [Process.euid, uid]
+ Puppet::SUIDManager.asuser(*args) {
+ assert_equal(Puppet::SUIDManager.euid, uid, "UID is %s instead of %s" %
+ [Puppet::SUIDManager.euid, uid]
)
- assert_equal(Process.egid, gid, "GID is %s instead of %s" %
- [Process.egid, gid]
+ assert_equal(Puppet::SUIDManager.egid, gid, "GID is %s instead of %s" %
+ [Puppet::SUIDManager.egid, gid]
)
system("touch %s" % file)
}
@@ -284,7 +284,7 @@ class TestPuppetUtil < Test::Unit::TestCase
rescue
end
- assert(Process.euid == 0, "UID did not get reset")
+ assert(Puppet::SUIDManager.euid == 0, "UID did not get reset")
end
end
generated by cgit (git 2.34.1) at 2025-09-12 18:38:11 +0000