| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.
This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.
Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.
This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.
|
| |\
| |
| |
| |
| |
| | |
* nicklewis/ticket/2.6.x/8770:
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On Mac OS X, it is only possible to directly change the euid of a process, and
not the uid. Thus, when a puppet master started as root on OS X would change to
the service user (puppet), it would leave the uid of its process set to 0.
This allowed any type of Ruby plugin executed on the master (a type, provider,
function, etc.) to trivially regain root privileges (by setting the euid of
its process back to 0) and potentially compromise the master.
Now, when permanently changing user, we will first try
Process::UID.change_privilege, before falling back to setting the euid/uid
ourselves. change_privilege correctly sets the uid of the process to the
desired new uid, preventing the process from later escalating itself back to
root. Similar behavior is also used when changing group. This has no effect on
the behavior when temporarily changing user/group (for instance, to execute a
single command or create a file as a particular user).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We're trying to move away from the legacy Test::Unit tests, and toward rspec
specs, so rewrite this file as specs.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \
| | |
| | |
| | |
| | | |
joshcooper/ticket/2.6.x/8740-cannot-manage-files-of-type-socket
Ticket/2.6.x/8740 cannot manage files of type socket
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously the command 'puppet resource file' would enumerate all files
in the root directory, and generate an exception if the file type was
not a directory, file, or link. Worse, it would also do this when a file
or directory was specified, e.g. 'puppet resource file /etc/hosts'.
Ideally, the find method of the ral terminus should not need to call the
type's instances class method, instead just creating an instance of the
type with the specified name and parameters. However, some types, like
package, depend on this behavior. The type walks all providers and all
instances that they provide, checking to see if the provider provides an
instance with that name, and also warning if another provider provides
an instance with the same name.
Also, ideally, puppet should not blow up when encountering an
unsupported file type, e.g. Unix domain socket, but that would be too
big of a change for 2.6.x.
This commit changes 'puppet resource file' to return a message saying
that the operation is not supported:
Listing all file instances is not supported. Please specify a file
or directory, e.g. puppet resource file /etc
The change is bit of a hack, as ideally, the file type's instances
method could raise an exception when called in a 'search' context, but
return an empty array in a 'find' context. But that also would be too
big of a change for 2.6.x.
This commit also adds spec tests for the resource application and file
type, as well as an acceptance test, which creates a Unix domain socket
in the root directory, while running 'puppet resource file'.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \ \
| |_|/
|/| | |
Ticket/2.6.x/3553 cron requires time
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The cron resource docs previously read, "All fields except the command and the
user are optional, although specifying no periodic fields would result in the
command being executed every minute." This was factually incorrect; instead,
specifying no periodic fields results in a failure and an unhelpful error on
Puppet 2.6 and 2.7.
Although the issue will remain open as a behavior bug, this commit corrects
the documentation of which attributes are required. It also changes the @doc
string to a heredoc to simplify quote escaping.
|
| |\ \
| |/
|/| |
Ticket/2.6.x/8302 exec provider docs
|
| |/
|
|
|
|
| |
The documentation for the shell and posix providers didn't fully explain the
differences between them or the security implications of each. This commit
improves the documentation of both providers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have historically had the preferred contribution process on the
Redmine wiki, however this is not obvious to people that don't already
know it is there. By adding this document to the repository itself,
it becomes much easier for new contributors to find what the preferred
contribution methods are.
By having the preferred contribution method in the repository also
means that it becomes a "curated" document, which must go through the
same submission/review process that other changes to the repositories
go through.
Reviewed-by: Nick Fagerlund <nick.fagerlund@puppetlabs.com>
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |\ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The introduction of composite namevars caused the resource title used in
resource aliases to be set as an array, even when the resource only had one
namevar. This would fail to conflict with non-alias entries in the resource
table, which used a string for the title, even though the single element array
contained the same string.
Now, we flatten the key used in the resource table, so that single element
arrays are represented as strings, and will properly conflict with resource
titles.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| |\
| |
| |
| |
| |
| |
| | |
* ticket/2.6.x/8418-inspect_respect_run_mode:
(#8418) Fix inspect app to have the correct run_mode
maint: Adding logging to include environment when source fails
maint: Add debug logging when the master receives a report
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Requiring puppet before the run_mode has been set by the application
causes the default run_mode of 'user' to be set instead of what the
application wants. This leads to the incorrect default settings to be
used, which lead to inspect not being able to properly retrieve file
metadata from a fileserver.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | |
| |
| |
| | |
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It's always bothered me that when running puppet inspect (or any
application that produces a report really) the master gives no
indication that anything happened when it processes the report.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| |\ \
| | |
| | |
| | |
| | | |
* confine_shadow_acceptance_tests:
Confine password disclosure acceptance test to hosts with required libraries
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The useradd provider has the requirement that ruby-shadow[1] be
installed to be able to manage passwords.
On systems where we would use the useradd provider and this library
has not been installed we don't bother running the test, since we will
never be able to see the output we are testing.
[1] http://ttsky.net/ruby/
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-by: Dominic Maraglia <dominic@puppetlabs.com>
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
'barn/tickets/2.6.x/6857-password-disclosure-when-changing-a-users-password' into 2.6.x
* barn/tickets/2.6.x/6857-password-disclosure-when-changing-a-users-password:
(#6857) Password disclosure when changing a user's password
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the should_to_s and is_to_s functions to return a form of 'redacted'.
Rather than send the password hash to system logs in cases of failure or
running in --noop mode, just state whether it's the new or old hash. We're
already doing this with password changes that work, so this just brings it
inline with those, albeit via a slightly different pair of methods.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Converted plain regex checks to use Test::Unit::Accertions.
Adding more verbose output in the case of failure to speeed
debugging.
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
* ticket/2.6.x/7144-private-keys:
(#7144) Update Settings#writesub to convert mode to Fixnum
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Settings#writesub was not checking the type of the mode value passed in
from the defaults, causing it to pass a string for mode to File.open,
leading to failures. This commit resolves that issue.
Paired-with: Matt Robinson <matt@puppetlabs.com>
|
| |\ \ |
|
| |/ /
| |
| |
| |
| | |
Detecting supported platform used incorrect string for RHEL.
Changed string from 'redhat' to 'rhel'
|
| |\ \
| | |
| | |
| | |
| | | |
* 2.6rc:
Readying for release of 2.6.9
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
|
| |\ \ \ |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ported cron tests were still weak. Coverted tests to use
Ruby asserts for better debugging of subsequent failures.
Add stronger regex's to look for expected output when applying puppet
resource manifests.
|
| |\ \ \
| | | |
| | | |
| | | | |
into 2.6.x
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Many of the Puppet resource acceptance tests were RHEL/Centos
specifc. These tests were ported under the enterptise-dist
repo; move the tests into 2.6.x for merging.
|
| |\| | |
|
| |/| | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sync the spec file with Fedora/EPEL and pull in the following changes:
- Ensure %%pre exits cleanly
- Fix License tag, puppet is now GPLv2 only
- Properly restart puppet agent/master daemons on upgrades from 0.25.x
- Require libselinux-utils when selinux support is enabled
- Support tmpfiles.d for Fedora >= 15 (#656677)
|
| | |
| |
| |
| |
| |
| | |
This is for release 2.6.9rc1.
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
I will bump the RPM spec file for each release, that way
as soon as we cut a release candidate, we won't get a patch
that updates the spec.
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
|
| |\ \ |
|
| | |\ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The README was not specific enough about the current state of our Ruby support.
This commit lays out our current status as discussed in issue #7506 and in
greater detail on the internal mailing list around April 8, 2011 under the
subject "Statler Ruby Versions Support."
This commit also consolidates two redundant README files into one.
Paired-With: Matt Robinson <matt@puppetlabs.com>
|
| |/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Test used a bash command negation to negate the a grep:
'! grep ensure.*directory /var/opt/lib/pe-puppet/state/state.yaml'
which only works on newer bash shells only. Removed the shell
negation and use the harnesses ":acceptable_exit_codes" parameter.
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
into 2.6.x
* ticket/2.6.x/7127-prerun-command-failures-dont-stop-puppet:
(#7127) Stop puppet if a prerun command fails
Do not needlessly create multiple reports when creating a transaction
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Before this change there were several problems with pre and post run
commands, logging, and sending of reports.
1. If a prerun command failed, puppet would attempt to apply the
catalog. Now puppet will not apply the catalog, but it will run the
postrun command and send the report (as it did before).
2. If a postrun command failed, puppet would not send the report. Sending the
report is now in an outer ensure block from the postrun command, so
postrun failures won't prevent the report from being sent.
3. Errors, e.g. Puppet.err, occuring during the prepare step, which
which includes plugin/fact download and prerun commands were not
appended to the report. Now the report log destination is registered as
early as possible, and unregistered as late as possible to ensure
Configurer errors that occur in the run method are included in the report.
4. The transaction was closing the Configurer's report destination out
from underneath it. As a result, postrun errors were not included in the
report.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, the transaction would always create a report, which would
some times be overridden with a new report.
Now, the transaction optionally takes a report at initialization time,
and only creates a report of its own if none was provided.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, the 'provider' parameter for a type was only added when creating a
provider for that type. This would cause a type to forget about its 'provider'
parameter when only the type was reloaded.
This was manifesting itself in pluginsync, when a provider plugin would be
loaded before its type, causing the type to be autoloaded. The type plugin
would then be loaded again by the plugin handler. Because the type => provider
information is stored separately from the type, the providers don't need to be
reloaded, and thus don't recreate the type's 'provider' parameter.
Now we always "providify" the type (add its 'provider' parameter) upon
creation, after trying to load its providers, if any providers are present.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the case where provider class evaluation failed midway, the provider class
would be created but not registered. Thus, when checking whether it should be
removed, it wasn't found, and wasn't removed. This caused it to then fail to be
recreated, because it collided with the existing class.
Now we don't bother checking whether the provider is registered before we
remove it, since rmclass has the appropriate checks to do the unregistration,
and class removal safely.
Removing a provider class that has been created but not registered should not
be a problem since the only time this can happen is when the class is unusable
because of parsing or other fatal errors in the provider itself.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Great Reindentation of '10 left certain structures indented incorrectly;
this addresses some of these instances.
The comment about loading all providers incorrectly stated that we're trying to
figure out the type, when we're actually trying to figure out the provider.
There was an unused variable initialization that was introduced in 2b14f627,
which was reverting c19835c, 9290cc8, and ffb4c2d.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
|
