This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2gobroker. from 2a08563 fix packaging failures on Fedora builds new 7f2d711 Properly set (/var)/run/x2gobroker directory permissions when started via systemd. new b20add1 Fix privilege check for the broker daemon's log directory. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: bin/x2gobroker | 21 ++++++++++++++++----- debian/changelog | 3 +++ sbin/x2gobroker-authservice | 6 +++++- 3 files changed, 24 insertions(+), 6 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 7f2d71126c0cf7baaba37d195b3005b5bad4b730 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 13 14:03:21 2014 +0100 Properly set (/var)/run/x2gobroker directory permissions when started via systemd. --- bin/x2gobroker | 17 +++++++++++++---- debian/changelog | 2 ++ sbin/x2gobroker-authservice | 6 +++++- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/bin/x2gobroker b/bin/x2gobroker index a0c79af..f89c92c 100755 --- a/bin/x2gobroker +++ b/bin/x2gobroker @@ -39,6 +39,8 @@ try: except ImportError: CAN_DAEMONIZE = False +from grp import getgrnam + def prep_http_mode(): global urls @@ -148,9 +150,6 @@ if __name__ == "__main__": cmdline_args = p.parse_args() - if os.getuid() == 0 and cmdline_args.drop_privileges: - drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP) - if cmdline_args.config_file is not None: x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file @@ -216,7 +215,13 @@ if __name__ == "__main__": os.makedirs(os.path.dirname(pidfile)) except: pass - if not os.access(os.path.dirname(pidfile), os.W_OK) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)): + try: + os.chown(os.path.dirname(pidfile), 0, getgrnam(x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP).gr_gid) + os.chmod(os.path.dirname(pidfile), 0770) + except OSError: + pass + + if not (os.access(os.path.dirname(pidfile), os.W_OK) and os.access(os.path.dirname(pidfile), os.X_OK)) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)): print("") p.print_usage() print("Insufficent privileges. Cannot create PID file {pidfile} path".format(pidfile=pidfile)) @@ -241,6 +246,10 @@ if __name__ == "__main__": bind_address, bind_port = x2gobroker.utils.split_host_address(cmdline_args.bind, default_address=None, default_port=8080) cmdline_args.bind = "[{address}]:{port}".format(address=bind_address, port=bind_port) + if os.getuid() == 0 and cmdline_args.drop_privileges: + drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP) + + urls = () settings = {} diff --git a/debian/changelog b/debian/changelog index 4057286..ce40f8e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -195,6 +195,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's <ip-address>:<port> further down in the code. + - Properly set (/var)/run/x2gobroker directory permissions when started + via systemd. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice index 8e21cab..012af4b 100755 --- a/sbin/x2gobroker-authservice +++ b/sbin/x2gobroker-authservice @@ -272,9 +272,13 @@ if __name__ == '__main__': if not os.path.exists(os.path.dirname(socket_file)): os.makedirs(os.path.dirname(socket_file)) + runtimedir_permissions = int(cmdline_args.permissions, 8) + if runtimedir_permissions & 0400: runtimedir_permissions = runtimedir_permissions | 0100 + if runtimedir_permissions & 0040: runtimedir_permissions = runtimedir_permissions | 0010 + if runtimedir_permissions & 0004: runtimedir_permissions = runtimedir_permissions | 0001 try: os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid) - os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8)) + os.chmod(os.path.dirname(socket_file), runtimedir_permissions) except OSError: pass -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit b20add13550bc9a517faa988f0f3bef2ea56e0fa Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 13 14:04:59 2014 +0100 Fix privilege check for the broker daemon's log directory. --- bin/x2gobroker | 4 +++- debian/changelog | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bin/x2gobroker b/bin/x2gobroker index f89c92c..af7aaf9 100755 --- a/bin/x2gobroker +++ b/bin/x2gobroker @@ -227,13 +227,15 @@ if __name__ == "__main__": print("Insufficent privileges. Cannot create PID file {pidfile} path".format(pidfile=pidfile)) print("") sys.exit(-3) + + # the log dir should really be create by distro package maintainers... daemon_logdir = os.path.expanduser(cmdline_args.logdir) if not os.path.isdir(daemon_logdir): try: os.makedirs(daemon_logdir) except: pass - if not os.access(daemon_logdir, os.W_OK): + if not (os.access(daemon_logdir, os.W_OK) and os.access(daemon_logdir, os.X_OK)): print("") p.print_usage() print("Insufficent privileges. Cannot create directory for stdout/stderr log files: {logdir}".format(logdir=daemon_logdir)) diff --git a/debian/changelog b/debian/changelog index ce40f8e..ca36b19 100644 --- a/debian/changelog +++ b/debian/changelog @@ -197,6 +197,7 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. + - Fix privilege check for the broker daemon's log directory. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git