[38800] branches/gsoc08-privileges/base/src
pmagrath at macports.org
pmagrath at macports.org
Thu Jul 31 13:02:09 PDT 2008
Revision: 38800
http://trac.macosforge.org/projects/macports/changeset/38800
Author: pmagrath at macports.org
Date: 2008-07-31 13:02:09 -0700 (Thu, 31 Jul 2008)
Log Message:
-----------
Add privilege escalation support. If say "port install cowsay" is run without necessary privileges, it will be re-run with sudo.
Modified Paths:
--------------
branches/gsoc08-privileges/base/src/port/port.tcl
branches/gsoc08-privileges/base/src/port1.0/portdestroot.tcl
branches/gsoc08-privileges/base/src/port1.0/portextract.tcl
branches/gsoc08-privileges/base/src/port1.0/portinstall.tcl
branches/gsoc08-privileges/base/src/port1.0/portutil.tcl
Modified: branches/gsoc08-privileges/base/src/port/port.tcl
===================================================================
--- branches/gsoc08-privileges/base/src/port/port.tcl 2008-07-31 19:55:22 UTC (rev 38799)
+++ branches/gsoc08-privileges/base/src/port/port.tcl 2008-07-31 20:02:09 UTC (rev 38800)
@@ -348,7 +348,11 @@
array set options $portspec(options)
}
uplevel 1 $block
- cd $savedir
+ if {[file exists $savedir]} {
+ cd $savedir
+ } else {
+ cd ~
+ }
}
}
@@ -2456,6 +2460,9 @@
ui_debug "$errorInfo"
break_softcontinue "Unable to open port: $result" 1 status
}
+
+ #ui_debug "worker ($workername) $target $portname"
+
if {[catch {set result [mportexec $workername $target]} result]} {
global errorInfo
mportclose $workername
@@ -2465,10 +2472,22 @@
mportclose $workername
+
+ # start gsoc08-privileges
+ if { [geteuid] != 0 && $result == 1 } {
+ # TODO: find a way to detect definitely that the error is privileges related.
+ ui_warn "Attempting to re-run with 'sudo port'. Command: 'sudo port $target $portname'."
+ set result 0
+ ui_msg [exec sudo port $target $portname]
+ ui_debug "'sudo port $target $portname' has completed."
+ }
+ # end gsoc08-privileges
+
# Process any error that wasn't thrown and handled already
if {$result} {
break_softcontinue "Status $result encountered during processing." 1 status
}
+
}
return $status
Modified: branches/gsoc08-privileges/base/src/port1.0/portdestroot.tcl
===================================================================
--- branches/gsoc08-privileges/base/src/port1.0/portdestroot.tcl 2008-07-31 19:55:22 UTC (rev 38799)
+++ branches/gsoc08-privileges/base/src/port1.0/portdestroot.tcl 2008-07-31 20:02:09 UTC (rev 38800)
@@ -312,6 +312,10 @@
# Restore umask
umask $oldmask
+
+ # start gsoc08-privileges
+ chownAsRoot $destroot
+ # end gsoc08-privileges
return 0
}
Modified: branches/gsoc08-privileges/base/src/port1.0/portextract.tcl
===================================================================
--- branches/gsoc08-privileges/base/src/port1.0/portextract.tcl 2008-07-31 19:55:22 UTC (rev 38799)
+++ branches/gsoc08-privileges/base/src/port1.0/portextract.tcl 2008-07-31 20:02:09 UTC (rev 38800)
@@ -92,8 +92,7 @@
}
proc extract_main {args} {
- global UI_PREFIX euid egid worksrcpath macportsuser
- global filespath
+ global UI_PREFIX filespath worksrcpath
if {![exists distfiles] && ![exists extract.only]} {
# nothing to do
@@ -112,18 +111,7 @@
}
# start gsoc08-privileges
- if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
- # if started with sudo but have dropped the privileges
- seteuid $euid
- ui_debug "euid changed to: [geteuid]"
- chown ${worksrcpath} ${macportsuser}
- ui_debug "chowned $worksrcpath to $macportsuser"
- seteuid [name_to_uid "$macportsuser"]
- ui_debug "euid changed to: [geteuid]"
- } else {
- ui_debug "no need to chown $worksrcpath. uid=[getuid]. euid=[geteuid]."
- }
-
+ chownAsRoot $worksrcpath
# end gsoc08-privileges
}
Modified: branches/gsoc08-privileges/base/src/port1.0/portinstall.tcl
===================================================================
--- branches/gsoc08-privileges/base/src/port1.0/portinstall.tcl 2008-07-31 19:55:22 UTC (rev 38799)
+++ branches/gsoc08-privileges/base/src/port1.0/portinstall.tcl 2008-07-31 20:02:09 UTC (rev 38800)
@@ -54,26 +54,13 @@
proc install_start {args} {
global UI_PREFIX portname portversion portrevision variations portvariants
- global macportsuser euid egid install.asroot
+ global install.asroot
ui_msg "$UI_PREFIX [format [msgcat::mc "Installing %s @%s_%s%s"] $portname $portversion $portrevision $portvariants]"
# start gsoc08-privileges
- ui_msg [tbool install.asroot]
-
if { [tbool install.asroot] } {
- # if port isn't marked as not needing root
- if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
- # if started with sudo but have dropped the privileges
- ui_debug "Can't run install on this port without elevated privileges."
- ui_debug "Going to escalate privileges back to root."
- setegid $egid
- seteuid $euid
- ui_debug "euid changed to: [geteuid]. egid changed to: [getegid]."
- }
-
- if { [getuid] != 0 } {
- return -code error "You can not run this port without elevated privileges. You need to re-run with 'sudo port'.";
- }
+ # if port isn't marked as not needing root
+ elevateToRoot "install"
}
# end gsoc08-privileges
Modified: branches/gsoc08-privileges/base/src/port1.0/portutil.tcl
===================================================================
--- branches/gsoc08-privileges/base/src/port1.0/portutil.tcl 2008-07-31 19:55:22 UTC (rev 38799)
+++ branches/gsoc08-privileges/base/src/port1.0/portutil.tcl 2008-07-31 20:02:09 UTC (rev 38800)
@@ -1397,6 +1397,7 @@
proc open_statefile {args} {
global workpath worksymlink place_worksymlink portname portpath ports_ignore_older
global altprefix macportsuser euid egid usealtworkpath env applications_dir portbuildpath distpath
+ global portname
# start gsoc08-privileges
@@ -1435,7 +1436,7 @@
set username [uid_to_name $userid]
if { $userid !=0 } {
- ui_msg "Insufficient privileges to perform action for all users."
+ ui_msg "Insufficient privileges to perform action on port '$portname' for all users."
ui_msg "Action will be performed for current user (${username}) only."
ui_msg "Install actions should be executed using sudo."
}
@@ -2286,3 +2287,38 @@
}
+proc chownAsRoot {path} {
+ global euid macportsuser
+
+ if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
+ # if started with sudo but have dropped the privileges
+ seteuid $euid
+ ui_debug "euid changed to: [geteuid]"
+ chown ${path} ${macportsuser}
+ ui_debug "chowned $path to $macportsuser"
+ seteuid [name_to_uid "$macportsuser"]
+ ui_debug "euid changed to: [geteuid]"
+ } elseif { [getuid] == 0 } {
+ # if started with sudo but have elevated back to root already
+ chown ${path} ${macportsuser}
+ } else {
+ ui_debug "not need to chown $path. uid=[getuid]. euid=[geteuid]."
+ }
+}
+
+proc elevateToRoot {action} {
+ global euid egid macportsuser
+
+ if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
+ # if started with sudo but have dropped the privileges
+ ui_debug "Can't run $action on this port without elevated privileges. Escalating privileges back to root."
+ setegid $egid
+ seteuid $euid
+ ui_debug "euid changed to: [geteuid]. egid changed to: [getegid]."
+ }
+
+ if { [getuid] != 0 } {
+ return -code error "You can not run this port without elevated privileges. You need to re-run with 'sudo port'.";
+ }
+}
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-changes/attachments/20080731/39893907/attachment.html
More information about the macports-changes
mailing list