Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
triliodata-4-0-patch / contego deb
Repository URL to install this package:
|
Version:
4.0.109 ▾
|
ó
ōEYc�����������@���s��d��Z��d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l �Z �d�d�l
�Z
�d�d�l
�Z
�d�d�l
�Z
�e�j
���d�k�r�d�d�l�Z�d�d�l�Z�d�d�l�Z�n��d�d�l�Z�d�d�l�m�Z�d�d�l�m�Z�d�d�l�m�Z�d�d�l�m�Z�d�d�l�m�Z�d�d �l�m
�Z
�e�j
�e
��Z �e�j �d
�e�j!�f�d
�����Y�Z"�e�j �d
�e�j!�f�d
�����Y�Z#�d�e$�f�d�����YZ%�d�e$�f�d�����YZ&�d���Z'�d���Z(�d���Z)�d�e�j*�f�d�����YZ+�d�e
�j,�f�d�����YZ-�d���Z.�e�j/�d��Z0�d�d��Z2�d
�e-�f�d
�����YZ3�d
�e-�f�d �����YZ4�d �e5�f�d!�����YZ6�d"���Z7�e
�d#�k�re7���n��d�S($���s��Privilege separation ("privsep") daemon.
To ease transition this supports 2 alternative methods of starting the
daemon, all resulting in a helper process running with elevated
privileges and open socket(s) to the original process:
1. Start via fork()
Assumes process currently has all required privileges and is about
to drop them (perhaps by setuid to an unprivileged user). If the
the initial environment is secure and `PrivContext.start(Method.FORK)`
is called early in `main()`, then this is the most secure and
simplest. In particular, if the initial process is already running
as non-root (but with sufficient capabilities, via eg suitable
systemd service files), then no part needs to involve uid=0 or
sudo.
2. Start via sudo/rootwrap
This starts the privsep helper on first use via sudo and rootwrap,
and communicates via a temporary Unix socket passed on the command
line. The communication channel is briefly exposed in the
filesystem, but is protected with file permissions and connecting
to it only grants access to the unprivileged process. Requires a
suitable entry in sudoers or rootwrap.conf filters.
The privsep daemon exits when the communication channel is closed,
(which usually occurs when the unprivileged process exits).
iÿÿÿÿNt���Linux(���t���cfg(���t���log(���t
���importutils(���t���_(���t
���capabilities(���t���commt���StdioFdc�����������B���s���e��Z�d��Z�d�Z�d�Z�RS(���i����i���i���(���t���__name__t
���__module__t���STDINt���STDOUTt���STDERR(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���L���s��� t���Messagec�����������B���s2���e��Z�d��Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�RS(���s7���Types of messages sent across the communication channeli���i���i���i���i���i���( ���R���R ���t���__doc__t���PINGt���PONGt���CALLt���RETt���ERRt���LOG(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR
���Z���s���t���FailedToDropPrivilegesc�����������B���s���e��Z�RS(����(���R���R ���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���e���s���t
���ProtocolErrorc�����������B���s���e��Z�RS(����(���R���R ���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���i���s���c���������C���sR���t��j��|��t��j��}�|�t��j�@d�k�rN�|�t��j�O}�t��j��|��t��j�|��n��d��S(���Ni����(���t���fcntlt���F_GETFDt
���FD_CLOEXECt���F_SETFD(���t���fdt���flags(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���set_cloexecm���s����
c���������C���s���y�t��|���}�Wn)�t�t�f�k
�r;�t�j�|���j�}�n�X|�d�k�r�y�t�j�|��Wq�t�k
�r�t �d��|�}�t
�j
�|��t
�|���q�Xn��d��S(���Ni����s���Failed to set uid %s(
���t���intt ���TypeErrort
���ValueErrort���pwdt���getpwnamt���pw_uidt���ost���setuidt���OSErrorR���R���t���criticalR���(���t���user_id_or_namet���new_uidt���msg(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR%���t���s����
c���������C���s���y�t��|���}�Wn)�t�t�f�k
�r;�t�j�|���j�}�n�X|�d�k�r�y�t�j�|��Wq�t�k
�r�t �d��|�}�t
�j
�|��t
�|���q�Xn��d��S(���Ni����s���Failed to set gid %s(
���R
���R ���R ���t���grpt���getgrnamt���gr_gidR$���t���setgidR&���R���R���R'���R���(���t���group_id_or_namet���new_gidR*���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR.������s����
t���PrivsepLogHandlerc�����������B���s
���e��Z�d�d���Z�d���Z�RS(���c���������C���s)���t��t�|���j���|�|��_�|�|��_�d��S(���N(���t���superR1���t���__init__t���channelt
���processName(���t���selfR4���R5���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR3������s���� c���������C���s±���|��j��r�|��j��|�_��n��t�|�j��}�|�j�rt�|�j�sg�|��j�pK�t�j���}�|�j�|�j��|�d�<n��d��|�d�<n��|�j
���|�d�<d�|�d�<|��j
�j
�d��t
�j�|�f�f��d��S(���Nt���exc_textt���exc_infoR*���t���args(����(���R5���t���dictt���__dict__R8���R7���t ���formattert ���pyloggingt ���Formattert���formatExceptiont���Nonet
���getMessageR4���t���sendR
���R���(���R6���t���recordt���datat���fmt(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt���emit���s����
N(���R���R ���R@���R3���RF���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR1������s���
t���_ClientChannelc�����������B���s2���e��Z�d��Z�d���Z�d���Z�d���Z�d���Z�RS(���sC���Our protocol, layered on the basic primitives in comm.ClientChannelc���������C���s$���t��t�|���j�|��|��j���d��S(���N(���R2���RG���R3���t
���exchange_ping(���R6���t���sock(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR3���®���s����c���������C���s���y/�|��j��t�j�j�f��}�|�d�t�j�k�}�Wn)�t�k
�rZ�}�t�j�d�|��t�}�n�X|�s�t �d��}�t�j
�|��t
�|���n��d��S(���Ni����s/���Error while sending initial PING to privsep: %ss
���Privsep daemon failed to start(
���t ���send_recvR
���R���t���valueR���t ���ExceptionR���t ���exceptiont���FalseR���R'���R���(���R6���t���replyt���successt���eR*���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyRH���²���s����
c���������C���s���|��j��t�j�j�|�|�|�f��}�|�d�t�j�k�r<�|�d�S|�d�t�j�k�ru�t�j�|�d��}�|�|�d����n�t�t �d��|���d��S(���Ni����i���i���s���Unexpected response: %r(
���RJ���R
���R���RK���R���R���R���t
���import_classR���R���(���R6���t���nameR9���t���kwargst���resultt���exc_type(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���remote_call¿���s����!c���������C���sb���|�d�t��j�k�rN�t�j�|�d��}�t�j�|�j��r^�t�j�j�|��q^�n�t�j�d�|��d��S(���Ni����i���s;���Ignoring unexpected OOB message from privileged process: %r( ���R
���R���R=���t
���makeLogRecordt
���isEnabledFort���levelnot���loggert���handlet���warning(���R6���R*���RC���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���out_of_band���s
���� (���R���R ���R���R3���RH���RW���R^���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyRG���«���s
���
c���������O���s?���t��j�j�d��r(�t��j�j�|��|�|��St�j�|��|�|��Sd��S(���Nt���socket(���t���eventlett���patchert���is_monkey_patchedt���greeniot ���GreenPipet���iot���open(���R���R9���RT���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt���fdopen���s����c������������s}���t��j���\�}�}�t�|�d�d��}�t�|�d�d��}���f�d���}�t�j�d�d�d�|�d�|�f��}�t�|�_�|�j���|�S( ���s?���Helper that returns a file object that is asynchronously loggedt���ri���t���wc������������s.���x'�|��D] �}�t��j���d�|�j����q�Wd��S(���Ns���privsep log: %s(���R���R���t���rstrip(���t���ft���line(���t���level(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR[�����s����
RS���t ���fd_loggert���targetR9���(���R$���t���pipeRg���t ���threadingt���Threadt���Truet���daemont���start(���Rm���t���read_fdt���write_fdt���read_endt ���write_endR[���t���t(����(���Rm���sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���_fd_logger��s����
c���������C���sS���|�d��k�r!�t�j�d���j�}�n��x
�|�j�D]�}�|�j�|��q+�W|�j�|���d��S(���N(���R@���t���loggingt ���getLoggerR[���t���handlerst
���removeHandlert
���addHandler(���t���handlert���log_roott���h(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt���replace_loggingù���s
����
t���ForkingClientChannelc�����������B���s���e��Z�d����Z�RS(���c���������C���s��t��j���\�}�}�x+�|�|�f�D]
�}�|�j�t��t�|��q �Wx$�t�j�t�j�f�D]�}�|�j���qS�Wt �j
���d�k�rá�t
�j
�|��}�|�j
���t�t�|�d�t�|���t�|�d�|�j���t�j�d��t �j�d��n��|�j
���t�t�|���j�|��d�S(���s`���Start privsep daemon using fork()
Assumes we already have required privileges.
i����R5���t���contexts���privsep daemon exitingN(���R_���t
���socketpairt
���setblockingRs���R
���t���syst���stdoutt���stderrt���flushR$���t���forkR���t
���ServerChannelt���closeR���R1���t���strt���Daemont���runR���t���debugt���_exitR2���R
���R3���(���R6���R���t���sock_at���sock_bt���sRk���R4���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR3�����s ����
(���R���R ���R3���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR
�����s���t���RootwrapClientChannelc�����������B���s���e��Z�d����Z�RS(���c���
������C���sl��t��j��t��j��}�t�j���}�z�t�j�j�|�d��}�|�j�|��|�j�d��|�j �|��}�t
�j
�d�|��t
�j
�|�d�t�d�t���}�|�j���d�k�r�d�|�j�}�t
�j�|��t�|���n��t
�j
�d��|�j���\�}�} �t
�j�d �|��Wd
�|�j���y�t�j�|��Wn+�t�k
�rC}
�|
�j�t�j�k�rD��qDn�Xt�j�|��Xt
�t
�|���j
�|��d
�S(
���sZ���Start privsep daemon using exec()
Uses sudo/rootwrap to gain privileges.
s
���privsep.socki���s���Running privsep helper: %st���shellR���i����s+���privsep helper command exited non-zero (%s)s'���Spawned new privsep daemon via rootwraps!���Accepted privsep connection to %sN( ���R_���t���AF_UNIXt���tempfilet���mkdtempR$���t���patht���joint���bindt���listent���helper_commandR���t���infot
���subprocesst���PopenRN���R{���t���waitt
���returncodeR'���R���t���acceptR���R���t���unlinkR&���t���errnot���ENOENTt���rmdirR2���R���R3���(
���R6���R���t
���listen_sockt���tmpdirt���sockpatht���cmdt���procR*���RI���t���_addrRQ���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR3���)��s2����
(���R���R ���R3���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���(��s���R���c�����������B���sD���e��Z�d��Z�d���Z�d���Z�d���Z�d���Z�d���Z�d���Z�RS(���s?���NB: This doesn't fork() - do that yourself before calling run()c���������C���sI���|�|��_��|�|��_�|�j�j�|��_�|�j�j�|��_�t�|�j�j��|��_�d��S(���N(���R4���R���t���conft���usert���groupt���setR���t���caps(���R6���R4���R���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR3���]��s
���� c���������C���s<���t��j�d��t��j�d��|��j���|��j���|��j���d�S(���s8���Run request loop. Sets up environment, then calls loop()t���/i����N(���R$���t���chdirt���umaskt
���_drop_privst
���_close_stdiot���loop(���R6���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���d��s
����
c���������C���sQ���t��t�j�d��9�}�t�j�|�j���t�j��t�j�|�j���t�j��Wd��QXd��S(���Ns���w+(���Rf���R$���t���devnullt���dup2t���filenoR���R
���R
���(���R6���R½���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR»���m��s����c���������C���sX��z«�t��j�t��|��j�d��k �rl�y�t�j�g���Wql�t�k
�rh�t�d��}�t �j
�|��t
�|���ql�Xn��|��j
�d��k �r�t
�|��j
��n��|��j�d��k �rª�t�|��j��n��Wd��t��j�t��Xt �j�d�i�t�j���d�6t�j���d�6�t��j�|��j�|��j�g���d���}�t��j���\�}�}�}�t �j�d�i�|�|��d�6|�|��d�6|�|��d �6�d��S(
���Ns$���Failed to remove supplemental groupss5���privsep process running with uid/gid: %(uid)s/%(gid)st���uidt���gidc���������S���sO���|��s
�d�Sg��|��D]!�}�t��j�j�|�t�|���^�q�}�|�j���d�j�|��S(���Nt���nonet���|(���R���t
���CAPS_BYVALUEt���getR���t���sortR���(���t���capsett���ct���fc(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt���fmt_caps��s
����+
sP���privsep process running with capabilities (eff/prm/inh): %(eff)s/%(prm)s/%(inh)st���efft���prmt���inh(���R���t
���set_keepcapsRs���R´���R@���R$���t ���setgroupsR&���R���R���R'���R���R³���R%���R.���RN���R¢���t���getuidt���getgidt���drop_all_caps_exceptR¶���t���get_caps(���R6���R*���RÊ���RË���RÌ���RÍ���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyRº���s��s2����
!
c��� ������G���s³���|�t��j�k�r
�t��j�j�f�S|�t��j�k�r�|�\�}�}�}�t�j�|��}�|��j�j�|��sz�t �d��|�}�t
�|���n��|�|�|���}�t��j
�j�|�f�St
�t �d��|���d��S(���Ns)���Invalid privsep function: %s not exporteds���Unknown privsep cmd: %s(
���R
���R���R���RK���R���R���RR���R���t
���is_entrypointR���t ���NameErrorR���R���( ���R6���R¯���R9���RS���t���f_argst���f_kwargst���funcR*���t���ret(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���_process_cmd ��s����
c���������C���sZ��t��j�d�t�j����|��j�j�t��x |��j�D]\�}�}�t��j�d�i�|�d�6|�d�6�y�|��j �|���}�Wnn�t
�k
�r�}�t��j�d�i�|�d�6|�d�6d�t
�|�j
�}�d�|�j
�|�j�f�}�t�j�j�|�|�j�f�}�n�Xy8�t��j�d �i�|�d�6|�d
�6�|��j�j�|�|�f��Wq0�t�k
�rD}�|�j�t�j�k�r>Pn����q0�Xq0�Wt��j�d
��d
�S(
���s ���Main body of daemon request loops ���privsep daemon running as pid %ss$���privsep: request[%(msgid)s]: %(req)st���msgidt���reqs5���privsep: Exception during request[%(msgid)s]: %(err)st���errR8���s���%s.%ss$���privsep: reply[%(msgid)s]: %(reply)sRO���s+���Socket closed, shutting down privsep daemonN(���R���R¢���R$���t���getpidR���t���set_client_modeRN���R4���R���RÚ���RL���Rs���t ���__class__R ���R���R
���R���RK���R9���RB���t���IOErrorR©���t���EPIPE(���R6���RÛ���R*���RO���RQ���t���clst���cls_name(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR¼���±��s.����
( ���R���R ���R���R3���R���R»���Rº���RÚ���R¼���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyR���Z��s��� - c����������C���s��t��j�j�t��j�d�d�t�t��j�d�d�t�g��t�j�t��j��t��j�d�t�j�d� d�d��t�j �t��j�d��t
�j
�t��j�j
��}��d�d �l
�m�}�t�|��|�j��s»�t�j�d
��n��t�j�t�j��}�|�j�t��j�j��t�|��t�j�|��}�t�j���d
�k�rd
�St
�t
�|���t�j
�d
��y�t �|�|���j ���Wn3�t!�k
�rx}�t�j"�|��t�j#�t$�|���n�Xt�j%�d��t�j#�d
��d
�S(���s>���Start privileged process, serving requests over a Unix socket.t���privsep_contextt���requiredt���privsep_sock_pathR9���i���t���projectt���privsepiÿÿÿÿ(���t
���priv_contextsC���--privsep_context must be the (python) name of a PrivContext objecti����Ns���privsep daemon startings���privsep daemon exiting(&���R���t���CONFt���register_cli_optst���StrOptRs���R|���t���register_optionsR���t���argvt���setupR���RR���R��t
���oslo_privsepR��t
���isinstancet
���PrivContextR���t���fatalR_���R���t���connectR��R
���R���R���R$���R���R���R1���R¢���R���R���RL���RM���t���exitR���R���(���R���Rê���RI���R4���RQ���(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt
���helper_main��s2����
t���__main__(8���R���t���enumR©���Re���R|���R=���R$���t���platformR_���R£���R���R���Rq���t���systemR���R+���R!���R`���t
���oslo_configR���t���oslo_logR���t
���oslo_utilsR���t���oslo_privsep._i18nR���R�R���R���R}���R���R���t���uniquet���IntEnumR���R
���RL���R���R���R
���R%���R.���t���HandlerR1���t
���ClientChannelRG���Rg���t���WARNR{���R@���R���R
���R���t���objectR���R÷���(����(����(����sH���/home/tvault/.virtenv/lib/python2.7/site-packages/oslo_privsep/daemon.pyt���<module>,���sV���
.
'2y 2