Bug 52447 - Make EUID handling consistent with SetUID() decorator / context-manager
Make EUID handling consistent with SetUID() decorator / context-manager
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Listener (univention-directory-listener)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Philipp Hahn
Florian Best
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-01 08:35 CET by Philipp Hahn
Modified: 2021-05-25 16:03 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2020-12-01 08:35:58 CET
Nearly all 55 UDL modules contain code like

> listener.setuid(0)
> try:
>   ...
> finally:
>   listener.unsetuid()

or the wrong variants

> try:
>   listener.setuid(0)
>   ...
> finally:
>   listener.unsetuid() # should not be called if setuid() failed above

and

> listener.setuid(0)
> ...
> listener.unsetuid() # not called on exceptions

<https://docs.software-univention.de/developer-reference-4.4.html#listener:example:setdata> contains an improved version using a context manager:

> with AsRoot():
>   ..

which is less to write, safer and correct. It's also easy to make it dual-use as a decorator:
> @AsUser(0)
> def handler(...):
>   ..

1. We should add it to "listener.py" as "AsUser()" as a new API for UCS-5.
2. We should change all out UDL modules to use it.
Comment 1 Arvid Requate univentionstaff 2021-01-26 11:01:11 CET
b12dc65e47 | UDL: Add new SetUID API

When merging patches please assign the Bug to yourself and adjust the target milestone. Otherwise we run the danger to not QA the committed changes and we cannot rely on Bugzilla but have to check the whole commit history.
Comment 2 Philipp Hahn univentionstaff 2021-01-26 15:22:50 CET
The first 6 patches have been merge into 5.0-0 to introduce the new API and mark the old API as deprecated.

The changes to the individual UDL modules will happen post 5.0-0 (as errata).

[5.0-0] 21d37ba8d3 Bug #52447 UDL: Add new SetUID API
 doc/changelog/changelog-5.0-0.xml | 5 +++++
 1 file changed, 5 insertions(+)
Comment 3 Florian Best univentionstaff 2021-01-26 17:28:16 CET
OK: fixes
21d37ba8d3 Bug #52447 UDL: Add new SetUID API
0b0071520d fixup! Bug #52447 UDL: Add PEP 484 static type annotations
42915ac5d1 Bug #52447 UDL: replace listener.baseConfig
c0836309ee Bug #52447 UDL: Shorten univention.debug
a28dd2eec3 Bug #52447 UDL: Remove optional functions
b38fd20436 Bug #52447 UDL: Deprecate baseConfig
06127e093b Bug #52447 doc: Convert to Python 3
8b1ae88e43 Bug #52447 doc: Convert to new SetUID API
b12dc65e47 Bug #52447 UDL: Add new SetUID API
ecc4f5d630 Bug #52447 UDL: Add PEP 484 static type annotations

OK: docs
OK: changelog entry
Comment 4 Florian Best univentionstaff 2021-05-25 16:03:11 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".