masquerade 0.7.0 → 0.8.0

data/CHANGELOG.rdoc

@@ -1,5 +1,11 @@
 = Changelog
 
+== Release 0.8.0 - May 26, 2011
+
+* NEW: Setting the right supplemental groups.
+* CHANGE: Setting the group to the user's primary group when a :group is not specified in the call.
+* CHANGE: The block sent to the as method now gets the user_struct and group_struct as returned by Etc methods, instead of the original hash sent to the block
+
 == Relase 0.7.0 - May 03, 2011
 
 * FIX: Catching an invalid user or group error also catching the block's ArgumentErrors

data/Manifest

@@ -3,3 +3,6 @@ Manifest
 README.rdoc
 Rakefile
 lib/masquerade.rb
+lib/masquerade/bad_user_or_group_error.rb
+lib/masquerade/permission_error.rb
+test/as_test.rb

data/README.rdoc

@@ -1,3 +1,4 @@
+=begin rdoc
 = Masquerade
 
 Run a block of code as another user/group.
@@ -8,6 +9,7 @@ Run a block of code as another user/group.
 
 == Usage
 
+=== To run a block of ruby code as another user/group
 To run a block of code as user "roger" and group "developer":
   Masquerade.as :user => "roger", :group => "developer" do
     puts "Hello world"
@@ -18,9 +20,11 @@ Alternatively, you can use the uid and gid directly:
     puts "Hello world"
   end
   
-The block of code accepts the user hash as a paramter. So you can do things like:
+The block of code gets a user_info parameter. 
+This paramter can have a user and a group object depending on what was passed to the as method. So you can do things like:
   Masquerade.as :user => "roger", :group => "developer" do |user_info|
-    puts "Hello #{user_info[:user]}"
+    puts user_info[:user].inspect
+    puts user_info[:group].inspect
   end
   
 Both :user and :group params are optional and you can choose to give one of the two or both:
@@ -28,17 +32,19 @@ Both :user and :group params are optional and you can choose to give one of the
     puts "Hello #{user_info[:user]}"
   end
   
+If a :user is given without a corresponding :group, the primary group of the user is used.
+  
+==== Return value
+Returns the result of the block call. So you can do:
+  response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
+    "Hello world #{user_info[:user]}"
+  end
+    
 === Exceptions thrown
 ==== Masquerade::PermissionsError
-
 If the user running the script does not have the privileges to masquerade as the given user.
     
 ==== Masquerade::BadUserOrGroupError
 If the given user or group does not exist
 
-=== Return value
-
-Returns the result of the block call. So you can do:
-  response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
-    "Hello world #{user_info[:user]}"
-  end
+=end

data/Rakefile

@@ -2,12 +2,12 @@ require "rubygems"
 require "rake"
 require "echoe"
 
-Echoe.new("masquerade", "0.7.0") do |p|
-  p.description = "A user/group impersonator. Allows you to run a block of code as another user or group."
-  p.summary = "A user/group impersonator. Allows you to run a block of code as another user or group"
+Echoe.new("masquerade", "0.8.0") do |p|
+  p.description = "A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only."
+  p.summary = "A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only."
   p.url = "http://rubygems.org/gems/masquerade"
   p.author = "Nitesh Goel"
-  p.email = "nitesh@wikinvest.com"
+  p.email = "nitesh@sigfig.com"
   p.ignore_pattern = ["tmp/*", "script/*"]
 end
 

data/lib/masquerade.rb

@@ -1,4 +1,3 @@
-require "etc"
 =begin rdoc
 = Masquerade
 
@@ -10,6 +9,7 @@ Run a block of code as another user/group.
 
 == Usage
 
+=== To run a block of ruby code as another user/group
 To run a block of code as user "roger" and group "developer":
   Masquerade.as :user => "roger", :group => "developer" do
     puts "Hello world"
@@ -20,9 +20,11 @@ Alternatively, you can use the uid and gid directly:
     puts "Hello world"
   end
   
-The block of code accepts the user hash as a paramter. So you can do things like:
+The block of code gets a user_info parameter. 
+This paramter can have a user and a group object depending on what was passed to the as method. So you can do things like:
   Masquerade.as :user => "roger", :group => "developer" do |user_info|
-    puts "Hello #{user_info[:user]}"
+    puts user_info[:user].inspect
+    puts user_info[:group].inspect
   end
   
 Both :user and :group params are optional and you can choose to give one of the two or both:
@@ -30,72 +32,115 @@ Both :user and :group params are optional and you can choose to give one of the
     puts "Hello #{user_info[:user]}"
   end
   
+If a :user is given without a corresponding :group, the primary group of the user is used.
+  
+==== Return value
+Returns the result of the block call. So you can do:
+  response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
+    "Hello world #{user_info[:user]}"
+  end
+    
 === Exceptions thrown
 ==== Masquerade::PermissionsError
-
 If the user running the script does not have the privileges to masquerade as the given user.
     
 ==== Masquerade::BadUserOrGroupError
 If the given user or group does not exist
 
-=== Return value
-
-Returns the result of the block call. So you can do:
-  response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
-    "Hello world #{user_info[:user]}"
-  end
 =end
+
+require "etc"
+require "masquerade/bad_user_or_group_error"
+require "masquerade/permission_error"
+
 module Masquerade
+  # Run a block of ruby code as another user/group
   def self.as(who)
     current_euid = Process.euid
     current_egid = Process.egid
     current_uid = Process.uid
     current_gid = Process.gid
-    begin
-      if who.include? :group
-        group_struct = nil
-        if who[:group].kind_of? String
-          # get group info by name
-          group_struct = Etc.getgrnam(who[:group])
-        elsif who[:group].kind_of? Numeric
-          # get group info by gid
-          group_struct = Etc.getgrgid(who[:group])
-        end
-        # set the gid of the current process to that of the chosen group
-        Process.egid = group_struct.gid
-        Process.gid = group_struct.gid
-      end
-      if who.include? :user
-        user_struct = nil
-        if who[:user].kind_of? String
-          # get user info by name
-          user_struct = Etc.getpwnam(who[:user])
-        elsif who[:user].kind_of? Numeric
-          # get user info by uid
-          user_struct = Etc.getpwuid(who[:user])
-        end
-        # set the uid of the current process to that of the chosen user
-        Process.euid = user_struct.uid
-        Process.uid = user_struct.uid
+    current_groups = Process.groups
+    group_struct = nil
+    user_struct = nil
+
+    if who.include? :group
+      group_struct = self.system_group(who[:group])
+      # set the gid of the current process to that of the chosen group
+      Process.egid = group_struct.gid
+      Process.gid = group_struct.gid
+    end
+    if who.include? :user
+      user_struct = self.system_user(who[:user])
+      unless who.include? :group
+        Process.egid = user_struct.gid
+        Process.gid = user_struct.gid
       end
-    rescue Errno::EPERM
-      raise PermissionsError, "You do not have permissions to impersonate this user or group"
-    rescue ArgumentError
-      raise BadUserOrGroupError, "The user or group does not exist"
+      # set the supplemental groups
+      Process.initgroups(user_struct.name, user_struct.gid)
+      # set the uid of the current process to that of the chosen user
+      Process.euid = user_struct.uid
+      Process.uid = user_struct.uid
     end
+
     # run the block
-    response = yield who
-    # restore process uid and gid
+    yield_who = {}
+    yield_who[:user] = user_struct unless user_struct.nil?
+    yield_who[:group] = group_struct unless group_struct.nil?
+    response = yield yield_who
+
+    # restore process user and groups
     Process.uid = current_uid
     Process.euid = current_euid
     Process.gid = current_gid
     Process.egid = current_egid
+    begin
+      Process.groups = current_groups
+    rescue Errno::EINVAL
+      #on macs, groups like com.apple.screen_sharing cannot be set
+    end
     return response
   end
   
-  class PermissionsError < StandardError
+  private
+  
+  def self.system_user(user_name_or_id)
+    begin
+      user_struct = {}
+      if user_name_or_id.kind_of? String
+        # get user info by name
+        user_struct = Etc.getpwnam(user_name_or_id)
+      elsif user_name_or_id.kind_of? Numeric
+        # get user info by uid
+        user_struct = Etc.getpwuid(user_name_or_id)
+      else
+        raise Masquerade::BadUserOrGroupError, "The user must be a string (username) or a number (uid)"
+      end
+      return user_struct
+    rescue Errno::EPERM
+      raise Masquerade::PermissionsError, "You do not have permissions to impersonate this user or group"
+    rescue ArgumentError
+      raise Masquerade::BadUserOrGroupError, "The user or group does not exist"
+    end
   end
   
-  class BadUserOrGroupError < StandardError
+  def self.system_group(group_name_or_id)
+    begin
+      group_struct = {}
+      if group_name_or_id.kind_of? String
+        # get group info by name
+        group_struct = Etc.getgrnam(group_name_or_id)
+      elsif group_name_or_id.kind_of? Numeric
+        # get group info by gid
+        group_struct = Etc.getgrgid(group_name_or_id)
+      else
+        raise Masquerade::BadUserOrGroupError, "The group must be a string (group name) or a number (gid)"
+      end
+      return group_struct
+    rescue Errno::EPERM
+      raise Masquerade::PermissionsError, "You do not have permissions to impersonate this user or group"
+    rescue ArgumentError
+      raise Masquerade::BadUserOrGroupError, "The user or group does not exist"
+    end
   end
 end

data/lib/masquerade/bad_user_or_group_error.rb

@@ -0,0 +1,5 @@
+module Masquerade
+  # Error raised when the user or group to be impersonated does not exist.
+  class BadUserOrGroupError < StandardError
+  end
+end

data/lib/masquerade/permission_error.rb

@@ -0,0 +1,6 @@
+module Masquerade
+  # Error raised when the user calling masquerade does not have privileges to
+  # impersonate another user.
+  class PermissionsError < StandardError
+  end
+end

data/masquerade.gemspec

@@ -2,21 +2,22 @@
 
 Gem::Specification.new do |s|
   s.name = %q{masquerade}
-  s.version = "0.7.0"
+  s.version = "0.8.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Nitesh Goel"]
-  s.date = %q{2011-05-03}
-  s.description = %q{A user/group impersonator. Allows you to run a block of code as another user or group.}
-  s.email = %q{nitesh@wikinvest.com}
-  s.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc", "lib/masquerade.rb"]
-  s.files = ["CHANGELOG.rdoc", "Manifest", "README.rdoc", "Rakefile", "lib/masquerade.rb", "masquerade.gemspec"]
+  s.date = %q{2011-05-26}
+  s.description = %q{A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.}
+  s.email = %q{nitesh@sigfig.com}
+  s.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc", "lib/masquerade.rb", "lib/masquerade/bad_user_or_group_error.rb", "lib/masquerade/permission_error.rb"]
+  s.files = ["CHANGELOG.rdoc", "Manifest", "README.rdoc", "Rakefile", "lib/masquerade.rb", "lib/masquerade/bad_user_or_group_error.rb", "lib/masquerade/permission_error.rb", "test/as_test.rb", "masquerade.gemspec"]
   s.homepage = %q{http://rubygems.org/gems/masquerade}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Masquerade", "--main", "README.rdoc"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{masquerade}
   s.rubygems_version = %q{1.7.2}
-  s.summary = %q{A user/group impersonator. Allows you to run a block of code as another user or group}
+  s.summary = %q{A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.}
+  s.test_files = ["test/as_test.rb"]
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

data/test/as_test.rb

@@ -0,0 +1,6 @@
+require "rubygems"
+require "masquerade"
+username = ARGV.shift
+Masquerade.as :user => username do
+  %x[env > /tmp/test_as.txt]
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: masquerade
 version: !ruby/object:Gem::Version 
-  hash: 3
+  hash: 63
   prerelease: 
   segments: 
   - 0
-  - 7
+  - 8
   - 0
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors: 
 - Nitesh Goel
@@ -15,11 +15,11 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-03 00:00:00 Z
+date: 2011-05-26 00:00:00 Z
 dependencies: []
 
-description: A user/group impersonator. Allows you to run a block of code as another user or group.
-email: nitesh@wikinvest.com
+description: A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.
+email: nitesh@sigfig.com
 executables: []
 
 extensions: []
@@ -28,12 +28,17 @@ extra_rdoc_files:
 - CHANGELOG.rdoc
 - README.rdoc
 - lib/masquerade.rb
+- lib/masquerade/bad_user_or_group_error.rb
+- lib/masquerade/permission_error.rb
 files: 
 - CHANGELOG.rdoc
 - Manifest
 - README.rdoc
 - Rakefile
 - lib/masquerade.rb
+- lib/masquerade/bad_user_or_group_error.rb
+- lib/masquerade/permission_error.rb
+- test/as_test.rb
 - masquerade.gemspec
 homepage: http://rubygems.org/gems/masquerade
 licenses: []
@@ -73,6 +78,6 @@ rubyforge_project: masquerade
 rubygems_version: 1.7.2
 signing_key: 
 specification_version: 3
-summary: A user/group impersonator. Allows you to run a block of code as another user or group
-test_files: []
-
+summary: A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.
+test_files: 
+- test/as_test.rb