masquerade 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +6 -0
- data/Manifest +3 -0
- data/README.rdoc +15 -9
- data/Rakefile +4 -4
- data/lib/masquerade.rb +89 -44
- data/lib/masquerade/bad_user_or_group_error.rb +5 -0
- data/lib/masquerade/permission_error.rb +6 -0
- data/masquerade.gemspec +8 -7
- data/test/as_test.rb +6 -0
- metadata +14 -9
data/CHANGELOG.rdoc
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
= Changelog
|
2
2
|
|
3
|
+
== Release 0.8.0 - May 26, 2011
|
4
|
+
|
5
|
+
* NEW: Setting the right supplemental groups.
|
6
|
+
* CHANGE: Setting the group to the user's primary group when a :group is not specified in the call.
|
7
|
+
* CHANGE: The block sent to the as method now gets the user_struct and group_struct as returned by Etc methods, instead of the original hash sent to the block
|
8
|
+
|
3
9
|
== Relase 0.7.0 - May 03, 2011
|
4
10
|
|
5
11
|
* FIX: Catching an invalid user or group error also catching the block's ArgumentErrors
|
data/Manifest
CHANGED
data/README.rdoc
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
=begin rdoc
|
1
2
|
= Masquerade
|
2
3
|
|
3
4
|
Run a block of code as another user/group.
|
@@ -8,6 +9,7 @@ Run a block of code as another user/group.
|
|
8
9
|
|
9
10
|
== Usage
|
10
11
|
|
12
|
+
=== To run a block of ruby code as another user/group
|
11
13
|
To run a block of code as user "roger" and group "developer":
|
12
14
|
Masquerade.as :user => "roger", :group => "developer" do
|
13
15
|
puts "Hello world"
|
@@ -18,9 +20,11 @@ Alternatively, you can use the uid and gid directly:
|
|
18
20
|
puts "Hello world"
|
19
21
|
end
|
20
22
|
|
21
|
-
The block of code
|
23
|
+
The block of code gets a user_info parameter.
|
24
|
+
This paramter can have a user and a group object depending on what was passed to the as method. So you can do things like:
|
22
25
|
Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
23
|
-
puts
|
26
|
+
puts user_info[:user].inspect
|
27
|
+
puts user_info[:group].inspect
|
24
28
|
end
|
25
29
|
|
26
30
|
Both :user and :group params are optional and you can choose to give one of the two or both:
|
@@ -28,17 +32,19 @@ Both :user and :group params are optional and you can choose to give one of the
|
|
28
32
|
puts "Hello #{user_info[:user]}"
|
29
33
|
end
|
30
34
|
|
35
|
+
If a :user is given without a corresponding :group, the primary group of the user is used.
|
36
|
+
|
37
|
+
==== Return value
|
38
|
+
Returns the result of the block call. So you can do:
|
39
|
+
response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
40
|
+
"Hello world #{user_info[:user]}"
|
41
|
+
end
|
42
|
+
|
31
43
|
=== Exceptions thrown
|
32
44
|
==== Masquerade::PermissionsError
|
33
|
-
|
34
45
|
If the user running the script does not have the privileges to masquerade as the given user.
|
35
46
|
|
36
47
|
==== Masquerade::BadUserOrGroupError
|
37
48
|
If the given user or group does not exist
|
38
49
|
|
39
|
-
|
40
|
-
|
41
|
-
Returns the result of the block call. So you can do:
|
42
|
-
response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
43
|
-
"Hello world #{user_info[:user]}"
|
44
|
-
end
|
50
|
+
=end
|
data/Rakefile
CHANGED
@@ -2,12 +2,12 @@ require "rubygems"
|
|
2
2
|
require "rake"
|
3
3
|
require "echoe"
|
4
4
|
|
5
|
-
Echoe.new("masquerade", "0.
|
6
|
-
p.description = "A user/group impersonator. Allows you to run a block of code as another user or group."
|
7
|
-
p.summary = "A user/group impersonator. Allows you to run a block of code as another user or group"
|
5
|
+
Echoe.new("masquerade", "0.8.0") do |p|
|
6
|
+
p.description = "A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only."
|
7
|
+
p.summary = "A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only."
|
8
8
|
p.url = "http://rubygems.org/gems/masquerade"
|
9
9
|
p.author = "Nitesh Goel"
|
10
|
-
p.email = "nitesh@
|
10
|
+
p.email = "nitesh@sigfig.com"
|
11
11
|
p.ignore_pattern = ["tmp/*", "script/*"]
|
12
12
|
end
|
13
13
|
|
data/lib/masquerade.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
require "etc"
|
2
1
|
=begin rdoc
|
3
2
|
= Masquerade
|
4
3
|
|
@@ -10,6 +9,7 @@ Run a block of code as another user/group.
|
|
10
9
|
|
11
10
|
== Usage
|
12
11
|
|
12
|
+
=== To run a block of ruby code as another user/group
|
13
13
|
To run a block of code as user "roger" and group "developer":
|
14
14
|
Masquerade.as :user => "roger", :group => "developer" do
|
15
15
|
puts "Hello world"
|
@@ -20,9 +20,11 @@ Alternatively, you can use the uid and gid directly:
|
|
20
20
|
puts "Hello world"
|
21
21
|
end
|
22
22
|
|
23
|
-
The block of code
|
23
|
+
The block of code gets a user_info parameter.
|
24
|
+
This paramter can have a user and a group object depending on what was passed to the as method. So you can do things like:
|
24
25
|
Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
25
|
-
puts
|
26
|
+
puts user_info[:user].inspect
|
27
|
+
puts user_info[:group].inspect
|
26
28
|
end
|
27
29
|
|
28
30
|
Both :user and :group params are optional and you can choose to give one of the two or both:
|
@@ -30,72 +32,115 @@ Both :user and :group params are optional and you can choose to give one of the
|
|
30
32
|
puts "Hello #{user_info[:user]}"
|
31
33
|
end
|
32
34
|
|
35
|
+
If a :user is given without a corresponding :group, the primary group of the user is used.
|
36
|
+
|
37
|
+
==== Return value
|
38
|
+
Returns the result of the block call. So you can do:
|
39
|
+
response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
40
|
+
"Hello world #{user_info[:user]}"
|
41
|
+
end
|
42
|
+
|
33
43
|
=== Exceptions thrown
|
34
44
|
==== Masquerade::PermissionsError
|
35
|
-
|
36
45
|
If the user running the script does not have the privileges to masquerade as the given user.
|
37
46
|
|
38
47
|
==== Masquerade::BadUserOrGroupError
|
39
48
|
If the given user or group does not exist
|
40
49
|
|
41
|
-
=== Return value
|
42
|
-
|
43
|
-
Returns the result of the block call. So you can do:
|
44
|
-
response = Masquerade.as :user => "roger", :group => "developer" do |user_info|
|
45
|
-
"Hello world #{user_info[:user]}"
|
46
|
-
end
|
47
50
|
=end
|
51
|
+
|
52
|
+
require "etc"
|
53
|
+
require "masquerade/bad_user_or_group_error"
|
54
|
+
require "masquerade/permission_error"
|
55
|
+
|
48
56
|
module Masquerade
|
57
|
+
# Run a block of ruby code as another user/group
|
49
58
|
def self.as(who)
|
50
59
|
current_euid = Process.euid
|
51
60
|
current_egid = Process.egid
|
52
61
|
current_uid = Process.uid
|
53
62
|
current_gid = Process.gid
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
user_struct = nil
|
70
|
-
if who[:user].kind_of? String
|
71
|
-
# get user info by name
|
72
|
-
user_struct = Etc.getpwnam(who[:user])
|
73
|
-
elsif who[:user].kind_of? Numeric
|
74
|
-
# get user info by uid
|
75
|
-
user_struct = Etc.getpwuid(who[:user])
|
76
|
-
end
|
77
|
-
# set the uid of the current process to that of the chosen user
|
78
|
-
Process.euid = user_struct.uid
|
79
|
-
Process.uid = user_struct.uid
|
63
|
+
current_groups = Process.groups
|
64
|
+
group_struct = nil
|
65
|
+
user_struct = nil
|
66
|
+
|
67
|
+
if who.include? :group
|
68
|
+
group_struct = self.system_group(who[:group])
|
69
|
+
# set the gid of the current process to that of the chosen group
|
70
|
+
Process.egid = group_struct.gid
|
71
|
+
Process.gid = group_struct.gid
|
72
|
+
end
|
73
|
+
if who.include? :user
|
74
|
+
user_struct = self.system_user(who[:user])
|
75
|
+
unless who.include? :group
|
76
|
+
Process.egid = user_struct.gid
|
77
|
+
Process.gid = user_struct.gid
|
80
78
|
end
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
79
|
+
# set the supplemental groups
|
80
|
+
Process.initgroups(user_struct.name, user_struct.gid)
|
81
|
+
# set the uid of the current process to that of the chosen user
|
82
|
+
Process.euid = user_struct.uid
|
83
|
+
Process.uid = user_struct.uid
|
85
84
|
end
|
85
|
+
|
86
86
|
# run the block
|
87
|
-
|
88
|
-
|
87
|
+
yield_who = {}
|
88
|
+
yield_who[:user] = user_struct unless user_struct.nil?
|
89
|
+
yield_who[:group] = group_struct unless group_struct.nil?
|
90
|
+
response = yield yield_who
|
91
|
+
|
92
|
+
# restore process user and groups
|
89
93
|
Process.uid = current_uid
|
90
94
|
Process.euid = current_euid
|
91
95
|
Process.gid = current_gid
|
92
96
|
Process.egid = current_egid
|
97
|
+
begin
|
98
|
+
Process.groups = current_groups
|
99
|
+
rescue Errno::EINVAL
|
100
|
+
#on macs, groups like com.apple.screen_sharing cannot be set
|
101
|
+
end
|
93
102
|
return response
|
94
103
|
end
|
95
104
|
|
96
|
-
|
105
|
+
private
|
106
|
+
|
107
|
+
def self.system_user(user_name_or_id)
|
108
|
+
begin
|
109
|
+
user_struct = {}
|
110
|
+
if user_name_or_id.kind_of? String
|
111
|
+
# get user info by name
|
112
|
+
user_struct = Etc.getpwnam(user_name_or_id)
|
113
|
+
elsif user_name_or_id.kind_of? Numeric
|
114
|
+
# get user info by uid
|
115
|
+
user_struct = Etc.getpwuid(user_name_or_id)
|
116
|
+
else
|
117
|
+
raise Masquerade::BadUserOrGroupError, "The user must be a string (username) or a number (uid)"
|
118
|
+
end
|
119
|
+
return user_struct
|
120
|
+
rescue Errno::EPERM
|
121
|
+
raise Masquerade::PermissionsError, "You do not have permissions to impersonate this user or group"
|
122
|
+
rescue ArgumentError
|
123
|
+
raise Masquerade::BadUserOrGroupError, "The user or group does not exist"
|
124
|
+
end
|
97
125
|
end
|
98
126
|
|
99
|
-
|
127
|
+
def self.system_group(group_name_or_id)
|
128
|
+
begin
|
129
|
+
group_struct = {}
|
130
|
+
if group_name_or_id.kind_of? String
|
131
|
+
# get group info by name
|
132
|
+
group_struct = Etc.getgrnam(group_name_or_id)
|
133
|
+
elsif group_name_or_id.kind_of? Numeric
|
134
|
+
# get group info by gid
|
135
|
+
group_struct = Etc.getgrgid(group_name_or_id)
|
136
|
+
else
|
137
|
+
raise Masquerade::BadUserOrGroupError, "The group must be a string (group name) or a number (gid)"
|
138
|
+
end
|
139
|
+
return group_struct
|
140
|
+
rescue Errno::EPERM
|
141
|
+
raise Masquerade::PermissionsError, "You do not have permissions to impersonate this user or group"
|
142
|
+
rescue ArgumentError
|
143
|
+
raise Masquerade::BadUserOrGroupError, "The user or group does not exist"
|
144
|
+
end
|
100
145
|
end
|
101
146
|
end
|
data/masquerade.gemspec
CHANGED
@@ -2,21 +2,22 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{masquerade}
|
5
|
-
s.version = "0.
|
5
|
+
s.version = "0.8.0"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Nitesh Goel"]
|
9
|
-
s.date = %q{2011-05-
|
10
|
-
s.description = %q{A user/group impersonator. Allows you to run a block of code as another user or group.}
|
11
|
-
s.email = %q{nitesh@
|
12
|
-
s.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc", "lib/masquerade.rb"]
|
13
|
-
s.files = ["CHANGELOG.rdoc", "Manifest", "README.rdoc", "Rakefile", "lib/masquerade.rb", "masquerade.gemspec"]
|
9
|
+
s.date = %q{2011-05-26}
|
10
|
+
s.description = %q{A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.}
|
11
|
+
s.email = %q{nitesh@sigfig.com}
|
12
|
+
s.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc", "lib/masquerade.rb", "lib/masquerade/bad_user_or_group_error.rb", "lib/masquerade/permission_error.rb"]
|
13
|
+
s.files = ["CHANGELOG.rdoc", "Manifest", "README.rdoc", "Rakefile", "lib/masquerade.rb", "lib/masquerade/bad_user_or_group_error.rb", "lib/masquerade/permission_error.rb", "test/as_test.rb", "masquerade.gemspec"]
|
14
14
|
s.homepage = %q{http://rubygems.org/gems/masquerade}
|
15
15
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Masquerade", "--main", "README.rdoc"]
|
16
16
|
s.require_paths = ["lib"]
|
17
17
|
s.rubyforge_project = %q{masquerade}
|
18
18
|
s.rubygems_version = %q{1.7.2}
|
19
|
-
s.summary = %q{A user/group impersonator. Allows you to run a block of code as another user or group}
|
19
|
+
s.summary = %q{A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.}
|
20
|
+
s.test_files = ["test/as_test.rb"]
|
20
21
|
|
21
22
|
if s.respond_to? :specification_version then
|
22
23
|
s.specification_version = 3
|
data/test/as_test.rb
ADDED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: masquerade
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 63
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
8
|
+
- 8
|
9
9
|
- 0
|
10
|
-
version: 0.
|
10
|
+
version: 0.8.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Nitesh Goel
|
@@ -15,11 +15,11 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-05-
|
18
|
+
date: 2011-05-26 00:00:00 Z
|
19
19
|
dependencies: []
|
20
20
|
|
21
|
-
description: A user/group impersonator. Allows you to run a block of code as another user or group.
|
22
|
-
email: nitesh@
|
21
|
+
description: A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.
|
22
|
+
email: nitesh@sigfig.com
|
23
23
|
executables: []
|
24
24
|
|
25
25
|
extensions: []
|
@@ -28,12 +28,17 @@ extra_rdoc_files:
|
|
28
28
|
- CHANGELOG.rdoc
|
29
29
|
- README.rdoc
|
30
30
|
- lib/masquerade.rb
|
31
|
+
- lib/masquerade/bad_user_or_group_error.rb
|
32
|
+
- lib/masquerade/permission_error.rb
|
31
33
|
files:
|
32
34
|
- CHANGELOG.rdoc
|
33
35
|
- Manifest
|
34
36
|
- README.rdoc
|
35
37
|
- Rakefile
|
36
38
|
- lib/masquerade.rb
|
39
|
+
- lib/masquerade/bad_user_or_group_error.rb
|
40
|
+
- lib/masquerade/permission_error.rb
|
41
|
+
- test/as_test.rb
|
37
42
|
- masquerade.gemspec
|
38
43
|
homepage: http://rubygems.org/gems/masquerade
|
39
44
|
licenses: []
|
@@ -73,6 +78,6 @@ rubyforge_project: masquerade
|
|
73
78
|
rubygems_version: 1.7.2
|
74
79
|
signing_key:
|
75
80
|
specification_version: 3
|
76
|
-
summary: A user/group impersonator. Allows you to run a block of code as another user or group
|
77
|
-
test_files:
|
78
|
-
|
81
|
+
summary: A user/group impersonator. Allows you to run a block of code as another user or group. *NIX only.
|
82
|
+
test_files:
|
83
|
+
- test/as_test.rb
|