sudo 0.0.1

data/README.rdoc

@@ -0,0 +1,101 @@
+= Ruby Sudo
+
+Give Ruby objects superuser privileges.
+
+Based on dRuby[http://ruby-doc.org/ruby-1.9/classes/DRb.html] and 
+sudo[http://www.sudo.ws/].
+
+Only tested with {MRI 1.9}[http://en.wikipedia.org/wiki/Ruby_MRI] .
+
+== REQUIREMENTS
+
+Your user must be allowed, in +/etc/sudoers+, to run +ruby+ and +kill+
+commands as root.
+
+A password will be required from the console, or not, depending on
+the +NOPASSWD+ options in +/etc/sudoers+.
+
+== USAGE
+
+=== DSL style
+
+  require 'fileutils'
+  require 'sudo'
+
+  include Sudo::DSL
+
+  # The String will be passed as options to sudo-ed Ruby interpreter
+  sudo_start "-rfileutils"
+
+  # only readable by root
+  puts sudo(File).read '/etc/shadow'
+
+  # write into the / 
+  sudo(FileUtils).mkdir_p '/TEST_DIR/SUB_DIR' 
+
+  # Stop the dRuby server (whish is running as root), as soon as you can
+  sudo_stop
+
+=== Explicit creation of a Wrapper object, block given
+
+  require 'fileutils'
+  require 'sudo'
+
+  Sudo::Wrapper.run('-rfileutils) do |su|
+    # here you use square brackets [] :
+    # su is an object, not a (top-level) method.
+    su[FileUtils].mkdir_p '/ONLY/ROOT/CAN/DO/THAT'
+  end
+  # Sockets and processes are closed automatically when the block exits
+
+=== Explicit creation of a Wrapper object, without block
+
+  require 'mygem/myclass'
+  require 'sudo'
+
+  obj   = MyGem::MyClass.new
+  
+  sudo  = Sudo::Wrapper.new(-rmygem/myclass -rmygem/myclass2)
+  
+  sudo.start!
+
+  sudo[obj].method # will be run as root (well, a sudo-ed copy) 
+
+  # when you've done:
+  sudo.stop!
+
+== PRINCIPLES OF OPERATION
+
+Spawns a sudo-ed Ruby process running a 
+DRb[http://ruby-doc.org/ruby-1.9/classes/DRb.html] server. Communication is
+done via a Unix socket (and, of course, permissions are set to +0600+).
+
+No long-running daemons involved, everything is created on demand.
+
+Access control is entirely delegated to +sudo+.
+
+== TODO
+
+* +sudo+ has a +-A+ option to accept password via an external program
+  (maybe graphical): support this feature.
+
+* more options in Sudo::Wrapper.new, maybe a Hash.
+
+== THANKS
+
+Thanks to Tony Arcieri and Brian Candler for suggestions on 
+ruby-talk[http://www.ruby-forum.com/topic/262655].
+
+== AUTHOR
+
+Copyright (c) 2010 {Guido De Rosa}[http://github.com/gderosa/].
+
+Sponsored by {VEMAR s.a.s.}[http://www.vemarsas.it/] 
+
+== LICENSE
+
+Ruby's.
+
+
+
+

data/examples/block.rb

@@ -0,0 +1,18 @@
+require 'fileutils'
+require 'sudo'
+
+Sudo::Wrapper.run('-rfileutils') do |su|
+
+  su[File].open '/TEST', 'w' do |f|
+    f.puts "Hello from UID=#{su[Process].uid}!"
+  end
+
+  su[FileUtils].cp '/etc/shadow', '/etc/shadow2'
+
+end
+
+
+
+
+
+

data/examples/dsl.rb

@@ -0,0 +1,13 @@
+require 'sudo'
+
+include Sudo::DSL
+
+sudo_start "-rfileutils"
+
+puts sudo(File).read '/etc/shadow'
+
+sudo(FileUtils).mkdir_p '/TEST_DIR/SUB_DIR'
+
+#sudo_stop # automatic clenup, when out of scope, if not explicit
+
+

data/examples/new.rb

@@ -0,0 +1,24 @@
+require 'fileutils'
+require 'sudo'
+
+su = Sudo::Wrapper.new('-rfileutils')
+
+su.start!
+
+su[File].open '/TEST', 'w' do |f|
+  f.puts "Hello from UID=#{su[Process].uid}!"
+end
+
+su[FileUtils].cp '/etc/shadow', '/etc/shadow2'
+
+# i you don't call stop! explicitly, the corresponding process and file
+# cleanup will be done automatically, when the object gets out of scope
+#
+# su.stop!
+
+
+
+
+
+
+

data/lib/sudo.rb

@@ -0,0 +1,44 @@
+require 'drb/drb'
+require 'sudo/support/kernel'
+require 'sudo/support/object'
+require 'sudo/support/process'
+require 'sudo/wrapper'
+
+module Sudo
+
+  VERSION       = '0.0.1'
+  ROOTDIR       = File.expand_path File.join File.dirname(__FILE__), '..'
+  LIBDIR        = File.join ROOTDIR, 'lib'
+  SERVER_SCRIPT = File.join ROOTDIR, 'libexec/server.rb'
+
+  class RuntimeError  < RuntimeError; end
+
+  module DSL
+    def sudo_start(*args, &blk)
+      @__default_sudo_wrapper = Sudo::Wrapper.new(*args, &blk).start!
+    end
+    def sudo_stop
+      @__default_sudo_wrapper.stop!
+    end
+    def sudo(object)
+      @__default_sudo_wrapper[object]
+    end
+  end
+
+  class MethodProxy
+    def initialize(object, proxy)
+      @object = object
+      @proxy = proxy
+    end
+    def method_missing(method=:self, *args, &blk)
+      @proxy.proxy @object, method, *args, &blk
+    end
+  end
+
+  class Proxy
+    def proxy(object, method=:self, *args, &blk) 
+      object.send method, *args, &blk
+    end
+  end
+
+end

data/lib/sudo/support/kernel.rb

@@ -0,0 +1,20 @@
+module Kernel
+  def wait_for(conf)
+    start = Time.now
+    defaults = {
+      :timeout  => nil,
+      :step     => 0.125
+    }
+    conf = defaults.update conf
+    condition = false
+    loop do
+      condition = yield
+
+      break if    condition
+      break if    conf[:timeout] and Time.now - start > conf[:timeout]
+      
+      sleep       conf[:step]
+    end
+    condition 
+  end 
+end

data/lib/sudo/support/object.rb

@@ -0,0 +1,5 @@
+class Object
+  def self
+    self
+  end
+end

data/lib/sudo/support/process.rb

@@ -0,0 +1,14 @@
+module Process
+  class << self
+    # Thanks to:
+    # http://stackoverflow.com/questions/141162/how-can-i-determine-if-a-different-process-id-is-running-using-java-or-jruby-on-l
+    def exists?(pid)
+      begin
+        Process.getpgid( pid )
+        true
+      rescue Errno::ESRCH
+        false
+      end
+    end
+  end
+end

data/lib/sudo/wrapper.rb

@@ -0,0 +1,120 @@
+require 'drb/drb'
+require 'sudo/support/kernel'
+require 'sudo/support/object'
+require 'sudo/support/process'
+
+begin
+  DRb.current_server
+rescue DRb::DRbServerNotFound
+  DRb.start_service
+end
+
+module Sudo
+  class Wrapper
+
+    class RuntimeError              < RuntimeError;       end
+    class NotRunning                < RuntimeError;       end
+    class SudoFailed                < RuntimeError;       end
+    class SocketStillExists         < RuntimeError;       end
+    class SudoProcessExists         < RuntimeError;       end
+    class SudoProcessAlreadyExists  < SudoProcessExists;  end
+    class SudoProcessStillExists    < RuntimeError;       end
+    class NoValidSocket             < RuntimeError;       end
+    class SocketNotFound            < NoValidSocket;      end
+    class NoValidSudoPid            < RuntimeError;       end
+    class SudoProcessNotFound       < NoValidSudoPid;     end
+
+    class << self
+
+      # with blocks
+      def run(*args)
+        sudo = new(*args)
+        yield sudo.start!
+        sudo.stop!
+      end 
+
+      # Not an instance method, so it may act as a finalizer
+      # (as in ObjectSpace.define_finalizer)
+      def cleanup!(h)
+        if h[:pid] and Process.exists? h[:pid]
+          system "sudo kill     #{h[:pid]}"               or
+          system "sudo kill -9  #{h[:pid]}"               or
+          raise SudoProcessStillExists, 
+            "Couldn't kill sudo process (PID=#{h[:pid]})" 
+        end
+        if h[:socket] and File.exists? h[:socket]
+          system "sudo rm -f #{h[:socket]}"               or
+          raise SocketStillExists,
+              "Couldn't delete socket #{h[:socket]}"
+        end
+      end
+
+    end
+
+    def initialize(ruby_opts='') 
+      @proxy      = nil
+      @socket     = "/tmp/rubysu-#{Process.pid}-#{object_id}" 
+      @sudo_pid   = nil
+      @ruby_opts  = ruby_opts
+    end
+
+    def server_uri; "drbunix:#{@socket}"; end
+    
+    def start! 
+      # just to check if we can sudo; and we'll receive a sudo token
+      raise SudoFailed unless system "sudo ruby -e ''"
+
+      raise SudoProcessAlreadyExists if @sudo_pid and Process.exists? @sudo_pid
+      
+      @sudo_pid = spawn( 
+"sudo ruby -I#{LIBDIR} #{@ruby_opts} #{SERVER_SCRIPT} #{@socket} #{Process.uid}"
+      ) 
+      Process.detach(@sudo_pid) if @sudo_pid # avoid zombies
+      ObjectSpace.define_finalizer self, Finalizer.new(
+          :pid => @sudo_pid, :socket => @socket
+      )
+
+      if wait_for(:timeout => 1){File.exists? @socket}
+        @proxy = DRbObject.new_with_uri(server_uri)
+      else
+        raise RuntimeError, "Couldn't create DRb socket #{@socket}"  
+      end
+      self
+    end
+
+    def running?
+      true if (
+        @sudo_pid and Process.exists? @sudo_pid and
+        @socket   and File.exists?    @socket   and
+        @proxy
+      )
+    end
+
+    def stop!
+      self.class.cleanup!(:pid => @sudo_pid, :socket => @socket)
+      @proxy = nil
+
+    end
+
+    def [](object)
+      if running?
+        MethodProxy.new object, @proxy
+      else
+        raise NotRunning
+      end
+    end
+
+    # Inspired by Remover class in tmpfile.rb (Ruby std library)
+    class Finalizer
+      def initialize(h)
+        @data = h
+      end
+
+      # mimic proc-like behavior (walk like a duck)
+      def call(*args)
+        Sudo::Wrapper.cleanup! @data
+      end
+    end
+
+  end
+end

data/libexec/server.rb

@@ -0,0 +1,18 @@
+require 'drb/drb'
+require 'fileutils'
+require 'sudo'
+
+socket = ARGV[0]
+
+owner = ARGV[1]
+
+uri = "drbunix:#{socket}"
+
+DRb.start_service(uri, Sudo::Proxy.new) 
+
+FileUtils.chown owner, 0, socket
+FileUtils.chmod 0600, socket
+
+DRb.thread.join
+
+

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification 
+name: sudo
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Guido De Rosa
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-22 00:00:00 +02:00
+default_executable: 
+dependencies: []
+
+description: |
+  Give Ruby objects superuser privileges.
+  
+  Based on dRuby and sudo (the Unix program).
+
+email: guido.derosa@vemarsas.it
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/sudo/support/object.rb
+- lib/sudo/support/kernel.rb
+- lib/sudo/support/process.rb
+- lib/sudo/wrapper.rb
+- lib/sudo.rb
+- libexec/server.rb
+- examples/block.rb
+- examples/dsl.rb
+- examples/new.rb
+- README.rdoc
+has_rdoc: true
+homepage: http://github.com/gderosa/rubysu
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Give Ruby objects superuser privileges
+test_files: []
+