Clean up and simplify rpkic privilege-dropping code. All sudo voodoo

is now handled in the outermost script, before rpki.rpkic is even
loaded; rpki.rpkic just assumes that euid and ruid have been set up
correctly and swaps them temporarily when it needs to do file I/O.

svn path=/branches/tk705/; revision=6340

2 files changed, 12 insertions, 46 deletions

diff --git a/ca/rpkic b/ca/rpkic
index 598c075f..77c65c62 100755
--- a/ca/rpkic
+++ b/ca/rpkic
@@ -20,29 +20,29 @@ if __name__ == "__main__":
 
     already_ran_sudo = os.getenv("SUDO_COMMAND") == " ".join(argv)
 
-    try:
-        uid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
-    except:
-        uid = None
-
     euid = os.geteuid()
 
-    if already_ran_sudo or uid is None or uid == euid or euid == 0:
+    try:
+        puid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
+    except KeyError:
+        puid = None
+        print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)
 
-        if not already_ran_sudo:
-            for name in ("SUDO_COMMAND", "SUDO_GID", "SUDO_UID", "SUDO_USER"):
-                if name in os.environ:
-                    del os.environ[name]
+    if puid is not None and already_ran_sudo:
+        try:
+            os.setgid(  int(os.environ["SUDO_GID"]))
+            os.setreuid(int(os.environ["SUDO_UID"]), puid)
+        except OSError as e:
+            sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))
 
+    if already_ran_sudo or puid in (None, euid):
         import rpki.rpkic
         rpki.rpkic.main()
 
     else:
-
         try:
             argv.insert(0, rpki.autoconf.SUDO)
             os.execv(argv[0], argv)
             sys.exit("rpkic startup failure, no exception so don't know why, sorry")
-
         except Exception as e:
             sys.exit("Couldn't exec sudo python rpkic: {!s}".format(e))
diff --git a/rpki/rpkic.py b/rpki/rpkic.py
index 4cba846c..a595fa2c 100644
--- a/rpki/rpkic.py
+++ b/rpki/rpkic.py
@@ -98,9 +98,6 @@ class main(Cmd):
     argsubparsers = full_argparser.add_subparsers(title = "Commands", metavar = "")
 
     def __init__(self):
-
-        self.drop_privs()
-
         Cmd.__init__(self)
         os.environ["TZ"] = "UTC"
         time.tzset()
@@ -138,37 +135,6 @@ class main(Cmd):
         else:
             args.func(self, args)
 
-
-    def drop_privs(self):
-        """
-        Initialize UID swapping and drop unneeded privs.
-
-        Any error here we don't understand is dangerous and therefore fatal.
-        """
-
-        try:
-
-            try:
-                os.setgid(int(os.environ["SUDO_GID"]))
-            except KeyError:
-                pass
-
-            try:
-                uid = int(os.environ["SUDO_UID"])
-            except KeyError:
-                uid = os.getuid()
-
-            try:
-                os.setreuid(uid, pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid)
-            except KeyError:
-                # This is normal when testing uninstalled code, but warn user just in case
-                print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)
-            except OSError as e:
-                sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))
-
-        except Exception as e:
-            sys.exit("Fatal error trying to drop privs: {!s}".format(e))
-
     def read_history(self):
         """
         UID-swapping wrapper for parent .read_history() method.