1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
from subprocess import call, check_call, CalledProcessError
from os import listdir, unlink
from os.path import join, isdir, islink, exists
from rainbow.util import trace
def active_uid(uid):
cmd = ['/usr/bin/pgrep', '-U', uid]
ret = call(cmd, stdout=open('/dev/null'))
if ret in (0, 1):
return ret == 0
raise CalledProcessError(ret, cmd)
def gc_uid(spool, uid):
"""This function conservatively attempts to garbage-collect stale uid
reservations.
"""
# XXX: D-Bus caches passwd-db data!
# XXX: D-Bus uses a fixed 1k passwd buffer - be careful with long paths &
# comments
reservation = join(spool, 'uid_pool', uid)
assert not isdir(reservation) and not islink(reservation)
# XXX: We perform several execv()'s as root based on strings derived from
# this 'uid' parameter, which originates as a file-name in a user-writable
# directory. Better ideas for input validation would be welcome.
uid_num = int(uid)
assert uid_num >= 1000 and uid_num <= 65534 # XXX: magic numbers from util/spool.py
if active_uid(uid):
return
for table in ('uid_to_instance_dir', 'uid_to_home_dir', 'uid_to_gid'):
row = join(spool, table, uid)
# NB: it is important that rm -rf doesn't follow links. <MS>
check_call(['/bin/rm', '-r', '-f', row])
# So long as we unlink the reservation last, we run no risk of seeing inconsistency
unlink(reservation)
def gc_spool(log, spool):
uspool = join(spool, 'uid_pool')
if exists(uspool) and isdir(uspool):
for maybe_uid in listdir(uspool):
try: gc_uid(spool, maybe_uid)
except: trace()
else:
log(1, "Skipping spool %s", spool)
|