-
Notifications
You must be signed in to change notification settings - Fork 5
/
configd.go
98 lines (85 loc) · 1.79 KB
/
configd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright (c) 2018-2020, AT&T Intellectual Property. All rights reserved.
//
// Copyright (c) 2014-2017 by Brocade Communications Systems, Inc.
// All rights reserved.
//
// SPDX-License-Identifier: LGPL-2.1-only
package configd
import (
"log"
"log/syslog"
"os"
"path/filepath"
"github.com/danos/config/auth"
"github.com/danos/config/schema"
)
type LockId int32
const (
COMMIT LockId = -1
SYSTEM LockId = -2
)
func (l LockId) String() string {
switch l {
case COMMIT:
return "commit"
case SYSTEM:
return "system"
}
return "unknown"
}
type Context struct {
Configd bool
Auth auth.Auther
Pid int32
Uid uint32
User string
UserHome string
Groups []string
Superuser bool
Config *Config
Dlog *log.Logger
Elog *log.Logger
Wlog *log.Logger
CompMgr schema.ComponentManager
Noexec bool
}
// Raising privileges should be done sparingly as it bypasses things like
// ACM, secret redaction etc. however it is occasionally necessary.
func (c *Context) RaisePrivileges() {
c.Configd = true
}
func (c *Context) DropPrivileges() {
c.Configd = false
}
type Config struct {
User string
Runfile string
Logfile string
Pidfile string
Yangdir string
Socket string
SecretsGroup string
SuperGroup string
Capabilities string
}
//version of syslog.NewLogger which uses base program name as logging tag
func NewLogger(p syslog.Priority, logFlag int) (*log.Logger, error) {
var tag string
tag = filepath.Base(os.Args[0])
s, err := syslog.New(p, tag)
if err != nil {
return nil, err
}
return log.New(s, "", logFlag), nil
}
func InSecretsGroup(ctx *Context) bool {
if ctx.Configd {
return true
}
for _, g := range ctx.Groups {
if g == ctx.Config.SecretsGroup {
return true
}
}
return false
}