Implement support for running specific CLI commands as root

fixes #7380
This commit is contained in:
Gunnar Beutner 2014-10-24 15:29:46 +02:00
parent d3c9e052e9
commit 80a3298b5e
11 changed files with 97 additions and 53 deletions

View File

@ -333,6 +333,12 @@ int Main(void)
rc = 0;
} else if (command) {
#ifndef _WIN32
if (command->GetImpersonationLevel() == ImpersonateRoot) {
if (getuid() != 0) {
Log(LogCritical, "cli", "This command must be run as root.");
return 0;
}
} else if (command && command->GetImpersonationLevel() == ImpersonateIcinga) {
String group = Application::GetRunAsGroup();
errno = 0;
@ -395,6 +401,7 @@ int Main(void)
return EXIT_FAILURE;
}
}
}
#endif /* _WIN32 */
std::vector<std::string> args;

View File

@ -77,6 +77,11 @@ std::vector<String> AgentSetupCommand::GetArgumentSuggestions(const String& argu
return CLICommand::GetArgumentSuggestions(argument, word);
}
ImpersonationLevel AgentSetupCommand::GetImpersonationLevel(void) const
{
return ImpersonateRoot;
}
/**
* The entry point for the "agent setup" CLI command.
*

View File

@ -40,6 +40,7 @@ public:
virtual void InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc) const;
virtual std::vector<String> GetArgumentSuggestions(const String& argument, const String& word) const;
virtual ImpersonationLevel GetImpersonationLevel(void) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;
private:

View File

@ -159,6 +159,11 @@ void CLICommand::InitParameters(boost::program_options::options_description& vis
boost::program_options::options_description& hiddenDesc) const
{ }
ImpersonationLevel CLICommand::GetImpersonationLevel(void) const
{
return ImpersonateIcinga;
}
bool CLICommand::ParseCommand(int argc, char **argv, po::options_description& visibleDesc,
po::options_description& hiddenDesc,
po::positional_options_description& positionalDesc,

View File

@ -32,6 +32,13 @@ namespace icinga
std::vector<String> I2_CLI_API GetBashCompletionSuggestions(const String& type, const String& word);
std::vector<String> I2_CLI_API GetFieldCompletionSuggestions(const Type *type, const String& word);
enum ImpersonationLevel
{
ImpersonateNone,
ImpersonateRoot,
ImpersonateIcinga
};
/**
* A CLI command.
*
@ -50,6 +57,7 @@ public:
virtual int GetMaxArguments(void) const;
virtual void InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc) const;
virtual ImpersonationLevel GetImpersonationLevel(void) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const = 0;
virtual std::vector<String> GetArgumentSuggestions(const String& argument, const String& word) const;
virtual std::vector<String> GetPositionalSuggestions(const String& word) const;

View File

@ -51,6 +51,11 @@ int FeatureDisableCommand::GetMaxArguments(void) const
return -1;
}
ImpersonationLevel FeatureDisableCommand::GetImpersonationLevel(void) const
{
return ImpersonateRoot;
}
/**
* The entry point for the "feature disable" CLI command.
*

View File

@ -40,6 +40,7 @@ public:
virtual int GetMinArguments(void) const;
virtual int GetMaxArguments(void) const;
virtual std::vector<String> GetPositionalSuggestions(const String& word) const;
virtual ImpersonationLevel GetImpersonationLevel(void) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;
};

View File

@ -51,6 +51,11 @@ int FeatureEnableCommand::GetMaxArguments(void) const
return -1;
}
ImpersonationLevel FeatureEnableCommand::GetImpersonationLevel(void) const
{
return ImpersonateRoot;
}
/**
* The entry point for the "feature enable" CLI command.
*

View File

@ -40,6 +40,7 @@ public:
virtual int GetMinArguments(void) const;
virtual int GetMaxArguments(void) const;
virtual std::vector<String> GetPositionalSuggestions(const String& word) const;
virtual ImpersonationLevel GetImpersonationLevel(void) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;
};

View File

@ -58,6 +58,11 @@ void RepositoryCommitCommand::InitParameters(boost::program_options::options_des
("simulate", "Simulate to-be-committed changes");
}
ImpersonationLevel RepositoryCommitCommand::GetImpersonationLevel(void) const
{
return ImpersonateRoot;
}
/**
* The entry point for the "repository commit" CLI command.
*

View File

@ -42,6 +42,7 @@ public:
virtual String GetShortDescription(void) const;
virtual void InitParameters(boost::program_options::options_description& visibleDesc,
boost::program_options::options_description& hiddenDesc) const;
virtual ImpersonationLevel GetImpersonationLevel(void) const;
virtual int Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const;
};