add acl to drb server

mojombo · Sep 4, 2007 · 231644b · 231644b
1 parent 7f94adb
commit 231644b
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 9 deletions.
diff --git a/bin/god b/bin/god
@@ -74,8 +74,15 @@ elsif command = ARGV[0]
   # a command was specified
 
   # connect to remote drb
-    DRb.start_service
-    server = DRbObject.new nil, "druby://localhost:#{options[:port]}"
+  DRb.start_service
+  server = DRbObject.new nil, "druby://localhost:#{options[:port]}"
+
+  begin
+    server.ping
+  rescue DRb::DRbConnError
+    puts "The server is not available (or you do not have permissions to access it)"
+    exit!
+  end
 
   if command == 'load'
     file = ARGV[1]

diff --git a/lib/god.rb b/lib/god.rb
@@ -58,11 +58,14 @@ module God
 
   LOG_BUFFER_SIZE_DEFAULT = 100
   PID_FILE_DIRECTORY_DEFAULT = '/var/run/god'
+  DRB_PORT_DEFAULT = 17165
+  DRB_ALLOW_DEFAULT = ['localhost']
 
   class << self
     # user configurable
     attr_accessor :host,
                   :port,
+                  :allow,
                   :log_buffer_size,
                   :pid_file_directory
 
@@ -95,6 +98,8 @@ def self.internal_init
     # set defaults
     self.log_buffer_size = LOG_BUFFER_SIZE_DEFAULT
     self.pid_file_directory = PID_FILE_DIRECTORY_DEFAULT
+    self.port = DRB_PORT_DEFAULT
+    self.allow = DRB_ALLOW_DEFAULT
 
     # yield to the config file
     yield self if block_given?
@@ -167,6 +172,10 @@ def self.unwatch(watch)
     end
   end
 
+  def self.ping
+    true
+  end
+
   def self.control(name, command)
     # get the list of watches
     watches = Array(self.watches[name] || self.groups[name])
@@ -246,7 +255,7 @@ def self.setup
     end
   end
 
-  def self.validate
+  def self.validater
     unless test(?w, self.pid_file_directory)
       abort "The pid file directory (#{self.pid_file_directory}) is not writable by #{Etc.getlogin}"
     end
@@ -255,10 +264,10 @@ def self.validate
   def self.start
     self.internal_init
     self.setup
-    self.validate
+    self.validater
 
     # instantiate server
-    self.server = Server.new(self.host, self.port)
+    self.server = Server.new(self.host, self.port, self.allow)
 
     # start event handler system
     EventHandler.start if EventHandler.loaded?

diff --git a/lib/god/server.rb b/lib/god/server.rb
@@ -1,4 +1,5 @@
 require 'drb'
+require 'drb/acl'
 
 # The God::Server oversees the DRb server which dishes out info on this God daemon.
 
@@ -7,9 +8,10 @@ module God
   class Server
     attr_reader :host, :port
 
-    def initialize(host = nil, port = nil)
+    def initialize(host = nil, port = nil, allow = [])
       @host = host
-      @port = port || 17165
+      @port = port
+      @acl = %w{deny all} + allow.inject([]) { |acc, a| acc + ['allow', a] }
       puts "Starting on #{@host}:#{@port}"
       start
     end
@@ -21,6 +23,9 @@ def method_missing(*args, &block)
     private
 
     def start
+      acl = ACL.new(@acl)
+      DRb.install_acl(acl)
+
       @drb ||= DRb.start_service("druby://#{@host}:#{@port}", self) 
     end
   end

diff --git a/test/test_god.rb b/test/test_god.rb
@@ -4,7 +4,7 @@ class TestGod < Test::Unit::TestCase
   def setup
     Server.stubs(:new).returns(true)
     God.stubs(:setup).returns(true)
-    God.stubs(:validate).returns(true)
+    God.stubs(:validater).returns(true)
     God.reset
   end
 
@@ -194,6 +194,12 @@ def test_unwatch_should_remove_from_group
     assert !God.groups[w.group].include?(w)
   end
 
+  # ping
+
+  def test_ping_should_return_true
+    assert God.ping
+  end
+
   # control
 
   def test_control_should_monitor_on_start
@@ -450,4 +456,20 @@ def test_setup_should_raise_if_no_permissions_to_create_pid_file_directory
       God.setup
     end
   end
+
+  # validate
+
+  def test_validate_should_abort_if_pid_file_directory_is_unwriteable
+    God.expects(:test).returns(false)
+    assert_abort do
+      God.validater
+    end
+  end
+
+  def test_validate_should_not_abort_if_pid_file_directory_is_writeable
+    God.expects(:test).returns(true)
+    assert_nothing_raised do
+      God.validater
+    end
+  end
 end
diff --git a/test/test_server.rb b/test/test_server.rb
@@ -21,12 +21,26 @@ def test_should_use_supplied_port_and_host
     end
   end
 
-  def test_should_forward_foreign_method_calls_to_meddle
+  def test_should_forward_foreign_method_calls_to_god
     server = nil
     no_stdout do
       server = Server.new
     end
     God.expects(:send).with(:something_random)
     server.something_random
   end
+
+  def test_should_install_deny_all_by_default
+    ACL.expects(:new).with(%w{deny all})
+    no_stdout do
+      Server.new
+    end
+  end
+
+  def test_should_install_pass_through_acl
+    ACL.expects(:new).with(%w{deny all allow localhost allow 0.0.0.0})
+    no_stdout do
+      Server.new(nil, 17165, %w{localhost 0.0.0.0})
+    end
+  end
 end