Merge #1508

doc/guide/bind10-guide.xml

@@ -829,7 +829,6 @@ as a dependency earlier -->
             <row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative server</entry></row>
             <row><entry>b10-resolver</entry><entry>resolver</entry><entry>The resolver</entry></row>
             <row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>The command control (remote control interface)</entry></row>
-            <row><entry>setuid</entry><entry>setuid</entry><entry>Virtual component, see below</entry></row>
             <!-- TODO Either add xfrin and xfrout as well or clean up the workarounds in boss before the release -->
           </tbody>
           </tgroup>
@@ -857,6 +856,7 @@ as a dependency earlier -->
         The priority defines order in which the components should start.
         The ones with higher number are started sooner than the ones with
         lower ones. If you don't set it, 0 (zero) is used as the priority.
+        Usually, leaving it at the default is enough.
       </para>
 
       <para>
@@ -914,22 +914,6 @@ address, but the usual ones don't." mean? -->
         </para>
       </note>
 
-      <para>
-        Now, to the mysterious setuid virtual component. If you
-        use the <command>-u</command> option to start the
-        <command>bind10</command> as root, but change the user
-        later, we need to start the <command>b10-auth</command> or
-        <command>b10-resolver</command> as root (until the socket
-        creator is finished).<!-- TODO --> So we need to specify
-        the time when the switch from root do the given user happens
-        and that's what the setuid component is for. The switch is
-        done at the time the setuid component would be started, if
-        it was a process. The default configuration contains the
-        setuid component with priority 5, <command>b10-auth</command>
-        has 10 to be started before the switch and everything else
-        is without priority, so it is started after the switch.
-      </para>
-
     </section>
 
   </chapter>

src/bin/bind10/bob.spec

@@ -8,12 +8,7 @@
         "item_type": "named_set",
         "item_optional": false,
         "item_default": {
-          "b10-auth": { "special": "auth", "kind": "needed", "priority": 10 },
-          "setuid": {
-            "special": "setuid",
-            "priority": 5,
-            "kind": "dispensable"
-          },
+          "b10-auth": { "special": "auth", "kind": "needed" },
           "b10-xfrin": { "address": "Xfrin", "kind": "dispensable" },
           "b10-xfrout": { "address": "Xfrout", "kind": "dispensable" },
           "b10-zonemgr": { "address": "Zonemgr", "kind": "dispensable" },

src/lib/python/isc/bind10/special_component.py

@@ -36,6 +36,7 @@ class SockCreator(BaseComponent):
     def __init__(self, process, boss, kind, address=None, params=None):
         BaseComponent.__init__(self, boss, kind)
         self.__creator = None
+        self.__uid = boss.uid
 
     def _start_internal(self):
         self._boss.curproc = 'b10-sockcreator'
@@ -44,6 +45,9 @@ class SockCreator(BaseComponent):
         self._boss.register_process(self.pid(), self)
         self._boss.set_creator(self.__creator)
         self._boss.log_started(self.pid())
+        if self.__uid is not None:
+            logger.info(BIND10_SETUID, self.__uid)
+            posix.setuid(self.__uid)
 
     def _stop_internal(self):
         self.__creator.terminate()
@@ -108,32 +112,6 @@ class CmdCtl(Component):
     def __init__(self, process, boss, kind, address=None, params=None):
         Component.__init__(self, process, boss, kind, 'Cmdctl', None,
                            boss.start_cmdctl)
-
-class SetUID(BaseComponent):
-    """
-    This is a pseudo-component which drops root privileges when started
-    and sets the uid stored in boss.
-
-    This component does nothing when stopped.
-    """
-    def __init__(self, process, boss, kind, address=None, params=None):
-        BaseComponent.__init__(self, boss, kind)
-        self.uid = boss.uid
-
-    def _start_internal(self):
-        if self.uid is not None:
-            logger.info(BIND10_SETUID, self.uid)
-            posix.setuid(self.uid)
-
-    def _stop_internal(self): pass
-    def kill(self, forceful=False): pass
-
-    def name(self):
-        return "Set UID"
-
-    def pid(self):
-        return None
-
 def get_specials():
     """
     List of specially started components. Each one should be the class than can
@@ -147,7 +125,5 @@ def get_specials():
         # They should not have any parameters anyway
         'auth': Auth,
         'resolver': Resolver,
-        'cmdctl': CmdCtl,
-        # TODO: Remove when not needed, workaround before sockcreator works
-        'setuid': SetUID
+        'cmdctl': CmdCtl
     }

src/lib/python/isc/bind10/tests/component_test.py

@@ -507,8 +507,7 @@ class ComponentTests(BossUtils, unittest.TestCase):
                                isc.bind10.special_component.CfgMgr,
                                isc.bind10.special_component.Auth,
                                isc.bind10.special_component.Resolver,
-                               isc.bind10.special_component.CmdCtl,
-                               isc.bind10.special_component.SetUID]:
+                               isc.bind10.special_component.CmdCtl]:
             component = component_type('none', self, 'needed')
             self.assertIsNone(component.pid())
 
@@ -611,14 +610,38 @@ class ComponentTests(BossUtils, unittest.TestCase):
     def setuid(self, uid):
         self.__uid_set = uid
 
-    def test_setuid(self):
+    class FakeCreator:
+        def pid(self):
+            return 42
+        def terminate(self): pass
+        def kill(self): pass
+
+    def set_creator(self, creator):
+        """
+        Part of faking being the boss. Check the creator (faked as well)
+        is passed here.
+        """
+        self.assertTrue(isinstance(creator, self.FakeCreator))
+
+    def log_started(self, pid):
+        """
+        Part of faking the boss. Check the pid is the one of the fake creator.
+        """
+        self.assertEqual(42, pid)
+
+    def test_creator(self):
         """
-        Some tests around the SetUID pseudo-component.
+        Some tests around the SockCreator component.
         """
-        component = isc.bind10.special_component.SetUID(None, self, 'needed',
-                                                        None)
+        component = isc.bind10.special_component.SockCreator(None, self,
+                                                             'needed', None)
         orig_setuid = isc.bind10.special_component.posix.setuid
         isc.bind10.special_component.posix.setuid = self.setuid
+        orig_creator = \
+            isc.bind10.special_component.isc.bind10.sockcreator.Creator
+        # Just ignore the creator call
+        isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
+            lambda path: self.FakeCreator()
         component.start()
         # No uid set in boss, nothing called.
         self.assertIsNone(self.__uid_set)
@@ -627,11 +650,14 @@ class ComponentTests(BossUtils, unittest.TestCase):
         component.kill()
         component.kill(True)
         self.uid = 42
-        component = isc.bind10.special_component.SetUID(None, self, 'needed',
-                                                        None)
+        component = isc.bind10.special_component.SockCreator(None, self,
+                                                             'needed', None)
         component.start()
         # This time, it get's called
         self.assertEqual(42, self.__uid_set)
+        isc.bind10.special_component.posix.setuid = orig_setuid
+        isc.bind10.special_component.isc.bind10.sockcreator.Creator = \
+            orig_creator
 
 class TestComponent(BaseComponent):
     """