From 231644b5965a8f58e339edd5e9a92cf30400047d Mon Sep 17 00:00:00 2001
From: Tom Preston-Werner <tom@mojombo.com>
Date: Mon, 3 Sep 2007 23:26:34 -0700
Subject: [PATCH] add acl to drb server

---
 bin/god             | 11 +++++++++--
 lib/god.rb          | 15 ++++++++++++---
 lib/god/server.rb   |  9 +++++++--
 test/test_god.rb    | 24 +++++++++++++++++++++++-
 test/test_server.rb | 16 +++++++++++++++-
 5 files changed, 66 insertions(+), 9 deletions(-)

diff --git a/bin/god b/bin/god
index fe3a3c4..5d77784 100755
--- a/bin/god
+++ b/bin/god
@@ -74,8 +74,15 @@ elsif command = ARGV[0]
   # a command was specified
   
   # connect to remote drb
-    DRb.start_service
-    server = DRbObject.new nil, "druby://localhost:#{options[:port]}"
+  DRb.start_service
+  server = DRbObject.new nil, "druby://localhost:#{options[:port]}"
+  
+  begin
+    server.ping
+  rescue DRb::DRbConnError
+    puts "The server is not available (or you do not have permissions to access it)"
+    exit!
+  end
   
   if command == 'load'
     file = ARGV[1]
diff --git a/lib/god.rb b/lib/god.rb
index 5b63eee..889f6b1 100644
--- a/lib/god.rb
+++ b/lib/god.rb
@@ -58,11 +58,14 @@ module God
     
   LOG_BUFFER_SIZE_DEFAULT = 100
   PID_FILE_DIRECTORY_DEFAULT = '/var/run/god'
+  DRB_PORT_DEFAULT = 17165
+  DRB_ALLOW_DEFAULT = ['localhost']
   
   class << self
     # user configurable
     attr_accessor :host,
                   :port,
+                  :allow,
                   :log_buffer_size,
                   :pid_file_directory
     
@@ -95,6 +98,8 @@ module God
     # set defaults
     self.log_buffer_size = LOG_BUFFER_SIZE_DEFAULT
     self.pid_file_directory = PID_FILE_DIRECTORY_DEFAULT
+    self.port = DRB_PORT_DEFAULT
+    self.allow = DRB_ALLOW_DEFAULT
     
     # yield to the config file
     yield self if block_given?
@@ -167,6 +172,10 @@ module God
     end
   end
   
+  def self.ping
+    true
+  end
+  
   def self.control(name, command)
     # get the list of watches
     watches = Array(self.watches[name] || self.groups[name])
@@ -246,7 +255,7 @@ module God
     end
   end
     
-  def self.validate
+  def self.validater
     unless test(?w, self.pid_file_directory)
       abort "The pid file directory (#{self.pid_file_directory}) is not writable by #{Etc.getlogin}"
     end
@@ -255,10 +264,10 @@ module God
   def self.start
     self.internal_init
     self.setup
-    self.validate
+    self.validater
     
     # instantiate server
-    self.server = Server.new(self.host, self.port)
+    self.server = Server.new(self.host, self.port, self.allow)
     
     # start event handler system
     EventHandler.start if EventHandler.loaded?
diff --git a/lib/god/server.rb b/lib/god/server.rb
index 1590fd1..4f578c7 100644
--- a/lib/god/server.rb
+++ b/lib/god/server.rb
@@ -1,4 +1,5 @@
 require 'drb'
+require 'drb/acl'
 
 # The God::Server oversees the DRb server which dishes out info on this God daemon.
 
@@ -7,9 +8,10 @@ module God
   class Server
     attr_reader :host, :port
 
-    def initialize(host = nil, port = nil)
+    def initialize(host = nil, port = nil, allow = [])
       @host = host
-      @port = port || 17165
+      @port = port
+      @acl = %w{deny all} + allow.inject([]) { |acc, a| acc + ['allow', a] }
       puts "Starting on #{@host}:#{@port}"
       start
     end
@@ -21,6 +23,9 @@ module God
     private
 
     def start
+      acl = ACL.new(@acl)
+      DRb.install_acl(acl)
+      
       @drb ||= DRb.start_service("druby://#{@host}:#{@port}", self) 
     end
   end
diff --git a/test/test_god.rb b/test/test_god.rb
index a0acecb..eac4412 100644
--- a/test/test_god.rb
+++ b/test/test_god.rb
@@ -4,7 +4,7 @@ class TestGod < Test::Unit::TestCase
   def setup
     Server.stubs(:new).returns(true)
     God.stubs(:setup).returns(true)
-    God.stubs(:validate).returns(true)
+    God.stubs(:validater).returns(true)
     God.reset
   end
   
@@ -194,6 +194,12 @@ class TestGod < Test::Unit::TestCase
     assert !God.groups[w.group].include?(w)
   end
   
+  # ping
+  
+  def test_ping_should_return_true
+    assert God.ping
+  end
+  
   # control
   
   def test_control_should_monitor_on_start
@@ -450,4 +456,20 @@ class TestGodOther < Test::Unit::TestCase
       God.setup
     end
   end
+  
+  # validate
+    
+  def test_validate_should_abort_if_pid_file_directory_is_unwriteable
+    God.expects(:test).returns(false)
+    assert_abort do
+      God.validater
+    end
+  end
+  
+  def test_validate_should_not_abort_if_pid_file_directory_is_writeable
+    God.expects(:test).returns(true)
+    assert_nothing_raised do
+      God.validater
+    end
+  end
 end
\ No newline at end of file
diff --git a/test/test_server.rb b/test/test_server.rb
index 34a95b3..4386169 100644
--- a/test/test_server.rb
+++ b/test/test_server.rb
@@ -21,7 +21,7 @@ class TestServer < Test::Unit::TestCase
     end
   end
 
-  def test_should_forward_foreign_method_calls_to_meddle
+  def test_should_forward_foreign_method_calls_to_god
     server = nil
     no_stdout do
       server = Server.new
@@ -29,4 +29,18 @@ class TestServer < Test::Unit::TestCase
     God.expects(:send).with(:something_random)
     server.something_random
   end
+  
+  def test_should_install_deny_all_by_default
+    ACL.expects(:new).with(%w{deny all})
+    no_stdout do
+      Server.new
+    end
+  end
+  
+  def test_should_install_pass_through_acl
+    ACL.expects(:new).with(%w{deny all allow localhost allow 0.0.0.0})
+    no_stdout do
+      Server.new(nil, 17165, %w{localhost 0.0.0.0})
+    end
+  end
 end
-- 
2.11.4.GIT