+def security_check_homedir(location):
+ """
+ Performs a check against a directory to determine if current
+ directory's owner has a home directory that is a parent directory.
+ This protects against malicious mountpoints, and is roughly equivalent
+ to the suexec checks.
+ """
+ try:
+ uid = util.get_dir_uid(location)
+ real = os.path.realpath(location)
+ if not real.startswith(pwd.getpwuid(uid).pw_dir + "/"):
+ logging.error("Security check failed, owner of deployment and "
+ "owner of home directory mismatch for %s" % location)
+ return False
+ except KeyError:
+ logging.error("Security check failed, could not look up "
+ "owner of %s (uid %d)" % (location, uid))
+ return False
+ except OSError as e:
+ logging.error("OSError: %s" % str(e))
+ return False
+ return True
+
+def calculate_log_name(log_dir, i, dir):
+ """
+ Calculates a log entry given a log directory, numeric identifier, and
+ directory under operation.
+ """
+ return os.path.join(log_dir, "%04d" % i + dir.replace('/', '-') + ".log")
+
+def open_logs(log_dir, log_names=('warnings', 'errors')):
+ """
+ Opens a number of log files for auxiliary reporting. You can override what
+ log files to generate using ``log_names``, which corresponds to the tuple
+ of log files you will receive, i.e. the default returns a tuple
+ ``(warnings.log file object, errors.log file object)``.
+
+ .. note::
+
+ The log directory is chmod'ed 777 after creation, to enable
+ de-priviledged processes to create files.
+ """
+ # must not be on AFS, since subprocesses won't be
+ # able to write to the logfiles do the to the AFS patch.
+ try:
+ os.mkdir(log_dir)
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise
+ #if create_subdirs:
+ # log_dir = os.path.join(log_dir, str(int(time.time())))
+ # os.mkdir(log_dir) # if fails, be fatal
+ # # XXX: update last symlink
+ os.chmod(log_dir, 0o777)
+ return (open(os.path.join(os.path.join(log_dir, "%s.log" % x)), "a") for x in log_names)
+