Fixes for testing server as regular user

2024-12-22 16:25:17 +00:00 · 2017-01-26 15:11:04 +02:00 · 2017-01-26 15:11:04 +02:00 · ef72cb70cd
commit ef72cb70cd
parent dc9e01b4ad
2 changed files with 6 additions and 5 deletions
--- a/certidude/auth.py
+++ b/certidude/auth.py
@ -1,7 +1,6 @@

 import click
 import falcon
-import kerberos # If this fails pip install kerberos
 import logging
 import os
 import re
@ -13,6 +12,7 @@ from certidude import config, const
 logger = logging.getLogger("api")

 if "kerberos" in config.AUTHENTICATION_BACKENDS:
+    import kerberos # If this fails pip install kerberos
    ktname = os.getenv("KRB5_KTNAME")

    if not ktname:
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -1174,10 +1174,11 @@ def certidude_serve(port, listen):
    from certidude import config

    # Fetch UID, GID of certidude user
-    import pwd
-    _, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
-    restricted_groups = []
-    restricted_groups.append(gid)
+    if os.getuid() == 0:
+        import pwd
+        _, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
+        restricted_groups = []
+        restricted_groups.append(gid)

    """
    Spawn signer process