POSIX: Add recursive permissions (Ticket #871)

This allows for a recursive='true' attribute such that the owner/group
can be set recursively for a directory when using Path type='permissions'.

Signed-off-by: Sol Jerome <sol.jerome@gmail.com>

4 files changed, 74 insertions, 4 deletions

diff --git a/doc/server/configurationentries.txt b/doc/server/configurationentries.txt
index 10eccf6be..0c12ce9c9 100644
--- a/doc/server/configurationentries.txt
+++ b/doc/server/configurationentries.txt
@@ -107,8 +107,8 @@ Path type specified.
 |             |                      | that should not |                          |
 |             |                      | exist           |                          |
 +-------------+----------------------+-----------------+--------------------------+
-| permissions | Replaces Permissions | Permissions of  | name, owner,             |
-|             | entries              | POSIX entities  | group, perms             |
+| permissions | Replaces Permissions | Permissions of  | name, owner, group,      |
+|             | entries              | POSIX entities  | perms, recursive         |
 |             |                      |                 |                          |
 +-------------+----------------------+-----------------+--------------------------+
 | vcs         | New                  | Create version  | vcstype (git),           |
@@ -119,6 +119,19 @@ Path type specified.
 Keep in mind that permissions for files served up by Cfg/TGenshi/TCheetah
 are still handled via the traditional :ref:`server-info` mechanisms.
 
+Additional information
+----------------------
+
+This section describes some additional behavior relating to POSIX entry
+attributes.
+
+Recursive permissions
+^^^^^^^^^^^^^^^^^^^^^
+
+As per the request in ticket 871, Path type='permissions' entries allow you to
+set a recursive attribute which allows the owner/group to be set recursively
+for a directory.
+
 .. _boundentries:
 
 Bound Entries
diff --git a/schemas/pathentry.xsd b/schemas/pathentry.xsd
index 0c27f9112..24be22612 100644
--- a/schemas/pathentry.xsd
+++ b/schemas/pathentry.xsd
@@ -24,6 +24,7 @@
     <xsd:attribute type='xsd:string' name='owner' use='optional'/>
     <xsd:attribute type='xsd:string' name='perms' use='optional'/>
     <xsd:attribute type='xsd:string' name='prune' use='optional'/>
+    <xsd:attribute type='xsd:string' name='recursive' use='optional'/>
     <xsd:attribute type='xsd:string' name='to' use='optional'/>
     <xsd:attribute type='xsd:string' name='type' use='optional'/>
     <xsd:attributeGroup ref="py:genshiAttrs"/>
diff --git a/schemas/rules.xsd b/schemas/rules.xsd
index 101b62384..0a408c35c 100644
--- a/schemas/rules.xsd
+++ b/schemas/rules.xsd
@@ -38,6 +38,7 @@
     <xsd:attribute type='xsd:string' name='perms'/>
     <xsd:attribute type='xsd:string' name='owner'/>
     <xsd:attribute type='xsd:string' name='group'/>
+    <xsd:attribute type='xsd:string' name='recursive'/>
     <xsd:attribute type='xsd:string' name='prune'/>
     <xsd:attribute type='xsd:string' name='to'/>
     <xsd:attributeGroup ref="py:genshiAttrs"/>
diff --git a/src/lib/Client/Tools/POSIX.py b/src/lib/Client/Tools/POSIX.py
index a079571e5..faec2e251 100644
--- a/src/lib/Client/Tools/POSIX.py
+++ b/src/lib/Client/Tools/POSIX.py
@@ -736,6 +736,47 @@ class POSIX(Bcfg2.Client.Tools.Tool):
 
     def Verifypermissions(self, entry, _):
         """Verify Path type='permissions' entry"""
+        if entry.get('perms') == None or \
+           entry.get('owner') == None or \
+           entry.get('group') == None:
+            self.logger.error('Entry %s not completely specified. '
+                              'Try running bcfg2-lint.' % (entry.get('name')))
+            return False
+        if entry.get('recursive') in ['True', 'true']:
+            # verify ownership information recursively
+            owner = normUid(entry)
+            group = normGid(entry)
+
+            for root, dirs, files in os.walk(entry.get('name')):
+                for p in dirs + files:
+                    path = os.path.join(root, p)
+                    pstat = os.stat(path)
+                    if owner != pstat.st_uid:
+                        # owner mismatch for path
+                        entry.set('current_owner', str(pstat.st_uid))
+                        self.logger.debug("%s %s ownership wrong" % \
+                                          (entry.tag, path))
+                        nqtext = entry.get('qtext', '') + '\n'
+                        nqtext += ("Owner for path %s is incorrect. "
+                                   "Current owner is %s but should be %s\n" % \
+                                   (path, pstat.st_uid, entry.get('owner')))
+                        nqtext += ("\nInstall %s %s: (y/N): " %
+                                   (entry.tag, entry.get('name')))
+                        entry.set('qtext', nqtext)
+                        return False
+		    if group != pstat.st_gid:
+                        # group mismatch for path
+                        entry.set('current_group', str(pstat.st_gid))
+                        self.logger.debug("%s %s group wrong" % \
+                                          (entry.tag, path))
+                        nqtext = entry.get('qtext', '') + '\n'
+                        nqtext += ("Group for path %s is incorrect. "
+                                   "Current group is %s but should be %s\n" % \
+                                   (path, pstat.st_gid, entry.get('group')))
+                        nqtext += ("\nInstall %s %s: (y/N): " %
+                                   (entry.tag, entry.get('name')))
+                        entry.set('qtext', nqtext)
+                        return False
         return self.Verifydirectory(entry, _)
 
     def Installpermissions(self, entry):
@@ -746,9 +787,23 @@ class POSIX(Bcfg2.Client.Tools.Tool):
             self.logger.error('Entry %s not completely specified. '
                               'Try running bcfg2-lint.' % (entry.get('name')))
             return False
+        plist = [entry.get('name')]
+        if entry.get('recursive') in ['True', 'true']:
+            # verify ownership information recursively
+            owner = normUid(entry)
+            group = normGid(entry)
+
+            for root, dirs, files in os.walk(entry.get('name')):
+                for p in dirs + files:
+                    path = os.path.join(root, p)
+                    pstat = os.stat(path)
+                    if owner != pstat.st_uid or group != pstat.st_gid:
+                        # owner mismatch for path
+                        plist.append(path)
         try:
-            os.chown(entry.get('name'), normUid(entry), normGid(entry))
-            os.chmod(entry.get('name'), calcPerms(S_IFDIR, entry.get('perms')))
+            for p in plist:
+                os.chown(p, normUid(entry), normGid(entry))
+                os.chmod(p, calcPerms(S_IFDIR, entry.get('perms')))
             return True
         except (OSError, KeyError):
             self.logger.error('Permission fixup failed for %s' % \