Annotation of loncom/apachereload, revision 1.2

1.1       foxr        1: #!/usr/bin/perl
                      2: # The Learning Online Network with CAPA
                      3: #
                      4: # apachereload - setuid script that reloads the apache daemon.
                      5: #
                      6: #
                      7: # $Id
                      8: #
                      9: #  Change log:
1.2     ! albertel   10: #   $Log: apachereload,v $
        !            11: #   Revision 1.1  2003/09/30 10:06:48  foxr
        !            12: #   This is a setuid script that allows the www user to issue
        !            13: #   /etc/init.d/httpd reload
        !            14: #
        !            15: #   This functionality is required by lond and lonc when they have been asked to
        !            16: #   reinitialize themselves.
        !            17: #
        !            18: #   Initial undebugged version.
        !            19: #
1.1       foxr       20: ###
                     21: 
                     22: 
                     23: use strict;
                     24: #
                     25: #  This script is a setuid script that must be run as user www
                     26: #  it effectively just executes /etc/init.d/httpd reload.
                     27: #  causing the apache daemon to get HUP'd.  The script is
                     28: #  run by lond after re-initing it's host information.
                     29: 
                     30: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                     31:                                                                # information
                     32: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
                     33: 
                     34: my $command = "/etc/init.d/httpd reload";
1.2     ! albertel   35: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
        !            36: if ($dist =~ /^(suse|sles)/) {
        !            37:     $command = "/etc/init.d/httpd reload";
        !            38: }
1.1       foxr       39: # Do not print error messages
                     40: my $noprint=1;
                     41: 
                     42: print "In apachereload" unless $noprint;
                     43: 
                     44: # ----------------------------- Make sure this process is running from user=www
                     45: my $wwwid=getpwnam('www');
                     46: &disable_root_capability;
                     47: if ($wwwid!=$>) {
                     48:     print("User ID mismatch.  This program must be run as user 'www'\n")
                     49: 	unless $noprint;
                     50:     exit 1;
                     51: }
                     52: 
                     53: # ----------------------------------- Start running script with www permissions
                     54: &disable_root_capability;
                     55: 
                     56: # --------------------------- Handle case of another apachereload process (locking)
                     57: unless (&try_to_lock('/tmp/lock_apachereload')) {
                     58:     print "Error. Too many other simultaneous password change requests being ".
                     59: 	"made.\n" unless $noprint;
                     60:     exit 4;
                     61: }
                     62: 
                     63: 
                     64: &enable_root_capability;
                     65: ($>,$<)=(0,0);
                     66: 
                     67: 
                     68: #  Now run the reload:
                     69: #
                     70: 
                     71: system($command);
                     72: 
                     73: #  Remove the lock file.
                     74: 
                     75: 
                     76: 
                     77: &disable_root_capability;
                     78: unlink('/tmp/lock_apachereload');
                     79: exit 0;
                     80: 
                     81: # ---------------------------------------------- have setuid script run as root
                     82: sub enable_root_capability {
                     83:     if ($wwwid==$>) {
                     84: 	($<,$>)=($>,0);
                     85: 	($(,$))=($),0);
                     86:     }
                     87:     else {
                     88: 	# root capability is already enabled
                     89:     }
                     90:     return $>;
                     91: }
                     92: 
                     93: # ----------------------------------------------- have setuid script run as www
                     94: sub disable_root_capability {
                     95:     if ($wwwid==$<) {
                     96: 	($<,$>)=($>,$<);
                     97: 	($(,$))=($),$();
                     98:     }
                     99:     else {
                    100: 	# root capability is already disabled
                    101:     }
                    102: }
                    103: 
                    104: # ----------------------- make sure that another apachereload process isn't running
                    105: sub try_to_lock {
                    106:     my ($lockfile)=@_;
                    107:     my $currentpid;
                    108:     my $lastpid;
                    109:     # Do not manipulate lock file as root
                    110:     if ($>==0) {
                    111: 	return 0;
                    112:     }
                    113:     # Try to generate lock file.
                    114:     # Wait 3 seconds.  If same process id is in
                    115:     # lock file, then assume lock file is stale, and
                    116:     # go ahead.  If process id's fluctuate, try
                    117:     # for a maximum of 10 times.
                    118:     for (0..10) {
                    119: 	if (-e $lockfile) {
                    120: 	    open(LOCK,"<$lockfile");
                    121: 	    $currentpid=<LOCK>;
                    122: 	    close LOCK;
                    123: 	    if ($currentpid==$lastpid) {
                    124: 		last;
                    125: 	    }
                    126: 	    sleep 3;
                    127: 	    $lastpid=$currentpid;
                    128: 	}
                    129: 	else {
                    130: 	    last;
                    131: 	}
                    132: 	if ($_==10) {
                    133: 	    return 0;
                    134: 	}
                    135:     }
                    136:     open(LOCK,">$lockfile");
                    137:     print LOCK $$;
                    138:     close LOCK;
                    139:     return 1;
                    140: }
                    141: 
                    142: =head1 NAME
                    143: 
                    144: apachereload -setuid script to reload the apache web server.
                    145: 
                    146: =head1 DESCRIPTION
                    147: 
                    148: LON-CAPA - setuid script to reload the apache web server.
                    149: 
                    150: =head1 README
                    151: 
                    152: LON-CAPA  setuid script to reload the apache web server.
                    153: 
                    154: =head1 PREREQUISITES
                    155: 
                    156: =head1 COREQUISITES
                    157: 
                    158: =pod OSNAMES
                    159: 
                    160: linux
                    161: 
                    162: =pod SCRIPT CATEGORIES
                    163: 
                    164: LONCAPA/Administrative
                    165: 
                    166: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>