Annotation of loncom/apachereload, revision 1.4

1.1       foxr        1: #!/usr/bin/perl
                      2: # The Learning Online Network with CAPA
                      3: #
                      4: # apachereload - setuid script that reloads the apache daemon.
                      5: #
1.4     ! albertel    6: # $Id: lond,v 1.301 2005/10/17 20:09:01 www Exp $
1.1       foxr        7: #
1.4     ! albertel    8: # Copyright Michigan State University Board of Trustees
1.1       foxr        9: #
1.4     ! albertel   10: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
1.3       albertel   11: #
1.4     ! albertel   12: # LON-CAPA is free software; you can redistribute it and/or modify
        !            13: # it under the terms of the GNU General Public License as published by
        !            14: # the Free Software Foundation; either version 2 of the License, or 
        !            15: # (at your option) any later version.
1.2       albertel   16: #
1.4     ! albertel   17: # LON-CAPA is distributed in the hope that it will be useful,
        !            18: # but WITHOUT ANY WARRANTY; without even the implied warranty of
        !            19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        !            20: # GNU General Public License for more details.
1.2       albertel   21: #
1.4     ! albertel   22: # You should have received a copy of the GNU General Public License
        !            23: # along with LON-CAPA; if not, write to the Free Software
        !            24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
        !            25: #
        !            26: # /home/httpd/html/adm/gpl.txt
        !            27: #
        !            28: # http://www.lon-capa.org/
1.2       albertel   29: #
1.1       foxr       30: 
                     31: 
                     32: use strict;
                     33: #
                     34: #  This script is a setuid script that must be run as user www
                     35: #  it effectively just executes /etc/init.d/httpd reload.
                     36: #  causing the apache daemon to get HUP'd.  The script is
                     37: #  run by lond after re-initing it's host information.
                     38: 
                     39: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                     40:                                                                # information
                     41: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
                     42: 
                     43: my $command = "/etc/init.d/httpd reload";
1.4     ! albertel   44: 
        !            45: use lib '/home/httpd/lib/perl/';
        !            46: use LONCAPA::Configuration;
        !            47: my %perlvar= %{&LONCAPA::Configuration::read_conf('loncapa.conf')};
        !            48: 
1.2       albertel   49: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
                     50: if ($dist =~ /^(suse|sles)/) {
1.3       albertel   51:     $command = "/etc/init.d/apache reload";
1.2       albertel   52: }
1.1       foxr       53: # Do not print error messages
                     54: my $noprint=1;
                     55: 
                     56: print "In apachereload" unless $noprint;
                     57: 
                     58: # ----------------------------- Make sure this process is running from user=www
                     59: my $wwwid=getpwnam('www');
                     60: &disable_root_capability;
                     61: if ($wwwid!=$>) {
                     62:     print("User ID mismatch.  This program must be run as user 'www'\n")
                     63: 	unless $noprint;
                     64:     exit 1;
                     65: }
                     66: 
                     67: # ----------------------------------- Start running script with www permissions
                     68: &disable_root_capability;
                     69: 
                     70: # --------------------------- Handle case of another apachereload process (locking)
                     71: unless (&try_to_lock('/tmp/lock_apachereload')) {
                     72:     print "Error. Too many other simultaneous password change requests being ".
                     73: 	"made.\n" unless $noprint;
                     74:     exit 4;
                     75: }
                     76: 
                     77: 
                     78: &enable_root_capability;
                     79: ($>,$<)=(0,0);
                     80: 
                     81: 
                     82: #  Now run the reload:
                     83: #
                     84: 
                     85: system($command);
                     86: 
                     87: #  Remove the lock file.
                     88: 
                     89: 
                     90: 
                     91: &disable_root_capability;
                     92: unlink('/tmp/lock_apachereload');
                     93: exit 0;
                     94: 
                     95: # ---------------------------------------------- have setuid script run as root
                     96: sub enable_root_capability {
                     97:     if ($wwwid==$>) {
                     98: 	($<,$>)=($>,0);
                     99: 	($(,$))=($),0);
                    100:     }
                    101:     else {
                    102: 	# root capability is already enabled
                    103:     }
                    104:     return $>;
                    105: }
                    106: 
                    107: # ----------------------------------------------- have setuid script run as www
                    108: sub disable_root_capability {
                    109:     if ($wwwid==$<) {
                    110: 	($<,$>)=($>,$<);
                    111: 	($(,$))=($),$();
                    112:     }
                    113:     else {
                    114: 	# root capability is already disabled
                    115:     }
                    116: }
                    117: 
                    118: # ----------------------- make sure that another apachereload process isn't running
                    119: sub try_to_lock {
                    120:     my ($lockfile)=@_;
                    121:     my $currentpid;
                    122:     my $lastpid;
                    123:     # Do not manipulate lock file as root
                    124:     if ($>==0) {
                    125: 	return 0;
                    126:     }
                    127:     # Try to generate lock file.
                    128:     # Wait 3 seconds.  If same process id is in
                    129:     # lock file, then assume lock file is stale, and
                    130:     # go ahead.  If process id's fluctuate, try
                    131:     # for a maximum of 10 times.
                    132:     for (0..10) {
                    133: 	if (-e $lockfile) {
                    134: 	    open(LOCK,"<$lockfile");
                    135: 	    $currentpid=<LOCK>;
                    136: 	    close LOCK;
                    137: 	    if ($currentpid==$lastpid) {
                    138: 		last;
                    139: 	    }
                    140: 	    sleep 3;
                    141: 	    $lastpid=$currentpid;
                    142: 	}
                    143: 	else {
                    144: 	    last;
                    145: 	}
                    146: 	if ($_==10) {
                    147: 	    return 0;
                    148: 	}
                    149:     }
                    150:     open(LOCK,">$lockfile");
                    151:     print LOCK $$;
                    152:     close LOCK;
                    153:     return 1;
                    154: }
                    155: 
                    156: =head1 NAME
                    157: 
                    158: apachereload -setuid script to reload the apache web server.
                    159: 
                    160: =head1 DESCRIPTION
                    161: 
                    162: LON-CAPA - setuid script to reload the apache web server.
                    163: 
                    164: =head1 README
                    165: 
                    166: LON-CAPA  setuid script to reload the apache web server.
                    167: 
                    168: =head1 PREREQUISITES
                    169: 
                    170: =head1 COREQUISITES
                    171: 
                    172: =pod OSNAMES
                    173: 
                    174: linux
                    175: 
                    176: =pod SCRIPT CATEGORIES
                    177: 
                    178: LONCAPA/Administrative
                    179: 
                    180: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>