#!/usr/bin/perl
# The Learning Online Network with CAPA
#
# apachereload - setuid script that reloads the apache daemon.
#
# $Id: apachereload,v 1.9 2020/05/09 16:40:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or 
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#


use strict;
#
#  This script is a setuid script that must be run as user www
#  it effectively just executes one of the following five commands:
#  /etc/init.d/httpd reload
#  /etc/init.d/apache reload
#  /etc/init.d/apache2 reload
#  /bin/systemctl reload httpd.service
#  /bin/systemctl reload apache2.service
#  (depending on Linux distro) causing the apache daemon to get HUP'd.
#  The script is run by lond after re-initing its host information.

$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                                                               # information
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints

my $command;
my $checker_bin = '/sbin/chkconfig';
my $sysctl_bin = '/bin/systemctl';
my $sysv_bin = '/usr/sbin/sysv-rc-conf';

if (-x $sysctl_bin) {
    if (open(PIPE,"$sysctl_bin list-unit-files --type=service 2>/dev/null |")) {
        my @lines = <PIPE>;
        chomp(@lines);
        close(PIPE);
        if (grep(/^httpd\.service/,@lines)) {
            $command = '/bin/systemctl reload httpd.service';
        } elsif (grep(/^apache2\.service/,@lines)) {
            $command = '/bin/systemctl reload apache2.service';
        }
    }
}
if (($command eq '') && (-x $checker_bin)) {
    if (open(PIPE,"$checker_bin --list 2>/dev/null |")) {
        my @lines = <PIPE>;
        chomp(@lines);
        close(PIPE);
        if (grep(/^httpd/,@lines)) {
            $command = '/etc/init.d/httpd reload';
        } elsif (grep(/^apache2/,@lines)) {
            $command = '/etc/init.d/apache2 reload';
        } elsif (grep(/^apache\s+/,@lines)) {
            $command = '/etc/init.d/apache reload';
        }
    }
} 
if (($command eq '') && (-x $sysv_bin)) {
    if (open(PIPE,"$checker_bin --list 2>/dev/null |")) {
        my @lines = <PIPE>;
        chomp(@lines);
        close(PIPE);
        if (grep(/^apache2/,@lines)) {
            $command = '/etc/init.d/apache2 reload';
        } elsif (grep(/^apache\s+/,@lines)) {
            $command = '/etc/init.d/apache reload';
        }
    }
}

# Do not print error messages
my $noprint=1;

if ($command eq '') {
    print("Could not determine command to reload Apache.\n")
        unless $noprint;
    exit 1;
} else {
    print "In apachereload" unless $noprint;
}

# ----------------------------- Make sure this process is running from user=www
my $wwwid=getpwnam('www');
&disable_root_capability;
if ($wwwid!=$>) {
    print("User ID mismatch.  This program must be run as user 'www'\n")
	unless $noprint;
    exit 1;
}

# ----------------------------------- Start running script with www permissions
&disable_root_capability;

&enable_root_capability;
($>,$<)=(0,0);


#  Now run the reload:
#

system("$command > /dev/null 2>&1");

&disable_root_capability;
exit 0;

# ---------------------------------------------- have setuid script run as root
sub enable_root_capability {
    if ($wwwid==$>) {
	($<,$>)=($>,0);
	($(,$))=($),0);
    }
    else {
	# root capability is already enabled
    }
    return $>;
}

# ----------------------------------------------- have setuid script run as www
sub disable_root_capability {
    if ($wwwid==$<) {
	($<,$>)=($>,$<);
	($(,$))=($),$();
    }
    else {
	# root capability is already disabled
    }
}

=head1 NAME

apachereload -setuid script to reload the apache web server.

=head1 DESCRIPTION

LON-CAPA - setuid script to reload the apache web server.

=head1 README

LON-CAPA  setuid script to reload the apache web server.

=head1 PREREQUISITES

=head1 COREQUISITES

=pod OSNAMES

linux

=pod SCRIPT CATEGORIES

LONCAPA/Administrative

=cut