version 1.3, 2005/07/11 15:29:46
|
version 1.9, 2020/05/09 16:40:32
|
Line 3
|
Line 3
|
# |
# |
# apachereload - setuid script that reloads the apache daemon. |
# apachereload - setuid script that reloads the apache daemon. |
# |
# |
|
# $Id$ |
# |
# |
# $Id |
# Copyright Michigan State University Board of Trustees |
# |
# |
# Change log: |
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
# $Log$ |
|
# Revision 1.3 2005/07/11 15:29:46 albertel |
|
# - it's like I was drunk |
|
# |
# |
# Revision 1.2 2005/07/07 22:26:52 albertel |
# LON-CAPA is free software; you can redistribute it and/or modify |
# - suse has apache not httpd |
# it under the terms of the GNU General Public License as published by |
|
# the Free Software Foundation; either version 2 of the License, or |
|
# (at your option) any later version. |
# |
# |
# Revision 1.1 2003/09/30 10:06:48 foxr |
# LON-CAPA is distributed in the hope that it will be useful, |
# This is a setuid script that allows the www user to issue |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
# /etc/init.d/httpd reload |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
# GNU General Public License for more details. |
# |
# |
# This functionality is required by lond and lonc when they have been asked to |
# You should have received a copy of the GNU General Public License |
# reinitialize themselves. |
# along with LON-CAPA; if not, write to the Free Software |
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
# |
# |
# Initial undebugged version. |
# /home/httpd/html/adm/gpl.txt |
|
# |
|
# http://www.lon-capa.org/ |
# |
# |
### |
|
|
|
|
|
use strict; |
use strict; |
# |
# |
# This script is a setuid script that must be run as user www |
# This script is a setuid script that must be run as user www |
# it effectively just executes /etc/init.d/httpd reload. |
# it effectively just executes one of the following five commands: |
# causing the apache daemon to get HUP'd. The script is |
# /etc/init.d/httpd reload |
# run by lond after re-initing it's host information. |
# /etc/init.d/apache reload |
|
# /etc/init.d/apache2 reload |
|
# /bin/systemctl reload httpd.service |
|
# /bin/systemctl reload apache2.service |
|
# (depending on Linux distro) causing the apache daemon to get HUP'd. |
|
# The script is run by lond after re-initing its host information. |
|
|
$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
# information |
# information |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
|
|
my $command = "/etc/init.d/httpd reload"; |
my $command; |
my $dist=`$perlvar{'lonDaemons'}/distprobe`; |
my $checker_bin = '/sbin/chkconfig'; |
if ($dist =~ /^(suse|sles)/) { |
my $sysctl_bin = '/bin/systemctl'; |
$command = "/etc/init.d/apache reload"; |
my $sysv_bin = '/usr/sbin/sysv-rc-conf'; |
|
|
|
if (-x $sysctl_bin) { |
|
if (open(PIPE,"$sysctl_bin list-unit-files --type=service 2>/dev/null |")) { |
|
my @lines = <PIPE>; |
|
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^httpd\.service/,@lines)) { |
|
$command = '/bin/systemctl reload httpd.service'; |
|
} elsif (grep(/^apache2\.service/,@lines)) { |
|
$command = '/bin/systemctl reload apache2.service'; |
|
} |
|
} |
|
} |
|
if (($command eq '') && (-x $checker_bin)) { |
|
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
|
my @lines = <PIPE>; |
|
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^httpd/,@lines)) { |
|
$command = '/etc/init.d/httpd reload'; |
|
} elsif (grep(/^apache2/,@lines)) { |
|
$command = '/etc/init.d/apache2 reload'; |
|
} elsif (grep(/^apache\s+/,@lines)) { |
|
$command = '/etc/init.d/apache reload'; |
|
} |
|
} |
|
} |
|
if (($command eq '') && (-x $sysv_bin)) { |
|
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
|
my @lines = <PIPE>; |
|
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^apache2/,@lines)) { |
|
$command = '/etc/init.d/apache2 reload'; |
|
} elsif (grep(/^apache\s+/,@lines)) { |
|
$command = '/etc/init.d/apache reload'; |
|
} |
|
} |
} |
} |
|
|
# Do not print error messages |
# Do not print error messages |
my $noprint=1; |
my $noprint=1; |
|
|
print "In apachereload" unless $noprint; |
if ($command eq '') { |
|
print("Could not determine command to reload Apache.\n") |
|
unless $noprint; |
|
exit 1; |
|
} else { |
|
print "In apachereload" unless $noprint; |
|
} |
|
|
# ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
Line 59 if ($wwwid!=$>) {
|
Line 112 if ($wwwid!=$>) {
|
# ----------------------------------- Start running script with www permissions |
# ----------------------------------- Start running script with www permissions |
&disable_root_capability; |
&disable_root_capability; |
|
|
# --------------------------- Handle case of another apachereload process (locking) |
|
unless (&try_to_lock('/tmp/lock_apachereload')) { |
|
print "Error. Too many other simultaneous password change requests being ". |
|
"made.\n" unless $noprint; |
|
exit 4; |
|
} |
|
|
|
|
|
&enable_root_capability; |
&enable_root_capability; |
($>,$<)=(0,0); |
($>,$<)=(0,0); |
|
|
Line 74 unless (&try_to_lock('/tmp/lock_apachere
|
Line 119 unless (&try_to_lock('/tmp/lock_apachere
|
# Now run the reload: |
# Now run the reload: |
# |
# |
|
|
system($command); |
system("$command > /dev/null 2>&1"); |
|
|
# Remove the lock file. |
|
|
|
|
|
|
|
&disable_root_capability; |
&disable_root_capability; |
unlink('/tmp/lock_apachereload'); |
|
exit 0; |
exit 0; |
|
|
# ---------------------------------------------- have setuid script run as root |
# ---------------------------------------------- have setuid script run as root |
Line 107 sub disable_root_capability {
|
Line 147 sub disable_root_capability {
|
} |
} |
} |
} |
|
|
# ----------------------- make sure that another apachereload process isn't running |
|
sub try_to_lock { |
|
my ($lockfile)=@_; |
|
my $currentpid; |
|
my $lastpid; |
|
# Do not manipulate lock file as root |
|
if ($>==0) { |
|
return 0; |
|
} |
|
# Try to generate lock file. |
|
# Wait 3 seconds. If same process id is in |
|
# lock file, then assume lock file is stale, and |
|
# go ahead. If process id's fluctuate, try |
|
# for a maximum of 10 times. |
|
for (0..10) { |
|
if (-e $lockfile) { |
|
open(LOCK,"<$lockfile"); |
|
$currentpid=<LOCK>; |
|
close LOCK; |
|
if ($currentpid==$lastpid) { |
|
last; |
|
} |
|
sleep 3; |
|
$lastpid=$currentpid; |
|
} |
|
else { |
|
last; |
|
} |
|
if ($_==10) { |
|
return 0; |
|
} |
|
} |
|
open(LOCK,">$lockfile"); |
|
print LOCK $$; |
|
close LOCK; |
|
return 1; |
|
} |
|
|
|
=head1 NAME |
=head1 NAME |
|
|
apachereload -setuid script to reload the apache web server. |
apachereload -setuid script to reload the apache web server. |