Annotation of loncom/apachereload, revision 1.6

1.1       foxr        1: #!/usr/bin/perl
                      2: # The Learning Online Network with CAPA
                      3: #
                      4: # apachereload - setuid script that reloads the apache daemon.
                      5: #
1.6     ! albertel    6: # $Id: apachereload,v 1.5 2006/01/27 21:21:05 albertel Exp $
1.1       foxr        7: #
1.4       albertel    8: # Copyright Michigan State University Board of Trustees
1.1       foxr        9: #
1.4       albertel   10: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
1.3       albertel   11: #
1.4       albertel   12: # LON-CAPA is free software; you can redistribute it and/or modify
                     13: # it under the terms of the GNU General Public License as published by
                     14: # the Free Software Foundation; either version 2 of the License, or 
                     15: # (at your option) any later version.
1.2       albertel   16: #
1.4       albertel   17: # LON-CAPA is distributed in the hope that it will be useful,
                     18: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     20: # GNU General Public License for more details.
1.2       albertel   21: #
1.4       albertel   22: # You should have received a copy of the GNU General Public License
                     23: # along with LON-CAPA; if not, write to the Free Software
                     24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     25: #
                     26: # /home/httpd/html/adm/gpl.txt
                     27: #
                     28: # http://www.lon-capa.org/
1.2       albertel   29: #
1.1       foxr       30: 
                     31: 
                     32: use strict;
                     33: #
                     34: #  This script is a setuid script that must be run as user www
                     35: #  it effectively just executes /etc/init.d/httpd reload.
                     36: #  causing the apache daemon to get HUP'd.  The script is
                     37: #  run by lond after re-initing it's host information.
                     38: 
                     39: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                     40:                                                                # information
                     41: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
                     42: 
                     43: my $command = "/etc/init.d/httpd reload";
1.4       albertel   44: 
                     45: use lib '/home/httpd/lib/perl/';
                     46: use LONCAPA::Configuration;
                     47: my %perlvar= %{&LONCAPA::Configuration::read_conf('loncapa.conf')};
                     48: 
1.6     ! albertel   49: my ($execdir) = ($perlvar{'lonDaemons'} =~/(.*)/);
1.5       albertel   50: my $dist=`$execdir/distprobe`;
1.2       albertel   51: if ($dist =~ /^(suse|sles)/) {
1.3       albertel   52:     $command = "/etc/init.d/apache reload";
1.2       albertel   53: }
1.1       foxr       54: # Do not print error messages
                     55: my $noprint=1;
                     56: 
                     57: print "In apachereload" unless $noprint;
                     58: 
                     59: # ----------------------------- Make sure this process is running from user=www
                     60: my $wwwid=getpwnam('www');
                     61: &disable_root_capability;
                     62: if ($wwwid!=$>) {
                     63:     print("User ID mismatch.  This program must be run as user 'www'\n")
                     64: 	unless $noprint;
                     65:     exit 1;
                     66: }
                     67: 
                     68: # ----------------------------------- Start running script with www permissions
                     69: &disable_root_capability;
                     70: 
                     71: # --------------------------- Handle case of another apachereload process (locking)
                     72: unless (&try_to_lock('/tmp/lock_apachereload')) {
                     73:     print "Error. Too many other simultaneous password change requests being ".
                     74: 	"made.\n" unless $noprint;
                     75:     exit 4;
                     76: }
                     77: 
                     78: 
                     79: &enable_root_capability;
                     80: ($>,$<)=(0,0);
                     81: 
                     82: 
                     83: #  Now run the reload:
                     84: #
                     85: 
                     86: system($command);
                     87: 
                     88: #  Remove the lock file.
                     89: 
                     90: 
                     91: 
                     92: &disable_root_capability;
                     93: unlink('/tmp/lock_apachereload');
                     94: exit 0;
                     95: 
                     96: # ---------------------------------------------- have setuid script run as root
                     97: sub enable_root_capability {
                     98:     if ($wwwid==$>) {
                     99: 	($<,$>)=($>,0);
                    100: 	($(,$))=($),0);
                    101:     }
                    102:     else {
                    103: 	# root capability is already enabled
                    104:     }
                    105:     return $>;
                    106: }
                    107: 
                    108: # ----------------------------------------------- have setuid script run as www
                    109: sub disable_root_capability {
                    110:     if ($wwwid==$<) {
                    111: 	($<,$>)=($>,$<);
                    112: 	($(,$))=($),$();
                    113:     }
                    114:     else {
                    115: 	# root capability is already disabled
                    116:     }
                    117: }
                    118: 
                    119: # ----------------------- make sure that another apachereload process isn't running
                    120: sub try_to_lock {
                    121:     my ($lockfile)=@_;
                    122:     my $currentpid;
                    123:     my $lastpid;
                    124:     # Do not manipulate lock file as root
                    125:     if ($>==0) {
                    126: 	return 0;
                    127:     }
                    128:     # Try to generate lock file.
                    129:     # Wait 3 seconds.  If same process id is in
                    130:     # lock file, then assume lock file is stale, and
                    131:     # go ahead.  If process id's fluctuate, try
                    132:     # for a maximum of 10 times.
                    133:     for (0..10) {
                    134: 	if (-e $lockfile) {
                    135: 	    open(LOCK,"<$lockfile");
                    136: 	    $currentpid=<LOCK>;
                    137: 	    close LOCK;
                    138: 	    if ($currentpid==$lastpid) {
                    139: 		last;
                    140: 	    }
                    141: 	    sleep 3;
                    142: 	    $lastpid=$currentpid;
                    143: 	}
                    144: 	else {
                    145: 	    last;
                    146: 	}
                    147: 	if ($_==10) {
                    148: 	    return 0;
                    149: 	}
                    150:     }
                    151:     open(LOCK,">$lockfile");
                    152:     print LOCK $$;
                    153:     close LOCK;
                    154:     return 1;
                    155: }
                    156: 
                    157: =head1 NAME
                    158: 
                    159: apachereload -setuid script to reload the apache web server.
                    160: 
                    161: =head1 DESCRIPTION
                    162: 
                    163: LON-CAPA - setuid script to reload the apache web server.
                    164: 
                    165: =head1 README
                    166: 
                    167: LON-CAPA  setuid script to reload the apache web server.
                    168: 
                    169: =head1 PREREQUISITES
                    170: 
                    171: =head1 COREQUISITES
                    172: 
                    173: =pod OSNAMES
                    174: 
                    175: linux
                    176: 
                    177: =pod SCRIPT CATEGORIES
                    178: 
                    179: LONCAPA/Administrative
                    180: 
                    181: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>