2006-11-28 06:46:13 +01:00
|
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
use warnings;
|
|
|
|
|
|
use strict;
|
2006-05-05 22:48:20 +02:00
|
|
|
|
|
2007-11-14 15:27:11 +01:00
|
|
|
|
sub supplemental_groups {
|
|
|
|
|
|
my $user=shift;
|
|
|
|
|
|
|
|
|
|
|
|
my @list;
|
|
|
|
|
|
while (my @fields=getgrent()) {
|
|
|
|
|
|
if (grep { $_ eq $user } split(' ', $fields[3])) {
|
|
|
|
|
|
push @list, $fields[2];
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return @list;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2008-06-13 19:05:44 +02:00
|
|
|
|
sub samelists {
|
|
|
|
|
|
my %a=map { $_ => 1 } split(' ', shift());
|
|
|
|
|
|
my %b=map { $_ => 1 } split(' ', shift());
|
|
|
|
|
|
|
|
|
|
|
|
foreach my $i (keys %b) {
|
|
|
|
|
|
if (! exists $a{$i}) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
foreach my $i (keys %a) {
|
|
|
|
|
|
if (! exists $b{$i}) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2006-11-28 06:46:13 +01:00
|
|
|
|
sub processline {
|
|
|
|
|
|
my $user=shift;
|
|
|
|
|
|
my $setup=shift;
|
|
|
|
|
|
|
|
|
|
|
|
if (! getpwnam("$user")) {
|
|
|
|
|
|
print STDERR "warning: user $user does not exist\n";
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
if (! -f "$setup") {
|
|
|
|
|
|
print STDERR "warning: $setup does not exist, skipping\n";
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
print "Processing $setup as user $user ...\n";
|
|
|
|
|
|
# su is not used because it passes arguments through the shell,
|
|
|
|
|
|
# which is not safe for untrusted setup file names.
|
|
|
|
|
|
defined(my $pid = fork) or die "Can’t fork: $!";
|
|
|
|
|
|
if (! $pid) {
|
|
|
|
|
|
my ($uuid, $ugid) = (getpwnam($user))[2, 3];
|
2008-06-04 03:38:57 +02:00
|
|
|
|
my $grouplist=join(" ", $ugid, sort {$a <=> $b} $ugid, supplemental_groups($user));
|
2008-06-13 19:05:44 +02:00
|
|
|
|
if (! samelists(($)=$grouplist), $grouplist)) {
|
2008-06-04 03:38:57 +02:00
|
|
|
|
die "failed to set egid $grouplist (got back $))";
|
2007-11-14 15:27:11 +01:00
|
|
|
|
}
|
2006-11-28 06:46:13 +01:00
|
|
|
|
$(=$ugid;
|
|
|
|
|
|
$<=$uuid;
|
2007-10-25 13:56:54 +02:00
|
|
|
|
$>=$uuid;
|
2007-11-14 15:27:11 +01:00
|
|
|
|
if ($< != $uuid || $> != $uuid || $( != $ugid) {
|
2006-11-28 06:46:13 +01:00
|
|
|
|
die "failed to drop permissions to $user";
|
|
|
|
|
|
}
|
2007-10-26 05:12:23 +02:00
|
|
|
|
%ENV=(
|
|
|
|
|
|
PATH => $ENV{PATH},
|
|
|
|
|
|
HOME => (getpwnam($user))[7],
|
|
|
|
|
|
);
|
2006-11-28 06:46:13 +01:00
|
|
|
|
exec("ikiwiki", "-setup", $setup, @ARGV);
|
|
|
|
|
|
die "failed to run ikiwiki: $!";
|
|
|
|
|
|
}
|
|
|
|
|
|
waitpid($pid,0);
|
|
|
|
|
|
if ($?) {
|
|
|
|
|
|
print STDERR "Processing $setup as user $user failed with code $?\n";
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2006-05-27 21:04:46 +02:00
|
|
|
|
|
2006-11-28 06:46:13 +01:00
|
|
|
|
sub processlist {
|
|
|
|
|
|
my $file=shift;
|
|
|
|
|
|
my $forceuser=shift;
|
2006-05-05 22:48:20 +02:00
|
|
|
|
|
2006-11-28 06:46:13 +01:00
|
|
|
|
my $list;
|
|
|
|
|
|
open ($list, "<$file") || die "$file: $!";
|
|
|
|
|
|
while (<$list>) {
|
|
|
|
|
|
chomp;
|
|
|
|
|
|
s/^\s+//;
|
|
|
|
|
|
s/\s+$//;
|
|
|
|
|
|
next if /^#/ || ! length;
|
|
|
|
|
|
|
|
|
|
|
|
if (/^([^\s]+)\s+([^\s]+)$/) {
|
|
|
|
|
|
my $user=$1;
|
|
|
|
|
|
my $setup=$2;
|
|
|
|
|
|
if (defined $forceuser && $forceuser ne $user) {
|
|
|
|
|
|
print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n";
|
|
|
|
|
|
}
|
|
|
|
|
|
processline($user, $setup);
|
|
|
|
|
|
}
|
|
|
|
|
|
elsif (/^([^\s]+)$/) {
|
|
|
|
|
|
my $user=$1;
|
|
|
|
|
|
my $home=(getpwnam($user))[7];
|
|
|
|
|
|
if (defined $home && -d $home) {
|
|
|
|
|
|
my $dotfile="$home/.ikiwiki/wikilist";
|
|
|
|
|
|
if (-e $dotfile) {
|
|
|
|
|
|
processlist($dotfile, $user);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
close $list;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
my $wikilist="/etc/ikiwiki/wikilist";
|
|
|
|
|
|
|
|
|
|
|
|
if (-e $wikilist) {
|
|
|
|
|
|
processlist($wikilist);
|
2006-05-05 22:48:20 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
