1: #!/usr/bin/perl
2: # The Learning Online Network with CAPA
3: #
4: # apachereload - setuid script that reloads the apache daemon.
5: #
6: #
7: # $Id
8: #
9: # Change log:
10: # $Log: apachereload,v $
11: # Revision 1.3 2005/07/11 15:29:46 albertel
12: # - it's like I was drunk
13: #
14: # Revision 1.2 2005/07/07 22:26:52 albertel
15: # - suse has apache not httpd
16: #
17: # Revision 1.1 2003/09/30 10:06:48 foxr
18: # This is a setuid script that allows the www user to issue
19: # /etc/init.d/httpd reload
20: #
21: # This functionality is required by lond and lonc when they have been asked to
22: # reinitialize themselves.
23: #
24: # Initial undebugged version.
25: #
26: ###
27:
28:
29: use strict;
30: #
31: # This script is a setuid script that must be run as user www
32: # it effectively just executes /etc/init.d/httpd reload.
33: # causing the apache daemon to get HUP'd. The script is
34: # run by lond after re-initing it's host information.
35:
36: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
37: # information
38: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
39:
40: my $command = "/etc/init.d/httpd reload";
41: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
42: if ($dist =~ /^(suse|sles)/) {
43: $command = "/etc/init.d/apache reload";
44: }
45: # Do not print error messages
46: my $noprint=1;
47:
48: print "In apachereload" unless $noprint;
49:
50: # ----------------------------- Make sure this process is running from user=www
51: my $wwwid=getpwnam('www');
52: &disable_root_capability;
53: if ($wwwid!=$>) {
54: print("User ID mismatch. This program must be run as user 'www'\n")
55: unless $noprint;
56: exit 1;
57: }
58:
59: # ----------------------------------- Start running script with www permissions
60: &disable_root_capability;
61:
62: # --------------------------- Handle case of another apachereload process (locking)
63: unless (&try_to_lock('/tmp/lock_apachereload')) {
64: print "Error. Too many other simultaneous password change requests being ".
65: "made.\n" unless $noprint;
66: exit 4;
67: }
68:
69:
70: &enable_root_capability;
71: ($>,$<)=(0,0);
72:
73:
74: # Now run the reload:
75: #
76:
77: system($command);
78:
79: # Remove the lock file.
80:
81:
82:
83: &disable_root_capability;
84: unlink('/tmp/lock_apachereload');
85: exit 0;
86:
87: # ---------------------------------------------- have setuid script run as root
88: sub enable_root_capability {
89: if ($wwwid==$>) {
90: ($<,$>)=($>,0);
91: ($(,$))=($),0);
92: }
93: else {
94: # root capability is already enabled
95: }
96: return $>;
97: }
98:
99: # ----------------------------------------------- have setuid script run as www
100: sub disable_root_capability {
101: if ($wwwid==$<) {
102: ($<,$>)=($>,$<);
103: ($(,$))=($),$();
104: }
105: else {
106: # root capability is already disabled
107: }
108: }
109:
110: # ----------------------- make sure that another apachereload process isn't running
111: sub try_to_lock {
112: my ($lockfile)=@_;
113: my $currentpid;
114: my $lastpid;
115: # Do not manipulate lock file as root
116: if ($>==0) {
117: return 0;
118: }
119: # Try to generate lock file.
120: # Wait 3 seconds. If same process id is in
121: # lock file, then assume lock file is stale, and
122: # go ahead. If process id's fluctuate, try
123: # for a maximum of 10 times.
124: for (0..10) {
125: if (-e $lockfile) {
126: open(LOCK,"<$lockfile");
127: $currentpid=<LOCK>;
128: close LOCK;
129: if ($currentpid==$lastpid) {
130: last;
131: }
132: sleep 3;
133: $lastpid=$currentpid;
134: }
135: else {
136: last;
137: }
138: if ($_==10) {
139: return 0;
140: }
141: }
142: open(LOCK,">$lockfile");
143: print LOCK $$;
144: close LOCK;
145: return 1;
146: }
147:
148: =head1 NAME
149:
150: apachereload -setuid script to reload the apache web server.
151:
152: =head1 DESCRIPTION
153:
154: LON-CAPA - setuid script to reload the apache web server.
155:
156: =head1 README
157:
158: LON-CAPA setuid script to reload the apache web server.
159:
160: =head1 PREREQUISITES
161:
162: =head1 COREQUISITES
163:
164: =pod OSNAMES
165:
166: linux
167:
168: =pod SCRIPT CATEGORIES
169:
170: LONCAPA/Administrative
171:
172: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>