diff options
Diffstat (limited to 'lib/AdminPanel/Shared')
| -rw-r--r-- | lib/AdminPanel/Shared/RunProgram.pm | 352 | ||||
| -rw-r--r-- | lib/AdminPanel/Shared/Services.pm | 56 | ||||
| -rw-r--r-- | lib/AdminPanel/Shared/TimeZone.pm | 5 |
3 files changed, 382 insertions, 31 deletions
diff --git a/lib/AdminPanel/Shared/RunProgram.pm b/lib/AdminPanel/Shared/RunProgram.pm new file mode 100644 index 00000000..4355fb9f --- /dev/null +++ b/lib/AdminPanel/Shared/RunProgram.pm @@ -0,0 +1,352 @@ +package AdminPanel::Shared::RunProgram; + +use strict; +use MDK::Common; +use Sys::Syslog; +use MDK::Common::File qw(cat_); + +use Exporter; +our @ISA = qw(Exporter); +our @EXPORT_OK = qw( + set_default_timeout + run_or_die + rooted_or_die + get_stdout + get_stdout_raw + rooted_get_stdout + run + raw + rooted +); + +=head1 SYNOPSYS + +B<rAdminPanel::Shared::RunProgram> enables to: + +=over 4 + +=item * run programs in foreground or in background, + +=item * to retrieve their stdout or stderr + +=item * ... + +=back + +Most functions exits in a normal form & a rooted one. e.g.: + +=over 4 + +=item * C<run()> & C<rooted()> + +=item * C<get_stdout()> & C<rooted_get_stdout()> + +=back + +Most functions exits in a normal form & one that die. e.g.: + +=over 4 + +=item * C<run()> & C<run_or_die()> + +=item * C<rooted()> & C<rooted_or_die()> + +=back + +=head1 Functions + +=over + +=cut + +1; + +my $default_timeout = 10 * 60; + +=item set_default_timeout($seconds) + +Alters defaults timeout (eg for harddrake service) + +=cut + +sub set_default_timeout { + my ($seconds) = @_; + $default_timeout = $seconds; +} + +=item run_or_die($name, @args) + +Runs $name with @args parameterXs. Dies if it exit code is not 0. + +=cut + +sub run_or_die { + my ($name, @args) = @_; + run($name, @args) or die "$name failed\n"; +} + +=item rooted_or_die($root, $name, @args) + +Similar to run_or_die() but runs in chroot in $root + +=cut + +sub rooted_or_die { + my ($root, $name, @args) = @_; + rooted($root, $name, @args) or die "$name failed\n"; +} + +=item get_stdout($name, @args) + +Similar to run_or_die() but return stdout of program: + +=over 4 + +=item * a list of lines in list context + +=item * a string of concatenated lines in scalar context + +=back + +=cut + +sub get_stdout { + my ($name, @args) = @_; + my @r; + run($name, '>', \@r, @args) or return; + wantarray() ? @r : join('', @r); +} + +=item get_stdout_raw($options, $name, @args) + +Similar to get_stdout() but allow to pass options to raw() + +=cut + +sub get_stdout_raw { + my ($options, $name, @args) = @_; + my @r; + raw($options, $name, '>', \@r, @args) or return; + wantarray() ? @r : join('', @r); +} + +=item rooted_get_stdout($root, $name, @args) + +Similar to get_stdout() but runs in chroot in $root + +=cut + +sub rooted_get_stdout { + my ($root, $name, @args) = @_; + my @r; + rooted($root, $name, '>', \@r, @args) or return; + wantarray() ? @r : join('', @r); +} + +=item run($name, @args) + +Runs $name with @args parameters. + +=cut + +sub run { + raw({}, @_); +} + +=item rooted($root, $name, @args) + +Similar to run() but runs in chroot in $root + +=cut + +sub rooted { + my ($root, $name, @args) = @_; + raw({ root => $root }, $name, @args); +} + +=item raw($options, $name, @args) + +The function used by all the other, making every combination possible. +Runs $name with @args parameters. $options is a hash ref that can contains: + +=over 4 + +=item * B<root>: $name will be chrooted in $root prior to run + +=item * B<as_user>: $name will be run as $ENV{USERHELPER_UID} or with the UID of parent process. Implies I<setuid> + +=item * B<sensitive_arguments>: parameters will be hidden in logs (b/c eg there's a password) + +=item * B<detach>: $name will be run in the background. Default is foreground + +=item * B<chdir>: $name will be run in a different default directory + +=item * B<setuid>: contains a getpwnam(3) struct ; $name will be with droped privileges ; +make sure environment is set right and keep a copy of the X11 cookie + +=item * B<timeout>: execution of $name will be aborted after C<timeout> seconds + +=back + +eg: + +=over 4 + +=item * C<< AdminPanel::Shared::RunProgram::raw({ root => $::prefix, sensitive_arguments => 1 }, "echo -e $user->{password} | cryptsetup luksFormat $device"); >> + +=item * C<< AdminPanel::Shared::RunProgram::raw({ detach => 1 }, '/etc/rc.d/init.d/dm', '>', '/dev/null', '2>', '/dev/null', 'restart'); >> + +=back + +=cut + +sub raw { + my ($options, $name, @args) = @_; + my $root = $options->{root} || ''; + my $real_name = ref($name) ? $name->[0] : $name; + + my ($stdout_raw, $stdout_mode, $stderr_raw, $stderr_mode); + ($stdout_mode, $stdout_raw, @args) = @args if $args[0] =~ /^>>?$/; + ($stderr_mode, $stderr_raw, @args) = @args if $args[0] =~ /^2>>?$/; + + my $home; + if ($options->{as_user}) { + my $uid; + $uid = $ENV{USERHELPER_UID} && getpwuid($ENV{USERHELPER_UID}); + $uid ||= _get_parent_uid(); + $options->{setuid} = getpwnam($uid) if $uid; + my ($full_user) = grep { $_->[2] eq $uid } list_passwd(); + $home = $full_user->[7] if $full_user; + } + local $ENV{HOME} = $home if $home; + + my $args = $options->{sensitive_arguments} ? '<hidden arguments>' : join(' ', @args); + Sys::Syslog::syslog('info|local1', "running: $real_name $args" . ($root ? " with root $root" : "")); + + return if $root && $<; + + $root ? ($root .= '/') : ($root = ''); + + my $tmpdir = sub { + my $dir = $< != 0 ? "$ENV{HOME}/tmp" : -d '/root' ? '/root/tmp' : '/tmp'; + -d $dir or mkdir($dir, 0700); + $dir; + }; + my $stdout = $stdout_raw && (ref($stdout_raw) ? $tmpdir->() . "/.drakx-stdout.$$" : "$root$stdout_raw"); + my $stderr = $stderr_raw && (ref($stderr_raw) ? $tmpdir->() . "/.drakx-stderr.$$" : "$root$stderr_raw"); + + #- checking if binary exist to avoid clobbering stdout file + my $rname = $real_name =~ /(.*?)[\s\|]/ ? $1 : $real_name; + if (! ($rname =~ m!^/! + ? -x "$root$rname" || $root && -l "$root$rname" #- handle non-relative symlink which can be broken when non-rooted + : whereis_binary($rname, $root))) { + Sys::Syslog::syslog('warning', "program not found: $real_name"); + + return; + } + + if (my $pid = fork()) { + if ($options->{detach}) { + $pid; + } else { + my $ok; + add2hash_($options, { timeout => $default_timeout }); + eval { + local $SIG{ALRM} = sub { die "ALARM" }; + my $remaining = $options->{timeout} && $options->{timeout} ne 'never' && alarm($options->{timeout}); + waitpid $pid, 0; + $ok = $? == -1 || ($? >> 8) == 0; + alarm $remaining; + }; + if ($@) { + Sys::Syslog::syslog('warning', "ERROR: killing runaway process (process=$real_name, pid=$pid, args=@args, error=$@)"); + kill 9, $pid; + return; + } + + if ($stdout_raw && ref($stdout_raw)) { + if (ref($stdout_raw) eq 'ARRAY') { + @$stdout_raw = cat_($stdout); + } else { + $$stdout_raw = cat_($stdout); + } + unlink $stdout; + } + if ($stderr_raw && ref($stderr_raw)) { + if (ref($stderr_raw) eq 'ARRAY') { + @$stderr_raw = cat_($stderr); + } else { + $$stderr_raw = cat_($stderr); + } + unlink $stderr; + } + $ok; + } + } else { + if ($options->{setuid}) { + require POSIX; + my ($logname, $home) = (getpwuid($options->{setuid}))[0,7]; + $ENV{LOGNAME} = $logname if $logname; + + # if we were root and are going to drop privilege, keep a copy of the X11 cookie: + if (!$> && $home) { + # FIXME: it would be better to remove this but most callers are using 'detach => 1'... + my $xauth = chomp_(`mktemp $home/.Xauthority.XXXXX`); + system('cp', '-a', $ENV{XAUTHORITY}, $xauth); + system('chown', $logname, $xauth); + $ENV{XAUTHORITY} = $xauth; + } + + # drop privileges: + POSIX::setuid($options->{setuid}); + } + + sub _die_exit { + Sys::Syslog::syslog('warning', $_[0]); + POSIX::_exit(128); + } + if ($stderr && $stderr eq 'STDERR') { + } elsif ($stderr) { + $stderr_mode =~ s/2//; + open STDERR, "$stderr_mode $stderr" or _die_exit("AdminPanel::Shared::RunProgram cannot output in $stderr (mode `$stderr_mode')"); + } elsif ($::isInstall) { + open STDERR, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or _die_exit("AdminPanel::Shared::RunProgram cannot log, give me access to /tmp/ddebug.log"); + } + if ($stdout && $stdout eq 'STDOUT') { + } elsif ($stdout) { + open STDOUT, "$stdout_mode $stdout" or _die_exit("AdminPanel::Shared::RunProgram cannot output in $stdout (mode `$stdout_mode')"); + } elsif ($::isInstall) { + open STDOUT, ">> /tmp/ddebug.log" or open STDOUT, ">> /dev/tty7" or _die_exit("AdminPanel::Shared::RunProgram cannot log, give me access to /tmp/ddebug.log"); + } + + $root and chroot $root; + chdir($options->{chdir} || "/"); + + my $ok = ref $name ? do { + exec { $name->[0] } $name->[1], @args; + } : do { + exec $name, @args; + }; + if (!$ok) { + _die_exit("exec of $real_name failed: $!"); + } + } + +} + +=item get_parent_uid() + +Returns UID of the parent process. + +=cut + +sub _get_parent_uid() { + cat_('/proc/' . getppid() . '/status') =~ /Uid:\s*(\d+)/ ? $1 : undef; +} + + + +#- Local Variables: +#- mode:cperl +#- tab-width:8 +#- End: diff --git a/lib/AdminPanel/Shared/Services.pm b/lib/AdminPanel/Shared/Services.pm index 1870e046..0b2c6973 100644 --- a/lib/AdminPanel/Shared/Services.pm +++ b/lib/AdminPanel/Shared/Services.pm @@ -9,14 +9,14 @@ AdminPanel::Shared::Services - shares the API to manage services =head1 SYNOPSIS use AdminPanel::Shared::Services; - + my ($l, $on_services) = AdminPanel::Shared::Services::services(); =head1 DESCRIPTION This module aims to share all the API to manage system services, to be used from GUI applications or console. - + From the original code drakx services. =head1 EXPORT @@ -83,14 +83,12 @@ use strict; use diagnostics; use Sys::Syslog; -use File::Basename qw( basename ); use AdminPanel::Shared::Locales; -use lib qw(/usr/lib/libDrakX); use MDK::Common::Func qw(find); -use MDK::Common::File qw(cat_); +use MDK::Common::File qw(cat_ basename); use MDK::Common::DataStructure qw(member); -use run_program qw(rooted); +use AdminPanel::Shared::RunProgram qw(rooted); use base qw(Exporter); @@ -138,7 +136,7 @@ THis function return the description for the given service #============================================================= sub description { my %services = ( -acpid => $loc->N_("Listen and dispatch ACPI events from the kernel"), +acpid => $loc->N_("Listen and dispatch ACPI events from the kernel"), alsa => $loc->N_("Launch the ALSA (Advanced Linux Sound Architecture) sound system"), anacron => $loc->N_("Anacron is a periodic command scheduler."), apmd => $loc->N_("apmd is used for monitoring battery status and logging it via syslog. @@ -155,10 +153,10 @@ cups => $loc->N_("Common UNIX Printing System (CUPS) is an advanced printer spoo dm => $loc->N_("Launches the graphical display manager"), fam => $loc->N_("FAM is a file monitoring daemon. It is used to get reports when files change. It is used by GNOME and KDE"), -g15daemon => $loc->N_("G15Daemon allows users access to all extra keys by decoding them and -pushing them back into the kernel via the linux UINPUT driver. This driver must be loaded -before g15daemon can be used for keyboard access. The G15 LCD is also supported. By default, -with no other clients active, g15daemon will display a clock. Client applications and +g15daemon => $loc->N_("G15Daemon allows users access to all extra keys by decoding them and +pushing them back into the kernel via the linux UINPUT driver. This driver must be loaded +before g15daemon can be used for keyboard access. The G15 LCD is also supported. By default, +with no other clients active, g15daemon will display a clock. Client applications and scripts can access the LCD via a simple API."), gpm => $loc->N_("GPM adds mouse support to text-based Linux applications such the Midnight Commander. It also allows mouse-based console cut-and-paste operations, @@ -282,7 +280,7 @@ $enable: enable/disable service =head3 DESCRIPTION -This function enable/disable at boot the given service +This function enable/disable at boot the given service =cut @@ -294,25 +292,25 @@ sub set_service { if (MDK::Common::DataStructure::member($service, @xinetd_services)) { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, "/usr/sbin/chkconfig", $enable ? "--add" : "--del", $service); + AdminPanel::Shared::RunProgram::rooted($::prefix, "/usr/sbin/chkconfig", $enable ? "--add" : "--del", $service); } elsif (_running_systemd() || _has_systemd()) { # systemctl rejects any symlinked units. You have to enabled the real file if (-l "/lib/systemd/system/$service.service") { my $name = readlink("/lib/systemd/system/$service.service"); - $service = File::Basename::basename($name); + $service = MDK::Common::File::basename($name); } else { $service = $service . ".service"; } $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, "/usr/bin/systemctl", $enable ? "enable" : "disable", $service); + AdminPanel::Shared::RunProgram::rooted($::prefix, "/usr/bin/systemctl", $enable ? "enable" : "disable", $service); } else { my $script = "/etc/rc.d/init.d/$service"; $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, "/usr/sbin/chkconfig", $enable ? "--add" : "--del", $service); + AdminPanel::Shared::RunProgram::rooted($::prefix, "/usr/sbin/chkconfig", $enable ? "--add" : "--del", $service); #- FIXME: handle services with no chkconfig line and with no Default-Start levels in LSB header if ($enable && MDK::Common::File::cat_("$::prefix$script") =~ /^#\s+chkconfig:\s+-/m) { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, "/usr/sbin/chkconfig", "--level", "35", $service, "on"); + AdminPanel::Shared::RunProgram::rooted($::prefix, "/usr/sbin/chkconfig", "--level", "35", $service, "on"); } } } @@ -322,26 +320,26 @@ sub _run_action { if (_running_systemd()) { if ($do_not_block) { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, '/usr//bin/systemctl', '--no-block', $action, "$service.service"); + AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/systemctl', '--no-block', $action, "$service.service"); } else { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, '/usr/bin/systemctl', $action, "$service.service"); + AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/systemctl', $action, "$service.service"); } } else { $ENV{PATH} = "/usr/bin:/usr/sbin:/etc/rc.d/init.d/"; - run_program::rooted($::prefix, "/etc/rc.d/init.d/$service", $action); + AdminPanel::Shared::RunProgram::rooted($::prefix, "/etc/rc.d/init.d/$service", $action); } } sub _running_systemd() { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, '/usr/bin/mountpoint', '-q', '/sys/fs/cgroup/systemd'); + AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/mountpoint', '-q', '/sys/fs/cgroup/systemd'); } sub _has_systemd() { $ENV{PATH} = "/usr/bin:/usr/sbin"; - run_program::rooted($::prefix, '/usr/bin/rpm', '-q', 'systemd'); + AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/rpm', '-q', 'systemd'); } #============================================================= @@ -364,7 +362,7 @@ sub xinetd_services() { local $ENV{LANGUAGE} = 'C'; my @xinetd_services; $ENV{PATH} = "/usr/bin:/usr/sbin"; - foreach (run_program::rooted_get_stdout($::prefix, '/usr/sbin/chkconfig', '--list', '--type', 'xinetd')) { + foreach (AdminPanel::Shared::RunProgram::rooted_get_stdout($::prefix, '/usr/sbin/chkconfig', '--list', '--type', 'xinetd')) { if (my ($xinetd_name, $on_off) = m!^\t(\S+):\s*(on|off)!) { push @xinetd_services, [ $xinetd_name, $on_off eq 'on' ]; } @@ -378,19 +376,19 @@ sub _systemd_services() { my %loaded; # Running system using systemd Sys::Syslog::syslog('info|local1', "Detected systemd running. Using systemctl introspection."); - foreach (run_program::rooted_get_stdout($::prefix, '/usr/bin/systemctl', '--full', '--all', 'list-units')) { + foreach (AdminPanel::Shared::RunProgram::rooted_get_stdout($::prefix, '/usr/bin/systemctl', '--full', '--all', 'list-units')) { if (my ($name) = m!^(\S+)\.service\s+loaded!) { # We only look at non-template, non-linked service files in /lib # We also check for any non-masked sysvinit files as these are # also handled by systemd if ($name !~ /.*\@$/g && (-e "$::prefix/lib/systemd/system/$name.service" or -e "$::prefix/etc/rc.d/init.d/$name") && ! -l "$::prefix/lib/systemd/system/$name.service") { - push @services, [ $name, !!run_program::rooted($::prefix, '/usr/bin/systemctl', '--quiet', 'is-enabled', "$name.service") ]; + push @services, [ $name, !!AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/systemctl', '--quiet', 'is-enabled', "$name.service") ]; $loaded{$name} = 1; } } } # list-units will not list disabled units that can be enabled - foreach (run_program::rooted_get_stdout($::prefix, '/usr/bin/systemctl', '--full', 'list-unit-files')) { + foreach (AdminPanel::Shared::RunProgram::rooted_get_stdout($::prefix, '/usr/bin/systemctl', '--full', 'list-unit-files')) { if (my ($name) = m!^(\S+)\.service\s+disabled!) { # We only look at non-template, non-linked service files in /lib # We also check for any non-masked sysvinit files as these are @@ -450,7 +448,7 @@ sub _legacy_services() { if (!$::isInstall) { $runlevel = (split " ", `/sbin/runlevel`)[1]; } - foreach (run_program::rooted_get_stdout($::prefix, '/sbin/chkconfig', '--list', '--type', 'sysv')) { + foreach (AdminPanel::Shared::RunProgram::rooted_get_stdout($::prefix, '/sbin/chkconfig', '--list', '--type', 'sysv')) { if (my ($name, $l) = m!^(\S+)\s+(0:(on|off).*)!) { # If we expect to use systemd (i.e. installer) only show those # sysvinit scripts which are not masked by a native systemd unit. @@ -678,10 +676,10 @@ sub is_service_running ($) { my $out; if (_running_systemd()) { $ENV{PATH} = "/usr/bin:/usr/sbin"; - $out = run_program::rooted($::prefix, '/usr/bin/systemctl', '--quiet', 'is-active', "$service.service"); + $out = AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/bin/systemctl', '--quiet', 'is-active', "$service.service"); } else { $ENV{PATH} = "/usr/bin:/usr/sbin"; - $out = run_program::rooted($::prefix, '/usr/sbin/service', $service, 'status'); + $out = AdminPanel::Shared::RunProgram::rooted($::prefix, '/usr/sbin/service', $service, 'status'); } return $out; } diff --git a/lib/AdminPanel/Shared/TimeZone.pm b/lib/AdminPanel/Shared/TimeZone.pm index 969df940..552060b5 100644 --- a/lib/AdminPanel/Shared/TimeZone.pm +++ b/lib/AdminPanel/Shared/TimeZone.pm @@ -61,8 +61,9 @@ use File::Copy; use AdminPanel::Shared::Locales; use AdminPanel::Shared::Services; -use MDK::Common::File; -use MDK::Common::Func; +use MDK::Common::File qw(cat_ output_p substInFile); +use MDK::Common::Func qw(find if_); + #============================================================= |