aboutsummaryrefslogtreecommitdiffstats
path: root/iurt_root_command
diff options
context:
space:
mode:
authorFlorent Villard <warly@mandriva.com>2006-12-07 13:18:00 +0000
committerFlorent Villard <warly@mandriva.com>2006-12-07 13:18:00 +0000
commit97e20ef2448702a405f4b9f7d2688a39b2a89365 (patch)
tree3006a7db0988bec7336323821e6aff52332936c4 /iurt_root_command
parentf5e04b904298119c0272ac75f9132e9a0dafd761 (diff)
downloadiurt-97e20ef2448702a405f4b9f7d2688a39b2a89365.tar
iurt-97e20ef2448702a405f4b9f7d2688a39b2a89365.tar.gz
iurt-97e20ef2448702a405f4b9f7d2688a39b2a89365.tar.bz2
iurt-97e20ef2448702a405f4b9f7d2688a39b2a89365.tar.xz
iurt-97e20ef2448702a405f4b9f7d2688a39b2a89365.zip
be less restrictive for copying file into /root
Diffstat (limited to 'iurt_root_command')
-rwxr-xr-xiurt_root_command123
1 files changed, 63 insertions, 60 deletions
diff --git a/iurt_root_command b/iurt_root_command
index cfc763e..361e01d 100755
--- a/iurt_root_command
+++ b/iurt_root_command
@@ -20,6 +20,7 @@
#
# run commands which needs root privilege
#
+use lib '/usr/local/lib/perl';
use strict;
my $program_name = 'iurt_root_command';
@@ -32,16 +33,16 @@ my $arg = @ARGV;
my (@params, %run);
$run{program_name} = $program_name;
-my %authorized_modules = ( 'unionfs' => 1 );
+my %authorized_modules = ('unionfs' => 1);
my $sudo = '/usr/bin/sudo';
-$run{todo} = [ ];
+$run{todo} = [];
@params = (
# [ "one letter option", "long name option", "number of args (-X means ´at least X´)", "help text", "function to call", "log info"]
#
# no_rsync, config_help and copy_srpm kept for compatibility reasons
#
- [ "", "$program_name", 0, "[--verbose <level>]
+ [ "", $program_name, 0, "[--verbose <level>]
[--modprobe <module>]
[--mkdir [--parents] <dir1> <dir2> ... <dirn>]",
"$program_name is a perl script to execute commands which need root privilege, it helps probram which needs occasional root privileges for some commands.",
@@ -52,7 +53,7 @@ $run{todo} = [ ];
my ($tmp, @arg) = @_;
$tmp->[0] ||= {};
push @$tmp, @arg;
- 1
+ 1;
}, "Setting cp command arguments"],
["r", "recursive", 0, "",
"Also copy directories and subdirectories",
@@ -66,7 +67,7 @@ $run{todo} = [ ];
my ($tmp, @arg) = @_;
$tmp->[0] ||= {};
push @$tmp, @arg;
- 1
+ 1;
}, "Setting ln command arguments"],
# ["r", "recursive", 0, "",
# "Also create needed parents directories",
@@ -80,7 +81,7 @@ $run{todo} = [ ];
my ($tmp, @arg) = @_;
$tmp->[0] ||= {};
push @$tmp, @arg;
- 1
+ 1;
}, "Setting auto mode arguments"],
["p", "parents", 0, "",
"Also create needed parents directories",
@@ -94,7 +95,7 @@ $run{todo} = [ ];
my ($tmp, @arg) = @_;
$tmp->[0] ||= {};
push @$tmp, @arg;
- 1
+ 1;
}, "Setting rm command arguments"],
["r", "recursive", 0, "",
"Also create needed parents directories",
@@ -107,95 +108,97 @@ $run{todo} = [ ];
\&initdb, "Initializing the rpm database" ],
[ "v", "verbose", 1, "<verbose level>",
"modprobe try to modprobe the given module if authorized.",
- sub { $run{verbose} = @_->[0]; 1 }, "Setting verbose level" ],
+ sub { $run{verbose} = $_[0]; 1 }, "Setting verbose level" ],
[ "", "modprobe", 1, "<module>]",
"modprobe try to modprobe the given module if authorized.",
\&modprobe, "Modprobing" ],
);
open(my $LOG, ">&STDERR");
-$run{LOG} = $LOG;
+$run{LOG} = sub { print $LOG @_ };
-plog_init($program_name, $LOG, $run{verbose});
+#plog_init($program_name, $LOG, $run{verbose});
+plog_init($program_name, $LOG, 7, 1);
my $todo = parseCommandLine($program_name, \@ARGV, \@params);
@ARGV and usage($program_name, \@params, "@ARGV, too many arguments");
+
my $ok = 1;
foreach my $t (@$todo) {
- plog(6, $t->[2]\n" if $run{verbose});
+ plog('DEBUG', $t->[2]);
my $ok2 = &{$t->[0]}(\%run, @{$t->[1]});
- $ok2 or print {$run{LOG}} "ERROR: $t->[2]\n";
+ $ok2 or plog("ERROR: $t->[2]");
$ok &&= $ok2;
}
-print "$program_name: Success!\n" if $ok;
+plog('DEBUG', "Success!") if $ok;
exit !$ok;
sub modprobe {
- my ($run, $module) = @_;
+ my ($_run, $module) = @_;
if (!$authorized_modules{$module}) {
plog("ERROR: unauthorized module $module");
- return 0
+ return 0;
}
open my $modules, '/proc/modules';
- my $ok;
while (my $m = <$modules>) {
if ($m =~ /unionfs/) {
- return 1
+ return 1;
}
}
system($sudo, "/sbin/depmod", "-a");
- !system($sudo, "/sbin/modprobe", "-f", $module)
+ !system($sudo, "/sbin/modprobe", "-f", $module);
}
sub mkdir {
- my ($run, $opt, @dir) = @_;
+ my ($_run, $opt, @dir) = @_;
foreach my $path (@dir) {
-d $path and next;
- if ($path =~ m,/dev|/proc|/root|/var, && $path !~ /chroot|unionfs/) {
- plog("ERROR: $path creation forbidden");
+ if ($path =~ m,/dev|/proc|/var, && $path !~ /chroot|unionfs/) {
+ plog('FAIL', "ERROR: $path creation forbidden");
}
if ($opt->{parents}) {
- mkdir_p $path
+ mkdir_p $path;
} else {
- mkdir $path
+ mkdir $path;
}
}
- 1
+ 1;
}
sub initdb {
- my ($run, $chroot) = @_;
+ my ($_run, $chroot) = @_;
if (-d $chroot && $chroot !~ /chroot|unionfs/) {
- plog($program_name: rpm --initdb not authorized in $chroot");
- return 0
+ plog('FAIL', "rpm --initdb not authorized in $chroot");
+ return 0;
}
- !system("rpm", "--initdb", "--root", "$chroot")
+ !system('rpm', '--initdb', '--root', $chroot);
}
sub rm {
- my ($run, $opt, @files) = @_;
+ my ($_run, $opt, @files) = @_;
my $ok = 1;
my $done;
- my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
+ my $unauthorized = "^(/etc|/dev|/var|/lib|/usr)";
+
foreach my $f (@files) {
if (-d $f) {
if (!$opt->{recursive}) {
- plog("can't remove directories without the -r option");
- $ok = 0
+ plog('WARN', "can't remove directories without the -r option");
+ $ok = 0;
} else {
if ($f =~ m,$unauthorized,) {
- plog("removal of $f forbidden");
- $ok = 0
+ plog('FAIL', "removal of $f forbidden");
+ $ok = 0;
} else {
system($sudo, 'rm', '-rf', $f);
- plog(1, "removing $f");
- $done = 1
+ plog('DEBUG', "removing $f");
+ $done = 1;
}
}
} else {
if ($f =~ m,/$unauthorized,) {
plog("removal of $f forbidden");
- $ok = 0
+ $ok = 0;
} else {
# CM: The original regexp was /\*?/, which doesn't seem to be
# what we want. Check if we can always glob instead of
@@ -204,77 +207,77 @@ sub rm {
if ($f =~ /[*?]/) {
foreach my $file (glob $f) {
if ($f =~ m,$unauthorized,) {
- plog("removal of $f forbidden");
- $ok = 0
+ plog('FAIL', "removal of $f forbidden");
+ $ok = 0;
} else {
unlink $file;
$done = 1;
- plog(1, "removing $file");
+ plog('DEBUG', "removing $file");
}
}
} else {
unlink $f;
$done = 1;
- plog(1, "removing $f");
+ plog('DEBUG', "removing $f");
}
}
}
}
- if (!$done) { plog("nothing deleted"); }
- $ok
+ if (!$done) { plog('DEBUG', "nothing deleted") }
+ $ok;
}
sub cp {
- my ($run, $opt, @files) = @_;
+ my ($_run, $opt, @files) = @_;
my $ok = 1;
my $done;
my $dest = pop @files;
- my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
+ my $unauthorized = "^(/etc|/dev|/var|/lib|/usr)";
if ($dest =~ /$unauthorized/ || $dest eq '/') {
- plog("copying to $dest forbidden");
- return
+ plog('FAIL', "copying to $dest forbidden");
+ return;
}
foreach my $f (@files) {
if (-d $f) {
if (!$opt->{recursive}) {
- plog("can't copy directories without the -r option");
- $ok = 0
+ plog('WARN', "can't copy directories without the -r option");
+ $ok = 0;
} else {
system($sudo, 'cp', '-raf', $f);
- plog(1, "copying $f -> $dest");
- $done = 1
+ plog('DEBUG', "copying $f -> $dest");
+ $done = 1;
}
} else {
if ($f =~ /\*?/) {
foreach my $file (glob $f) {
if (copy $file, $dest) {
$done = 1;
- plog(1, "copying $file -> $dest");
+ plog('DEBUG', "copying $file -> $dest");
} else {
$ok = 0;
- plog(1, "copying $file to $dest failed ($!)");
+ plog('FAIL', "copying $file to $dest failed ($!)");
}
}
} else {
if (copy $f, $dest) {
$done = 1;
- plog(1, "copying $f -> $dest");
+ plog('DEBUG', "copying $f -> $dest");
} else {
$ok = 0;
- plog(1, "copying $f to $dest failed ($!)");
+ plog('FAIL', "copying $f to $dest failed ($!)");
}
}
}
}
- if (!$done) { plog("nothing copied"); }
- $ok
+ if (!$done) { plog('DEBUG', "nothing copied") }
+ $ok;
}
sub ln {
- my ($run, $opt, $file1, $file2) = @_;
- my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
+ my ($_run, $_opt, $file1, $file2) = @_;
+ my $unauthorized = "^(/etc|/dev|/var|/lib|/usr)";
if ($file2 =~ /$unauthorized/ || $file2 eq '/') {
- plog("linking to $file2 forbidden");
+ plog('FAIL', "linking to $file2 forbidden");
return;
}
link $file1, $file2;