diff options
| -rw-r--r-- | iurt_root_command | 111 |
1 files changed, 104 insertions, 7 deletions
diff --git a/iurt_root_command b/iurt_root_command index fa6a3b6..292906a 100644 --- a/iurt_root_command +++ b/iurt_root_command @@ -27,6 +27,7 @@ use strict; my $program_name = 'iurt_root_command'; use Mkcd::Commandline qw(parseCommandLine usage); use MDK::Common; +use File::NCopy qw(copy); my $arg = @ARGV; my (@params, %run); @@ -46,6 +47,34 @@ $run{todo} = [ ]; [--mkdir [--parents] <dir1> <dir2> ... <dirn>]", "$program_name is a perl script to execute commands which need root privilege, it helps probram which needs occasional root privileges for some commands.", sub { $arg or usage($program_name, \@params) }, "Running $program_name" ], + [ "", "cp", [ + ["", "cp", -1, "[-r] <file1> <file2> ... <filen> <dest>]", "copy the files to dest", + sub { + my ($tmp, @arg) = @_; + $tmp->[0] ||= {}; + push @$tmp, @arg; + 1 + }, "Setting cp command arguments"], + ["r", "recursive", 0, "", + "Also copy directories and subdirectories", + sub { my ($tmp) = @_; $tmp->[0]{recursive} = 1; 1 }, "Set the recursive flag"], + ], "[-r] <file1> <file2> ... <filen> <dest>", + "Copy files", + \&cp, "Copying files" ], + [ "", "ln", [ + ["", "ln", 2, "<file1> <file2>", "link file1 to file2", + sub { + my ($tmp, @arg) = @_; + $tmp->[0] ||= {}; + push @$tmp, @arg; + 1 + }, "Setting ln command arguments"], +# ["r", "recursive", 0, "", +# "Also create needed parents directories", +# sub { my ($tmp) = @_; $tmp->[0]{recursive} = 1; 1 }, "Set the recursive flag"], + ], "<file1> <file2>", + "Link files", + \&ln, "Linking files" ], [ "", "mkdir", [ ["", "mkdir", -1, "[--parents] <dir1> <dir2> ... <dirn>]", "mkdir create the given path", sub { @@ -61,7 +90,7 @@ $run{todo} = [ ]; "mkdir create the given path", \&mkdir, "Creating the path" ], [ "", "rm", [ - ["", "rm", -1, "[-f] [-r] <file1> <file2> ... <filen>]", "remove the provided files", + ["", "rm", -1, "[-r] <file1> <file2> ... <filen>", "remove the provided files", sub { my ($tmp, @arg) = @_; $tmp->[0] ||= {}; @@ -71,7 +100,7 @@ $run{todo} = [ ]; ["r", "recursive", 0, "", "Also create needed parents directories", sub { my ($tmp) = @_; $tmp->[0]{recursive} = 1; 1 }, "Set the recursive flag"], - ], "[-r] <file1> <file2> ... <filen>]", + ], "[-r] <file1> <file2> ... <filen>", "Remove files", \&rm, "Removing files" ], [ "", "initdb", 1 , "<chroot>]", @@ -88,14 +117,18 @@ $run{todo} = [ ]; open(my $LOG, ">&STDERR"); $run{LOG} = $LOG; +#print {$run{LOG}} "$program_name: @ARGV\n"; my $todo = parseCommandLine($program_name, \@ARGV, \@params); @ARGV and usage($program_name, \@params, "@ARGV, too many arguments"); +my $ok = 1; foreach my $t (@$todo) { print {$run{LOG}} "$program_name: $t->[2]\n" if $run{verbose} > 5; - &{$t->[0]}(\%run, @{$t->[1]}) or print {$run{LOG}} "ERROR: $t->[2]\n"; + my $ok2 = &{$t->[0]}(\%run, @{$t->[1]}); + $ok2 or print {$run{LOG}} "ERROR: $t->[2]\n"; + $ok &&= $ok2; } - -exit; +print "$program_name: Success!\n" if $ok; +exit !$ok; sub modprobe { my ($run, $module) = @_; @@ -103,6 +136,13 @@ sub modprobe { print {$run->{LOG}} "ERROR $program_name: unauthorized module $module\n"; return 0 } + open my $modules, '/proc/modules'; + my $ok; + while (my $m = <$modules>) { + if ($m =~ /unionfs/) { + return 1 + } + } system($sudo, "/sbin/depmod", "-a"); !system($sudo, "/sbin/modprobe", "-f", $module) } @@ -153,13 +193,13 @@ sub rm { } } } else { - if ($f =~ m,/root|/dev|/var|/lib|/usr,) { + if ($f =~ m,/$unauthorized,) { print {$run->{LOG}} "$program_name: removal of $f forbidden\n"; $ok = 0 } else { if ($f =~ /\*?/) { foreach my $file (glob $f) { - if ($f =~ m,/root|/dev|/var|/lib|/usr,) { + if ($f =~ m,$unauthorized,) { print {$run->{LOG}} "$program_name: removal of $f forbidden\n"; $ok = 0 } else { @@ -179,3 +219,60 @@ sub rm { if (!$done) { print {$run->{LOG}} "$program_name: nothing deleted\n" } $ok } + +sub cp { + my ($run, $opt, @files) = @_; + my $ok = 1; + my $done; + my $dest = pop @files; + my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; + if ($dest =~ /$unauthorized/ || $dest eq '/') { + print {$run->{LOG}} "$program_name: copying to $dest forbidden\n"; + return + } + foreach my $f (@files) { + if (-d $f) { + if (!$opt->{recursive}) { + print {$run->{LOG}} "$program_name: could not copy directories without the -r option\n"; + $ok = 0 + } else { + system($sudo, 'cp', '-raf', $f); + print {$run->{LOG}} "$program_name: copying $f -> $dest\n" if $run->{verbose}; + $done = 1 + } + } else { + if ($f =~ /\*?/) { + foreach my $file (glob $f) { + if (copy $file, $dest) { + $done = 1; + print {$run->{LOG}} "$program_name: copying $file -> $dest\n" if $run->{verbose} + } else { + $ok = 0; + print {$run->{LOG}} "$program_name: copying $file to $dest failed ($!)\n" if $run->{verbose} + } + } + } else { + if (copy $f, $dest) { + $done = 1; + print {$run->{LOG}} "$program_name: copying $f -> $dest\n" if $run->{verbose} + } else { + $ok = 0; + print {$run->{LOG}} "$program_name: copying $f to $dest failed ($!)\n" if $run->{verbose} + } + } + } + } + if (!$done) { print {$run->{LOG}} "$program_name: nothing copied\n" } + $ok +} + +sub ln { + my ($run, $opt, $file1, $file2) = @_; + my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; + if ($file2 =~ /$unauthorized/ || $file2 eq '/') { + print {$run->{LOG}} "$program_name: linking to $file2 forbidden\n"; + return + } + link $file1, $file2; +} + |