From: <sa...@kr...> - 2006-11-06 22:52:43
|
Log Message: ----------- Modified Krang::Script to optionally skip su-ing to KrangUser. This is useful in krang_export to avoid chicken-and-egg problems with Dataset, which needs to be loaded before su-ing but also needs access to addons. Modified Files: -------------- krang/lib/Krang: Script.pm krang/bin: krang_export Revision Data ------------- Index: Script.pm =================================================================== RCS file: /usr/local/krang-cvs/krang/lib/Krang/Script.pm,v retrieving revision 1.16 retrieving revision 1.17 diff -Llib/Krang/Script.pm -Llib/Krang/Script.pm -u -r1.16 -r1.17 --- lib/Krang/Script.pm +++ lib/Krang/Script.pm @@ -8,17 +8,24 @@ Krang::Script - loader for the Krang scripts =head1 SYNOPSIS - + + # load normally use Krang::ClassLoader 'Script'; + # load without switching priviliges + use Krang::ClassLoader Script => 'no_su'; + =head1 DESCRIPTION This module exists to load and configure the Krang system for command-line scripts. -The first thing the module does is attempt to become the configured -KrangUser and KrangGroup. If you're not already KrangUser then you'll -need to be root in order to change into KrangUser. +The first thing the module does is call any registered addon +InitHandlers. See F<add_on.pod> for details. + +Next Krang attempts to become the configured KrangUser and KrangGroup, +unless passed the 'no_su' option. If you're not already KrangUser +then you'll need to be root in order to change into KrangUser. Next the module sets REMOTE_USER to the user ID of the special hidden 'system' user. This user has global admin access to all Krang @@ -49,49 +56,51 @@ use Krang::ClassLoader 'User'; use Krang::ClassLoader 'AddOn'; -# trigger init handler now -BEGIN { pkg('AddOn')->call_handler('InitHandler') } - -BEGIN { +sub import { + my $pkg = shift; + my %opts = map { ($_, 1) } @_; + + # trigger init handler now + pkg('AddOn')->call_handler('InitHandler'); + # make sure we are KrangUser/KrangGroup + unless ($opts{'no_su'}) { + # get current uid/gid + my $uid = $>; + my %gid = map { ($_ => 1) } split( ' ', $) ); + + # extract desired uid/gid + my @uid_data = getpwnam(KrangUser); + warn("Unable to find user for KrangUser '" . KrangUser . "'."), exit(1) + unless @uid_data; + my $krang_uid = $uid_data[2]; + my @gid_data = getgrnam(KrangGroup); + warn("Unable to find user for KrangGroup '" . KrangGroup . "'."), exit(1) + unless @gid_data; + my $krang_gid = $gid_data[2]; + + # become KrangUser/KrangGroup if necessary + if ($gid{$krang_gid}) { + eval { $) = $krang_gid; }; + warn("Unable to become KrangGroup '" . KrangGroup . "' : $@\n" . + "Maybe you need to start this process as root.\n") and exit(1) + if $@; + warn("Failed to become KrangGroup '" . KrangGroup . "' : $!.\n" . + "Maybe you need to start this process as root.\n") and exit(1) + unless $) == $krang_gid; + } - # get current uid/gid - my $uid = $>; - my %gid = map { ($_ => 1) } split( ' ', $) ); - - # extract desired uid/gid - my @uid_data = getpwnam(KrangUser); - warn("Unable to find user for KrangUser '" . KrangUser . "'."), exit(1) - unless @uid_data; - my $krang_uid = $uid_data[2]; - my @gid_data = getgrnam(KrangGroup); - warn("Unable to find user for KrangGroup '" . KrangGroup . "'."), exit(1) - unless @gid_data; - my $krang_gid = $gid_data[2]; - - # become KrangUser/KrangGroup if necessary - if ($gid{$krang_gid}) { - eval { $) = $krang_gid; }; - warn("Unable to become KrangGroup '" . KrangGroup . "' : $@\n" . - "Maybe you need to start this process as root.\n") and exit(1) - if $@; - warn("Failed to become KrangGroup '" . KrangGroup . "' : $!.\n" . - "Maybe you need to start this process as root.\n") and exit(1) - unless $) == $krang_gid; - } - - if ($uid != $krang_uid) { - eval { $> = $krang_uid; }; - warn("Unable to become KrangUser '" . KrangUser . "' : $@\n" . - "Maybe you need to start this process as root.\n") and exit(1) - if $@; - warn("Failed to become KrangUser '" . KrangUser . "' : $!\n" . - "Maybe you need to start this process as root.\n") and exit(1) - unless $> == $krang_uid; + if ($uid != $krang_uid) { + eval { $> = $krang_uid; }; + warn("Unable to become KrangUser '" . KrangUser . "' : $@\n" . + "Maybe you need to start this process as root.\n") and exit(1) + if $@; + warn("Failed to become KrangUser '" . KrangUser . "' : $!\n" . + "Maybe you need to start this process as root.\n") and exit(1) + unless $> == $krang_uid; + } } -} -BEGIN { # Set Krang instance if not running under mod_perl my $instance = $ENV{KRANG_INSTANCE}; if (not defined $instance) { Index: krang_export =================================================================== RCS file: /usr/local/krang-cvs/krang/bin/krang_export,v retrieving revision 1.16 retrieving revision 1.17 diff -Lbin/krang_export -Lbin/krang_export -u -r1.16 -r1.17 --- bin/krang_export +++ bin/krang_export @@ -157,6 +157,7 @@ use Krang::ClassFactory qw(pkg); use Getopt::Long; use Pod::Usage; +use Krang::ClassLoader Script => 'no_su'; use Krang::ClassLoader 'DataSet'; # process args and open the output file before dropping privs @@ -243,7 +244,7 @@ } } -use Krang::ClassLoader 'Script'; +use Krang::ClassLoader 'Script'; # load again to su if needed use Krang::ClassLoader Conf => qw(KrangRoot); use File::Temp qw(tempfile); |