projects
/
ikiwiki.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
added getsetup hooks for all plugins up to recentchanges
[ikiwiki.git]
/
IkiWiki
/
Wrapper.pm
diff --git
a/IkiWiki/Wrapper.pm
b/IkiWiki/Wrapper.pm
index 85d2591175a3904c97f94bf95566b5dd7cf89336..6dc25403e795ae980296272dfb754b00710dbafc 100644
(file)
--- a/
IkiWiki/Wrapper.pm
+++ b/
IkiWiki/Wrapper.pm
@@
-1,35
+1,39
@@
#!/usr/bin/perl
#!/usr/bin/perl
+package IkiWiki;
+
use warnings;
use strict;
use warnings;
use strict;
-use
Cwd q{abs_path}
;
+use
File::Spec
;
use Data::Dumper;
use Data::Dumper;
-
-package IkiWiki;
+use IkiWiki;
sub gen_wrapper () { #{{{
sub gen_wrapper () { #{{{
- $config{srcdir}=
abs_path
($config{srcdir});
- $config{destdir}=
abs_path
($config{destdir});
- my $this=
abs_path
($0);
+ $config{srcdir}=
File::Spec->rel2abs
($config{srcdir});
+ $config{destdir}=
File::Spec->rel2abs
($config{destdir});
+ my $this=
File::Spec->rel2abs
($0);
if (! -x $this) {
if (! -x $this) {
- error(
"$this doesn't seem to be executable"
);
+ error(
sprintf(gettext("%s doesn't seem to be executable"), $this)
);
}
if ($config{setup}) {
}
if ($config{setup}) {
- error(
"cannot create a wrapper that uses a setup file"
);
+ error(
gettext("cannot create a wrapper that uses a setup file")
);
}
my $wrapper=possibly_foolish_untaint($config{wrapper});
}
my $wrapper=possibly_foolish_untaint($config{wrapper});
+ if (! defined $wrapper || ! length $wrapper) {
+ error(gettext("wrapper filename not specified"));
+ }
delete $config{wrapper};
my @envsave;
push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
delete $config{wrapper};
my @envsave;
push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
- HTTP_COOKIE} if $config{cgi};
+ HTTP_COOKIE
REMOTE_USER
} if $config{cgi};
my $envsave="";
foreach my $var (@envsave) {
$envsave.=<<"EOF"
if ((s=getenv("$var")))
my $envsave="";
foreach my $var (@envsave) {
$envsave.=<<"EOF"
if ((s=getenv("$var")))
- a
sprintf(&newenviron[i++], "%s=%s",
"$var", s);
+ a
ddenv(
"$var", s);
EOF
}
EOF
}
@@
-37,44
+41,83
@@
EOF
my $configstring=Data::Dumper->Dump([\%config], ['*config']);
$configstring=~s/\\/\\\\/g;
$configstring=~s/"/\\"/g;
my $configstring=Data::Dumper->Dump([\%config], ['*config']);
$configstring=~s/\\/\\\\/g;
$configstring=~s/"/\\"/g;
+ $configstring=~s/\n/\\n/g;
- open(OUT, ">$wrapper.c") || error("failed to write $wrapper.c: $!");;
+ #translators: The first parameter is a filename, and the second is
+ #translators: a (probably not translated) error message.
+ open(OUT, ">$wrapper.c") || error(sprintf(gettext("failed to write %s: %s"), "$wrapper.c", $!));;
print OUT <<"EOF";
/* A wrapper for ikiwiki, can be safely made suid. */
print OUT <<"EOF";
/* A wrapper for ikiwiki, can be safely made suid. */
-#define _GNU_SOURCE
#include <stdio.h>
#include <stdio.h>
+#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
extern char **environ;
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
extern char **environ;
+char *newenviron[$#envsave+5];
+int i=0;
+
+addenv(char *var, char *val) {
+ char *s=malloc(strlen(var)+1+strlen(val)+1);
+ if (!s)
+ perror("malloc");
+ sprintf(s, "%s=%s", var, val);
+ newenviron[i++]=s;
+}
int main (int argc, char **argv) {
/* Sanitize environment. */
char *s;
int main (int argc, char **argv) {
/* Sanitize environment. */
char *s;
- char *newenviron[$#envsave+4];
- int i=0;
$envsave
newenviron[i++]="HOME=$ENV{HOME}";
newenviron[i++]="WRAPPED_OPTIONS=$configstring";
newenviron[i]=NULL;
environ=newenviron;
$envsave
newenviron[i++]="HOME=$ENV{HOME}";
newenviron[i++]="WRAPPED_OPTIONS=$configstring";
newenviron[i]=NULL;
environ=newenviron;
+ if (setregid(getegid(), -1) != 0 &&
+ setregid(getegid(), -1) != 0) {
+ perror("failed to drop real gid");
+ exit(1);
+ }
+ if (setreuid(geteuid(), -1) != 0 &&
+ setreuid(geteuid(), -1) != 0) {
+ perror("failed to drop real uid");
+ exit(1);
+ }
+
execl("$this", "$this", NULL);
execl("$this", "$this", NULL);
- perror("
failed to run
$this");
+ perror("
exec
$this");
exit(1);
}
EOF
close OUT;
exit(1);
}
EOF
close OUT;
- if (system("gcc", "$wrapper.c", "-o", $wrapper) != 0) {
- error("failed to compile $wrapper.c");
+
+ my $cc=exists $ENV{CC} ? possibly_foolish_untaint($ENV{CC}) : 'cc';
+ if (system($cc, "$wrapper.c", "-o", "$wrapper.new") != 0) {
+ #translators: The parameter is a C filename.
+ error(sprintf(gettext("failed to compile %s"), "$wrapper.c"));
}
unlink("$wrapper.c");
}
unlink("$wrapper.c");
+ if (defined $config{wrappergroup}) {
+ my $gid=(getgrnam($config{wrappergroup}))[2];
+ if (! defined $gid) {
+ error(sprintf("bad wrappergroup"));
+ }
+ if (! chown(-1, $gid, "$wrapper.new")) {
+ error("chown $wrapper.new: $!");
+ }
+ }
if (defined $config{wrappermode} &&
if (defined $config{wrappermode} &&
- ! chmod(oct($config{wrappermode}), $wrapper)) {
- error("chmod $wrapper: $!");
+ ! chmod(oct($config{wrappermode}), "$wrapper.new")) {
+ error("chmod $wrapper.new: $!");
+ }
+ if (! rename("$wrapper.new", $wrapper)) {
+ error("rename $wrapper.new $wrapper: $!");
}
}
- print "successfully generated $wrapper\n";
+ #translators: The parameter is a filename.
+ printf(gettext("successfully generated %s"), $wrapper);
+ print "\n";
} #}}}
1
} #}}}
1