summaryrefslogtreecommitdiff
path: root/IkiWiki/Wrapper.pm
blob: 4fe2d8111d0a76714f37387f41da4d2666f3f5e2 (plain) 
    

  1. #!/usr/bin/perl
    2. 

  2. 

  3. package IkiWiki;
    4. 

  4. 

  5. use warnings;
    6. 

  6. use strict;
    7. 

  7. use File::Spec;
    8. 

  8. use Data::Dumper;
    9. 

  9. use IkiWiki;
    10. 

  10. 

  11. sub gen_wrappers () {
    12. 

  12.     debug(gettext("generating wrappers.."));
    13. 

  13.     my %origconfig=(%config);
    14. 

  14.     foreach my $wrapper (@{$config{wrappers}}) {
    15. 

  15.         %config=(%origconfig, %{$wrapper});
    16. 

  16.         $config{verbose}=$config{setupverbose}
    17. 

  17.             if exists $config{setupverbose};
    18. 

  18.         $config{syslog}=$config{setupsyslog}
    19. 

  19.             if exists $config{setupsyslog};
    20. 

  20.         delete @config{qw(setupsyslog setupverbose wrappers genwrappers rebuild)};
    21. 

  21.         checkconfig();
    22. 

  22.         if (! $config{cgi} && ! $config{post_commit} &&
    23. 

  23.             ! $config{test_receive}) {
    24. 

  24.             $config{post_commit}=1;
    25. 

  25.         }
    26. 

  26.         gen_wrapper();
    27. 

  27.     }
    28. 

  28.     %config=(%origconfig);
    29. 

  29. }
    30. 

  30. 

  31. sub gen_wrapper () {
    32. 

  32.     $config{srcdir}=File::Spec->rel2abs($config{srcdir});
    33. 

  33.     $config{destdir}=File::Spec->rel2abs($config{destdir});
    34. 

  34.     my $this=File::Spec->rel2abs($0);
    35. 

  35.     if (! -x $this) {
    36. 

  36.         error(sprintf(gettext("%s doesn't seem to be executable"), $this));
    37. 

  37.     }
    38. 

  38. 

  39.     if ($config{setup}) {
    40. 

  40.         error(gettext("cannot create a wrapper that uses a setup file"));
    41. 

  41.     }
    42. 

  42.     my $wrapper=possibly_foolish_untaint($config{wrapper});
    43. 

  43.     if (! defined $wrapper || ! length $wrapper) {
    44. 

  44.         error(gettext("wrapper filename not specified"));
    45. 

  45.     }
    46. 

  46.     delete $config{wrapper};
    47. 

  47.     
    48. 

  48.     my @envsave;
    49. 

  49.     push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
    50. 

  50.                    CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
    51. 

  51.                HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
    52. 

  52.                HTTP_HOST SERVER_PORT HTTPS
    53. 

  53.                REDIRECT_URL} if $config{cgi};
    54. 

  54.     my $envsave="";
    55. 

  55.     foreach my $var (@envsave) {
    56. 

  56.         $envsave.=<<"EOF";
    57. 

  57.     if ((s=getenv("$var")))
    58. 

  58.         addenv("$var", s);
    59. 

  59. EOF
    60. 

  60.     }
    61. 

  61.     
    62. 

  62.     my @wrapper_hooks;
    63. 

  63.     run_hooks(genwrapper => sub { push @wrapper_hooks, shift->() });
    64. 

  64. 

  65.     my $check_commit_hook="";
    66. 

  66.     my $pre_exec="";
    67. 

  67.     if ($config{post_commit}) {
    68. 

  68.         # Optimise checking !commit_hook_enabled() , 
    69. 

  69.         # so that ikiwiki does not have to be started if the
    70. 

  70.         # hook is disabled.
    71. 

  71.         #
    72. 

  72.         # Note that perl's flock may be implemented using fcntl
    73. 

  73.         # or lockf on some systems. If so, and if there is no
    74. 

  74.         # interop between the locking systems, the true C flock will
    75. 

  75.         # always succeed, and this optimisation won't work.
    76. 

  76.         # The perl code will later correctly check the lock,
    77. 

  77.         # so the right thing will still happen, though without
    78. 

  78.         # the benefit of this optimisation.
    79. 

  79.         $check_commit_hook=<<"EOF";
    80. 

  80.     {
    81. 

  81.         int fd=open("$config{wikistatedir}/commitlock", O_CREAT | O_RDWR, 0666);
    82. 

  82.         if (fd != -1) {
    83. 

  83.             if (flock(fd, LOCK_SH | LOCK_NB) != 0)
    84. 

  84.                 exit(0);
    85. 

  85.             close(fd);
    86. 

  86.         }
    87. 

  87.     }
    88. 

  88. EOF
    89. 

  89.     }
    90. 

  90.     elsif ($config{cgi}) {
    91. 

  91.         # Avoid more than one ikiwiki cgi running at a time by
    92. 

  92.         # taking a cgi lock. Since ikiwiki uses several MB of
    93. 

  93.         # memory, a pile up of processes could cause thrashing
    94. 

  94.         # otherwise. The fd of the lock is stored in
    95. 

  95.         # IKIWIKI_CGILOCK_FD so unlockwiki can close it.
    96. 

  96.         $pre_exec=<<"EOF";
    97. 

  97.     lockfd=open("$config{wikistatedir}/cgilock", O_CREAT | O_RDWR, 0666);
    98. 

  98.     if (lockfd != -1 && flock(lockfd, LOCK_EX) == 0) {
    99. 

  99.         char *fd_s=malloc(8);
    100. 

  100.         sprintf(fd_s, "%i", lockfd);
    101. 

  101.         setenv("IKIWIKI_CGILOCK_FD", fd_s, 1);
    102. 

  102.     }
    103. 

  103. EOF
    104. 

  104.     }
    105. 

  105. 

  106.     my $set_background_command='';
    107. 

  107.     if (defined $config{wrapper_background_command} &&
    108. 

  108.         length $config{wrapper_background_command}) {
    109. 

  109.             my $background_command=delete $config{wrapper_background_command};
    110. 

  110.         $set_background_command=~s/"/\\"/g;
    111. 

  111.         $set_background_command='#define BACKGROUND_COMMAND "'.$background_command.'"';
    112. 

  112.     }
    113. 

  113. 

  114.     $Data::Dumper::Indent=0; # no newlines
    115. 

  115.     my $configstring=Data::Dumper->Dump([\%config], ['*config']);
    116. 

  116.     $configstring=~s/\\/\\\\/g;
    117. 

  117.     $configstring=~s/"/\\"/g;
    118. 

  118.     $configstring=~s/\n/\\n/g;
    119. 

  119.     
    120. 

  120.     writefile(basename("$wrapper.c"), dirname($wrapper), <<"EOF");
    121. 

  121. /* A wrapper for ikiwiki, can be safely made suid. */
    122. 

  122. #include <stdio.h>
    123. 

  123. #include <sys/types.h>
    124. 

  124. #include <sys/stat.h>
    125. 

  125. #include <fcntl.h>
    126. 

  126. #include <unistd.h>
    127. 

  127. #include <stdlib.h>
    128. 

  128. #include <string.h>
    129. 

  129. #include <sys/file.h>
    130. 

    131. 

  131. extern char **environ;
    132. 

  132. char *newenviron[$#envsave+7];
    133. 

  133. int i=0;
    134. 

    135. 

  135. void addenv(char *var, char *val) {
    136. 

  136.     char *s=malloc(strlen(var)+1+strlen(val)+1);
    137. 

  137.     if (!s)
    138. 

  138.         perror("malloc");
    139. 

  139.     sprintf(s, "%s=%s", var, val);
    140. 

  140.     newenviron[i++]=s;
    141. 

  141. }
    142. 

    143. 

  143. int main (int argc, char **argv) {
    144. 

  144.     int lockfd=-1;
    145. 

  145.     char *s;
    146. 

    147. 

  147. $check_commit_hook
    148. 

  148. @wrapper_hooks
    149. 

  149. $envsave
    150. 

  150.     newenviron[i++]="HOME=$ENV{HOME}";
    151. 

  151.     newenviron[i++]="PATH=$ENV{PATH}";
    152. 

  152.     newenviron[i++]="WRAPPED_OPTIONS=$configstring";
    153. 

    154. 

  154. #ifdef __TINYC__
    155. 

  155.     /* old tcc versions do not support modifying environ directly */
    156. 

  156.     if (clearenv() != 0) {
    157. 

  157.         perror("clearenv");
    158. 

  158.         exit(1);
    159. 

  159.     }
    160. 

  160.     for (; i>0; i--)
    161. 

  161.         putenv(newenviron[i-1]);
    162. 

  162. #else
    163. 

  163.     newenviron[i]=NULL;
    164. 

  164.     environ=newenviron;
    165. 

  165. #endif
    166. 

    167. 

  167.     if (setregid(getegid(), -1) != 0 &&
    168. 

  168.         setregid(getegid(), -1) != 0) {
    169. 

  169.         perror("failed to drop real gid");
    170. 

  170.         exit(1);
    171. 

  171.     }
    172. 

  172.     if (setreuid(geteuid(), -1) != 0 &&
    173. 

  173.         setreuid(geteuid(), -1) != 0) {
    174. 

  174.         perror("failed to drop real uid");
    175. 

  175.         exit(1);
    176. 

  176.     }
    177. 

    178. 

  178. $pre_exec
    179. 

    180. 

  180. $set_background_command
    181. 

  181. #ifdef BACKGROUND_COMMAND
    182. 

  182.     if (lockfd != -1) {
    183. 

  183.         close(lockfd);
    184. 

  184.     }
    185. 

    186. 

  186.     pid_t pid=fork();
    187. 

  187.     if (pid == -1) {
    188. 

  188.         perror("fork");
    189. 

  189.         exit(1);
    190. 

  190.     }
    191. 

  191.     else if (pid == 0) {
    192. 

  192.         execl("$this", "$this", NULL);
    193. 

  193.         perror("exec $this");
    194. 

  194.         exit(1);        
    195. 

  195.     }
    196. 

  196.     else {
    197. 

  197.         waitpid(pid, NULL, 0);
    198. 

    199. 

  199.         if (daemon(1, 0) == 0) {
    200. 

  200.             system(BACKGROUND_COMMAND);
    201. 

  201.             exit(0);
    202. 

  202.         }
    203. 

  203.         else {
    204. 

  204.             perror("daemon");
    205. 

  205.             exit(1);
    206. 

  206.         }
    207. 

  207.     }
    208. 

  208. #else
    209. 

  209.     execl("$this", "$this", NULL);
    210. 

  210.     perror("exec $this");
    211. 

  211.     exit(1);
    212. 

  212. #endif
    213. 

  213. }
    214. 

  214. EOF
    215. 

  215. 

  216.     my @cc=exists $ENV{CC} ? possibly_foolish_untaint($ENV{CC}) : 'cc';
    217. 

  217.     push @cc, possibly_foolish_untaint($ENV{CFLAGS}) if exists $ENV{CFLAGS};
    218. 

  218.     if (system(@cc, "$wrapper.c", "-o", "$wrapper.new") != 0) {
    219. 

  219.         #translators: The parameter is a C filename.
    220. 

  220.         error(sprintf(gettext("failed to compile %s"), "$wrapper.c"));
    221. 

  221.     }
    222. 

  222.     unlink("$wrapper.c");
    223. 

  223.     if (defined $config{wrappergroup}) {
    224. 

  224.         my $gid=(getgrnam($config{wrappergroup}))[2];
    225. 

  225.         if (! defined $gid) {
    226. 

  226.             error(sprintf("bad wrappergroup"));
    227. 

  227.         }
    228. 

  228.         if (! chown(-1, $gid, "$wrapper.new")) {
    229. 

  229.             error("chown $wrapper.new: $!");
    230. 

  230.         }
    231. 

  231.     }
    232. 

  232.     if (defined $config{wrappermode} &&
    233. 

  233.         ! chmod(oct($config{wrappermode}), "$wrapper.new")) {
    234. 

  234.         error("chmod $wrapper.new: $!");
    235. 

  235.     }
    236. 

  236.     if (! rename("$wrapper.new", $wrapper)) {
    237. 

  237.         error("rename $wrapper.new $wrapper: $!");
    238. 

  238.     }
    239. 

  239.     #translators: The parameter is a filename.
    240. 

  240.     debug(sprintf(gettext("successfully generated %s"), $wrapper));
    241. 

  241. }
    242. 

  242. 

  243. 1
    244.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-16 16:57:08 +0000