1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/usr/bin/env python
# Copyright (C) 2015-2016 Parsons Government Services ("PARSONS")
# Portions copyright (C) 2013-2014 Dragon Research Labs ("DRL")
# Portions copyright (C) 2009-2012 Internet Systems Consortium ("ISC")
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notices and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND PARSONS, DRL, AND ISC DISCLAIM
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# PARSONS, DRL, OR ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# Using a Python script to run sudo to run a Python script is a bit
# silly, but it lets us use rpki.autoconf to locate sudo, lets us
# avoid needing a custom setuid wrapper, lets us avoid another pass
# through the adventures of shell quoting and tokenization, and
# generally is just a lot simpler to implement correctly.
#
# OK, it's probably a few milliseconds slower. Big deal.
if __name__ == "__main__":
import os
import pwd
import sys
import rpki.autoconf
argv = [sys.executable, os.path.abspath(sys.argv[0])]
argv.extend(sys.argv[1:])
already_ran_sudo = os.getenv("SUDO_COMMAND") == " ".join(argv)
euid = os.geteuid()
try:
puid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
except KeyError:
puid = None
print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)
if puid is not None and already_ran_sudo:
try:
os.setgid( int(os.environ["SUDO_GID"]))
os.setreuid(int(os.environ["SUDO_UID"]), puid)
except OSError as e:
sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))
if already_ran_sudo or puid in (None, euid):
import rpki.rpkic
rpki.rpkic.main()
else:
try:
argv.insert(0, rpki.autoconf.SUDO)
os.execv(argv[0], argv)
sys.exit("rpkic startup failure, no exception so don't know why, sorry")
except Exception as e:
sys.exit("Couldn't exec sudo python rpkic: {!s}".format(e))
|
