1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/usr/bin/env python
# Using a Python script to run sudo to run a Python script is a bit
# silly, but it lets us use rpki.autoconf to locate sudo, lets us
# avoid needing a custom setuid wrapper, lets us avoid another pass
# through the adventures of shell quoting and tokenization, and
# generally is just a lot simpler to implement correctly.
#
# OK, it's probably a few milliseconds slower. Big deal.
if __name__ == "__main__":
import os
import pwd
import sys
import rpki.autoconf
argv = [sys.executable, os.path.abspath(sys.argv[0])]
argv.extend(sys.argv[1:])
already_ran_sudo = os.getenv("SUDO_COMMAND") == " ".join(argv)
euid = os.geteuid()
try:
puid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
except KeyError:
puid = None
print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)
if puid is not None and already_ran_sudo:
try:
os.setgid( int(os.environ["SUDO_GID"]))
os.setreuid(int(os.environ["SUDO_UID"]), puid)
except OSError as e:
sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))
if already_ran_sudo or puid in (None, euid):
import rpki.rpkic
rpki.rpkic.main()
else:
try:
argv.insert(0, rpki.autoconf.SUDO)
os.execv(argv[0], argv)
sys.exit("rpkic startup failure, no exception so don't know why, sorry")
except Exception as e:
sys.exit("Couldn't exec sudo python rpkic: {!s}".format(e))
|
