1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# $Id$
#
# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
"""
Cron job for rcynic and rtr-origin in stock configuration.
Locking code here works like FreeBSD's lockf(1) utility given -k and
-t 0 options, which is both the sanest and simplest combination for
our purposes. In theory this is portable to any Unix-like system.
"""
import os
import sys
import pwd
import fcntl
import errno
import getopt
def usage(result):
f = sys.stderr if result else sys.stdout
f.write("Usage: %s [--chroot] [--help]\n" % sys.argv[0])
sys.exit(result)
def run(*cmd, **kwargs):
chroot_this = kwargs.pop("chroot_this", False)
cwd = kwargs.pop("cwd", None)
pid = os.fork()
if pid == 0:
if chroot_this:
os.chdir(ac_rcynic_dir)
elif cwd is not None:
os.chdir(cwd)
if we_are_root:
os.initgroups(pw.pw_name, pw.pw_gid)
if chroot_this:
os.chroot(ac_rcynic_dir)
if we_are_root:
os.setgid(pw.pw_gid)
os.setuid(pw.pw_uid)
os.closerange(3, os.sysconf("SC_OPEN_MAX"))
os.execvp(cmd[0], cmd)
os._exit(1)
else:
status = os.waitpid(pid, 0)[1]
if status == 0:
return
elif os.WIFSIGNALED(status):
sys.exit("Process %s exited with signal %s" % (" ".join(cmd), os.WTERMSIG(status)))
elif os.WIFEXITED(status):
sys.exit("Program %s exited with status %s" % (" ".join(cmd), os.WEXITSTATUS(status)))
else:
sys.exit("Program %s exited for unknown reason %s" % (" ".join(cmd), status))
want_chroot = False
opts, argv = getopt.getopt(sys.argv[1:], "h?", ["chroot", "help"])
for o, a in opts:
if o in ("-?", "-h", "--help"):
usage(0)
elif o =="--chroot":
want_chroot = True
if argv:
usage("Unexpected arguments: %r" % (argv,))
we_are_root = os.getuid() == 0
if want_chroot and not we_are_root:
usage("Only root can --chroot")
try:
pw = pwd.getpwnam(ac_rcynic_user)
except KeyError:
sys.exit("Could not find passwd entry for user %s" % ac_rcynic_user)
try:
lock = os.open(os.path.join(ac_rcynic_dir, "data/lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666)
fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB)
if we_are_root:
os.fchown(lock, pw.pw_uid, pw.pw_gid)
except (IOError, OSError), e:
if e.errno == errno.EAGAIN:
sys.exit(0) # Another instance of this script is already running, exit silently
else:
sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(ac_rcynic_dir, "data/lock")))
if want_chroot:
run("/bin/rcynic", "-c", "/etc/rcynic.conf", chroot_this = True)
else:
run(os.path.join(ac_bindir, "rcynic"), "-c", os.path.join(ac_sysconfdir, "rcynic.conf"))
run(os.path.join(ac_bindir, "rtr-origin"),
"--cronjob",
os.path.join(ac_rcynic_dir, "data/authenticated"),
cwd = os.path.join(ac_rcynic_dir, "rpki-rtr"))
prog = os.path.join(ac_libexecdir, "rpkigui-rcynic")
if os.path.exists(prog):
run(prog)
if ac_rcynic_html_dir and os.path.exists(os.path.dirname(ac_rcynic_html_dir)):
run(os.path.join(ac_bindir, "rcynic-html"),
os.path.join(ac_rcynic_dir, "data/rcynic.xml"),
ac_rcynic_html_dir)
|
