console_setup.proxy.in 4.37 KB
Newer Older
1
#!/usr/bin/perl -wT
Leigh Stoller's avatar
Leigh Stoller committed
2 3 4

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2002, 2004 University of Utah and the Flux Group.
Leigh Stoller's avatar
Leigh Stoller committed
6 7 8
# All rights reserved.
#

9 10 11
use English;

#
12 13 14 15 16 17 18
# usage: console_setup.proxy tipname group tipname group ...
#
# This script runs on the tip servers, which is where the capture processes
# are running. Since the tip servers do not have direct access to the DB
# this invoked from the boss node. For each tip device, specify the group
# the associated files should be in. This script will send the proper signal
# to the capture process, and then reset the files to the proper group.
19 20 21 22 23
#
#
my $TIPLOGDIR   = "/var/log/tiplogs";
my $TIPDEVDIR   = "/dev/tip";
my $dbg		= 1;
24
my %tipgroup    = ();
25
my $failures    = 0;
26 27 28 29 30 31

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

sub usage {
32
    die("Usage: console_setup.proxy tipname group [tipname group ...]\n");
33 34 35 36 37 38 39 40 41 42 43
}

if ( $#ARGV < 1) {
    usage();
}

while ($#ARGV >= 0) {
    if ($#ARGV < 1) {
	usage();
    }
    
44 45
    $name = shift;
    $grp  = shift;
46 47

    # untaint the args.
48 49
    if ($name =~ /^([-\@\w.]+)$/) {
	$name = $1;
50
    }
51 52
    if ($grp =~ /^([-\@\w.]+)$/) {
	$grp = $1;
53 54
    }
    
55
    $tipgroup{$name} = $grp;
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
}

#
# This script must be run as root, typically from paper.
#
if ($UID != 0) {
    die("Must be run as root.");
}

if (! chdir($TIPLOGDIR)) {
    die("Could not chdir to $TIPLOGDIR: $!\n");
}

#
# Well, do it.
# 
72 73 74 75 76
foreach my $tipname ( keys %tipgroup ) {
    my $grp        = $tipgroup{$tipname};
    my $filename   = "${tipname}.run";
    my $tipdevname = "$TIPDEVDIR/$tipname";
    my $aclname    = "${tipname}.acl";
77 78 79 80 81

    #
    # Find out the current group setting for the file. 
    #
    if (! -e $filename) {
82
	print STDERR
83
	    "*** Console log for $tipname does not exist! Skipping ...\n";
84 85
	$failures++;
	next;
86 87 88 89 90 91 92 93 94
    }
    # This is silly! Is there a better way to do this?
    (undef,undef,undef,undef,undef,$gid) = stat($filename);

    #
    # If the file is already in the correct group skip it since there no point
    # in rolling the file. Inconvenient for the user to have the log keep
    # rolling.
    #
95
    if (getgrgid($gid) eq $grp) {
96
	goto setperms;
97 98 99 100 101 102
    }

    unlink($filename) or
	die("Could not unlink run file $filename");

    #
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
    # Unlink this so current user gets old version not new one. 
    # 
    if (-e $aclname) {
	unlink($aclname) or
	    die("Could not unlink run file $aclname");
    }

    #
    # Remove group access from the tty device.  This renders the device
    # inaccessible to both old and new users while we revoke access from
    # any current tip user.
    #
    if (-e $tipdevname) {
	chmod(0600, $tipdevname) or
	    die("Could not chmod(0600) $tipdevname: $!");
    }

    #
    # Now send a USR2 signal to the capture process. This will shutdown
    # any attached tip, and reopen the run file.
123
    #
124
    $procid = `cat ${tipname}.pid`;
125 126
    die("Error obtaining pid for $tipname\n")
	if ($?);
127 128 129 130 131
    $procid =~ s/\n//;
    # untaint
    if ($procid =~ /^([-\@\w.]+)$/) {
	$procid = $1;
    }
132 133
    kill('USR2', $procid) or
	die("Could not signal(USR2) process $procid for log $filename");
134
    # Give capture the chance to react.
135
    # Don't use sleep cause 1 second too long wait when doing 25 devices!
136
    select(undef, undef, undef, 0.2);
137 138 139 140 141 142 143 144 145 146 147 148 149

    #
    # If the file does not exist, touch it. We have this problem with
    # capture getting blocked.
    #
    if (! -e $filename) {
	system("touch $filename");
    }
    
    #
    # The new log should exist now. Set its group, and just to be safe
    # set its mode too. 
    #
150
    $gid = getgrnam($grp);
151 152 153 154 155 156
    chown(0, $gid, $filename) or
	die("Could not chown(0, $gid) $filename: $!");
    chmod(0640, $filename) or
	die("Could not chmod(0640) $filename: $!");

    #
157 158 159
    # Set the mode and group on the tty that tip is going to use. This
    # allows the new group to access the tip line using a non-setuid/gid
    # program.
160
    #
161
  setperms:
162 163 164 165 166 167
    if (-e $tipdevname) {
	chown(0, $gid, $tipdevname) or
	    die("Could not chown(0, $gid) $tipdevname: $!");
	chmod(0660, $tipdevname) or
	    die("Could not chmod(0660) $tipdevname: $!");
    }
168 169 170 171 172 173 174

    #
    # Ditto for "acl" file, which new tip needs access to.
    # 
    if (-e $aclname) {
	chown(0, $gid, $aclname) or
	    die("Could not chown(0, $gid) $aclname: $!");
Leigh Stoller's avatar
Leigh Stoller committed
175
	chmod(0640, $aclname) or
176 177
	    die("Could not chmod(0660) $aclname: $!");
    }
178 179
}

180
# Don't worry about failures. Non-fatal.
181
exit 0;