Commits

Wolfgang Scherer committed 49ea552

Functions test_readable/cat-file using sudo to allow home directories with permission 700.

Comments (0)

Files changed (5)

 $vacation_msg_file = sprintf('%s/%s', $home, $VACATION_MSG_FILE);
 $vacation_db_file = sprintf('%s/%s', $home, $VACATION_DB_FILE);
 $forward_file = sprintf('%s/%s', $home, $FORWARD_FILE);
-$forward_active = file_exists($forward_file);
+$forward_active = test_readable($forward_file, $user);
 $forward_settings = Array(
     '\\'.$user, '', sprintf($VACATION_FORWARD_ENTRY, $user));
 if ($forward_active)
 {
-    $forward_settings = file_get_contents($forward_file);
+    $forward_settings = cat_file($forward_file, $user);
     $lines = explode("\n", $forward_settings);
     $forward_settings = preg_split('/, */', $lines[0]);
     if (count($forward_settings) < 3) {
 
 $vacation_setup_raw = isset($_REQUEST["raw"]);
 $vacation_clear = isset($_REQUEST['clear']);
-if ($vacation_clear || !file_exists($vacation_msg_file)) {
+if ($vacation_clear || !test_readable($vacation_msg_file, $user)) {
     // Reset to default
     $vacation_msg = get_text('vacation');
     $vacation_parts = vacation_split($vacation_msg, False);
     $vacation_msg = vacation_join($vacation_subject, $vacation_body);
     $vacation_setup_raw = False;
 } else {
-    $vacation_msg = file_get_contents($vacation_msg_file);
+    $vacation_msg = cat_file($vacation_msg_file, $user);
 }
 
 $message_parts = message_split($vacation_msg);
         pclose($vacation_msg_pipe);
 
         // Initialize vacation(1) if necessary.
-        if (!file_exists($vacation_db_file)) {
+        if (!test_readable($vacation_db_file, $user)) {
             system(sprintf(
                        '%s -u %s %s %s -i',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD));
             pclose($forward_file_pipe);
         } else {
             system(sprintf(
-                       '%s -u %s %s /bin/rm -f %s',
-                       $SUDO_CMD, $user, $SUDO_OPT_H, $forward_file));
+                       '%s -u %s %s %s %s',
+                       $SUDO_CMD, $user, $SUDO_OPT_H, $RM_CMD, $forward_file));
         }
         break;
     }
 $USER_ID_MAX = 60000;
 $SUDO_CMD = '/usr/bin/sudo';
 $SUDO_OPT_H = ' -H';
+
+$TEST_CMD = dirname(__FILE__) . '/test_readable.sh';
+$RM_CMD = '/bin/rm -f';
+$CAT_CMD = '/bin/cat';
 $WRITE_TO_CMD = dirname(__FILE__) . '/write_to.sh';
 
 $FORMAIL_CMD = '/usr/bin/formail';

lib/test_readable.sh

+#!/bin/sh
+
+# test_readable.sh - check whether file exists and is readable
+
+# usage: test_readable.sh file
+
+# Copyright (C) 2013, Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
+# Sponsored by WIEDENMANN SEILE GMBH, http://www.wiedenmannseile.de
+#
+# This file is part of Wiedenmann Vacation.
+#
+:  # script help
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>,
+# or write to Wolfgang Scherer, <Wolfgang.Scherer at gmx.de>
+
+# (progn (forward-line 1) (snip-insert "gen_hd-configuration" t t "sh") (insert ""))
+## (progn (forward-line 1) (snip-insert "sh_b.prog-path" t t "sh") (insert ""))
+## (progn (forward-line 1) (snip-insert "sh_b.config.sh" t t "sh") (insert ""))
+
+# --------------------------------------------------
+# |||:sec:||| FUNCTIONS
+# --------------------------------------------------
+
+usage ()
+{
+    script_help="script-help"
+    ( "${script_help}" ${1+"$@"} "${0}" ) 2>/dev/null \
+    || ${SED__PROG-sed} -n '3,/^[^#]/{;/^[^#]/d;p;}' "${0}";
+}
+
+## (progn (forward-line 1) (snip-insert "sh_f.hl" t t "sh") (insert ""))
+## (progn (forward-line 1) (snip-insert "sh_f.vexec" t t "sh") (insert ""))
+## (progn (forward-line 1) (snip-insert "sh_wsrfid.f.config_dump" t t "sh") (insert ""))
+## (progn (forward-line 1) (snip-insert "sh.scr.sed" t t "sh") (insert "\n"))
+## (progn (forward-line 1) (snip-insert "sh.scr.awk" t t "sh") (insert "\n"))
+## (progn (forward-line 1) (snip-insert "sh.scr.perl" t t "sh") (insert "\n"))
+## (progn (forward-line 1) (snip-insert "sh.scr.python" t t "sh") (insert "\n"))
+
+# (progn (forward-line 1) (snip-insert "sh_b.opt-loop" t t "sh") (insert "\n"))
+test x"${1+set}" = xset && \
+case "${1}" in
+-\?|-h|--help) usage; exit 0;;
+--docu) usage --full; exit 0;;
+esac
+
+# --------------------------------------------------
+# |||:sec:||| MAIN
+# --------------------------------------------------
+
+# |:here:|
+
+## (progn (forward-line 1) (snip-insert-mode "sh.b.wrf.loop" t t) (insert "\n"))
+
+if test -r "${1}"
+then
+    printf "yes\n"
+else
+    printf "no\n"
+fi
+
+exit # |||:here:|||
+
+#
+# :ide-menu: Emacs IDE Main Menu - Buffer @BUFFER@
+# . M-x `eIDE-menu' (eIDE-menu "z")
+
+# :ide: OCCUR-OUTLINE: Sections: `||: sec :||'
+# . (x-symbol-tag-occur-outline "sec" '("||:" ":||") '("|:" ":|"))
+
+# :ide: MENU-OUTLINE:  Sections `||: sec :||'
+# . (x-eIDE-menu-outline "sec" '("||:" ":||") '("|:" ":|"))
+
+# :ide: +-#+
+# . Buffer Outline Sections ()
+
+# :ide: SHELL: Run with --docu
+# . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " --docu")))
+
+# :ide: SHELL: Run with --help
+# . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " --help")))
+
+# :ide: SHELL: Run w/o args
+# . (progn (save-buffer) (shell-command (concat "sh " (file-name-nondirectory (buffer-file-name)) " ")))
+
+#
+# Local Variables:
+# mode: sh
+# comment-start: "#"
+# comment-start-skip: "#+"
+# comment-column: 0
+# End:
+# mmm-classes: (here-doc ide-entries)
 require_once(dirname(__FILE__) . '/../lib/language.php');
 
 // --------------------------------------------------
+// |||:sec:||| Files
+// --------------------------------------------------
+
+function test_readable($file, $user)
+{
+    global $SUDO_CMD, $SUDO_OPT_H, $TEST_CMD;
+
+    $test_cmd = sprintf(
+        "%s -u %s %s %s '%s'",
+        $SUDO_CMD, $user, $SUDO_OPT_H, $TEST_CMD, $file);
+    $test_ausgabe = popen ($test_cmd, 'r');
+    $result = stream_get_contents($test_ausgabe);
+    pclose($test_ausgabe);
+    return (trim($result) == 'yes');
+}
+
+function cat_file($file, $user)
+{
+    global $SUDO_CMD, $SUDO_OPT_H, $CAT_CMD;
+
+    $cat_cmd = sprintf(
+        "%s -u %s %s %s '%s'",
+        $SUDO_CMD, $user, $SUDO_OPT_H, $CAT_CMD, $file);
+    $cat_ausgabe = popen ($cat_cmd, 'r');
+    $result = stream_get_contents($cat_ausgabe);
+    pclose($cat_ausgabe);
+    return $result;
+}
+
+// --------------------------------------------------
 // |||:sec:||| Benutzer
 // --------------------------------------------------
 

lib/ws-vacation-sudo.in

 Runas_Alias NOTROOT = ALL,!root
 Cmnd_Alias VACATION=/usr/bin/vacation *
 Cmnd_Alias RM_FORWARD=/bin/rm -f /home/*/.forward
-Cmnd_Alias CAT_FORWARD=@base_dir@/lib/write_to.sh /home/*/.forward
-Cmnd_Alias CAT_VACATION_MSG=@base_dir@/lib/write_to.sh /home/*/.vacation.msg
-WWWRUN ALL=(NOTROOT) NOPASSWD: VACATION 
+Cmnd_Alias TEST_FORWARD=@base_dir@/lib/test_readable.sh /home/*/.forward
+Cmnd_Alias TEST_VACATION_MSG=@base_dir@/lib/test_readable.sh /home/*/.vacation.msg
+Cmnd_Alias TEST_VACATION_DB=@base_dir@/lib/test_readable.sh /home/*/.vacation.db
+Cmnd_Alias GET_FORWARD=/bin/cat /home/*/.forward
+Cmnd_Alias GET_VACATION_MSG=/bin/cat /home/*/.vacation.msg
+Cmnd_Alias PUT_FORWARD=@base_dir@/lib/write_to.sh /home/*/.forward
+Cmnd_Alias PUT_VACATION_MSG=@base_dir@/lib/write_to.sh /home/*/.vacation.msg
+WWWRUN ALL=(NOTROOT) NOPASSWD: VACATION
 WWWRUN ALL=(NOTROOT) NOPASSWD: RM_FORWARD
-WWWRUN ALL=(NOTROOT) NOPASSWD: CAT_FORWARD
-WWWRUN ALL=(NOTROOT) NOPASSWD: CAT_VACATION_MSG
+WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_FORWARD
+WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_MSG
+WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_DB
+WWWRUN ALL=(NOTROOT) NOPASSWD: GET_FORWARD
+WWWRUN ALL=(NOTROOT) NOPASSWD: GET_VACATION_MSG
+WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_FORWARD
+WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_VACATION_MSG
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.