event script directory check implemented

fix logging in CryptoBoxWebserver (introducing another problem)

bin/CryptoBoxRootActions

@@ -28,6 +28,7 @@ allowedProgs = {
 
 
 DEV_TYPES = { "pipe":1, "char":2, "dir":4, "block":6, "file":8, "link":10, "socket":12}
+EVENT_MARKER = '_event_marker_'
 
 
 def checkIfFileIsSafe(fname):
@@ -62,6 +63,14 @@ def	checkIfPluginIsValid(plugin):
 		return False
 
 
+def	checkIfEventScriptIsValid(plugin):
+	event_dir = os.path.dirname(plugin)
+	if os.path.exists(os.path.join(event_dir,EVENT_MARKER)):
+		return True
+	else:
+		return False
+
+
 def call_plugin(args):
 	"""check if the plugin may be called - and do it finally ..."""
 	plugin = os.path.abspath(args[0])
@@ -83,17 +92,20 @@ def call_plugin(args):
 	return proc.returncode == 0
 
 
-def call_hook(args):
-	"""check if the hook script may be called - and do it finally ..."""
-	hook = os.path.abspath(args[0])
+def call_event(args):
+	"""check if the event script may be called - and do it finally ..."""
+	event = os.path.abspath(args[0])
 	del args[0]
 	## check existence and if it is executable
-	if not os.access(hook, os.X_OK):
-		raise Exception, "could not find executable hook script (%s)" % hook
-	## check if the hook (and its parents) are only writeable for root
-	if not checkIfFileIsSafe(hook):
-		raise Exception, "the hook (%s) is not safe - check its (and its parents') permissions" % hook
-	args.insert(0,hook)
+	if not os.access(event, os.X_OK):
+		raise Exception, "could not find executable event script (%s)" % event
+	## check if the script is valid (the marker file must be in the same directory)
+	if not checkIfEventScriptIsValid(plugin):
+		raise Exception, "the event script (%s) does not reside in a directory with the marker file (%s) - this is not allowed due to abuse prevention" % (plugin,EVENT_MARKER)
+	## check if the event (and its parents) are only writeable for root
+	if not checkIfFileIsSafe(event):
+		raise Exception, "the event (%s) is not safe - check its (and its parents') permissions" % event
+	args.insert(0,event)
 	proc = subprocess.Popen(
 		shell = False,
 		args = args)
@@ -374,12 +386,12 @@ if __name__ == "__main__":
 		else:
 			sys.exit(1)
 
-	if args[0].lower() == "hook":
+	if args[0].lower() == "event":
 		del args[0]
 		try:
-			isOK = call_hook(args)
+			isOK = call_event(args)
 		except Exception, errMsg:
-			sys.stderr.write("Execution of hook script failed: %s\n" % errMsg)
+			sys.stderr.write("Execution of event script failed: %s\n" % errMsg)
 			sys.exit(100)
 		if isOK:
 			sys.exit(0)

bin/CryptoBoxWebserver

@@ -1,4 +1,4 @@
-#!/usr/bin/python2.4
+#!/usr/bin/env python2.4
 #
 # The daemon script to run the CryptoBox webserver.
 #
@@ -158,14 +158,16 @@ def parseOptions():
 if __name__ == "__main__":
 	## process arguments
 	options = parseOptions()
-	## initialize the webserver class (before forking to get some error messages)
-	cbw = CryptoBoxWebserver(options)
 	## run the webserver as a daemon process
 	if options.background: fork_to_background()
-	## write pid file
-	write_pid_file(options.pidfile)
 	## close open files to allow background execution
 	if options.background: close_open_files()
+	## write pid file
+	write_pid_file(options.pidfile)
+	## TODO: if we close the open files _after_ initialization, then we also close
+	## the log out - we have to figure something out here ...
+	## initialize the webserver class (before forking to get some error messages)
+	cbw = CryptoBoxWebserver(options)
 	## start the webserver
 	try:
 		cbw.start()