CryptoBoxRootActions
* improve structure * allow to distinguish betweeen "execution return failure" and "program does not exist"
This commit is contained in:
parent
0eccca7d22
commit
ecf056709e
|
@ -35,6 +35,14 @@ Syntax:
|
||||||
plugin PLUGIN_NAME [ARGS]
|
plugin PLUGIN_NAME [ARGS]
|
||||||
- call a root_action script of a plugin
|
- call a root_action script of a plugin
|
||||||
|
|
||||||
|
|
||||||
|
Exitcodes:
|
||||||
|
0 - execution was ok
|
||||||
|
1 - the executed program or action returned a failure exitcode
|
||||||
|
100 - improper calling or misconfiguration
|
||||||
|
of CryptoBoxRootAction (wrong arguments, wrong uid)
|
||||||
|
101 - failed to execute the given program - maybe it does not exist?
|
||||||
|
|
||||||
For more detailed information take a look at the manpage:
|
For more detailed information take a look at the manpage:
|
||||||
"man CryptoBoxRootActions"
|
"man CryptoBoxRootActions"
|
||||||
"""
|
"""
|
||||||
|
@ -456,13 +464,13 @@ def getUserInfo(user):
|
||||||
# prevent import
|
# prevent import
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
||||||
# do we have root privileges (effective uid is zero)?
|
## do we have root privileges (effective uid is zero)?
|
||||||
if os.geteuid() != 0:
|
if os.geteuid() != 0:
|
||||||
sys.stderr.write("the effective uid is not zero - you should use " \
|
sys.stderr.write("the effective uid is not zero - you should use " \
|
||||||
+ "'super' to call this script (%s)" % sys.argv[0])
|
+ "'super' to call this script (%s)" % sys.argv[0])
|
||||||
sys.exit(100)
|
sys.exit(100)
|
||||||
|
|
||||||
# remove program name
|
## remove program name
|
||||||
args = sys.argv[1:]
|
args = sys.argv[1:]
|
||||||
|
|
||||||
# do not allow to use root permissions (real uid may not be zero)
|
# do not allow to use root permissions (real uid may not be zero)
|
||||||
|
@ -470,23 +478,29 @@ if __name__ == "__main__":
|
||||||
# sys.stderr.write("the uid of the caller is zero (root) - this is not allowed\n")
|
# sys.stderr.write("the uid of the caller is zero (root) - this is not allowed\n")
|
||||||
# sys.exit(100)
|
# sys.exit(100)
|
||||||
|
|
||||||
# check if there were arguments
|
## check if there were arguments
|
||||||
if (len(args) == 0):
|
if (len(args) == 0):
|
||||||
sys.stderr.write("No arguments supplied\n")
|
sys.stderr.write("No arguments supplied\n")
|
||||||
sys.exit(100)
|
sys.exit(100)
|
||||||
|
|
||||||
# did the user call the "check" action?
|
## did the user call the "check" action?
|
||||||
if (len(args) == 1) and (args[0].lower() == "check"):
|
if (len(args) == 1) and (args[0].lower() == "check"):
|
||||||
# exit silently
|
# exit silently
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
|
## all of the following actions require at least two arguments
|
||||||
|
if len(args) < 2:
|
||||||
|
sys.stderr.write("No program/plugin/event specified for execution\n")
|
||||||
|
sys.exit(100)
|
||||||
|
|
||||||
## call a plugin root_action script
|
## call a plugin root_action script
|
||||||
if args[0].lower() == "plugin":
|
if args[0].lower() == "plugin":
|
||||||
del args[0]
|
del args[0]
|
||||||
try:
|
try:
|
||||||
isOK = call_plugin(args)
|
isOK = call_plugin(args)
|
||||||
except Exception, errMsg:
|
except Exception, errMsg:
|
||||||
sys.stderr.write("Execution of plugin failed: %s\n" % errMsg)
|
sys.stderr.write("Execution of plugin '%s' failed: %s\n" \
|
||||||
|
% (args[0], errMsg))
|
||||||
sys.exit(100)
|
sys.exit(100)
|
||||||
if isOK:
|
if isOK:
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
@ -499,7 +513,8 @@ if __name__ == "__main__":
|
||||||
try:
|
try:
|
||||||
isOK = call_event(args)
|
isOK = call_event(args)
|
||||||
except Exception, errMsg:
|
except Exception, errMsg:
|
||||||
sys.stderr.write("Execution of event script failed: %s\n" % errMsg)
|
sys.stderr.write("Execution of event '%s' failed: %s\n" \
|
||||||
|
% (args[0], errMsg))
|
||||||
sys.exit(100)
|
sys.exit(100)
|
||||||
if isOK:
|
if isOK:
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
@ -510,9 +525,6 @@ if __name__ == "__main__":
|
||||||
if args[0].lower() == "program":
|
if args[0].lower() == "program":
|
||||||
del args[0]
|
del args[0]
|
||||||
|
|
||||||
if len(args) < 1:
|
|
||||||
sys.stderr.write("No program specified for execution\n")
|
|
||||||
sys.exit(100)
|
|
||||||
progRequest = args[0]
|
progRequest = args[0]
|
||||||
del args[0]
|
del args[0]
|
||||||
|
|
||||||
|
@ -533,7 +545,9 @@ if __name__ == "__main__":
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
else:
|
else:
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
except "WrongArguments", errstr:
|
except OSErrror, errstr:
|
||||||
sys.stderr.write("Execution failed: %s\n" % errstr)
|
sys.stderr.write("Execution failed: %s\n" % errstr)
|
||||||
|
sys.exit(101)
|
||||||
|
except "WrongArguments", errstr:
|
||||||
|
sys.stderr.write("Invalid arguments: %s\n" % errstr)
|
||||||
sys.exit(100)
|
sys.exit(100)
|
||||||
|
|
||||||
|
|
|
@ -82,6 +82,16 @@ The directory of the script must also contain a file called
|
||||||
Very few selected programs may be called via CryptoBoxRootActions. Examples
|
Very few selected programs may be called via CryptoBoxRootActions. Examples
|
||||||
are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of
|
are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of
|
||||||
CryptoBoxRootActions for details.
|
CryptoBoxRootActions for details.
|
||||||
|
.SH EXIT CODES
|
||||||
|
The program can return the following exit codes:
|
||||||
|
.TP
|
||||||
|
\fI0\fR - the action finished successfully
|
||||||
|
.TP
|
||||||
|
\fI1\fR - the executed action returned a failure code (exit code > 0)
|
||||||
|
.TP
|
||||||
|
\fI100\fR - improper calling or misconfiguration (wrong arguments, wrong uid, ...)
|
||||||
|
.TP
|
||||||
|
\fI101\fR - failed to execute the given program (maybe it does not exist?)
|
||||||
.SH AUTHOR
|
.SH AUTHOR
|
||||||
Written by Lars Kruse
|
Written by Lars Kruse
|
||||||
.SH REPORTING BUGS
|
.SH REPORTING BUGS
|
||||||
|
|
Loading…
Reference in a new issue