cryptonas/plugins/encrypted_webinterface/root_action.py
lars 7dd792afbb fixed the last unittest failures
encrypted_webinterface: clean up the environment setting before running 'stunnel'
2007-02-03 19:44:12 +00:00

88 lines
2.4 KiB
Python
Executable file

#!/usr/bin/env python
#
# Copyright 2007 sense.lab e.V.
#
# This file is part of the CryptoBox.
#
# The CryptoBox is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# The CryptoBox is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with the CryptoBox; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
__revision__ = "$Id"
## necessary: otherwise CryptoBoxRootActions.py will refuse to execute this script
PLUGIN_TYPE = "cryptobox"
STUNNEL_BIN = "/usr/bin/stunnel"
import sys
import os
def _get_username(uid):
import pwd
try:
user_entry = pwd.getpwuid(uid)
except KeyError:
return False
return user_entry[0]
def run_stunnel(cert_file, src_port, dst_port, pid_file):
import subprocess
if not src_port.isdigit():
sys.stderr.write("Source port is not a number: %s" % src_port)
return False
if not dst_port.isdigit():
sys.stderr.write("Destination port is not a number: %s" % dst_port)
return False
if not os.path.isfile(cert_file):
sys.stderr.write("The certificate file (%s) does not exist!" % cert_file)
return False
username = _get_username(os.getuid())
if not username:
sys.stderr.write("Could not retrieve the username with uid=%d." % os.getuid())
return False
## the environment (especially PATH) should be clean, as 'stunnel' cares about
## this in a setuid situation
proc = subprocess.Popen(
shell = False,
env = {},
args = [ STUNNEL_BIN,
"-P", pid_file,
"-p", cert_file,
"-d", dst_port,
"-r", src_port,
"-s", username ])
proc.wait()
return proc.returncode == 0
if __name__ == "__main__":
args = sys.argv[1:]
self_bin = sys.argv[0]
if len(args) != 4:
sys.stderr.write("%s: invalid number of arguments (%d instead of %d))\n" % \
(self_bin, len(args), 4))
sys.exit(1)
if not run_stunnel(args[0], args[1], args[2], args[3]):
sys.stderr.write("%s: failed to run 'stunnel'!" % self_bin)
sys.exit(100)
sys.exit(0)