X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=scripts%2Ftask_server.pl;h=9bf2cb38461005e1320dce03183ed9611963c71d;hb=f110df03e304dd4722574a23b823a88fc4fa37d8;hp=2519f2d816a1be05c4cd2761b2cac99cbe66c0ff;hpb=149d2f33643bdc63bfd5577b36042dba43378adb;p=kivitendo-erp.git

diff --git a/scripts/task_server.pl b/scripts/task_server.pl
index 2519f2d81..9bf2cb384 100755
--- a/scripts/task_server.pl
+++ b/scripts/task_server.pl
@@ -3,50 +3,46 @@
 use strict;
 
 BEGIN {
+  require Cwd;
+
+  my $dir =  $0;
+  $dir    =  Cwd::getcwd() . '/' . $dir unless $dir =~ m|^/|;
+  $dir    =~ s|[^/]+$|..|;
+
+  chdir($dir) || die "Cannot change directory to ${dir}\n";
+
   unshift @INC, "modules/override"; # Use our own versions of various modules (e.g. YAML).
   push    @INC, "modules/fallback"; # Only use our own versions of modules if there's no system version.
 }
 
 use CGI qw( -no_xhtml);
-use Config::Std;
 use Cwd;
 use Daemon::Generic;
 use Data::Dumper;
 use DateTime;
 use English qw(-no_match_vars);
+use POSIX qw(setuid setgid);
 use SL::Auth;
 use SL::DB::BackgroundJob;
 use SL::BackgroundJob::ALL;
 use SL::Form;
 use SL::Helper::DateTime;
 use SL::LXDebug;
+use SL::LxOfficeConf;
 use SL::Locale;
 
-my %config;
+our %lx_office_conf;
 
-# this is a cleaned up version of am.pl
-# it lacks redirection, some html setup and most of the authentication process.
-# it is assumed that anyone with physical access and execution rights on this script
-# won't be hindered by authentication anyway.
 sub lxinit {
-  my $login = $config{task_server}->{login};
+  my $login = $lx_office_conf{task_server}->{login};
 
   package main;
 
-  { no warnings 'once';
-    $::userspath  = "users";
-    $::templates  = "templates";
-    $::sendmail   = "| /usr/sbin/sendmail -t";
-  }
-
-  eval { require "config/lx-erp.conf";       1; } or die $EVAL_ERROR;
-  eval { require "config/lx-erp-local.conf"; 1; } or die $EVAL_ERROR if -f "config/lx-erp-local.conf";
-
   $::lxdebug = LXDebug->new;
-  $::locale  = Locale->new($::language);
-  $::cgi     = CGI->new qw();
+  $::locale  = Locale->new($::lx_office_conf{system}->{language});
   $::form    = Form->new;
   $::auth    = SL::Auth->new;
+  $::request = { cgi => CGI->new({}) };
 
   die 'cannot reach auth db'               unless $::auth->session_tables_present;
 
@@ -58,14 +54,43 @@ sub lxinit {
   die "cannot find locale for user $login" unless $::locale   = Locale->new('de');
 }
 
+sub drop_privileges {
+  my $user = $lx_office_conf{task_server}->{run_as};
+  return unless $user;
+
+  my ($uid, $gid);
+  while (my @details = getpwent()) {
+    next unless $details[0] eq $user;
+    ($uid, $gid) = @details[2, 3];
+    last;
+  }
+  endpwent();
+
+  if (!$uid) {
+    print "Error: Cannot drop privileges to ${user}: user does not exist\n";
+    exit 1;
+  }
+
+  if (!setgid($gid)) {
+    print "Error: Cannot drop group privileges to ${user} (group ID $gid): $!\n";
+    exit 1;
+  }
+
+  if (!setuid($uid)) {
+    print "Error: Cannot drop user privileges to ${user} (user ID $uid): $!\n";
+    exit 1;
+  }
+}
+
 sub gd_preconfig {
   my $self = shift;
 
-  read_config $self->{configfile} => %config;
+  SL::LxOfficeConf->read($self->{configfile});
 
-  die "Missing section [task_server] in config file"                unless $config{task_server};
-  die "Missing key 'login' in section [task_server] in config file" unless $config{task_server}->{login};
+  die "Missing section [task_server] in config file"                unless $lx_office_conf{task_server};
+  die "Missing key 'login' in section [task_server] in config file" unless $lx_office_conf{task_server}->{login};
 
+  drop_privileges();
   lxinit();
 
   return ();
@@ -74,18 +99,25 @@ sub gd_preconfig {
 sub gd_run {
   while (1) {
     my $ok = eval {
-      $::lxdebug->message(0, "Retrieving jobs") if $config{task_server}->{debug};
+      $::lxdebug->message(0, "Retrieving jobs") if $lx_office_conf{task_server}->{debug};
 
       my $jobs = SL::DB::Manager::BackgroundJob->get_all_need_to_run;
 
-      $::lxdebug->message(0, "  Found: " . join(' ', map { $_->package_name } @{ $jobs })) if $config{task_server}->{debug} && @{ $jobs };
+      $::lxdebug->message(0, "  Found: " . join(' ', map { $_->package_name } @{ $jobs })) if $lx_office_conf{task_server}->{debug} && @{ $jobs };
+
+      foreach my $job (@{ $jobs }) {
+        # Provide fresh global variables in case legacy code modifies
+        # them somehow.
+        $::locale = Locale->new($::lx_office_conf{system}->{language});
+        $::form   = Form->new;
 
-      $_->run for @{ $jobs };
+        $job->run;
+      }
 
       1;
     };
 
-    if ($config{task_server}->{debug}) {
+    if ($lx_office_conf{task_server}->{debug}) {
       $::lxdebug->message(0, "Exception during execution: ${EVAL_ERROR}") if !$ok;
       $::lxdebug->message(0, "Sleeping");
     }
@@ -100,7 +132,8 @@ my $pidbase = "${cwd}/users/pid";
 
 mkdir($pidbase) if !-d $pidbase;
 
-newdaemon(configfile => "${cwd}/config/task_server.conf",
+my $file = -f "${cwd}/config/lx_office.conf" ? "${cwd}/config/lx_office.conf" : "${cwd}/config/lx_office.conf.default";
+newdaemon(configfile => $file,
           progname   => 'lx-office-task-server',
           pidbase    => "${pidbase}/",
           );