X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/149d2f33643bdc63bfd5577b36042dba43378adb..6b935d522a38e1a20802c25ed51a15e0cd292c1d:/scripts/task_server.pl

diff --git a/scripts/task_server.pl b/scripts/task_server.pl
index 2519f2d81..bbe3353ae 100755
--- a/scripts/task_server.pl
+++ b/scripts/task_server.pl
@@ -3,6 +3,14 @@
 use strict;
 
 BEGIN {
+  require Cwd;
+
+  my $dir =  $0;
+  $dir    =  Cwd::getcwd() . '/' . $dir unless $dir =~ m|^/|;
+  $dir    =~ s|[^/]+$|..|;
+
+  chdir($dir) || die "Cannot change directory to ${dir}\n";
+
   unshift @INC, "modules/override"; # Use our own versions of various modules (e.g. YAML).
   push    @INC, "modules/fallback"; # Only use our own versions of modules if there's no system version.
 }
@@ -14,6 +22,7 @@ use Daemon::Generic;
 use Data::Dumper;
 use DateTime;
 use English qw(-no_match_vars);
+use POSIX qw(setuid setgid);
 use SL::Auth;
 use SL::DB::BackgroundJob;
 use SL::BackgroundJob::ALL;
@@ -58,6 +67,34 @@ sub lxinit {
   die "cannot find locale for user $login" unless $::locale   = Locale->new('de');
 }
 
+sub drop_privileges {
+  my $user = $::emmvee_conf{task_server}->{run_as};
+  return unless $user;
+
+  my ($uid, $gid);
+  while (my @details = getpwent()) {
+    next unless $details[0] eq $user;
+    ($uid, $gid) = @details[2, 3];
+    last;
+  }
+  endpwent();
+
+  if (!$uid) {
+    print "Error: Cannot drop privileges to ${user}: user does not exist\n";
+    exit 1;
+  }
+
+  if (!setgid($gid)) {
+    print "Error: Cannot drop group privileges to ${user} (group ID $gid): $!\n";
+    exit 1;
+  }
+
+  if (!setuid($uid)) {
+    print "Error: Cannot drop user privileges to ${user} (user ID $uid): $!\n";
+    exit 1;
+  }
+}
+
 sub gd_preconfig {
   my $self = shift;
 
@@ -66,6 +103,7 @@ sub gd_preconfig {
   die "Missing section [task_server] in config file"                unless $config{task_server};
   die "Missing key 'login' in section [task_server] in config file" unless $config{task_server}->{login};
 
+  drop_privileges();
   lxinit();
 
   return ();
@@ -80,7 +118,14 @@ sub gd_run {
 
       $::lxdebug->message(0, "  Found: " . join(' ', map { $_->package_name } @{ $jobs })) if $config{task_server}->{debug} && @{ $jobs };
 
-      $_->run for @{ $jobs };
+      foreach my $job (@{ $jobs }) {
+        # Provide fresh global variables in case legacy code modifies
+        # them somehow.
+        $::locale = Locale->new($::language);
+        $::form   = Form->new;
+
+        $job->run;
+      }
 
       1;
     };